Abstract: Described herein is a context-free protocol (i.e., the COFFEE protocol) for stimulating cooperation among selfish nodes. Various embodiments have the ability to transmit a packet over the path successfully without the dependency on the information of other packets' transmissions. It is assumed that every node in the network is rational, and therefore during the packet forwarding stage, if the intermediate nodes can not clearly tell whether the packet is destined to them or not, they do not simply drop the packet. Thus, in the COFFEE protocol, by introducing several techniques, for a packet received by a node, the node thinks the packet could potentially be destined to itself and forwards the packet to find out the answer. Detailed analysis and performance evaluations have been conducted to demonstrate the effectiveness of the COFFEE protocol.

Abstract: By using a symmetric key to encrypt mobile device data before transmitting the data to a backup location in a backup operation, access to the data, at the backup location, may be restricted. To facilitate later decryption of the backed up mobile device data, the mobile device may also transmit the symmetric key to the off-device location. However, to limit use of the symmetric key, the mobile device may encrypt the symmetric key using authentication data, before transmitting the encrypted symmetric key to the backup location.

Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.

Abstract: A cryptographic module for limiting exposure of cryptographic keys protected by a trusted platform module (TPM) is provided. The cryptographic module includes logic for establishing a session with the TPM on behalf of a cryptographic client and logic for sending a request from the cryptographic client to the TPM to retrieve in plaintext a cryptographic key of the cryptographic client. Logic for receiving the cryptographic key in plaintext from the TPM are also included in cryptographic module. Further, cryptographic module includes logic for performing a cryptographic operation requested by the cryptographic client using the cryptographic key, and logic for sending the results of the cryptographic operation to the cryptographic client. A hardware-based method and system for limiting exposure of cryptographic keys also are described.

Abstract: A private key delivery system and a private key delivery method are disclosed. The private key delivery system includes a transmitter, a receiver, and an optical transmission line connecting the transmitter and the receiver. The transmitter includes a single photon generating unit for simultaneously generating two or more single photons having different wavelengths using a quantum dot structure that has quantum dots of various sizes, an optical splitter for splitting the single photons by wavelengths, a phase modulating unit for modulating each of the single photons split by the wavelengths with private key information, and an optical multiplexer for multiplexing the modulated single photons of the different wavelength and for transmitting the multiplexed single photons to the optical transmission line. The multiplexed single photons are received by the receiver, and the private key information is taken out from the received single photons.

Abstract: A method of symmetric key encryption involves using a composition of transformations leading to an enhanced homophonic substitution, wherein the mapping of characters varies depending on the sequence of characters in the message text. In carrying out the method, encryption keys are first generated. Then, a polyalphabetic substitution is performed, which involves XOR'ing (e.g., a Boolean logical exclusive OR operation/calculation) the plaintext data elements with the generated keys. Next, the storage format is changed, from big-endian to little-endian or vice versa, and the data is stored in one or more square matrices. Finally, enhanced homophonic substitution is performed, meaning that for each element, the subset to which the element can be mapped to in the co-domain is the entire co-domain itself, thus providing the largest possible subset for the given co-domain. In other words, any given element in the domain can be mapped to any of the elements of the co-domain.

Abstract: A mutual authentication apparatus in a Downloadable Conditional Access System (DCAS) includes an announce protocol processor to authenticate SecurityAnnounce information using an Authentication Proxy (AP) and to transmit the authenticated SecurityAnnounce information to a Secure Micro (SM), a keying protocol processor to relay KeyRequest information and KeyResponse information between a Trusted Authority (TA) and the SM in response to the SecurityAnnounce information, a decryption unit to decrypt the KeyResponse information using the SM, an authentication protocol processor to determine whether a first encryption key of the KeyResponse information is identical to a second encryption key generated by the AP, and a download protocol processor to control DownloadInfo to be transmitted from the AP to the SM, the DownloadInfo permitting the SM to download SM Client Image information.

Abstract: In some embodiments of the present invention, a method and apparatus to perform at least one of a confidentiality algorithm and an integrity algorithm comprising an output from a partial KASUMI block cipher.

Abstract: A mobile terminal includes a near-field communication device capable of performing near-field wireless communication with an external device, and a controller configured to instruct the external device or the near-field communication device to execute a command. The near-field communication device has a storage unit, a first mutual authentication unit for authenticating the controller and for requesting the controller to authenticate the near-field communication device, a first communication key setting unit for setting a first communication key, a second mutual authentication unit for authenticating the external device and for requesting the external device to authenticate the near-field communication device, and a second communication key setting unit for setting a second communication key.

Abstract: A printing device capable of preventing a printing process from being performed in accordance with print information sent from a printer driver in version for which permission of use is not given. In a host computer, a print data generator adds signature data to print data, which is transferred to a printer, by employing a signature algorithm and signature-related data. In a printer, a print data analyzing/processing unit extracts the signature data having been added to the print data transferred from the host computer, and verifies the extracted signature by employing a signature verification algorithm and signature verification data.

Abstract: A method for re-encrypting encrypted data in a secure storage file system, including obtaining selected data to re-encrypt from the secure storage file system using a user data access record and the encrypted data, decrypting the selected data using a symmetric key, re-encrypting the selected data using a new symmetric key to obtain new encrypted data, encrypting the new symmetric key using a public key to obtain a new encrypted symmetric key, storing the new encrypted data and the new encrypted symmetric key if the public key is associated with a file system user having read permission, and storing an encrypted hash data if the file system user has write permission.

Abstract: A quantum key distribution (QKD) cascaded network with loop-back capability is disclosed. The QKD system network includes a plurality of cascaded QKD relays each having two QKD stations Alice and Bob. Each QKD relay also includes an optical switch optically coupled to each QKD station in the relay, as well as to input ports of the relay. In a first position, the optical switch allows for communication between adjacent relays and in a second position allows for pass-through communication between the QKD relays that are adjacent the relay whose switch is in the first position.

Abstract: A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.

Abstract: A method and apparatus are provided for simply and securely limiting a number of times that contents can be accessed using a hash chain. The apparatus limiting a number of times contents are accessed by a user terminal includes a hash chain generator receiving information indicating selected contents by the user terminal and information indicating how many times (n) the user terminal has authority to access the selected contents and generating a hash chain including n hash values derived from a seed value, and a contents access manager deleting the hash values one by one from the hash chain whenever the user terminal accesses the selected contents such that the number of times the contents can be accessed by the user terminal is decreased by the number of deleted hash values.

Abstract: The present invention pertains to data security, and more particularly to the security of encrypted data that can be transmitted between computers and the like, as well as stored upon one or more computer systems. A technique is disclosed for efficiently implementing the Rijndael inverse cipher. In this manner, encrypted ciphertext can be efficiently decrypted or converted back into plaintext. Data throughput can be enhanced via pipelining while cost savings can be concurrently achieved as less wafer space and/or die area may be utilized. Adaptations may be made based upon a resulting complexity of implementing a particular design while satisfying a maximum throughput requirement.

Abstract: Generating symmetric keys among distributed appliances, includes generating public and private values on at least one appliance, importing a public value from another appliance via an out-of-band entity, and generating a secret value as a function of the private value corresponding to the local appliance and the public value received from the other appliance.

Abstract: A method or computer program for encoding or un-encoding data receives a keyword string and removes characters in the keyword string which are not in a pre-approved character set and duplicate characters to form a validated keyword. The validated keyword is sequenced with un-used characters of the pre-approved character set and formed into a cipher grid. Clear text may be encoded using an algorithm in combination with the cipher grid, and encoded text may be un-encoded to form clear text using a reverse algorithm in combination with the cipher grid.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

Abstract: The present invention creates a SOAP message without using DOM by generating a body part by sequentially performing such a process of a message as encryption or signing for each piece of the message, generating a header part by using information acquired during the process, and by combining the body part and the header part. The present invention also breaks a SOAP message without using DOM by acquiring header information with parsing a received SOAP message and sequentially performing decode or verification of a signature of a body part according to the header information.

Abstract: An efficient symmetrical-cryptographic method for using a fast but insecure host to perform encryption/decryption based on a secret key in a secure, but slow hardware token, such as a smartcard or similar device, without revealing the secret key to the host, and such that the ciphertext and plaintext are exactly the same size. The present method is suitable for use in Digital Rights Management and Software Rights Management applications which require precise interchangeability of ciphertext and plaintext in pre-allocated areas of data storage.

Abstract: The invention is directed to a digital data delivery system including a digital data server configured to deliver first key encrypted digital data to a source device, and the first key encrypted digital data is encrypted using a first key. The source device is configured to generate decrypted digital data by decrypting the first key encrypted digital data using the first key, generate second key encrypted digital data by encrypting the decrypted digital data using a second key, and deliver the second key encrypted digital data to a digital data playing device. The first key is thereby based on one or more registration attributes of a user of the digital data server, and the second key is based on one or more attributes of the digital data playing device.

Abstract: Conversation rights for multi-modal communications are managed and enforced in an enhanced communication system. Through physical and/or software components, rights are assigned to a communication session and related components upon user request. Permitted participants of the session are provided access tools such as decryption keys. Restrictions based on the assigned conversation rights are extended to preserved recordings and associated documents of the communication session.

Abstract: In a wireless communication system, a method and system for extending Advanced Encryption Standard (AES) operations for enhanced security are provided. In an AES encryption operation, an initial state may be modified by XORing with an initial modifier before a first processing round and a final state may be modified by XORing with a final modifier after a final processing round. The output of a MixColumns function performed during AES decryption operation rounds may be modified by XORing with a corresponding round modifier. In an AES decryption operation, an initial state may be modified by XORing with a decoded final modifier before a first processing round and a final state may be modified by XORing with a decoded initial modifier after a final processing round. The input of an InvMixColumns function performed during AES decryption operation rounds may be modified by XORing with a corresponding decoded round modifier.

Abstract: A method of generating a protected digital media content, is provided. According to an embodiment of the present invention, the method includes generating a protected digital media content, comprising: generating a first control signal for use in an authorization signature of digital media content, generating a second control signal for use in a certification of the content owner's right, and generating information about the digital media content; and adding the first control signal, the second control signal, and the information to the digital media content to provide a protected content.

Abstract: One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.

Abstract: A method of validating a consumable authentication chip is provided having the steps of: numerously calling a trusted chip's test function with an incorrect value to generate an invalid response or not generate the response thereby invalidating the consumable chip; if generated, in the trusted chip, generating a secret random number, calculating its signature and symmetrically encrypting the number/signature using a first secret key; calling the consumable chip's read function with the encrypted number/signature to symmetrically decrypt the encrypted number/signature using the first key, calculate the decrypted number's signature, compare the signatures, and if they match, symmetrically encrypt the decrypted random number and a data message using a second secret key; calling the trusted chip's test function with the message and the encrypted number/message to symmetrically encrypt the number and message using the second key, compare the encrypted numbers/messages, validate the consumable chip if they match, a

Abstract: A system for enabling authenticated communication between a first entity and at least one other entity, the system including a second entity, wherein: the first entity and the second entity share transport keys; and the second entity includes at least one authentication key configured to be transported from the second entity to the first entity using the transport keys, the authentication key being usable to enable the authenticated communication by the first entity.

Abstract: An information communication method performed by a communication terminal apparatus, the method including: sharing a first encryption key with a first server; receiving a request for sending identification information of the communication terminal apparatus; authenticating the first server based on certificate information of the first server that is acquired while sharing the first encryption key and verification information retained in the communication terminal apparatus; encrypting the identification information of the communication terminal apparatus using a second encryption key; and encrypting, using the first encryption key, according to an authentication result, encrypted identification information of the communication terminal apparatus as generated by using the second encryption key, and transmitting resulting double-encrypted identification information of the communication terminal apparatus to the first server.

Abstract: An apparatus is provided for validating a device. The apparatus includes a first integrated circuit which is configured to generate a random number, reference information using the random number and a secret key. A control system is configured to: receive the random number and the reference information from the first integrated circuit, receive validation information from a second integrated circuit positioned on the device whereby the validation information is generated by the second integrated circuit using the random number and the secret key, and compare the reference and validation information received from the integrated circuits to validate the device.

Abstract: A home network system includes: a plurality of wireless devices cooperated with a home network, each device having a tag attached thereto to identify it; a tag reader for reading tag information from the tag of each wireless device; and a network manager for storing a shared key and identifying each wireless device connected to the home network using the tag information and supporting information exchange between the wireless devices by using the shared key.

Abstract: A communication apparatus includes a storage part configured to store a first key generated according to authentication with a transmission source, identification information of the transmission source, and first information remaining unchanged regardless of the initialization of a coupling status and corresponding to the transmission source, with the first key, the identification information and the first information mapped to each other, an acquisition part configured to acquire a public key from the transmission source holding the identification information responsive to the first information stored on the storage part if the identification information of the transmission source has changed in response to the initialization of the coupling status, and a calculation part configured to generate an encryption key for use in encryption and decryption of data transmitted by the transmission source, based on the first key responsive to the first information, and the public key.

Abstract: An executing device conducts playback of contents. The executing device is equipped with a highly efficient processor and reduces the processing load involved in verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the executing device is capable of improving the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: A user receives a message via a network service platform at their mobile handset. The user is required to input a PIN, password or other authentication data, before the received message is displayed. The service platform generates a partial encryption key and embeds this within a message which is subsequently encrypted and transmitted to the receiving device. The receiving device or handset receives the message and decrypts it using a previously stored pseudo-random seed, combined with a user entered PIN. The receiving device or handset extracts the partial key delivered with the message and uses this key data to generate a new pseudo-random seed which, in turn, is used to generate a sequence of characters in apparently random order. This sequence of characters or numbers is presented in a text-only form with a cursor or other highlighting method selecting the first character in the pseudo-random sequence. The user is then able enter their PIN by using cursor control keys, such as the right/left keys.

Abstract: A cryptographic key split combiner includes a number of key split generators for generating cryptographic key splits from seed data, and a key split randomizer for randomizing the key splits to produce a cryptographic key. The key split generators can include a random split generator for generating random key splits, a token split generator for generating token key splits based on label data, a console split generator for generating console key splits based on maintenance data, a biometric split generator for generating biometric key splits based on biometric data, and a location split generator for generating location key splits based on location data. Label data can be read from storage, and can include user authorization data. A process for forming cryptographic keys includes randomizing or otherwise binding the splits to form the key.

Abstract: An entertainment device comprises communication means operable to receive media data from a media data source, storage means operable to store the received media data, in which the storage means limits the duration of access to the media data which was received from the media data source.

Abstract: A method and apparatus for authentication in a wireless communication network is disclosed. A secret is shared between a mobile device and a home device. When a mobile device requests a connection to a remote device and the remote device does not have knowledge of the shared secret, the remote device determines whether the mobile device can connect to the remote device by concurrently sending a challenge to the mobile device and the home device. The remote device then compares the responses from the mobile device and the home device.

Abstract: A method to transmit commands across a gaming network is implemented with digitally signed messages. The command messages are generated upon a triggering event, such as the winning of a bonus. The messages are digitally signed by the transmitting node and transmitted to the subservient device. When the subservient device receives the message, it verifies the signature and executes the command. If the signature does not verify, the subservient device may raise an alarm.

Abstract: A method of distributing an encoding/decoding program and a symmetric key in a security domain environment, and a device divider and data injector therefor are provided. The method includes selecting, at a highest-level security domain, an encoding/decoding program and a symmetric key to be distributed to a plurality of lower-level security domains; dividing the selected encoding/decoding program and the symmetric key into pieces as many as the number of lower-level security domains; and distributing the divided encoding/decoding program pieces and the symmetric key pieces to devices belonging to the lower-level security domains.

Abstract: An apparatus, and an associated method, enables presence information of a presentity to be retrieved by a watcher. Elements, or portions, of the presence information may be made selectively opaque (unreadable) to any but authorized watchers or other consumers of the presentity information.

Abstract: Framing transmit encoded output data begins by determining a scrambling remainder between scrambling of an input code word in accordance with a 1st scrambling protocol and the scrambling of the input code word in accordance with an adjustable scrambling protocol. The processing continues by adjusting the adjustable scrambling protocol based on the scrambling remainder to produce an adjusted scrambling protocol. The processing then continues by scrambling the input code word in accordance with the 1st scrambling protocol to produce a 1st scrambled code word. The processing continues by scrambling the input code word in accordance with the adjusted scrambling protocol to produce a scrambled partial code word. The processing continues by determining a portion of the 1st scrambled code word based on the scrambling remainder. The process then continues by combining the scrambled partial code word with the portion of the 1st scrambled code word to produce the transmit encoded output data.

Abstract: In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypted boot component may then be calculated and the result can be placed in a PCR. The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.

Abstract: It takes time for an encryption data communication system to transfer encrypted data, because negotiations of security parameters are necessary prior to communications in order to protect security and integrity of a SIP message or public key cryptography is required to be used for an encryption process, a decryption process., an digital signature process and an digital digital signature verification process each time a SIP message is transmitted/received. When a SIP message is transferred between two entities, the message is encrypted by shared information if the information is being shared between the entities, or the message is encrypted by the public key of the transmission destination entity if the shared information is not being shared. The encrypted message contains shared information to be used for the transmission destination entity of the encrypted data to encrypt or decrypt the message, during communications after the encrypted data is generated.

Abstract: A card activated cash dispensing automated banking machine is provided. The machine may be operative to install a terminal master key (TK) therein in response to at least one input from a single operator. The machine may include an EPP that is operative to remotely receive an encrypted terminal master key from a host system. The machine may authenticate and decrypt the terminal master key prior to accepting the terminal master key. The machine may further output through a display device of the machine a one-way hash of at least one public key associated with the host system. The machine may continue with the installation of the terminal master key in response to an operator confirming that the one-way hash of the public key corresponds to a value independently known by the operator to correspond to the host system.

Abstract: A system and method for providing variable security levels in a wireless communication network. The present invention optimizes the often conflicting demands of highly secure wireless communications and high speed wireless communications. According to a preferred embodiment of the present invention, various security sensors are scanned to determine the likely presence of an intruder within a predetermined trust zone. If an intruder is likely present, the security level is changed to the highest setting, and consequently a lower data rate, while the intruder is identified. If the identified intruder is in fact a trusted node, the security level is returned to a lower setting. If the identified intruder is not a trusted node, the security level is maintained at an elevated state while the intruder is within the trust zone.

Abstract: The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data.

Abstract: An apparatus (213) and corresponding methods (FIG. 7) to facilitate maintaining crypto synchronization while processing communication signals in a communication unit includes a vocoder (215) configured to convert input audio band signals to vocoder output frames; a crypto processor (217) configured to encrypt the vocoder output frames to provide encrypted output frames; and a synchronizer (219) configured to substitute in a predetermined manner synchronization information corresponding to an encryption state of the crypto processor for a portion of the encrypted data in a portion of the encrypted output frames to provide resultant output synchronization frames suitable for synchronizing a decryption process at a target communication unit.

Abstract: Mutual authentication is performed by using first and second authentication key data between a first data processing device and a second data processing device. When the mutual authentication is succeeded, the first data processing device uses encryption key data for encrypting predetermined data and outputs the data to the second data processing device. The second data processing device decrypts the encrypted data by using decryption key data and judges whether the data is adequate or not for making the data to effective.

Abstract: A system for encrypting a data encryption key includes a key encryption key generator configured to receive a public portion of a label, the label including an asymmetric key pair of the public portion and a private portion, the key encryption key generator being further configured to process the public portion of the label to obtain a key encryption key, and a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device.

Abstract: The present invention relates to methods of and systems for providing conditional access to electronic content. Electronic content is provided to a user along with authorization information. The electronic content may be transmitted to the user, and the user may use the authorization information to access the electronic content. An authorization code may be provided to the user such that the user may be granted access to the content based on a comparison of the provided authorization code and a second authorization code transmitted with the electronic content, and transmission of the second authorization code may be controlled by a content provider to control access by the user.

Abstract: In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.