Abstract: Secure communication of data between devices includes encrypting unencrypted data at a first device by reordering unencrypted bits provided in parallel on a device bus, including data and control bits, from an unencrypted order to form encrypted data including a plurality of encrypted bits in parallel in an encrypted order defined by a key. The encrypted data may be transmitted to another device where the encrypted data is decrypted by using the key to order the encrypted bits to restore the unencrypted order thereby to reform the unencrypted data.

Abstract: A method and system are provided for delivering event messages in a secure scalable manner. A network includes an event distribution device serving as an event generation device for generating and disseminating an event message through the network to event distribution devices serving as edge event delivery devices having recipient devices connected thereto. Event messages may be encrypted at the event generation device for each of the destination recipient devices or event messages may be encrypted at each of the edge event delivery devices for delivery to respective recipient devices connected thereto. A signing key may also be included with the encrypted message such that the respective recipient devices may authenticate a sender of the encrypted message based on the signing key. Encryption keys may be established based on policies of the network of event distribution devices or based on policies of the respective recipient devices.

Abstract: A key update method and a key update apparatus are provided. The method includes storing data in a database of an update server, the data having an encoded updated node key in response to a node key update for a group; selecting necessary data, from among the data having the encoded updated node key, to calculate a key immediately prior to when the member is switched to the online mode, and generating member update data; and performing a key update with respect to the member using the member update data in a device corresponding to the member which has switched from the offline mode to the online mode.

Abstract: A communication encryption processing apparatus is provided in which a dedicated signal line is provided between a key management module and an encryption and decryption processing module to perform a key delivery via the dedicated signal line from the key management module to the encryption and decryption processing module, and as a result, transmission and reception of raw key data on a bus is no longer performed.

Abstract: When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.

Abstract: A method and system for distributing n shares of a secret to n computing systems, and a method and system for reconstructing the secret from k shares of the secret. In one embodiment, the method for distributing the secret comprises representing the secret as a first polynomial over GF(2). The method further comprises creating the n shares from the secret, each of the n shares including a polynomial over GF(2). The secret can be reconstructed, in one embodiment, by solving coefficients of an interpolating polynomial using k points in the k shares using modulo 2 arithmetic.

Abstract: A method, machine-readable medium, and server to create a key, set an expiration event for the key to expire, send the key to a first client device to encrypt the document, authenticate a second client device that is in receipt of the encrypted document, delete the key if the expiration event has occurred, and send the key from to the authenticated second client device to decrypt the document if the expiration event has not yet occurred. For one embodiment, the key is used by client devices for encryption and decryption of the document only and is not otherwise accessible to the client devices. For one embodiment, the server facilitates sending the encrypted document to the second client device but does not retain a copy of the encrypted document.

Abstract: A configuration is provided which enables usage management and secure data management of data newly generated or obtained that is different from data already stored in an information recording medium. New data such as information which the user has newly generated or downloaded related to content information increments of content management information stored in an information recording medium is recorded as configuration data of the content management unit, in the form of encrypted data to which a unit key corresponding to the content management unit, or a unit key corresponding to a new content management unit, has been applied. According to this configuration, secure data management and usage management is realized for new data the same as with data corresponding to original units.

Abstract: This is to provide an image processing apparatus and others capable of ensuring security by shortening the connecting time of an external recording medium when a plurality of jobs including target data pieces encrypted with shared keys and the shared keys encrypted with a user's public key are executed. A job including a target data piece encrypted with a shared key and the shared key encrypted with a user's public key are received and stored in a job storage. To execute the plurality of jobs stored therein, the encrypted shared keys included in the respective jobs are decrypted with a secret key by the external recording medium. After completely obtaining all the plurality of decrypted shared keys, the target data pieces are decrypted with their matching decrypted shared keys, and then the jobs are executed.

Abstract: Systems, methods and devices for distributing a group key between a transmitter and a group of receivers connected over a network. The described group key distribution can be implemented in any television network for encrypted transmission of television related content to large and dynamic groups of subscribers' receivers. Wherein each receiver contributes to the group key by securely transmitting its contribution to the transmitter. The transmitter also contributes to the group key and generates the group key based on all contributions. The transmitter further generates partial keys specific to each receiver such that each receiver can generate a copy of the group key from its contribution and the partial key it receives. The transmitter sends each receiver its corresponding partial key so that each receiver can calculate a copy of the group key.

Abstract: Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.

Abstract: Methods and computer readable media for providing a rental service for a software application via a network. The user of a device downloads a rental agent application via the network and installs a rental agent application in the device. The user also downloads a software application via the network and installs the software application in the device, where the software application includes a decryption key embedded therein. The user causes the rental agent application to send to a rental system a request for a key to activate the software application via the network. The rental system sends the key to the rental agent via the network, where the key is encrypted with an encryption key that forms an asymmetric key pair with the decryption key. Then, the rental agent relays the key to the software application to thereby activate the software application for a rental period.

Abstract: A method of and device for granting access to content on a storage medium, including obtaining cryptographic data from a property, such as a wobble, of the storage medium, reading helper data from the storage medium, and granting the access based on an application of a delta-contracting function to the cryptographic data and the helper data. The delta-contracting function allows the choice of an appropriate value of the helper data, such that any value of the cryptographic data which sufficiently resembles the original primary input value leads to the same output value. Substantially different values of the cryptographic data lead to different values of the output.

Abstract: The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.

Abstract: An apparatus and method for sharing a secret comprising the steps of generating a first random matrix, generating a first projection matrix from the first random matrix, and determining a first remainder matrix from the first projection matrix and the first secret matrix. The first secret matrix may be determined using the remainder matrix and a plurality of distributed vector shares.

Abstract: Protecting content. A recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient's use of managed content through interaction with a trusted agent at the recipient. The content is encrypted to a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted to an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted to a trusted agent key. The content key is further encrypted to additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key.

Abstract: The system for receiving broadcast digital data (in particular pay television services) comprises a master digital terminal (1), and at least one slave digital terminal (2) connected to the master terminal by a link (3) and able to receive protected digital data. The slave digital terminal can access the protected data only if information necessary for accessing the data and received by the master digital terminal is sent by way of link (3) to the slave digital terminal within a predetermined deadline. This information is in particular access entitlements to television services or keys for descrambling the service.

Abstract: A method of protecting a media key including obtaining the media key, obtaining an auxiliary key, calculating a split key using the media key and the auxiliary key, encrypting the split key using a wrap key to generate an encrypted split key, assembling the encrypted split key and a communication key to obtain a data bundle, and sending the data bundle to a token, where the media key is extracted from the data bundle on the token to protect data on a storage device.

Abstract: A device stores one-time pad data for use in carrying out various tasks. In order to preserve the ability to carry out important tasks that require the use of one-time data, use of the one-time pad data held by the device is controlled such that an amount of this one-time pad data is only usable by a predetermined set of important tasks comprising at least a replenishment task for replenishing the device with one-time pad data.

Abstract: A public key for an Elliptic Curve Cryptosystem is generated in a manner that acts as a countermeasure to power analysis attacks. In particular, a known scalar multiplication method is enhanced by, in one aspect, performing a right shift on the private key. The fixed-sequence window method includes creation and handling of a translated private key. Conveniently, as a result of the right shift, the handling of the translated private key is made easier and more efficient.

Abstract: A method is presented for distributing cryptographic keys in a hierarchized network including at least one device in charge of a higher group of devices, wherein at least one of the devices of the group of devices is also in charge of a lower group of devices.

Abstract: This method is characterized in that it includes the following steps, a step for establishing a key root database in the transmitter and said at least one receiver, a step for generating in the transmitter a sequence of bits called an index, a step for having this index bit sequence transmitted by the transmitter to the receiver, and a step for having the key extracted from the index and from the key root database by the transmitter and said at least one receiver.

Abstract: A secure gateway includes a TLS server for authenticating connecting devices, a connection manager for routing requests from the TLS server to service provider adapters, and a key management system for providing key management functions, wherein when a device provides a manufacturing certificate to one or more servers of the gateway, servers identify the device as authentic by validating that the manufacturing certificate provided is signed by the same root that has signed the servers its own certificate.

Abstract: A method and apparatus is provided for consolidating cryptographic key updates, the consolidated update information enabling, for example, a returning member of a secure group who has been offline, to recover the current group key, at least in most cases. The unconsolidated key updates each comprise an encrypted key, corresponding to a node of a key hierarchy, that has been encrypted using a key which is a descendant of that node. The key updates are used to maintain a key tree with nodes in this tree corresponding to nodes in the key hierarchy. Each node of the key tree is used to store, for each encrypting key used in respect of the encrypted key associated with the node, the most up-to-date version of the encrypted key with any earlier versions being discarded. The key tree, or a subset of the tree, is then provided to group members.

Abstract: The present invention discloses a key distribution method and system, and the method includes: a card issuer management platform generating initial keys of a supplementary security domain corresponding to an application provider, importing the initial keys and a Trust Point's public key for external authentication to the supplementary security domain, and sending the information of the supplementary security domain and the initial keys to the application provider management platform (202); the application provider management platform receiving the information of the supplementary security domain and the initial keys, and selecting the supplementary security domain of the smart card by a service terminal according to the information of the supplementary security domain and the initial keys (204); the application provider management platform generating a public key and a private key of the supplementary security domain as well as a certificate of the supplementary security domain, and encrypting the public key

Abstract: A secret communications system realizes point-to-multipoint or multipoint-to-multipoint connections of both quantum channels and classical channels. Multiple remote nodes are individually connected to a center node through optical fiber, and random-number strings K1 to KN are individually generated and shared between the respective remote nodes and the center node. Encrypted communication is performed between each remote node and the center node by using the corresponding one of the shared random-number strings K1 to KN as a cryptographic key. The center node is provided with a switch section for quantum channels and a switch section for classical channels. Switching control on each of these switch sections is performed independently of the other by a controller.

Abstract: Disclosed is a hybrid key management method for a supervisory control and data acquisition (SCADA) system in which a master terminal unit (MTU), a plurality of sub-master terminal units (sub-MTUs), and a plurality of remote terminal units (RTUs) are sequentially and hierarchically structured, the hybrid key management method comprising the steps of: (a) creating, by the MTU and the sub-MTUs, their own secret numbers and making and exchanging digital signatures; (b) creating, by the MTU, group keys; and (c) distributing, by the MTU, the group keys to the sub-MTUs and encrypting and decrypting the group keys using the secret numbers.

Abstract: A group key management method for secure multicast communication includes: creating a tree having a root node, internal nodes and leaf nodes to manage group keys of a receiver group by a group key management server; generating user keys of all nodes excluding the root node in the tree on the basis of Chinese Remainder Theorem; assigning the leaf nodes of the tree to users of the receiver group; and sending the user keys of the leaf nodes to the corresponding users for group key management. Further, the group key management method for secure multicast communication includes generating group keys of all non-leaf nodes; computing a solution of congruence equations based on the user key and group key by using Chinese Remainder Theorem for each non-leaf node; and multicasting a group key update message to each user of the respective leaf nodes.

Abstract: An identification tag for authenticating a product is associated with the product and has authentication data transmissible to a reader device. The authentication data include source data including a tag identifier that uniquely identifies the identification tag and a signature value that is a result of a private key encryption of a representation of the source data, where the private key encryption uses a private key of a public key encryption method.

Abstract: In a secret communication network including a center node and multiple remote nodes, the center node is provided with a virtual remote node which functions as a remote node similar to each of the remote nodes. Random numbers shared between the center node and each remote node are managed based on random number sequences used in cipher communication between the virtual remote node and one of the remote nodes.

Abstract: Provided are a method of configuring a hierarchical network of user groups and resource groups, and a key distribution center. The method includes the steps of: analyzing hierarchical connection relationships between respective user groups and respective resource groups, comparing redundancy rates of the respective hierarchical connection relationships, and determining a connection mode having a larger redundancy rate; separating the respective user groups and resource groups and hierarchically connecting the user groups with the resource groups, according to the determined connection mode; comparing hierarchical connections between the respective separated user groups and resource groups, and removing an overlapping hierarchical connection; and recombining the separate hierarchical connections except for the overlapping hierarchical connection, and configuring an entire network.

Abstract: According to one embodiment, a transmitter is configured to transmit content to a receiver. Available dubbing count is set in advance for the content such that the content can be dubbed a plurality of times. The transmitter includes a key exchanger, an encryption processor, and a dubbing management module. The key exchanger performs key exchange to share a common key with the receiver. The encryption processor encrypts, in response to a content request received from the receiver, the content with the common key to transmit the content to the receiver. The dubbing management module reduces, upon receipt of a right transfer request related to the use of the content from the receiver, the available dubbing count by dubbing count indicating the number of times of dubbing of the content. The dubbing count is contained in the right transfer request.

Abstract: A system comprises storage and a basic input/output system (BIOS) stored in the storage and adapted to be executed by a processor. The BIOS has an associated setting. The system receives an encrypted value that comprises an encrypted hash of a request to alter at least one of the BIOS and the setting. A first key is used to encrypt the value. The processor uses a second key corresponding to the first key to authenticate said request.

Abstract: The present invention is a controller capable of preventing card makers from conducting unauthorized acts. The controller includes: a controller key storage unit 511 configured to hold a controller key that has been generated by a controller manufacturing device in advance; a decryption unit 522 configured to receive encrypted media key information that has been generated by a key issuance center that is authorized and to decrypt the received encrypted media key by using the controller key, the encrypted key information generated through encryption of key information with use of the controller key; and an encryption unit 526 configured to encrypt the decrypted media key again by using an individual key that is unique to the controller.

Abstract: A method of authenticating data transmitted in a digital transmission system, in which the method comprises the steps, prior to transmission, of determining at least two encrypted values for at least some of the data, each encrypted value being determined using a key of a respective encryption algorithm, and outputting said at least two encrypted values with said data.

Abstract: A method and system for identity management certificate operations is described.

Abstract: Embodiments described herein are generally directed to methods and devices in which computing devices, and mobile devices in particular, establish a shared encryption key for a device group comprising at least three mobile devices. In accordance with one example embodiment, a public key of a mobile device is computed using a shared password as performed in accordance with authentication acts of a password-authenticated key exchange protocol, and transmitted to at least one other mobile device of the group. A public value is computed as a function of a mobile device private key and of a public key of at least one other mobile device of the device group, in accordance with a group key establishment protocol. The public values of the mobile devices of the device group are used to compute a shared encryption key.

Abstract: An electronic encryption endpoint device includes a management interface, a storage device interface and a controller. The management interface is capable of operating as a control interface (e.g., connecting to an array controller). The storage device interface is arranged to communicate with a set of storage devices. The controller is arranged to (i) receive a key encryption key through the management interface, (ii) decrypt a portion of a key table entry of a key table using the key encryption key to extract a data encryption key from the portion of the key table entry, the data encryption key being initially encrypted within the portion of the key table entry prior to decrypting the portion of the key table entry, and (iii) encrypt data using the data encryption key and store the encrypted data in the set of storage devices through the storage device interface.

Abstract: A method and system for deploying a suite of advanced cryptographic algorithms that includes: providing a legacy cryptographic interface that is associated with a legacy operating system and a legacy application, and supports a suite of legacy cryptographic algorithms; providing a suite of advanced cryptographic algorithms that includes one or more of an advanced asymmetric key algorithm, an advanced symmetric key algorithm, and/or an advanced hash function; providing an advanced cryptographic interface that is independent of the legacy operating system and the legacy application, backwards compatible with the legacy cryptographic interface, and capable of supporting the suite of advanced cryptographic algorithms; and transparently and automatically substituting the suite of advanced cryptographic algorithms for the legacy cryptographic algorithms through the invocation of the advanced cryptographic interface at the time of an initial performance of encrypting, hashing, digitally signing the hash of, decrypti

Abstract: A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.

Abstract: A hierarchical threshold tree-based broadcast encryption method includes a first step for a server initialization and a user subscription, a second step of distributing a message to enable a privileged user (authorized user) to decrypt a group key, and a third step of the privileged user (authorized user) decrypting the message using the group key. According to the method, it is possible to prevent any group of revocators from obtaining the group key using their secret information and information being broadcast by the server.

Abstract: A data storage system employs data encryption to increase data security, and techniques for ensuring consistency of key information maintained and used throughout the system to reduce the likelihood that data will become non-recoverable due to the use of an incorrect encryption key. In one aspect, a verification process is performed between a key table at a central storage processor and key tables containing decrypted copies of the same information that are stored and utilized at separate input/output (I/O) modules. The verification process includes computing respective hash values at the I/O modules and at the storage processor and comparing the hash values to determine whether they match, a match indicating that the tables are consistent and a non-match indicating that the tables are not consistent. In another aspect, an I/O module performs a check prior to performing an encryption/decryption operation as part of processing an I/O command to ensure that the correct key will be utilized.

Abstract: A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key by calculating. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key.

Abstract: Provided is a group subordinate terminal in a key updating system that includes a server and a group of terminals including: a group managing terminal; and group subordinate terminals including the group subordinate terminal, the group subordinate terminal comprising: a group withdrawal request processing unit which transmits a group withdrawal request to the group managing terminal in response to an instruction to update its apparatus-unique key, the group withdrawal request requesting for withdrawal of the group subordinate terminal from the group; an update apparatus-unique key requesting unit which requests for another apparatus-unique key by transmitting to the server a group withdrawal certificate indicating that the withdrawal of the group subordinate terminal from the group of terminals is completed through invalidation of its group key; and an update processing unit which updates the apparatus-unique key held in an apparatus-unique key holding unit to the another apparatus-unique key obtained from th

Abstract: A method and system distributes N shares of a secret among cooperating entities using hyperplanes over GF(q), such that the secret can be reconstructed from K of the N shares (where K?N). In one embodiment, the method constructs a K-tuple that contains the secret and elements of GF(q), where q is a power m of an odd prime p. The method further multiplies the K-tuple by a matrix of size (N×K) to produce an N-tuple using arithmetic defined on GF(q). Thus, N shares of the secret are generated, with each of the N shares including a component of the N-tuple.

Abstract: A data providing system is provided which includes: a storage section which stores an encoded file obtained by encoding a data file to be distributed with a predetermined common key and an encoded information file obtained by encoding an information data file including information on the common key with a private key different from the common key; and a file transfer section which transfers the encoded file and the encoded information file from the storage section to external electronic device.

Abstract: A method and system distributes N shares of a secret among cooperating entities using hyperplanes over GF(2m), such that the secret can be reconstructed from K of the N shares (where K?N). In one embodiment, the secret is represented as a secret bit string of length m, which is embedded in a K-tuple. The K-tuple is then extended to an N-tuple by a linear transformation using arithmetic defined on GF(2m). N shares of the secret bit string are generated, with each of the N shares including an element of the N-tuple.

Abstract: A technique for dynamically creating and deleting groups to support secure group communication sessions is provided herein. A request for creation of a dynamic group that enables group members to participate in a secure group communication session is received by a network authentication device such as a key server. Creation of the dynamic group includes generating a lifetime attribute indicating when the dynamic group is to exist based on timing information provided in the request, along with security policies required for generating the keys, and generating a unique group ID associated with the dynamic group for distribution to the group members. The keys for the secure group communication session are supplied, along with security policies, in response to a request containing the unique group ID identifying the dynamic group. The dynamic group is deleted in response to determining from the lifetime attribute that the secure group communication session has expired.

Abstract: Methods and systems are disclosed for protecting data on a mobile device. A data protection module on the mobile device receives a transmission including a secret key. The secret key is used in encrypting data on the device and is then deleted. Subsequent to an event detectable to the mobile device, the data protection module receives another transmission including said secret key. The secret key is then used to decrypt the encrypted data.

Abstract: A network authentication method is to be implemented using a network authentication device and a user end for authenticating the user end. The network authentication method includes the steps of: configuring the network authentication device to store hardware information associated with unique identification codes of hardware components of the user end; when it is intended to verify identity of the user end, configuring the user end to execute a terminal program stored therein for scanning the hardware components thereof to obtain the identification codes of the hardware components, for establishing a hardware list according to the identification codes thus obtained, and for sending to the network authentication device verification data that is associated with the hardware list; and configuring the network authentication device to verify identity of the user end based on relationship between the verification data received from the user end and the hardware information stored therein.