Abstract: A network communication system has terminal devices belonging to a group, the terminal devices generating, if there is a leaving terminal device leaving from the group, an updated group encryption key corresponding to a new group encryption key, from a deletion key corresponding to the leaving terminal device and a group encryption key, and, after the leaving terminal device leaves the group, communicating by using the updated group encryption key; and a group management server generating the updated group encryption key corresponding to the new group encryption key from the deletion key corresponding to the leaving terminal device and the group encryption key, and, after the leaving terminal device leaves the group, communicating by using the updated group encryption key.

Abstract: A system for determining security associations using binary output sequences is described. In an example systematic embodiment, a first device is coupled over a network to a second device. Each device includes a processor and an indicator mechanism coupled to the processor. The indicator mechanism is configured to output a binary representation of a security state established between the devices to a user in perceivable proximity to at least one of the devices. A computer readable storage medium is coupled to the processor and includes executable instructions for the processor. The instructions when executed by the processor initiate a security transaction between the devices. The security transaction includes a protocol that uses one or more public keys to establish a security state between the devices. The indicator mechanism then outputs the binary representation to the user based on the established security state.

Abstract: The purpose of this invention is to propose a new encryption method which offers a high level of security combined with a high execution speed. This aim is achieved by a method to encrypt or decrypt blocks of data X to Y, based on a main key R, this method using several serially connected modules, each module using a sub-key RA derived from the main key R.

Abstract: An architecture is described to manufacture console-based gaming systems in a manner that allows them to be authenticated to a remote entity for online participation. The architecture involves placing pre-established secrets on the game console during console manufacturing that may be subsequently used to guarantee the authenticity of the game console during registration time.

Abstract: An architecture is described to manufacture console-based gaming systems in a manner that allows them to be authenticated to a remote entity for online participation. The architecture involves placing pre-established secrets on the game console during console manufacturing that may be subsequently used to guarantee the authenticity of the game console during registration time.

Abstract: Systems and methods of storage device data encryption and data access via a hardware key are described here. One embodiment includes a hardware key to intercept a request sent from a host to a storage device to access data stored on one of a set of storage devices, wherein the data stored on the storage device has been encrypted. The hardware key is configured to be plugged into a port of the host and comprising a unit to control data access to the set of storage devices. The hardware key is to interpret the request and issue a command to the one of the set of storage devices, to access the encrypted data. The hardware key is to provide an encryption key to decipher the encrypted data from the one of the set of storage devices.

Abstract: Methods and algorithms for generating identical symmetrical cryptographic keys. In a method for generating a symmetrical cryptographic key, a first profile is generated, the first profile comprising a series of data points collected over a first period of time. A start time of the first profile is identified and the first profile divided into a sequence of time-based segments, each time-based segment comprising at least one data point. A first symmetrical cryptographic key is calculated from the sequence of time-based segments, and the first symmetrical cryptographic key is stored for at least one of encrypting and decrypting data in cooperation with a second symmetrical cryptographic key substantially identical to the first symmetrical cryptographic key.

Abstract: A method and apparatus for transferring a message securely from a sender to a recipient over a network and includes at each transfer: creating a message; retrieving the public key of the recipient from an external key server just prior to sending the message; signing the message using the private key of the sender; encrypting the signed message using a public key encryption algorithm and the public key of the recipient producing an encrypted signed message; generating an E-mail message addressed to the recipient; attaching the encrypted signed message as an attachment to the E-mail message; and, transmitting the E-mail message to the recipient.

Abstract: In one embodiment, a storage device is provided that includes: a storage medium; and a storage engine, the storage engine being configured to generate a secure session key and to receive encrypted content and a corresponding encrypted content key from a host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium.

Abstract: A confidential information processing device performs a cryptographic operation on first input data and second input data. A first cryptographic operation circuit includes: a first register for holding first information; and a first cryptographic operation unit. A first pseudo-cryptographic operation circuit includes a second register for holding second information. A first arbitration circuit causes the first cryptographic operation unit to perform the cryptographic operation on the first input data using the first information held in the first register, when a cryptographic operation request for the first input data is made to the first cryptographic operation circuit, and causes the first cryptographic operation unit to perform the cryptographic operation on the second input data using the second information held in the second register, when a cryptographic operation request for the second input data is made to the first pseudo-cryptographic operation circuit.

Abstract: A method of electronically signing a document includes initializing a user, including generating an asymmetric key pair including a private signing key and a public signing key, and storing the private signing key and the public signing key; and providing an electronic signature, including receiving document data corresponding to at least one selected portion of the document, binding the stored private signing key and the document data to create an electronic signature, and providing the electronic signature for a recipient.

Abstract: An architecture is described to manufacture console-based gaming systems in a manner that allows them to be authenticated to a remote entity for online participation. The architecture involves placing pre-established secrets on the game console during console manufacturing that may be subsequently used to guarantee the authenticity of the game console during registration time.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

Abstract: The apparatus and method for scrambling high-rate data is disclosed. The apparatus includes a first storing unit for storing a transport stream (TS) inputted from an external device; a common key (CK) generating unit for generating a CK by receiving a control word (CW) from an external conditional access system (CAS); a key scheduling unit for generating predetermined number of keys (KK)s by receiving the CK from the CK generating unit; a plurality of enciphering units for enciphering the TS transmitted from the first storing unit based on the predetermined number of KKs and the CK; a second storing unit for storing the TS enciphered by the enciphering units and outputting the enciphered TS; and a controlling unit for controlling the multiple enciphering units.

Abstract: A method of establishing a session key Ks for a session between a unit for descrambling scrambled multimedia signals and a removable cryptographic unit, wherein: —one of the units sends (steps 166, 184) the other unit a message containing a received random number, a term ? and a signature of the random number and/or the term a produced using a private key K3pr, then—the other unit verifies (steps 168, 192) the signature using a public key K3pu corresponding to the private key (K3pr) and compares (steps 174, 198) the random number received to that sent, and—if the signature is incorrect or if the random number received does not match that sent, then the subsequent steps for establishing the session key are not carried out.

Abstract: A method for encrypting/decrypting a message includes the initial step of generating keys by the sub-steps of generating a public key; generating a decryption key; and generating a derivation key. For a first entity, the message is encrypted using the public key and a cipher. For a second entity, the cipher is decrypted to find the message. A trapdoor associated with said message is generated. The trapdoor corresponds to a derivative of the derivation key specific to the message. A test cipher is tested, using the trapdoor associated with the message, to determine if the test cipher is an encryption of the message using the public key.

Abstract: A system is provided for cycling encryption keys to prevent the guessing of encrypted presence information in a shared information space. The system of the invention prevents malicious publication of presence information and ensures that only valid presence information is published to the shared information space. A malicious subscriber is prevented from knowing that he/she has been detected while a search is underway to determine his/her identity. During such a search, authorized subscribers are shifted to a new source of presence information while the malicious subscriber remains at the previous source.

Abstract: A countermeasure method in an electronic component using a secret key algorithm K on an input message M executes an operation OPN(D) on input data D. A random value, of one first random information U, is generated that is of identical size as the input information D. A second random information V, is calculated by performing an exclusive OR operation between the input information and the first random information U. The operation OPN or the sequence of operations are successively executed on the first input information U and to the second random information V, supplying respectively a first random result OPN(U) and a second random result OPN(V).

Abstract: In a random number sequence sharing apparatus, a reception unit receives a radio signal including a radio wave from a pre-designated radio star at a pre-designated observation time, a sending unit sends the received radio signal to another random number sequence sharing apparatus, an acceptance unit accepts a radio signal sent from the another sharing apparatus, an analysis unit separates the two radio signals into a plurality of independent components by independent component analysis, a selection unit selects two independent components temporally different by difference in time required for the radio wave to arrive at both sharing apparatuses from the radio star, a sampling unit averages the two selected independent components after adjusting the temporal difference and bit-samples the average, and an output unit outputs a sequence of the bit samples as a random number sequence to be shared.

Abstract: A method and devices for providing secure data backup from a mobile communication device to an external computing device is described. In accordance with one example embodiment, there is provided a method of backing up data from a mobile communication device to an external computing device, the mobile communication device being connected to the external computing device for exchanging data with each other, the method comprising: receiving a request to backup one or more data items in a plurality of data items stored on the mobile communication device; encrypting a data item using an encryption key stored in memory of the mobile communication device; transferring the encrypted data item to the external computing device; and storing a backup file comprising the encrypted data item in the memory of the external computing device.

Abstract: Methods and apparatuses for private electronic information exchange are described herein. In one embodiment, when electronic information is received to be delivered to a recipient, the electronic information is transmitted over an electronic network with a private routing address. The private routing address is routable within a private domain, which is a subset of the electronic network. Other methods and apparatuses are also described.

Abstract: In the method for data archiving with automatic en- and decryption data (9, 10) are exchanged between a client station (1) and an archive station (4). A securing means (2) connected between the stations (1, 4) encrypts the plain data (9) which are transmitted towards the archive station (4) and decrypts the encrypted data (10) which are transmitted towards the client station (1). The encryption is carried out with at least two keys (6, 7). One of the two keys (6, 7) is swapped out by transmitting it to the archive station (4) and deleting it locally, i.e. in the securing means (2), after the encryption. If the securing station (2) is stolen, the encrypted data (10) on the archive station (4) can be accessed, however their decryption can be prevented in a simple, reliably and comprehensible manner by deleting the swapped out key (7) in the archive station (4).

Abstract: An encryption scheme that uses steganography includes an encryption algorithm that encrypts messages by embedding them in a data stream in such a way that an adversary cannot get information about the messages. Since the embedding is the only computation required, this scheme is optimal in computational efficiency. However, since the size of the data stream is large, this scheme is most beneficial when the cost of bandwidth is less expensive than the cost of computation. The scheme embeds the message as specified by a pseudo random generator.

Abstract: A Gigabit Ethernet-based passive optical network that can reliably transmit data is disclosed. The network includes an OLT for receiving a public key through a transmission medium, encrypting a secret key by means of the received public key, transmitting the encrypted secret key, encrypting data by means of the secret key, and transmitting the encrypted data, the OLT being located in a service provider-side. The network also includes an ONT for transmitting the public key to the OLT, receiving the secret key transmitted from the OLT, decrypting the secret key by means of a private key, receiving the data, and decrypting the received data by means of the decrypted the secret key. The public key is used for encrypting the secret key. The secret key is encrypted by means of the public key. The data is encrypted by the OLT by means of the secret key.

Abstract: In a printer driver that transmits a print data to a printer connected via a network to make a print request, a document password processing unit prompts a user to input a document password for decrypting a PDF document data encrypted by a predetermined application. A print data creating unit creates a print data including the PDF document data encrypted and the document password. The created print data is transmitted to the printer via the network by a host I/F controller and a host I/F.

Abstract: A method of generating a linear transformation matrix A for use in a symmetric-key cipher includes generating a binary [n,k,d] error-correcting code, where k<n<2k, and d is the minimum distance of the binary error-correcting code. The code is represented by a generator matrix G?Z2k×n in a standard form G=(Ik?B), with B?Z2k×(n?k). The matrix B is extended with 2k?n columns such that a resulting matrix C is non-singular. The linear transformation matrix A is derived from matrix C. Preferably, the error correcting code is based on an XBCH code.

Abstract: A system and method for securing software applications installed on a computer network is disclosed. An authorized user is provided a digital credential and loads a secure access client onto a computerized device that can be connected to the network. The secure access client communicates with a secure access server within the network to authenticate the user and determine which applications the user is allowed to access. When the user sends a communication intended for a secured application, the secure access client intercepts the communication and uses cryptographic keys from the digital credential to encrypt and digitally sign the communication. The secure access server has access to cryptographic keys corresponding to those on the digital credential and is able to decrypt the communication and verify the digital credential. The decrypted message is then sent to an application server hosting the secured application.

Abstract: A method and an apparatus for enciphering and deciphering content with symmetric and asymmetric cryptography with the use of the shadow numbering system where two or more shadow values are used with two or more base values with a two side equation, on one side the value to encipher is multiplied with one of the shadow value then the modulus taken with the base value, to decipher the enciphered value is multiplied with the shadow value that didn't take part of the first equation then the modulus is taken with the base value, thus, deciphering the enciphered value.

Abstract: A secure pointer. The secure pointer can include an encrypted pointer to a resource disposed in a communicatively coupled computing device. The secure pointer also can include a network address of a server computing device able to locate the resource based upon a decrypted form of the encrypted pointer. Finally, the secure pointer can include an encrypted wrapper about the encrypted pointer and the network address. Notably, the encrypted pointer can be encrypted and decrypted according to a local encryption/decryption key known to the server computing device. Yet, the encrypted wrapper can be encrypted according to a public encryption key while the encrypted wrapper can be decrypted according to a private encryption key corresponding to the public encryption key.

Abstract: A method and apparatus that uses tha dynamics of chaotic system for the remote generation of a digital key, for use in any encryption algorithm. After initialization, the dynamics of a chaotic system are allowed to generate the 0 and 1 bits of a key bistream. An initialization bistream is transmitted, using conventional transmission technologies, to an identical chaotic system. This chaotic system is driven into synchrony and allow to generate a key bitsream, which is identical to the other bitstream because the chaotic systems have been sychronized.

Abstract: A method and apparatus for hiding information in a communication protocol signal are disclosed. The apparatus comprises a bit selection unit, an information encoding unit and an information decoding unit, wherein the bit selection unit selects suitable bits in the signal for hiding information, the information encoding unit encodes the information into the suitable bits selected by the bit selection unit, and the information decoding unit decodes the information encoded in the suitable bits.

Abstract: The aim of this invention is to propose a flexible solution to the risk represented by the interception of data by an unauthorized party during the transmission of said data between a broadcast center and a specialized decryption/decompression circuit such as is used in a Pay-TV decoder. This aim is achieved by a data transmission method involving a broadcast center or diffusion center, a management center and a multimedia unit, the latter comprising at least one unique key and a security module having a transport key.

Abstract: An architecture is described to manufacture console-based gaming systems in a manner that allows them to be authenticated to a remote entity. The architecture involves creating a console public key and a console private key for each console-based gaming system. A digital certificate is created that contains the console public key and additional information about the console-based gaming system. The digital certificate is signed with a factory private key associated with the factory that manufactured the console-based gaming system.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: A system and method of encrypting digital content in a digital container and securely locking the encrypted content to a particular user and/or computer or other computing device is provided. The system uses a token-based authentication and authorization procedure and involves the use of an authentication/authorization server. This system provides a high level of encryption security equivalent to that provided by public key/asymmetric cryptography without the complexity and expense of the associated PKI infrastructure. The system enjoys the simplicity and ease of use of single key/symmetric cryptography without the risk inherent in passing unsecured hidden keys. The secured digital container when locked to a user or user's device may not open or permit access to the contents if the digital container is transferred to another user's device. The digital container provides a secure technique of distributing electronic content such as videos, text, data, photos, financial data, sales solicitations, or the like.

Abstract: Method for securing a session over a radio or infrared wireless link (101) between a terminal (11) and a mobile equipment (10), said session being secured with a SIM card (100) in said mobile equipment (10). The terminal (11) and the mobile equipment (10) both comprise a display and a keyboard or keypad and can be mutually connected through said short distance wireless link (101). The method comprises the following steps: generating a secret in one of said terminals or said smart cards, displaying this secret on the display of said terminal (11) or said user equipment (10), entering said secret or the hash value of said secret on the input means of the other one of said terminals (11) or user equipments (10), using said shared secret for securing at least a part of said session over said short distance wireless link (101).

Abstract: The communications between terminals are encrypted, and even a gateway device is permitted to analyze the encrypted communications, thereby to incarnate censorship for the prevention of information leakage. A gateway device 3 prepares a public key and a secret key in a pair on the basis of a public key encryption system, and distributes the public key to terminals 2a-2c which are managed by the gateway device 3. The terminals 2a-2c subject a communication packet to a prior-art common key encryption, and they thereafter encrypt a common key with the public key and bestow the encrypted common key on the packet. The gateway device 3 decrypts the common key by using the secret key, censors the packet and returns the packet into a prior-art encrypted packet format, and it thereafter transfers the packet to a network 1c where opposite terminals 2d-2f exist.

Abstract: A method of cyphering and/or decyphering, by an integrated circuit, of a digital input code by means of several keys, comprising: dividing the code into several data blocks of same dimensions; and applying to said blocks several turns of a cyphering or decyphering comprising submitting each block to at least one same non-linear transformation and of subsequently combining each block with a different key at each turn, the operands being masked, upon execution of the method, by at least one first random number having the size of the code and all the blocks of which have the same value by combining, by an XOR-type function, the input and output blocks of the non-linear transformation with said random number.

Abstract: A symmetric key management process in a communication network comprising a source device furnished with a source of data to be broadcast over the network and at least one receiver device intended to receive the broadcast data. The process comprises: determining and securely transmitting a first symmetric key to a receiver device; the receiver device encrypting the first symmetric key using a second symmetric key and transmitting it to the source device; and the source device recovering and storing it. Before transmitting the data to at least one reception device, the source device encrypts these data with the aid of the first symmetric key, then it transmits these encrypted data, accompanied by the first encrypted symmetric key, to at least one receiver device. The receiver device decrypts the first symmetric key with the aid of the second key which it possesses, then it decrypts the encrypted data with the aid of the first symmetric key thus recovered.

Abstract: An e-mail firewall applies policies to e-mail messages transmitted between a first site and a plurality of second sites. The e-mail firewall includes a plurality of mail transfer relay modules for transferring e-mail messages between the first site and one of the second sites. Policy managers are used to enforce and administer selectable policies. The policies are used to determine security procedures for the transmission and reception of e-mail messages. The e-mail firewall employs signature verification processes to verify signatures in received encrypted e-mail messages. The e-mail firewall is further adapted to employ external servers for verifying signatures. External servers are also used to retrieve data that is employed to encrypt and decrypt e-mail messages received and transmitted by the e-mail firewall, respectively.

Abstract: A trusted authentication chip for use in authenticating an untrusted authentication chip; the trusted authentication chip including a random number generator, a symmetric encryption function and two secret keys for the function, a signature function and a test function; wherein the trusted authentication chip generates test data including a random number and its signature, encrypted using a first of said secret keys and transmits the test data to the untrusted authentication chip, wherein the trusted authentication chip receives a data message and an encrypted version of the data message in combination with the random number from the untrusted authentication chip, the data message being encrypted using a second of said secret keys, wherein the test function operates to encrypt the random number together with the data message by the symmetric encryption function using the second secret key, compare the two versions of the random number encrypted together with the data message using the second key, and in the e

Abstract: An RNC server issues an encryption start instruction to a media gateway (MG) and a terminal. The MG and terminal, which have received the encryption start instruction, encrypt U-Plane information using a predetermined secret key, and adds a predetermined encryption start bit to the encrypted U-Plane information for transmission to a communication partner. The communication partner, upon detection of the encryption start information, decrypts the received U-Plane information using the predetermined secret key.

Abstract: The present invention relates to a method and apparatus for preventing the use of data transmitted by a computer to a web site by a program operating on the computer. Initially, a first association between a set of labels and a first set of codes is created. The set of labels contains information to be displayed on the computer, while each code in the first set of codes is associated with a particular label. An encryption key is then linked with the first association. The set of labels, the first set of codes, and the first encryption key is then sent to the computer. Some time later, codes from the first set of codes and the first encryption key are received back from the computer. The codes returned from the computer are then matched to labels from the set of labels using the first encryption key. Afterwards, subsequent associations between the set of labels and other sets of codes are created. These associations are different than the association between the set of labels and the first set of codes.

Abstract: The present invention relates to a method for protecting user data from unauthorized access, the method comprising the steps of, on a data processing system: maintaining said user data in encrypted form stored on a second storage, when loading an operating system using an operating system loader: receiving in a first disk key transmission step from a first user system a symmetric user key that is only accessible by the data processing system if the operating system loader has been started on behalf of said first user system, wherein the symmetric user key is received sealed to a combination of the operating system loader and a user identifier corresponding to said first user system in said first disk key transmission step; accessing the symmetric user key, if the operating system loader has been started on behalf of said first user system; decrypting in a user data decryption step said user data using the symmetric user key, maintaining said symmetric user key in a volatile memory.

Abstract: A e-mail relay provides message filtering services to an e-mail network. The e-mail relay monitors incoming communication and intercepts e-mail messages. The e-mail relay compares attributes of the messages to data derived from SPAM messages, which is stored in a SPAM database. The e-mail relay restricts the delivery of message based on the comparison such as by restricting the delivery of messages having attributes close to those of SPAM messages from the SPAM database. The SPAM database is constructed by responding to user or administrator indications as to whether received messages are SPAM messages.

Abstract: A computerized method, program product, and a service to protect critical data by first splitting the data into N streams. A partitioning algorithm is applied to each stream to remove a portion of the data, the portion removed from one stream being included in another stream. Each stream is then encrypted with its own encryption key. Each encrypted stream plus at least two encryption keys not used to encrypt a particular encrypted stream are stored in a separate and unique memory location, such as a different server having its own security access procedures that are different from other servers and which may be located in different cities or countries. Retrieval of the data requires a program to know the memory locations of the data streams, and the inverse of the partitioning algorithm. Accessing one memory location may yield an encrypted stream and at least one encryption key for a different stream at a different memory location.

Abstract: A method and apparatus for initializing multiple security modules are provided. The method may comprise the acts of determining if the security module is a controlling security module or a subordinate security module, generating at least one key if the security module is the controlling security module, and receiving at least one key from another security module if the security module is the subordinate security module. The apparatus may comprise a detector that is adapted to determine if the security module is a controlling security module or a subordinate security module, a key generator that generates a key for the security module if the security module is the controlling security module, and a key receiver that receives a key from another security module if the security module is the subordinate security module.

Abstract: Methods, systems, and computer readable media for secure messaging. One method includes generating a first key associated with the sender. The method further includes encrypting a message from the sender to the recipient using the first key. The method also includes encrypting the first key with a second key. The method includes storing the encrypted message and the encrypted first key at a message server accessible to individuals including the sender and the recipient. The method includes associating the encrypted message with a sender and a recipient. The method also includes decrypting the encrypted first key using a key related to the second key, and decrypting the encrypted message using the first key.

Abstract: Given a set of elliptic curve points defined over a field F(p) and represented in projective coordinate, a method is presented which allows the embedding of data bits in both the X-coordinate and the Z-coordinate of the elliptic curve point when represented in projective coordinate. This makes the number of points that satisfy an elliptic curve equation and which can be used in the corresponding cryptosystem proportional to p2 rather than p. This can be used to either increase security by making the bit positions where data bits are embedded known only to the sender and receiver. Alternatively, it can be used to increase the number of data bits that can be encrypted per single elliptic curve point encryption. In another alternative, it can also be used to reduce p. Also, it can be used as a countermeasure by randomizing the bit positions where data bits are embedded. A similar formulation can be developed for elliptic curves over fields F(2m), as well as special elliptic curves such as Montgomery curves.

Abstract: First data to be sent by a first party to a second party is encrypted using an encryption key that is formed using at least a hash value generated by a keyed hash of at least one condition that typically serves as an identifier of an intended recipient of the first data. The encrypted first data is provided to a data recipient who requests a decryption key from the trusted party. The trusted party is responsible for verifying that the recipient meets the specified conditions before providing the decryption key. A valid decryption key is only provided if the correct conditions have been supplied to the trusted party.