Control Vector Or Tag Patents (Class 380/280)
-
Patent number: 8296579Abstract: There is provided a system and method for updating a basic input output system (BIOS). An exemplary method comprises obtaining a BIOS update package comprising a BIOS image update, a BIOS Signature, and a plurality of Public Key regions, wherein each Public Key region comprises a Public Key area and a signature area. The exemplary method also comprises updating a current Public Key with a new Public Key if the new Public Key is identified in one of the Public Key regions. The exemplary method additionally comprises validating the BIOS Signature using the current Public Key.Type: GrantFiled: November 6, 2009Date of Patent: October 23, 2012Assignee: Hewlett-Packard Development Company, L.P.Inventors: Mark A. Piwonka, José A. Sancho-Dominguez
-
Patent number: 8291234Abstract: Systems and methods consistent with the present invention encode a list so users of the list may make inquiries to the coded list without the entire content of the list being revealed to the users. Once each item in the list has been encoded by an encoder, a bit array with high and low values may be used to represent the items in the list. The bit array may be embodied in a validation system for allowing users to query the list to determine whether an inquiry item is on the list. The validation system determines which bits to check by executing the same coding process executed by the encoder. If all the bits are high, then the inquiry item is determined to be part of the list, if at least one bit is low, then the inquiry item is determined not to be part of the original list.Type: GrantFiled: August 20, 2007Date of Patent: October 16, 2012Assignee: United States Postal ServiceInventors: Robert F. Snapp, James D. Wilson
-
Patent number: 8290164Abstract: A trusted platform module (TPM) is a silicon chip that constitutes a secure encryption key-pair generator and key management device. A TPM provides a hardware-based root-of-trust contingent on the generation of the first key-pair that the device creates: the SRK (storage root key). Each SRK is unique, making each TPM unique, and an SRK is never exported from a TPM. Broadly contemplated herein is an arrangement for determining automatically whether a TPM has been replaced or cleared via loading a TPM blob into the TPM prior to the first time it is to be used (e.g. when a security-related software application runs). If the TPM blob loads successfully, then it can be concluded that the TPM is the same TPM that was used previously. If the TPM blob cannot be loaded, then corrective action will preferably take place automatically to configure the new TPM.Type: GrantFiled: July 31, 2006Date of Patent: October 16, 2012Assignee: Lenovo (Singapore) Pte. Ltd.Inventors: Matthew P. Lietzke, James P. Hoff, David Rivera
-
Patent number: 8290151Abstract: A device for determining an inverse of an initial value related to a modulus, comprising a unit configured to process an iterative algorithm in a plurality of iterations, wherein an iteration includes two modular reductions and has, as an iteration loop result, values obtained by an iteration loop of an extended Euclidean algorithm.Type: GrantFiled: October 12, 2007Date of Patent: October 16, 2012Assignee: Infineon Technologies AGInventor: Wieland Fischer
-
Patent number: 8285991Abstract: An electronic signature device includes a processor, a memory, a user input device including a first biometric input device, and a device interface, all communicatively connected by at least one bus. A method of personalizing the electronic signature device to a user includes receiving a digitized biometric signature of the user via the first biometric input device. A cryptographic key is generated. A biometric electronic template is generated based on the digitized biometric signature. The cryptographic key and the biometric electronic template are stored in the memory.Type: GrantFiled: February 10, 2009Date of Patent: October 9, 2012Assignee: TecSec Inc.Inventor: Edward M. Scheidt
-
Patent number: 8284930Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ, several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.Type: GrantFiled: July 6, 2011Date of Patent: October 9, 2012Assignee: Certicom Corp.Inventors: Adrian Antipa, Yuri Poeluev
-
Patent number: 8285996Abstract: A database management system (1) comprises up to fifty or more workstations (2), each for a user. The environment may, for example, be a hospital and the system manages medical records in a secure manner. Each user has a private key issued by a KGC (5). A database controller (3) updates a secure database (3) with data and associated signatures generated by the user workstations (2). Thus every record of the secure database (3) has a signature to provide full traceability and non-repudiation of data edits/updates. It is important for the system (1) that the signatures are verified on a regular basis, say every hour. Such a task would be extremely processor-intensive if the database (3) is large. However this is performed by a verification processor (4) of the system (1) in a much shorter time than heretofore, t1+n(&Dgr;), where t1 is the time for one verification, n is the number of signatures, and &Dgr; is a time value which is a very small proportion of t1 (less than 1%).Type: GrantFiled: September 28, 2006Date of Patent: October 9, 2012Assignee: Dublin City UniversityInventors: Noel McCullagh, Michael Scott, Neil Costigan
-
Patent number: 8271424Abstract: A method of preserving privacy and confidentiality in a system where information is associated with an existing web page having an address. The method includes receiving a store command from a first user system, the store command including at least a database key and information to be associated with the web page, wherein the database key was created by performing a cryptographic hash function on the address of the web page; storing the information at a location in a storage database; associating the location with the database key; receiving a retrieve command from a second user system, the retrieve command including the database key calculated by the second user system; retrieving stored information from one or more locations in the database associated with the database key; and transmitting the stored information to the second user system.Type: GrantFiled: May 15, 2008Date of Patent: September 18, 2012Assignee: International Business Machines CorporationInventors: Daniela Bourges-Waldegg, Christian Hoertnagl, James F. Riordan
-
Patent number: 8270612Abstract: Systems and techniques for mapping compound keys. In one aspect, a method includes receiving a first compound key, mapping the first compound key to a first surrogate key, mapping the first surrogate key to a second surrogate key, mapping the second surrogate key to a second compound key, and making the second compound key available for data processing activities.Type: GrantFiled: December 18, 2006Date of Patent: September 18, 2012Assignee: SAP AGInventors: Karl Fuerst, Florian Kresser, Holger Gockel
-
Patent number: 8218768Abstract: A cryptosync design comprising (1) a channel identifier indicative of a particular channel via which a data packet is sent, (2) an extended time stamp indicative of a time value associated with the data packet, and (3) a counter indicative of a packet count associated with the data packet. The lengths of the extended time stamp and counter fields and the time unit for the extended time stamp are parameters that may be configured for each channel. At the sender, the extended time stamp for the cryptosync may be obtained from the System Time maintained by the sender. The counter value for the cryptosync may be provided by a counter that is maintained for the channel by the sender. The sender may include a time stamp and/or the counter value, if they are needed to derive the cryptosync at the receiver, in a header of the data packet.Type: GrantFiled: March 25, 2002Date of Patent: July 10, 2012Assignee: QUALCOMM IncorporatedInventors: Ramin Rezaiifar, Paul E. Bender, Roy Franklin Quick, Jr.
-
Patent number: 8219821Abstract: A system and method for signature based data container recognition is provided. When a new data container, such as a lun, is created, a security appliance generates a signature of the data container, by, e.g., examining the contents of one or more data blocks of the data container. The generated signature is then associated with the appropriate encryption key for the data container and is stored either within a configuration database of the security appliance or on a key management system operating within a security appliance environment. To identify the encryption key associated with a data container, the security appliance generates a signature of the data container and compares the generated signature with the stored signatures. Should there be a matching signature, the security appliance utilizes the encryption key associated with the matching signature to process data access requests to/from the data container.Type: GrantFiled: March 27, 2007Date of Patent: July 10, 2012Assignee: NetApp, Inc.Inventors: Ori Zimmels, Yuval Frandzel
-
Patent number: 8208638Abstract: A set of equipment for secure direct information transfer over the Internet contains information transmitting terminal devices for collaborating with an information forwarding network, taking part in the information traffic. The individual information transmitting terminal devices are equipped with a sender partial unit, a receiver partial unit and a storage partial unit comprising an ID-register containing a device identification signal, a C-register for storing a coding key and a D-register for storing a decoding key. The C-register containing the coding key is connected to the sender partial unit, and a coding key and a collaborating decoding key are allocated to each individual information transmitting terminal device.Type: GrantFiled: November 2, 2004Date of Patent: June 26, 2012Inventors: Miklós Jobbágy, Gábor Kuti, János Zelenák
-
Patent number: 8204230Abstract: A communication device including a communication connection establishing circuit configured to establish an ad hoc network communication connection between the communication device, a second communication device and a third communication device, a generating circuit configured to generate encryption parameters to be used by the second communication device and the third communication device for encrypting and decrypting data transmitted between the second communication device and the third communication device via the communication connection when the first communication device has left the communication connection, a signaling circuit configured to signal the encryption parameters to the second communication device and the third communication device, and a disconnection circuit configured to remove the communication device from the communication connection.Type: GrantFiled: May 8, 2007Date of Patent: June 19, 2012Assignee: Infineon Technologies AGInventors: Andreas Schmidt, Norbert Schwagmann, Achim Luft, Michael Benkert
-
Patent number: 8201233Abstract: Methods and apparatus are provided to allow Internet Key Exchange (IKE) phase 1 keying materials to be periodically refreshed in a secure manner without requiring user interaction. A client and server perform authentication and key exchange during set up of a secure connection. A token is passed to the client by the server during or after the initial user authentication phase. The token is stored both at the client and at the server. Instead of requiring user credentials, the token can be used to securely prove the identity of the client.Type: GrantFiled: February 6, 2006Date of Patent: June 12, 2012Assignee: Cisco Technology, Inc.Inventors: Stephane Beaulieu, David Silverman, Scott Fanning
-
Patent number: 8195933Abstract: A method, system, apparatus, and computer program product are presented for managing digital certificates. When entities need to engage in a secure transaction or open a secure communication link, they may exchange digital certificates in order to provide a public key or reference information to a public key for the opposing entity, thereby requiring validation of a received certificate. Rather than construct a trust path for each validation event, hierarchical certifications and peer-to-peer cross-certifications among a set of certificate authorities are represented by a set of trust relations, and trust path information is generated using a transitive closure computation and an “all pairs shortest paths” computation over the set of trust relations and then incrementally updated as the set of trust relations changes. Computations related to trust paths can be delegated to a central agent in a trust web.Type: GrantFiled: January 10, 2002Date of Patent: June 5, 2012Assignee: International Business Machines CorporationInventor: Messaoud Benantar
-
Patent number: 8189792Abstract: In one embodiment, the present invention includes a processor having logic to perform a round of a cryptographic algorithm responsive to first and second round micro-operations to perform the round on first and second pairs of columns, where the logic includes dual datapaths that are half the width of the cryptographic algorithm width (or smaller). Additional logic may be used to combine the results of the first and second round micro-operations to obtain a round result. Other embodiments are described and claimed.Type: GrantFiled: December 28, 2007Date of Patent: May 29, 2012Assignee: Intel CorporationInventors: Brent Boswell, Kirk Yap, Gilbert Wolrich, Wajdi Feghali, Vinodh Gopal, Srinivas Chennupaty, Makaram Raghunandan
-
Patent number: 8180060Abstract: In the telemedical system securely sharing encryption keys for enabling secure exchange of the encrypted biological data between the measurement terminal and the server to prevent the data from being stolen by the malicious third party, a service key is transferred to the second adapter attached to a measurement terminal from the server via the first adapter attached to the management apparatus. First, the first adapter attached to the management apparatus receives the service key from the server. Next, the first adapter is temporarily detached from the management apparatus and is attached to the measurement terminal to store the symmetric key. The first adapter is detached from the measurement terminal, and is attached to the management apparatus again. The service key received in the first adapter is encrypted using the symmetric key, and the encrypted key is transmitted to the second adapter attached to the measurement terminal.Type: GrantFiled: August 20, 2008Date of Patent: May 15, 2012Assignee: Panasonic CorporationInventors: Kazuhiro Aizu, Yosuke Tajika, Daisuke Kobayashi, Hiromichi Nishiyama, Masao Nonaka, Natsume Matsuzaki, Kaoru Yokota, Yuichi Futa
-
Patent number: 8165300Abstract: A system, method, and program product is provided that uses environments to control access to encryption keys. A request for an encryption key and an environment identifier is received. If the encryption key is not associated with the environment identifier, the request is denied. If they are associated, the system receives user-supplied environment authentication data items from a user. Examples of environment authentication data include passwords, user identifiers, user biometric data (e.g., fingerprint scan, etc.), smart cards, and the like. The system retrieves stored environment authentication data items from a secure (e.g., encrypted) storage location. The retrieved stored environment authentication data items correspond to the environment identifier that was received. The received environment authentication data items are authenticated using the retrieved stored environment authentication data items.Type: GrantFiled: March 4, 2010Date of Patent: April 24, 2012Assignee: Lenovo (Singapore) Pte. Ltd.Inventor: David Carroll Challener
-
Patent number: 8160244Abstract: Stateless hardware security modules facilitate securing data transfers between devices in a data communication system. The stateless hardware security module may communicate with other devices via a secure communication channel to securely transfer information between the client device and another device. As a result, sensitive information such as cryptographic keys and data may be securely routed between the client device and another device. The stateless hardware security module may support a limited set of key management operations to facilitate routing of information between the client device and another device. However, the stateless hardware security module does not need to maintain state information for the keys it maintains and/or uses. As a result, the stateless hardware security module may be advantageously integrated into a variety of client devices.Type: GrantFiled: June 21, 2005Date of Patent: April 17, 2012Assignee: Broadcom CorporationInventor: Mark Buer
-
Patent number: 8160256Abstract: A key calculation method and a shared key generation method, the key calculation method including: generating two keys to perform a key calculation; calculating a first value based on coefficients having an identical coefficient value among coefficients included in each of the two keys; and performing a coordinates operation or an exponentiation operation based on the first value, wherein the calculating of the first value is performed with respect to each of coefficient values included in the two keys, excluding 0.Type: GrantFiled: August 8, 2007Date of Patent: April 17, 2012Assignee: Samsung Electronics Co., Ltd.Inventors: Jeong Hyun Yi, Jung Hee Cheon, Taekyoung Kwon, Mun-Kyu Lee, Eunah Kim
-
Patent number: 8150039Abstract: A method and apparatus for securely booting software components in an electronic device to establish an operating environment are described herein. According to an aspect of the invention, software components are to be executed in sequence in order to establish an operating environment of a device. For each software component, a security code is executed to authenticate and verify an executable code image associated with each software component using one or more keys embedded within a secure ROM (read-only memory) of the device and one or more hardware configuration settings of the device. The security code for each software component includes a common functionality to authenticate and verify the executable code image associated with each software component. In response to successfully authenticating and verifying the executable code image, the executable code image is then executed in a main memory of the device to launch the associated software component.Type: GrantFiled: April 15, 2008Date of Patent: April 3, 2012Assignee: Apple Inc.Inventors: Joshua de Cesare, Dallas Blake De Atley, Jonathan Jay Andrews, Michael John Smith
-
Patent number: 8144874Abstract: A system and method comprising a computer useable medium having computer readable program code means embodied therein for authenticating and encrypting and decrypting information transferred over a public network between a client application program running in a client computer and a server application program running in a server computer and a directory service application program running in a server computer. A method for obtaining a session master key by an application from a server includes sending an open request to the server for the session master key and receiving a first reply by the application from the server with a first portion of the session master key. The first reply identifies a directory server from which a second portion of the session master key may be obtained. The application sends an open request to the directory server specified by the server in the first reply for the second portion of the session master key and receives it from the directory server.Type: GrantFiled: September 6, 2007Date of Patent: March 27, 2012Inventor: R. Paul McGough
-
Patent number: 8144877Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.Type: GrantFiled: September 9, 2011Date of Patent: March 27, 2012Assignee: Huawei Technologies Co., Ltd.Inventors: Yanmei Yang, Min Huang
-
Patent number: 8145900Abstract: This disclosure relates to pairing of a different cryptographic key with each pointer in a data structure to form a crypto-pointer. The cryptographic key is used to encrypt the contents of all data stored at the physical location on the storage device indicated by the pointer. Preferably the only data accessible in an unencrypted form is contained in cells that are reachable from root-set crypto-pointers. Once the crypto-pointer associated with a particular memory cell is deleted, normally by overwriting or explicitly zeroing the crypto-pointer, the contents of the memory cell become inaccessible because the data stored at that cell is in encrypted form (cipher text) and the crypto-pointer that included the cryptographic key for decrypting the cipher text has been deleted from the system.Type: GrantFiled: February 26, 2007Date of Patent: March 27, 2012Assignee: Galois, Inc.Inventors: John Launchbury, Thomas Nordin
-
Patent number: 8135132Abstract: A system and method are described supporting secure implementations of 3DES and other strong cryptographic algorithms. A secure key block having control, key, and hash fields safely stores or transmits keys in insecure or hostile environments. The control field provides attribute information such as the manner of using a key, the algorithm to be implemented, the mode of use, and the exportability of the key. A hash algorithm is applied across the key and control for generating a hash field that cryptographically ties the control and key fields together. Improved security is provided because tampering with any portion of the key block results in an invalid key block. The work factor associated with any manner of attack is sufficient to maintain a high level of security consistent with the large keys and strong cryptographic algorithms supported.Type: GrantFiled: December 23, 2009Date of Patent: March 13, 2012Assignee: Hewlett-Packard Development Company, L.P.Inventors: Dale W. Hopkins, Susan Langford, Larry Hines, Ching-Hsuan Chen
-
Patent number: 8130964Abstract: A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. In a one embodiment, the sender [100] computes an identity-based encryption key from an identifier ID associated with the receiver [110]. The identifier ID may include various types of information such as the receiver's e-mail address, a receiver credential, a message identifier, or a date. The sender uses a bilinear map and the encryption key to compute a secret message key gIDr, which is then used to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110] together with an element rP. An identity-based decryption key dID is computed by a private key generator [120] based on the ID associated with the receiver and a secret master key s.Type: GrantFiled: October 28, 2009Date of Patent: March 6, 2012Assignees: The Board of Trustees of the Leland Stanford Junior University, The Regents of the University of California, DavisInventors: Dan Boneh, Matthew Franklin
-
Patent number: 8116450Abstract: A method for measuring trust in a transaction over a public key certificate network includes associating each edge KA?KB of an public key certificate network connecting two public keys KA and KB with a probability p that information about KB is reliable, and a confidence c that is a total dollar amount of transactions which have involved using edge KA?KB. One or more authentication paths are formed in the public key certificate network starting from public key KS and ending with a target public key KT. A limit l of an amount of insurance that an owner of KS is willing to provide to a user interested in a transaction with an owner of KT is calculated, and for each amount m<l, a premium for which the owner of KS is willing to sell insurance to the user for an amount of m is calculated.Type: GrantFiled: October 1, 2008Date of Patent: February 14, 2012Assignee: International Business Machines CorporationInventors: Dakshi Agrawal, Charanjit Singh Jutla
-
Patent number: 8099367Abstract: In a method and arrangement for variable generation of cryptographic securities of communications in a host device, for cryptographic security of a communication for a first purpose a first signature is used and for cryptographic security of a communication for a second purpose a second signature is used, the signatures being differentiated from each other by the type of their generation. A cryptologic module has a number of logic circuits and a changeover switch and is arranged externally of the postal security device and is connected at its output with an information input of the postal security device that has a logic circuit that applies a digital signal algorithm to the output signal supplied by the output in order to generate a signature.Type: GrantFiled: September 20, 2007Date of Patent: January 17, 2012Assignee: Francotyp-Postalia AG & Co. KGInventor: Gerrit Bleumer
-
Patent number: 8099592Abstract: A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.Type: GrantFiled: February 10, 2011Date of Patent: January 17, 2012Assignee: Research In Motion LimitedInventors: David Bajar, Phillip Chi-Jim Luk, Michael Kenneth Brown, Darrell Reginald May
-
Patent number: 8081761Abstract: A communication encryption processing apparatus is provided in which a dedicated signal line is provided between a key management module and an encryption and decryption processing module to perform a key delivery via the dedicated signal line from the key management module to the encryption and decryption processing module, and as a result, transmission and reception of raw key data on a bus is no longer performed.Type: GrantFiled: August 1, 2007Date of Patent: December 20, 2011Assignee: Canon Kabushiki KaishaInventor: Akihiko Yushiya
-
Patent number: 8065533Abstract: A method of and device for granting access to content on a storage medium, including obtaining cryptographic data from a property, such as a wobble, of the storage medium, reading helper data from the storage medium, and granting the access based on an application of a delta-contracting function to the cryptographic data and the helper data. The delta-contracting function allows the choice of an appropriate value of the helper data, such that any value of the cryptographic data which sufficiently resembles the original primary input value leads to the same output value. Substantially different values of the cryptographic data lead to different values of the output.Type: GrantFiled: June 19, 2009Date of Patent: November 22, 2011Assignee: Intrinsic ID B.V.Inventor: Johan Paul Maria Gerard Linnartz
-
Patent number: 8050405Abstract: Methods of securely communicating a message from a first terminal to a second terminal include generating a keypad including a random sequence of bits having a length L, encrypting the message at the first terminal using a bit string beginning at an offset O in the keypad, and transmitting the encrypted message and an indicator of the offset O to the second terminal. A communication terminal includes a controller, a communication module configured to establish a location-limited communication channel, and an encryption unit configured to store a keypad including a random sequence of bits having a length L, to encrypt an outgoing message using the keypad, and to decrypt an incoming message using the keypad.Type: GrantFiled: September 30, 2005Date of Patent: November 1, 2011Assignee: Sony Ericsson Mobile Communications ABInventors: William O. Camp, Jr., Daniel P. Homiller
-
Patent number: 8045705Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.Type: GrantFiled: November 3, 2006Date of Patent: October 25, 2011Assignee: Certicom Corp.Inventors: Adrian Antipa, Yuri Poeluev
-
Patent number: 8014529Abstract: In one embodiment, the invention provides a method for configuring a wireless device, so as to enable the wireless device to join a secured wireless network, by broadcasting a series of broadcast packets encoding a network configuration parameter (e.g., a shared secret key) from a computer coupled to a wireless access point to the wireless device. The information representing the network configuration parameter is encoded, not within the payload portion of the packet, but within the length of each broadcast packet in the series of broadcast packets. Accordingly, a wireless device that has not yet been configured to receive packets from the wireless access point can observe the information encoded in the length of each broadcast packet, and thereby decode the network configuration parameter and join the network.Type: GrantFiled: August 18, 2006Date of Patent: September 6, 2011Assignee: Eye-Fi, Inc.Inventors: Yuval Koren, Earl T. Cohen, Eugene M. Feinberg, Berend Ozceri
-
Patent number: 8009829Abstract: A method and system for deploying a suite of advanced cryptographic algorithms that includes: providing a legacy cryptographic interface that is associated with a legacy operating system and a legacy application, and supports a suite of legacy cryptographic algorithms; providing a suite of advanced cryptographic algorithms that includes one or more of an advanced asymmetric key algorithm, an advanced symmetric key algorithm, and/or an advanced hash function; providing an advanced cryptographic interface that is independent of the legacy operating system and the legacy application, backwards compatible with the legacy cryptographic interface, and capable of supporting the suite of advanced cryptographic algorithms; and transparently and automatically substituting the suite of advanced cryptographic algorithms for the legacy cryptographic algorithms through the invocation of the advanced cryptographic interface at the time of an initial performance of encrypting, hashing, digitally signing the hash of, decryptiType: GrantFiled: October 25, 2007Date of Patent: August 30, 2011Assignee: Spyrus, Inc.Inventors: Robert R. Jueneman, Duane J. Linsenbardt, John N. Young, William Reid Carlisle
-
Patent number: 7995761Abstract: A data providing system is provided which includes: a storage section which stores an encoded file obtained by encoding a data file to be distributed with a predetermined common key and an encoded information file obtained by encoding an information data file including information on the common key with a private key different from the common key; and a file transfer section which transfers the encoded file and the encoded information file from the storage section to external electronic device.Type: GrantFiled: January 10, 2008Date of Patent: August 9, 2011Assignee: Kyocera Mita CorporationInventors: Sachiko Yoshimura, Takanao Kawai
-
Patent number: 7991162Abstract: A method and apparatus for accelerating scalar multiplication in an elliptic curve cryptosystem (ECC) over prime fields is provided. Multiplication operations within an ECC point operation are identified and modified utilizing an equivalent point representation that inserts multiples of two. Algebraic substitutions of the multiplication operations with squaring operations and other cheaper field operations are performed. Scalar multiplication can also be protected against simple side-channel attacks balancing the number of multiplication operations and squaring operations and providing novel atomic structures to implement the ECC operation. In addition, a new coordinate system is defined to enable more effective operation of ECC to multiprocessor environments.Type: GrantFiled: September 14, 2007Date of Patent: August 2, 2011Assignee: University of OttawaInventors: Patrick Longa, Ali Miri
-
Patent number: 7978856Abstract: Methods of managing a key cache are provided. One method may include determining whether a given key has previously been loaded to a trusted platform module (TPM), loading the given key to the TPM and generating a key cache object corresponding to the given key if the determining step determines the given key has not previously been loaded to the TPM and restoring the given key to the TPM based on the key cache object corresponding to the given key if the given key has previously been loaded. Another method may include extracting a key from a TPM if the TPM does not have sufficient memory to load a new key, the extracted key corresponding to a least frequently used key cache object within the TPM. Another method may include restoring a key to a TPM, the restored key having been previously loaded to and extracted from the TPM.Type: GrantFiled: May 25, 2007Date of Patent: July 12, 2011Assignee: Samsung Electronics Co., Ltd.Inventors: Kyung-min Cho, Jong-il Park
-
Patent number: 7961887Abstract: A content distribution system encrypts a content by using different session keys assigned to user systems, encrypts each of the session keys with a public key corresponding to a decryption key unique to each user system, generates, for a group of user identification information items, header information including the encrypted session keys, and a first vector which corresponds to a session key of the session keys and is assigned to arbitrary user identification information u in the group, the first vector being set such that an inner product of the first vector and a second vector concerning the user identification information u becomes equal to zjuv (where zj is a constant value of a session key sj assigned to the user identification information u, and v is group identification information to the group), and transmits the header information and one of the encrypted contents to the user systems.Type: GrantFiled: January 8, 2008Date of Patent: June 14, 2011Assignee: Kabushiki Kaisha ToshibaInventor: Tatsuyuki Matsushita
-
Patent number: 7961885Abstract: In one embodiment, a system comprises JTAG functionality that implements at least a portion of a JTAG protocol. The JTAG functionality supports a test data in (TDI) line, a test data out (TDO) line, a test rest (TR) line, a test mode state (TMS) line, and a test clock (TCLK) line. The system further comprises a debug interface to communicatively couple the system to a debug device external to the system. The debug interface comprises a transmit (TX) line, receive (RX) line, and a clock (CLK) line. The system transmits data output by the JTAG functionality on the TDI input on the RX line of the debug interface and receives data from the debug device on the TX line of the debug interface and provides the received data to the JTAG functionality on the TDO line, TR line and the TMS line.Type: GrantFiled: November 4, 2005Date of Patent: June 14, 2011Assignee: Honeywell International Inc.Inventors: Edwin D. Cruzado, William J. Dalzell, Brian R. Bernier
-
Patent number: 7940930Abstract: A system for scrambling/descrambling packets of a stream of content, each packet having a must stay clear (MSC) section, the system including an input handler including a receiving module to receive the stream, a characteristic analyzer to analyze the stream in order to determine a data independent characteristic of each packet, and a scrambling /descrambling device operationally associated with the input handler, the scrambling/descrambling device including a receiving module to receive the data independent characteristic for each packet from the input handler, and an Initial Value module to determine an Initial Value for each packet as a function of the data independent characteristic of one of the packets being processed, wherein the scrambling/descrambling device is adapted to scramble and/or descramble the packets based on the Initial Value and a Control Word. Related apparatus and methods are included.Type: GrantFiled: March 22, 2006Date of Patent: May 10, 2011Assignee: NDS LimitedInventors: Chaim Shen-Orr, Eliphaz Hibshoosh, Yaacov Belenky, Yaakov (Jordan) Levy
-
Patent number: 7940935Abstract: A content playback apparatus reduces load concentration on a specific server apparatus that manages content keys of encrypted content, while protecting copyrights of the content. The content apparatus makes playback of content recorded in a recording medium sold possible after the specific server breaks down. A key acquisition control unit (204) reads a playback control information table (211) from a recording medium (102) via a reading unit (201). The key acquisition unit (204) acquires a rights key via a key acquisition intermediation unit (223) from an apparatus specified by an acquisition-destination type and a request-destination type that are stored in the playback control information table (211) and that corresponding to the content to be played. The key acquisition unit (204) generates a content key using the acquired rights key and, when required, a medium key recorded in a medium. A decryption unit (203) decrypts encrypted content using the content key.Type: GrantFiled: June 30, 2005Date of Patent: May 10, 2011Assignee: Panasonic CorporationInventors: Tohru Nakahara, Ryuichi Okamoto, Masaya Yamamoto, Katsumi Tokuda, Masaya Miyazaki, Masayuki Kozuka
-
Patent number: 7933840Abstract: One embodiment of the invention enhances the security of electronic signatures during transmission. A peripheral device, which may be located remotely and separate from a host processing system, captures the signature. The peripheral device then binds the signature to the particular transaction record and transmits it to the host processing system. The host processing system validates or confirms the received signature before accepting the transaction. Binding the signature and record data together at the point-of-use reduces the likelihood that someone may be able to hack into the transmission medium, encrypted or not, and obtain the raw signature data. By binding or associating the signature and transaction record data together at the point-of-use, each transaction has a unique key, further foiling attempts at hacking. In various implementations, rather than associating the whole signature with the transaction record data, signature sample points or segments are encrypted with transaction record data.Type: GrantFiled: December 29, 2005Date of Patent: April 26, 2011Assignee: Topaz Systems, Inc.Inventor: Anthony E. Zank
-
Patent number: 7921283Abstract: A digital signature is applied to digital data in real-time. The digital signature serves as a mark of authenticity assuring a recipient that the digital data did in fact originate from an indicated source. The digital signature may be applied to any digital data, including video signals, audio signals, electronic commerce information, data pertaining to land vehicles, marine vessels, aircraft, or any other data that can be transmitted and received in digital form.Type: GrantFiled: March 16, 2007Date of Patent: April 5, 2011Assignee: Verizon Business Global LLCInventor: David Scott Hayes
-
Patent number: 7920706Abstract: A key management of cryptographic keys has a data package including one or more cryptographic keys that are transferred to a personal device 100 from a secure processing point 150 of a device assembly line in order to store device specific cryptographic keys in the personal device 100. In response to the transferred data package, a backup data package is received by the secure processing point 150 from the personal device 100, which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage 125 of a chip 110 included in the personal device 100. The secure processing point 150 is arranged to store the backup data package, together with an associated unique chip identifier read from the personal device 100, in a permanent, public database 170.Type: GrantFiled: October 28, 2003Date of Patent: April 5, 2011Assignee: Nokia CorporationInventors: Nadarajah Asokan, Niemi Valtteri
-
Patent number: 7904709Abstract: A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.Type: GrantFiled: February 3, 2006Date of Patent: March 8, 2011Assignee: Research In Motion LimitedInventors: Dave Bajar, Philip Luk, Michael K. Brown, Darrell May
-
Patent number: 7899184Abstract: The presented messaging protocol uses three new public keys in a signed and encrypted message to achieve backward security and recovery in an environment where an attacker now and then obtains the security parameters in exposed, decrypted form. Backward security is understood to mean that an adversary cannot decrypt those captured encrypted messages that the user has decrypted prior the exposure. The recovery of the protocol means that the attacker at some point of time after the exposure cannot any more decrypt messages created after the exposure. The invention can be used e.g. in encrypted email communication. New to the current state of the art is that a message contains history data: a list of recently used public keys and their Diffie-Hellman counterparts.Type: GrantFiled: September 2, 2004Date of Patent: March 1, 2011Assignee: Pisaramedia OyInventor: Pentti Kimmo Sakari Vataja
-
Patent number: 7894607Abstract: A system, method and media drive for selectively encrypting a data packet. The system includes an encryption key for use in encrypting the data packet, a verification data element derived from the encryption key, an encryption engine for selectively encrypting the data packet using the encryption key, and a verification engine in electronic communication with the encryption engine. The verification engine is configured to receive the encryption key and the verification data element, determine when the verification data element corresponds to the encryption key as received by the verification engine, and prohibit encryption of the data packet by the encryption engine when the verification data element does not correspond to the encryption key as received by the verification engine.Type: GrantFiled: March 10, 2006Date of Patent: February 22, 2011Assignee: Storage Technology CorporationInventor: Alexander S. Stewart
-
Patent number: 7894606Abstract: An embedded program on an embedded device determines whether a security key has been assigned to the embedded device. If the security key has not been assigned, the embedded program uses a random number that is provided by a manufacturer of the embedded device and that is stored in memory of the embedded device to obtain the security key for the embedded device. The security key is stored in the memory of the embedded device. The security key is used to establish secure connections with other devices.Type: GrantFiled: November 28, 2005Date of Patent: February 22, 2011Assignee: Panasonic Electric Works Co., Ltd.Inventor: Bryant Eastham
-
Patent number: 7865741Abstract: A system and method securely replicates a configuration database of a security appliance. Keys stored on an original configuration database of an original security appliance are organized as a novel key hierarchy. A replica or clone of the original security appliance may be constructed in accordance with a cloning technique of the invention. Construction of the cloned security appliance illustratively involves sharing of data between the appliances, as well as substantially replicating the key hierarchy on a cloned configuration database of the cloned appliance.Type: GrantFiled: August 23, 2006Date of Patent: January 4, 2011Assignee: NetApp, Inc.Inventors: Robert Paul Wood, Robert Jan Sussland