Abstract: To avoid hash table collisions, such as in response to sequential addresses, a hash module is provided that includes a first multiplexer that, responsive to a control signal, outputs received data on one of two or more scramblers. The scramblers are configured to selectively receive the selected data output from the first multiplexer and perform a scrambler operation on the selected data to generate scrambled data. A second multiplexer outputs the scrambled data to a first hash module configured to performs a hash function on the scrambled data to generate a hash value. A second hash module, responsive to a collision occurring in the first hash module, perform a hash function on the scrambled data received from the first hash module. The use of a scrambler reduces collisions in the hash module outputs over time and multiple scramblers may be used to further reduce collisions.

Abstract: A system and a method to build a recovery capability for a compromised network based on user controlled ad-hoc randomness combined with simplicity; immunized against stealth cryptanalysis which overshadows the prevailing security solutions.

Abstract: A method includes generating a secret key for encryption and decoding data. The method includes identifying a set of data in plaintext format. The method further includes converting, by a processing device, the data in plaintext format to ciphertext using a polynomial. The method also includes sending the ciphertext to a remote device for data processing, wherein the remote device is to process the ciphertext without having the secret key. The method includes receiving processed ciphertext from the remote device. The method further includes decoding, by the processing device, the processed ciphertext based on the secret key and the polynomial to yield processed plaintext. The method also includes outputting the processed plaintext.

Abstract: Aspects of the present disclosure relate to systems and methods for exchanging keys within a peer-to-peer network. Exchanging keys within a peer-to-peer network may include generating one or more keys for encrypting and decrypting content that is communicated between one or more client computing devices of a network. The one or more keys may be transmitted over the peer-to-peer network between the one or more client computing devices. A security measure value for each key that has been transmitted may be generated and/or updated based on at least one condition associated with transmitting the one or more keys over the peer-to-peer network. Content may be encrypted and decrypted using one of the one or more keys based on a desired security measure value of the key. All copies of the key used to encrypt and decrypt the content may be deleted such that the content is unrecoverable.

Abstract: Described is an apparatus comprising an S-box circuitry operable to convert a value on an input into a value on an output in accordance with an Advanced Encryption Standard (AES) Rijndael S-box matrix. The apparatus also comprises a pseudo-random number generation (PRG) circuitry operable to provide a sequence of pseudo-random numbers on a first output and a registered copy of the sequence on a second output. The apparatus further comprises a mask circuitry operable to provide an XOR of a value on the output of the S box circuitry and a value on the first output of the PRG circuitry. The apparatus additionally comprises a mask removal circuitry operable to provide an XOR of a value on an output of the data register circuitry, a value coupled to an output of a key register circuitry, and a value on the second output of the PRG circuitry.

Abstract: Some embodiments include apparatuses and methods using a low-density parity-check (LDPC) decoding circuit to receive information retrieved from memory cells, the information including codewords, and a calculating circuit to calculate a rate of codeword errors in the codewords. The calculation is based on a rate of erroneous bits in the information and a rate of erroneous bits with a selected reliability level. The erroneous bits with the selected reliability level form a portion of the erroneous bits in the information.

Abstract: A method to initiate Command Address (CA) training on High Memory Bandwidth is provided to optimize CA bus setup and hold times relative to the memory clock. HBM protocol does not define any way to support CA training, but defines a very high working frequency. The high frequency makes it very difficult to ensure the timing on CA Bus-Row/Column command bus and CKE. As such, executing CA training before any normal operation is necessary to ensure the best setup/hold timings. The CA training takes advantage of protocol based instructions to initialize and implement CA training.

Abstract: The present invention discloses a shift register capable of defending against DPA attack, comprising 4 master-slave D flip-flops, 12 two-input NAND/AND gates, 4 three-input NOR/OR gates and 40 inverters; the 4 master-slave D flip-flops are provided with reset function; it is based on TSMC 65 mm CMOS technique; as indicated by Spectre simulation verification, the shift register of the present invention has correct logic function with NED and NSD below 2.66% and 0.63% respectively under multi PVT combinations, which is provided with significant performance in defense differential power consumption analysis.

Abstract: The present disclosure provides for a methods and devices for interaction with one or several users, where each user carries at least one personal communication device which is Body Coupled communication, BCC, enabled. A communication device comprises screen which displays information comprising user interface components and the communication device comprises a BCC enabled selection indication means and the users uses the selection indication means to make selection indications of user interface components.

Abstract: In an embodiment, a computer-implemented data security method comprises: at a first computing device, receiving security service data from a first digital data repository; using the first computing device, generating hidden security service data by generating a plurality of shares of the security service data; using the first computing device, encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares; electronically storing the plurality of encrypted shares as data in a second digital data repository; using a subset of the plurality of second computing devices, in response to receiving an authentication request from a third computing device to access one or more fourth computing devices, decrypting a subset of the plurality of encrypted shares using a subset of separate private keys corresponding to each of the subset of the plurality of second

Abstract: A method, an apparatus, and a computer program product for symmetric stream encryption are provided. An encryption chain is obtained from a real random number generator (RRNG) and stored in memory. A vector key is identified based on numbers obtained from a fast, large period pseudo-random number generator. A set of encryption keys are identified from the encryption chain using the vector key. Strings of clear text are encrypted using the encryption keys.

Abstract: A method, system and devices for creating access to a wireless communication device by using BAN, comprising detecting the presence of a user's body by using a BAN enabled access module connected to the wireless communication device, collecting biometric data of the user and receiving authentication data from a BAN enabled peripheral device through BAN by using the BAN enabled access module and allowing access to the wireless communication device if the collected biometric data and the received authentication data are valid.

Abstract: Providing access to electronic information. A first password string and a rule for configuring and generating a second password string from the first password string, are received from a user. The rule specifies a dynamic element to insert at a position in the first password string, based on first contextual information associated with the user. The value of the specified dynamic element is determined based on second contextual information associated with the user. Upon receiving a third password string, the second password string is configured and generated from the first password string, based on the rule, by: selecting the specified dynamic element based on the first contextual information; inserting the selected dynamic element in the first password string; and determining the value of the selected dynamic element based on the second contextual information. If the third password string matches the second password string, access to the electronic information is granted.

Abstract: Embodiments are generally directed to determination of mobile display position and orientation using micropower impulse radar.

Abstract: Methods of providing communications between a wearable first wireless electronic device and a second wireless electronic device are provided. The methods include establishing a Body Area Network (BAN) link, through a human body of a user that is wearing the wearable first wireless electronic device, between the wearable first wireless electronic device and the second wireless electronic device, when the user touches a conductive button on the second wireless electronic device. Related wireless electronic devices and wearable wireless electronic devices are also provided.

Abstract: The present invention relates to a method for coding a first data stream and a method for decoding a second data stream wherein the coding is the result of comparing the first data stream with a third data stream formed by a pseudorandom sequence by means of an exclusive comparison operation (XOR). Specifically, the invention relates to the methods based on hyperchaotic coding methods for generating the pseudorandom sequences used in coding and decoding.

Abstract: A wearable device for generating capacitive input may include a signal generator, a transmitter, and at least one transmission electrode. The at least one transmission electrode may be configured to be communicatively coupled to a first location on a surface of a body. The signal generator may be configured to generate an electrical signal. The transmitter may be configured to transmit the electrical signal to the surface of the body via the at least one electrode, such that the electrical signal is detectable by a capacitive sensor upon exiting the body. In one or more implementations, the wearable device may further include at least one ground electrode that is configured to provide a ground return and to be communicatively coupled to a second location on the surface of the body that is different than the first location.

Abstract: Identification information is received from a transaction card at a transaction machine. The transaction card is associated with an account holder using the transaction machine. Using the identification information, activity profile information is accessed for the account holder. The account holder's transaction machine usage is monitored and activity profile information related to the account holder's transaction machine usage is stored. A custom sequence of user interfaces to be displayed to the account holder is generated based on the activity profile information and based on the type of transaction the account holder initiates.

Abstract: Methods, systems, and computer readable media for optimized message decoding are disclosed. According to one exemplary method, the method includes receiving a message containing one or more information elements (IEs). The method also includes determining a length associated with the message. The method further includes determining, using the length associated with message, whether the message can be accurately decoded using a mask stored in a memory. The method also includes in response to determining that the message can be accurately decoded using the mask, decoding the message using the mask.

Abstract: A pseudorandom number generating circuit includes: a first generator including a shift register and configured to generate a first pseudorandom number, the shift register including registers, the first pseudorandom number having a plurality of bits corresponding to the registers; a second generator configured to generate a second pseudorandom number; and a selector configured to select a bit that is to be output from the plurality of bits by using the second pseudorandom number.

Abstract: A method and apparatus for obtaining an encryption key for an item of data transmitted from a client to a server. The method includes: determining a number R of registers available within the client for carrying out a plurality of calculations of encryption keys; determining a maximum number N of iterations necessary for obtaining at least one encryption key at the server; obtaining a structure of data representative of a key calculation state effected within the R available registers; calculating the at least one encryption key as a function: —of the number of available registers R, by performing at most N calls to a pseudo-random function F and —of the data structure; so that the at least one encryption key can be obtained from a combination of at most T=CR+NN?1 encryption keys based on a secret previously shared between the server and client.

Abstract: Various structures and methods are disclosed related to configurable scrambling circuitry. Embodiments can be configured to support one of a plurality of protocols. Some embodiments relate to a configurable multilane scrambler that can be adapted either to combine scrambling circuits across a plurality of lanes or to provide independent lane-based scramblers. Some embodiments are configurable to select a scrambler type. Some embodiments are configurable to adapt to one of a plurality of protocol-specific scrambling polynomials. Some embodiments relate to selecting between least significant bit (“LSB”) and most significant bit (“MSB”) ordering of data. In some embodiments, scrambler circuits in each lane are adapted to handle data that is more than one bit wide.

Abstract: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.

Abstract: A random bit stream generator includes a plurality of feedback shift registers configured to store a plurality of bit values that represent an internal state of the random bit stream generator. Each feedback shift register includes a register input and a register output. The random bit stream generator further includes a Boolean output function configured to receive the plurality of register outputs from the plurality of feedback registers, to perform a first Boolean combination of the plurality of register outputs, and to provide a corresponding output bit, wherein a plurality of successive output bits forms a random bit stream. A feedback loop is configured to perform a second Boolean combination of the output bit with at least one register feedback bit of at least one of the feedback shift registers, so that the register input of the at least one feedback shift register is a function of the output bit.

Abstract: A technique allowing an improvement in the confidentiality of information stored in a memory device. A memory controller includes a key generation part that newly generates key information for use in encryption and decryption of information at every predetermined timing, and a data conversion circuit that encrypts information to be outputted to a memory device based on the information and decrypts encrypted information inputted from the memory device based on the key information. In the data conversion circuit, each time the key generation part generates new key information, key information is updated so as to set the new key information as the key information.

Abstract: Data is generated in a client based on events at a client, wherein each event is associated with a first dimension, a second dimension and a quantity. A random value is generated for each interval of the first dimension and each instance of the second dimension. The quantity of each event is modified using the random value to determine a modified quantity. A running total for each interval of the first dimension and each instance of the second dimension is determined using the modified quantities and transmitted to an untrusted third party. An exact result of processing the modified quantities and the running totals by the untrusted third party can then be received and decoded by the client.

Abstract: A tamperproof ClientID system to uniquely identify a client machine is invoked upon connection of a client application to a backend. Upon initial connection, the backend issues a unique ClientID containing a checksum. The client application prepares at least two different scrambled versions of the ClientID and stores them in respective predetermined locations on the client machine. Upon subsequent connection to the backend, the client application retrieves and unscrambles the values at the two locations, verifies the checksums and compares the values. If the checksums are both correct and the values match, the ClientID value is sent to the backend, otherwise the client application sends an error code.

Abstract: A method and apparatus for client authentication using a pseudo-random number generation system. The pseudo-random number generation utilizes a secret key as well as state information as input into the hash function to generate a pseudo-random number. The state information that is part of the input can be any number of prior generated pseudo-random numbers. The authentication allows for synchronization of the client and server by exchanging state information. The authentication is not dependent on any absolute time and consequently the client and servers are not required to maintain a reliable shared time base.

Abstract: At least one of a keystream and a message authentication code are generated with a partial KASUMI block cipher, without utilizing a full KASUMI block cipher.

Abstract: Nodes of a network are each provided with a seed value and a seed identifier. Each seed value has a corresponding unique seed identifier which is maintained within the system. Within each authorized node, the seed value is combined with a local node identifier, such as a serial number or other unique identifier, to form a cryptographic key that is then used by the node to encrypt and/or decrypt data transmitted and received by that node. The cryptographic key is never transmitted over the network, and each node is able to create a different cryptographic key for use in communicating with other nodes.

Abstract: A mobile device out of range of other devices in a wireless network may be locked to provide security.

Abstract: In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained by that compromise to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is resistant to collusion when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association (SA) message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data.

Abstract: An efficient implementation of a cryptographic processor that dynamically updates the encryption state is described. The cryptographic processor can be implemented with a minimal number of gates, yet still perform cryptographic operations quickly. The cryptographic processor has an interface, a memory, a pseudorandom permutation block and control logic. The interface receives input data blocks and returns cryptographically processed data blocks. The memory is used to store an encryption state of the cryptographic processor. The pseudorandom permutation block transforms a portion of the encryption state that is modified for each input data block by at least the input data block and a previously transformed data block. The control logic routes data in the cryptographic processor to return cryptographically processed data blocks at the interface and update dynamically the encryption state stored in memory using the transformed data blocks from the pseudorandom permutation block.

Abstract: A string detection system preferably includes a buffer for receiving data and parsing that data into strings, and a content addressable memory, connected to the buffer, for receiving the strings and comparing each string with entries in the content addressable memory. This string detection system may be incorporated in an intrusion detection system that monitors a data stream addressed to a host device or network. In an intrusion detection system, the string detection system monitors the data stream for strings which match attack signatures.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: Apparatus for ciphering, including a non-volatile memory, which stores a number from which a private cryptographic key, having a complementary public cryptographic key, is derivable, wherein the number is shorter than the private cryptographic key, and a processor, which is configured to receive an instruction indicating that the private cryptographic key is to be applied to data and, responsively to the instruction, to compute the private cryptographic key using the stored number and to perform a cryptographic operation on the data using the private cryptographic key. Related apparatus and methods are also described.

Abstract: This invention relates to a method and system for providing digital security by means of a reconfigurable physical uncloneable function, RPUF. The RPUF comprises a physical system constituted by distributed components arranged to generate a first response when receiving a first challenge at a point of the physical system. The physical reconfiguring of the RPUF comprises redistributing the components such that they generate a second response, which differs from said first response, when again applying the first challenge at the point. The reconfiguration step is further utilized in providing secure storage for digital items. The digital item is data of any kind, including data that needs to be accessed and updated, i.e. which is dynamic in nature. The method is exemplified by implementations such as secure storage of a key, a secure counter and a seed generator.

Abstract: Computing services that unwanted entities may wish to access for improper, and potentially illegal, use can be more effectively protected by using Active HIP systems and methodologies. An Active HIP involves dynamically swapping one random HIP challenge, e.g., but not limited to, image, for a second random HIP challenge, e.g., but not limited to, image. An Active HIP can also, or otherwise, involve stitching together, or otherwise collecting and including, within Active HIP software, i.e., a HIP web page, to be executed by a computing device of a user seeking access to a HIP-protected computing service x number of software executables randomly selected from a pool of y number of software executables. The x number of software executables, when run, generates a random Active HIP key.

Abstract: Methods, apparatuses, and computer-readable media for distributing digital content. One embodiment comprises an apparatus comprising: a device (100) communications bus; coupled to the device communications bus (150), a bi-directional communications controller (110) capable of communicatively interfacing with a computer (710); coupled to the device communications bus (150), an integrated processor (130) capable of executing (270) computer-executable instructions; and coupled to the integrated processor (130), a storage module (140) capable of storing computer-executable instructions.

Abstract: An integrated circuit assembly having monitoring circuitry for observing the internal signals of the system so that its properties are captured. The system properties are manipulated so that they can be used as a pseudo random number and or as the basis number for an encryption key. The monitoring circuitry having: manipulation circuitry to transform monitored data and combine it with previously manipulated values; and registers to store previously manipulated values; and counters to count events; and condition detection circuitry for detecting when a signal is at a specific value or range of values. Optionally the monitoring circuitry which has the functionality for capturing system properties may be combined with other monitoring circuitry, which has the functionality required by a debug support circuit. The monitoring circuitry avoids replication of resources by sharing parts of specific monitoring circuits like counters.

Abstract: The present invention relates to a method for timing acquisition and carrier frequency offset estimation of an OFDM communication system and an apparatus using the same. For this purpose the present invention provides a method for calculating at least one auto-correlation and calculating an observation value by performing a sliding sum on the at least one auto-correlation, and calculating a peak point of an absolute value of the observation as frame timing. In addition, the present invention provides a method for generating a third OFDM symbol that is generated by delaying a second OFDM symbol, calculating an observation value through the second and third OFDM symbols, and calculating a phase difference from a result of multiplication of the observation value and a conjugate complex value of the observation value such that a carrier frequency offset can be estimated.

Abstract: A controlling device provides conditional access to secured content renderable by an appliance. The controlling device transmits a data frame to the appliance and encrypts at least a part of the data frame that includes data to be used by the appliance to provide access to the secured content. At the appliance a decryption key complimentary to the encryption key is used to decrypt the received the data frame. The appliance allows the secured content to be rendered only after the appliance determines that the data in the received, decrypted data frame includes the data the appliance requires to provide access to the secured content.

Abstract: A method and system for securing the communication link between the accounting device and printer of a metering system by authenticating the data being sent via the link utilizing a Nonlinear Feedback Shift Register (NLFSR) based system is provided. A NLFSR is provided in each of the accounting unit and printing unit of a metering system. The NLFSR in the accounting unit is utilized to generate a message authentication code (MAC) for the image data being sent from the accounting unit to the printing unit. The printing unit generates a corresponding MAC for the received image data using the NLFSR in the printing unit. The MAC generated by the printing unit is compared with the MAC generated by the accounting unit. If the MACs are similar, the image data is accepted as authentic and the printing unit will print the image corresponding to the image data.

Abstract: The data encryption apparatus with a data converting unit splits 256-bit input data into 32-bit data blocks A1, B1, A2, and B2. A first combining unit performs an exclusive OR operation on A1 and B1, and on A2 and B2. A first scramble unit branches A1, A2, and the results of the exclusive OR operations (C1 and C2) into three data blocks each, and for each set of three data blocks, shift-rotates two of the data blocks and combines the shifted data blocks with the remaining data block. A second combining unit performs an exclusive OR operation on D1 and E2, and on D2 and E1, which are the results of the processing performed by the first scramble unit. A block concatenating unit concatenates the results of the operations performed by the second combining unit. A second scramble unit branches the concatenated data into three data blocks, shift-rotates two of the data blocks and combines the two shifted data blocks with the remaining data block.

Abstract: An encryption processor, for storing encrypted data in a memory chip of a memory card, includes a FIFO memory for sequentially outputting m-bit data in response to a first signal, and an encryption key generator for generating m-bit encrypted keys (m being a positive integer) in response to a second signal and for sequentially outputting the keys in response to a third signal. A logic operator performs a logic operation on the data from the FIFO memory with the keys from the encryption key generator during a data write operation to sequentially encrypt the data. The logic operator performs a logic operation on the encrypted data received from a memory interface with the keys output from the encryption key generator during a data read operation in order to sequentially decode the encrypted data. The second signal is simultaneously generated with one of the write command or the read command.

Abstract: A message authentication code, MAC, is generated in an electronic circuit, wherein the MAC integrity protects a data value, PD. A random challenge word, RND, is received from a source that is external to the electronic circuit. A first function G(RND,K) is evaluated that generates a first encrypted value, K?, from RND and K, wherein K is a secret key value that is stored on the electronic circuit. A second function F(RND,K) is evaluated that generates a second encrypted value, K?, from RND and K. The MAC is then generated in accordance with MAC=K?+m1K?+m2K?2+ . . . +MlK?l, wherein m1, m2, . . . , ml are derived by representing the data value, PD, as an l-tuple of elements in a field, GF(2n), wherein n is an integer greater than zero. A hardware-efficient arrangement is also disclosed for generating this and other MACs.

Abstract: Mechanisms for providing a subscriber-side interface with a passive optical network are described herein. An optical network termination (ONT) having an integrated broadband passive optical network processor is utilized to receive downstream data from an optical line termination (OLT) via a passive optical network and provide the contents of the downstream data to one or more subscriber devices via one or more data interfaces. Similarly, the ONT is adapted to receive and transmit upstream data from the one or more subscriber devices to the OLT via the passive optical network. The ONT preferably implements one or more encryption/decryption mechanisms, such as the digital encryption standard (DES), to provide data protection in addition to, or in place of, data churning provided for by the ITU G.983 recommendations.

Abstract: An increase in safety from attacks by use of hardware-like methods by small-sized hardware is achieved. An encryption processing device includes a logical circuit capable of programmably setting logics for executing cipher processing, a memory that stores plural pieces of logical configuration information corresponding to an identical cipher processing algorithm, and a CPU that selectively sets plural logics corresponding to an identical cipher processing algorithm in the logical circuit. Even in processing using an identical cipher key, by changing the logic of the logical circuit for each processing, power consumption in cipher processing can be varied, and places a timing in which malfunctions occur can be varied. Moreover, an increase in the scale of hardware for realizing plural logics can be curbed.

Abstract: A data security system for a high bandwidth bus comprises a circular shift register operable to load a variable key value, and a scrambler coupled to the circular shift register operable to receive the variable key value from the circular shift register and serially scramble a serial data input in response to the variable key value.

Abstract: Embodiments described herein provide enhanced computer- and network-based systems and methods for providing data security with respect to computing services, such as a digital transaction service (DTS). Example embodiments further provide a discovery service that enables nodes that are included in, or otherwise communicatively coupled to, the DTS to actively or passively “discover” roles and keys associated with the nodes. These node roles are associated with the various services provided by the DTS.