Abstract: There is a provided a semiconductor device having a high security whose power consumption is difficult to analyze even without setting up random characteristic to the processing time. The semiconductor device includes a target circuit (14), a sub-target circuit (15) having the same circuit configuration as the target circuit (14), and a dummy bit string generation circuit (11) for generating a bit string of a dummy serial input signal to be inputted to the sub-target circuit (15) according to the bit string of the serial input signal of the target circuit (14).

Abstract: A method for protecting at least one first datum to be stored in an integrated circuit, including, upon storage of the first datum, performing a combination with at least one second physical datum coming from at least one network of physical parameters, and only storing the result of this combination, and in read mode, extracting the stored result and using the second physical datum to restore the first datum.

Abstract: A first bit sequence is generated using a first pseudorandom bit source. A second bit sequence is generated using a second pseudorandom bit source. A third bit sequence is generated by multiplying the first bit sequence with the second bit sequence over a finite field of even characteristic, modulo a fixed primitive polynomial. A message is received. The third bit sequence is commingled with the message to conceal contents of the message.

Abstract: A system is described for encryption and decryption of digital data prior to the digital data entering the memory of a digital device by generating a key, sub-key and combining the sub-key with mixed digital data, where the encryption and decryption occurs between the memory controller and the input output register.

Abstract: An encryption-decryption circuit for encrypting and decrypting data. The encryption-decryption circuit comprises: 1) an N-bit shift register for storing and shifting an N bit keyword; 2) a first exclusive-OR gate array for receiving M bits from the N-bit shift register and generating a one-bit exclusive-OR result that is shifted into an input of the N-bit shift register; and 3) a second exclusive-OR gate array comprising K exclusive-OR gates, each of the K exclusive-OR gates receiving one of K bits from the N-bit shift register and one of K data bits from a received K-bit data word and generating therefrom an exclusive-OR result. The K exclusive-OR gates thereby produce one of: i) a K-bit encrypted data word and ii) a K-bit unencrypted data word.

Abstract: A method and a circuit for extracting a secret datum from an integrated circuit taking part in an authentication procedure that uses an external device that takes this secret datum into account, the secret datum being generated on request and made ephemeral.

Abstract: A method and a circuit of generation of several secret quantities by an integrated circuit according to the destination of these secret quantities, including taking into account a first digital word forming a single identifier of the integrated circuit chip and coming from a physical parameter network, and of individualizing this identifier according to the application.

Abstract: In some embodiments of the present invention, a method and apparatus to perform at least one of a confidentiality algorithm and an integrity algorithm comprising an output from a partial KASUMI block cipher.

Abstract: A method for re-encrypting encrypted data in a secure storage file system, including obtaining selected data to re-encrypt from the secure storage file system using a user data access record and the encrypted data, decrypting the selected data using a symmetric key, re-encrypting the selected data using a new symmetric key to obtain new encrypted data, encrypting the new symmetric key using a public key to obtain a new encrypted symmetric key, storing the new encrypted data and the new encrypted symmetric key if the public key is associated with a file system user having read permission, and storing an encrypted hash data if the file system user has write permission.

Abstract: A bit sequence which is generated by a feedback shift register is decimated with a variable decimation value m (m?|N) in a predetermined manner which is known on the decryption side, i.e. in that every mth bit of the bit sequence is picked out from the bit sequence so as to obtain the key bit stream.

Abstract: Performing a hash algorithm in a processor architecture to alleviate performance bottlenecks and improve overall algorithm performance. In one embodiment of the invention, the hash algorithm is pipelined within the processor architecture.

Abstract: A computer program product, for producing a cryptographic key label for use in exchanging information between first and second organizations of members, resides on a computer-readable medium includes computer-readable instructions configured to cause a computer to: produce a read-write cryptographic key using at least one base value; produce a write-only cryptographic key using the read-write cryptographic key; combine a first identifier, uniquely associated with the first organization, and a second identifier, uniquely associated with the key label to be produced, using a one-way function to produce a pedigree; and associate the pedigree with the read-write key and the write-only key to form the cryptographic key label.

Abstract: Framing transmit encoded output data begins by determining a scrambling remainder between scrambling of an input code word in accordance with a 1st scrambling protocol and the scrambling of the input code word in accordance with an adjustable scrambling protocol. The processing continues by adjusting the adjustable scrambling protocol based on the scrambling remainder to produce an adjusted scrambling protocol. The processing then continues by scrambling the input code word in accordance with the 1st scrambling protocol to produce a 1st scrambled code word. The processing continues by scrambling the input code word in accordance with the adjusted scrambling protocol to produce a scrambled partial code word. The processing continues by determining a portion of the 1st scrambled code word based on the scrambling remainder. The process then continues by combining the scrambled partial code word with the portion of the 1st scrambled code word to produce the transmit encoded output data.

Abstract: A communication system includes an encryptor and a decryptor. For improved encryption security, the encryptor includes a multitap delay line to produce mutually delayed samples of the signal to be encrypted. Each sample is operated on by a key or function to produce modified signal samples, and the modified signal samples are summed or combined to produce the encrypted signal. According to one aspect of the invention, at least one of the keys or functions includes a nonlinear function. In some embodiments, the functions are time-variant for improved security. Decryption is accomplished in some embodiments by an equalizer. The preferred equalizer is the maximum-likelihood-sequence estimators matched to the encryption functions. A Viterbi algorithm makes it easy to implement the matched equalizer.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: A method and system for generating a cryptographically random number stream (100) is provided. A system includes a module (102) configured to provide at least two statistically random number streams (106) and (108) and an oscillator (104) operably coupled to the module (102). The oscillator (104) is configured to operate at a frequency which varies in response to physically unpredictable events and to select a current number from one of the at least two statistically random number streams (106) and (108) based on the oscillator's state. A process includes several steps. At least two statistically random number streams are provided (138). A current number is selected (140) from one of the at least two statistically random number streams based on the state of an oscillator operating at a frequency which varies in response to physically unpredictable events. The step of selecting (140) is repeated (142) to create the cryptographically random number stream.

Abstract: Embodiments of the present invention provide a method and apparatus of performing on one or more bytes of an input data block at least one predetermined encryption or decryption operation.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: A method for protecting at least one first datum to be stored in an integrated circuit, including, upon storage of the first datum, performing a combination with at least one second physical datum coming from at least one network of physical parameters, and only storing the result of this combination, and in read mode, extracting the stored result and using the second physical datum to restore the first datum.

Abstract: A multiplierless IIR filter incorporates power-of-two coefficients to perform shift operations to reduce space and increase speed. To optimize performance, a genetic algorithm generates the power-of-two coefficients. The filter architecture includes shift registers to receive input samples and previous outputs. A shifter stage is employed to perform shift operations for the input samples and previous outputs based on corresponding power-of-two coefficients. Products are added by parallelism and sequential pipelining to produce an output.

Abstract: A stream cipher cryptosystem includes a keystream generator receiving a key and providing a keystream. A cryptographic combiner combines a first binary data sequence and the keystream with two non-associative operations to provide a second binary data sequence. In encryption operations, the cryptographic combiner is an encryption combiner and the first binary data sequence is a plaintext binary data sequence and the second binary data sequence is a ciphertext binary data sequence. In decryption operations, the cryptographic combiner is a decryption combiner and the first binary data sequence is a ciphertext binary data sequence and the second binary data sequence is a plaintext binary data sequence.

Abstract: A method for encrypting data comprising dividing a first data set into a second data set and a third data set; deriving a first value using the second data set as an input into a polynomial equation; deriving a second value using the third data set as an input into the polynomial equation; deriving a first encryption key associated with a first party; deriving a second encryption key associated with a second party; encrypting the first value with the first encryption key; encrypting the second value with the second encryption key.

Abstract: An apparatus and a method for scrambling and descrambling data wordwise in an optical disk system are provided. The apparatus includes a bit storing means which stores at least 15 bits, and a calculating means which calculates first through fifteenth bits of the bit storing means in parallel during one clock cycle and inputs the results of the calculation back into the bit storing means.

Abstract: A method for authorizing the rendering of a digital recording. A first section and a last section of a track is first identified. A watermark is then decoded from the first and last sections of the track. It is then determined if at least one reserved bit is marked in the watermark in each of the first and last sections of the track. If so, it is determined if the sequence IDs of sections interposed between the first and last sections of the track are in sequential order. If both conditions are met, the rendering is authorized.

Abstract: A method and a circuit for generating a secret quantity based on an identifier of an integrated circuit, in which a first digital word is generated from a physical parameter network, and this first word is submitted to at least one retroaction shift register, the output of the shift register forming the secret quantity.

Abstract: Provided is an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network. Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm in such a matter as to reduce the overall critical timing path (“hiding the ads”); and, for a multi-loop (e.g., HMAC) variant of a multi-round authentication algorithm, pipelining the inner and outer loops.

Abstract: The present invention provides permutation instructions usable in a programmable processor for solving permutation problems in cryptography, multimedia and other applications. PPERM and PPERM3R instructions are defined to perform permutations by a sequence of instructions with each sequence specifying the position in the source for each bit in the destination. In the PPERM instruction bits in the destination register that change are updated and bits in the destination register that do not change are set to zero. In the PPERM3R instruction bits in the destination register that change are updated and bits in the destination register that do not change are copied from intermediate result of previous PPERM3R instructions. Both PPERM and PPERM3R instructions can individually do permutation with bit repetition. Both PPERM and PPERM3R instructions can individually do permutation of bits stored in more than one register. In an alternate embodiment, a GRP instruction is defined to perform permutations.

Abstract: A method is provided for a user to generate a password for a software application accessible from a computer system which includes a universal password generator (UPG). The UPG includes a specified parameter for generating the password, and the software application requires the password includes a specified parameter. The UPG is initiated and the universal password is inputted into the UPG. The specified parameter required by the application, and the UPG specified parameter are inputted into the UPG. The universal password is processed such that the specified parameter of the UPG, and the specified parameter of the application are used to generate the password. The password is then transferred to the application requiring the password. The password may be saved and associated in the UPG with the program such that when the user re-enters the program, the UPG program retrieves the password for reuse in the program.

Abstract: A method for protecting a portable card, provided with at least a crypto algorithm for enciphering data and/or authenticating the card, against deriving the secret key through statistical analysis of its information leaking away to the outside world in the event of cryptographic operations, such as power-consumption data, electromagnetic radiation and the like. The card is provided with at least a shift register having a linear and a non-linear feedback function for creating cryptographic algorithms. An algorithm is applied to the card, which is constructed in such a manner that the collection of values of recorded leak-information signals is resistant to deriving the secret key from statistical analysis of those values. Advantageously, after the key has been loaded into the shift register, the shift register clocks on, using at least the linear-feedback function. A suitable alternative is loading only the key into the shift register in the event of a fixed content of the shift register.

Abstract: A key scheduler for an encryption apparatus using a DES encryption algorithm is disclosed.

Abstract: A data scrambler is capable of scrambling N bits of data in parallel using a 2B?1 bit scrambling sequence. The scrambler may store scrambling values of an m-sequence in a table. The table may be formed into at least two overlapping swaths of N columns, wherein each swath may store the m-sequence and the m-sequence of one swath is shifted from the m-sequence of a second swath. The scrambler may read a current swath N bits at a time and then may scramble N bits of input data in parallel using the N bits of the swath. When the swath is finished, the scrambler may shift to another swath.

Abstract: The present invention is related to digital to analog converter (DAC) input data encryption off-chip and decryption on-chip to suppress input data in-band harmonic leakage through package related parasitic capacitance. More specifically, the present invention relates to the method and apparatus of input data encryption off-chip by forming the logical exclusive-OR of the raw data and a random single bit data stream. The encrypted data is then read onto the DAC chip where the data is decrypted using identical circuitry and an identical random single bit data stream. The off-chip encryption isolates harmonic content within the input data, preventing leakage of input data harmonic content through IC package-related parasitic capacitance into DAC outputs. Any leakage appears as an increase in spectral noise rather than output distortion and as such, has a much smaller impact on DAC narrow band linearity.

Abstract: A random keystream generation apparatus and method for use in an encryption system, generates an m-bit random keystream, using a PS-LFSR with n storage stages for storing n-bit binary data is divided into k sub-storages connected in series, each sub-storage having parallel storage stages (k is a minimum integer larger than the quotient of n divided by m). Each sub-storage stores in the parallel storage stages m-bit parallel binary data received from the previous sub-storage and outputs the m-bit parallel binary data simultaneously in accordance with a system clock signal. A buffer has m storage stages to store m-bit parallel data received from the last sub-storage of the PS-LFSR. M feedback connections receive the outputs of the sub-storages and the buffer corresponding to predetermined primitive polynomials, calculate the primitive polynomials with the received data, and output the calculation results as the bits of the m-bit keystream sequence.

Abstract: A closed system meter that secures the link between the accounting device and printer utilizing a Linear Feedback Shift Register (LFSR) based stream encryption is provided. The accounting device includes an LFSR that comprises a plurality of stages, with one or more taps that are passed through a logic gate to provide a “feedback” signal to the input of the LFSR, to generate a pseudo-random pattern output. Preferably, a Shrinking Key Generator (SKG) is utilized to further ensure privacy of the data. The output data from the accounting unit is encrypted utilizing the output from the LFSR and sent to the printing device. The printing device includes a similar LFSR, which is utilized to decrypt the output data from the accounting unit and enable printing.

Abstract: A power-residue calculating circuit includes: an I/F (interface) circuit with respect to an external bus; an e register holding a key e; a Y register holding a multiplier Y for Montgomery conversion; an N register holding a key N; a B2N register holding a value of (2B+N) calculated during the Montgomery conversion; an X register holding a plaintext X; a calculating circuit performing calculations for encryption and decryption; a P register holding a calculation result P; a power-residue control circuit serving as a state machine when the power-residue calculation is performed; a Montgomery multiplication residue/residue control circuit serving as a state machine when the Montgomery multiplication residue calculation and residue calculation are performed; and an addition/subtraction control circuit controlling calculations addition and subtraction.

Abstract: A method for determining a result of a group operation performed an integral number of times on a selected element of the group, the method comprises the steps of representing the integral number as a binary vector; initializing an intermediate element to the group identity element; selecting successive bits, beginning with a left most bit, of the vector. For each of the selected bits; performing the group operation on the intermediate element to derive a new intermediate element; replacing the intermediate element with the new intermediate element; performing the group operation on the intermediate element and an element, selected from the group consisting of: the group element if the selected bit is a one; and an inverse element of the group element if the selected bit is a zero; replacing the intermediate element with the new intermediate element.

Abstract: Method and apparatus for encrypting transmission traffic at separate protocol layers L1, L2, and L3so that separate encryption elements can be assigned to separate types of transmission traffic, which allows the implementation of different levels of encryption according to service requirements. Encryption elements use variable value inputs, called crypto-syncs, along with semi-permanent encryption keys to protect from replay attacks from rogue mobile stations. Since crypto-sync values vary, a method for synchronizing crypto-syncs at the mobile station and base station is also presented.

Abstract: Methods and apparatus for the generation of a cryptographic one way function (a key or keystream generator) for use in encrypting or decrypting binary data. A non-linear key or keystream generation algorithm using multiple feedback shift registers is provided. The feedback shift registers may be constructed utilizing an advanced mathematical construct called an extended Galois Field GF(2m). The key or keystream is generated as a non-linear function of the outputs of the multiple feedback shift registers, which may be a combination of static feedback shift registers and dynamic feedback shift registers. Dense primitive polynomials with many coefficients may be used to produce a cryptographically robust keystream for use as an encryption or decryption key.

Abstract: This process comprises the following steps: detection of the need for resynchronization, identification of a desynchronized badge and memorization in a computer of a corresponding code, memorization of the message sent by the computer to the badges, and emission of the modified message (step 70), reception of the modified message by the desynchronized remote control, automatic resynchronization between the remote control and the computer, and emission of a response to the message from the computer, reception of the response from the badge by the computer, and erasure of the memory and return to the base message.

Abstract: An augmented pseudo-noise sequence (10) is generated from a two or more pseudo-noise sequences, using LFSRs or other such devices. A segment (16) of a one pseudo-noise sequence (14), having an arbitrary length, is inserted into another pseudo-noise sequence (12) at an arbitrary position, making the augmented sequence difficult to decipher by a third party. Additional segments of arbitrary length can also be inserted at arbitrary positions for further complexity.

Abstract: This invention report describes the architecture of a system, which undertakes in a new way the dynamic generation of symmetrical keys and the confidential synchronization of encryption components which use these keys. The basis is formed by the principle of the one-time-pad, with which absolute confidentiality can be ensured in theory. The difficulties with practical implementation of a pure one-time-pad can be avoided by expansions.

Abstract: Input data (plain text data or encrypted text data) are latched according to a clock CLK1 and, after initial transposition thereof, the data are outputted from a selector 62. The lower-order bits of the output data from the selector 62 are processed through expanded transposition and then are calculated together with key data K1 in an XOR circuit, and the result data are latched according to a clock CLK2. The latched 48-bit data are divided into eight 6-bits data, each of which is then replaced with 4-bit data, and after combination thereof, the data are transposed. In the calculations of second and subsequent stages, the data obtained through replacement and combination in a replacement/combination circuit 66 are latched according to the clock CLK1 and then are outputted from the selector 62.

Abstract: A bitstream generator including a plurality of linear feed shift registers (LFSRs) operative to generate a bit stream and including: at least a first LFSR operative, when assigned as a generator during a first time period including at least one clock cycle, to provide an output bit in each clock cycle within the first time period, and at least a second LFSR operative, when assigned as an assignor during the first time period, to provide in each clock cycle an output bit for determining assignments of at least some of the plurality of LFSRs for a second time period following the first time period, the assignments including assignment as a generator, and assignment as an assignor, and a first combiner operative to combine output bits from all of the at least a first LFSR being assigned as generators thereby to produce during each clock cycle a single output bit which is provided to the bit stream. Related apparatus and methods are also provided.

Abstract: A method and apparatus are provided for encrypting a stream of data transmitted within a frame. The method includes determining a first initialization state in a first preselected interval, and determining the first initialization state in a second preselected interval, wherein the second preselected interval is less than the first preselected interval. The method includes generating a key stream in response to determining the first initialization state in the second preselected interval, and encrypting at least one bit of the stream of data with at least one bit of the key stream.

Abstract: A method of enciphering information constituted by a finite sequence {S1,S2, . . . ,SN} of N symbols (S1,S2, . . . ,SN) selected from an alphabet A. There are defined both a secret convention of p key symbols K1, . . . ,Kp selected form a second alphabet B, and a multivariate function M having m+1 variables (m<=N): M(Xi1, . . . ,Xim,Y) operating Am□B in A, {i1, . . . ,im} being m distinct indices in the range [1,N] and the function M being bijective relative to at least one (Xi1) of the m variables of A. A succession of X permutations are performed on the sequences {S1,S2, . . . ,SN} such that where {S1,S2, . . . ,SN} is the sequence prior to the jth permutation, the sequence after the jth permutation is {S2,S3, . . . ,SN,Zj}, where Zj is equal to M(Si1, . . . ,Sim,Kj) the enciphered information being constituted by the sequence {S′1,S′2, . . . ,S′N} obtained after the Xth permutation.

Abstract: A telecommunications system and method is disclosed for implementing a message authentication code (MAC) for transmitted digital information signals. Digital information signals typically include an error detecting code, such as a Cyclic Redundancy Check (CRC) code, to ensure reliable delivery of the information. In order to verify the identity of the sending node, the CRC code can be modulated by a sequence known only to the participating nodes. Thus, the CRC code not only provides an error detecting function, but also serves as a message authentication code.

Abstract: A pseudorandom number generation circuit 2 whose generation timings of pseudorandom numbers vary randomly is disclosed. The pseudorandom number generation circuit 2 includes a clock generation circuit 4 which generates four kinds of clocks, a selection signal generation circuit 8 which generates selection signals randomly, a selection circuit 6 which selects either one of the four kinds of clocks based on the selection signals, and a linear feedback shift register (LFSR) 10 which carries out shift operation based on the clock selected by the selection circuit 6. The LFSR 10 generates a pseudorandom number in response to the selected clocks. Since the selection of the clock is carried out randomly by the selection signal generation circuit 8, the generation timings of the pseudorandom numbers generated by the LFSR 10 are also random.

Abstract: The invention relates to a method and a circuit for extracting a secret datum (s) from an integrated circuit involved in an authentication procedure by means of an external device that takes account of said secret datum. Said secret datum is generated upon request and made ephemeral.

Abstract: A method and apparatus for generating encryption stream ciphers. The recurrence relation is designed to operate over finite fields larger than GF(2) and is maximal length. An output equation generates the output based on a plurality of elements in the shift register used to implement the recurrence relation. The recurrence relation and the output equation are selected to have distinct pair distances such that, as the shift register shifts, no particular pair of elements of the shift register are used twice in either the recurrence relation or the output equation.

Abstract: A synchronous data-stream generator, suitable for use as a synchronous stream cipher providing copy right protection for audio/video data, generates a stream of output data items in synchronisation with a clock trigger. The data-stream generator comprises at least two parallel arranged subgenerators Mi, i≧1, such as linear feedback shift registers. The output of the subgenerators Mi is combined forming the output data items of the data-stream generator. A control subgenerator C is used for generating a stream of control data items. Control means (150) comprises for at least one subgenerator Mi an associated number selector Si for, in dependence on the control data item of the control subgenerator C, selecting a number ni,j from a group Hi of different integer numbers. At least two numbers of the group Hi are larger than zero.