Abstract: An apparatus and a method for generating a secure cipher key over an insecure channel. In one embodiment, a set of polynomials is generated and shared between a first party and a second party over the insecure channel. The first party generates a first random exponent for its private cipher key. The second party generates a second random exponent for its private cipher key. The first party operates on the set of polynomials with the first random exponent and sends the results to the second party. The second party operates on the set of polynomials with the second random exponent and sends the results to the first party. A shared cipher key is computed based on the exchanged operation results.

Abstract: An apparatus and a method for validating encrypted archive keys is described. In one embodiment, a passphrase is received. An archive key is recovered with the passphrase. A Message Authentication Code (MAC) value is computed with the recovered archive key. The computed MAC value is compared with a MAC value stored in an archive to determine the validity of the passphrase. The stored MAC value is originally computed with an original passphrase using the archive key as a MAC key.

Abstract: A method and apparatus for an system and process for sharing a secret over an unsecured channel in conjunction with an authentication system. A client computes a message authentication code based on a hashed password value and a first random string received from the server. The client sends a response to the server that includes authentication data including a second random string. Both the client and server concatenate the first random string, second random string and username. Theses values are processed to generate as a shared master secret to further generate shared secrets or keys to establish a secured communication channel between the client and server. The secured communication can be based on stateless messaging where the decryption key associated with the message is identified by the message authentication code, which is placed within the message.

Abstract: Techniques for improving encoding and decoding data are described herein. According to one embodiment, it is determined whether a current context can encode a retrieved symbol. The current context includes a plurality entries, each representing an encoded symbol, including a count value representing a frequency of the entry being used. A code is generated to a code stream, where the code represents a difference between an index of an entry in the current context associated with the retrieved symbol and a previous index used for encoding a previous symbol, if the current context can encode the retrieved symbol. A count value corresponding to the entry associated with the retrieved symbol is incremented in the current context. The current context is sorted based on count values of all entries in the current context, where the code stream and the literal stream are to be compressed and encoded by a compressor.

Abstract: An apparatus and a method for storing an encrypted username and password. In one embodiment, a username is encrypted. A password associated with the username is encrypted. A user identifier associated with the username is encrypted. The encrypted username, the encrypted password, and the user identifier are stored in one or more database.

Abstract: In one embodiment, a mechanism for modeling escape counts in adaptive compression models is disclosed. In one embodiment, a method includes initializing an escape count for an escape symbol used in an adaptive compression context model that encodes an input stream, the initial escape count being initialized at a high value in an upper portion of a range of possible count values, invoking the adaptive compression context model with the initial escape count for the escape symbol, incrementing the escape count each time it is utilized in the adaptive compression context model, and scaling the escape count when it exceeds a maximum count value.

Abstract: An apparatus and a method for an authentication protocol. In one embodiment, a server generates a sequence number, and a server message authentication code based on a server secret key. The server sends the sequence number, an account identifier, and the server message authentication code to the client. The client generates a client message authentication code over the sequence number, a request specific data, and a shared secret key between the client and the server. The client sends a request to the server. The request includes the sequence number, the account identifier, the server message authentication code, the request specific data, and the client message authentication code. The server determines the validity of the client request with the shared secret key.

Abstract: An apparatus and a method for an authentication protocol. In one embodiment, a client requests for an authentication challenge from a server. The server generates the authentication challenge and sends it to the client. The authentication challenge includes the authentication context identifier, a random string, a timestamp, and a signature value. The client computes a salt value based on a username and the authentication context identifier from the authentication challenge. The signature value is computed based on the authentication context identifier, the random string, and the timestamp. The client computes a hashed password value based on the computed salt value, and a message authentication code based on the hashed password value and the random string. The client sends a response to the server. The response includes the username, the message authentication code, the random string, the timestamp, and the signature value.

Abstract: An apparatus and a method for tracking the number of hits to a web page is described. In one embodiment, a web browser of a client requests from a server a web page. The server redirects the web browser to a cookie counting web page, where the cookie counting web page provides a tracking cookie to the web browser. The server computes the number of unique hits to the web page without cookies based on the number of hits to the cookie counting web page without tracking cookies, the number of unique hits to the cookie counting web page with tracking cookies, the number of all hits to the cookie counting web page with tracking cookies.

Abstract: A method and apparatus for generating multiple keys for a set of archives or portions of a set of archives. The process includes receiving a passphrase from a user and an indicator of a set of archives to be modified or created. An archive key generation process can be based on a random value generation, an algorithm for generating keys with specific characteristics, an indexing scheme, a progressive enciphering scheme or a shared secret scheme. The generated keys are enciphered using an enciphering algorithm in combination with the passphrase. The archive keys are stored with the archives in their enciphered form. Other intermediate key information is also stored with the archive to enable deciphering of the set of archives using the passphrase as needed.

Abstract: Described herein is a method and apparatus for managing archives. The archive management process receives a passphrase and an indicator of an archive to be managed. The passphrase is used to encipher or decipher an archive key dependent on whether data is to be inserted or extracted from the archive key. The passphrase can be changed by re-enciphering the archive key.

Abstract: A method and apparatus for a pseudo-random number generation system. The pseudo-random number generation mixes the output of two or more pseudo-random number generators to create a new pseudo-random number or sequence. The process operates on pseudo-random numbers with a bit size k, multiplies the numbers and then performs modulo 2k+1 on the result of the multiplication. This process can be performed quickly and with minimal computing resources, while improving the quality of the randomness of the output.

Abstract: A method and apparatus for providing an automated key distribution process to enable communication between two networked devices without the need for human provision of a key to both networked devices. In response to a first connection request from a first network device to a second network device, the second network device will check for a credential such as a public key for the first network device. If the credential is not present, then the second network device will communicate with the first network device on a second secured and pre-defined connection to obtain a certificate from the first network device. The second network device then queries a backend server with the certificate to obtain a credential such as the public key for the first network device. Subsequent connection or communication requests from the first network device will then be properly serviced.

Abstract: In one embodiment, a mechanism for modeling escape counts in adaptive compression models is disclosed. In one embodiment, a method includes initializing an escape count for an escape symbol used in an adaptive compression context model that encodes an input stream, the initial escape count being initialized at a high value in an upper portion of a range of possible count values, invoking the adaptive compression context model with the initial escape count for the escape symbol, incrementing the escape count each time it is utilized in the adaptive compression context model, and scaling the escape count when it exceeds a maximum count value.

Abstract: Some embodiments of a method and apparatus for encrypting and decrypting data have been presented. In one embodiment, a current key is generated from a prior ciphertext block and another key, which may include a prior key used to encipher the prior ciphertext block or an initialization vector. Then a current plaintext block is enciphered using the current key to generate a current ciphertext block.

Abstract: Techniques for coding integer sets are described herein. According to one embodiment, for each data range of parameters to be encoded, a number of bits required to represent a maximum parameter among the parameters in each data range is determined, including a first number of bits and a second number of bits corresponding to the first and second data ranges. Each parameter in the first data range is encoded using the first number of bits and each parameter in the second data range is encoded using the second number of bits, where the data stream further includes a value representing the first number of bits and the data stream is to be decoded by a decoder using the value representing the first number of bits to recover the first number of bits and the second number of bits, which are used to recover each parameter from the data stream.

Abstract: A method and apparatus for client authentication using a pseudo-random number generation system. The pseudo-random number generation utilizes a secret key as well as state information as input into the hash function to generate a pseudo-random number. The state information that is part of the input can be any number of prior generated pseudo-random numbers. The authentication allows for synchronization of the client and server by exchanging state information. The authentication is not dependent on any absolute time and consequently the client and servers are not required to maintain a reliable shared time base.

Abstract: Techniques for improving encoding and decoding data are described herein. According to one embodiment, it is determined whether a current context can encode a retrieved symbol. The current context includes a plurality entries, each representing an encoded symbol, including a count value representing a frequency of the entry being used. A code is generated to a code stream, where the code represents a difference between an index of an entry in the current context associated with the retrieved symbol and a previous index used for encoding a previous symbol, if the current context can encode the retrieved symbol. A count value corresponding to the entry associated with the retrieved symbol is incremented in the current context. The current context is sorted based on count values of all entries in the current context, where the code stream and the literal stream are to be compressed and encoded by a compressor.

Abstract: Some embodiments of a method and apparatus for encrypting and decrypting data have been presented. In one embodiment, a current initialization vector (IV) is generated based on a previous block of plaintext enciphered. Then a current block of plaintext is combined with the current IV to create a temporary block. An encipher may encipher the temporary block to generate a current block of ciphertext.

Abstract: In one embodiment, a mechanism for generating message sequence order numbers is disclosed. In one embodiment, a method includes generating a timestamp value, and calculating a message authentication code (MAC) using as inputs the timestamp value, public information of an intended recipient, and a shared secret key kept between a broadcaster and the intended recipient. In addition, the method includes extracting, according to a pre-determined process agreed to between the broadcaster and the intended recipient, a required number of bits that define a size of an initial sequence number from the MAC. Lastly, the method includes using the extracted result as the initial sequence number.