Abstract: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers.

Abstract: A method of encrypting a unique cryptographic entity (UCE), where a client device receives a global-key (GK-) encrypted UKD comprising a GK-encrypted UCE and a GK-encrypted unit key number (UKN). The client device verifies that the GK-encrypted UKN is the same as a pre-provisioned value and then decrypts the GK-encrypted UKD using a global key (GK). The client device then re-encrypts the decrypted UKD using a device user key (DUK) to determine a DUK-encrypted UCE and a DUK-encrypted UKN. The DUK-encrypted UKN is verified as not equal to the GK-encrypted UKN. The DUK-encrypted UKN is then appended to the DUK-encrypted UCE to form a DUK-encrypted UKD and stored in a memory.

Abstract: A system for transferring verified media data. The system comprising: an item of content storing the media data, and having an associated serial number; a computing device including a first storage device and a network interface; a secure copying application program; a secure copy of the media data generated by the secure copying application program and stored on the first storage device; a verification server including a serial number database and having a network connection to the computing device through the network interface, wherein the secure copying application program generates the secure copy after verifying the serial number is valid and active by communicating with the verification server; and a portable copy of the media data, including license information, generated from the secure copy by the secure copying application program.

Abstract: The present invention relates to a method for operating a network comprising communicating devices representing nodes of the network. More precisely, the invention relates to a method for operating a network (1), comprising a node (D1) and a system management device (3), the system management device comprising a root keying material being a set of alpha-secure functions having a degree of complexity of, and the node being provided with a node keying material share of degree of complexity ? derived from the root keying material.

Abstract: An encryption key may be fragmented into n encryption key fragments such that k<n fragments are sufficient for reconstructing the encryption key. The encryption key fragments may be distributed across data stores located within first and second geographic regions. For example, at least k of the encryption key fragments may be distributed across data stores realized at N different availability zones within the first geographic region such that less than k of the encryption key fragments are distributed to each of the N availability zones within the first geographic region. Similarly, at least k of the encryption key fragments may be distributed across data stores realized at M different availability zones within the second geographic region such that less than k of the encryption key fragments are distributed to each of the M availability zones within the second geographic region.

Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g ? ( z ) ? = def ? ? i = 0 n - 1 ? ? ( v ? ( ? i ) - z ) , where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).

Abstract: A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.

Abstract: A storage stores a common key table containing a plurality of kinds of common keys usable for the communications with other communication apparatuses within the same system, its own identification information, and an update key associated with the identification information. The transmitter transmits the identification information to a system management apparatus for managing the common key table used in the system, the identification information on the communication apparatuses within the system, and the update key associated with the identification information. An acquiring unit acquires, from the system management apparatus that has received the identification information, a common key table for use in update (updating common key table) encrypted using the update key associated with the identification information. A decryption unit decrypts the encrypted updating common key table by use of the update key stored in the storage.

Abstract: A method to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at least a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.

Abstract: An information handling system includes a host mapped general purpose input output (GPIO), a shared memory, a board management controller, and a cryptography engine. The host mapped GPIO includes a plurality of registers. The board management controller is in communication with the host mapped GPIO and with the shared memory, and is configured to control accessibility to the plurality of registers in the GPIO, and to control write accessibility of the shared memory based on a private key received from a basic input output system requesting accessibility to the plurality of registers and write accessibility of the shared memory. The cryptography engine is in communication with the board memory controller, and is configured to authenticate the private key received from the board management controller.

Abstract: A first communication apparatus that functions as a providing apparatus that provides an encryption key or as a receiving apparatus that receives an encryption key provided by a providing apparatus, and that performs a key sharing process for sharing an encryption key with another apparatus, confirms whether or not the first communication apparatus functioned as the providing apparatus in the key sharing process performed among a plurality of apparatuses present on a network in which the first communication apparatus is joining; compares identification information of a second communication apparatus that has newly joined the network with identification information of the first communication apparatus; and determines whether or not the first communication apparatus is to function as a providing apparatus in the key sharing process performed between the first and the second communication apparatuses based on the result of the confirmation and the comparison.

Abstract: The invention provides a method and a system for allowing access to a digital broadcast stream on a client device in a conditional access system, wherein the start time and end time of events in the broadcast stream are predefined. If entitled, a server system transmits for an even the start time and end time to the client device. As long as the current time, which is also transmitted from the server system to the client device, is within the range from the start time to the end time, the client device is allowed to decrypt the broadcast stream. To allow events to extend in time without requiring the generation of a new end time, the start time and end time on the one hand and the current time on the other hand are defined on different timescales.

Abstract: An exemplary method includes defining a CM field, representing coefficients of a Frobenius element of a hyperelliptic curve over a prime field as non-linear polynomials that are functions of an integer x and selecting a value for x whereby the product of the Frobenius element and its complex conjugate is a prime number. Such a method may further include determining the order of the Jacobian of the hyperelliptic curve, for example, where the order is an almost prime number. Various other methods, devices, systems, etc., are also disclosed, which may be optionally used for cryptography.

Abstract: Systems and methods for providing Kerberos pre-authentication are presented. According to a method embodiment, a request for authentication is received from a principal of an authentication service. The principal in the authentication service is authenticated. A key associated with the authenticated principal in the authentication service is provided to a Kerberos Key Distribution Center (KDC).

Abstract: In one embodiment, a rekey distribution process transmits, from a key server, a multicast probe message intended to be received by at least one group member device. The rekey distribution process also receives, at the key server, an acknowledgement message from each group member device that received the multicast probe message. In turn, the rekey distribution process transmits, from the key server, a multicast rekey data message intended to be received by each group member device from which the key server received an acknowledgment message. Furthermore, the rekey distribution process transmits, from the key server, a unicast rekey data message to each group member device from which the key server did not receive an acknowledgment message.

Abstract: A method for sending a message includes randomizing a signature generation key with a random number to calculate a randomized signature generation key, encrypting the random number with a public encryption key to calculate an encrypted random number, signing a message with the randomized signature generation key to calculate a signed message, and sending the signed message and the encrypted random number to a recipient.

Abstract: A new methodology to exchange a random secret key between two parties. The diverse physical characteristics of the wireless medium and device mobility are exploited for secure key exchange. Unique physical characteristics of wireless channels between the two devices are measured at different random locations. A function of these unique characteristics determines the shared secret key between the two devices.

Abstract: A method is presented for distributing cryptographic keys in a hierarchized network including at least one device in charge of a higher group of devices, wherein at least one of the devices of the higher group of devices is also in charge of a lower group of devices. The method includes the steps of: a) storing a set of identifiers particular to the higher group, an identifier particular to the device in charge, an identifier per device in charge of a lower group, each identifier being unique; storing a root cryptographic key; c) providing a root cryptographic key to each device in charge of a lower group using a first non-reversible cryptographic function; d) providing at least one transport cryptographic key to each member of said higher group of devices using a second non-reversible cryptographic function.

Abstract: Embodiments described herein are generally directed to methods and devices in which computing devices, and mobile devices in particular, establish a shared encryption key for a device group comprising at least three mobile devices. In accordance with one example embodiment, a public key of a mobile device is computed using a shared password as performed in accordance with authentication acts of a password-authenticated key exchange protocol, and transmitted to at least one other mobile device of the group. A public value is computed as a function of a mobile device private key and of a public key of at least one other mobile device of the device group, in accordance with a group key establishment protocol. The public values of the mobile devices of the device group are used to compute a shared encryption key.

Abstract: Disclosed is a key management system including plural terminal devices and a server. Each of the terminal devices includes: authentication means for authenticating a user and acquiring user information; delivery key registration means for registering a delivery key linked to the user information based on corresponding information, transmitted from the server, between the user information and the delivery key; encryption key receiving means for receiving an encryption key using the delivery key. The server includes terminal information storage means for storing the terminal identification information, user information on the user utilizing the terminal device and the delivery key, wherein the terminal identification information, the user information and the delivery key are linked to each other; and encryption key delivering means for transmitting the encryption key using the delivery key linked to the user information on the user performing secret communication.

Abstract: Provided is a method of protecting a content consumer's privacy. The method includes classifying contents into content groups, encrypting the contents using different encryption keys, generating a plurality of decryption keys each of which can decrypt all contents in each of the content groups, and provides the generated decryption keys to authorized clients, wherein each client is provided with a different decryption key.

Abstract: In a communicator in a communication system, a commission information generator for generating a commission parameter to make a process on a communication between communicators performed by another computer includes a first memory for storing a secret key and an encrypter for generating N number of the commission parameters, where N is a natural number, from a first to an N-th commission parameter. The encrypter regards a j-th shared key, where j is a positive integer equal to or less than N, out of the N number of shared keys as key information, encrypts a bit sequence representation of j-th partial information, associated with the j-th shared key, out of N pieces of partial information, and thereby generates a j-th commissioned parameter.

Abstract: A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.

Abstract: A recursive voting method: creating an original initiative which requires a vote response, transmitting the original initiative to first tier recipient(s); transmitting the initiative by at least one first tier recipient to at least one second tier recipient to provide selected second tier recipients; receiving by each first tier recipient a tabulation of vote responses from the selected second tier recipients to provide a second tier vote tabulation; providing a first tier vote tabulation for each first tier recipient according to the second tier vote tabulation and a vote response from the first tier recipient; sending a first tier vote tabulation for each first tier recipient to the creator of the original initiative to provide an originator total tabulation, submitting a petition according to the originator total tabulation, wherein a preponderance of support responses is needed for the initiative to be submitted for petition; transmitting a vote update.

Abstract: Protection of cryptographic keys is converted between one level of security and another level of security. The one level of security is different from the another level of security, and the another level of security includes the components of the one level of security.

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

Abstract: A secure key distribution server (SKDS) determines identity of a requesting server without use of a shared secret by resolving the fully qualified domain name (FQDN) to a network address and comparing it with the network address of a key request. A credential string may also be used as part of the identification. Once identity is established, keys may be securely distributed. The SKDS may also be implemented in a peer-to-peer configuration.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server receives from at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key, a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server, and at least one additional wrapped encryption key by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the generated keys to the requesting device.

Abstract: Provided is a method for rendering media content wherein a request to render a first media content stored in a first partition is received, wherein the first partition stores the first and a second media content; the media content is correlated to a first management key block (MKB), binding ID (IDb) and authorization table (AT); the first MKB, IDb and AT are compared to a current MKB, IDb and AT; and if any of the first MKB, IDb or AT do not correspond to the current MKB, IDb or AT, respectively, generating a second partition by rebinding the first media content with respect to the current MKB, IDb and AT to generate a title key; and associating the first media content, the current MKB, IDb, AT and title key with the second partition, wherein the second media content remains associated with the first MKB, IDb, AT and partition.

Abstract: A system and method for signing and authenticating electronic documents using public key cryptography applied by one or more server computer clusters operated in a trustworthy manner, which may act in cooperation with trusted components controlled and operated by the signer. The system employs a presentation authority for presenting an unsigned copy of an electronic document to a signing party and a signature authority for controlling a process for affixing an electronic signature to the unsigned document to create a signed electronic document. The system provides an applet for a signing party's computer that communicates with the signature authority.

Abstract: Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution (“QKD”) are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

Abstract: The product keys of software applications that can be utilized to identify, and activate to a higher functional state, legitimate copies of such software applications can be asymmetrically encrypted. Such encrypted product keys can be provided to potential purchasers without fear of theft of the original product keys. The encrypted product keys can be provided to an independent, trusted third-party validation authority that can decrypt such encrypted product keys and can, such as in conjunction with the software application manufacturer, verify the validity of the software applications associated with such product keys. For software applications bundled on a computing device, a tool can be executed by either the seller or potential purchaser to collect and display encrypted product keys for verification purposes. For software applications sold in an online environment, an escrow service can be utilized to keep, and provide when requested, product keys of software applications offered for sale.

Abstract: Techniques are presented for secure broadcasting and multicasting. Communications for multicasting and broadcasting are encrypted and decrypted using a secure communication key. The secure communication key is represented in a broadcast value that is sent to selected parties. The broadcast value represents the product of unique prime numbers and an additional number plus the secure communication key. Each party is represented by one of the unique prime numbers. Each party can acquire the secure communication key by dividing the broadcast value by its particular prime number to obtain a remainder, which is the secure communication key.

Abstract: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key—MSB=AES128(base_key_1, client_ID),??(1) client_key—LSB=AES128(base_key_2, client_ID+pad), and??(2) client_key=client_key_MSB?client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

Abstract: A storage apparatus includes a key control part to judge a validity of a data access from a request source based on authorization information received therefrom and authorization information created from an enciphering key included in enciphering key information received from a key management apparatus, and a control part to make the data access to the recording medium using the enciphering key in response to an access request from the request source, if the validity of the data access is confirmed. The authorization information from the request source includes a unique code created from the enciphering key if an authentication is successful in the key management apparatus in response to an authentication request from the request source.

Abstract: A method and system to facilitate on-line transactions is presented. An example system, in one embodiment, comprises a content scanner, a security symbol resolver, a web page manipulator, an event detector, and a trading ticket activator. The content scanner may be configured to scan a web page in order to detect security symbol information. The page manipulator may be configured to insert a trading control into the web page to produce a trade-enabled web page. The trading control may be used by users accessing the trade-enabled web page to initiate trades using the trading service associated with the trading control. The system may be provided on a client (e.g., as a browser plug-in) or on a server, as a trading access module associated with a particular web site.

Abstract: A method and system to facilitate on-line trading is presented. An example system, in one embodiment, comprises a web page scanner, a trading control generator, an event detector, and a trading ticket generator. The web page scanner may be configured to scan a web page in order to detect security symbol information. The trading control generator may be configured to present a trading control to associate visually the trading control with the detected security symbol information, the trading control to access a trading service. The event detector may be configured to detect an event associated with the trading control, so that the trading ticket generator receives a request to launch a trading ticket associated with the security symbol information. A trading ticket may be then utilized by a user for submitting a security order using the trading service.

Abstract: Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an audio signal. The audio signal is transmitted from the first computing device to the second computing device. The password is determined from the audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.

Abstract: A communication system for transmitting data of a first mobile station to a second mobile station includes a base station and a relay device. The base station is utilized for configuring an uplink and a downlink of the data to correspond to a first connection ID and a second connection ID respectively and for transmitting a traffic encryption key to the first and second mobile stations so that the first and second mobile stations share the traffic encryption key. The relay device is coupled to the base station and the first and second mobile stations via wireless communication, and utilized for receiving the data encrypted by the traffic encryption key and transferring the data of the first mobile station to the second mobile station according to the first and second connection IDs without going via the base station.

Abstract: A current version certificate is stored that includes a corresponding current version identifier. A current instance certificate is received from the certificate authority, wherein the current instance certificate includes the current version identifier of the current version certificate and a current instance public key corresponding to the current instance private key. The current instance certificate is sent to a local station, during a registration with the local station. A request for video content is generated and sent to the local station. First encrypted data is received from the local station, wherein the first encrypted data includes a content key that is encrypted via the current instance public key. Second encrypted data is received from the local station, wherein the second encrypted data includes the video content that is encrypted via the content key.

Abstract: An apparatus and method to provision and distribute a traffic key amongst a plurality of radios enables secure communication, for a predetermined group or a predetermined event. Each radio has a controller, a radio transceiver for electromagnetic radio communications, and a near-field transceiver for near-field communications (NFC). The traffic key (or traffic keys) is provisioned locally at one radio and distributed to the remaining radios utilizing the NFC over a non propagating link. The same traffic key is distributed amongst all radios, and additional restrictions may be applied if desired. The same radios can later be re-provisioned for a different group or event. The local provisioning and distribution is highly advantageous for markets that do not require permanent assignment of radios.

Abstract: Group key management in a mobile ad-hoc network (MANET) may be provided. Each network node associated with the MANET may comprise a group distribution key and a list of authorized member nodes from which a group key manager may be elected. The group key manager may periodically issue a new group key to be used in protecting communications among the network nodes. A compromised node may be excluded from receiving updated group keys and thus isolated from the MANET.

Abstract: There is provided a system and method for distributors to use an interoperable key chest. There is provided a method for use by a distributor to obtain content access authorizations from a key chest or central key repository (CKR), the method comprising receiving a user request from a user device for access to an encrypted content identified by a content identification, transmitting a key request to the CKR including the content identification, receiving an encrypted first key from the CKR, decrypting the encrypted first key using a second key to retrieve the first key, and providing a DRM license for the encrypted content to the user device using the first key for use by the user device to decrypt the encrypted content using the first key. By generating such DRM licenses, distributors can unlock protected content even sourced from distributors using different DRM schemas.

Abstract: A system receives a request from a requestor for a service performed by a network device, establishes an encrypted session with the requestor, and utilizes a temporary process to determine whether the requestor is authorized for the service. If the requestor is authorized, the system redirects the service request to the service, and provides the service to the requestor.

Abstract: A multi-hierarchical key system is provided such that users receive timely key renewals when required so that access to authorized content is not disrupted. Timely renewals of keys may occur continuously for various services while minimizing network traffic. The multi-hierarchical key system may be used in an adaptive streaming environment.

Abstract: Processes and systems for offering and granting digital rights that govern distribution and usage of content, services and resources. The processes and systems provide a basis for flexible business models and negotiation transactions between content providers and users. The concept of meta-rights, which permit digital rights to be derived, permits upstream parties in a content distribution chain to dictate rights granted and received by downstream parties. Therefore, each transaction can be considered as a two party transaction between a rights supplier and a rights consumer.

Abstract: In one embodiment, group member devices may be divided into at least one cluster, wherein each cluster includes a primary key server designated to synchronize with a master key server. Each cluster further includes at least one registration server configured to communicate with member devices in the group within the cluster and to synchronize with the primary key server.

Abstract: The present invention provides an efficient method and system in which a plurality of participants share a secret key in a communication environment that is not ensured. According to an embodiment of the invention, each of the participants is assigned with a secret key from a key generation party, generates exchange information, and transmits its own exchange information to the other participant to exchange the exchange information with each other. Each of the participants generates a shared key on the basis of the exchange information and its own secret key.

Abstract: A first communication apparatus that functions as a providing apparatus that provides an encryption key or as a receiving apparatus that receives an encryption key provided by a providing apparatus, and that performs a key sharing process for sharing an encryption key with another apparatus, confirms whether or not the first communication apparatus functioned as the providing apparatus in the key sharing process performed among a plurality of apparatuses present on a network in which the first communication apparatus is joining; compares identification information of a second communication apparatus that has newly joined the network with identification information of the first communication apparatus; and determines whether or not the first communication apparatus is to function as a providing apparatus in the key sharing process performed between the first and the second communication apparatuses based on the result of the confirmation and the comparison.