Abstract: A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.

Abstract: A process and system for generating a pseudo-random number is presented. Input data having entropy is gathered in an Entropy Pool and transformed once by a cryptographic hash function. The transformed data forms the internal state of the pseudo-random number generator. The generator forms the output by applying a second cryptographic hash function to this internal state. Finally, the generator updates the internal state by inputting the current internal state and data from the Entropy Pool into a third cryptographic hash function. The output of the third hash function forms the new internal state of the pseudo-random number generator.

Abstract: A connection assistance apparatus avoids unauthorized access and DoS attacks, prevents a performance degradation from occurring, and does not need to recognize different connections to gateway apparatus. An authenticating unit authenticates the validity of a terminal by checking if the terminal is a valid terminal capable of communicating with a gateway apparatus according to IPSec in response to a request from a user who owns the terminal. If it is judged that the terminal is a valid terminal, then a preshared key generating unit generates a preshared key for the terminal and the gateway apparatus, and a firewall opening instruction information generating unit generates firewall opening instruction information to open a firewall of the gateway apparatus. A transmitting unit sends the preshared key to the terminal and the gateway apparatus and sends the firewall opening instruction information to the gateway apparatus.

Abstract: A global key control mechanism provides a single point of overall control for key generation, but portions of the key generation and/or allocation tasks may be delegated to client computer systems, thereby reducing network traffic. The global key control mechanism may download a client key generation mechanism on one or more client computer systems, and may allocate a block of keys to the client key generation mechanism. Requests for keys may then be routed to the client key generation mechanism, which can generate and/or allocate keys within the block of keys that the global key control mechanism allocated to it. When the block of keys is used up, the client key generation mechanism may request another block from the global key control mechanism. The preferred embodiments also include the capability of downloading a client key generation mechanism with an associated block of keys once the requests from one or more client applications exceed a predetermined threshold.

Abstract: A system and method for performing SRNS relocation in a communications system transmits radio resource information including a ciphering parameter from a source RNC to a target RNC, modifies the ciphering parameter to coincide with a deciphering parameter which a user terminal uses when out-of-sequence data is received, ciphers a data unit based on the modified ciphering parameter, and transmits the ciphered data unit from the target RNC to the user terminal. The method may be modified to operate in UM mode or AM mode and to transmit data over one of several radio bearers. In accordance with another embodiment, the system and method transmits radio resource information from a source RNC to a target RNC and then transmits a data unit from the target RNC to a user terminal. In this case, the data unit including a transmission sequence number which consecutively follows a transmission sequence number of a data unit last transmitted from the source RNC to the user terminal.

Abstract: In one embodiment, method that can be performed on a system, is provided to security implementations for storage devices. In one embodiment, the method comprises providing a separate encryption seed for each of a plurality of separate addressable blocks of a non-volatile storage device, wherein a common encryption method is to encrypt data to be stored on the plurality of separate addressable blocks. In one embodiment, the storage device is a portable storage device. In one embodiment, encryption seed is an Initialization Vector (IV). In one embodiment, the encryption seeds comprise at least one of a media serial number and a logical block address corresponding to the respective block of the non-volatile storage device. In an alternative embodiment, the method further comprises storing at least a part of the separate encryption seed of the separate blocks of the non-volatile storage device within the respective blocks of the storage device.

Abstract: An improved system and approaches for protecting passwords are disclosed. A file security system for an organization operates to protect the files of the organization and thus prevents or limits users from accessing some or all of the files (e.g., documents) associated with the organization. According to one aspect, a password entered by a user is used, provided it is authenticated, to obtain a respective authentication string (a relatively longer string of numbers or characters). The retrieved authentication string is then used to enable the user to enter the file security system and/or to access secured files therein. According to another aspect, user passwords are not stored in the file security system to avoid security breaches due to unauthorized capture of user passwords.

Abstract: A system and method for exchanging a transformed message with enhanced privacy is presented. A set of input messages is defined. A set of output messages is defined. A message is selected from the input messages set. One or more words in the selected message are efficiently transformed directly into a transformed message different from the selected message, wherein the transformed message belongs to the set of output messages, at least one component of the selected message is recoverable from the transformed message, and the cost of determining whether the transformed message belongs to the input messages set or the output messages set exceeds a defined threshold.

Abstract: A method and a circuit for extracting a secret datum from an integrated circuit taking part in an authentication procedure that uses an external device that takes this secret datum into account, the secret datum being generated on request and made ephemeral.

Abstract: A method of protecting secret key integrity in a hardware cryptographic system includes first obtaining an encryption result and corresponding checksum of known data using the secret key, saving those results, then masking the secret key and storing the masked key. When the masked key is to be used in a cryptographic application, the method checks key integrity against fault attacks by decrypting the prior encryption results using the masked key. If upon comparison, the decryption result equals valid data, then the key's use in the cryptographic system can proceed. Otherwise, all data relating to the masked key is wiped from the system and fault injection is flagged.

Abstract: A first embodiment provides a process and system for simple, secure exchange of random numbers between two devices by combining a random number and a secret code (e.g., password) to generate a first challenge code, extracting the random number using the password at the second device, combining the first random number with a second random number, and returning the combination to the first device, which extracts the second random number from the second challenge code using its first random number. A CRC can be added to authenticate the sender. Another embodiment provides a system and method for generating a seedless pseudo-random number. The Yet another embodiment provides a system and method for generating data encryption coding with variable clocking.

Abstract: A method and system is provided to secure a data transmission from a chip card to an off-card entity. A transport key is generated at the off-card entity. The transport key is transmitted in a secure manner from the off-card entity to the chip card. At the chip card, the transport key is used to encrypt data to be sent from the chip card to the off-card entity. The data having been encrypted at the chip card using the transport key is then transmitted from the chip card to the off-card entity. The off-card entity is capable of decrypting the data received from the chip card through use of the transport key previously generated at the off-card entity.

Abstract: A method which includes receiving a request to perform encapsulating security payload (ESP) processing for data exchanged between a node and an other node over a secure network connection established via an Internet Protocol security (IPsec) security association. Information associated with the IPsec security association is obtained based on the request. The information indicates a prepend data unit size for an initialization vector, a generated data unit size for the initialization vector and an append data unit size for the initialization vector. A composition of each initialization vector included with encrypted data exchanged between the node and the other node based, at least in part, on the prepend, generated and append data unit size for the initialization vector is then determined.

Abstract: In some embodiments of the present invention, a method and apparatus to perform at least one of a confidentiality algorithm and an integrity algorithm comprising an output from a partial KASUMI block cipher.

Abstract: A method and a circuit of generation of several secret quantities by an integrated circuit according to the destination of these secret quantities, including taking into account a first digital word forming a single identifier of the integrated circuit chip and coming from a physical parameter network, and of individualizing this identifier according to the application.

Abstract: A method for re-encrypting encrypted data in a secure storage file system, including obtaining selected data to re-encrypt from the secure storage file system using a user data access record and the encrypted data, decrypting the selected data using a symmetric key, re-encrypting the selected data using a new symmetric key to obtain new encrypted data, encrypting the new symmetric key using a public key to obtain a new encrypted symmetric key, storing the new encrypted data and the new encrypted symmetric key if the public key is associated with a file system user having read permission, and storing an encrypted hash data if the file system user has write permission.

Abstract: A method of validating a consumable authentication chip is provided having the steps of: numerously calling a trusted chip's test function with an incorrect value to generate an invalid response or not generate the response thereby invalidating the consumable chip; if generated, in the trusted chip, generating a secret random number, calculating its signature and symmetrically encrypting the number/signature using a first secret key; calling the consumable chip's read function with the encrypted number/signature to symmetrically decrypt the encrypted number/signature using the first key, calculate the decrypted number's signature, compare the signatures, and if they match, symmetrically encrypt the decrypted random number and a data message using a second secret key; calling the trusted chip's test function with the message and the encrypted number/message to symmetrically encrypt the number and message using the second key, compare the encrypted numbers/messages, validate the consumable chip if they match, a

Abstract: An information processing apparatus has an authentication & key exchange unit, a contents receiver, a contents decryption unit and a contents confirmation request unit. The authentication & key exchange unit performs authentication & key exchange processing by using a given protocol with the communication apparatus and generates a first key shared with the communication apparatus. The contents receiver receives encrypted contents obtained by encrypting the contents with a second key generated by using the first key and the key information, and the key information attached to the encrypted contents. The contents decryption unit decrypts the encrypted contents by using the first key and the key information. The contents confirmation request unit instructs the communication apparatus to transmit or confirm the key information held by the communication apparatus, when the contents decryption unit decrypts the contents based on the second key firstly generated by using the first key.

Abstract: A security system and method of operation includes a wireless transmitter, a wireless receiver in wireless communication with the wireless transmitter, and a control panel. The transmitter transmits a wireless message, including a unique transmitter identification number, a status portion with a plurality of status bits, and a sequence count which it increments only when any one of the status bits changes. The receiver receives the wireless message, converts the wireless message to a digital message which is sent to the control panel. The control panel processes the digital message by extracting the sequence count and transmitter identification number. A previous sequence count associated with the transmitter identification number is retrieved from memory, and the sequence count from the message is compared with the previous sequence count. If the sequence count is not less than the previous sequence count, then the control panel processes the message.

Abstract: A method and apparatus for an iterative cryptographic block under the control of a CPU and without a fixed number of stages. In one embodiment, a first cryptographic block descrambles received information using an internal key or a preprogrammed key to form a descrambled key or descrambled data. A data feedback path stores the descrambled data as internal data and provides the internal data or the external data as data input to the first cryptographic block. A key feedback path stores the descrambled key as an internal key and provides the internal key or the preprogrammed key to a key input of the first cryptographic block. A second cryptographic block descrambles received content using a final descrambling key. Other embodiments are described and claimed.

Abstract: A cryptographic key split combiner includes a number of key split generators for generating cryptographic key splits from seed data, and a key split randomizer for randomizing the key splits to produce a cryptographic key. The key split generators can include a random split generator for generating random key splits, a token split generator for generating token key splits based on label data, a console split generator for generating console key splits based on maintenance data, a biometric split generator for generating biometric key splits based on biometric data, and a location split generator for generating location key splits based on location data. Label data can be read from storage, and can include user authorization data. A process for forming cryptographic keys includes randomizing or otherwise binding the splits to form the key.

Abstract: A method and apparatus for a signal encryption device constructed to perform synchronous stream cipher encryption for a sequence of input words with restricted codes. The encryption device includes a keystream generator for producing a sequence of pseudorandom words from a key, and an adder that is used to sum the output of the keystream generator and the input words. A lookup table of size substantially twice the number of possible input words provides encrypted codes excluding restricted codes from the summed signal. A signal encryption and decryption system is constructed by including a second keystream generator for producing a second sequence of pseudorandom words from the key, and a second adder to produce a second summed signal from the output of the second keystream generator and the encrypted codes. A corresponding lookup table provides decrypted codes excluding restricted codes from the second summed signal.

Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table. The corresponding decoding and/or decryption table may be determined based on the indicated first and/or second encoding and/or encrypting tables.

Abstract: An authentication method for link protection between an OLT and an ONU newly connected thereto in an EPON, which is implemented in a data link layer to which cryptography is applied. First, an authentication key is distributed to both the OLT and an ONU. The OLT (or ONU) generates first and second random values, generates an authentication request frame containing the random values, and transmits it to the ONU (or OLT). The ONU generates a first hash value according to a hash function using the random values contained in the request frame, and transmits an authentication response frame containing the first hash value to the OLT. The OLT compares the first hash value with a second hash value calculated by it according to the has function using the two random values and an authentication key distributed to it, and transmits an authentication result frame to the ONU.

Abstract: Auxiliary digital data is sold and bought. A process for selling auxiliary digital data is performed with respect to a process for cancelling a limitation of use of the digital data. A process for buying the auxiliary digital data is performed. A process for receiving a selling request and a buying request is performed, and selling and buying transactions are concluded. The process of selling, the process of buying, and the process of selling and buying are each performed by transmitting and receiving data through a communication network.

Abstract: A system for encrypting a data encryption key includes a key encryption key generator configured to receive a public portion of a label, the label including an asymmetric key pair of the public portion and a private portion, the key encryption key generator being further configured to process the public portion of the label to obtain a key encryption key, and a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device.

Abstract: A system and method for performing SRNS relocation in a communications system transmits radio resource information including a ciphering parameter from a source RNC to a target RNC, modifies the ciphering parameter to coincide with a deciphering parameter which a user terminal uses when out-of-sequence data is received, ciphers a data unit based on the modified ciphering parameter, and transmits the ciphered data unit from the target RNC to the user terminal. The method may be modified to operate in UM mode or AM mode and to transmit data over one of several radio bearers. In accordance with another embodiment, the system and method transmits radio resource information from a source RNC to a target RNC and then transmits a data unit from the target RNC to a user terminal. In this case, the data unit including a transmission sequence number which consecutively follows a transmission sequence number of a data unit last transmitted from the source RNC to the user terminal.

Abstract: An apparatus includes a key mixing circuit, an input circuit, and a decapsulation circuit. The key mixing circuit generates N Wired Equivalent Privacy (WEP) seeds, N?1, each based on a predetermined temporal key, a transmitter MAC address, and a predetermined start value for a Temporal Key Integrity Protocol (TKIP) Sequence Count (TSC). The input circuit receives a message including the transmitter MAC address and the predetermined start value. The key mixing circuit generates the N WEP seeds based on the message. The input circuit receives N encapsulated MAC Payload Data Units (MPDUs) each including the transmitter MAC address and one of N values for the TSC, greater than or equal to the predetermined start value. The decapsulation circuit decapsulates the N encapsulated MPDUs using one of the N WEP seeds generated based on the value for the TSC in the respective one of the N encapsulated MPDUs.

Abstract: A random wave envelope is created from a set of bounded random numbers by additively combining a triangle, a square and a sine wave. The random wave envelope is then used to create a sequence of wave random numbers from the wave envelope, which are used to generate random-variant keys for encryption in place of the pre-placed encryption key. An ambiguity envelope is thus created over the transmission of data packets as random-variant-keys are used that are distinct and separate for each packet and may also be distinct and separate for each incoming and outgoing packet. The random-variant keys are only created at the time of the actual use for encrypting or decrypting a data packet and not before and then discarded after one time use. The random-variant keys may be used in wireless network using wireless access points, cellular phone and data networks and ad hoc mobile wireless networks.

Abstract: A method for communicating in a network is presented. The method includes encapsulating content from a plurality of high level data units from a high level layer to generate a stream; dividing the stream into a plurality of segments; individually encrypting at least some of the segments, wherein an encrypted segment includes a plurality of encrypted blocks, and at least some of the encrypted blocks are encrypted based on at least one other encrypted block within the encrypted segment; and supplying low level data units to a physical layer that handles physical communication over the network, at least some of the low level data units each including a plurality of encrypted segments.

Abstract: The invention concerns an anti-pirate method for the distribution of digital content by pro-active diversified transmission, associated transmitter device and portable receiving object. The method, designed to make the same information (Kc) available to several receivers (1) belonging to a group (G) of receivers, each receiver storing information (SAi) specific to it, is characterized in that it includes the following steps: define a relation Kc=f(K, bi, SAi) where (f) is a given function, (K) is information common to all the receivers, and (bi) is information different for each receiver and for each value of the information (K); —enable each receiver to access information (bi) before making (Kc) available; and transmit the information (K) to all receivers, just before making (Kc) available; so that each receiver can calculate information (Kc) using said relation.

Abstract: System and method for providing secure communications is provided. Initially, an exchange protocol, such as a password-authenticated key exchange protocol, is used to create a shared secret. From the shared secret, two keys are created: a utilized key and a stored key. The utilized key is used to encrypt messages between nodes. When it is time to replace the utilized key to maintain security, the stored key is utilized to encrypt messages for generating/distributing a new shared secret. The new shared secret is then used to generate a new utilized key and a new stored key. This process may be repeated any number of times to maintain security.

Abstract: According to embodiments of the present invention a system and method for encrypting traffic on a network is disclosed.

Abstract: Cryptographic material is generated for a protocol for the encrypted transmission of media data between a subscriber device and a provider device. A first symmetric key of the subscriber device and the provider device is inserted in a symmetric key protection mechanism of a network protocol of a control layer to establish a communication session between the subscriber device and the provider device. A first time-variable parameter is transmitted from the provider device to the subscriber device. A second symmetric key for protecting the key management protocol is calculated by both the provider device and the subscriber device using a defined function depending at least on the first symmetric key and the first time-variable parameter.

Abstract: Multimedia content or related data is securely transferred between a source device and a sink device in a secure multimedia content delivery device, such as a set-top box, using keys modified by logically combining them with copy control-related bits associated with the data.

Abstract: A system that facilitates efficient code construction comprises a component that receives a first code and a transformation component that transforms the first code to a new code. The new code has essentially same length parameters as the first code but is hidden to a computationally bounded adversary. The first code can be designed in the noise model and appear random to a computationally bounded adversary upon transformation.

Abstract: An encryption/decryption device and a method thereof use an RC4 algorithm to reduce a waiting time for encryption/decryption thereby avoiding data process delay. The encryption/decryption device includes a management unit, an encryption/decryption unit, and a first interface. The management unit includes a WEP seed key generator for generating a WEP seed key based on a transmitter address of first data and a cipher suite value representing a cipher protocol type for the transmitter address, an RC4 key scheduler for generating S-Box data using the WEP seed key, and an S-Box data memory storing the S-Box data generated from the RC4 key scheduler for the transmitter addresses. The encryption/decryption unit has a core for performing the RC4 algorithm corresponding to the cipher suite, encrypting/decrypting the first data using the S-Box data transmitted from the management unit, and transmitting a signal for generating the S-Box data of second data to the management unit.

Abstract: A technique is provided for filtering noise in digital image data, particularly random point or spike noise. Image data may be rank order filtered and absolute differences between ordered values computed to create a mask. Blending is performed based upon a likelihood that individual pixels are or exhibit spike noise. The rank order filtered values may be used directly for blending, or the original image may be shrunk and then expanded to provide a rapid and computationally efficient spike noise reduction alternative.

Abstract: A rolling code transmitter is useful in a security system for providing secure encrypted RF transmission comprising an interleaved trinary bit fixed code and rolling code. A receiver demodulates the encrypted RF transmission and recovers the fixed code and rolling code. Upon comparison of the fixed and rolling codes with stored codes and determining that the signal has emanated from an authorized transmitter, a signal is generated to actuate an electric motor to open or close a movable barrier.

Abstract: An M6 block cipher system and method for encoding content and authenticating a device may use an M6 core. The M6 block cipher system may include a rotate constant selector selecting one or more rotate constants from a plurality of input rotate constants for output based on a selection signal input thereto, a rotate constant ordering device ordering the selected rotate constants and a common rotate constant input thereto based on a received ordering signal and an M6 core generating one or more of an output signal, a validity signal and a round number based on the ordered rotate constants and a plurality of input signals. The system may include a rotate constant scheduler outputting the ordering signal to the rotate constant ordering device in response to the selection signal and the round number.

Abstract: A packet based high bandwidth copy protection method is described that includes the following operations. Forming a number of data packets at a source device, encrypting selected ones of the data packets based upon a set of encryption values, transmitting the encrypted data packets from the source device to a sink device coupled thereto, decrypting the encrypted data packets based in part upon the encryption values, and accessing the decrypted data packets by the sink device.

Abstract: A system and method for use with local area networks (LANs) automatically configures a new device on a LAN by secure encrypted transmission of setup parameters. A remote control (RC) with an infrared (IR) transmitter contains a stored setup command and a security number that is used only once (a “nonce”). Setup of a new device is initiated by pressing a “setup” button on the RC which generates the security number and transmits it and the setup command to the new device via IR. The new device receives the setup command and security number and queries the network for the setup parameters. The RC also transmits the security number via IR to a network member device that contains the setup parameters. The network member uses the security number as an encryption key to encrypt the setup parameters and transmit them over the network. The new device uses the security number as the decryption key to decrypt the transmitted setup parameters.

Abstract: A process is described which can be used to generate a cryptographic key for a group of subscribers whose number is subject to change. The process can further provide that even after the group key has been established, subscribers can be removed from or added to the key directory without great effort.

Abstract: To provide a secure, effective but simple message handling, a method is provided for transmitting an electrical message, from a first user having a first terminal to a second user having a second terminal. The method comprises the steps of: transmitting said email in an encrypted form by said first terminal, said encrypted e-mail being encrypted by means of a key generated by a first key generator using a seed, providing once said second user with said seed for generating a key with a second key generator provided in said second terminal, providing to and storing said seed in said second terminal, using said seed by said second terminal for generating a key each time an encrypted email from said first user to said second user is received, synchronizing a counting value in each terminal; and generating said key on the basis of said seed and a counting value in each terminal, independently of other terminal.

Abstract: A computer-implemented method for encryption and decryption using a quantum computational model is disclosed. Such a method includes providing a model of a lattice having a system of non-abelian anyons disposed thereon. From the lattice model, a first quantum state associated with the lattice is determined. Movement of non-abelian anyons within the lattice is modeled to model formation of first and second quantum braids in the space-time of the lattice. The first quantum braid corresponds to first text. The second quantum braid corresponds to second text. A second quantum state associated with the lattice is determined from the lattice model after formation of the first and second quantum braids has been modeled. The second quantum state corresponds to second text that is different from the first text.

Abstract: According to the present invention there is provided an encoding data processing apparatus for generating a marked copy of an item of material by introducing code words into a copy of the material item. The code words are arranged to identify a data word from a set of data words having at least two fields. The apparatus comprises a code word generator operable to generate at least two code words having a plurality of code word coefficients, each of the code words being independently generated from a different code word seed, and an encoding processor operable to combine the code word coefficients with the material item. One of the code words is selected from a first set in dependence upon a value of a first of the data fields and one of the code words is selected from a second set in dependence upon a value of a second of the data fields.

Abstract: A control device authentication method in a home network system which includes a slave, a home server which controls the slave, and the control device which performs a remote control function to control the home server, includes registering the control device to the home server; generating and storing, by the control device and the home server, a one-way function set; storing, by the control device and the home server, a code value of a button pressed at the control device; creating, by the control device, a first password by performing an operation using a pointer value, the code value, and a one-way function number; requesting, by the control device, authentication by transferring the pointer value, the one-way function number, and the first password to the home server; and creating, by the home server, a second password.

Abstract: This invention provides a bandwidth-efficient mechanism whereby the source or originating node(s) (the invention supports multiple source nodes, each creating single or multiple broadcast message(s)) may utilize broadcast addressing service to efficiently reach multiple receiver nodes and still control which receiver node(s) may access the broadcast data or message. This method is realized by a novel and efficient key distribution technique.

Abstract: A method for provisioning a device such as a token. The device issues a certificate request to a Certification Authority. The request includes a public cryptographic key uniquely associated with the device. The Certification Authority generates a symmetric cryptographic key for the device, encrypts it using the public key, and creates a digital certificate that contains the encrypted symmetric key as an attribute. The Certification Authority sends the digital certificate to the device, which decrypts the symmetric key using the device's private key, and stores the decrypted symmetric key.

Abstract: A satellite broadcast conditional access system with key synchronization uses indexing of an authorization stream to quickly restart the decrypting process after short carrier fades and after carrier switches. The authorization stream includes cyphered seeds and index numbers which are sequentially sent to a group of receivers. The same authorization stream can also be broadcast multiple times to the group of receivers. A conditional access server selects a starting index number and increments the index number by a predefined value. The receivers have a memory to save the current index number for the authorization stream. Any receiver that loses its connection to the broadcast and thereafter reestablishes its connection can retrieve the latest index number being issued in the authorization stream and compare it with the stored index number. When the index numbers match or are within a defined threshold, the receiver will continue to decypher the seeds and decrypt the transport stream.