Abstract: An encryption method for encrypting data for multi-level access control in an ad-hoc network including hierarchical security classes includes encoding data into a predetermined code using a first public key of a highest security class, adding a private key of a security class to which a user belongs, to the predetermined code, and generating a ciphertext by adding a second public key, published by the security class to which the user belongs, to the addition result. A corresponding decryption method includes subtracting the private key from the ciphertext, performing a first decoding using a secret key known by a security class, to which a receiver belongs, by the receiver of the ciphertext, and correcting errors included in the second public key and detecting the data by performing a second decoding of the result of the first decoding using a code known by the security class to which the receiver belongs.

Abstract: A method of providing a content service and an authentication method between devices using broadcast encryption, a display device, and a resource-constrained device are provided. A method of providing a content service, the method including: transmitting, to a display device, an identification (ID) of a resource-constrained device via the resource-constrained device; receiving encryption information from the display device via the resource-constrained device; and decrypting the encryption information by using a stored secret key set via the resource-constrained device.

Abstract: A method and system for updating time information of a digital rights management (DRM) includes a time server transmitting a time information message to a consumer electronics (CE) device, the CE device transmitting the time information message to a digital rights management DRM device when the CE device receives the time information message from the time server, and the DRM device updating a present time of the DRM device based on the time information message when the DRM device successfully performs authentication with respect to the time information message which has been transmitted from the CE device.

Abstract: A digital rights management (DRM) function performing method and system using a DRM device are provided, in which a DRM device connected to a second communication device decodes encoded contents when a first communication device requests to play the contents, the DRM device re-encodes the contents using a session key, and the DRM device transmits the re-encoded contents to the first communication device via the second communication device.

Abstract: An encryption apparatus and method is provided. The encryption apparatus includes a first block cipher which block-encrypts an N-bit input into an M-bit output in which M is greater than N; a parallel processor which divides the M-bit output into at least two N-bit inputs, and block-encrypts each of the N-bit inputs into each of M-bit outputs by a parallel process which uses second block ciphers corresponding to a number of the divided N-bit inputs; and a converter which converts a plaintext into a ciphertext based on the block-encrypted M-bit output.

Abstract: An apparatus and method of detecting an intrusion code is provided. The apparatus for detecting an intrusion code includes: a set value input unit in which a set value differentiated for each group is input; an immune database generation unit which generates an immune database, based on the set value; and an intrusion code determination unit which determines whether data corresponds to an intrusion code, based on the generated immune database.

Abstract: A mutual exclusion method and DRM device is provided. The mutual exclusion method includes receiving an instruction associated with a predetermined stored file from the CE device, checking whether a performing instruction being performed associated with the predetermined stored file exists, and generating a collision error message informing that a collision error has occurred due to the inputted instruction when the performing instruction being performed associated with the predetermined stored file exists.

Abstract: A method of protecting a broadcast frame, the method comprising broadcasting a beacon and a maintenance beacon frame (MBF) from an access point (AP) to a plurality of terminals during a maintenance beacon waiting period (MBWP); and broadcasting broadcast management frames (BMFs) from the AP to the plurality of terminals during a broadcast management frame waiting period (BMFWP), wherein the MBF comprises a BMFs message integrity code (MIC) field including a BMFs MIC calculated from concatenated BMFs to be sent in a current beacon interval.

Abstract: A distributed Rivest Shamir Adleman (RSA) signature generation method in an ad-hoc network and a signature generation node are provided, including steps for distributing key information to a plurality of nodes using an RSA parameter and a maximum distance separable (MDS) code, in a dealer node, generating a partial signature using the key information and transmitting the generated partial signature to a signature generation node, in the plurality of nodes, and generating an RSA signature using the partial signature, in the signature generation node, wherein the RSA signature is generated using the partial signature, received from a fewer number of nodes than the entire plurality of nodes.

Abstract: A broadcast encryption method and a broadcast decryption method. The broadcast encryption method includes generating a message encryption key using a public key and a secret key generated by using a Strong Diffie-Hellman tuple; encrypting a message by the message encryption key; and generating a message header using a sum of a plurality of Strong Diffie-Hellman tuples corresponding to an authorized user group. Accordingly, a transmission amount and a storage amount can be reduced when a broadcast encryption message is transmitted.

Abstract: A successive data processing method and apparatus is provided. A data processing apparatus, when connected to a data management apparatus, transmits apparatus information of the data processing apparatus, selects target process data, transmits target process information of the selected target process data, processes the target process data, and transmits process status information according to a process result of the target process data to the data management apparatus.

Abstract: A public key generation method in Elliptic Curve Cryptography (ECC), and a public key generation system performing the method are provided. The public key generation method includes reducing a sequence length of the signed ternary ?-adic representation of the private key ‘k’ using properties of an elliptic curve, representing a reduced secret key ‘k’ in a signed ternary ?-adic representation; and computing a public key kP by multiplying the ?-adic representation of the private key ‘k’ whose sequence length is reduced on point P on the elliptic curve.

Abstract: A method for generating, operating, and using a sparse w-NAF key for encryption is disclosed. The method for generating a key comprises generating a string of a number of coefficients, in which at most one coefficient, excluding 0, among a consecutive w number of coefficients, corresponds to a positive odd integer equal to or less than 2w (w being a natural number equal to or more than 2); and outputting the generated string as a key. Accordingly, an encryption is executed through an exponential operation or scalar multiplication using a sparse w-NAF key having the scarce coefficients, excluding 0, such that an encryption pace is improved.

Abstract: A group key update method and a group key update apparatus for updating a key of members in a group are provided. The group key update method includes selecting a sub-root node among nodes on the binary tree; performing a node change with respect to the group according to a type of the sub-root node, and generating a changed binary tree; and performing a node key update with respect to the changed binary tree.

Abstract: Provided are a method of generating a node identifier including padding information and location information, in a tree structure, a computer-readable storage medium storing a program for executing a method of generating a node identifier in a tree structure, and a terminal apparatus using the tree structure. The location information is generated by using branch identifiers, each of the branch identifiers being allocated for each branch from a root node to a target node. The padding information is generated by a padding code, which includes information about a group of the target node, and depth information, which includes information about a level of the target node in the tree structure.

Abstract: A method and apparatus for updating a group key of a group corresponding to a binary tree are provided. The method includes updating keys of leaf nodes that correspond to new members, in response to a join of at least two new members joining the group; determining whether both of two child nodes of a single ancestor node are updated when updating a key of the single ancestor node of the leaf nodes; establishing one of the two child nodes as an update use node when both the two child nodes are updated; and updating a key of the ancestor node using the updating node. Thus, the group key may be effectively updated with respect to multi-join.

Abstract: A key generation method for self-configuration is provided which includes selecting existing nodes as many as a predefined reference number t from nodes which configure a network; transmitting a partial key request message to the selected existing nodes; and generating a node key based on randomized partial keys received in response to the partial key request. Accordingly, when a new node intends to join the network, the existing nodes forming the network can allocate a node key to the new node by themselves. Also, whether the node key of the new node is compromised or not can be verified using the error-checking witness.

Abstract: Disclosed are a method and apparatus capable of reducing the number of computations required to generate a digital signature by a digital signature generator. A digital signature generator generates a code word for a received message by a function F for generating a code word having a set weight value and generates a digital signature based on the generated code word and an inverse of a public parity check matrix H, the parity check matrix H is one way function. A digital signature receiver converts the received message using the function F for generating a code word, and multiplies a public parity check matrix H by a received digital signal, the public parity check matrix H is a one way function, and comparing the converted value with the multiplication result.

Abstract: A method and device for updating a group key are disclosed. The group key updating method comprises determining a start node for a key update on a binary tree, updating a node key of the start node for a key update, updating a node key of a parent node of a node corresponding to the updated node key using the updated node key, and repeatedly performing the updating of the node key of the parent node, and then updating a node key corresponding to a root node of the binary tree. With the disclosed method and device, it is possible to efficiently perform a group key update process.

Abstract: Provided is an apparatus and a method of restricting an access to an application module of a mobile wireless device. The apparatus for restricting an access to an application module of a mobile wireless device according to an exemplary embodiment of the present invention includes an access restriction unit for receiving a request for an access to an application module from a basic module, and for restricting the access of the basic module to the application module when a restriction on the access is required. Further included is an access restriction determination unit for determining whether the restriction on the access of the basic module to the application module according to an access environment is required. Also included is an access environment determination unit for monitoring the access environment of the basic module to the application module and for providing the access restriction determination unit with a result of monitoring the access environment.