Abstract: A portable electronic key device starts up only when movement of the portable electronic key device is present on the basis of detection signal Sac of a motion detector. A communication monitoring unit monitors whether or not radio waves Swk periodically transmitted from a vehicle are received. When there is no movement of the portable electronic key device but the portable electronic key device has received or is receiving radio waves from the vehicle, an operation controller maintains the start-up state of the portable electronic key device.

Abstract: Authentication systems and methods for a population of devices each associated with an RFID tag are described. For each device, a secret key is combined cryptographically with a publicly-readable unique identifier (UID) of an RFID tag to obtain a unique authorization signature. The RFID tag is prepared utilizing the unique authorization signature as memory-access and/or tag-operation password(s). The systems and methods may safeguard against attacks whereby compromise of a single tag will not compromise the entire population of devices and may reduce or eliminate the use of inappropriate surgical devices during a surgical procedure.

Abstract: A method begins with a dispersed storage network (DSN) processing module receiving content retrieval message from one or more requesters. The method continues by determining DRM policies and read operational parameters. The method continues by retrieving a set of encoded data slices from DSN memory, the set of encoded data slices including unique subsets of the set of encoded data slices with each of the unique subsets assigned to one or more of the requesters based at least in part on the determined read operational parameters. The method continues by sending the set of encoded data slices to the requesters. The requestors select their assigned subset of the received set of encoded data slices and decode to produce the content.

Abstract: According to an embodiment, a communication system includes a plurality of communication apparatuses. Each of the communication apparatuses includes a key generator and a synchronization processor. The key generator generates shared keys shared with another communication apparatus. The synchronization processor synchronizes at least one of order of using the generated shared keys and roles played when the generated shared keys are used, with another communication apparatus based on a rule determined in advance.

Abstract: Communication devices and a method of providing secure electronic content are general described. Content is encrypted using a time-invariant encryption algorithm on the binary bits and a time-varying baseband key encryption waveform with a time-varying phase or amplitude. The content is recovered using a waveform with a reference phase mixed with a reference LO signal or combining the waveform and content using an XOR to measure a change of the phase/amplitude of the received signal relative to the LO signal. The key for the time-invariant binary bit level encryption may be communicated on a different channel than the content prior to communication of the content or concurrently with the content. The phase/amplitude of the baseband key may vary after baseband waveform encryption of a predetermined number of symbols, independent of the time, or after a predetermined time independent of an amount of baseband signal encrypted.

Abstract: Techniques are disclosed relating to tokenized account information with integrated authentication. In some embodiments, a shared secret key is used for tokenization and authentication. In some embodiments, a payment device stores an encrypted version of the secret key and decrypts the secret key based on a user-provided password. In some embodiments, the payment device uses the secret key and a moving factor to generate a limited-use password. In some embodiments, the payment device uses the limited-use password to modify a first identifier of an account of the user. In some embodiments, the authentication system retrieves a stored version of the secret key and a copy of the account number using a second identifier. In some embodiments, the authentication system generates the limited-use password based on the stored secret key and a moving factor, de-tokenizes the modified first identifier, and compares the result with the retrieved copy of the account number.

Abstract: An electronic key executes keyless entry communication or RFID communication. A wireless controller mounted on a vehicle executes keyless entry communication within a range of a radius of several meters to several tens of meters. An RFID reader is assigned to each door and executes RFID communication within a range of a radius of approximately 1 meter. In regards to unlocking the door, the wireless controller issues a password by the keyless entry communication, and a wireless circuit temporarily stores the issued password. The RFID readers search for the password stored in the electronic key by the RFID communication, and the wireless controller unlocks a door corresponding to the RFID reader for which the password was detected.

Abstract: A method for assigning a random number to a user in a set of users includes computing a random number assignment seed value based on an ASCII-value representation of the user's name, dividing the random number assignment seed value by a quantity of unassigned numbers available to be assigned to the user to produce a modified random number assignment seed value, rounding the modified random number assignment seed value down to an integer, computing a random number offset value by multiplying the quantity of unassigned numbers by the rounded modified random number assignment seed value, subtracting the random number assignment offset value from the random number assignment seed value to determine a random number assignment lookup number, determining the random number to be assigned to the user based on the random number assignment lookup number, and assigning the determined random number to the user.

Abstract: Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples.

Abstract: A method and an electronic device are disclosed herein. The electronic device includes a communication unit, a storage unit and at least one processor, which executes the method, including detecting a request for establishing a call session, generating a new security key from a preset security key, renewing the preset security key by setting the generated new security key as a current preset security key, and establishing the call session based on the generated new security key.

Abstract: A historical repository of UE identifiers associated with sets of prior mean values and prior standard deviation values, is maintained. A browser request message is received from a web browser on a suspect UE and requests access to an electronic resource. An identification challenge message is sent toward the web browser and contains a hash script configured to be processed by the web browser to hash a challenge data set and to report a measurement of elapsed hashing time. A device identification report is received from the web browser and contains a terminal signature tuple of a reported UE identifier and the elapsed hashing time. A posterior probability value indicating a likelihood that the suspect UE corresponds to a genuine UE identified by the reported UE identifier, is generated. Whether the suspect UE is permitted to access the electronic resource is controlled based on the posterior probability value.

Abstract: According to an embodiment, a communication system includes a transmitting apparatus and a receiving apparatus. The transmitting apparatus generates a pseudorandom number based on an algorithm, synchronously with the receiving apparatus; generates a communication frame identifier including a frame identifier indicating a type of a communication frame and the pseudorandom number to generate the communication frame; and transmits the communication frame.

Abstract: A session continuity server controller, the controller comprising: a memory; and a processor coupled to the memory storing processor executable instructions which when executed by the processor causes the processor to perform operations comprising: determining one or more defects in lawful interception content transmission associated with a user session, wherein the one or more defects comprise one or more degraded network conditions and degraded LI content; executing one or more corrective measures based on the one or more defects in lawful interception content transmission; and determining stability of the lawful interception content transmission post one or more corrective measures for effective and reliable lawful interception content transmission.

Abstract: Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the Data RCP. The Data RCP is encrypted using the Key RCP to produce a subsequent Data RCP. The subsequent Data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a Data RCP to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the Data RCP to produce a subsequent Key RCP. A data structure is encrypted using the Data RCP to produce an encrypted data structure.

Abstract: The present disclosure is related to encryption of executables in computational memory. Computational memory can traverse an operating system page table in the computational memory for a page marked as executable. In response to finding a page marked as executable, the computational memory can determine whether the page marked as executable has been encrypted. In response to determining that the page marked as executable is not encrypted, the computational memory can generate a key for the page marked as executable. The computational memory can encrypt the page marked as executable using the key.

Abstract: A system for securing wireless communication between a transmitter and a receiver through a physical layer control and a data channel is disclosed. The transmitter includes a pseudo random sequence generator module and an encryption module. The pseudo random sequence generator module receives a protocol input, and an additional input. The pseudo random sequence generator module initializes an initial state with the protocol input and the additional input to obtain a pseudo random sequence code. The encryption module receives a ciphering key and encrypts the pseudo random sequence code with the ciphering to obtain an encrypted secure scrambling code to secure the system through the physical layer control and the data channel.

Abstract: A method for presenting services to a subscriber includes certain processes. The method includes collecting usage data associated with an account for the subscriber that is associated with a portable device. The method includes storing usage data in a repository. The method includes determining whether the usage data satisfies a condition. The method includes determining whether an actionable category of data exists. The method includes determining an action based on the actionable category of data and a set of rules. The method includes receiving a first message from the portable device indicating that a communication function of the portable device has terminated. The method includes sending a second message to the portable device that requests an input from the subscriber via the portable device and is based on the action. The method includes receiving a third message from the portable device that includes a response to the second message.

Abstract: A method for transmitting data between controllers in a vehicle network includes transmitting a first data code including an identification number. A second data code is transmitted including a length value of data codes to be transmitted. Data codes are transmitted by using the length value of the data codes to be transmitted. A random number and a position information value of the data codes to be transmitted are included in last and previously transmitted data codes.

Abstract: In some embodiments, each client device in the network has a private key and a public key. For two client devices to securely exchange information, each computes a shared secret based on its own private key and the other's public key. The client devices use the shared secret to generate a shared secret key pair. The shared secret public key is used as a key by each client device to store data in a public key-value data store to share with the other client device. The shared data is signed using the shared secret key pair. The shared data may also be encrypted using the shared secret key pair. Each client device uses the shared secret public key to retrieve the data from the public key-value data store. Each client device uses the shared secret key pair to verify and decrypt the shared data.

Abstract: A computer-implemented method of encryption of several units of a computerized system, wherein each of the units comprises data, includes generating distinct initialization vectors, or IVs, for the units, and storing the generated IVs; and for each unit of the several units: accessing a stored IV corresponding to the unit; and encrypting the unit according to the accessed IV and an encryption key.

Abstract: A computer-implemented method of encryption of several units of a computerized system, wherein each of the units comprises data, includes generating distinct initialization vectors, or IVs, for the units, and storing the generated IVs; and for each unit of the several units: accessing a stored IV corresponding to the unit; and encrypting the unit according to the accessed IV and an encryption key.

Abstract: Authentication systems and methods for a population of devices each associated with an RFID tag are described. For each device, a secret key is combined cryptographically with a publicly-readable unique identifier (UID) of an RFID tag to obtain a unique authorization signature. The RFID tag is prepared utilizing the unique authorization signature as memory-access and/or tag-operation password(s). The systems and methods may safeguard against attacks whereby compromise of a single tag will not compromise the entire population of devices and may reduce or eliminate the use of inappropriate surgical devices during a surgical procedure.

Abstract: Methods and systems are provided for securing an integrated circuit device against various security attacks, such as side-channel attacks. By limiting the number of different challenge vectors that can be combined with a critical variable of an encryption operation, it becomes more difficult to create enough side channel measurements to successfully perform statistical side-channel analysis.

Abstract: A method for presenting services to a subscriber comprises obtaining, via a first server, subscriber usage data associated with a portable device service from a plurality of databases, and sending the subscriber usage data to a second server. The method further includes processing, via the second server, the subscriber usage data using a predetermined algorithm, determining an actionable category of data based on the processed subscriber usage data, generating content corresponding to a first message based on the actionable category of data, and sending via the third server, the first message to a portable device, wherein the first message request a subscriber input.

Abstract: An apparatus and method for storing authentication information on an electronic device are provided. The method includes receiving, by the electronic device, a unique key and a certificate matching the unique key in a secure environment of the electronic device, storing the unique key and the certificate matching the unique key in a secure environment of the electronic device, and wherein at least one of the unique key and the certificate matching the unique key identifies the electronic device.

Abstract: Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, an authentication value is generated at a first mobile device based on a message and a shared secret value stored on the first mobile device. In response to detecting proximity of a second mobile device, the message and the authentication value are wirelessly transmitted from the first mobile device to the second mobile device. In some implementations, the message and the authentication value can be wirelessly transmitted by a proximity-activated wireless interface, such as, for example, a Near Field Communication (NFC) interface.

Abstract: A method for authenticating a transmitter to a receiver, as well as for the protected transmission of messages; both the transmitter, as well as the receiver at least having a first common key; a random number, as well as at least one first partial code of a first code calculated from the random number with the aid of the first key from the receiver to the transmitter being transmitted in a synchronization message; the first partial code being checked by the transmitter; a first counter being generated by the transmitter; useful data, as well as a first partial counter of first counter and at least one second partial code of a second code calculated with the aid of a second key being transmitted by the transmitter to the receiver in a message; and the receiver checking the second partial code to verify the transmitter, as well as the transmitted message.

Abstract: Aspects of this disclosure related to a computer-implemented method for using a first device to configure a second device to access a network. The method includes transmitting a request on a channel, the request containing information sufficient to inform a device that the system can configure the device to access a network through an access point. The method further includes receiving a response on the channel, the response sent by the device after the request and transmitting a request for security information from a server. The method further includes receiving security information from the server, using the security information to verify an identity of the device, and transmitting a security profile to the device, the security profile containing information sufficient to allow the device to connect to the access point to access the network.

Abstract: An encryption proxy is instantiated in a first computing environment and includes encryption proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache encryption key data in a secure encryption key cache outside the second computing environment. The encryption proxy requests one or more encryption keys to be cached and is then provided encryption key data representing the requested encryption keys in the encryption key cache. The encryption proxy then receives application request data from a second virtual asset instantiated in the first computing environment requesting one or more encryption keys be applied to second virtual asset data. The encryption proxy then obtains the required encryption keys from the secure secrets cache and coordinates the application of the encryption keys to the second virtual asset data.

Abstract: This disclosure provides techniques of hierarchical address virtualization within a memory controller and configurable block device allocation. By performing address translation only at select hierarchical levels, a memory controller can be designed to have predictable I/O latency, with brief or otherwise negligible logical-to-physical address translation time. In one embodiment, address transition may be implemented entirely with logical gates and look-up tables of a memory controller integrated circuit, without requiring processor cycles. The disclosed virtualization scheme also provides for flexibility in customizing the configuration of virtual storage devices, to present nearly any desired configuration to a host or client.

Abstract: A method of providing a service among heterogeneous services may include verifying whether a second web application associated with an external web service is installed in a user agent, when data of the external web service is requested from a first web application executed in the user agent, requesting key information to be used for accessing the requested data from a first server providing a web service associated with the first web application, when the second web application is installed in the user agent, receiving the key information from the first server, and accessing the requested data existing on the second web application, using the received key information, in the first web application.

Abstract: Authentication systems and methods for a population of devices each associated with an RFID tag are described. For each device, a secret key is combined cryptographically with a publicly-readable unique identifier (UID) of an RFID tag to obtain a unique authorization signature. The RFID tag is prepared utilizing the unique authorization signature as memory-access and/or tag-operation password(s). The systems and methods may safeguard against attacks whereby compromise of a single tag will not compromise the entire population of devices and may reduce or eliminate the use of inappropriate surgical devices during a surgical procedure.

Abstract: In the present disclosure, a hash function is computed over a known image, for example, an address range in a program. The result of the hash function is known to be the same at two distinct points in time, before the program is run, i.e. signing at build-time, and during the running of the program, i.e. run time. The value that the programmer wishes to hide, i.e. the secret value, is also known at build-time. At build-time, the secret value is combined with the hash in such a way that the combining operation can be reversed at run time. This combined value, i.e. the salt, is stored along with the program. Later, at runtime, the program computes the same hash value as was computed at signing time, and does the reverse combining operation in order to reveal the secret value.

Abstract: Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples.

Abstract: An apparatus comprising a memory, a processor coupled to the memory and configured to obtain a Dynamic Adaptive Streaming over Hypertext Transfer Protocol (HTTP) (DASH) Media Presentation Description (MPD) from an HTTP server, wherein the MPD describes a media presentation as at least one encrypted segment, and wherein the encrypted segment is associated with an availability time and a decryption key, and prefetch the decryption key associated with the encrypted segment by requesting the decryption key from a key server prior to the availability time of the encrypted segment.

Abstract: Methods and systems are provided for securing an integrated circuit device against various security attacks, such as side-channel attacks. By limiting the number of different challenge vectors that can be combined with a critical variable of an encryption operation, it becomes more difficult to create enough side channel measurements to successfully perform statistical side-channel analysis.

Abstract: One feature pertains to encrypting data to improve data confidentiality. In one aspect, a modified form of XTS encryption is provided for use with reduced-round block ciphers. A data unit index of data to be applied to the reduced-round cipher is encrypted under a secret key to generate or otherwise obtain a modified secret key for applying to the reduced-round cipher. That is, data to be encrypted by the reduced-round cipher is not encrypted under a static key but is instead encrypted under a dynamic key that varies according to the index of the data. If an attacker were to derive the value of the key applied to the reduced-round cipher by analyzing data encrypted by the cipher, the attacker would only obtain the dynamic key corresponding to one particular data unit index, rather than a global static key applied to an entire address space. Decryption procedures are also described.

Abstract: The present invention relates to a method and system for mutual authentication of a user and service provider, said method comprising acts of: authenticating an event by a key generation module (KGM), said event is generated on a computing device by a user, sending a shared secret of registered user for the event by an authentication server to the key generation module (KGM), generating one time key by the KGM for the event, transmitting the one time key by appending the shared secret to registered user mobile device, and performing at least one of: authenticating the user for said event by the KGM when a registered user enters the one-time key on the computing device within a predetermined time period, or terminating the event upon receipt of predefined key sequence from the mobile device.

Abstract: System and method embodiments are provided herein for efficient representation and use of initialization vectors (IVs) for encrypted segments using template mode representation in Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH). An embodiment method includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client. Another embodiment method includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV.

Abstract: System and method embodiments are provided herein for efficient representation and use of initialization vectors (IVs) for encrypted segments using template mode representation in Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH). An embodiment method includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client. Another embodiment method includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV.

Abstract: A method and apparatus for securely encrypting data is disclosed. Conventional protections against the loss or theft of sensitive data such as full disk encryption are not effective if the device is, or has recently been, running when captured or found because the keys used for full disk encryption will still be in memory and can be used to decrypt the data stored on the disk. Some devices, such as devices which gather sensitive data in use, must run in environments in which they might be captured by a person seeking access to the sensitive data already recorded by the device. An encryption method is proposed in which files on a recorder's persistent memory are initialised with pseudo-random masking data whilst the recorder is in a relatively secure environment. One or more parameters which can be used to re-create the pseudo-random masking data are encrypted with a public key using a public-key encryption algorithm and stored on the recorder.

Abstract: Use rules are included within tokenized data either before or after tokenization. The use rules can be appended to the data before or after tokenization, can be used to modify the data before or after tokenization, and can be used to select or generate token tables for use in tokenizing the data. The use rules limit how, where, and when the tokenized data can be used, who can use the tokenized data, and the like. In addition, data can be tokenized such that the tokenized data can be identified as tokenized based on the tokenized data failing a validation test. The data is tokenized using one or more token tables, and the validation test is applied to the tokenized data. If the tokenized data passes the validation test, the data is modified with formatting rules or re-tokenized with additional token tables until the tokenized data fails the validation test.

Abstract: A cryptographic key is used to secure a communication link between a first device and a second device. Generating the cryptographic key is accomplished by a) generating a first cryptographic key, b) generating a second cryptographic key, c) applying a hash function to packets transmitted over the communication link to create a hash result, and d) applying the hash function to the first cryptographic key, the second cryptographic key and the hash result.

Abstract: A network device includes a first circuit configured to generate a plurality of packets, and insert, in each of the plurality of packets, a different value for a count. A second circuit receives one or more of the plurality of packets. A third circuit generates a plurality of seeds. Each of the plurality of seeds is based on (i) a predetermined key, (ii) an address of the network device, and (iii) a predetermined value for the count. A fourth circuit encapsulates each of the plurality of packets using one of the plurality of seeds generated based on the value for the count in the respective one of the plurality of packets. A fifth circuit sends a message comprising (i) the address of the network device and (ii) the predetermined value for the count, and sends, subsequent to sending the message, the plurality of encapsulated packets.

Abstract: The present disclosure relates to systems and methods for secure communications. In some aspects, one or more values used to generate an encryption key used to encrypt a packet are stored in a header of the packet. The packet is transmitted with the encrypted data portion in a communication. In some aspects, one or more values used to generate an encryption key are received. The encryption key is regenerated using the one or more values.

Abstract: Disclosed is a method for address privacy protection for a first wireless device sharing a privacy key with a second wireless device. In the method, a first resolution tag is generated at the first wireless device using a pseudo-random function with the seed value and the privacy key as input arguments. The privacy key is only known to the first and second wireless devices. A privacy address is generated for the first wireless device based on the seed value and the first resolution tag. A packet is transmitted from the first wireless device to the second wireless device. The packet includes the privacy address and the first resolution tag.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: Devices, systems, and techniques for generating an encryption key using detected motion from a device. In one example, a method may include receiving movement information indicative of motion detected by a first device during a period of time in which the first device and a second device were bumped together, determining a set of values that represent at least one characteristic of the movement information, and generating, based on the set of values, an encryption key for at least one of encrypting and decrypting data communicated between the first device and the second device. In some examples, the first device may include a sensor configured to detect each time the first device is bumped with the second device during the period of time. The first and second devices may be an implantable medical device and a programmer for the implantable medical device.

Abstract: This present application relates to data encryption and decryption technology, and especially relates to a data encryption and decryption method and apparatus. The described encryption method comprises: packeting plaintext data to be encrypted, randomly assigning an encryption function an encryption key to each group of the plaintext data, encrypting each group of the plaintext data with the encryption function and key respectively, and arranging the encrypted data according to its corresponding position in the plaintext data to form a ciphertext. The encryption apparatus includes: packet module, encryption function and key random assignment module and encryption processing module. This application also provides a data decryption method and apparatus.

Abstract: Systems and methods for authenticating key rotation communications. Key rotation communications can include a key counter known to both a headend device and a station. Comparison between a local key counter and the key counter included in the key rotation communication can be used to authenticate the key rotation communication.