Abstract: A system and method for transacting cryptographic currency is described. An exchange database associated with a number of buyers and sellers is maintained at a host computer system. Cryptographic currency is received from one or more of the sellers at an exchange wallet associated with the exchange database. A match is created within the exchange database, including a buy offer for the cryptographic currency from a buyer and a sell offer for the cryptographic currency from a seller. A cryptographic currency withdrawal request is received from the buyer, and in response, the host computer system determines that a total amount of cryptographic currency represented in the exchange database matches a total amount of the cryptographic currency within the exchange wallet, transfers the cryptographic currency to the buyer's wallet, and updates the exchange database by deducting a first value of the cryptographic currency that is transferred to the buyer's wallet.

Abstract: The migration of a communication session from one device to another device may include registering at least two devices, receiving a request to transfer the session from one device to another, determining whether transfer of the session is authorized, storing session information associated with the session, authenticating user credentials at the second device, transmitting the stored session information to the second device, and receiving a request that incorporates the transmitted session information to restore the communication session on the second device. In addition, access to the system may be prohibited from the first device for a predefined period of time.

Abstract: A data store provides access to portions of secured data. Each portion is associated with a client-defined access control and is encrypted with attribute-based encryption. This encryption associates each portion with an encryption attribute, and enables the portion to be provided, based on a request, in accordance its client-defined access control and when the request's search attribute is relevant its encryption attribute. First and second portions are provided in response to first and second requests. Each request includes the same search attribute, and the first and second portions are associated with the same encryption attribute. The first portion is provided based on a first access control granting access to a first identity access and the search attribute being relevant to the encryption attribute. The second portion is provided based on a second access control granting access to a second identity and the search attribute being relevant to the encryption attribute.

Abstract: A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.

Abstract: A hash-optimized backup system and method takes data blocks and generates a probabilistically unique digital fingerprint of the content of each data block using a substantially collision-free algorithm. The process compares the generated fingerprint to a database of stored fingerprints and, if the generated fingerprint matches a stored fingerprint, the data block is determined to already have been backed up, and therefore does not need to be backed up again. Only if the generated fingerprint does not match a stored fingerprint is the data block backed up, at which point the generated fingerprint is added to the database of stored fingerprints. Because the algorithm is substantially collision-free, there is no need to compare actual data content if there is a hash-value match. The process can also be used to audit software license compliance, inventory software, and detect computer-file tampering such as viruses and malware.

Abstract: Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in a data store. The data store is configured to provide access to secured data according to access controls defined by one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.

Abstract: A system and method for Media Resource Control Protocol (MRCP) access control for a mobile device. An entity requesting to utilize MRCP resources establishes a relationship with a MRCP resource provider. The MRCP resource provider maintains account information for the entity, and the entity receives a unique account number for identification purposes. The entity requests from the MRCP resource provider generation of at least one MRCP access PIN associated with the account information, and provides a data string associated with the MRCP access PIN to the MRCP resource provider.

Abstract: An apparatus and method for ciphering uplink data in a mobile communication system are provided. The apparatus includes a Radio Network Controller (RNC) for, when receiving a Radio Bearer Setup Complete after a ciphering activation time, determining a Hyper Frame Number (HFN) value of a User Equipment (UE) and changing an HFN value of the RNC to the same HFN value determined of the UE.

Abstract: Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory is configured to provide access to secured data according to access controls defined one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.

Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.

Abstract: A cryptographic integrated circuit including a programmable main processor for executing cryptographic functions, an internal memory, and a data transmission bus to which the main processor and the internal memory are electrically connected. The cryptographic integrated circuit also includes a programmable arithmetic coprocessor that has specific hardware arithmetic units each being designed to carry out a predetermined arithmetical operation. The programmable arithmetic coprocessor is separate from the main processor and is also electrically connected to the data transmission bus.

Abstract: In general, techniques are described for seamlessly migrating a secure session established between a first computing device and a secure access appliance to a second computing device. In one example, a client computing device establishes a secure session with a secure access appliance. The client computing device receives a request via a communication channel from a second client computing device for secure session data for the first secure session usable by the second client computing device to establish a second secure session with the secure access appliance. The client computing device generates a message that includes the secure session data for the first secure session and sends the message to the second client computing device. Responsive to receiving the message, the second client computing device establishes a new secure session with the secure access appliance.

Abstract: A processing unit transforms first input information into first nonlinear transformed information that is transformed into first linear transformed information, and transforms second input information into second nonlinear transformed information that is transformed into second linear transformed information. An exclusive-or section performs an exclusive-or operation based on the first and second linear transformed information. When the first nonlinear and linear transformed information are expressed as a first and second sequence vector, respectively, and the second nonlinear and linear transformed information are expressed as a third and fourth sequence vector, respectively, then a first row vector chosen from a first inverse matrix of a first matrix that transforms the first sequence vector to the second sequence vector, and a second row vector chosen from a second inverse matrix of a second matrix that transforms the third sequence vector to the fourth sequence vector, are linearly independent.

Abstract: Embodiments are directed to facilitating data transfer using an anonymous directory and to providing attribute-based data access to identified users. In an embodiment, a computer system instantiates an anonymous directory that stores data in various client-specific directories for different clients. The anonymous directory is configured to provide data access according to access controls defined and managed by the client. The computer system receives a data request from a user that identifies the user and specifies a portion of data that is to be returned to the user. The computer system determines which of the client's data is to be returned to the user based on the client's specified access controls. The access controls grant access to specified data in some of the client-specific directories, based on the user's identity. The computer system then provides the determined data to the user.

Abstract: An information processing system and a method for use therewith, an information processing apparatus and a method for use therewith, and a program which are capable of decrypting desired portions of encrypted data are provided. Of packets 211 through 216 constituting a bit stream of layered-encoded image data 201 according to JPEG 2000, the packets 211 through 213 are each encrypted independently of the packets 214 through 216 which are also encrypted each. This produces encrypted split data 262 with the resolution at level zero (corresponding to R0) and encrypted split data 263 with the resolution at level one (corresponding to R1). The header (ranging from SOC to SOD) of layered-encoded image data 201 is appropriated for a header 261, followed by encrypted split data 262 and 263 and an EOC 264, in that order, the whole data array constituting data 251 that is output as the definitive encrypted data. This invention is particularly applicable to image delivery apparatus.

Abstract: The present invention discloses an apparatus and method of transferring data from a first device to a second device. The method includes transmitting a request to transfer the data from the first device to the second device, receiving, at the first device, a decryption key to allow transfer of the data stored in a memory of the first device, receiving, at the second device, an encryption key, and transmitting the data from the first device to the second device using peer-to-peer communications. The method also includes encrypting the data at the second device using the encryption key, storing the encrypted data in a memory of the second device, receiving, at the first device, an acknowledgement from the second device, the acknowledgement indicating that the data has been encrypted and stored in the memory of the second device, and deleting the data from the memory of the first device.

Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.

Abstract: The invention realizes a high-security cryptographic processing apparatus that increases difficulty in analyzing its key and a method therefor. In Feistel-type common-key-block cryptographic processing that repeatedly executes an SPN-type F-function having the nonlinear conversion section and the linear conversion section over a plurality of rounds, Linear conversion processing of an F-function corresponding to each of the plurality of rounds is carried out by linear conversion processing that applies square MDS (Maximum Distance Separable) matrices. The invention uses a setting that arbitrary m column vectors included in inverse matrices of square MDS matrices being set up at least in consecutive even-numbered rounds and in consecutive odd-numbered rounds, respectively, constitute a square MDS matrix. This structure realizes cryptographic processing whereby resistance to linear cryptanalysis attacks in the common-key-block cipher is improved.

Abstract: The invention generally relates to computational transformation process, which has applications in cryptography, random number generation, hash code generation etc. The computational transformation module uses a keyset, which is designed using a two dimensional array. Since the process of forward transformation used in the invention is a symmetric encryption process and if used to send data securely over a communications network, the same keyset needs to be present at the sending computer to encrypt the data and the receiving computer to go through a reverse transformation and decrypt the data. When the first ‘n’ bit block of input-data is transformed into the first ‘m’ bit block of output-data, the keyset is transformed into a different keyset based on a nonlinear or one-way transformation on the keyset. The next input block is encrypted using a transformed keyset, hence satisfying Shanons theory of perfect secrecy.

Abstract: A system including a pseudo-random number generator having a register to store an extended state having a reduced state and a dynamic constant, an initialization module to initialize a part of the extended state based on a Key and/or an Initial Value, a state update module to update the reduced state, an output word module to generate output words, the state update module and the output word module being adapted to operate through cyclical rounds, each round including updating the reduced state and then generating one of the output words, and an update dynamic constant module to update the dynamic constant, wherein in a majority of the rounds, updating of the reduced state and/or generation of the output word is based on the dynamic constant, and the dynamic constant is only updated in a minority of the rounds. Related apparatus and method are also described.

Abstract: A method is provided for authenticating micro-processor cards to determine whether a card is a genuine card or a fake card. Authentication is performed by a checking program of at least one card reader terminal. The program sends to each card commands belonging to a standard and public set of commands. The method includes: modifying the checking program in the terminal or terminals, in such a way that the program additionally sends, to each card to be authenticated, at least one additional command, called a secret command, from a set of at least one additional command, pre-inserted into each genuine card, and different from the standard and public set of commands; and a step of detecting authenticity of the card, if the secret command is recognised and/or processed correctly, or the presence of a clone, if the secret command is not recognised and/or is processed wrongly.

Abstract: A method for transmitting a handover security context of a first access point, when an access terminal from a service cell of a first access point is connected to a packet access router, to a service cell of a second access point connected to the packet access router, is provided. The handover security context transmitting method includes confirming whether a handover confirmation message transmitted from the access terminal has a security context therein; when the handover confirmation message has a security context therein, confirming whether the security context has security-related information therein; when the security context has security-related information therein, confirming whether the security context has a traffic-related key or a pairwise master key; and transmitting an information instruction message including the security related information confirmed in the security context, the security-related information, the traffic-related key, and the pairwise master key through the PAR to the second AP.

Abstract: A microprocessor apparatus is provided, for performing a cryptographic operation. The microprocessor apparatus includes an x86-compatible microprocessor that has fetch logic, a cryptography unit, and an integer unit. The fetch logic is configured to fetch an application program from memory for execution by the x86-compatible microprocessor. The application program includes an atomic instruction that directs the x86-compatible microprocessor to perform the cryptographic operation. The atomic instruction has and opcode field and a repeat prefix field. The opcode field prescribes that the device accomplish the cryptographic operation as further specified within a control word stored in a memory. The repeat prefix field is coupled to the opcode field. The repeat prefix field indicates that the cryptographic operation prescribed by the atomic instruction is to be accomplished on a plurality of blocks of input data.

Abstract: A data recording/reproducing method wherein encrypted digital data obtained by subjecting digital data to first encrypting by using a contents key and encrypted contents key obtained by subjecting the contents key to second encrypting are recorded on a recording medium, the encrypted digital data and the encrypted contents key, having been recorded, are reproduced, and the encrypted digital data is decrypted by using the contents key obtained by decrypting the encrypted contents key, thereby to obtain the digital data.

Abstract: A reproducing apparatus for reproducing data from a recording medium and supplying the data to an external apparatus for recording of the data. The reproducing apparatus has a plurality of authenticators for authenticating the external apparatus and the reproducing apparatus selects an authenticator corresponding to a type of the data reproduced from the recording medium and conducts authentication with the external apparatus. After authentication is confirmed, the reproducing apparatus sends the data to the external apparatus to record the data by the external apparatus.

Abstract: A recording method and a recording apparatus whereby digital data is recorded onto a disc as run-length limited code used for modulating marks or spaces on the disc and, at the same time, the recorded digital data is encrypted by using key data which is also recorded onto the same disc by varying the shape of marks or spaces with timing having no effect on the edges of the marks or the spaces. A playback method and a playback apparatus reproduces the digital data and the key data recorded on the disc by the recording method and/or the recording apparatus from the disc with the key data used for decrypting the reproduced digital data.

Abstract: An agent is permanently resident in a server as software for the purpose of cryptographic processing. In addition, another agent that is described in mobile code and contains a program for the purpose of cryptographic processing is also stored in the server. When data that are to be sent and received between the server and a client are encrypted, the agent that is described in mobile code is sent from the server to the client. When the client receives data that were encrypted in the server, it reproduces those data by decryption using the received agent.

Abstract: A method for minimizing the potential for unauthorized use of digital information, particularly software programs, digital content and other computer information, by verifying user access rights to electronically transmitted digital information. A second computer system transmits requested digital information to a requesting first computing system in wrapped form, which includes digital instructions that must be successfully executed, or unwrapped, before access to the digital information is allowed. Successful unwrapping requires that certain conditions must be verified in accordance with the digital instructions, thereby allowing access to the digital information. In one embodiment, verification includes locking the digital information to the requesting computer system by comparing a generated digital fingerprint associated with the digital information to a digital fingerprint previously generated which is unique to the requesting computer system.

Abstract: A matrix code generating method generates a first predetermined code in binary form. A second step permutes the first determined code according to a non-linear feedback method described as pseudo-random. The code is segmented with linear segments positioned in a two dimensional matrix array. Apparatus generates and permutes the code, and segments the resultant code into matrix array form. Apparatus encrypts such information onto objects, photo-optically reads such encrypted information and deciphers the coded information.