Abstract: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.

Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: The present invention provides a means for managing title keys by establishing logical partitions of title keys encrypted with the same binding information. The invention supports delayed and background processing of title keys when binding information changes. This invention supports proper accounting for devices required to recover rebinding processing when devices fail or go offline unexpectedly during processing. The invention uses binding context which represents a set of data that can be used to determine if the binding information used to encrypt a set of title keys is outdated and allow for rebinding to the current cluster binding information level.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.

Abstract: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.

Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: The present invention provides a means for managing title keys by establishing logical partitions of title keys encrypted with the same binding information. The invention supports delayed and background processing of title keys when binding information changes. This invention supports proper accounting for devices required to recover rebinding processing when devices fail or go offline unexpectedly during processing. The invention uses binding context which represents a set of data that can be used to determine if the binding information used to encrypt a set of title keys is outdated and allow for rebinding to the current cluster binding information level.

Abstract: A common mechanism that can be used in content encryption applications for binding content to a specific receiver, container or communication channel to separate application specific work from the cryptographic details, regardless of the binding scheme being used. This mechanism includes the definition of a secure binding state object which holds and manipulates all the keys that comprise the most sensitive information in any such a system. This information is fully encapsulated in the binding state object and is not accessible from outside the object, making the application less vulnerable to external attacks. The present invention allows applications to be changed quickly from one encryption scheme to another because they all use the same mechanism with only a difference in encryption calculation. Also, components implementing the proposed mechanism grow more stable over time as a result of reuse in multiple applications.

Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.