Abstract: The present invention provides an apparatus and method for producing entangled photon pairs via four-wave mixing in optical fiber. The source of entangled photons is designed to be stable with no manual alignment. This is accomplished with proper system design using polarization maintaining fibers or polarization controllers with feedback control. The source may contain a method of switching the output from an unpolarized entangled state to a polarized state, where the polarized state can be used to more easily align subsequent photon measurement systems to the proper configuration for measuring the unpolarized entangled state. The invention further provides a means to engineer the apparatus, including the use of a periodic filter common to both entangled pairs, such that the wavelength spacing between the pairs can be optimized such that multiple pairs can be generated with reduced adverse influence from Raman scattering.

Abstract: In a secure communication system, a first communication device includes a first list of numbers and a first number selector for periodically selecting a different number in the first list. The first communication device further includes a first encryption key generator for generating a first encryption key based on the selected number for generating an encrypted message. A second communication device includes a receiver for receiving the encrypted message, a second list of numbers identical to the first list of numbers, and a second number selector synchronized with the first number selector so as to select the same number as the first number selector, and a second encryption key generator for generating a second encryption key identical to the first encryption key. The second communication device decrypts the encrypted message using the second encryption key. An associated method for providing secure communication of a message between parties is also provided.

Abstract: A controlling device provides conditional access to secured content renderable by an appliance. The controlling device transmits a data frame to the appliance and encrypts at least a part of the data frame that includes data to be used by the appliance to provide access to the secured content. At the appliance a decryption key complimentary to the encryption key is used to decrypt the received the data frame. The appliance allows the secured content to be rendered only after the appliance determines that the data in the received, decrypted data frame includes the data the appliance requires to provide access to the secured content.

Abstract: A source device is initially enabled to maintain data synchronization with a host server over a wireless communication network via a first wireless transceiver for user data of an application program associated with a user account. To enable a target device, the source device is operative to establish a programming session with the target device via a second wireless transceiver. During the programming session, the source device causes user account data (e.g. an encryption/decryption key for the data-synchronized communications) for the user account to be transmitted to the target device via the second wireless transceiver. The user data associated with the application program may be transferred from the source device to the target device via a removable memory card such as a secure digital (SD) card.

Abstract: An information processing apparatus configured to transfer encrypted information from a sending source to a sending destination, includes: a decryptor, an encryptor, and a transmitter. The decryptor is configured to decrypt the encrypted content supplied from the sending source by use of a common key used in the sending source. The encryptor is configured to encrypt the information decrypted by the decryptor by use of a common key used in the sending destination and output the encrypted information as information to be transferred to the sending destination. The transmitter is configured to transmit the information decrypted by the decryptor to the encryptor through a route in the information processing apparatus.

Abstract: A security system, method and device for use in a network for providing a real-time stream are provided. A server updates security association of a terminal device by periodically providing a key stream. When the key stream for changing the security association of the terminal device is received from the server, the terminal device updates stored key stream information after identifying at least one changed field in the key stream and performs a security policy with the server using the updated key stream information. When a security setting operation is performed through a stream notification periodically provided from the server, an unnecessary waste of system resources can be reduced by updating only a specific changed field through the stream notification and reducing the load of generating a security association table.

Abstract: An apparatus including a key mixing circuit, an input circuit, and a decapsulation circuit. The key mixing circuit generates a plurality of seeds, each based on a predetermined temporal key, a transmitter MAC address, and a predetermined start value for a Temporal Key Integrity Protocol (TKIP) Sequence Count (TSC). The input circuit receives a message including the transmitter MAC address and the predetermined start value. The key mixing circuit generates the plurality of seeds based on the message. The input circuit receives a plurality of encapsulated MAC Payload Data Units (MPDUs). The input circuit receives the message before receiving the plurality of encapsulated MPDUs. The decapsulation circuit decapsulates each of the plurality of encapsulated MPDUs using one of the plurality of seeds that was generated based on the value for the TSC in the respective one of the N encapsulated MPDUs.

Abstract: In a method and arrangement for authenticated transmission of a personalized data set or program to a hardware security module in a device such as a franking machine, a system manufacturer buys security modules, from a security module manufacturer and incorporate the security modules at a production site in the device and loads a data set and/or an application program into the security module, making the device operable. Authentication occurs using a first security module-specific fixed code, a second security module-specific fixed code that is calculated from the first code according to a given algorithm, and a third security module-specific fixed code that is calculated from the second code and the data in the data set and/or in the program.

Abstract: The present invention provides systems and methods for securing communications in a wireless network by utilizing the inherent randomness of propagation errors to enable legitimate users to dynamically create a shared symmetric secret key. In one embodiment, the invention provides a system with two computers each having a wireless network adapter. The sending node encodes the frames, transmits the frames, determines if the frames were correctly received, retransmits the frames if they were not correctly received, stores the frames that were not retransmitted, and uses the stored frames to generate a secret key. The receiving node receives the encoded frames, determines if the frames were retransmitted, stores at least one of the frames that was not retransmitted, and uses the stored frames to generate the same secret key as the receiving node.

Abstract: The present invention relates to a key update method based on the amount of communication in wireless sensor networks having a hierarchy structure.

Abstract: One embodiment involves encrypting an MPEG transport stream by seeding a random number generator with a seed derived from at least a portion of the MPEG transport stream to produce a random number output. At least one program key and at least one modification key are generated from the random number output. At least portions of the MPEG transport stream are encrypted with the program key. At least one stored key is modified according to the modification key to produce a message segment key. The program key and the modification key are encrypted with the message segment key. The encrypted MPEG transport stream, the encrypted program key, and the encrypted modification key are multiplexed to form a multiplexed output.

Abstract: Methods and systems are provided that authenticate an intended user of a mobile client in a roaming environment. One embodiment of the invention provides a mobile communication network architecture that includes a first base station (e.g., a first base station controller and/or a first transceiver station), a second base station (e.g., a second base station controller and/or a second transceiver station), a mobile client, and a server coupled to the mobile client via either the first base station controller or the second base station. The first base station is coupled to an authentication center that authenticates an intended user so that the user can communicate a message between the mobile client and the server via the first base station. A credential (or status) of the authentication made at the authentication center is then transmitted from the first base station to the second base station when the mobile client moves to utilize the second base station to communicate with the server.

Abstract: A secure computing device (14) includes a secure processing section (30) having a tamper detection circuit (58) and a monotonic counter (68). The tamper detection circuit (58) detects an event which suggests that the trust associated with the secure processing section (30) may have been compromised. When such an event is detected, a security breach is declared and trusted software (38) is disabled. After a security breach is declared, the monotonic counter (68) may be reclaimed. The monotonic counter (68) provides a monotonic count value (70) that includes an LSB portion (80) and an MSB portion (82). The LSB portion (80) is obtained from a binary counter (72). The MSB portion (82) is obtained from a register (84) of independent one-time-programmable bits. The monotonic counter (68) is reclaimed by programming one of the one-time programmable bits to guarantee that future counting of the monotonic counter will be monotonic relative to all past counting.

Abstract: Encrypting data in a cascaded block cipher system may be accomplished by applying a first encryption algorithm using a secret shared between first and second parties as a key to generate a secret inner key; applying a second encryption algorithm for a predetermined number of rounds using the secret inner key to generate a plurality of blocks of ciphertext data from a plurality of blocks of plaintext data; and repeating the applying the first encryption algorithm and the applying the second encryption algorithm steps.

Abstract: A public key cryptography (PKI or other similar system) is used to sent partial or multiple of encryption or decryption algorithm (cipher or decipher) to the data sender or receiver to encrypt or decrypt the data to be sent or received and destroy itself after each or multiple use. Since the encryption algorithm is protected, it can be devised very small in size in compare to the data to be sent and the user can afford to use large key size in it's transmission to increase protection without significant compact to the overall speed. Without knowing the encryption algorithm, which may also be changing from time to time, it will be impossible to use brut force to break the code provided that the algorithm scheme is designed properly. It is due to that there are unlimited numbers of new or old algorithms with countless variations and it takes years of supper fast computing time to break even few algorithms.

Abstract: A system comprises a first operating environment and a second operating environment. The first and second operating environments exchange information in encrypted form using a shared encryption key (K3). The first and second operating environments cooperate to change the encryption key K3 using another shared encryption key (K4). The encryption key K4 is changed upon the encryption key K3 being changed.

Abstract: Apparatus for use by a first party for key management for secure communication with a second party, said key management being to provide at each party, simultaneously remotely, identical keys for said secure communication without transferring said keys over any communication link, the apparatus comprising: a datastream extractor, for obtaining from data exchanged between said parties a bitstream, a random selector for selecting, from said bitstream, a series of bits in accordance with a randomization seeded by said data exchanged between said parties, a key generator for generating a key for encryption/decryption based on said series of bits, thereby to manage key generation in a manner repeatable at said parties.

Abstract: The use of keys to encrypt data in a transmitter and to decrypt encrypted data in a receiver are synchronized in accordance with a synchronization signal that opportunistically replaces a null packet in an MPEG transport stream. Additionally or alternatively, key related information is transmitted and/or received in place of a null packet in the MPEG transport stream and is used to encrypt and/or decrypt data transmitted and/or received in the MPEG transport stream.

Abstract: An encryption processor, for storing encrypted data in a memory chip of a memory card, includes a FIFO memory for sequentially outputting m-bit data in response to a first signal, and an encryption key generator for generating m-bit encrypted keys (m being a positive integer) in response to a second signal and for sequentially outputting the keys in response to a third signal. A logic operator performs a logic operation on the data from the FIFO memory with the keys from the encryption key generator during a data write operation to sequentially encrypt the data. The logic operator performs a logic operation on the encrypted data received from a memory interface with the keys output from the encryption key generator during a data read operation in order to sequentially decode the encrypted data. The second signal is simultaneously generated with one of the write command or the read command.

Abstract: Methods of securely communicating a message from a first terminal to a second terminal include generating a keypad including a random sequence of bits having a length L, encrypting the message at the first terminal using a bit string beginning at an offset O in the keypad, and transmitting the encrypted message and an indicator of the offset O to the second terminal. A communication terminal includes a controller, a communication module configured to establish a location-limited communication channel, and an encryption unit configured to store a keypad including a random sequence of bits having a length L, to encrypt an outgoing message using the keypad, and to decrypt an incoming message using the keypad.

Abstract: A method and apparatus is provided for consolidating cryptographic key updates, the consolidated update information enabling, for example, a returning member of a secure group who has been offline, to recover the current group key, at least in most cases. The unconsolidated key updates each comprise an encrypted key, corresponding to a node of a key hierarchy, that has been encrypted using a key which is a descendant of that node. The key updates are used to maintain a key tree with nodes in this tree corresponding to nodes in the key hierarchy. Each node of the key tree is used to store, for each encrypting key used in respect of the encrypted key associated with the node, the most up-to-date version of the encrypted key with any earlier versions being discarded. The key tree, or a subset of the tree, is then provided to group members.

Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table.

Abstract: In a cellular interception system, an information processing method for converting information of several cellular-network wireless messages from a first encrypted format under a session key, where each message is encrypted by a cellular ciphering algorithm chosen out of a collection of one or more cellular ciphering algorithms under the session key, to a second unencrypted format comprising: (A) divide the messages in the first format into two sets; the first set containing messages encrypted under the same encryption algorithm, and a second set containing the remaining messages. (B) subject the messages in the first set to a ciphertext-only cryptanalysis of a cellular encryption algorithm to recover the session key. (C) for each message in the second set, subject the message together with the recovered session key to the corresponding cellular ciphering algorithm to receive the message's information in the second format.

Abstract: A data decryption apparatus that decrypts encrypted data, includes a first data-receiving unit that receives a first data set, in which information on an encryption specification is embedded, through a first communication path; a time-information obtaining unit that obtains time information on a reception of the first data set by the first data receiving unit; a time-information storage unit that stores the time information with the information on the encryption specification associated therewith; a second data-receiving unit that receives a second data set through a second communication path, the second data set being encrypted based on the encryption-specification and appended by time information on performing data encryption; and an encryption-specification selecting unit that selects an encryption specification for use in decryption of the second data set based on the time information stored in the time-information storage unit and the time information appended to the second data set.

Abstract: Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive unclassified material by U.S. Government agencies and, as a consequence the de facto encryption standard for commercial applications worldwide. Performing concurrent error detection (CED) for protection of such a widely deployed algorithm is an issue of paramount importance. We present a low-cost CED method for AES. In this method, we make use of invariance properties of AES to detect errors. For the first time, the invariance properties of the AES, which are for the most part used to attack the algorithm, are being used to protect it from fault attacks. Our preliminary ASIC synthesis of this architecture resulted in an area overhead of 13.8% and a throughput degradation of 16.67%.

Abstract: A method of enciphering data which is applicable to cipher-transmission of digital information data, in which the HD-SDI signal DHS is subjected to enciphering process using common key data DEY which is common to encipherment and decipherment to produce enciphered HD-SDI signal DHSE, the common key data DEY are subjected to enciphering process using open key data DOY to produce enciphered common key data DXY, and the enciphered HD-SDI signal DHSE accompanied with the enciphered common key data DXY are send to be transmitted, so that such a fear that the common key data DEY are eavesdropped on the transmission thereof can be effectively reduced.

Abstract: Systems and techniques relating to cryptographic keys include, in one implementation, a technique involving: generating a symmetric encryption key; and generating from the symmetric encryption key a family of symmetric encryption keys having a relationship such that a descendent key of the family is derivable from each key that is an ancestor of the descendent key in the family. Generating the family of symmetric encryption keys can involve cryptographically hashing the original symmetric encryption key and resulting hashed encryption keys. The technique can further include rolling over a key used in securing information by providing a next symmetric encryption key of the family in an order opposite that of an order of key generation; and a client can cryptographically hash a first symmetric encryption key to produce a second symmetric encryption key of the family and decrypt information associated with an electronic document with the key thus produced.

Abstract: Secure authentication and messaging for mobile online transactions are performed by a secure messaging platform. The secure messaging platform may include a token coupled to a mobile device, or a mobile device alone. The token enables secure access, and client and server protocols enable secure transactions using text/SMS messaging.

Abstract: A method and system establishing cryptographic communications between a remote device and a medical device, with the medical device having less processing power than the remote device are disclosed. The method may comprise establishing unencrypted communication between the remote device and the medical device, generating an asymmetric key pair by the remote device comprising a public key and a private key, generating a key request message and sending of the key request message together with the public key to the medical device, generating a pre-master key and encryption of the pre-master key with the received public key by the medical device, generating a key response message and sending of the key response message together with the encrypted pre-master key from the medical device to the remote device, decrypting the encrypted pre-master key with the private key by the remote device, and deriving a master key as a symmetric key from the pre-master key.

Abstract: Techniques for secure generation of a seed for use in performing one or more cryptographic operations, utilizing a seed generation protocol carried out by a seed generation client (110c) and a seed generation server (110s). The seed generation server (110s) provides a first string to the seed generation client (110c). The seed generation client (110c) generates a second string, encrypts the second string utilizing a key (216), and sends the encrypted second string to the seed generation server (110s). The seed generation client (110c) generates the seed as a function of at least the first string and the second string. The seed generation server (110s) decrypts the encrypted second string (222) and independently generates the seed as a function of at least the first string and the second string.

Abstract: Detecting loss of stream cipher synchronization between a transmitter and a receiver in a video processing system may be achieved by receiving, by the receiver, an encrypted video frame from the transmitter, obtaining an encrypted value for a selected pixel in the encrypted video frame, decrypting the encrypted pixel value using a first portion of the receiver's current key stream, re-encrypting the pixel value using a second portion of the receiver's current key stream, sending the re-encrypted pixel value from the receiver to the transmitter, obtaining, by the transmitter, a plaintext value for the selected pixel from a corresponding original video frame and encrypting the plaintext pixel value using a second portion of the transmitter's current key stream, and comparing the re-encrypted pixel value received from the receiver with the encrypted pixel value generated by the transmitter and detecting a loss of cipher synchronization when the values do not match.

Abstract: A method in which a test function is called in a system's internal authentication IC multiple times with a known incorrect value such that, if the internal IC is invalid, an expected invalid response is not generated and, otherwise, the internal IC generates a secret random number and its signature and encrypts these using a first secret key, an external authentication IC connected to the system calls a read function which decrypts the encrypted random number and signature using the first key, calculates the decrypted random number's signature, compares the signatures and upon a match encrypts the decrypted random number and a message of the external IC using a second secret key, the internal IC calls the test function which encrypts the random number and message using the second key, compares the encrypted random numbers and messages, validates the external IC if they match and invalidates the external IC otherwise.

Abstract: Data is encrypted according to a plurality of data keys. During the encryption of the data, the data keys are rotated according to a data key rotation pattern, and the rotation of the data keys includes repetitive use of the data keys during the encryption of the data. The encrypted data is transmitted to a receiver. Additionally or alternatively, encrypted data is received from a transmitter. The encrypted data is decrypted according to a plurality of data keys. During the decryption of the encrypted data, the data keys are rotated according to a data key rotation pattern, and the rotating of the data keys includes repetitive use of the data keys during the decryption of the encrypted data.

Abstract: Key exchanges between peer-to-peer devices can be vulnerable to man in the middle attacks. Verification of the key exchanges can be made on a channel, network and/or device different from the channel, network and/or device used for the key exchange to determine whether the key exchange was secure. Verification of the key exchange can also be made through an established and trusted device and/or entity. If the key exchange was secure, the parties to a communication utilizing the key(s) exchanged can be notified, if desired. If the key exchange was not secure, the parties can be notified and the communication can be selectively disconnected.

Abstract: The method of secure communication between the endpoints is used for the secret communication between endpoints locating in different gatekeeper management area, and the method includes: in the process of the caller endpoint calling the callee endpoint, the home gatekeeper of the callee endpoint generates the share secret key between the caller endpoint and the callee endpoint; the secure communication process is performed between the caller endpoint and the callee endpoint according to the share secret key. According to the secure communication method between the endpoints, the invention makes that secret communication mechanism between the endpoints locating the different gatekeeper management area has better expansibility and higher efficiency.

Abstract: Display devices are connected with a content server mounted inside a vehicle by a wireless communication technology as stipulated in IEEE802.11b. The content server and display devices share common keys (encryption key and corresponding decryption key) acted on by key creation information consisting of information about the vehicle. The content server reads out stored contents according to requests from the display devices. The read contents are then encrypted using the encryption key shared with the display devices and sent to the display devices. The invention can be applied to a wireless communication system consisting of devices which communicate data by wireless communication technology within the vehicle.

Abstract: There is proposed a method for enabling a service made available by an electronic device (100), wherein a registration request (114) is generated (S3) by the device (100) and sent (S7) to the registration server (300). The registration server (300) thereupon generates (S8) a registration confirmation (305) and sends (S9) it to the device (100), where the service is finally enabled by receiving and saving (S10) of the registration confirmation (305) on the device (100). In this connection, a trustworthy authority (200) sets up (S6, S12) a timeframe on the registration server (300) such that the registration server (300) sends (S9) a registration confirmation (305) only for a registration request (114) received within the timeframe, and the device (100) sends (S7) the registration request (114) to the registration server (300) within the timeframe.

Abstract: Messages are encrypted/decrypted according to a modified triple wrap procedure in which the messages are encrypted/decrypted in three encryption/decryption operations and are processed in three additional operations using first, second, third, fourth, fifth, and sixth keys.

Abstract: An apparatus and method for implementing a secure quantum cryptography system using two non-orthogonal states. For each qubit, the to emitter station prepares a quantum system in one of two non-orthogonal quantum states in the time-basis to code bit values. Intra- and inter-qubit interference is then used to reveal eavesdropping attempts. Witness states are used to help reveal attacks performed across the quantum system separation.

Abstract: Random number generating, encrypting, and decrypting apparatus, method thereof, program thereof, and recording medium thereof are provided. Random numbers for cryptographic applications are generated by a CA core. The CA core is composed of one-dimensional, two-state, and three-neighbor cell automaton. A total of three inputs for the own cell and both neighbor cells are input to each cell. Each cell performs a logical operation and outputs the result of the logical operation. Each cell contains a register. Each register captures the result of the logical operation in synchronization with a clock and stores the result. An output of a cell is fed back to the cell to perform an arithmetic calculation at the next time step. In this case, a rotation shift operation of which outputs of cells are shifted to the left and fed back to the cells is performed. To output random numbers having many bits, 40 bits of outputs of cells are selected.

Abstract: A key management of cryptographic keys has a data package including one or more cryptographic keys that are transferred to a personal device 100 from a secure processing point 150 of a device assembly line in order to store device specific cryptographic keys in the personal device 100. In response to the transferred data package, a backup data package is received by the secure processing point 150 from the personal device 100, which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage 125 of a chip 110 included in the personal device 100. The secure processing point 150 is arranged to store the backup data package, together with an associated unique chip identifier read from the personal device 100, in a permanent, public database 170.

Abstract: The present invention allows the user (author or creator) of a document to specify that certain portions of a document be selected for encryption while other portions of the document remain displayed as created. In addition, each encrypted section could have multiple encryption keys such that some viewers can review certain parts of the document while other viewers will not have that same access. The user could employ a standard word processing editor technique to highlight (or swipe) portions of a document that the user desires to be encrypted. The highlighted portion would then be ‘tagged’ with a surrounding attribute indicating to the word processor that this highlighted portion of the document is to be encrypted. The highlighted sections would also have encryption keys associated with the highlighted and encrypted section. Any one of the encryption keys for that section would decrypt that section. With proper authorization, any encrypted portion of a document would be displayed as part of the document.

Abstract: Provided is a quantum cryptography communication apparatus capable of preventing a go photon pulse from being phase modulated and also capable of freely selecting any repetitive frequency of a light source.

Abstract: In a quantum key distributing method of the present invention, a communication apparatus on a reception side performs error correction using parity check matrixes for an LDPC code that have an extremely high error correction ability. In the quantum key distributing method of the present invention, a cyclic code syndrome generated by a communication apparatus on a transmission side and an estimated cyclic code syndrome generated based on an estimated word after error correction are compared to perform error detection for the estimated word.

Abstract: A node that couples to the Internet establishes a secure connection with another node that couples to the Internet. The secure connection to be established via an IPsec security association. The node registers with an authority that couples to the Internet and provides public key infrastructure (PKI) services. Registration is to include obtaining both a private and a public and key. The PKI services to include providing the private key to only the registered node and providing the public key to another registered node that requests PKI services from the authority. The node requests the PKI services from the authority based on a change in a point of attachment for the node to the Internet. The node then authenticates the other node via the PKI services and exchanges a secret key with the other node based on the authentication of the other node. The node is to implement an encryption scheme that uses the exchanged secret key for symmetric encryption of data exchanged between the node and the other node.

Abstract: In a communication system (100), a method and apparatus provides for message integrity regardless of the operating version of an authentication center (198) or an interface (197) between the authentication center (198) and a mobile switching center (199). The method and apparatus include generating a cellular message encryption algorithm (CMEA) key, and generating a CMEA-key-derived integrity key (CIK) based on the CMEA key for message integrity between a mobile station and a base station. The mobile station transmits a registration message to the base station, and determines an operating version of the authentication center (198) in communication with the base station based on whether the mobile station receives a registration accepted order or some elements of an authentication vector from the base station. The CIK is generated based on the CMEA key, if the mobile station receives a valid registration accepted order from the base station.

Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.

Abstract: The disclosed technology provides a system and method of securely communicating data. An encryptor located at a transmitter can provide encrypted data to the transmitter. The transmitter can maintain a packet number indicating a particular packet for carrying the encrypted data and a sub-packet number indicating a position within the packet where the encrypted data is to be stored. The encryptor can produce the encrypted data using an encryptor seed generated based on the packet number and sub-packet number. A receiver can maintain a receiver packet number indicating a number of previously received packets and can compute a receiver sub-packet number. The receiver can receive a packet containing encrypted data and can decrypt the encrypted data using a decryptor seed generated based on the receiver packet number and sub-packet number.

Abstract: Disclosed embodiments include a method for synchronizing a cryptosystem. In one embodiment, the method uses existing control data that is transmitted as part of a connection establishment process in a wireless communication system. In one embodiment, messages that are normally sent between a base station and a remote unit during the setup of both originating and terminating calls are parsed to detect a particular control message that indicates the start of telephony data transmission. Detection of this message indicates a point at which encryption/decryption can begin, and is used to synchronize the cryptosystem. Synchronizing a cryptosystem involves generating an RC4 state space in a keyed-autokey (“KEK”) encryption system. In one embodiment, Lower Medium Access Channel (“LMAC”) messages are used according to a wireless communication protocol. This is convenient because the LMAC messages are passed through the same Associated Control Channel (“ACC”) processing that encrypts and decrypts the telephony data.

Abstract: A system and method for exchanging a transformed message with enhanced privacy is presented. A set of input messages is defined. A set of output messages is defined. A message is selected from the input messages set. One or more words in the selected message are efficiently transformed directly into a transformed message different from the selected message, wherein the transformed message belongs to the set of output messages, at least one component of the selected message is recoverable from the transformed message, and the cost of determining whether the transformed message belongs to the input messages set or the output messages set exceeds a defined threshold.