Abstract: A method and system for platform and user application security on a computing device is provided. The method includes: verifying integrity of operating system code on the computing device to establish a trusted execution environment in the operating system of the computing device; and in response to success of the integrity verification of the operating system code, binding a user-space application on the computing device to the operating system on the computing device.

Abstract: The present disclosure provides a parallelizable integrity-aware encryption technique. In at least one embodiment of the present disclosure, a parallelizable integrity-aware encryption method comprises whitening at least one message block with a first mask value, encrypting the whitened at least one message block using a block cipher and a first key, and whitening the encrypted at least one message block with a second mask value to generate at least one corresponding output ciphertext block. In another embodiment of the present disclosure, a parallelizable integrity-aware encryption method comprises applying a XOR function to all blocks of a message to compute a XOR-sum, applying a first mask value to the XOR-sum; encrypting the masked XOR-sum using a block cipher and a first key, and applying a second mask value to the encrypted XOR-sum to generate an integrity tag.

Abstract: Systems and methods for generating OFDM signals are provided in which sub-carrier usage is selected and/or remapped in various manners. For example, in some embodiments remapping using a security sequence is employed; in other embodiments, decoy sub-carriers are employed; in other embodiments, mask sub-carriers are used to cover jammed portions of a channel.

Abstract: A key selection process is provided which secures traffic between VPN end-points using a combination of SVPN group keys and pair-wise keys. The type of key used is based on the dynamic needs of traffic between the end-points, where the needs may include throughput and quality of service. SVPN group keys allow end-points in a group to initiate data communications while obtaining pair-wise keys in the background. Once pair wise keys are obtained, communications can be transferred using the obtained keys. As the throughput, quality of service, routing and other needs of the channel change, the type of keys used for data transfer may concomitantly change between SVPN group keys and pair-wise keys to appropriately utilize network resources. The key selection idea may be extended to allow communication through a hub using a group key while establishing pair-wise channels for group member communications in the background.

Abstract: Systems and methods for generating OFDM signals are provided in which sub-carrier usage is selected and/or remapped in various manners. For example, in some embodiments remapping using a security sequence is employed; in other embodiments, decoy sub-carriers are employed; in other embodiments, mask sub-carriers are used to cover jammed portions of a channel.

Abstract: The present disclosure provides a parallelizable integrity-aware encryption technique. In at least one embodiment of the present disclosure, a parallelizable integrity-aware encryption method comprises whitening at least one message block with a first mask value, encrypting the whitened at least one message block using a block cipher and a first key, and whitening the encrypted at least one message block with a second mask value to generate at least one corresponding output ciphertext block. In another embodiment of the present disclosure, a parallelizable integrity-aware encryption method comprises applying a XOR function to all blocks of a message to compute a XOR-sum, applying a first mask value to the XOR-sum; encrypting the masked XOR-sum using a block cipher and a first key, and applying a second mask value to the encrypted XOR-sum to generate an integrity tag.

Abstract: A system and method is provided for hiding an initiator's identity (ID), e.g. a ClientID, in a shared key authentication protocol, using authentication based on a hint of the ID. The hint is a function of the ID which cannot be readily inverted to produce the initiator's identity, for example, a hash function over the ID, such as a modular N sum hash of the initiator's identity where N corresponds to N hash buckets in a shared key database; a cryptographic hash over the ID and a corresponding shared key; or a function of the ID which cannot be readily inverted to produce the initiator's identity and a pair of MAC values wherein the MAC values are compared to find a shared key. The resulting hash may be reduced to a required number of bits for identification of a hash bucket in the database.

Abstract: The present invention provides a parallelizable integrity-aware encryption technique. In at least one embodiment of the invention, a parallelizable integrity-aware encryption method comprises whitening at least one message block with a first mask value, encrypting the whitened at least one message block using a block cipher and a first key, and whitening the encrypted at least one message block with a second mask value to generate at least one corresponding output ciphertext block. In another embodiment of the invention, a parallelizable integrity-aware encryption method comprises applying a XOR function to all blocks of a message to compute a XOR-sum, applying a first mask value to the XOR-sum; encrypting the masked XOR-sum using a block cipher and a first key, and applying a second mask value to the encrypted XOR-sum to generate an integrity tag.

Abstract: A system and method is provided for hiding an initiator's identity (ID), e.g. a ClientID, in a shared key authentication protocol, using authentication based on a hint of the ID. The hint is a function of the ID which cannot be readily inverted to produce the initiator's identity, for example, a hash function over the ID, such as a modular N sum hash of the initiator's identity where N corresponds to N hash buckets in a shared key database; a cryptographic hash over the ID and a corresponding shared key; or a function of the ID which cannot be readily inverted to produce the initiator's identity and a pair of MAC values wherein the MAC values are compared to find a shared key. The resulting hash may be reduced to a required number of bits for identification of a hash bucket in the database.

Abstract: The present invention provides a parallelizable integrity-aware encryption technique. In at least one embodiment of the invention, a parallelizable integrity-aware encryption method comprises whitening at least one message block with a first mask value, encrypting the whitened at least one message block using a block cipher and a first key, and whitening the encrypted at least one message block with a second mask value to generate at least one corresponding output ciphertext block. In another embodiment of the invention, a parallelizable integrity-aware encryption method comprises applying a XOR function to all blocks of a message to compute a XOR-sum, applying a first mask value to the XOR-sum; encrypting the masked XOR-sum using a block cipher and a first key, and applying a second mask value to the encrypted XOR-sum to generate an integrity tag.