User-to-user Key Distributed Over Data Link (i.e., No Center) Patents (Class 380/283)
  • Patent number: 7835528
    Abstract: An approach is provided for refreshing keys in a communication system. An application request is transmitted to a network element configured to provide secure services. A message is received, in response to the application request, indicating refreshment of a key that is used to provide secure communications with the network element. A refreshed key is derived based on the received message.
    Type: Grant
    Filed: April 4, 2006
    Date of Patent: November 16, 2010
    Assignee: Nokia Corporation
    Inventors: Gabor Bajko, Tat Keung Chan
  • Publication number: 20100284540
    Abstract: A system and method are provided for enabling a symmetric key to be derived, the method comprising: obtaining a plurality of key parts, wherein the plurality of key parts when combined equal the symmetric key; encrypting a first of the key parts using a first cryptographic algorithm to generate a first encrypted value; encrypting one or more remaining key parts of the plurality of key parts using respective cryptographic algorithms to generate one or more additional encrypted values, wherein each key part encrypted is encrypted using a different cryptographic algorithm; and providing the first encrypted value and the one or more additional encrypted values to an other entity to enable the other entity to derive the symmetric key.
    Type: Application
    Filed: July 20, 2010
    Publication date: November 11, 2010
    Applicant: CERTICOM CORP.
    Inventors: Donald B. Johnson, Scott Alexander Vanstone
  • Publication number: 20100278345
    Abstract: A method and an apparatus that establish a first communication channel or pair with a target device in proximity to a source device are described. A pairing message is sent to the target device in proximity to the source device over the first communication channel from the source device. A secret and an identifier associated with an application are included in the pairing message. In response to receiving the secret back from the target device for a second communication channel, pairing data of the application are sent to the target device over the second communication channel.
    Type: Application
    Filed: May 4, 2009
    Publication date: November 4, 2010
    Inventors: Thomas Matthieu Alsina, Guy L. Tribble, Philippe Champeaux
  • Patent number: 7822983
    Abstract: A system and/or method that facilitates the installation and/or authentication of a device by invoking installation protocols and/or authentication protocols for a non-physical connection. A physical interface component provides a physical connection between at least one wireless device and at least one network entity in which the installation protocols and/or authentication protocols can be exchanged. The physical interface component can utilize a token key to establish multiple non-physical connections with multiple wireless devices. Additionally, the physical interface component can utilize a daisy chain scheme to install and/or authenticate a wireless device.
    Type: Grant
    Filed: August 21, 2003
    Date of Patent: October 26, 2010
    Assignee: Microsoft Corporation
    Inventors: Randall E. Aull, Bernard J. Thompson
  • Patent number: 7822987
    Abstract: A method of verifying a pair of correspondents in electronic transaction, the correspondents each including first and second signature schemes and wherein the first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The method comprises the step of the first correspondent signing information according to the first signature scheme and transmitting the first signature to the second correspondent, the second correspondent verifying the first signature received from the first correspondent, wherein the verification is performed according to the first signature scheme.
    Type: Grant
    Filed: November 26, 2008
    Date of Patent: October 26, 2010
    Assignee: Certicom Corp.
    Inventor: Scott A. Vanstone
  • Publication number: 20100268936
    Abstract: Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated. A first terminal 102 includes a mechanism for protecting data by a private key in the public key method held by TPM, and a second terminal 103 includes a key in the private key method encrypted by the private key in the public key method held by TPM and a mechanism for protecting the data by the key. A Migration Authority 101 holds a security policy table describing a security policy and judges whether data movement from the first terminal 102 to the second terminal 103 is enabled according to the security policy table.
    Type: Application
    Filed: June 23, 2008
    Publication date: October 21, 2010
    Inventors: Hideki Matsushima, Yuichi Futa, Hisashi Takayama, Takayuki Ito, Tomoyuki Haga, Taichi Sato
  • Publication number: 20100260338
    Abstract: A method and apparatus for establishing a cryptographic relationship between a first node and a second node in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that it is entitled to act on behalf of the first node.
    Type: Application
    Filed: November 21, 2008
    Publication date: October 14, 2010
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventors: Wassim Haddad, Mats Naslund
  • Publication number: 20100260339
    Abstract: Secure data transfer apparatus comprising a first device to be mounted in a housing in a predetermined normal configuration for normal operation wherein secure data transfer takes place between the first device and a second device in the housing, the first device including a detector configured to detect when the first device is placed in a predetermined initialization configuration different from the normal configuration and to enable an initialization data transfer between the devices for permitting normal operation to occur thereafter in said normal configuration.
    Type: Application
    Filed: April 7, 2010
    Publication date: October 14, 2010
    Inventor: Andrew W. Barson
  • Publication number: 20100257363
    Abstract: A method and system for secure communication is provided. The method for secure communication with devices includes: obtaining a parameter for protecting a content; authenticating each other by exchanging a certificate with the device; and exchanging a key with the device using a key authenticated through the certificate to establish a secure authenticated channel with the device. Accordingly, it is possible to establish the secure authenticated channel and perform secure communication by computing a secure authenticated channel key.
    Type: Application
    Filed: May 7, 2008
    Publication date: October 7, 2010
    Applicant: LG ELECTRONICS INC.
    Inventors: Kumar K. Kiran, Sung Hyun Cho, Min Gyu Chung, Koo Yong Pak, Il Gon Park, Soo Jung Kim
  • Publication number: 20100257352
    Abstract: The present disclosure provides systems and methods for secure and certified electronic messaging from a plurality of users to one or more electronic mailboxes and the like using a combination of biometric security, a separate and secure network and email infrastructure, email management processes, and the addition of text, audio and visual format options to sending emails messages.
    Type: Application
    Filed: June 26, 2009
    Publication date: October 7, 2010
    Inventor: Stephen ERRICO
  • Patent number: 7809139
    Abstract: A digital broadcast receiver and a control method thereof are disclosed. The control method includes receiving a broadcast signal into which mobile service data and main service data are multiplexed, extracting TPC signaling information and FIC signaling information from a data group in the received mobile service data, acquiring a program table describing virtual channel information and a service of an ensemble, using the extracted FIC signaling information, the ensemble being a virtual channel group of the received mobile service data, detecting a conditional access descriptor indicating whether the mobile service data was encrypted, using the acquired program table, and controlling such that the encrypted mobile service data is decrypted, using information of the detected conditional access descriptor.
    Type: Grant
    Filed: September 22, 2008
    Date of Patent: October 5, 2010
    Assignee: LG Electronics, Inc.
    Inventors: In Hwan Choi, Chul Soo Lee, Sang Kil Park
  • Publication number: 20100250923
    Abstract: A communication apparatus includes: a first storage unit configured to store a plurality of addresses of a plurality of first communication apparatuses; an acquiring unit configured to acquire a self-public key; a specifying unit configured to specify an address of at least one of the plurality of first communication apparatuses stored in the first storage unit when the self-public key is acquired; and a first public key sending unit configured to send the self-public key to the address of the at least one of the plurality of first communication apparatuses specified by the specifying unit.
    Type: Application
    Filed: March 18, 2010
    Publication date: September 30, 2010
    Applicant: BROTHER KOGYO KABUSHIKI KAISHA
    Inventor: Satoru YANAGI
  • Publication number: 20100250439
    Abstract: An apparatus for protecting contents streamed through re-transmission, includes a content service site for servicing a content, managing end user and re-sender re-transmitting the content streamed from the content service site to another user, and issuing and managing a re-transmission license and a content license. The end user pays a charge to the content service site, receives an issued license from the content service site, and uses the content received from the re-sender through re-transmission.
    Type: Application
    Filed: December 15, 2008
    Publication date: September 30, 2010
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Jee Hyun Park, Jung Soo Lee, Jung Hyun Kim, Yeon Jeong Jeong, Do-Won Nam, Kisong Yoon
  • Publication number: 20100250053
    Abstract: A tachograph and a toll onboard unit as communication partners, which each have a data interface for a data communication via a vehicle data bus to which the communication partners are coupled. The tachograph and/or the toll onboard unit are implemented as a transmitter of data to ascertain a cryptographic check value as a function of user data, which are to be transmitted to the communication partner, and to transmit the cryptographic check value in addition to the user data to the communication partner. The toll onboard unit or the tachograph, respectively, as a receiver of data, is implemented to receive user data and the cryptographic check value associated with the user data from the communication partner and to check the received user data for corruption as a function of the received cryptographic check value.
    Type: Application
    Filed: September 25, 2008
    Publication date: September 30, 2010
    Inventors: Thomas Grill, Erwin Hess, Raphael Lo Conte, Gerhard Rombach
  • Patent number: 7805614
    Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.
    Type: Grant
    Filed: March 31, 2005
    Date of Patent: September 28, 2010
    Assignee: Northrop Grumman Corporation
    Inventors: Kenneth W. Aull, William Gravell, James B. Rekas
  • Publication number: 20100241860
    Abstract: In a key-insulated cryptosystem according to the present invention, a plurality of external devices are associated with a number of updates of a terminal secret key which has already been updated, and a different piece of secret information is stored in each of the external devices. In addition, a key-updating method in the key-insulated cryptosystem according to the present invention includes steps of: selecting one of the external devices depending on the number of updates of the terminal secret key; and causing the selected external device to generate key-updating information used for updating the terminal secret key based on the number of updates and the stored secret information.
    Type: Application
    Filed: March 19, 2010
    Publication date: September 23, 2010
    Applicant: NTT DoCoMo, Inc.
    Inventor: Yumiko HANAOKA
  • Patent number: 7801517
    Abstract: Methods, systems, and computer program products for implementing a roaming controlled wireless network and services is provided. The method includes assigning an identifier and key to a multi-mode network-enabled communications device, the identifier and key inaccessible to an end user of the communications device. The method further includes assigning an identifier and key to a gateway device. The method further includes configuring an auto-provisioning element on each of the devices and remotely provisioning activation of roaming controlled communications services for the end user of the communications device. The remote provisioning includes transmitting a signal to one of the devices configured with the auto-provisioning element, which causes the devices to exchange identifiers and keys via a wireless local network. In response to exchanging the identifiers and keys between the devices, the communications device is permitted to communicate over the wireline network via the gateway device.
    Type: Grant
    Filed: December 30, 2005
    Date of Patent: September 21, 2010
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Richard J. Silvestri
  • Publication number: 20100235621
    Abstract: A wireless access point and method of using a wireless access point to allow a user to use a pre-determined security key provided with the access point or a personal security key that is provided by the user. The access point is purchased with a pre-determined security key. A user of the access point may press a pairing button on the access point to automatically pair other devices with the access point using the pre-determined security key. A label with a passphrase that corresponds to the pre-determined security key is provided with the access point, allowing the user to manually enter the passphrase into devices that cannot automatically pair with the access point. The wireless access point also has a “security on/off” button. When the user presses the security on/off button, the access point may cease use of the pre-determined security key in favor of a personal security key.
    Type: Application
    Filed: March 10, 2009
    Publication date: September 16, 2010
    Inventors: David B. Winkler, Yaro P. Brock, Jasdeep S. Chugh, Michael C. Kemery
  • Publication number: 20100235635
    Abstract: Methods for transferring a set of data from a first processing device to a second processing device are provided. Pursuant to these methods a secure shell (“SSH”) authentication is performed to authenticate a first user that is logged onto the first processing device to a second user that is logged onto the second processing device. The set of data is divided into a first data subset and a second data subset. The first data subset is encrypted to provide an encrypted data set. The encrypted data set is transferred from the first processing device to the second processing device. The second data subset is also transferred from the first processing device to the second processing device, but without encrypting the second data subset. Related data transfer systems and computer program products are also provided.
    Type: Application
    Filed: March 10, 2009
    Publication date: September 16, 2010
    Inventors: MADHUKAR KSHIRSAGAR, AJAY JOSHI
  • Patent number: 7796286
    Abstract: An image forming apparatus includes a judging unit that judges whether a replacement part attached to the image forming apparatus needs replacement based on consumption information indicative of how much the replacement part has been consumed. The replacement part includes a storage unit that stores therein information including identification information unique to the replacement part. When the judging unit judges that the replacement part needs replacement, a reading unit reads the identification information from the replacement part, and an encrypting unit encrypts a predetermined piece of information in the replacement part based on the identification information read by the reading unit.
    Type: Grant
    Filed: January 26, 2006
    Date of Patent: September 14, 2010
    Assignee: Ricoh Company, Ltd.
    Inventor: Toshikatsu Omotani
  • Patent number: 7792289
    Abstract: A communications system in which a sending computer encrypts a message using a key associated with the computer which is to receive the message; and the receiving computer uses a key associated with the sending computer in the decryption process. The sending computer is equipped with a set of keys and each key within the set may be used for the encryption process, depending on the destination of the message; and the receiving computer chooses its key based on who the sending computer is.
    Type: Grant
    Filed: June 28, 2005
    Date of Patent: September 7, 2010
    Inventor: Mark Ellery Ogram
  • Patent number: 7792285
    Abstract: A system and method for securely exchanging plurality of information items used to generate a plurality of encryption keys used in a public key-and-private key system. In accordance with the principles of the invention, elements of exchanged information items, such as public key and synchronizing indictors are encrypted before the exchange. The information item element is encrypted using an encryption key determined from information items that were previously exchanged. The encryption of information items used to determine subsequent encryption keys provides additional security to the encryption key used in the transmission of informational data as the encrypted elements of the information item must be decrypted before the data message encryption key can be decrypted. The process of exchanging encrypted information items can be repeated until an agreed upon number of encrypting keys is determined.
    Type: Grant
    Filed: July 27, 2006
    Date of Patent: September 7, 2010
    Assignee: Copytele, Inc.
    Inventors: Frank J. DiSanto, Denis A. Krusos
  • Patent number: 7792288
    Abstract: A communication system using quantum cryptography, comprising subscriber stations (1.i, 2.i) which are connected to quantum channels (3) and quantum-cryptographic devices (10, 11) which are associated with the quantum channels for generating a quantum key, wherein several interconnected switching stations (1, 2) are provided to which the subscriber stations (1,i, 2.i) are connected via the quantum channels (3) in order to generate a respective temporary quantum key.
    Type: Grant
    Filed: November 21, 2003
    Date of Patent: September 7, 2010
    Assignee: ARC Seibersdorf Research GmbH
    Inventor: Christian Kollmitzer
  • Patent number: 7792302
    Abstract: Disclosed is a mechanism for securely coupling a security IC and an FPGA. This mechanism creates a shared secret key; creates a password key; generates an encrypted shared secret key by encrypting the “shared secret key” with the password key; incorporates the “encrypted shared secret key” into an FPGA net list; programs the FPGA using the “FPGA net list”; transmits the “password key” from the security IC to the FPGA; allowing the FPGA to: obtain the “shared secret key” by decrypting the “encrypted shared secret key”; and store the “shared secret key” in at least one volatile memory location.
    Type: Grant
    Filed: February 1, 2007
    Date of Patent: September 7, 2010
    Assignee: Dolby Laboratories Licensing Corporation
    Inventors: Joseph Eugene Oren, Greg Sampson, Daxon Alexander
  • Publication number: 20100223465
    Abstract: The present invention aims at providing an electronic key lending method capable of ensuring the high security by a relatively easy method. An electronic key lending method of the present invention of lending an electronic key (7) that unlocks or locks an electronic lock (8) from a first communication terminal (10-1), includes an electronic key transmitting step of transmitting the electronic key (7) from the first communication terminal (10-1) to a second communication terminal (10-2) while an IMS session is established between the first communication terminal (10-1) and the second communication terminal (10-2).
    Type: Application
    Filed: December 20, 2006
    Publication date: September 2, 2010
    Applicant: PANASONIC CORPORATION
    Inventor: Takefumi Matsui
  • Patent number: 7787625
    Abstract: A quantum key distribution (QKD) cascaded network with loop-back capability is disclosed. The QKD system network includes a plurality of cascaded QKD relays each having two QKD stations Alice and Bob. Each QKD relay also includes an optical switch optically coupled to each QKD station in the relay, as well as to input ports of the relay. In a first position, the optical switch allows for communication between adjacent relays and in a second position allows for pass-through communication between the QKD relays that are adjacent the relay whose switch is in the first position.
    Type: Grant
    Filed: June 30, 2005
    Date of Patent: August 31, 2010
    Assignee: MagiQ Technologies, Inc.
    Inventors: Harry Vig, Audrius Berzanskis
  • Patent number: 7787628
    Abstract: A method of distributing a quantum key from a sender to a recipient. The recipient generates a pulse having multiple photons; splits the pulse into first and second sub-pulses; phase modulates the first sub-pulse with a secret key; and transmits both the phase-modulated first sub-pulse and the second sub-pulse to the sender. The sender receives the phase-modulated first sub-pulse and the second sub-pulse from the recipient; encodes a quantum key bit into one of the sub-pulses received from the recipient; and transmits both the phase-modulated first sub-pulse and the second sub-pulse back to the recipient. Then, the recipient receives the phase-modulated first sub-pulse and the second sub-pulse from the sender; phase modulates the second sub-pulse with the secret key; combines the phase-modulated first sub-pulse and the phase-modulated second sub-pulse to produce a composite pulse; and processes the composite pulse in an attempt to detect the quantum key bit.
    Type: Grant
    Filed: July 7, 2006
    Date of Patent: August 31, 2010
    Assignee: Nortel Networks Limited
    Inventors: Randy Kuang, Guo Qiang Wang, John Stankus
  • Patent number: 7788494
    Abstract: According to one embodiment, a method is disclosed. The method includes generating a link key at a secure component within a first personal area network device and injecting the link key into a protocol stack component database within the first device. The link key may further be transmitted to a second device. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 28, 2005
    Date of Patent: August 31, 2010
    Assignee: Intel Corporation
    Inventors: Selim Aissi, Uma M. Gadamsetty
  • Patent number: 7783879
    Abstract: A method of joining a first device to a radio communications network controlled by a second device without contemporaneous user input of a secret at the second device, including: storing in the second device a secret generated at the second device; making the stored secret available in the first device; and creating in the first device and in the second device, using the secret, a secret key for use in securing communication between the first and second devices.
    Type: Grant
    Filed: November 20, 2003
    Date of Patent: August 24, 2010
    Assignee: Nokia Corporation
    Inventors: Holger Krummel, Stephan Hartwig
  • Publication number: 20100211787
    Abstract: The present invention provides a method for a data encryption device to perform network communications, the method comprising obtaining an indexed array of encryption keys, wherein the indexed array of encryption keys is shared with a data decryption device; obtaining a message to be encrypted; using a first random or pseudorandom number to determine an index; obtaining a first key from the array of encryption keys, wherein the first key corresponds to the index; selecting a second key from the plurality of encryption keys; encrypting the message using the first key and a second random or pseudorandom number; encrypting the index using the second key and a third random or pseudorandom number; transmitting the encrypted message and the encrypted index to the data decryption device.
    Type: Application
    Filed: November 25, 2009
    Publication date: August 19, 2010
    Inventors: Leonid Bukshpun, Thomas Forrester, Tomasz Jannson, Andrew Kostrzewski, Alexander Milovanov, Ranjit Pradhan
  • Publication number: 20100211786
    Abstract: A method for a terminal including a first media access control (MAC) layer and a second MAC layer to create an authorization key includes performing a first network entry process to a base station through the first MAC layer, and performing a second network entry process for a frequency overlay to the base station through the second MAC layer. In this instance, the first network entry process includes acquiring a key for generating an authorization key through an authentication process according to an authentication method negotiated with the base station, and generating a first authorization key through the key for generating the authorization key. The second network entry process includes generating a second authorization key by using the key generated in the first network entry process for generating the authorization key.
    Type: Application
    Filed: June 12, 2008
    Publication date: August 19, 2010
    Applicants: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE, Samsung Electronics Co., Ltd.
    Inventors: Sun-Hwa Lim, Sang Ho Lee
  • Patent number: 7778423
    Abstract: A method for establishing a common key for a group of at least three subscribers includes using a publicly known mathematical number group and a higher order element of the group g?G. In the first step, a message corresponding to Ni: =gzi mod p is sent by each subscriber to all other subscribers (Tj), (zi) being a random number chosen from the set (1, . . . , p-2) by a random number generator. In the second step, each subscriber (Ti) selects a transmission key kij:=(gzj)zi for each other subscriber (Tj) from the received message (gzj), with i?j, for transmitting their random number (zi) to the subscribers (Tj). In the third step, the common key k is calculated as k:=f(z1, z2, . . . , zn) for each subscriber Ti.
    Type: Grant
    Filed: December 27, 2007
    Date of Patent: August 17, 2010
    Assignee: Deutsche Telekom AG
    Inventors: Tobias Martin, Ralf Schaffelhofer, Joerg Schwenk
  • Patent number: 7773972
    Abstract: Individual wireless devices communicate amongst each other exchanging identity information, authentication-state or both, thereby forming a collaborative-collection of wireless devices. This collaborative-collection of wireless devices offers improvements over individual wireless devices in three areas. First, device functions are affected by the group of devices that are active-members of the collaborative-collection, enabling improved functionality. Second, the times-of-membership and times-of-non-membership of the devices in the collaborative-collection are monitored and this information is used to affect the function of individual devices in the collaborative-collection, including improved security and authorization policies. Third, the authentication-state of the active-member devices in the collaborative-collection affects the function of the active-member devices in the collaborative-collection, also adding to improved security.
    Type: Grant
    Filed: May 14, 2003
    Date of Patent: August 10, 2010
    Assignee: Socket Mobile, Inc.
    Inventors: Martin Croome, Kevin J. Mills
  • Patent number: 7773754
    Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.
    Type: Grant
    Filed: July 8, 2002
    Date of Patent: August 10, 2010
    Assignee: Broadcom Corporation
    Inventors: Mark L. Buer, Joseph J. Tardo
  • Publication number: 20100195830
    Abstract: An object of the present invention is to provide an electronic data encryption and decryption system allowing a privileged user to decrypt all encrypted data without using a plurality of secret keys but only by using a single secret key that the privileged user himself has. An electronic data encryption and decryption system includes: a privileged user device, a user device, and an encrypted data generation device. The privileged user device has: a privileged user key generation means for generating a privileged user secret key x and a privileged user public key x·P (P is a generator); a first session key generation means for generating a session key K; and a first decryption means for decrypting the encrypted data by using the session key K generated by the first session key generation means.
    Type: Application
    Filed: June 18, 2008
    Publication date: August 5, 2010
    Applicant: NEC CORPORATION
    Inventor: Norikazu Kubotera
  • Patent number: 7768692
    Abstract: A single-photon generator includes a single-photon generating device generating a single-photon pulse having a wavelength on the shorter wavelength side than a communication wavelength band, and a single-photon wavelength conversion device performing wavelength conversion of the single-photon pulse into a single-photon pulse of the communication wavelength band, using pump pulse light for single-photon wavelength conversion.
    Type: Grant
    Filed: December 5, 2006
    Date of Patent: August 3, 2010
    Assignees: Fujitsu Limited, The University of Tokyo
    Inventors: Kazuya Takemoto, Tatsuya Usuki, Yasuhiko Arakawa
  • Publication number: 20100189259
    Abstract: A software architecture that permits for a unified mechanism for interfacing with multiple peer groups is disclosed. The architecture includes multiple peer group interfaces, each facilitating communication between computing systems in a corresponding peer group. In addition, a perhaps configurable number and type of service modules are configured to use the peer group interfaces to facilitate communication between peer groups in a manner that facilitates the service. A peer community application program interface is configured to allow one or more peer applications to enlist the services of the plurality of services by interfacing with the peer community application program interface.
    Type: Application
    Filed: April 7, 2010
    Publication date: July 29, 2010
    Applicant: MICROSOFT CORPORATION
    Inventor: Christopher G. Kaler
  • Publication number: 20100189264
    Abstract: Methods and apparatus for generating, communicating, and/or using sets of addresses corresponding to a communications device are described. A first communications device generates, from a public key and a random number, both a first address and a second address. The generated address pair is communicated to a second communications device along with proof of ownership information regarding the address pair via an address signaling message such as a binding update message. The second communications device processes the received address signaling message and determines address pair validity and/or address pair ownership information. The first address may be associated with a first network, e.g., an unsecure WAN network, while the second address may be associated with a second network, e.g., a secure peer to peer network. Decisions on switching between using the first address to using the second address may be based on address validity and/or address ownership determinations.
    Type: Application
    Filed: January 28, 2009
    Publication date: July 29, 2010
    Applicant: QUALCOMM Incorporated
    Inventors: Wassim Michel Haddad, George Tsirtsis, Vincent D. Park
  • Patent number: 7764795
    Abstract: One embodiment of the present invention provides a system that uses a password-derived prime number to facilitate a secure key exchange between a client and a server across a network. During operation, the client receives a password from a user. Next, the client uses the password to determine a prime number P associated with the password. The client then uses the prime number P to determine a generator g associated with P. The client uses this prime number to calculate X=gx mod P, wherein x is a random number generated by the client. Next, the client sends X to the server. The client also receives Y=gy mod P from the server, wherein y is a random number generated by the server. The client then computes a secret key Ks=Yx mod p at the client, which the server can similarly obtain by computing Ks=Xy mod p. In this way, the client and the server can both obtain the same secret key Ks through insecure communications over the network.
    Type: Grant
    Filed: October 20, 2004
    Date of Patent: July 27, 2010
    Assignee: Oracle International Corporation
    Inventor: Andrew B. Philips
  • Patent number: 7761704
    Abstract: One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
    Type: Grant
    Filed: March 17, 2005
    Date of Patent: July 20, 2010
    Assignee: Oracle International Corporation
    Inventors: Min-Hank Ho, Daniel ManHung Wong, Chon Hei Lei, Thomas Keefe
  • Patent number: 7760883
    Abstract: Apparatus for distributing a quantum key between nodes Alice and Allie, comprising a coupler that splits generated photon pulses into first and second pulses P1 and P2; and an interface that transmits the P1's and P2's into a network. The P1's are received after modulation by Alice with respective phases selected from two encoding bases and further selected from within the selected encoding basis as a function of a bit value of a respective bit in a key bit string maintained by Alice. The P2's are received after similar modulation by Allie. A detector processes the P1's and P2's upon receipt to produce a sequence of detection outcomes indicative of phase mismatch between the P1's and corresponding P2's.
    Type: Grant
    Filed: July 7, 2006
    Date of Patent: July 20, 2010
    Assignee: Nortel Networks Limited
    Inventor: Randy Kuang
  • Patent number: 7760885
    Abstract: A method of distributing encryption keys among nodes in a mobile ad hoc network, and a network device using the same. In particular, a method of distributing encryption keys, which guarantees the security of a ciphertext in the mobile ad hoc network. The method of distributing the encryption keys among nodes including a first node and a second node in the mobile ad hoc network include creating a private key and a public key based on a first encryption method by the first node; if the first node transmits the created public key to Node B, creating predetermined parameters operable to create a common key according to a second encryption method by the second node.
    Type: Grant
    Filed: May 14, 2004
    Date of Patent: July 20, 2010
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Kyung-bae Park
  • Patent number: 7757086
    Abstract: A system for enabling authenticated communication between a first entity and at least one other entity, the system including a second entity, wherein: the first entity and the second entity share transport keys; and the second entity includes at least one authentication key configured to be transported from the second entity to the first entity using the transport keys, the authentication key being usable to enable the authenticated communication by the first entity.
    Type: Grant
    Filed: May 27, 2004
    Date of Patent: July 13, 2010
    Assignee: Silverbrook Research Pty Ltd
    Inventor: Simon Robert Walmsley
  • Patent number: 7752449
    Abstract: A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream.
    Type: Grant
    Filed: February 22, 2006
    Date of Patent: July 6, 2010
    Assignee: Avaya, Inc.
    Inventor: Peter Chapman
  • Publication number: 20100166178
    Abstract: An approach is provided for providing secure packetized voice transmissions. A public/private key pair is generated at a call device (or endpoint). An encrypted voice stream is received from another call device, where the encrypted voice stream was encrypted using a public key of the public/private key pair. This encrypted voice stream when received at the call device is decrypted using a private key of the public/private key pair.
    Type: Application
    Filed: August 17, 2009
    Publication date: July 1, 2010
    Applicant: VERIZON PATENT AND LICENSING INC.
    Inventors: David E. Berggren, Steven E. Belczyk
  • Publication number: 20100166183
    Abstract: A method of retrieving security information in a media access control (MAC) header by a wireless station may include receiving a data unit, such as a protocol data unit (PDU), from a remote wireless station. The PDU may include the MAC header. The method may also include reading two encryption key sequence (EKS) bits in the MAC header that denote both whether the data unit is encrypted and a position in an encryption key sequence for the data unit.
    Type: Application
    Filed: December 31, 2008
    Publication date: July 1, 2010
    Inventors: David Johnston, Muthu Vankatachalam
  • Patent number: 7743412
    Abstract: A computer system includes an interface and a processor. The interface is adapted to receive a request from another computer system for identification of the first computer system. The adapter also furnishes a hash value that identifies the first computer system to the other computer system. The processor is coupled to the interface and is adapted to encrypt an identifier that identifies the first computer system with a key associated with the other computer system to provide the hash value.
    Type: Grant
    Filed: February 26, 1999
    Date of Patent: June 22, 2010
    Assignee: Intel Corporation
    Inventors: James Q. Mi, Vishesh Parikh, Albert Y. Teng
  • Publication number: 20100153270
    Abstract: A user receives a message via a network service platform at their mobile handset. The user is required to input a PIN, password or other authentication data, before the received message is displayed. The service platform generates a partial encryption key and embeds this within a message which is subsequently encrypted and transmitted to the receiving device. The receiving device or handset receives the message and decrypts it using a previously stored pseudo-random seed, combined with a user entered PIN. The receiving device or handset extracts the partial key delivered with the message and uses this key data to generate a new pseudo-random seed which, in turn, is used to generate a sequence of characters in apparently random order. This sequence of characters or numbers is presented in a text-only form with a cursor or other highlighting method selecting the first character in the pseudo-random sequence. The user is then able enter their PIN by using cursor control keys, such as the right/left keys.
    Type: Application
    Filed: November 26, 2007
    Publication date: June 17, 2010
    Applicant: BROCA COMMUNICATIONS LIMITED
    Inventor: Michael Ian Hawkes
  • Publication number: 20100153731
    Abstract: An algorithm or an authentication system for a low-cost authenticating device such as a radio frequency identification (RFID) tag, or a sensor node are provided, by which authentication is processed efficiently without requiring complicated hardware. A claimant entity attempting to be authenticated and a verifying entity to authenticate the claimant entity, share a plurality of secret keys so that authentication is processed as the claimant entity responds to a challenge by the verifying entity. The verifying entity and the claimant entity perform authentication using Learning Parity with Noise (LPN) problem. The verifying entity and the claimant entity generate keys independently from one another, and exchange the generated keys. The claimant entity may generate an encrypted value for use in the authentication, using a basic Boolean Exclusive OR and a logical AND operations.
    Type: Application
    Filed: December 17, 2008
    Publication date: June 17, 2010
    Applicant: INFORMATION AND COMMUNICATIONS UNIVERSITY
    Inventors: Dang Nguyen Duc, Hyunrok Lee, Kwangjo Kim
  • Publication number: 20100153717
    Abstract: A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.
    Type: Application
    Filed: September 27, 2006
    Publication date: June 17, 2010
    Applicant: NDS Limited
    Inventors: Leonid Sandler, Yaron Sella, Erez Waisbard