Abstract: The present invention provides a method for a data encryption device to perform network communications, the method comprising obtaining an indexed array of encryption keys, wherein the indexed array of encryption keys is shared with a data decryption device; obtaining a message to be encrypted; using a first random or pseudorandom number to determine an index; obtaining a first key from the array of encryption keys, wherein the first key corresponds to the index; selecting a second key from the plurality of encryption keys; encrypting the message using the first key and a second random or pseudorandom number; encrypting the index using the second key and a third random or pseudorandom number; transmitting the encrypted message and the encrypted index to the data decryption device.

Abstract: A content distribution/browsing system is disclosed. First to (m?1)th encrypted content items E(K1, C1?K2,1), . . . , E(Km?1, Cm?1?Km,1) contain second to m-th (next in order) sharing keys K2,1, . . . , Km,1, respectively. When desirous of browsing an (i+1)th content item Ci+1, the (i+1)th sharing key Ki+1,1 is acquired by browsing an immediately preceding i-th content item Ci.

Abstract: In the telemedical system securely sharing encryption keys for enabling secure exchange of the encrypted biological data between the measurement terminal and the server to prevent the data from being stolen by the malicious third party, a service key is transferred to the second adapter attached to a measurement terminal from the server via the first adapter attached to the management apparatus. First, the first adapter attached to the management apparatus receives the service key from the server. Next, the first adapter is temporarily detached from the management apparatus and is attached to the measurement terminal to store the symmetric key. The first adapter is detached from the measurement terminal, and is attached to the management apparatus again. The service key received in the first adapter is encrypted using the symmetric key, and the encrypted key is transmitted to the second adapter attached to the measurement terminal.

Abstract: A method for conducting transactions, includes: encoding concatenated transaction information at a cash point; sending the encoded concatenated transaction information from the cash point to a mobile device; receiving verification information from the mobile device formed in response to the encoded concatenated transaction information; confirming the received verification information; completing a transaction in the event of successfully confirming the received verification information.

Abstract: The present invention involves establishing a top-level key and optionally also a verification tag. The top-level key is used as the MDP key for encrypting a broadcast medium. Only the part of the key message that contains the encrypted top-level key is authenticated, e.g. using a signature or a Message Access Code (MAC). Any known group-key distribution protocol can be used that is based on the creation of a hierarchy of keys. Examples of such methods are the LKH and SD methods. The group-key distribution protocol output key H, traditionally used as the MDP key, or a derivative thereof is used to encrypt the top-level MDP-key. The invention, further, includes optimization of a group-key message by eliminating unnecessary message components relative a specified group or sub-group of users. The optimization can be made in dependence of contextual data such as user profile, network status, or operator policies.

Abstract: There is disclosed a device, system, and method for a ROM BIOS based trusted encrypted operating system for use in a gaming environment. The gaming device includes a ROM storing a BIOS, a secure loader, an encrypted operating system, and a decryption key for decrypting the encrypted operating system. The decryption key is partitioned and scattered about the secure loader. The method includes initializing the BIOS, locating the decryption key, decrypting the encrypted operating system with the encryption key, verifying a plurality of check codes, and transferring control to the operating system. The check codes are verified responsive to decrypting the encrypted operating system. The check codes are dispersed about the operating system and are unrelated to the operating system. Control is transferred to the operating system responsive to verifying the check codes.

Abstract: A method of managing a home network key in a home network environment, which has a key management server for managing the home network key and a plurality of home network devices, includes: allowing a home network device to generate device unique information and to transmit the device unique information to the key management server; allowing the key management server to generate a parameter for generating the home network key by using the device unique information and to transmit the parameter to the home network device; and allowing the home network device to generate the home network key by using the parameter. The generated home network key being independent of the device unique information.

Abstract: A system, method, and program product is provided that uses environments to control access to encryption keys. A request for an encryption key and an environment identifier is received. If the encryption key is not associated with the environment identifier, the request is denied. If they are associated, the system receives user-supplied environment authentication data items from a user. Examples of environment authentication data include passwords, user identifiers, user biometric data (e.g., fingerprint scan, etc.), smart cards, and the like. The system retrieves stored environment authentication data items from a secure (e.g., encrypted) storage location. The retrieved stored environment authentication data items correspond to the environment identifier that was received. The received environment authentication data items are authenticated using the retrieved stored environment authentication data items.

Abstract: Stateless hardware security modules facilitate securing data transfers between devices in a data communication system. The stateless hardware security module may communicate with other devices via a secure communication channel to securely transfer information between the client device and another device. As a result, sensitive information such as cryptographic keys and data may be securely routed between the client device and another device. The stateless hardware security module may support a limited set of key management operations to facilitate routing of information between the client device and another device. However, the stateless hardware security module does not need to maintain state information for the keys it maintains and/or uses. As a result, the stateless hardware security module may be advantageously integrated into a variety of client devices.

Abstract: Disclosed is a method for generating a Short Term Key Message (STKM) for protection of a broadcast service being broadcasted to a terminal in a mobile broadcast system. The method includes transmitting, by a Broadcast Service Subscription Management (BSM) for managing subscription information, at least one key information for authentication of the broadcast service to a Broadcast Service Distribution/Adaptation (BSD/A) for transmitting the broadcast service, generating, by the BSD/A, a Traffic Encryption Key (TEK) for deciphering of the broadcast service in the terminal and inserting the TEK into a partially created STKM, and performing, by the BSD/A, Message Authentication Code (MAC) processing on the TEK-inserted STKM using the at least one key information, thereby generating a completed STKM.

Abstract: A processing system to serve as a source device for protected digital content comprises a processor and control logic. The processing system may generate and save a first master key, and may transmit that key to a first receiving device for use during a first session. During a second session, the processing system may obtain an identifier for a candidate receiving device. The processing system may use the identifier to determine whether the processing system contains a master key for the candidate receiving device. If the processing system such a master key, the processing system may send verification data concerning that key to the candidate receiving device, and may use that key to encrypt a session key for the second session. If not, a second master key may be generated and transmitted to the candidate receiving device for use during the second session. Other embodiments are described and claimed.

Abstract: The present invention provides systems and methods for allowing an Email User to create a Public Key Infrastructure (PKI) Email Account and thereafter to digitally sign, send, verify and receive PKI encrypted emails over a computer network, such as the Internet. The systems and methods preferably include a Web-based Email System and a Certificate Authority that coordinate their actions to make the process of creating, maintaining and using the PKI Account as easy as possible for the Email User. In a preferred embodiment, a Keystore System may also be used to enhance the management and use of digital keypairs.

Abstract: A content reproduction apparatus (1) which reproduces digital contents, and includes a device key storage unit (110) holding a device key (110a) specific to the content reproduction apparatus (1) in a manner that does not allow access from outside the content reproduction apparatus (1). The content reproduction apparatus (1), also includes a device ID storage unit (19) holding device key index information (19a) that is in a one-to-one association with a device key (110a), an instruction code receiving unit (14a) receiving an instruction code to output index information, a device key index information obtainment processing unit (10a) outputting, to outside, the device key index information (19a) stored in the device ID storage unit (19) based on the instruction, and a device key index information output processing unit (11a).

Abstract: An encryption and decryption interface for integrated circuit (IC) design with design-for-manufacturing (DFM). The interface includes a decryption module embedded in an IC design tool; an encrypted DFM data provided to an IC designer authorized for utilizing the encrypted DFM data; and a private key provided to the IC designer for decrypting the encrypted DFM data in the IC design tool.

Abstract: A recording and reproduction apparatus for preventing illegitimate use of contents. A recording medium stores an inherent number in an unrewritable area. The recording apparatus writes media key data and an encrypted content onto the recording medium. The media key data includes encrypted media keys generated by (i) for each of unrevoked reproduction apparatuses, encrypting a media key using a device key of the unrevoked reproduction apparatus respectively, and (ii) for each of revoked reproduction apparatuses, encrypting detection information using a device key of the revoked reproduction apparatus. The reproduction apparatus decrypts the encrypted media key using a device key to generate a decryption media key, judges whether the decryption media key is the detection information, and prohibits the encrypted content recorded on the recording medium from being decrypted when judged in the affirmative.

Abstract: In one embodiment, a method is provided that may include encrypting, based least in part upon at least one key, one or more respective portions of input data to generate one or more respective portions of output data to be stored in one or more locations in storage. The method of this embodiment also may include generating, based at least in part upon the one or more respective portions of the output data, check data to be stored in the storage, and/or selecting the one or more locations in the storage so as to permit the one or more respective portions of the output data to be distributed among two or more storage devices comprised in the storage. Many modifications, variations, and alternatives are possible without departing from this embodiment.

Abstract: A method for control ling information object (102) usage in a network of information (100) wherein information objects (102) are identified by information object identities and locations of the information objects (102) are indicated by location pointing information, the method comprising receiving (5b) an encrypted information object (102), sending (7) to a resolution node (D200) a request for location pointing information of a key issuing node (D300), the request comprising an identity of the received information object (102), receiving (8) the location pointing information of the key issuing node (D300), sending (9) to the key issuing node (D300) a request for an access key (104) for decrypting the encrypted information object (102), the request comprising the identity of the received information object (102), receiving (11) the access key (104), and decrypting (12) the received encrypted information object (102) with the received access key (104).

Abstract: A transmitting/receiving system includes a transmitting apparatus that transmits, to another apparatus, first encrypted data obtained by encrypting stream data including consecutive unit data items in accordance with a first encryption technique prescribing that, when the stream data is encrypted for each item, keys used for encrypting the items are updated, and a receiving apparatus that receives and decrypts the first data from the transmitting apparatus in accordance with a first decryption technique. The transmitting apparatus includes an encryptor that outputs second encrypted data obtained by generating data including a predetermined number of keys, and encrypting the data in accordance with a second encryption technique, a transmitter that transmits the second data from the encryptor to the receiving apparatus.

Abstract: The present embodiments advantageously provide methods and systems for use in decrypting content, and in some preferred embodiments expanding a security environment to distribute the computational processing involved in decryption. In some embodiments, a method for use in decrypting content is provided that receives a first content key at a first system for the decryption of a first track of encrypted content; encrypts the first content key according to a first instance key known at the first system; communicates the first encrypted content key over an externally accessible communication link to a second system; generates the first instance key at the second system independent of the first system; decrypts the first encrypted content key using the generated first instance key at the second system; and decrypts the first track of encrypted content using the first unencrypted content key at the second system.

Abstract: An embodiment pertains generally to a method of delivering keys in a server. The method includes generating a subject key pair, where the subject key pair includes a subject public key and a subject private key. The method also includes retrieving a storage key and encrypting the subject private key with the storage key as a wrapped storage private key. The method further includes storing the wrapped storage private key.

Abstract: A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.

Abstract: A recording/playback apparatus for recording or playing back content is provided. For example, a playback unit plays back a medium on which an encrypted content management unit and an encrypted unit key for encrypting the content management unit are recorded. The encrypted unit key is decrypted according to a predetermined decryption procedure. An obtaining unit obtains subsequently generated or obtained data corresponding to the content data played back by the playback unit and a subsequently generated or obtained data key. A decryption unit decrypts the subsequently generated or obtained data key obtained by the obtaining unit according to the predetermined decryption procedure for decrypting the encrypted unit key to decrypt the subsequently generated or obtained data based on the decrypted subsequently generated or obtained data key.

Abstract: A method, system and apparatus of a secure debug interface and memory of a media security circuit and method are disclosed. In one embodiment, a host processor, an external hardware circuit to encrypt an incoming data bit communicated to a debug interface using a debug master key stored at a pointer location of a memory (e.g., the memory may be any one of a flash memory and/or an Electrically Erasable Programmable Read-Only Memory (EEPROM)) and to decrypt an outgoing data bit from the debug interface using the debug master key, and a media security circuit having the debug interface to provide the pointer location of the memory having the debug master key to the external hardware circuit.

Abstract: According to one embodiment of the present invention, a method of establishing a secure call includes generating a session key at a centralized location. The session key is encrypted with a first public key and transmitted from the centralized location to a first endpoint. The session key is additionally encrypted with a second public key and transmitted from the centralized location to a second endpoint. The centralized location is at a location other than a location of the first endpoint and the second endpoint. The session key is operable to encrypt the call between the first endpoint and the second endpoint.

Abstract: A communication encryption processing apparatus is provided in which a dedicated signal line is provided between a key management module and an encryption and decryption processing module to perform a key delivery via the dedicated signal line from the key management module to the encryption and decryption processing module, and as a result, transmission and reception of raw key data on a bus is no longer performed.

Abstract: Techniques for two-way authentication between two communication endpoints (e.g., two devices) using a one-way out-of-band (OOB) channel are presented. Here, in embodiments, both communication endpoints may be securely authenticated as long as the one-way OOB channel is tamper-proof. Embodiments of the invention do not require the one-way OOB channel to be private to ensure that both endpoints are securely authenticated. Since providing a two-way or private OOB channel adds to the cost of a platform, embodiments of the invention provide for a simple and secure method for two-way authentication that uses only a non-private one-way OOB channel and thus helping to reduce platform cost. Other embodiments may be described and claimed.

Abstract: Security in a mobile ad hoc network is maintained by using various forms of encryption, various encryption schemes, and various multi-phase keying techniques. In one configuration, an over the air, three-phase, re-keying technique is utilized to ensure that no authorized nodes are lost during re-keying and that nodes that are intended to be excluded from re-keying are excluded. In another configuration, an over the air, two-phase keying technique, is utilized to maintain backwards secrecy.

Abstract: A method of and device for granting access to content on a storage medium, including obtaining cryptographic data from a property, such as a wobble, of the storage medium, reading helper data from the storage medium, and granting the access based on an application of a delta-contracting function to the cryptographic data and the helper data. The delta-contracting function allows the choice of an appropriate value of the helper data, such that any value of the cryptographic data which sufficiently resembles the original primary input value leads to the same output value. Substantially different values of the cryptographic data lead to different values of the output.

Abstract: A technique carries out seed (or key) derivation within an electronic apparatus (e.g., a hand holdable electronic apparatus such as a token, an authentication server, etc.). The technique involves acquiring a stored representation of a derived seed, the stored representation of the derived seed resulting from an earlier-performed cryptographic operation based on a higher-level seed. The technique further involves (i) performing a current cryptographic operation based on a stored representation of the higher-level seed, the current cryptographic operation resulting in a current representation of the derived seed, and (ii) providing a corruption detection signal indicating whether the current representation of the derived seed matches the stored representation of the derived seed.

Abstract: The system for receiving broadcast digital data (in particular pay television services) comprises a master digital terminal (1), and at least one slave digital terminal (2) connected to the master terminal by a link (3) and able to receive protected digital data. The slave digital terminal can access the protected data only if information necessary for accessing the data and received by the master digital terminal is sent by way of link (3) to the slave digital terminal within a predetermined deadline. This information is in particular access entitlements to television services or keys for descrambling the service.

Abstract: A method for distributing updates for a key is described. One or more update requests are received per unit of time. The number of received update requests per unit of time is multiplied by a maximum update period to estimate the number of active nodes in a group. The total number of received update requests per unit of time is determined. An amount representing additional update requests per unit of time is obtained from the difference between the total number of received updates and a determined maximum. A minimum update period for a group of nodes is determined.

Abstract: The present invention allows creation of a backup key for backing up an encryption key inside a source trusted chip, encrypting the encryption key with the backup key, exporting the encrypted encryption key from the source trusted chip and storing it in a storage device, encrypting the backup key for transmission to a trusted third party. If the encrypted encryption key needs to be restored inside a destination trusted chip, the backup key and the encryption key encrypted with the backup key are imported to the destination trusted chip, where the encrypted encryption key is decrypted with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip.

Abstract: A method and apparatus is provided for consolidating cryptographic key updates, the consolidated update information enabling, for example, a returning member of a secure group who has been offline, to recover the current group key, at least in most cases. The unconsolidated key updates each comprise an encrypted key, corresponding to a node of a key hierarchy, that has been encrypted using a key which is a descendant of that node. The key updates are used to maintain a key tree with nodes in this tree corresponding to nodes in the key hierarchy. Each node of the key tree is used to store, for each encrypting key used in respect of the encrypted key associated with the node, the most up-to-date version of the encrypted key with any earlier versions being discarded. The key tree, or a subset of the tree, is then provided to group members.

Abstract: Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key.

Abstract: Automatic configuration of devices upon introduction into a networked environment, can be implemented, for example, by having a device randomly generate a series of letters and/or numbers, e.g., generate a PIN (Personal Identification Number) that encodes temporary credentials that, in addition to proving ownership and/or control over the device by virtue of having access to the PIN, also allows creating a temporary secure communication channel based on the PIN over which permanent security credentials may be transferred to the device to facilitate provisioning it to securely communicate in the networked environment. In a wireless scenario, a unique SSID and encryption key (WEP or WPA) may be determined as a function of the PIN, where both the device and its access point utilize the PIN to establish a temporary secure communication channel. Various techniques may be used to establish ownership and/or control over the device to prevent inadvertent association of the device with a wrong networked environment.

Abstract: A group key management method for secure multicast communication includes: creating a tree having a root node, internal nodes and leaf nodes to manage group keys of a receiver group by a group key management server; generating user keys of all nodes excluding the root node in the tree on the basis of Chinese Remainder Theorem; assigning the leaf nodes of the tree to users of the receiver group; and sending the user keys of the leaf nodes to the corresponding users for group key management. Further, the group key management method for secure multicast communication includes generating group keys of all non-leaf nodes; computing a solution of congruence equations based on the user key and group key by using Chinese Remainder Theorem for each non-leaf node; and multicasting a group key update message to each user of the respective leaf nodes.

Abstract: Content data encrypted with a content key, the content key encrypted with an individual key specific to an information sending device, and the individual key encrypted with a distribution key that is updated in a predetermined cycle, and supplied are sent to an information receiving device, and the information receiving device decrypts the individual key with the distribution key, decrypts the content key with the individual key, and decrypts the content data with the content key. Thus, the information sending device does not have the distribution key, and accordingly piracy of content data can be prevented with a simple configuration. Also, the information receiving device sends the content key and a playback command to other apparatuses. Thus, other apparatuses can play back contents using the playback command and the content key. Furthermore, the information sending device decrypts the content key with the distribution key before being updated, and stores the same.

Abstract: A data processing system comprises a plurality of key production modules each of which stores keys required to encrypt data and decrypt the encrypted data, produces a new key, encrypts the newly produced key by using one of the keys stored therein as a master key, and stores the encrypted key therein. The data processing system comprises a key replication unit that, upon producing a new key in one of the key production modules serving as a source key production module, urges the source key production module to encrypt the newly produced key by using one of the keys stored in another of the remaining key production modules serving as a destination key production module, and then stores the encrypted key in the destination key production module, thereby executing a key replication process.

Abstract: There is provided a method and apparatus for providing a content service. A method of providing a content service includes generating a plurality of pieces of decryption information according to a continuous period of using a broadcasting service with respect to predetermined contents, encrypting the contents, and decrypting the encrypted contents using the decryption information.

Abstract: The present invention relates to an information processing apparatus by which a communication channel providing a high degree of privacy is established between a PDA and a data communication server. Data encrypted with a temporary key is shared by a PDA and a memory card. The memory card decrypts the data by the shared temporary key, and then stores the data in the memory card. Data encrypted with a temporary key shared by a PC and the memory card. The PC decrypts the data by the shared temporary key, and then stores the data in the PC. The PC and the data communication server are connected to each other, and perform mutual authentication. The data encrypted with a temporary key shared by the PC and the data communication server as a result of the authentication is transmitted from the PC to the data communication server via a broadband network.

Abstract: A method and apparatus for authenticated recoverable key distribution are described. In one embodiment, an application key is provided to an integrated chip platform. In one embodiment, the integrated chip platform encrypts the application key with a Key Encryption Key, which is stored within the persistent memory on the platform, and outputs a ChipID and the encrypted application key to enable recovery. In one embodiment, the platform can provide the ChipID to a recovery database to replace a lost encrypted application key. In one embodiment, the ChipID is the public key of a public/private key pair, and the application key is provided to the integrated chip platform by encrypting it using this public key. In one embodiment, the ChipID and the Key Encryption Key are derived from a secret random number programmed into the integrated chip. Other embodiments are described and claimed.

Abstract: Method and system for storing data in a storage device accessible through a storage area network is provided. The method includes receiving data from a host system; generating a first encryption key for encrypting data information that describes the received data; generating a second encryption key that encrypts the first encryption key and the encrypted data information; generating an encryption packet that includes the second encryption key, the first encryption key and the data information; storing the encryption packet at one or more memory locations; and periodically refreshing the encryption packet without periodically encrypting the received data for securely storing the received data.

Abstract: A network security handshake exchange for combining user and platform authentication. The security handshake exchange performs operations on a pre-master secret to increase identity verification and security. The pre-master secret is augmented and authenticated with platform identity and user identity credentials of one endpoint. A second phase of exchanges may include exchange of a master secret that is the pre-master secret modified with platform identity and user identity of the other endpoint.

Abstract: A data providing system is provided which includes: a storage section which stores an encoded file obtained by encoding a data file to be distributed with a predetermined common key and an encoded information file obtained by encoding an information data file including information on the common key with a private key different from the common key; and a file transfer section which transfers the encoded file and the encoded information file from the storage section to external electronic device.

Abstract: To provide a backup management device that deletes a content so as to be restorable in the future while protecting a copyright of the content, in a case where there exists a backup of the content. In an HD recorder, a first information storage unit stores a content, a second information storage unit stores a backup of the content, a secure storage unit stores a hash value of the content. If receiving an instruction to delete the content so as to be restorable, a control unit deletes the content from the first information storage unit. When the content is played back, an encryption processing unit applies a calculation to the content to generate detection information, and the control unit compares the hash value with the detection information to judge whether the content has been tampered.

Abstract: A communication apparatus includes an encryption key generation unit that generates encryption key information at constant encryption key generation intervals, a common key generation unit that generates common key information uniquely with respect to a generation time at common key generation intervals set longer than the encryption key generation intervals, a common key application unit that performs encryption or decryption of the encryption key information by using the common key information, and an encryption key distribution unit that makes a request to a data transmitting/receiving unit to distribute the encryption key information to a plurality of communication apparatuses to be communicated simultaneously at encryption key distribution intervals set shorter than the encryption key generation intervals to perform communication with higher security.

Abstract: An encryption processing apparatus and method in which the difficulty of encryption analysis based on power analysis can be increased considerably are provided. By dividing an original encryption processing sequence into a plurality of groups and by mixing the processing sequence by setting dummies as necessary, several hundreds to several thousands of types of different mixed encryption processing sequences can be set, and a sequence selected from a large number of these settable sequences is performed. According to this configuration, consumption power variations which are completely different from consumption power variations caused by a regular process possessed by the original encryption processing sequence can be generated, and thus the difficulty of encryption analysis based on power analysis can be increased considerably.

Abstract: Methods of managing a key cache are provided. One method may include determining whether a given key has previously been loaded to a trusted platform module (TPM), loading the given key to the TPM and generating a key cache object corresponding to the given key if the determining step determines the given key has not previously been loaded to the TPM and restoring the given key to the TPM based on the key cache object corresponding to the given key if the given key has previously been loaded. Another method may include extracting a key from a TPM if the TPM does not have sufficient memory to load a new key, the extracted key corresponding to a least frequently used key cache object within the TPM. Another method may include restoring a key to a TPM, the restored key having been previously loaded to and extracted from the TPM.

Abstract: This document describes techniques and apparatuses enabling application of digital rights management (DRM) to media streams. In one embodiment, three license levels are used to protect numerous television channels without undue use of computing resources.

Abstract: Disclosed herein is an electronic device network having a plurality of associated electronic devices. The electronic devices may include an update agent adapted to decipher code and/or data segments. The update agent may also be adapted to modify and/or upgrade firmware and/or software components resident in the electronic devices by employing the deciphered code and/or data segments along with contents of an update. An update generator, resident in the electronic devices may employ deciphering techniques to the code and/or date segments to extract enciphered code and/or data segments. The update generator may also process the code and/or data segments to generate an update including difference information. The update generator may also be adapted to encipher difference information in the generated update.