Abstract: A method of generating a key by a first correspondent. The key is computable by a second correspondent by a second correspondent. The method comprising the steps of: a) making available to the second correspondent a first short term public key; b) obtaining a second short term public key from the second correspondent; c) computing a first exponent derived from the first short term private key, the first short term public key, and said first long term private key; d) computing a second exponent derived from the first short term private key, the first long term public key, the second short term public key and the first long term private key; computing a simultaneous exponentiation of the first exponent with the second short term public key and said second exponent with the second long term public key.

Abstract: Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.

Abstract: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.

Abstract: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.

Abstract: An electronic device is provided. The electronic device comprises a memory, a processor, a rules data base stored in the memory, a context data base stored in the memory, and a rules engine stored in the memory. The rules data base comprises a plurality of access rules defined by different stakeholders. The context data base comprises contextual information comprising at least one of a relationship of the electronic device to a communication service plan owner associated with the electronic device, a work schedule associated with a user of the electronic device, a communication service account status, an entertainment service account status, and a gaming service account status. The rules engine application, when executed by the processor, grants access to a requested communication service based on applying the rules stored in the rules data base in accordance with the contextual information.

Abstract: A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: This invention provides a method for accelerating multiplication of an elliptic curve point Q(x,y) by a scalar k, the method comprising the steps of selecting an elliptic curve over a finite field Fq where q is a prime power such that there exists an endomorphism ?, where ?(Q)=?·Q for all points Q(x,y) on the elliptic curve; and using smaller representations ki of the scalar k in combination with the mapping y to compute the scalar multiple of the elliptic curve point Q.

Abstract: A partial revocation list and a system and method for using the partial revocation list for tracking the authenticity of replacement cartridges in a manufactured device to inhibit cloning of the cartridges is provided. A revocation pool is maintained by a manufacturer who chooses a partial revocation list from the revocation pool to store in the memory of the cartridge. The device stores its own revocation list, informs the manufacturer of cartridges which have been used and checks when a new device is installed to ensure a cloned replacement is not being used. The partial revocation list distributes enough revocation information to devices to statistically impair the cartridge yield of a cloning operation.

Abstract: A method of generating a key stream for a precomputed state information table. The method comprises initialising a counter and an accumulator with non-zero values; combining state information identified by the counter with the accumulator; swapping state information identified by the counter with state information identified by the accumulator; combining the two pieces of state information; outputting the state information identified by the combination as a byte of the key stream; adding a predetermined number odd number to the counter; and repeating the above steps to produce each byte of the key stream.

Abstract: A partial revocation list and a system and method for using the partial revocation list for tracking the authenticity of replacement cartridges in a manufactured device to inhibit cloning of the cartridges is provided. A revocation pool is maintained by a manufacturer who chooses a partial revocation list from the revocation pool to store in the memory of the cartridge. The device stores its own revocation list, informs the manufacturer of cartridges which have been used and checks when a new device is installed to ensure a cloned replacement is not being used. The partial revocation list distributes enough revocation information to devices to statistically impair the cartridge yield of a cloning operation.

Abstract: A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer.

Abstract: A method of generating a key stream for a precomputed state information table. The method comprises initialising a counter and an accumulator with non-zero values; combining state information identified by the counter with the accumulator; swapping state information identified by the counter with state information identified by the accumulator; combining the two pieces of state information; outputting the state information identified by the combination as a byte of the key stream; adding a predetermined number odd number to the counter; and repeating the above steps to produce each byte of the key stream.

Abstract: A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer.

Abstract: A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.

Abstract: A method of generating a key by a first correspondent. The key is computable by a second correspondent. The method comprises the steps of: a) making available to the second correspondent a first short term public key; b) obtaining a second short term public key from the second correspondent; c) computing a first exponent derived from the first short term private key, the first short term public key, and the first long term private key; d) computing a second exponent derived from the first short term private key, the first long term public key, the second short term public key and the first long term private key; computing a simultaneous exponentiation of the first exponent with the second short term public key and the second exponent with the second long term public key.

Abstract: The applicants have recognized an alternate method of performing modular reduction that admits precomputation. The precomputation is enabled by approximating the inverse of the truncator T, which does not depend on the scalar. The applicants have also recognized that the representation of a scalar in a ?-adic representation may be optimized for each scalar that is needed. The applicants have further recognized that a standard rounding algorithm may be used to perform reduction modulo the truncator. In general terms, there is provided a method of reducing a scalar modulo a truncator, by pre-computing an inverse of the truncator. Each scalar multiplication then utilizes the pre-computed inverse to enable computation of the scalar multiplication without requiring a division by the truncator for each scalar multiplication.

Abstract: A potential bias in the generation or a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: A method of generating a key by a first correspondent. The key is computable by a second correspondent. The method comprises the steps of: a) making available to the second correspondent a first short term public key; b) obtaining a second short term public key from the second correspondent; c) computing a first exponent derived from the first short term private key, the first short term public key, and the first long term private key; d) computing a second exponent derived from the first short term private key, the first long short term public key, the second short term public key and the first long term private key; e) computing a simultaneous exponentiation of the first exponent with the second short term public key and the second exponent with the second long term public key.