Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: A recursive based approach to key generation produces keys for encrypted communication. Simple mathematical operations are utilized with the inherent uncertainty of an interactive process between two endpoints to establish a common secret key. The uncertainty-based key cipher starts with some public information and some private information. The public information includes a vocabulary (alphabet) and keypad, and the private information can include an authentication code. The keypad is an abstraction that represents, for example, a set of “buttons.” These buttons will be used to translate a working key into a text that could be used to evaluate coincidences in a generated working key. Each keypad button can have more than one possible value. The number of options inside the button is the so called “uncertainty level.

Abstract: A system and method for sending encrypted messages to a distribution list that facilitates the sending of such messages only to individuals or other entities associated with the distribution list that will be able to read the message.

Abstract: The use of suitable measures in a method for agreeing on a security key between at least one first and one second communication station to secure a communication link is improved so that the security level for the communication is increased and the improved method can be combined with already available methods. A first parameter is determined from an authentication and key derivation protocol. In addition, an additional parameter is sent securely from the second to the first communications station. A security key is then determined from the first parameter and the additional parameter.

Abstract: An electronic signature device includes a processor, a memory, a user input device including a first biometric input device, and a device interface, all communicatively connected by at least one bus. A method of personalizing the electronic signature device to a user includes receiving a digitized biometric signature of the user via the first biometric input device. A cryptographic key is generated. A biometric electronic template is generated based on the digitized biometric signature. The cryptographic key and the biometric electronic template are stored in the memory.

Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ, several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.

Abstract: Techniques for securing data access are presented. A sender encrypts data into a first integer value. A first knot is selected along with first and second keys. The first knot, first integer value, first key, and second key are used to produce a final knot. The final knot is transmitted as a graphical image to a receiver over a network. The receiver uses the first knot, final knot, first key, and second key to derive the first integer value. The first integer value is decrypted to produce the original data that the sender intended to send securely to the receiver.

Abstract: A method for generating a group key are provided in the field of network communications. The method includes the following steps: Group members select DH secret values and generate DH public values. An organizer generates an intermediate message and broadcasts a DH public value and the intermediate message. The group members generate a group key according to a DH secret value selected by the organizer and DH public values of the other group members except the organizer. A system for generating a group key and communication devices are also disclosed in the present invention.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: Secure presentation of media streams includes encoding the media streams into digital content, encrypting a portion of that digital content, the portion being required for presentation, in which the encrypted version is substantially unchanged in formatting parameters from the clear version of the digital content. Selecting those portions for encryption so there is no change in distribution of the media stream: packetization of the digital data, or synchronization of audio with video portions of the media stream. When encoding the media stream into MPEG-2, refraining from encrypting information by which the video block data is described, packet formatting information, and encrypting the video block data using a block-substitution cipher. A block-substitution cipher can be used to encrypt each sequence of 16 bytes of video data in each packet, possibly leaving as many as 15 bytes of video data in each packet in the clear.

Abstract: Systems for exchanging encrypted data communications between devices. A system can comprise a first device and a second device. The first device can comprise a first sensor adapted to create a first data profile based at least in part on a sensed condition, and a first transceiver integrated with the first sensor and adapted to generate a first cryptographic key from the first data profile. The second device can comprise a second sensor adapted to create a second data profile based at least in part on the sensed condition, the second data profile being substantially similar to the first data profile, and a second transceiver integrated with the second sensor and adapted to generate a second cryptographic key from the second data profile, the first and second cryptographic keys comprising a set of identical cryptographic keys.

Abstract: A wireless communication system includes first and second communication apparatuses transmitting/receiving encrypted communication data by radio. The first includes: a first encrypting/decrypting unit encrypting communication data and decrypting encrypted communication data; a first interface unit electrically connectable with a portable nonvolatile memory (NVRAM), to which the NVRAM can be physically removably inserted; and a first cryptography key processing unit generating a temporary cryptography key used for encrypting/decrypting the communication data and a master cryptography key for generating the temporary cryptography key.

Abstract: The present invention provides a secure buffer for use in data storage and encryption processing. Blocks or packets of data are passed to a secure buffer within a processor. The processor may be one of many coprocessors, and the secure buffer may be inaccessible to some or all of the coprocessors. Data may be partially or fully encrypted and stored within the secure buffer. Encryption may occur before or after storage in the buffer, or it may take place within the buffer itself. Optionally, the encrypted data may be sent to and retrieved from a shared memory that is accessible by other coprocessors.

Abstract: Methods and apparatuses for private electronic information exchange are described herein. In one embodiment, when electronic information is received to be delivered to a recipient, the electronic information is transmitted over an electronic network with a private routing address. The private routing address is routable within a private domain, which is a subset of the electronic network. Other methods and apparatuses are also described.

Abstract: An electronic circuit includes a more-secure processor having hardware based security for storing data. A less-secure processor eventually utilizes the data. By a data transfer request-response arrangement between the more-secure processor and the less-secure processor, the more-secure processor confers greater security of the data on the less-secure processor. A manufacturing process makes a handheld device having a storage space, a less-secure processor for executing modem software and a more-secure processor having a protected application and a secure storage. A manufacturing process involves generating a per-device private key and public key pair, storing the private key in a secure storage where it can be accessed by the protected application, combining the public key with the modem software to produce a combined software, signing the combined software; and storing the signed combined software into the storage space.

Abstract: A controlling device provides conditional access to secured content renderable by an appliance. The controlling device transmits a data frame to the appliance and encrypts at least a part of the data frame that includes data to be used by the appliance to provide access to the secured content. At the appliance a decryption key complimentary to the encryption key is used to decrypt the received the data frame. The appliance allows the secured content to be rendered only after the appliance determines that the data in the received, decrypted data frame includes the data the appliance requires to provide access to the secured content.

Abstract: A trusted network connect (TNC) method based on tri-element peer authentication is provided, which includes the following steps. Platform integrity information is prepared in advance. An integrity verification requirement is predefined. A network access requestor initiates an access request to a network access controller. The network access controller starts a mutual user authentication process, and performs a tri-element peer authentication protocol with a user authentication serving unit. After the mutual user authentication is successful, a TNC client, a TNC server, and a platform evaluation serving unit implement platform integrity evaluation by using a tri-element peer authentication method. The network access requestor and the network access controller control ports according to recommendations received respectively, so as to implement mutual access control between the access requestor and the access controller.

Abstract: When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria. During this process, read and write requests can be serviced.

Abstract: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

Abstract: Encrypted text data c1 generated by encrypting plaintext data using an encryption key, verification data having a size smaller than the encrypted text data c1, and encrypted text data c2 generated by encrypting the verification data using the encryption key are acquired (S601). It is checked if a decryption result of the encrypted text data c2 using a decryption key matches the verification data (S607). If it is determined that the two data match, the encrypted text data c1 is decrypted using the decryption key (S608).

Abstract: A method in a communication system. The mobile station is provided with two or more separate subscriber modules having separate authentication identities. The modules are authenticated and a session key is established between these subscriber modules using the system as a trusted party. The invention improves the ability of the communication system to adjust to the varying operational conditions of the users, and user organizations.

Abstract: A secure pre-recorded medium and a method for descrambling encrypted content thereon. When a player wants to access the content, a secure processor on the medium verifies that the player has not been revoked, preferably by comparing an identity of the player with identities in a revocation list, after which a mutual authentication is performed. The secure processor then verifies that the player has the rights to access the content and provides the player with the key necessary to descramble the content, whereafter the player descrambles the content.

Abstract: An information processing apparatus configured to transfer encrypted information from a sending source to a sending destination, includes: a decryptor, an encryptor, and a transmitter. The decryptor is configured to decrypt the encrypted content supplied from the sending source by use of a common key used in the sending source. The encryptor is configured to encrypt the information decrypted by the decryptor by use of a common key used in the sending destination and output the encrypted information as information to be transferred to the sending destination. The transmitter is configured to transmit the information decrypted by the decryptor to the encryptor through a route in the information processing apparatus.

Abstract: First and second nodes generate numeric string elements from time interval by their physical changes. The first node generates a basic numeric string from the numeric string elements and similar numeric strings, encrypts the generated basic numeric string and the similar numeric strings, and generates a cipher value list that stores the numeric strings with corresponding cipher values. The second node generates a basic numeric string based on the numeric string elements generated by the second node, encrypts the generated basic numeric string in accordance with the same encryption rule as that for the first node, and transmits the generated cipher value to the first node. The first node receives a cipher value from the second node, and compares the received cipher value with the cipher values in the cipher value list to find a match, and transmits a match signal if a match is found.

Abstract: Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.

Abstract: Various embodiments herein include one or more of systems, methods, and software to provide session secure web content delivery. Some embodiments include initiating a session on a web server in response to a resource request received from a requestor and generating a session key that is in scope with regard to and during the session. Such embodiments may also include retrieving the requested resource, identifying and encrypting Uniform Resource Identifiers (URI's) included therein, and sending the requested resource including encrypted URI's to the requestor. Some embodiments may include receiving, within the scope of a session, a resource request including a URI having a cipher text. Such embodiments may then decrypt the cipher text utilizing a key of the session as the decryption key to obtain clear text. The cipher text of the URI may then be replaced with the clear text and the resource retrieved and sent to the requestor.

Abstract: In a message authentication system in which a message is transmitted from a message transmission apparatus 100 to individual message reception apparatuses 120 through wireless communication connecting the message transmission apparatus 100 with the message reception apparatuses 120 via intermediary message reception apparatuses and the message is authenticated at each message reception apparatus, the message transmission apparatus first transmits an electronic signature to each message reception apparatus as a message transmission notification and then transmits the message and an authentication key to the message reception apparatus after allowing a predetermined time lag. Thus, the message reception apparatus does not need to hold the message before the authentication key is published (FIG. 7).

Abstract: A system and a method for providing a secure wireless ad-hoc network in a wireless communication system having at least two transceivers coupled by a wireless transmission link are disclosed. The method includes receiving a data transmission at a first transceiver from a second transceiver, wherein the data transmission identifies a source of a signal in the data transmission and the signal is identified by a signal envelope; detecting a deep fade in the data transmission, wherein the first and second transceivers are configured to sample the source of the signal in the data transmission; determining whether the received signal exceeds a predetermined threshold for deep fades, wherein the predetermined threshold is preset by the first and second transceivers; generating a bit-string corresponding to each of the transceivers based on channel fading information relating to the wireless transmission link; and, using the bit-string, generating a key.

Abstract: An anonymous secure messaging method, system and computer program product for implementation over a wireless connection. The invention allows the securely exchange of information between a security token enabled computer system and an intelligent remote device having an operatively coupled security token thereto over the wireless connection. The invention establishes an anonymous secure messaging channel between the security token and the security token enabled computer system, which allows the intelligent remote device to emulate a locally connected security token peripheral device without requiring a physical connection. A dedicated wireless communications channel is incorporated to prevent several concurrent wireless connections from being established with the security token and potentially compromising the security of the information being sent on concurrent wireless connections.

Abstract: In a method and arrangement for authenticated transmission of a personalized data set or program to a hardware security module in a device such as a franking machine, a system manufacturer buys security modules, from a security module manufacturer and incorporate the security modules at a production site in the device and loads a data set and/or an application program into the security module, making the device operable. Authentication occurs using a first security module-specific fixed code, a second security module-specific fixed code that is calculated from the first code according to a given algorithm, and a third security module-specific fixed code that is calculated from the second code and the data in the data set and/or in the program.

Abstract: A method of encrypting data is provided. The method includes dividing data in packet units into N data blocks; generating an initial counter value using a random number used for generating an encryption key for encrypting the data blocks; generating N counter values by increasing the initial value by a predetermined value N times and encrypting the N counter values using the encryption key; and performing an exclusive OR operation on the N encrypted counter values and the N data blocks.

Abstract: The throughput of an encryption/decryption operation is increased in a system having a pipelined execution unit. Different independent encryptions (decryptions) of different data blocks may be performed in parallel by dispatching an AES round instruction in every cycle.

Abstract: Techniques to load balance traffic in a communication network include a network switch or device having an interface to receive a data unit or packet. The network device includes a hash value generator configured to generate a symmetric key from an initial key that is based on the packet, and configured to generate a hash value based on the symmetric key and the packet. The hash value may be optionally modified to load balance egress traffic of the network device. The network device selects an egress link or port, such as by determining an index into an egress table based on the (modified) hash value. The techniques described herein allow packets or data units of a particular flow to travel in both directions along a same path through the communication network.

Abstract: Disclosed is a method of supporting security policies and security levels associated with processes and applications. A security level is associated with a process independent of a user executing the process. When secure data is to be accessed, the security level of the process is evaluated to determine whether data access is to be granted. Optionally, the security level of a user of the process is also evaluated prior to providing data access.

Abstract: Methods are provided for detecting the processing status of data blocks in systems having intermittent connections. A hash value is used at times in place of a block's data content, thereby reducing processing of the block. Hash values may be maintained locally. Blocks collected locally may be stored locally at least until a connection to a server becomes available again. Systems and configured storage media are also provided.

Abstract: Methods and apparatus for mixing encrypted data with unencrypted data are disclosed. A disclosed system receives data from a first media source, such as DVD-Audio content, and encrypts the data from the first media source using a key stream to form an encrypted data stream. The disclosed system may separate the encrypted data stream into a plurality of encrypted data streams and may combine the plurality of encrypted data streams with an unencrypted data stream associated with a second media source to form a mixed data stream. The mixed data stream is formed without decrypting the plurality of encrypted data streams and is transmitted to hardware or a hardware driver.

Abstract: Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.

Abstract: The control unit includes a CPU which generates an access signal for performing writing or reading on the external memory, encryption/decryption means which, when the access signal is used for writing, encrypts an address designated by the CPU to generate a write address and encrypts write data contained in the access signal to generate write encrypted data, and which, when the access signal is used for reading, encrypts an address designated by the CPU to generate a read address and decrypts the encrypted data read from the external memory to generate plaintext data, and external control means which writes the write encrypted data in a position designated by the write address generated by the encryption/decryption means and which reads the encrypted data from a position designated by the read address generated by the encryption/decryption means and supplies the same to the encryption/decryption means for its decryption.

Abstract: The invention provides for rekeying a large cluster of storage security appliances which allows more than two of the storage security appliances to proxy a single storage medium while encrypting the storage medium in a manner that is transparent to any attached server. The invention provides a method for synchronizing encryption of the disk among a large cluster of storage security appliances, while allowing all of the storage security appliances involved to access the storage device being rekeyed in a secure fashion.

Abstract: In a wireless communication system, a method and system for extending Advanced Encryption Standard (AES) operations for enhanced security are provided. In an AES encryption operation, an initial state may be modified by XORing with an initial modifier before a first processing round and a final state may be modified by XORing with a final modifier after a final processing round. The output of a MixColumns function performed during AES decryption operation rounds may be modified by XORing with a corresponding round modifier. In an AES decryption operation, an initial state may be modified by XORing with a decoded final modifier before a first processing round and a final state may be modified by XORing with a decoded initial modifier after a final processing round. The input of an InvMixColumns function performed during AES decryption operation rounds may be modified by XORing with a corresponding decoded round modifier.

Abstract: Embodiments of the invention provide for encryption and decryption of data in a TDMA network using TDMA time values. In some embodiments, TDMA time values can be transmitted to terminals from a network controller using a burst time plan. These TDMA time values along with other data and/or counters can be combined to create a one-time key, which can be used to both encrypt data and/or decrypt data. Embodiments of the invention can decrease communication overhead by using the TDMA time value for TDMA purposes as well as for encryption purposes.

Abstract: Encrypting data in a cascaded block cipher system may be accomplished by applying a first encryption algorithm using a secret shared between first and second parties as a key to generate a secret inner key; applying a second encryption algorithm for a predetermined number of rounds using the secret inner key to generate a plurality of blocks of ciphertext data from a plurality of blocks of plaintext data; and repeating the applying the first encryption algorithm and the applying the second encryption algorithm steps.

Abstract: A method of securely storing electronic information includes a step in which target electronically stored information is encrypted with a first encryption key and then partitioned into a first set of encrypted ESI partitions a subset of which is able to reconstruct the unpartitioned encrypted ESI. This first set of encrypted ESI partitions is then encrypted with a first set of user encryption keys to form a first set of user-associated encrypted ESI partitions that are made available to a first set of users. When access to the target electronically stored information is changed, the target electronically stored information is accessed and then re-encrypted with a second encryption key to form a second encrypted ESI. This second encrypted ESI is then partitioned and distributed to a second set of users.

Abstract: A garbled circuit is generated for a client in a leakage-resilient manner with a reduced memory requirement. The garbled circuit is used for secure function evaluation between the client and a server. The garbled circuit is generated with a reduced storage requirement by obtaining a token from the server; querying the token gate-by-gate, wherein for each gate of the garbled circuit, the token generates new wire garblings and stores them with the client using a Stream Cipher and interacts with the leakage-protected area to generate a garbled table for the gate; and receiving the garbled circuit from the token. The token comprises a leakage-protected area. The Stream Cipher is leakage-resilient and can be a symmetric-key cryptographic primitive that has a secret key as an input and generates an unbounded stream of pseudorandom bits as an output. The number of evaluations of the Stream Cipher is kept to a substantial minimum.

Abstract: Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed.

Abstract: The method for archiving a document includes a step of encryption of the document with a symmetric key, a step of transmission of said encrypted document to an archiving operator, and a step of transmission of the symmetric encryption key of said document to an escrow operator distinct from the archiving operator. The method may also include a step of encrypting of the symmetric key with a key consisting of a dual key comprising asymmetric keys. Depending on whether it is applied to personal archiving or to document transmission, during the step of encryption with the asymmetric key, the asymmetric key is that of the user having transmitted said document or that of the recipient of the document.

Abstract: A method of exchanging secret session keys in symmetric encryption communication includes storing random number tables in both the sending and receiving devices. The sending device then determines the secret session key utilizing the random number table, and transmits to the receiving device information for locating the secret session key within the random number table. Thus, the sending device shares the secret session key with the receiving device without actually transmitting the secret session key. The random number tables may be transmitted from one device to the other or be preinstalled in each device. Further, a common seed value may be used by each device to generate the random number table independently.

Abstract: According to an embodiment, the invention provides a method for decrypting content, the comprising: receiving the content without a source encryption key from a source device connected to the electric reproducing device, the content having been encrypted with the source encryption key in the source device; performing a first addition operation by using a first device internal key and an ID, the first device internal key being associated with the electric reproducing device; generating a device encryption key based on an output of the first addition operation and a second device internal key by using a predetermined encryption algorithm, wherein the second device internal key is associated with the electric reproducing device; decrypting the content using the device encryption key; decoding the decrypted content; and outputting the decoded content.

Abstract: Techniques are provided to obfuscate seed values to produce a decryption key for a simplified content protection scheme. A first repeatable sequence is performed that encrypts a value stored in a first memory location using a value stored in the second memory location to produce an encrypted value and the value stored in the first memory location is overwritten with the encrypted value and then applying a constraining function to the value stored in the second memory location to produce a result and the value stored in the second memory location is overwritten with the result, wherein the result contains a less entropy compared an entropy level of the value in the second memory location prior to applying the constraining function. This sequence is repeated, but the values used in the first and second memory locations are used in opposite fashion. Techniques are also provided to perform the reverse operation and de-obfuscate a decryption key.

Abstract: A system comprises a first operating environment and a second operating environment. The first and second operating environments exchange information in encrypted form using a shared encryption key (K3). The first and second operating environments cooperate to change the encryption key K3 using another shared encryption key (K4). The encryption key K4 is changed upon the encryption key K3 being changed.