Abstract: Embodiments of wireless display of digital content include transmission using a television transmission standard, such as a set of standards defined by the Advanced Television Systems Committee (ATSC) for digital television (TV) transmissions. The digital content is transmitted in a short range wireless network. In some embodiments, an encryption technique is applied to add security allowing decryption by a digital television using a firmware update, allowing retrofitting of security to devices currently deployed.

Abstract: Techniques for securing data access are presented. A sender encrypts data into a first integer value. A first knot is selected along with first and second keys. The first knot, first integer value, first key, and second key are used to produce a final knot. The final knot is transmitted as a graphical image to a receiver over a network. The receiver uses the first knot, final knot, first key, and second key to derive the first integer value. The first integer value is decrypted to produce the original data that the sender intended to send securely to the receiver.

Abstract: Key exchanges between peer-to-peer devices can be vulnerable to man in the middle attacks. Verification of the key exchanges can be made on a channel, network and/or device different from the channel, network and/or device used for the key exchange to determine whether the key exchange was secure. Verification of the key exchange can also be made through an established and trusted device and/or entity. If the key exchange was secure, the parties to a communication utilizing the key(s) exchanged can be notified, if desired. If the key exchange was not secure, the parties can be notified and the communication can be selectively disconnected.

Abstract: A verification information generation system includes first and second data processing apparatuses. The first data processing apparatus has a unit holding first secret information, a unit receiving information associated with the second secret information from the second apparatus, a unit generating key information on the basis of the first secret information and the information associated with the second secret information, a unit generating key derivation auxiliary information allowing the key information to be derived from the second secret information, a unit generating verification information on the basis of information to be verified and the key information, and a unit outputting the information to be verified, the verification information, and the key derivation auxiliary information. The second secret information is information which is set in advance in the second data processing apparatus.

Abstract: A system is described for encryption and decryption of digital data prior to the digital data entering the memory of a digital device by generating a key, sub-key and combining the sub-key with mixed digital data, where the encryption and decryption occurs between the memory controller and the input output register.

Abstract: In one embodiment, the present invention includes a method for receiving a request for power-up of a first blade of a chassis, enabling the first blade to power-up in a reduced boot mode and receiving a communication including characteristic information and policy information associated with the first blade, and analyzing the characteristic information and the policy information to determine a policy and a boot configuration for the first blade. Other embodiments are described and claimed.

Abstract: A key management of cryptographic keys has a data package including one or more cryptographic keys that are transferred to a personal device 100 from a secure processing point 150 of a device assembly line in order to store device specific cryptographic keys in the personal device 100. In response to the transferred data package, a backup data package is received by the secure processing point 150 from the personal device 100, which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage 125 of a chip 110 included in the personal device 100. The secure processing point 150 is arranged to store the backup data package, together with an associated unique chip identifier read from the personal device 100, in a permanent, public database 170.

Abstract: Embodiments of methods and apparatus for providing an insertion and integrity protection system associated with a wireless communication platform are generally described herein. Other embodiments may be described and claimed.

Abstract: A graphics processing unit is programmed to carry out cryptographic processing so that fast, effective cryptographic processing solutions can be provided without incurring additional hardware costs. The graphics processing unit can efficiently carry out cryptographic processing because it has an architecture that is configured to handle a large number of parallel processes. The cryptographic processing carried out on the graphics processing unit can be further improved by configuring the graphics processing unit to be capable of both floating point and integer operations.

Abstract: Systems and methods for document control using public key encryption are provided. An interface program serves as a software interface between user applications used to create and access documents and a data storage system that stores the documents in an encrypted form. When a document is saved for the first time, information corresponding to the destruction of that document is obtained either from a user or in accordance with predefined criteria. The document is encrypted and stored with a pointer to an encryption key on a token/key server. When the document is subsequently accessed, the interface program will read the pointer and attempt to retrieve the key. If the key has expired in accordance with the destruction policy, the document is inaccessible. Otherwise, the document is decrypted using the key. Multiple documents may be saved according to the same destruction policy and even the same key, thereby greatly enhancing the ability to “destroy” documents regardless of their location with minimal process.

Abstract: Systems and methods are described for over-encrypting symmetrically pre-encrypted content for off-line delivery to playback devices using portable media drives in accordance with embodiments of the invention. One embodiment of the method of the invention includes symmetrically pre-encrypting the content, receiving a request to issue content for playback on at least one playback device associated with a user account, where each playback device includes a processor containing a private key assigned to the playback device by a conditional access system, generating a content key and over-encrypting at least a portion of the symmetrically pre-encrypted content in response to the request, obtaining a public key for each playback device, encrypting a copy of the content key using the public key of each playback device associated with the user account, and delivering the over-encrypted content and the at least one encrypted copy of the content key to a playback device associated with the user account.

Abstract: In one embodiment, a method includes receiving gap information from an entertainment content source configured to provide an entertainment stream associated with a contributing source information providing a source of the entertainment stream and a chronological order to render the entertainment stream, the entertainment stream being encrypted and having an associated first decryption key multiplexed into a key distribution system, the gap information identifying a gap in the entertainment stream where an ad may be one of inserted or substituted, synchronizing a target ad from an advertisement stream to a time base corresponding to the gap, decrypting the entertainment stream using the first decryption key selected from the key distribution system based on the contributing source information, and rendering the entertainment stream and the target ad as a composite stream based on the chronological order, the target ad being rendered during the gap in the entertainment stream.

Abstract: The present invention describes a system and method for securely identifying and authenticating devices in a symmetric encryption system. An RFID tag can generate indicators using encryption state variables and a symmetric key. An RFID reader, after receiving the encryption state variables from the tag, may identify the tag by performing an exhaustive key search in a key database. Each key in the database may be tested by using the key and encryption state variables to perform an encryption operation similar to that performed by the tag. The result is then compared with the received tag indicators to determine if the tag has been identified. A rotor-based encryption scheme provides for a low cost key search while providing resilience against cloning, tracking, tampering and replay attacks.

Abstract: Techniques are presented for synchronizing and archive-versioning encrypted files. Blocks of encrypted data are managed and metadata is maintained for the blocks. The metadata identifies a maximum number of blocks and an index or parameter string. The string includes transaction identifiers and relative block numbers. The metadata is used as parameter information to a hash algorithm along with a hash key to acquire a unique initialization vector for each block. Each initialization vector when supplied to a cipher service along with a particular block of data produces an encrypted version of the data supplied or supplies a decrypted version of the data supplied. The techniques are also applied to files being archived and versioned from a storage volume.

Abstract: A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.

Abstract: A network trace utility is provided. The network trace utility receives and copies packets in a secure session of (at least) two-way network communication between a client and a server. The network trace utility receives an administrator password, and uses a hash of the administrator password to decrypt the first session key. The network trace utility then decrypts one or more additional session keys, each one using the preceding session key. Then, the network trace utility decrypts the machine key using one of the session keys. A hash of the machine key is used to decrypt additional packets in the secure session. The network trace utility enables the contents of one or more additional packets in the secure session to be displayed to the user.

Abstract: A system for encrypting and decrypting data formed of a number of bytes using the ARCFOUR encryption algorithm is disclosed. The system includes a system bus and an encryption accelerator arranged to execute the encryption algorithm coupled to the system bus. A system memory coupled to the system bus arranged to store a secret key array associated with the data and a central processing unit coupled to the system bus wherein encryption accelerator uses substantially no central processing unit resources to execute the encryption algorithm.

Abstract: A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.

Abstract: A file-based data retention management system is provided. A data source can store data files. An online backup file system can make a backup copy of the data files from the data source and store the backup copy of the data files on a backup server. A policy database can be maintained by the system, the policy database including data retention policies for the data files for retention management of the data files. A key management system can assign and manage encryption keys for the data files. The key management system can store the encryption keys on a separate system from the data files stored on the backup server.

Abstract: Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: Techniques for delivering internal mail over the Internet without relying upon a domain name in an email address commonly known to include an @ sign are disclosed. An embodiment of the techniques is for a collaborative communication system or platform, where each of users in the collaborative communication platform is assigned an identifier. The identifier is used for delivering the internal mail so authored similarly to an email, except that the internal mail is delivered without relying upon an email address or the domain name therein. The identifier of a recipient cannot be used as an email address for someone other than any of the registered users to send an email message to the recipient.

Abstract: A method and apparatus for a third party authentication server is described. The method includes receiving a record ID for a user, and a one-time key generated by the server and encrypted with a user's public key by the server. The method further includes receiving the user's authentication data from the client, and determining if the user's authentication data matches the record ID. If the authentication data matches the record ID, decrypting the one-time key with the user's private key, and returning the decrypted one-time key to the client.

Abstract: A connection assistance apparatus avoids unauthorized access and DoS attacks, prevents a performance degradation from occurring, and does not need to recognize different connections to gateway apparatus. An authenticating unit authenticates the validity of a terminal by checking if the terminal is a valid terminal capable of communicating with a gateway apparatus according to IPSec in response to a request from a user who owns the terminal. If it is judged that the terminal is a valid terminal, then a preshared key generating unit generates a preshared key for the terminal and the gateway apparatus, and a firewall opening instruction information generating unit generates firewall opening instruction information to open a firewall of the gateway apparatus. A transmitting unit sends the preshared key to the terminal and the gateway apparatus and sends the firewall opening instruction information to the gateway apparatus.

Abstract: The invention provides a system and method for that facilitating the remote management of one or more networks. In enabling the remote management of a network, embodiments of the invention provide limited access to service providers through a firewall, without the need to modify the configuration of the firewall. Advantageously, the cost of providing such access may be reduced compared to conventional approaches. In addition, such access may be limited to data inquiries or other commands, which can reduce the risk that the security of the network is compromised.

Abstract: A computer-implemented system processes secure electronic documents from one or more content providers in accordance with subscriber instructions has a processor and modules operative within the processor. A monitoring module obtains a provider GUID, a subscriber GUID, and a transaction ID from public metadata associated with a transaction received from a particular content provider. A determination module determines any designees of the subscriber and contact information one or more of the subscriber and any designees. A transaction module distributes a transaction addressed to at least one of the subscriber and any designees. Each distributed transaction includes data that is used for management, tracking, and alerting. Also described is a station for constructing transactions for distribution to subscribers through such a system, and management of local-advertising to users of such a system. An end-to-end system and method are described.

Abstract: A method and an apparatus for enciphering and deciphering content with symmetric and asymmetric cryptography with the use of the shadow numbering system where two or more shadow values are used with two or more base values with a two side equation, on one side the value to encipher is multiplied with one of the shadow value then the modulus taken with the base value, to decipher the enciphered value is multiplied with the shadow value that didn't take part of the first equation then the modulus is taken with the base value, thus, deciphering the enciphered value.

Abstract: A node that couples to the Internet establishes a secure connection with another node that couples to the Internet. The secure connection to be established via an IPsec security association. The node registers with an authority that couples to the Internet and provides public key infrastructure (PKI) services. Registration is to include obtaining both a private and a public and key. The PKI services to include providing the private key to only the registered node and providing the public key to another registered node that requests PKI services from the authority. The node requests the PKI services from the authority based on a change in a point of attachment for the node to the Internet. The node then authenticates the other node via the PKI services and exchanges a secret key with the other node based on the authentication of the other node. The node is to implement an encryption scheme that uses the exchanged secret key for symmetric encryption of data exchanged between the node and the other node.

Abstract: Certain embodiments provide a set top box, comprising: a processing entity configured to obtain data for a channel stacking switch, to obtain a security data element and to formulate a message for the channel stacking switch by combining the security data element with the data; a communications interface configured to send the message to channel stacking switch. Other embodiments provide a channel stacking switch, comprising: a communication interface configured to receive a message from a set top box; a processing entity configured to determine whether or not the message is legitimate and to take an action that depends on whether or not the message is legitimate. Still further embodiments provide a satellite signal receiving system comprising a channel stacking switch and at least one set top box in secure communication with the channel stacking switch.

Abstract: In a secret information management system, a secret information management apparatus comprises a secret distribution unit which secretly distributes a data key k using a (k, n) threshold secret sharing scheme and creates n distributed keys B1, B2, . . . , Bn in the decryption of data D input from a user terminal, an encryption unit which creates n encrypted distributed keys EP1(B1), EP2(B2), . . . , EPn(Bn) using n distributed manager public keys P1, P2, . . . , Pn, and an encrypted data storage unit which stores encrypted data EK(D), an encrypted data key EPx(K) and the n encrypted distributed keys in association with each other.

Abstract: In a communication system (100), a method and apparatus provides for message integrity regardless of the operating version of an authentication center (198) or an interface (197) between the authentication center (198) and a mobile switching center (199). The method and apparatus include generating a cellular message encryption algorithm (CMEA) key, and generating a CMEA-key-derived integrity key (CIK) based on the CMEA key for message integrity between a mobile station and a base station. The mobile station transmits a registration message to the base station, and determines an operating version of the authentication center (198) in communication with the base station based on whether the mobile station receives a registration accepted order or some elements of an authentication vector from the base station. The CIK is generated based on the CMEA key, if the mobile station receives a valid registration accepted order from the base station.

Abstract: A dynamic range of intensity modulation is set to range from a maximum intensity Smax to a minimum intensity Smin. A difference ?(=Smax?Smin) between the maximum intensity Smax and the minimum intensity Smin is divided by the number 2M of multilevel signals. Thus, a distance (an intensity difference) between adjacent signals is [?/2M]. The number 2M of multilevel signals is selected such that the distance [?/2M] between adjacent multilevel signals (between an intensity Si and an intensity Si+1) is sufficiently buried within a range of quantum fluctuations obtained when heterodyne measurements are made or buried within a range of quantum shot noise obtained when a direct detection is made. Bases of a basis group are each positioned for intensity signals so as to have a high intensity and a low intensity between which a distance is set to be a certain value smaller than a middle point intensity [?/2].

Abstract: Some embodiments provide a system to assure enhanced security, e.g., by assuring that information is not revealed over a covert channel. All communications between a source system and a destination system may pass through an intermediate system. In some embodiments, the intermediate system may perform an additional level of blinding to ensure that the source system does not covertly reveal information to the destination system. In some embodiments, the intermediate system may request the source system to perform a modification operation, and then check if the source system performed the modification operation. Examples of the modification operation include a blinding operation and a cryptographic hashing operation.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: The management of data access is facilitated. A loop only if changed locking facility is provided, in which reads and updates of the data being managed are permitted, unless an update to the data completes during the execution of the read or update routine. As long as an update to the data has not completed during a processor's execution of the read or update routine, access is permitted.

Abstract: Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction.

Abstract: Systems and methods are provided for manual and/or automatic initiation of simultaneous multi-encrypted rotating key communication. Specifically, decryption of data between a first user and one more other users during a communication session may occur using a plurality of keys that rotate or change after an event has occurred, such as an amount of time has elapsed during the communication session or an amount of data has been transmitted during the communication session. The first user and the one or more other users may have a repository for the storage of the plurality of keys to use during the communication session.

Abstract: An on-line diagnostic system and method enable equipment information stored in each piece of industrial equipment to be safely disclosed to maintenance personnel to the extent permitted by the user of the industrial equipment. The on-line diagnostics systems comprises industrial equipment and a maintenance apparatus for the maintenance of the industrial equipment, which are connected via the Internet. Equipment information indicating the state of the industrial equipment is encrypted using a specific common key, and the encrypted equipment information is transmitted to the maintenance apparatus in response to a request therefrom. The fact that the common key has been transmitted from the industrial equipment to the maintenance apparatus is outputted. After receiving the encrypted equipment information and the common key that have been transmitted, the encrypted equipment formation is decrypted using the common key, and the decrypted equipment information is outputted.

Abstract: To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D,E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and completes the signature with the second private key portion D2 to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time-password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.

Abstract: The aim of the present invention is to propose a method to prevent the abusive use of conditional access data, in particular by means of clones of security modules whose security has been compromised.

Abstract: A symmetric key cryptographic method is provided for short operations. The method includes batching a plurality of operation parameters (1503), and performing an operation according to a corresponding operation parameter (1505). The symmetric key cryptographic method is a Data Encryption Standard (DES) method. The short operations can be less than about 80 bytes. The short operations can be between 8 and 80 bytes. The method includes reading the batched parameters from a dynamic random access memory (1504), and transmitting each operation through a DES engine according to the operations parameter (1505).

Abstract: A method and system for distribution of scrambled data and/or services to at least one master terminal and to at least one slave terminal linked with the master terminal. The method and system transmit to the master terminal a first secret code and transmit to each slave terminal a second secret code in a biunique relationship with the first secret code, and authorize the reception of the data and/or services by a slave terminal only if the first secret code is previously stored in the slave terminal.

Abstract: A system and method for exchanging a transformed message with enhanced privacy is presented. A set of input messages is defined. A set of output messages is defined. A message is selected from the input messages set. One or more words in the selected message are efficiently transformed directly into a transformed message different from the selected message, wherein the transformed message belongs to the set of output messages, at least one component of the selected message is recoverable from the transformed message, and the cost of determining whether the transformed message belongs to the input messages set or the output messages set exceeds a defined threshold.

Abstract: A method for offloading encryption and decryption of a message received at a message server to one or more end devices that are remote from the message server. An encrypting end device remote from the message server encrypts a message using cryptographic context and transmits the cryptographic context and encrypted message to the message server for storage at the message server. The message server stores the encrypted message as received without decrypting the message. The message server sends the stored cryptographic context and the encrypted message to a decrypting end device in response to the decrypting end device sending a request for the message server to transmit the encrypted message to the decrypting end device. The decrypting end device uses the cryptographic context to decrypt the encrypted message and then presents the decrypted message to a user of the decrypting end device.

Abstract: A device for and method of authenticated encryption by concatenating a first user-datum with a second datum, concatenating the first datum with a third datum, encrypting the results, concatenating the encrypted results, concatenating the result with a message and a fifth user-definable datum, hashing the result, concatenating the result with the message, dividing the result into blocks, concatenating the first datum with a sixth datum, generating key-stream blocks from the result using a block cipher in counter mode, combining the blocks and key-stream blocks, concatenating the result with the first datum and the fifth datum, and transmitting the result to a recipient. The recipient extracts the hash value from the received ciphertext, generates a hash value from the first through fifth datums and plaintext derived from the ciphertext, and compares the two. If they match then the plaintext and fifth datum are as the sender intended.

Abstract: Methods and apparatuses for key generation, encryption and decryption in broadcast encryption. A public parameter and a primary key based on a first random number are generated. For each of leaf nodes in a binary tree, a right key set of the leaf node is calculated, the right key set including a right key of the leaf node and right keys of right brother nodes for all the nodes on a path from a root node to the leaf node. A left key set of the leaf node is calculated, the left key set including a left key of the leaf node and left keys of left brother nodes for all the nodes on the path. The sum of the second and third random numbers equals to the first random number. The second random number is different for different subscribers.

Abstract: An information search system that enables efficient collection of information and support of formation of groups which people who share a same interest can join over a network. This system includes an intermediate server and a central server, wherein the intermediate server retains indexes for searching the content database on the central server. Users issue a search request to the intermediate server and search results are returned and recorded on the intermediate server as a search history. The search history is shared by users and used as references from which retrievable content can be selected.

Abstract: A method of protecting secret key integrity in a hardware cryptographic system includes first obtaining an encryption result and corresponding checksum of known data using the secret key, saving those results, then masking the secret key and storing the masked key. When the masked key is to be used in a cryptographic application, the method checks key integrity against fault attacks by decrypting the prior encryption results using the masked key. If upon comparison, the decryption result equals valid data, then the key's use in the cryptographic system can proceed. Otherwise, all data relating to the masked key is wiped from the system and fault injection is flagged.

Abstract: An encryption technique allowing use of classic Y-00 scheme performed using classic physical random numbers instead of quantum fluctuation in electrical communication and data storage in recording media, including a first modulation step for multilevel-modulating input data by associating with specific state pairs determined by physical random numbers, a second modulation step for outputting the output of the first step by irregularly associating with another signal by physical random numbers, and a channel coding step for channel-coding the output of the second step into desired codeword and outputting it as encrypted data, wherein the decoded signal obtained by channel-decoding the encrypted data can be discriminated which of specific state pairs the signal corresponds to and demodulated into the input data, and output by the first modulation by state pairs other than the specific state pairs and the second modulation by a physical random number different from the physical random number.

Abstract: A communication system includes a transmitter having a signal generator for generating a signal for transmitting data, a transmission delay unit for repeatedly delaying the signal from the signal generator for a predetermined delay time within a symbol period and generating corresponding delayed signals, and a selector for selectively providing one of the delayed signals from the transmission delay unit to an antenna; and a receiver having a reception delay unit for receiving the signal from the transmitter and delaying the signal as long as the delay time of the transmission delay unit, and a data judgment block for discriminating data bits of the signal from the transmitter by comparing the signal from the transmitter with the delayed signal from the reception delay unit. According to the communication system, the delay time can be accurately adjusted even if the delay line is shortened, and the data bits of the communication signal can be accurately judged in the receiver side.

Abstract: This invention is to safely and surely distribute authentication information to users or user terminals. This method includes: requesting authentication using predetermined authentication information for an access destination via a network; receiving a notification indicating an authentication failure from the access destination; acquiring currently valid authentication information from an authentication information manager by transmitting data to indicate own legitimacy, and storing the acquired currently valid authentication information into a storage device; and requesting the authentication using the acquired currently valid authentication information for the access destination via the network. Thus, by supposing that a failure in the authentication occurs, and by causing the user side to present the data to indicate own legitimacy for the authentication information manager, the currently valid authentication information is distributed, for example, after the encryption.