Key Derived From Addressable Memory Element Patents (Class 380/264)
-
Patent number: 8387128Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.Type: GrantFiled: October 29, 2011Date of Patent: February 26, 2013Assignee: A10 Networks, Inc.Inventors: Lee Chen, Ronald Wai Lun Szeto
-
Patent number: 8379858Abstract: A method for generating key information for mutual access among multiple computers, the method including configuring each of a plurality of computers to access common seed data, where the common seed data is the same for each of the computers, and configuring each of the computers to intercept a key generator request for computer-specific seed data and, in response to the request, provide the common seed data to the key generator in place of the computer-specific seed data, thereby enabling any of the computers to generate the same key information.Type: GrantFiled: September 16, 2005Date of Patent: February 19, 2013Assignee: International Business Machines CorporationInventor: Shmuel Ben-Yehuda
-
Patent number: 8375185Abstract: A data object is stored in a hosted storage system and includes an access control list specifying access permissions for data object stored in the hosted storage system. The hosted storage system provides hosted storage to a plurality of clients that are coupled to the hosted storage system. A request to store a second data object is received. The request includes an indicator that the first data object stored in the hosted storage system should be used as an access control list for the second data object. The second data object is stored in the hosted storage system. The first data object is assigned as an access control list for the second data object stored in the hosted storage system.Type: GrantFiled: April 20, 2012Date of Patent: February 12, 2013Assignee: Google Inc.Inventors: David R. Hanson, Erkki Ville Juhani Aikas
-
Patent number: 8370644Abstract: Systems and methods that facilitate securing data associated with a memory from security breaches are presented. A memory component includes nonvolatile memory, and a secure memory component (e.g., volatile memory) used to store information such as secret information related to secret processes or functions (e.g., cryptographic functions). A security component detects security-related events, such as security breaches or completion of security processes or functions, associated with the memory component and in response to a security-related event, the security component can transmit a reset signal to the secure memory component to facilitate efficiently erasing or resetting desired storage locations in the secure memory component in parallel and in a single clock cycle to facilitate data security. A random number generator component can facilitate generating random numbers after a reset based on a change in scrambler keys used by a scrambler component to descramble data read from the reset storage locations.Type: GrantFiled: May 30, 2008Date of Patent: February 5, 2013Assignee: Spansion LLCInventors: Helena Handschuh, Arnaud Boscher, Elena Trichina, Joël Le Bihan, Nicolas Prawitz, Frederic Cherpantier, Jimmy Lau
-
Patent number: 8351609Abstract: One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file. By finding out whether a particular location in a RO file contains a valid RO or not in this manner, it is possible to delete ROs without having to go through an authentication process. The process of finding an empty slot in the RO file for storing a new RO is also simplified.Type: GrantFiled: May 5, 2010Date of Patent: January 8, 2013Assignee: SanDisk Technologies Inc.Inventors: Oktay Rasizade, Bahman Qawami, Fabrice Jogand-Coulomb, Robert C. Chang, Farshid Sabet-Sharghi
-
Patent number: 8347045Abstract: A method, system, and computer usable program product for using a dual mode reader writer lock. A contention condition is detected in the use of a lock in a data processing system, the lock being used for managing read and write access to a resource in the data processing system. A determination of the data structure used for implementing the lock is made. If the data structure is a data structure of a reader writer lock (RWL), the data structure is transitioned to a second data structure suitable for implementing the DML. A determination is made whether the DML has been expanded. If the DML is not expanded, the DML is expanded such that the data structure includes an original lock and a set of expanded locks. The original lock and each expanded lock in the set of expanded locks forms an element of the DML.Type: GrantFiled: November 22, 2011Date of Patent: January 1, 2013Assignee: International Business Machines CorporationInventors: Bruce Mealey, James Bernard Moody
-
Patent number: 8336084Abstract: A system for broadcasting multiple public identities corresponding to the same apparatus. For example, each public identity may correspond to different operational environments, while none of the public identities disclose a private identity that uniquely and permanently identifies the apparatus. This allows apparatuses to keep their unique identity a secret while still being able to communicate with other apparatuses in various environments.Type: GrantFiled: September 11, 2009Date of Patent: December 18, 2012Assignee: Nokia CorporationInventor: Jan-Erik Ekberg
-
Patent number: 8332925Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.Type: GrantFiled: August 8, 2006Date of Patent: December 11, 2012Assignee: A10 Networks, Inc.Inventors: Lee Chen, Ronald Wai Lun Szeto
-
Patent number: 8321674Abstract: An information processing device includes: a receiving unit that receives a first random number from another information processing device; a generating unit that generates a second random number; a time-variant-key generating unit that generates a time variant key for encryption according to the second random number; an encrypting unit that encrypts the first random number with the time variant key; and a transmitting unit that transmits the first random number encrypted by the time variant key and the second random number to the other information processing device.Type: GrantFiled: July 14, 2009Date of Patent: November 27, 2012Assignee: Sony CorporationInventors: Hiroaki Hamada, Toshimitsu Higashikawa, Tadashi Morita
-
Patent number: 8312249Abstract: A method and apparatus for performing a function based on an executable code in response to receiving a request including function parameters are described. The executable code may be validated when loaded in a memory according to a signature statically signed over the executable code. A data location in the memory for storing the function parameters may be determined according location settings included inside the executable code. A target code location for storing a copy of the executable code may be determined based on the location parameters and the determined data location. A function is performed by executing the executable code from the target code location referencing the stored function parameters.Type: GrantFiled: October 10, 2008Date of Patent: November 13, 2012Assignee: Apple Inc.Inventor: Benjamin C. Trumbull
-
Patent number: 8289971Abstract: A method of transmitting data between a plurality of inter-connected elements. The method comprises receiving a message from a first element, said message comprising a routing key plus optionally a data payload. The routing key is processed to identify a plurality of said inter-connected elements, and data is transmitted to said identified plurality of inter-connected elements.Type: GrantFiled: November 21, 2006Date of Patent: October 16, 2012Assignee: Cogniscience LimitedInventor: Stephen Byram Furber
-
Patent number: 8261098Abstract: A method for preventing a user from interpreting optional stored data information even when the user extracts the optional stored data, and an apparatus thereof. The apparatus for encrypting and processing data in a flash translation layer includes a flash memory and a controller. The flash translation layer searches at least one page of the flash memory storing the data when a write of optional data is requested from the controller, generates, corresponding to respective searched pages, a page key according to a predetermined encrypting function when the searched page supports an encryption, and encrypts and stores the data by the page key in the respective searched pages.Type: GrantFiled: January 22, 2008Date of Patent: September 4, 2012Assignee: Samsung Electronics Co., LtdInventors: Chang-Woo Min, Jin-Ha Jun
-
Patent number: 8254576Abstract: A controlling device provides conditional access to secured content renderable by an appliance. The controlling device transmits a data frame to the appliance and encrypts at least a part of the data frame that includes data to be used by the appliance to provide access to the secured content. At the appliance a decryption key complimentary to the encryption key is used to decrypt the received the data frame. The appliance allows the secured content to be rendered only after the appliance determines that the data in the received, decrypted data frame includes the data the appliance requires to provide access to the secured content.Type: GrantFiled: April 11, 2005Date of Patent: August 28, 2012Assignee: Universal Electronics, Inc.Inventors: Paul D. Arling, Patrick H. Hayes, Wayne Scott, Christopher Alan Chambers
-
Patent number: 8250375Abstract: Providing for analysis of artifacts of electronic devices to generate data that is substantially unique to a particular device or to a class of devices is described herein. In some aspects, analyzed artifacts are chosen based on reliable reproducibility of such data over many analyses. The substantially unique data can be associated with a particular electronic device(s) to distinguish such devices from other devices. In some aspects, the generated data is first transformed into an identifier, such as a number, word, string of data, etc., to distinguish the electronic device in remote communication, to provide a key in an encryption/decryption algorithm, and so on. The data can be reproduced by reanalyzing the artifacts, and thus need not be stored for future consumption, mitigating risks involved in storing sensitive data.Type: GrantFiled: April 25, 2008Date of Patent: August 21, 2012Assignee: Microsoft CorporationInventors: Todd L. Carpenter, William J. Westerinen, Vladimir Sadovsky
-
Patent number: 8234505Abstract: A storage device has a storage medium, a key generator and a controller. The key generator generates an encryption/decryption key from selected bits of program code within the storage device. The controller controls access to the storage medium and applies the encryption/decryption key to encrypt and decrypt data written to or read from the storage medium.Type: GrantFiled: January 20, 2006Date of Patent: July 31, 2012Assignee: Seagate Technology LLCInventor: David Bruce Anderson
-
Patent number: 8223969Abstract: A method for secure communications. At least one encryption key can be generated based on a pass-phrase that associates a unique identifier of a client system with a customer. Customer data encrypted with the at least one encryption key can be received such that the customer data is uniquely associated with both the client system and with the customer. The client system cannot decrypt the customer data if the unique identifier of the client system is changed. The client system cannot decrypt the customer data if the customer is changed.Type: GrantFiled: June 10, 2010Date of Patent: July 17, 2012Assignee: Noatak Software LLCInventor: Christopher R. Newcombe
-
Patent number: 8218767Abstract: A security system, method and device for use in a network for providing a real-time stream are provided. A server updates security association of a terminal device by periodically providing a key stream. When the key stream for changing the security association of the terminal device is received from the server, the terminal device updates stored key stream information after identifying at least one changed field in the key stream and performs a security policy with the server using the updated key stream information. When a security setting operation is performed through a stream notification periodically provided from the server, an unnecessary waste of system resources can be reduced by updating only a specific changed field through the stream notification and reducing the load of generating a security association table.Type: GrantFiled: November 14, 2008Date of Patent: July 10, 2012Assignee: Samsung Electronics Co., Ltd.Inventor: Ki-Seok Kang
-
Patent number: 8213940Abstract: The present invention relates to a mobile communication method in which a mobile station performs a handover from a handover source radio base station to a handover target radio base station. The mobile communication method includes the steps of: (A) acquiring, at the handover target radio base station, from the handover source radio base station or a switching center, a key for calculating a first key for generating a certain key used in a communication between the handover target radio base station and the mobile station; and (B) acquiring, at the handover target radio base station, from the switching center, a second key for calculating a first key for generating a certain key used in a communication between a next handover target radio base station and the mobile station.Type: GrantFiled: June 16, 2011Date of Patent: July 3, 2012Assignee: NTT Docomo, Inc.Inventors: Wuri Andarmawanti Hapsari, Mikio Iwamura, Alf Zugenmaier
-
Patent number: 8176283Abstract: A data object is stored in a hosted storage system and includes an access control list specifying access permissions for data object stored in the hosted storage system. The hosted storage system provides hosted storage to a plurality of clients that are coupled to the hosted storage system. A request to store a second data object is received. The request includes an indicator that the first data object stored in the hosted storage system should be used as an access control list for the second data object. The second data object is stored in the hosted storage system. The first data object is assigned as an access control list for the second data object stored in the hosted storage system.Type: GrantFiled: September 26, 2011Date of Patent: May 8, 2012Assignee: Google Inc.Inventors: David R. Hanson, Erkki Ville Juhani Aikas
-
Patent number: 8166256Abstract: A method, system, and computer usable program product for using a dual mode reader writer lock. A contention condition is detected in the use of a lock in a data processing system, the lock being used for managing read and write access to a resource in the data processing system. A determination of the data structure used for implementing the lock is made. If the data structure is a data structure of a reader writer lock (RWL), the data structure is transitioned to a second data structure suitable for implementing the DML. A determination is made whether the DML has been expanded. If the DML is not expanded, the DML is expanded such that the data structure includes an original lock and a set of expanded locks. The original lock and each expanded lock in the set of expanded locks forms an element of the DML.Type: GrantFiled: March 15, 2010Date of Patent: April 24, 2012Assignee: International Business Machines CorporationInventors: Bruce Mealey, James Bernard Moody
-
Patent number: 8145903Abstract: An embodiment relates generally to a method of preventing resource access conflicts in a software component. The method includes intercepting a lock operation in the software component and testing an associated lock type of the lock operation against a set of rules. The method also includes determining an action based on the associated lock type conflicting one of the rules of the set of rules.Type: GrantFiled: May 25, 2007Date of Patent: March 27, 2012Assignee: Red Hat, Inc.Inventor: Ingo Molnar
-
Patent number: 8130954Abstract: Techniques are described for using unique features of a storage medium for authentication of data as originating from the storage medium, and also for installing software and data to a storage medium in a way which inhibits unauthorized copying of the software and data to another storage medium. Cryptoprocessing keys are created using unique features of the storage medium such as location information related to storage of selected elements of a software installation on the storage medium, or alternatively defective block information relating to the storage medium. The cryptoprocessing keys are used to encrypt data for transmission to a remote server. The remote server uses the cryptoprocessing keys to decrypt the data and authenticates the data as having been encrypted with the correct keys. In order to control operation of software on a storage medium, location information unique to the storage medium is employed to create links between software modules comprising the software.Type: GrantFiled: August 30, 2007Date of Patent: March 6, 2012Assignee: Xtec, IncorporatedInventor: Alberto J. Fernandez
-
Publication number: 20110299684Abstract: Various embodiments include a method and system for configuring a smart energy network using an auxiliary gateway where an auxiliary gateway is capable of communicating with an energy services interface and a link key database. The auxiliary gateway, on a smart energy network, extracts the unique identifier from a communication related to the smart energy device. The auxiliary gateway may then use the unique identifier to retrieve the smart energy device information from the link key database and communicate the smart energy device information to the energy services interface. The energy services interface may then use the smart energy device information to decrypt a communication from the smart energy device or access manufacturer specific functionality of the smart energy device.Type: ApplicationFiled: June 3, 2010Publication date: December 8, 2011Applicant: Digi International Inc.Inventor: Joel K. Young
-
Patent number: 8074082Abstract: An anti-tamper module is provided for protecting the contents and functionality of an integrated circuit incorporated in the module. The anti-tamper module is arranged in a stacked configuration having multiple layers. A connection layer is provided for connecting the module to an external system. A configurable logic device is provided for routing connections between the integrated circuit and the connection layer. Specifically, the configurable logic device is programmable to create logical circuits connecting at least one of the input/output connectors of the integrated circuit to at least one of the input/output connectors of the connection layer. Configuration information for programming the reconfigurable logic device is stored in a memory within the module.Type: GrantFiled: October 11, 2005Date of Patent: December 6, 2011Assignee: Aprolase Development Co., LLCInventors: Volkan H. Ozguz, John Leon
-
Patent number: 8060757Abstract: An encryption part or a decryption part of an encryption/decryption apparatus or a part common to both parts is used both for encryption and decryption of a datum to be stored and the encrypted memory content and for the generation of the address-individual key and the address-dependent key, respectively.Type: GrantFiled: March 30, 2006Date of Patent: November 15, 2011Assignee: Infineon Technologies AGInventors: Rainer Goettfert, Erwin Hess, Bernd Meyer, Steffen Sonnekalb
-
Patent number: 8060755Abstract: An apparatus and method for performing cryptographic operations within microprocessor. The apparatus includes an instruction register having a cryptographic instruction disposed therein, a keygen unit, and an execution unit. The cryptographic instruction is received by a microprocessor as part of an instruction flow executing on the microprocessor. The cryptographic instruction prescribes one of the cryptographic operations, and also prescribes that a user-generated key schedule be employed when executing the one of the cryptographic operations. The keygen unit is operatively coupled to the instruction register. The keygen unit directs the microprocessor to load the user-generated key schedule. The execution unit is operatively coupled to the keygen unit. The execution unit employs the user-generated key schedule to execute the one of the cryptographic operations. The execution unit includes a cryptography unit.Type: GrantFiled: March 15, 2004Date of Patent: November 15, 2011Assignee: VIA Technologies, IncInventors: G. Glenn Henry, Thomas A. Crispin, Terry Parks
-
Patent number: 8045712Abstract: A method and an element of ciphering by an integrated processor of data to be stored in a memory, including applying a ciphering algorithm which is a function of a key specific to the integrated circuit and of an initialization vector, and of memorizing at least the ciphered data, the initialization vector depending at least on the address of storage of the data in the memory.Type: GrantFiled: July 6, 2005Date of Patent: October 25, 2011Assignees: STMicroelectronics S.A., Proton World International N.V.Inventors: Joan Daemen, Pierre Guillemin, Claude Anguille, Michel Bardouillet, Pierre-Yvan Liardet, Yannick Teglia
-
Patent number: 8036383Abstract: Provided are a method and apparatus for secure communication between cryptographic systems using a Real Time Clock (RTC). The method and apparatus allow a transmitting cryptographic system to transfer partial RTC data and a receiving cryptographic system to restore entire RTC data, thereby minimizing data to be transferred between the cryptographic systems. The method includes: calculating a largest RTC deviation between a transmitting cryptographic system and a receiving cryptographic system; calculating the smallest number of bits of partial data on an RTC required for restoring entire data on the RTC on the basis of the calculated largest RTC deviation; calculating the partial RTC data on the basis of the calculated smallest number of bits of the partial RTC data; and transferring the calculated partial RTC data to the receiving cryptographic system.Type: GrantFiled: April 15, 2008Date of Patent: October 11, 2011Assignee: Electronics and Telecommunications Research InstituteInventors: Jae Heon Kim, Jae Woo Han, Dong Chan Kim, Sang Woo Park
-
Patent number: 8010790Abstract: A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.Type: GrantFiled: September 10, 2008Date of Patent: August 30, 2011Assignee: DPHI, Inc.Inventors: Lane W. Lee, Randal C. Hines, Mark J. Gurkowski, David L. Blankenbeckler
-
Patent number: 8001591Abstract: A method includes determining, at a first requesting component of an integrated circuit device, a first key value based on a first set of one or more bits of a first address associated with a first access request of the first requesting component. The method further includes transmitting the first key value from the first requesting component to a resource component of the integrated circuit device. The method also includes determining, at the resource component, an authorization of the first access request based on the first key value and a second set of one or more bits of the first address.Type: GrantFiled: January 31, 2006Date of Patent: August 16, 2011Assignee: Freescale Semiconductor, Inc.Inventor: William C. Moyer
-
Patent number: 8001374Abstract: A method for protecting data between a circuit and a memory is disclosed. The method generally includes the steps of (A) generating a particular address among a plurality of addresses for accessing a particular area among a plurality of areas in the memory, (B) determining a particular key among a plurality of keys associated with the particular area, (C) generating a cipher stream from both the particular address and the particular key and (D) modifying a data item with the cipher stream such that the data item is encrypted during a transfer between the circuit and the memory.Type: GrantFiled: December 16, 2005Date of Patent: August 16, 2011Assignee: LSI CorporationInventor: Adrian Philip Wise
-
Patent number: 7971243Abstract: A method and apparatus for restricting access of an application to computer hardware. The apparatus includes both an authentication module and a validation module. The authentication module is within the trusted firmware layer. The purpose of the authentication module is to verify a cryptographic key presented by an application. The validation module is responsive to the authentication module and limits access of the application to the computer hardware. The authentication modules may be implemented in software through a firmware call, or through a hardware register of the computer.Type: GrantFiled: May 31, 2007Date of Patent: June 28, 2011Assignee: International Business Machines CorporationInventors: Paul E. McKenney, Orran Y. Krieger, Boas Betzler
-
Patent number: 7970132Abstract: A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.Type: GrantFiled: October 21, 2008Date of Patent: June 28, 2011Assignee: Comcast Cable Holdings, LLCInventors: James William Fahrny, Charles L. Compton
-
Patent number: 7957526Abstract: A security information implementation system includes a storage section 120a for storing first encrypted security information EDK (MK) provided by encrypting final security information DK according to internal security information MK and second encrypted security information EMK (CK) provided by encrypting the internal security information MK according to conversion security information CK and an LSI 120b including a seed generation section 131 for storing a first constant value containing address information on which a conversion seed is generated based and a second constant value and a third constant value on which a test conversion seed is generated based and outputting the first constant value and the second constant value or the third constant value as the conversion seed or the test conversion seed in response to a test signal and a mode setup value; a one-way function circuit 32 for converting the conversion seed or the test conversion seed output from the seed generation section 131 according to the fType: GrantFiled: June 26, 2006Date of Patent: June 7, 2011Assignee: Panasonic CorporationInventors: Makoto Fujiwara, Yuusuke Nemoto
-
Patent number: 7958351Abstract: A method of operating a multi-level security system including the steps of providing a plurality of processors. At least some of said processors are equipped with a data card which permits simultaneous processing of different classification levels of information and the dynamic reallocation of processors to different classification levels.Type: GrantFiled: December 31, 2002Date of Patent: June 7, 2011Assignee: Wisterium Development LLCInventor: Peter O. Luthi
-
Patent number: 7958523Abstract: A television program ratings method and system includes transferring information associated with households from a cable provider to a ratings provider such that the ratings provider has access to information associated with sampled households and lacks access to information associated with non-sampled households. To this end, identity information and usage information associated with the households are respectively anonymized and encrypted. Knowledge of the identities of the sampled households enables the anonymized identity information and the encrypted usage information for the sampled households to be respectively de-anonymized and decrypted. The ratings provider knows which households are sampled households. As such, the ratings provider de-anonymizes and decrypts the information associated with the sampled households and then uses the de-anonymized and decrypted information to determine television program ratings.Type: GrantFiled: December 18, 2009Date of Patent: June 7, 2011Assignee: Comcast Cable Communications, LLCInventor: Michael A Chen
-
Patent number: 7945791Abstract: A method for protecting at least one first datum to be stored in an integrated circuit, including, upon storage of the first datum, performing a combination with at least one second physical datum coming from at least one network of physical parameters, and only storing the result of this combination, and in read mode, extracting the stored result and using the second physical datum to restore the first datum.Type: GrantFiled: December 20, 2007Date of Patent: May 17, 2011Assignee: STMicroelectronics S.A.Inventors: William Orlando, Luc Wuidart, Michel Bardouillet, Pierre Balthazar
-
Patent number: 7925021Abstract: A messaging system includes a first mailbox storage assigned to receive a message for the first processor and a first lock indicator having a first state to indicate that the first mailbox storage can receive a message and a second state to indicate that the first mailbox storage cannot receive a message. The system also includes a second mailbox storage assigned to receive a message for the second processor and a second lock indicator having a first state to indicate that the second mailbox storage can receive a message and a second state to indicate that the second mailbox storage cannot receive a message. The lock indicators are changed to their second state when a message is placed in their respective mailbox storage and are changes to their first state in response to its contents being read by the respective processor.Type: GrantFiled: January 6, 2006Date of Patent: April 12, 2011Assignee: Fujitsu LimitedInventors: Mehmet Un, Kartik Raju
-
Patent number: 7920705Abstract: A communication system comprises a covert channel detector. The covert channel detector can be used in a multi-level security system (MLS) or multiple single levels of security (MSLS). The covert channel detector detects covert channels in a cryptographic system. The cryptographic system can be used in a military radio system.Type: GrantFiled: July 26, 2006Date of Patent: April 5, 2011Assignee: Rockwell Collins, Inc.Inventor: Reginald D. Bean
-
Patent number: 7920706Abstract: A key management of cryptographic keys has a data package including one or more cryptographic keys that are transferred to a personal device 100 from a secure processing point 150 of a device assembly line in order to store device specific cryptographic keys in the personal device 100. In response to the transferred data package, a backup data package is received by the secure processing point 150 from the personal device 100, which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage 125 of a chip 110 included in the personal device 100. The secure processing point 150 is arranged to store the backup data package, together with an associated unique chip identifier read from the personal device 100, in a permanent, public database 170.Type: GrantFiled: October 28, 2003Date of Patent: April 5, 2011Assignee: Nokia CorporationInventors: Nadarajah Asokan, Niemi Valtteri
-
Patent number: 7907733Abstract: Disclosed is a traffic encryption key (TEK) management method for automatically generating a TEK for a multicast or broadcast service by a base station to periodically update a TEK used by a subscriber station. The base station transmits the first Key Update Command message for updating a group key encryption key (GKEK) for encrypting the TEK and the second Key Update Command message for updating the TEK to the subscriber station to update the TEK. The base station establishes an M & B TEK Grace Time which is different from a TEK Grace Time established by the subscriber station, transmits the first message including a new GKEK to the subscriber station through a primary management connection before the M & B TEK Grace Time, and transmits the second message including a new TEK encrypted with the new GKEK thereto through a broadcast connection after the M & B TEK Grace Time.Type: GrantFiled: March 4, 2005Date of Patent: March 15, 2011Assignees: Electronics and Telecommunications Research Institute, Samsung Electronics Co., Ltd., KT Corporation, SK Telecom Co., Ltd., KTFreetel Co., Ltd., Hanaro Telecom. Inc.Inventors: Seok-Heon Cho, Sung-Cheol Chang, Chul-Sik Yoon
-
Patent number: 7899183Abstract: A sender's encrypted communication apparatus and a recipient's encrypted communication apparatus autonomously generate keys for encryption with respective key generators, store the generated encryption keys in respective encryption key memories, and store part of the generated encryption keys in respective authentication memories. The keys stored in the authentication memories are used for mutual authentication when the sender's encrypted communication apparatus and a recipient's encrypted communication apparatus are connected to each other.Type: GrantFiled: January 27, 2005Date of Patent: March 1, 2011Assignee: NEC CorporationInventors: Akio Tajima, Shuji Suzuki
-
Patent number: 7874010Abstract: One embodiment of the present invention provides a system that manages secret keys for messages. During operation, the system receives a desired expiration time T from an encrypter, and possibly a nonce N, at a server that manages keys. If N is not sent by the encrypter, it is generated by a key managing server. Next, the system chooses a secret ST, with an expiration time close to T, and an identifier IDS from a database for which secret ST can be retrieved using the identifier IDS. If such an ST is not already in the database, the server generates a new ST and IDS. The system then calculates a hash H=h(N,ST), and sends H and IDS from the server to the encrypter. The encrypter then encrypts M with H to form {M}H, and communicates ({M}H, N, IDS) to a message reader. The message reader then sends N and IDS to the server. The server then uses IDS to lookup ST, recalculates H=h(N,ST), and sends H to the message reader, thereby enabling the message reader to decrypt {M}H to obtain M.Type: GrantFiled: October 5, 2004Date of Patent: January 18, 2011Assignee: Oracle America, Inc.Inventor: Radia J. Perlman
-
Patent number: 7827413Abstract: A method and a circuit for extracting a secret datum from an integrated circuit taking part in an authentication procedure that uses an external device that takes this secret datum into account, the secret datum being generated on request and made ephemeral.Type: GrantFiled: April 4, 2002Date of Patent: November 2, 2010Assignee: STMicroelectronics S.A.Inventors: Pierre-Yvan Liardet, Luc Wuidart, François Guette
-
Patent number: 7809141Abstract: A method and an element for ciphering with an integrated processor data to be stored in a memory, including applying to each data block to be ciphered a ciphering algorithm which is a function of at least one key specific to the integrated circuit, and before applying the ciphering algorithm thereto, combining the data block to be ciphered with the result of a function of the storage address of the ciphered block in the memory, and/or of combining the key with the result of a function of the storage address of the ciphered block in the memory and of a digital quantity different from the ciphering key.Type: GrantFiled: July 6, 2005Date of Patent: October 5, 2010Assignees: STMicroelectroics S.r.l., Proton World International N.V.Inventors: Joan Daemen, Gilles Van Assche, Guido Marco Bertoni
-
Patent number: 7796759Abstract: A method and a circuit of generation of several secret quantities by an integrated circuit according to the destination of these secret quantities, including taking into account a first digital word forming a single identifier of the integrated circuit chip and coming from a physical parameter network, and of individualizing this identifier according to the application.Type: GrantFiled: October 10, 2002Date of Patent: September 14, 2010Assignee: STMicroelectronics S.A.Inventors: Luc Wuidart, Michel Bardouillet, Laurent Plaza
-
Patent number: 7792300Abstract: A method for re-encrypting encrypted data in a secure storage file system, including obtaining selected data to re-encrypt from the secure storage file system using a user data access record and the encrypted data, decrypting the selected data using a symmetric key, re-encrypting the selected data using a new symmetric key to obtain new encrypted data, encrypting the new symmetric key using a public key to obtain a new encrypted symmetric key, storing the new encrypted data and the new encrypted symmetric key if the public key is associated with a file system user having read permission, and storing an encrypted hash data if the file system user has write permission.Type: GrantFiled: September 30, 2003Date of Patent: September 7, 2010Assignee: Oracle America, Inc.Inventor: Germano Caronni
-
Patent number: 7792289Abstract: A communications system in which a sending computer encrypts a message using a key associated with the computer which is to receive the message; and the receiving computer uses a key associated with the sending computer in the decryption process. The sending computer is equipped with a set of keys and each key within the set may be used for the encryption process, depending on the destination of the message; and the receiving computer chooses its key based on who the sending computer is.Type: GrantFiled: June 28, 2005Date of Patent: September 7, 2010Inventor: Mark Ellery Ogram
-
Patent number: 7761717Abstract: A memory device containing data to be protected is integrated with a microprocessor and includes a first and a second memory portion with different accessibilities. The integration of the memory device on the same integrated circuit (IC) or chip as the microprocessor permits a combination of protective hardware and software measures that are not possible with a memory device that is on a different IC than the microprocessor. The first memory portion holds an initialization program that also serves as a boot program during decryption, and the second memory portion holds a user program, for example, a program for decrypting and/or decoding received data. Such data may be, for example, audio data encoded according to the MP3 standard and encrypted with a secret or public password against unauthorized reception.Type: GrantFiled: July 10, 2002Date of Patent: July 20, 2010Assignee: Trident Microsystems (Far East) Ltd.Inventors: Peter Möller, Zoran Mijovic, Manfred Jünke, Joachim Ritter, Steffen Zimmermann
-
Patent number: 7751567Abstract: Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.Type: GrantFiled: June 1, 2005Date of Patent: July 6, 2010Assignee: QUALCOMM IncorporatedInventors: Roy F. Quick, Jr., Gregory G. Rose