Abstract: A method includes generating a set of session keys and encrypting content utilizing the set of session keys to generate encrypted content. The set of session keys is transmitted. The encrypted content is transmitted to a content destination, so as to enable the content destination, utilizing the set of session keys, to decrypt the encrypted content.

Abstract: A computer receives a request for authentication from a client. The computer forwards the authentication request to an authentication source. Once the authentication source has validated the authentication request, the computer requests authentication and cache control information from the authentication source. The computer uses the authentication and cache control information to populate a user object stored in a container hierarchy and enable the computer to authenticate an authentication request without forwarding the authentication request to the authentication source.

Abstract: A public key (PK) dependent on a secret key is accessible to a sender entity (2) and to recipient entities. A private key that can be associated with a recipient entity depends on the secret key and on an identity parameter (IDj) of said entity. Encryption of a message (M) intended for a set of s recipient entities (s>1) comprises generating a symmetrical encryption key (K) and an associated cryptogram (Hdr), as a function of the public key, from the identity parameters of the s recipient entities and a number chosen by the sender entity. The cryptogram allows access to the associated encryption key by combination with the public key, the identity parameters of the s recipient entities and the private key of an identified recipient entity of the set. The message is encrypted in the sender entity with the generated encryption key and is broadcast in this encrypted form, accompanied by said cryptogram.

Abstract: A method and system for server-based encrypted messaging that uses a receiver-determined password to symmetrically encrypt messages that are intended for that receiver. A sender authenticates to a Recipient Password Server in order to generate a message and optionally to upload attachments, which are enclosed in a virtual envelope that is digitally signed. Each envelope is encrypted with the intended recipient's password and sent either as an email attachment or by other messaging protocol. Messages intended for multiple recipients are each custom encrypted with the individual recipient's password and mapped to the correct identity and reception point. Users can change their passwords at any time. A method is also included to support secure searches of a collection of encrypted envelopes for exact words and phrases.

Abstract: Cryptographic Key Management System facilitating secure access of data portions to corresponding groups of users. In an embodiment, corresponding group key (asymmetric key pair) is provided for each group, with the private key being stored in a secure format requiring the user credentials for decryption. In addition, a data key required to decrypt a data portion of interest is encrypted using the group public key. Thus, when a user attempts to access a data portion, the user credentials are used to decrypt the group private key, which is then used to decrypt the data key. The data key is then used to decrypt the data portion of interest.

Abstract: A configuration that efficiently executes cryptographic processing to which a plurality of different F-functions are applied is provided. In a configuration that executes cryptographic processing by performing round operations to which different F-functions are selectively applied, a plurality of F-function correspondence tables, each corresponding to one of the F-functions, in which input values and output values or intermediate values are associated with each other are stored in a memory; in accordance with a prescribed cryptographic processing sequence, addresses corresponding to F-functions for the respective rounds are applied to read F-function correspondence tables from the memory; and output values or intermediate values for input values are acquired on the basis of reference to the tables to obtain data transformation results in accordance with the respective F-functions.

Abstract: A traceable method for encrypting and/or decrypting data broadcast by at least one transmitter towards several decoders includes the steps: during encryption of broadcast data, the transmitter implements (in 86) at least one first secret function to transform an unencrypted message into an encrypted message; and during decryption of the broadcast data, all the decoders implement (in 92) at least one common second secret function, each decoder using therefor a mathematical description of the second function stored in a memory (21), the mathematical description of the second function being different from one decoder to another or from one group of decoders to another such that the mathematical description used identifies exclusively the particular decoder or group of decoders.

Abstract: A cryptographic unit includes a first processing unit for determining an output signal on the basis of the AES algorithm and for determining a first comparison signal, a second processing unit for determining a second comparison signal, and a release unit for providing the output signal, wherein the release unit is designed to perform a defense measure against an external tapping of the output signal when the first comparison signal is not related to the second comparison signal in a predetermined relationship. The first comparison signal is determined in a different way as compared to the second comparison signal, so that, in the case of the injection of faults into the cryptographic unit, these faults may be detected very easily.

Abstract: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system.

Abstract: The present invention provides a portable memory, comprising: a key storage unit for storing a register key for the portable memory; a key receiving unit for receiving a first key entered by a user and generating a second key based on the first key; an identification unit for comparing the second key with the register key to obtain a comparison result; a key generation unit for generating an encryption/decryption key if the comparison result indicates that the second key matches the register key; a chip for encrypting/decrypting a data stream exchanged between a computer and the portable memory by using the encryption/decryption key. The portable memory constitutes a system itself, and thus can perform encryption/decryption operations independent of external systems, resulting in a reduced cost. The present invention also provides a method of encrypting a portable memory.

Abstract: A method and apparatus for dynamically generating data encryption keys for encrypting data files and for decrypting encrypted data files via a key exchange method is provided. A dynamically generated an encryption key is generated for each encryption event, so that the key cannot be produced or reproduced. A key exchange component of the invention ensures that only an intended recipient has the means to decrypt a file encrypted with the dynamically generated symmetric encryption keys.

Abstract: A sender and a receiver includes first and second arrays of coupled oscillators, respectively, that are substantially identically constructed so as to exhibit substantially the same dynamical response to excitation. A chaotic waveform generated at the sender is transmitted to the receiver, which generates a second chaotic waveform, and compares the received waveform with the generated second waveform. If the first and second waveforms match the sender is an authorized sender. An integrated circuit includes an array of coupled oscillators that in combination generate a waveform in response to at least one excitation signal. The array of coupled oscillators represents, in response to application of the excitation signals, a multi-dimensional security key that is shared between the sender of the waveform and the receiver of the waveform.

Abstract: An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.

Abstract: A method, a system and a computer program for changing an encryption key of data encrypted by a first key and stored on an archive server (40), wherein a conversion is applied to the data, generating recrypted data decryptable by means of a second key, the conversion being generated on a second server (30) and associated with the first key and the second key via a functional operation and transferred from the second server (30) to the archive server (40) via a transfer channel (38).

Abstract: An elliptic curve cryptography method which generates a public key for use in a communication encryption using an elliptic curve, including: changing a number of a secret key (d) of (k) bits to an odd number; encoding the secret key to yield an encoded secret key (d) in which a most significant bit (MSB) is (1) and a rest positional number is (1) or (?1); and computing the public key (Q=Dp) by multiplying the encoded secret key (d) by a predetermined point (P) on the elliptic curve by a scalar multiplication.

Abstract: A method and apparatus for use in encrypting and decrypting digital communications converting an initial block to final block based on freely selectable control information and secret key information having double the length of prior art keys and maintaining compatibility with the prior art encryption system.

Abstract: The invention concerns an anti-pirate method for the distribution of digital content by pro-active diversified transmission, associated transmitter device and portable receiving object. The method, designed to make the same information (Kc) available to several receivers (1) belonging to a group (G) of receivers, each receiver storing information (SAi) specific to it, is characterized in that it includes the following steps: define a relation Kc=f(K, bi, SAi) where (f) is a given function, (K) is information common to all the receivers, and (bi) is information different for each receiver and for each value of the information (K); —enable each receiver to access information (bi) before making (Kc) available; and transmit the information (K) to all receivers, just before making (Kc) available; so that each receiver can calculate information (Kc) using said relation.

Abstract: A method of encrypting metadata that can be represented by a tree structure. The method involves generating an encryption key for a predetermined node of the metadata using a function that takes as input parameters an encryption key for an upper node of the predetermined node and information specifying the predetermined node, and encrypting data of the predetermined node using the generated encryption key.

Abstract: A method for protecting secret keys, such as HDCP device key sets, during the manufacturing process is disclosed. In particular, the present invention comprises a method for securely sending and receiving data, such as HDCP device key sets, for use in a cryptosystem. In operation, a first party, referred to as a sender (107) is to send original data (106) to a second party, referred to as a recipient (100). To facilitate the secure transmission, the recipient (100) randomly generates (101) a session key (102) and encrypts it with its private key-encryption key (103). The recipient then securely sends both the encrypted and unencrypted session keys to the sender. The sender (107) then encrypts the original data (106) using the unencrypted session key (102) and includes the encrypted data (108) along with the encrypted session key (104) to the recipient (100). The recipient (100) then decrypts the encrypted session key (104) using the private key-encryption key (103) and then decrypts the original data (106).

Abstract: A transmitting apparatus adapted to effectively use the band for transferring programs of television broadcasting. A program of a first channel transmitted from the transmitting side can be viewed in real time on the receiving side. A program of a second channel is transmitted to the receiving side in advance in a time zone of lower audience rate than other time zones and stored in a storage device of the receiving side. Each program to be stored is encrypted. When a provision time of a program comes, the data such as a key are transmitted from the transmitting side to the receiving side along with the program data of the first channel. The receiving side extracts the data such as a key and, by use of the extracted data, provides the program stored in the storage device to viewers.

Abstract: Systems and methods for automated exchange of encryption certificates for transmitting and receiving encrypted email messages are disclosed. In one embodiment, a method of communicating an encrypted email message includes providing a recipient identifier, creating an unencrypted email message, automatically querying a recipient email domain for a recipient encryption key corresponding to the recipient identifier, automatically receiving the recipient encryption key from the recipient email domain, automatically encrypting the unencrypted email message using the recipient encryption key, and transmitting the encrypted email message to the recipient identifier.

Abstract: A method in a communication system. The mobile station is provided with two or more separate subscriber modules having separate authentication identities. The modules are authenticated and a session key is established between these subscriber modules using the system as a trusted party. The invention improves the ability of the communication system to adjust to the varying operational conditions of the users, and user organizations.

Abstract: A method and system for encoding visual information are described. An image is divided in to n number of patterns. Each pattern is mapped on a matrix i.e positioned on X and Y-axis. The patterns are then arranged in a different and new shape for e.g. a rectangle, to that of the original shape of the image but having the same number of patterns or same area. The patterns of pixels are then relocated in the new shape and a matrix is again mapped for the new arrangement of patterns. A key is then generated comprising the information of the encrypted and earlier image. In order to decrypt the encrypted visual content or the encrypted image, the player reads the key or encrypted visual content and decrypts the encrypted visual content or image by means of the information provided by the key.

Abstract: In one embodiment, messages are encrypted with encrypted transformations that commute with one another. In another embodiment, a message is divided into message segments, and with each encrypted message segment one or more encrypted keys are sent. The encrypted keys may be used to decrypt a message segment that is sent at another time, such as the next message segment to be sent. In another embodiment, a sender encrypts a message with a first encryption, which may be unknown to the receiver. Then a receiver encrypts the message with a second encryption. Next the sender removes the first encryption, thereby allowing the receiver to reconstitute the original message by removing the second encryption.

Abstract: For the encryption of data to be stored in a memory external to a circuit, provision is made to store in the external memory encrypted data words in association with an initialization vector and a key identifier associated with a secret key that has served to encrypt same.

Abstract: When the set-top box (STB) has been switched on, registration and authentication with the provider (IDP) are carried out (1, 2, 3). Following successful authentication, a piece of authentication information is then sent (4) to the set-top box (STB), which the set-top box (STB) sends (5) to a service provider (SP1) for registration. The service provider (SP1) then sets up (6) a connection to the provider (IDP) of the registration and authentication function in order to verify the authentication information and to request guidelines for charging, and the provider (IDP) of the registration and authentication function sends (7) confirmation to the service provider.

Abstract: The invention is directed to a source device and a method for encrypting digital contents at the source device. According to an embodiment, the method includes performing an addition operation by using a first source internal key and an identifier (ID), the first source internal key being associated with the source device, the ID being associated with at least one of a target device and a storage medium of the target device, and the target device being connected to the source device; generating a source encryption key based on an output of the addition operation and a second source internal key by using a predetermined encryption algorithm, the second source internal key being associated with the source device; encrypting the digital content using the source encryption key; and transmitting the encrypted digital content without the source encryption key to the target device.

Abstract: The invention relates to an access control method controlling access to a broadcast digital dataflow previously scrambled. The method according to the invention includes the following steps: On transmission: generating an entitlement control message R-ECMc for recording the content of the flow as a function of a key KRc and at least one criterion CRR defining a right to the record, generating an entitlement control message P-ECMc controlling access to play back the content of the recorded flow as a function of a key KPc and at least one criterion CRP defining a right to play back, and on reception: analysing the messages P-ECMc and P-ECMc, authorizing the recording and playback if the criteria CRR and CRP are verified.

Abstract: A device and method for decrypting re-encrypted digital contents are discussed. According to an embodiment, the method includes receiving the re-encrypted digital content without a source encryption key from a source device connected to the target device, wherein the re-encrypted digital content is generated at the source device by: 1) decrypting an encrypted digital content which is previously encrypted in an external device, and 2) re-encrypting the decrypted digital content with the source encryption key; performing an addition operation by using a first target internal key and an identifier (ID); generating a target encryption key based on an output of the addition operation and a second target internal key by using a predetermined encryption algorithm, the second target internal key being associated with the target device; and decrypting the re-encrypted digital content using the target encryption key.

Abstract: Embodiments of the present invention allow encrypted data to restrict unlimited output of content data recorded in an area where reading can be performed by standard commands. According to one embodiment, a data storage area of a storage device is provided with an accessible area which can be accessed from the outside of an interface by specifying an address, and a hidden access area which can be accessed from the outside only in a specified case where an authentication condition is satisfied. In the hidden area, a table is recorded in which one entry includes an entry number and a field of a content identifier. An expansion area is provided in each sector of the accessible area, and data output control information and an entry number are recorded. The data output control information indicates information of one of (1) output is allowed only when there is information capable of decrypting the data, and (2) output is allowed without limitation.

Abstract: A process for creating and managing pairs of asymmetrical cryptographic keys and/or certificates associated with the pairs of keys, each pair of keys and associated certificates being intended for an object managed by a computer system. The process includes creating an individual request for creating and/or certifying at least one pair of keys for an object of the system that lacks a pair of keys or a certificate for its pair of keys.

Abstract: Provided is a data acquisition module. The data acquisition module includes a memory and a controller. The controller includes an encryption module configured to encrypt information written to the memory using a key included in the controller. The key is unique to the controller. Also provided is a method for processing identification information. The method includes encrypting information with a key included in a controller and storing the encrypted information. The key is unique to the controller.

Abstract: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers.

Abstract: A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device; performing an addition operation by using a first target internal key and an identifier (ID), the first target internal key being associated with the target device, and the ID being associated with at least one of the target device and a storage medium of the target device; generating a target encryption key based on an output of the addition operation and a second target internal key by using a predetermined encryption algorithm, the second target internal key being associated with the target device; and decrypting the encrypted digital content using the target encryption key.

Abstract: A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device, wherein the source device is configured to perform an authenticating operation with the target device by using an identifier (ID) associated with at least one of the target device and a storage medium of the target device; performing an addition operation by using a target internal key and the ID, the target internal key being associated with the target device; generating a target encryption key based on an output of the addition operation; and decrypting the encrypted digital content by using the target encryption key.

Abstract: A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device, wherein the source device is configured to perform an authenticating operation with the target device by using an identifier (ID) associated with at least one of the target device and a storage medium of the target device; performing a first addition operation by using a first target internal key and the ID; generating a target encryption key based on an output of the first addition operation and a second target internal key by using a predetermined encryption algorithm; and decrypting the encrypted digital content using the target encryption key.

Abstract: The invention is directed to a source device and a method for encrypting digital contents at the source device. According to an embodiment, the method includes receiving digital content from an external device, the digital content being encrypted using a first encryption algorithm in the external device; decrypting the received digital content; performing an addition operation by using a first source internal key and an identifier (ID), the ID being associated with at least one of a target device and a storage medium of the target device; generating a source encryption key based on an output of the addition operation and a second source internal key by using a second encryption algorithm; re-encrypting the decrypted digital content using the source encryption key; and transmitting the re-encrypted digital content without the source encryption key to the target device.

Abstract: The invention is directed to a source device and a method for encrypting digital content at the source device. According to an embodiment, the method includes authenticating a target device connected to the source device using an identifier (ID) associated with at least one of the target device and a storage medium of the target device; performing an addition operation by using a source internal key and the ID, the source internal key being associated with the source device; generating a source encryption key based on an output of the addition operation; encrypting the digital content using the source encryption key; and transmitting the encrypted digital content without the source encryption key to the target device.

Abstract: The invention is directed to a source device and a method for encrypting digital contents at the source device. According to an embodiment, the method includes performing a first addition operation by using a first source internal key and an identifier (ID), the first source internal key being associated with the source device, the ID being associated with at least one of a target device and a storage medium of the target device, and the target device being connected to the source device; generating a source encryption key based on an output of the first addition operation and a second source internal key by using a predetermined encryption algorithm, wherein the second source internal key is associated with the source device; encrypting the digital content using the source encryption key; and transmitting the encrypted digital content without the source encryption key to the target device.

Abstract: Techniques are described for performing decryption using a key-specific decryption engine. A message including an encrypted data portion is received. The encrypted data portion is formed by performing a symmetric encryption operation using a symmetric key. The encrypted data portion is decrypted using a key-specific decryption engine which does not use the symmetric key as an input. Also described are techniques for generating the key-specific decryption engine which may be implemented using boolean functions determined for the symmetric key.

Abstract: A method and system for secure communication and control in a fueling environment. In one aspect, the fueling environment with secure communication comprises a fuel dispenser and at least one node communicable coupled with the fuel dispenser. The fuel dispenser is operable to generate a first public key and a first private key associated with the fuel dispenser and publish the first public key within the fueling environment. The fuel dispenser is further operable to authenticate a particular one of the nodes using, at least in part, a second public key associated with the particular node and the first public and the first private keys. The fuel dispenser may then dynamically generate a run-time symmetric key using, at least in part, the first private key and the second public key and communicate data associated with the fueling environment to the authenticated node, with the data encrypted using the symmetric key.

Abstract: A secure messaging system and method includes receiving an encrypted message, the message having been encrypted using a token of a corresponding pervasive device; wirelessly verifying the presence of the pervasive device; and, if the presence can be verified, decrypting the message using the token. The verification step can include the steps of establishing a wireless link with the pervasive device; and, querying the pervasive device over the wireless link. The establishing step can include the step of establishing a Bluetooth link with the pervasive device. Furthermore, the querying step can include the step of requesting geographic coordinates which locate the pervasive device.

Abstract: Methods are provided for detecting the processing status of data blocks. A hash value is used at times in place of a block's data content, thereby reducing processing of the block. Superblocks and superblock hash values are used to manage collisions between hash values of individual blocks, in order to reduce or eliminate the risk that blocks having different content will be treated as though they have the same content merely because they have the same hash value. Systems and configured storage media are also provided.

Abstract: Systems and methodologies that facilitate delegation of keyset management to a platform presenting a centralized health-related data repository are provided. Effectively, a central keyset manager is provided that generates, manages and distributes key material to client applications and servers deploying the platform. Thus, communications with the platform storing sensitive health-related data can be secured without incurring the costs associated with implementing and enforcing policies associated with key generation and expiration among a plurality of servers and client applications. Additionally, the innovation can scale keyset management to meet short term demand needs.

Abstract: One embodiment of the present invention relates to a method for key management in a communications network. In this method, a public key authentication scheme is carried out between a security controller and a plurality of nodes to establish a plurality of node-to-security-controller (NSC) keys. The NSC keys are respectively associated with the plurality of nodes and are used for secure communication between the security controller and the respective nodes. Other methods and devices are also disclosed.

Abstract: An arrangement is provided for performing MD5 digesting. The arrangement includes apparatuses and methods that pipeline the MD5 digesting process to produce a 128 bit digest for an input message of any arbitrary length.

Abstract: In a wireless communication system, a method and system for hardware accelerator for implementing the f8 confidentiality algorithm in WCDMA compliant handsets are provided. Input variables may be initialized in a keystream generator and an intermediate value may be generated with a confidentiality key parameter and a key modifier. The number of processing blocks of output bits may be based on the length of the input bitstream. The processing blocks of output bits may be generated utilizing a KASUMI operation and may be based on an immediately previous processing block of output bits, the intermediate value, and an indication of the current processing block of output bits. The processing blocks of output bits may be generated after an indication that an immediately previous processing block of output bits is available. The keystream generator may indicate when a first and any additional processing blocks of output bits have been determined.

Abstract: Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.

Abstract: A method for preventing rendering of content at overlapping time periods on more rendering devices than permitted by a license associated with the content is disclosed.

Abstract: In a wireless communication system, a method and system for implementing the A5/3 encryption algorithm for GSM and EDGE compliant handsets are provided. Input variables may be initialized in a keystream generator and an intermediate value may be generated with a cipher key parameter and a key modifier. A number of processing blocks of output bits may be determined based on a number of bits in an output keystream. The processing blocks of output bits may be generated utilizing a KASUMI operation and may be based on an immediately previous processing block of output bits, the intermediate value, and an indication of the processing block of output bits being processed. The processing blocks of output bits may be generated after an indication that an immediately previous processing block of output bits is available and may be grouped into two final blocks of output bits in the output keystream.