Abstract: A key scheduler performs a key-expansion to generate round keys for AES encryption and decryption just-in-time for each AES round. The key scheduler pre-computes slow operations in a current clock cycle to reduce the critical delay path for computing the round key for a next AES round.

Abstract: A method includes: receiving a plurality of audio frames, assembling groups of the audio frames into logical recording units, storing a plurality of the logical recording units, retrieving the stored logical recording units, and decoding the retrieved logical recording units. An apparatus that performs the method is also provided.

Abstract: Disclosed is a system and method for encryption of a scalable video coding (SVC) bitstream, which is the next-generation coding technology. The encryption method encrypts Network Abstraction Layer (NAL) data identified according to multidimensional scalability for space, time, and quality with respect to a bitstream created after an SVC encoding, thereby providing a multidimensional scalability function for space, time, and quality even after the encryption, so that the scalability is also maintained even in a bitstream extraction process after the encryption. According to such a scalable encryption method, a specific portion of an encrypted bitstream is removed in a bitstream extraction process, and user access to the bitstream is limited based on a combination of keys for accessing a specific scalability. Therefore, it is possible to protect scalable video content and to access the video content based on scalabilities.

Abstract: A method and an apparatus for encrypting/decrypting packet data of a precise time synchronization protocol and a time synchronization system are illustrated. The method is suitable for the time synchronization system using a precise time protocol. The time synchronization system includes a master node and a slave node, wherein the slave node synchronizes its time with the master node. In the method for encrypting/decrypting packet data of the precise time synchronization protocol, an encryption/decryption hardware device is disposed on the hardware protocol layer of each of the master node and the slave node. The hardware protocol layer is under the data link layer, and includes the data link layer. A synchronization message is encrypted by using the encryption/decryption hardware devices of the master node to generate a frame data, and the frame data is decrypted by using the encryption/decryption hardware devices of the slave node to obtain the synchronization message.

Abstract: An encryption and authentication technique that achieves enhanced integrity verification through assured error-propagation using a multistage sequence of pseudorandom permutations. The method generates intermediate data-dependent cryptographic variables at each stage, which are systematically combined into feedback loops. The encryption technique also generates an authentication tag with minimal post processing that is the size of the state.

Abstract: There is provided a high-speed pipelined ARIA encryption apparatus. The high-speed pipelined ARIA encryption apparatus includes a round key generator for generating a plurality of round keys required for performing an encryption operation using a master key formed to have uniform bits, a plurality of round units whose number is in proportion to the number of times of round operations corresponding to the number of bit of an input value to receive the round keys and the input value and to perform the round operations, and a plurality of pipelined register provided between the round units to transmit the output value of a previous round unit as the input value of the next round unit. A plurality of round units are provided and pipelined registers are inserted between the round units so that it is possible to improve the performance of processing a large amount of data and to perform ARIA encryption at high speed.

Abstract: The present disclosure provides a parallelizable integrity-aware encryption technique. In at least one embodiment of the present disclosure, a parallelizable integrity-aware encryption method comprises whitening at least one message block with a first mask value, encrypting the whitened at least one message block using a block cipher and a first key, and whitening the encrypted at least one message block with a second mask value to generate at least one corresponding output ciphertext block. In another embodiment of the present disclosure, a parallelizable integrity-aware encryption method comprises applying a XOR function to all blocks of a message to compute a XOR-sum, applying a first mask value to the XOR-sum; encrypting the masked XOR-sum using a block cipher and a first key, and applying a second mask value to the encrypted XOR-sum to generate an integrity tag.

Abstract: A method and system for securely communicating information via a low bandwidth channel uses encryption that adds comparatively little overhead to the size of the transmission. This method and system efficiently take advantage of the properties of public key cryptography, a shared secret, a traffic key from the shared secret, an abbreviated initialization vector, and an abbreviated whole message signature. The information and the whole message signature are encrypted using the traffic key with a stream cipher.

Abstract: An encryption device can include a tweaking value manager that is configured to generate an array of tweaking values corresponding to the array of data blocks based on a tweaking encryption key, a first encryption unit that is configured to encrypt a first portion of the array of data blocks into a first portion of encrypted data blocks based on corresponding tweaking values and a data encryption key, a second encryption unit that is configured to encrypt a second portion of the array of data blocks into a second portion of encrypted data blocks based on corresponding tweaking values and the data encryption key, and a data block combiner that is configured to combine the first portion of encrypted data blocks and the second portion of encrypted data blocks into an array of encrypted data blocks.

Abstract: Disclosed is a method for implementing a symmetric key encryption algorithm against power analysis attacks, including: generating and storing an affine transform table; generating and storing a masked inversion table; and operating a masked S-box using the affine transform table and the masked inversion table.

Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.

Abstract: A one-time-pad encryption system where encrypted one-time-pad keys can be distributed to users on physical media or on a computer network from a central server. Each one-time-pad key has a key identification number that facilitates key management. Each encrypted data set includes a header specifying an offset within the one-time-pad key for commencement of decryption so that messages can be decrypted in any order. Before encryption begins, the length of remaining unused key is compared to the length of the data set to be encrypted. For ease of transcription or transmission by humans, the encrypted data can be represented as a subset of the 48 keys that are easy to use on a keyboard, preferably the 26 capital letters of the Western alphabet or these letters plus six numerals for a total of 32 characters. A one-time-pad key which is specialized to achieve such encryption can also be used for binary encryption.

Abstract: A system and associated method for block ciphering. The method generates a key that is specific to a text block being encrypted and later being decrypted. The text block is encrypted by a block cipher encryption with the key. The encrypted text block is decrypted by a block cipher decryption with the key back to the text block. Altering a single bit in either the encrypted text block or the key results in unsuccessful decryption such that a decrypted text block is completely different from the before encryption.

Abstract: Systems and methods for establishing a security-related mode of operation for computing devices. A policy data store contains security mode configuration data related to the computing devices. Security mode configuration data is used in establishing a security-related mode of operation for the computing devices.

Abstract: Some embodiments of a method and an apparatus to strengthen key schedule for arcfour have been presented. In one embodiment, an S array of a predetermined size is initialized. The S array is usable in a key generating process of arcfour encryption. The key generation process is extended to generate keys, which are substantially random and substantially unbiased. Using the keys generated, a stream cipher performs arcfour encryption on plaintext data to output ciphertext data.

Abstract: A method and apparatus for generating a cryptosync is disclosed that generates a cryptosync with the desired variability without the overhead in complexity and size of prior cryptosyncs. The cryptosync is generated from a combination of fields including fields relating to the segmentation and reassembly of the data packets at a transmitting terminal and a receiving terminal. The resultant cryptosync does not repeat during the use of a particular security key.

Abstract: A system includes a key path generator that generates a key path based on a plurality of encryption keys. A block coding unit generates a plurality of codewords based on a plurality of data blocks. A block scrambling unit scrambles the plurality of codewords to generate a plurality of encrypted blocks by entropy processing, chaos processing and permutation processing each of the plurality of codewords, based on the plurality of encryption keys.

Abstract: Disclosed herein are systems, methods, and computer readable-media for performing data encryption and decryption using a stream or block cipher with internal random states. The method includes splitting the input data into a predetermined number of blocks and processing each block. The processing includes creating sub-blocks, permuting the sub-blocks, replacing bytes using a lookup table, rotating bits, performing expansion and combining sets of bits. The element of randomness employed in this process allows for the same input to yield the same output, with differing internal states.

Abstract: Secure Variable Data Rate Transceivers and methods for implementing Secure Variable Data Rate are presented. An efficient and systematic method and circuit for implementing secure variable data rate transceivers are presented. The SVDR method is based on block ciphers. An index method is presented for minimizing transmission overhead. This allows SVDR to achieve higher security by using the full ciphermode stream.

Abstract: An input block of data and a key that includes multiple sub-keys are received by a block cipher. A nonlinear substitution is performed on at least a portion of the data, wherein the nonlinear substitution is achieved by multiplying the portion of the data by one of the sub-keys over a finite field of even characteristic, modulo a fixed primitive polynomial. An output block of ciphertext is then generated.

Abstract: An integrated circuit includes a fingerprint element and a decryption circuit. The fingerprint element generates a fingerprint, where the fingerprint is reproducible and represents an inherent manufacturing process characteristic unique to the integrated circuit device. The decryption circuit decrypts, using a decryption key that is based on the fingerprint, an encrypted data in order to extract data. In one embodiment, the propagation delay of various circuit elements are used to generate the fingerprint. In another embodiment, the specific frequency of an oscillator is used to generate the fingerprint. In yet another embodiment, a ratio of measurable values is used to generate the fingerprint. In another embodiment, differences in transistor threshold voltages are used to generate the fingerprint. In yet another embodiment, variations in line widths are used to generate the fingerprint.

Abstract: The present invention applies with a diffused mechanism, as such, a variable series of diffusion functions embedded within a diffusion-medium, to generate a maximum diffusion-cycle and nonlinear complexity; additionally, it performs in a serial process for simple design, further, in a parallel process for saving time, or even in a hardware architecture, to gain greater acceleration. FIG. 1 shows an embodiment of the present invention in flow chart diagram form, comprising steps of: selecting a diffusion-area A, a diffusion-medium S, and a diffusion mechanism Ft1 100; initializing A by an input password 200; performing Ft1 to obtain a new value of A 300; inputting a plaintext in encryption or a ciphertext for decryption, bit by bit 400; XORing a plaintext bit in encryption or a ciphertext bit in decryption with a certain bit of A for stream output 500; continuing until completing the plaintext in encryption, or the ciphertext in decryption 600.

Abstract: The present application relates to cloud storage technology and especially relates to a cloud storage data access method, apparatus and system based on OTP. This method includes: generating and storing true random numbers of a predetermined length and a random seed of a predetermined length composed of the true random numbers via a preset method; acquiring data from the random seed for several times and cascading the data acquired each time into a true random data string of no shorter than the length of plaintext; based on the true random data string, generating a true random cryptographic key of no shorter than the length of the plaintext, encrypting the plaintext using this cryptographic key and transmitting ciphertext to a cloud storage data center. This application also provides a cloud storage data access apparatus and system based on OTP.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: The speed at which encrypt and decrypt operations may be performed in a general purpose processor is increased by providing a separate encrypt data path and decrypt data path. With separate data paths, each of the data paths may be individually optimized in order to reduce delays in a critical path. In addition, delays may be hidden in a non-critical last round.

Abstract: A computer readable medium having a data packet stored therein for causing a functional change in the operation of a device is disclosed. In one embodiment, the data packet is comprised of a scalably encoded data portion. In the present embodiment, the data packet further includes a header data portion corresponding to the scalably encoded data portion. The header data portion includes information adapted to be used by a transcoder to transcode the scalably encoded data portion.

Abstract: A block cipher algorithm based encryption processing method comprises the following steps: external key registration, external data registration, key expansion, data encryption conversion, internal data registration, and data iteration processing, which solves the problems of the prior ciphering method based on block cipher algorithm, such as low ciphering efficiency and high implementation cost, and efficiently reduces the resource consumption under the premise of keeping the high efficiency of the prior art, thereby reducing the implementation cost of the device. When the number of the conversion component is 1, the resource consumption is only about 60 percent of the prior art; and when the number of the conversion component is 2, the resource consumption is only about 70 percent of the prior art.

Abstract: A method provided herein includes the following steps: storing seal data of an electronic seal, a digital certificate, electronic signature program and a private key of a sealer in an external portable apparatus; performing a Hash conversion to a file to be sealed and the seal data of the electronic seal to generate a data digest, wherein the file to be sealed is a layout file; sealing, in the portable apparatus, the data digest using the private key of the sealer and the electronic signature program to generate an electronic signature result; and combining the file to be sealed, the seal data of the electronic seal, the digital certificate and the electronic signature result to generate a seal combination file.

Abstract: An encryption technique is disclosed for encrypting a data segment comprising a plurality of data blocks, wherein the security and throughput of the encryption is enhanced by using blockwise independent bit vectors for reversible combination with the data blocks prior to key encryption. Preferably, the blockwise independent bit vectors are derived from a data tag associated with the data segment. Several embodiments are disclosed for generating these blockwise independent bit vectors. In a preferred embodiment, the data tag comprises a logical block address (LBA) for the data segment. Also disclosed herein is a corresponding decryption technique as well as a corresponding symmetrical encryption/decryption technique.

Abstract: In one embodiment, a cryptographic device is provided. The cryptographic device includes a persistent memory and a decryption control circuit coupled to the persistent memory. The decryption control circuit is configured to receive an encrypted data stream and decrypt a first portion of the encrypted data stream using a first cryptographic key stored in the persistent memory, the first portion including a second cryptographic key. The decryption circuit is configured to decrypt a second portion of the encrypted data stream using the second cryptographic key, the second portion of the encrypted data stream including payload data.

Abstract: The invention provides a diffusion function working on a multidimensional diffusion-area (plaintext/ciphertext), in which a multidimensional medium is meanwhile overlapped to the diffusion-area; accordingly, repeating the diffusion function for at least one time thus brings about the multilayer effect. FIG. 1 shows an embodiment of the present invention in flow chart diagram form, comprising of: inputting a plaintext in encryption or a ciphertext in decryption 100; inputting a series of password data forward in encryption or backward in decryption 200; further, by the password data, converting the dimensions of the plaintext 300, and implementing with a diffusion function, repeated TE times in encryption, TD times in decryption 400; outputting the ciphertext in encryption or the plaintext in decryption 600 if completing all password data 500.

Abstract: A system includes a key path generator that generates a key path based on a plurality of encryption keys. A block descrambling unit generates a plurality of codewords to by de-entropy processing, de-chaos processing and de-permutation processing each of a plurality of encrypted blocks. A decoder generates a plurality of data blocks by decoding the plurality of codewords.

Abstract: A security circuit for a reprogrammable logic IC includes an evolved circuit that ties the performance of the security circuit to the physical properties of that particular reprogrammable logic IC. The security circuit can be a decryption and/or encryption circuit that decrypts and/or encrypts, respectively, a configuration bitstream for the IC. Because of the link between the performance of the security circuit and the physical properties of the IC, the security circuit cannot be used in other ICs. For example, an encrypted bitstream that can be decrypted by the security circuit in a first IC will typically not be decrypted by the same security circuit in a second IC, since the physical properties of the two ICs will typically be different. The evolved circuit can comprise a portion of the security circuit, such as a security key generator, or it can comprise the full security circuit.

Abstract: The present disclosure includes methods and devices for parallel encryption/decryption. In one or more embodiments, an encryption/decryption device includes an input logic circuit, an output logic circuit, and a number of encryption/decryption circuits arranged in parallel between the input logic circuit and the output logic circuit. For example, each encryption/decryption circuit can be capable of processing data at an encryption/decryption rate, and the number of encryption/decryption circuits can be equal to or greater than an interface throughput rate divided by the encryption/decryption rate.

Abstract: Methods and systems for controlling the distribution of digital content are provided. A license holder acquires protected content and an original digital license to the protected content from a content provider system. The license holder in turn delegates all or part of the grants in that original license to other qualified devices or clients. The content remains in its original, protected or encrypted form while it is delivered from the license holder to the client along with a digital sublicense that the client receives from the original license holder, whereupon the content can then be rendered. The original digital license defines or governs the conditions under which such delegation occurs, and includes terms under which such delegation is permitted to continue in order to enforce the intent of the content provider.

Abstract: Provided is a cryptographic device for fast session switching, and more particularly, a cryptographic device using a block cipher algorithm and capable of rapidly performing session switching. The cryptographic device includes: a block cipher algorithm executer for performing encryption or decryption on input data using an initialization vector and a round key corresponding to a current session; an initialization vector manager for storing an initialization vector input from outside of the cryptographic device and an initialization vector received from the block cipher algorithm executer, and providing the initialization vector corresponding to the current session to the block cipher algorithm executer; and a session round key generator for storing a session key input from outside of the cryptographic device, generating the round key based on a session key corresponding to the current session, and providing the round key to the block cipher algorithm executer.

Abstract: A block cipher ARIA substitution apparatus, the apparatus includes a first Sbox operation unit for performing operations of a substitution box S1 and a substitution box S1?1; a second Sbox operation unit for performing operations of a substitution box S2 and a substitution box S2?1; and a control unit for determining modes of the first Sbox operation unit and the second Sbox operation unit. The first Sbox operation unit has a first inverse affine transformation unit for performing an inverse affine operation for obtaining S1?1; a finite field inverse element operation unit for computing an inverse element of GF(28) or a result value of the first inverse affine transformation unit; a first affine transformation unit for performing an affine operation for obtaining S1; and a first and a second multiplexer.

Abstract: A multi-level data encoding system is provided that is operable on a computer. The encoding system includes a data input device adapted to input a data set and store the data set in a database. The system further includes an encoder adapted to encode the data set and separate the encoded data set into two files, wherein each character of the data set comprises a unique electronic footprint. Additionally, the system includes a data field adapted to organize the encoded data set for proper decoding, a master file comprising one file of the encoded data set and an overlay file comprising the other file of the encoded data set. The system also includes a decoder adapted to align the overlay file onto the master file to decode the encoded data set.

Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.

Abstract: A method for long impulse response digital filtering of an input data stream, by use of a digital filtering system. Where the input data stream is divided into zero-input signals and zero-state signals. One of the zero-input signals and a corresponding impulse response of the digital filtering system is converted to the frequency domain to determine a respective zero-input response of the digital filtering system. One of the zero-state signals is convolved with a corresponding impulse response of the digital filtering system to determine a respective zero-state response of the digital filtering system, wherein at least part of the zero-input signal precedes the zero-state signal. The zero-state response of the digital filtering system is added to the zero-input response of the digital filtering system to determine the response of the digital filtering system. Apparatus for effecting this method is also disclosed.

Abstract: A computer system for identifying an individual using a biometric characteristic of the individual includes a biometric sensor for generating a first code, and a controller including a memory for storing the first code and a dynamic binary code conversion algorithm. When the controller receives a sensor code from the biometric sensor, it compares the sensor code with the first code stored in the memory, and if the identity between the sensor code and the first code is verified, the controller generates a first binary code by means of the dynamic binary code conversion algorithm and outputs the first binary code from which the computer system generates a second binary code by means of the dynamic binary code conversion algorithm. The computer system then verifies the identity of the individual if the second binary code matches the first binary code.

Abstract: When processing a data conversion function of a MISTY structure, such as the FO function of MISTY1, the logical calculation result t3 of the exclusive OR 614 of the process result of the FI function 602 of the MISTY structure in the second stage and a logical calculation result t1 of an exclusive OR 612 of the MISTY structure in the first stage is not stored in a register. The logical calculation result t3 and the logical calculation result of respective exclusive OR 642 and 643 are subject to a direct exclusive OR with the respective exclusive OR 642 and 643.

Abstract: The present invention discloses a diffused data encryption/decryption processing method, which comprises a plaintext, being at least a 2D matrix; and a password, being at least a 2D matrix; such that the password determines the starting point of the diffusion, the length of the diffusion, the cycle of diffusion, the number of encrypted diffusions and the number of decrypted diffusions to perform the diffusion computation of the plaintext as to achieve the purpose of processing the encryption and decryption.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: Systems and/or methods (“tools”) are described that enable a digital rights management policy to be associated with digital media having an arbitrary content type or transfer control protocol. In some embodiments, the tools encrypt data segments of a media file and add a descriptor to each of those segments. These descriptors can enable a receiver of the encrypted media file to decrypt the file and consume it according to the correct digital rights management policy.

Abstract: A shared-key encryption scheme that uses identically keyed block-cipher calls, low additional overhead, supports the encryption of arbitrary-length strings, produces a minimal-length-ciphertext, and is fully parallelizable. In one embodiment, “OCB”, a key shared between communicating parties is mapped to a key variant using the block cipher. The key variant is mapped into a sequence of basis offsets using shifts and conditional xors. To encrypt a message using a nonce, a nonce-dependent base offset is formed, and then a sequence of offsets is constructed by starting with the base offset and then xoring, for each offset, an appropriate basis offset. The message is partitioned into message blocks of the same length as the block length of the block cipher, along with a message fragment that may be shorter. Each message block is combined with a corresponding offset, enciphered, and then combined again with the offset, yielding a ciphertext block.

Abstract: Communication and validation of information transfer from a transmitter to a receiver is achieved by generating a cipher (400) from a message m (410) using parameters of an elliptic curve, a generator point P (406) on the elliptic curve and a public key Q (416) of the receiver. The cipher includes a first element that is the product kP of a random number k (404) with the generator point P and a second element that is the product of m and the x-coordinate of the product kQ. The message m is generated from two mathematically independent representations of the information and, optionally, a random number. The cipher is communicated to the receiver and decoded to recover a message m? (502). A validation token (500) is generated by the receiver and passed to the transmitter, which validates communication of the information to the receiver if the product mkQ is equal to the validation token.

Abstract: A packet cipher algorithm based encryption processing device includes a key expand unit and an encryption unit. The key expand unit comprises a key expand unit data registration component and at least one key expand unit data conversion component. The encryption unit comprises an encryption unit data registration component and at least one encryption unit data conversion component, and the number of the encryption unit data conversion component is the same as that of the key expand unit data conversion component, and besides, they are one to one. A sub-key output of each key expand unit data conversion component connects the corresponding sub-key input of each encryption unit data conversion component to solve the technical problems that the encryption efficiency of the prior packet cipher algorithm based encryption processing device is low and the cost is high.

Abstract: A method and system for ciphering interface with list processing is described. Various aspects of a system for ciphering interface with list processing may include a cipher module that enables deciphering and/or bit stuffing, in hardware, of a potion of one of a plurality of data blocks starting at any bit location that is subsequent to a first bit of the one of the plurality of data blocks. One of the plurality of data blocks may comprise at least one data word. A modulus of a number representing the bit location with respect to a number of bits in the one of the data words may be a number greater than 0. The cipher module may enable selection of any bit location based on and index and/or an offset. The cipher module may enable selection of deciphering and/or bit stuffing based on configured information.

Abstract: Data is encrypted by receiving a plurality of bits associated with a communications flow and compressing at least a portion of the bits in order to produce a plurality of sub-frames. The sub-frames may be assembled into a superframe and a stream cipher may be applied to the superframe in order to generate an encrypted packet.