Abstract: A device for generating a seedless pseudo-random number, according to one embodiment, includes a first register containing a secret code; a second register containing a first random number generated locally and a second random number generated at a remote device; and an exclusive OR (XOR) circuit receiving output from the first and second registers and applying an XOR function to the outputs, a result of the XOR function being fed into the second register in a subsequent cycle.

Abstract: The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.

Abstract: Disclosed relates to an access control system and method based on hierarchical keys. The system comprises an access control server (ACS), a home gateway, and a plurality of sensor devices disposed on a home network. The ACS sets up user's access limits of authority and authorization verifier, and saves the related data of user's password and the user's access limits of authority. The gateway records the authority limits' level and the authority limits' key which are constructed based on a hierarchical key structure. When a user logs in the ACS to request access, an one-time communication key between the user and the home gateway is established by exchanging the ticket and the token that are issued by the ACS. This allows the user to access the information of the sensor devices.

Abstract: A rolling code transmitter is useful in a security system for providing secure encrypted RF transmission comprising an interleaved trinary bit fixed code and rolling code. A receiver demodulates the encrypted RF transmission and recovers the fixed code and rolling code. Upon comparison of the fixed and rolling codes with stored codes and determining that the signal has emanated from an authorized transmitter, a signal is generated to actuate an electric motor to open or close a movable barrier.

Abstract: A Method and a terminal intended for securing information in a local memory device which is couplable to a terminal having a data link interface. At the terminal, the method comprises the following steps. The method divides 801 original data included in the information to be secured, a division of the original data resulting in a first portion and a second portion. The method stores 802 the first portion in the local memory device and sends 803 the second portion via the data link interface for storage in a remote memory device. The method includes obtaining 804 an authorized read request targeted to the original data and responsive to the authorized read request reconstructs the original data. In more detail, the method retrieves 805 via the data link interface the second portion and combines 806 the second portion and the first portion which was stored in the local memory device.

Abstract: Systems and methods for improving the restrictiveness on accessing software applications on mobile devices, such as cell phones, are disclosed. In accordance with an exemplary embodiment, a computer-implemented system and method for improving the restrictiveness on accessing software applications comprises using a device having a memory, wherein the software application is stored in the memory and requesting, from the user, an original PIN, wherein the original PIN is not stored in the memory and any information about the original PIN is not stored in the memory. The invention further comprises using the original PIN as a seed number to create a true encryption key, using the true encryption key to encrypt an application secret data into a ciphertext and storing, in the memory, the ciphertext.

Abstract: A network-based biometric authentication system includes a client computer (10), a third party server (24), and a biometric authentication server (26). A user requests access to a web site hosted by the third party server via the client computer, wherein the third party server communicates a deployable object to the client computer. The client computer executes the deployable object, wherein the object enables the client computer to receive a user name, password, and biometric data from the user and to communicate the user name, password, and biometric data to the biometric authentication server in a secure fashion. The biometric authentication server authenticates the user name, password, and biometric data, and communicates the user name and password to the third party server, which attempts to verify the user name and password in a conventional manner and grants access to the user if the user name and password are verified.

Abstract: A cryptosync design comprising (1) a channel identifier indicative of a particular channel via which a data packet is sent, (2) an extended time stamp indicative of a time value associated with the data packet, and (3) a counter indicative of a packet count associated with the data packet. The lengths of the extended time stamp and counter fields and the time unit for the extended time stamp are parameters that may be configured for each channel. At the sender, the extended time stamp for the cryptosync may be obtained from the System Time maintained by the sender. The counter value for the cryptosync may be provided by a counter that is maintained for the channel by the sender. The sender may include a time stamp and/or the counter value, if they are needed to derive the cryptosync at the receiver, in a header of the data packet.

Abstract: A method is provided for preventing a peripheral device such as an ATA disc drive, which is restricted to use with a designated host, being hot-plugged to another system after the drive is unlocked. Thus, violation of privacy of data (eg. music/video) stored on the drive through a hot-plug attack may be avoided. This is accomplished by maintaining time synchronization between the drive and its designated host so that both devices obtain the same seed from time information to generate a validation number at any time that a read/write command is issued from the host.

Abstract: A method and system for securing the communication link between the accounting device and printer of a metering system by authenticating the data being sent via the link utilizing a Nonlinear Feedback Shift Register (NLFSR) based system is provided. A NLFSR is provided in each of the accounting unit and printing unit of a metering system. The NLFSR in the accounting unit is utilized to generate a message authentication code (MAC) for the image data being sent from the accounting unit to the printing unit. The printing unit generates a corresponding MAC for the received image data using the NLFSR in the printing unit. The MAC generated by the printing unit is compared with the MAC generated by the accounting unit. If the MACs are similar, the image data is accepted as authentic and the printing unit will print the image corresponding to the image data.

Abstract: An apparatus including a key mixing circuit, an input circuit, and a decapsulation circuit. The key mixing circuit generates a plurality of seeds, each based on a predetermined temporal key, a transmitter MAC address, and a predetermined start value for a Temporal Key Integrity Protocol (TKIP) Sequence Count (TSC). The input circuit receives a message including the transmitter MAC address and the predetermined start value. The key mixing circuit generates the plurality of seeds based on the message. The input circuit receives a plurality of encapsulated MAC Payload Data Units (MPDUs). The input circuit receives the message before receiving the plurality of encapsulated MPDUs. The decapsulation circuit decapsulates each of the plurality of encapsulated MPDUs using one of the plurality of seeds that was generated based on the value for the TSC in the respective one of the N encapsulated MPDUs.

Abstract: A method of encrypting data is provided. The method includes dividing data in packet units into N data blocks; generating an initial counter value using a random number used for generating an encryption key for encrypting the data blocks; generating N counter values by increasing the initial value by a predetermined value N times and encrypting the N counter values using the encryption key; and performing an exclusive OR operation on the N encrypted counter values and the N data blocks.

Abstract: The present invention relates to a key update method based on the amount of communication in wireless sensor networks having a hierarchy structure.

Abstract: A rolling code transmitter is useful in a security system for providing secure encrypted RF transmission comprising an interleaved trinary bit fixed code and rolling code. A receiver demodulates the encrypted RF transmission and recovers the fixed code and rolling code. Upon comparison of the fixed and rolling codes with stored codes and determining that the signal has emanated from an authorized transmitter, a signal is generated to actuate an electric motor to open or close a movable barrier.

Abstract: One embodiment involves encrypting an MPEG transport stream by seeding a random number generator with a seed derived from at least a portion of the MPEG transport stream to produce a random number output. At least one program key and at least one modification key are generated from the random number output. At least portions of the MPEG transport stream are encrypted with the program key. At least one stored key is modified according to the modification key to produce a message segment key. The program key and the modification key are encrypted with the message segment key. The encrypted MPEG transport stream, the encrypted program key, and the encrypted modification key are multiplexed to form a multiplexed output.

Abstract: A method for wireless data transmission between a base station and a transponder is provided, whereby a message, comprising at least one command and one data sequence, is transmitted by the base station, the message is received and evaluated by the transponder, at least one key is provided in the transponder after receipt of the command and before complete receipt of the message and the key is transmitted to the base station, the key is detected by the base station, and parts of the message, still to be transmitted, and/or subsequent messages are encoded by the base station with the key.

Abstract: A present novel and non-trivial decryption system and methods are disclosed for the secure storing of bulk data using one-time pad (“OTP”) encryption. A storage device could be initialized with an OTP prior to encrypting data received from a data source. Parts of the OTP may be retrieved and used to encrypt the data. Once the data has been encrypted, it may be stored in the same location(s) from where parts of the OTP were retrieved with an optional sterilization of the locations being performed during the encryption process. Besides a data source, an initialize station could be used to facilitate the initializing of the OTP onto the storage device, storing OTP parameters corresponding to the OTP, and deleting the OTP. Additionally, a retrieval station could be used to facilitate the retrieval and decryption of encrypted code using the OTP used in the encryption process.

Abstract: The invention relates to a method of authentication and session key agreement for secure data transmission between a first and second data communication entity in an electronic data transmission system. Furthermore, the invention relates to an electronic transmission system to perform a method of authentication and session key agreement.

Abstract: An encoding data processing apparatus generates a video material item marked copy by embedding a payload data word into the video material item. The video material item includes plural video frames. A code word generator generates a water mark code word from the payload data word and reads data representing the water mark code word into a shuffle data store. A shuffle processor generates pseudo randomly at least one address within an address space of the shuffle data store for each video frame and reads data representing part or parts of the water mark code word out from the data store at locations identified by the pseudo randomly generated address. A data embedding processor receives the video material item and embeds the data representing the part or parts of the water mark code word read out from the shuffle data store for each frame into a corresponding frame of the video material item.

Abstract: An efficient pseudo-random function and an efficient limited number of times authentication system using such a function are realized. A pseudo-random function calculating device comprises a key creating means and a pseudo-random function calculating means. The key creating means creates a public key made of a set of at least a first component and a second component as components constituting an element of a finite group and a secret key made of an integer and secretly saves the created secret key in a secret key memory section but makes the public key public. The pseudo-random function calculating means outputs the element of a finite group as function value of the pseudo-random function upon receiving an integer as input.

Abstract: In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable modules are created on a server machine and are themselves signed using industry standard PKI techniques, and contain randomly chosen subset from a repertoire of proven hashing and encryption algorithms that are executed on the system to be checked to create a unique signature of the state of that system. The dynamically generated executable module returns the signature to the server machine from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms.

Abstract: A transmitter is configured to transmit activation signals based on transmission schemes in which one of the schemes is an appropriate scheme such that the appliance activates upon receiving an activation signal that is based on the appropriate scheme and has a code associated with the appliance. The transmitter is configured to receive a code represented by a sequence of bits and to transmit a sequence of different activation signals including different sets of first and second activation signals until user input indicating activation of the appliance is received by the transmitter. Each set of activation signals is based on a respective scheme, each first activation signal includes the sequence of bits and each second activation signal includes a bitwise reversal of the sequence of bits.

Abstract: The present invention provides for authenticating a message, A security function is performed upon the message, The message is sent to a target. The output of the security function is sent to the target. At least one publicly known constant is sent to the target. The received message is authenticated as a function of at least a shared key, the received publicly known constants, the security function, the received message, and the output of the security function. If the output of the security function received by the target is the same as the output generated as a function of at least the received message, the received publicly known constants, the security function, and the shared key, neither the message nor the constants have been altered.

Abstract: A system for over-the-air provisioning is disclosed. The system comprises a processor and an over-the-air server application. The over-the-air server application, when executed by the processor, is configured to begin an over-the-air provisioning session, to request a log of an over-the-air client, to receive the log, to send a first plurality of action requests to the over-the-air client based on the log, to receive acknowledgments of the action request, to stop the over-the-air provisioning session when an acknowledgment is not received within a first time period, and to restart the over-the-air provisioning session after waiting a second time period when the over-the-air provisioning session has been stopped, wherein the first plurality of action requests comprise a first task.

Abstract: A cloud storage method includes: connecting a portable electronic device having a hardware identification code to a mediation device; generating a first verification serial number by a first serial number generating module of the portable electronic device via the hardware identification code and transmitting the first verification serial number to a cloud server via the mediation device and a network system connecting to the mediation device and the cloud server; generating a second verification serial number by a second serial number generating module of the cloud server having a storage module via a hardware identification code pre-stored in the storage module; and a comparison module built in the cloud server comparing the first and second verification serial numbers so as to process the storage module according to an operating signal sent by the user when the first and second verification serial numbers are determined to be the same.

Abstract: A technique is utilized in the configuration and seeding of security tokens at third party facilities, particularly at facilities of a configuration agent, such that a token can be configured without the configuration agent having security-defeating knowledge about the token. Such a technique allows a third party to provision a token with a seed, but in such a way that the third party will not know, or be able to construct, the seed after the seed provisioning process is complete. The seed may include, by way of example, a symmetric key or other secret shared by two or more entities. In some arrangements, a method is used for secure seed provisioning. Data is derived from inherent randomness in a token or other authentication device. Based on the data, the token or other authentication device is provisioned with a seed.

Abstract: The use of keys to encrypt data in a transmitter and to decrypt encrypted data in a receiver are synchronized in accordance with a synchronization signal that opportunistically replaces a null packet in an MPEG transport stream. Additionally or alternatively, key related information is transmitted and/or received in place of a null packet in the MPEG transport stream and is used to encrypt and/or decrypt data transmitted and/or received in the MPEG transport stream.

Abstract: Methods of securely communicating a message from a first terminal to a second terminal include generating a keypad including a random sequence of bits having a length L, encrypting the message at the first terminal using a bit string beginning at an offset O in the keypad, and transmitting the encrypted message and an indicator of the offset O to the second terminal. A communication terminal includes a controller, a communication module configured to establish a location-limited communication channel, and an encryption unit configured to store a keypad including a random sequence of bits having a length L, to encrypt an outgoing message using the keypad, and to decrypt an incoming message using the keypad.

Abstract: A system structured from a management device, a content key distribution device and a plurality of terminals suppresses the data volume of a terminal revocation list (TRL). The management device generates and transmits a TRL formed from data that expresses terminal IDs of all terminals to be invalidated, by only a value and a position of a common bit string in the IDs, to the content key distribution device. Each terminal holds a terminal ID that includes a manufacturer ID and a serial number, and requests the distribution of a content key by sending the terminal ID to the content key distribution device. The content key distribution device refers to the TRL, judges whether the terminal ID transmitted from the terminal is that of an invalidated terminal, and if negative, encrypts and transmits the content key to the terminal.

Abstract: A method for billing in a packet data network (WISP1) comprising at least one user's terminal (MN), comprising the steps of: forming a data link between the terminal and the packet data network; requesting a user identity from the terminal; generating billing data based on the user identity; and sending the billing data to an accounting server (HAAA) of an external telecommunications network.

Abstract: A tag authentication method, and a tag and reader performing the method are provided. The tag authentication method, including: a reader generating a first random number and transmitting the first random number to a tag; the reader receiving a second random number and a first verification value from the tag; the reader computing a second verification value based on the first random number and the second random number; and the reader comparing the first verification value and the second verification value.

Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table.

Abstract: A method for provisioning a device such as a token. The device issues a certificate request to a Certification Authority. The request includes a public cryptographic key uniquely associated with the device. The Certification Authority generates a symmetric cryptographic key for the device, encrypts it using the public key, and creates a digital certificate that contains the encrypted symmetric key as an attribute. The Certification Authority sends the digital certificate to the device, which decrypts the symmetric key using the device's private key, and stores the decrypted symmetric key.

Abstract: The present invention relates to arrangements and methods for generating keys for cryptographic processing of communication between a first communication unit (200) and a second communication unit (300). The first communication unit (200) and second communication unit (300) are adapted to obtain knowledge about a secret function, wherein the first communication unit comprises: -means for selecting a value z (210), means for calculating the secret function as a function of the selected value z (220) means for processing data with the calculated secret function (230), and means for transmitting the processed data in association with the selected z to the second communication unit (240), wherein the secret function is selected from a set of functions that are almost k-wise independent.

Abstract: A secure wireless local or metropolitan area network and data communications device therefor are provided, where the device transmits plain text in an encrypted message including cipher text and an initialization vector. The device may include a seed generator for performing a one-way algorithm using a secret key, a device address, and a changing reference value for generating a seed. Further, a random initialization vector (IV) generator may be included for generating a random IV, and a key encrypter may generate a key sequence based upon the seed and the random IV. Additionally, a logic circuit may be included for generating cipher text based upon the key sequence and plain text, and a wireless communications device may be connected to the logic circuit and the random IV generator for wirelessly transmitting the encrypted message.

Abstract: In a cellular interception system, an information processing method for converting information of several cellular-network wireless messages from a first encrypted format under a session key, where each message is encrypted by a cellular ciphering algorithm chosen out of a collection of one or more cellular ciphering algorithms under the session key, to a second unencrypted format comprising: (A) divide the messages in the first format into two sets; the first set containing messages encrypted under the same encryption algorithm, and a second set containing the remaining messages. (B) subject the messages in the first set to a ciphertext-only cryptanalysis of a cellular encryption algorithm to recover the session key. (C) for each message in the second set, subject the message together with the recovered session key to the corresponding cellular ciphering algorithm to receive the message's information in the second format.

Abstract: Secure authentication and messaging for mobile online transactions are performed by a secure messaging platform. The secure messaging platform may include a token coupled to a mobile device, or a mobile device alone. The token enables secure access, and client and server protocols enable secure transactions using text/SMS messaging.

Abstract: Methods and apparatus are provided for using explicit initialization vectors in both encryption and decryption processing. In one example, a sender generates an initialization vector, identifies cryptographic keys, encrypts data using the initialization vectors and the cryptographic keys, and transmits the encrypted data in a packet along with the initialization vector. A receiver identifies cryptographic keys, extracts the initialization vector from the received packet, and decrypts the encrypted data using the cryptographic keys and the initialization vector extracted from the received packet.

Abstract: A method and apparatus for downloading information content to a wireless terminal. The information content is obtained from a content provider that is accessible over a network, such as the World Wide Web. The information content, which is available on a subscription basis, is downloaded directly to the wireless terminal. Access to the network, access to the content provider, and downloading the information content is performed automatically according to a schedule, in accordance with the subscription.

Abstract: An electronic circuit 120 includes a more-secure processor (600) having hardware based security (138) for storing data. A less-secure processor (200) eventually utilizes the data. By a data transfer request-response arrangement (2010, 2050, 2070, 2090) between the more-secure processor (600) and the less-secure processor (200), the more-secure processor (600) confers greater security of the data on the less-secure processor (200). A manufacturing process makes a handheld device (110) having a storage space (222), a less-secure processor (200) for executing modem software and a more-secure processor (600) having a protected application (2090) and a secure storage (2210).

Abstract: A method in which a test function is called in a system's internal authentication IC multiple times with a known incorrect value such that, if the internal IC is invalid, an expected invalid response is not generated and, otherwise, the internal IC generates a secret random number and its signature and encrypts these using a first secret key, an external authentication IC connected to the system calls a read function which decrypts the encrypted random number and signature using the first key, calculates the decrypted random number's signature, compares the signatures and upon a match encrypts the decrypted random number and a message of the external IC using a second secret key, the internal IC calls the test function which encrypts the random number and message using the second key, compares the encrypted random numbers and messages, validates the external IC if they match and invalidates the external IC otherwise.

Abstract: Chip cards are used to secure credit and debit payment transactions. To prevent fraudulent transactions, the card must protect cryptographic keys used to authenticate transactions. In particular, cards should resist differential power analysis and/or other attacks. To address security risks posed by leakage of partial information about keys during cryptographic transactions, cards may be configured to perform periodic cryptographic key update operations. The key update transformation prevents adversaries from exploiting partial information that may have been leaked about the card's keys. Update operations based on a hierarchical structure can enable efficient transaction verification by allowing a verifying party (e.g., an issuer) to derive a card's current state from a transaction counter and its initial state by performing one operation per level in the hierarchy, instead of progressing through all update operations performed by the card.

Abstract: Data is encrypted according to a plurality of data keys. During the encryption of the data, the data keys are rotated according to a data key rotation pattern, and the rotation of the data keys includes repetitive use of the data keys during the encryption of the data. The encrypted data is transmitted to a receiver. Additionally or alternatively, encrypted data is received from a transmitter. The encrypted data is decrypted according to a plurality of data keys. During the decryption of the encrypted data, the data keys are rotated according to a data key rotation pattern, and the rotating of the data keys includes repetitive use of the data keys during the decryption of the encrypted data.

Abstract: Messages are encrypted/decrypted according to a modified triple wrap procedure in which the messages are encrypted/decrypted in three encryption/decryption operations and are processed in three additional operations using first, second, third, fourth, fifth, and sixth keys.

Abstract: A system is described for encryption and decryption of digital data prior to the digital data entering the memory of a digital device by generating a key, sub-key and combining the sub-key with mixed digital data, where the encryption and decryption occurs between the memory controller and the input output register.

Abstract: A method allows Internet Protocol version 6 (IPv6) nodes that use Mobile IPv6 for mobility management, or DHCP for address provisioning, to securely claim and defend their network addresses themselves or through proxies using the SEND protocol. The network node may also sign and verify a message that claims and defends a network address. The network address to be claimed and defended may be either autoconfigured or obtained from a server using the DHCPv6 protocol. If the MCGA is generated by a mobile IPv6 node as a mobile IPv6 home address, the MCGA can be securely proxied by the mobile IPv6 home agent after the mobile node has left the home link. However, if the MCGA is generated as a mobile IPv6 care-of address by a mobile IPv6 node while on a foreign subnet, the MCGA can be securely proxied by the current or new access router, before the mobile node arrives on the link and after it has left the link, respectively.

Abstract: A system and method allows a user to automatically configure a new device on a local area network (LAN) by pressing a sequence of buttons on a conventional remote control (RC) while pointing the infrared (IR) transmitter of the RC at the new device. The button-sequence includes an arbitrary button-sequence selected by the user, or a pre-established button-sequence stored in an existing network member device, such as the network controller, and displayed to the user. The button-sequence represents a cipher key for an encryption/decryption algorithm. The network member device uses the cipher key to encrypt a configuration message that includes a shared network security key and transmit it over the network. The encrypted configuration message is received by the new device and decrypted using the same cipher key.

Abstract: A method for authenticating address ownership using a Care-of Address (CoA) binding protocol, the method includes a comparison of two hash-function-processed result values, i.e., a first hash-function-processed result value transmitted from a home agent, the first hash-function-processed result value encrypted by a public key of a correspondent node and decrypted by a secret key of the correspondent node, and a second hash-function-processed result value piggybacked in a binding update message transmitted from a mobile node. The hash-function-processed result values are obtained by applying hash functions to a care-of address of a mobile node to be used in a foreign link, a random number generated by a home agent and a secret key shared by the home agent and the mobile node.

Abstract: A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.

Abstract: A process and system for generating a pseudo-random number is presented. Input data having entropy is gathered in an Entropy Pool and transformed once by a cryptographic hash function. The transformed data forms the internal state of the pseudo-random number generator. The generator forms the output by applying a second cryptographic hash function to this internal state. Finally, the generator updates the internal state by inputting the current internal state and data from the Entropy Pool into a third cryptographic hash function. The output of the third hash function forms the new internal state of the pseudo-random number generator.