Abstract: An approach is provided for refreshing keys in a communication system. An application request is transmitted to a network element configured to provide secure services. A message is received, in response to the application request, indicating refreshment of a key that is used to provide secure communications with the network element. A refreshed key is derived based on the received message.

Abstract: A system and method are provided for enabling a symmetric key to be derived, the method comprising: obtaining a plurality of key parts, wherein the plurality of key parts when combined equal the symmetric key; encrypting a first of the key parts using a first cryptographic algorithm to generate a first encrypted value; encrypting one or more remaining key parts of the plurality of key parts using respective cryptographic algorithms to generate one or more additional encrypted values, wherein each key part encrypted is encrypted using a different cryptographic algorithm; and providing the first encrypted value and the one or more additional encrypted values to an other entity to enable the other entity to derive the symmetric key.

Abstract: A method and an apparatus that establish a first communication channel or pair with a target device in proximity to a source device are described. A pairing message is sent to the target device in proximity to the source device over the first communication channel from the source device. A secret and an identifier associated with an application are included in the pairing message. In response to receiving the secret back from the target device for a second communication channel, pairing data of the application are sent to the target device over the second communication channel.

Abstract: A system and/or method that facilitates the installation and/or authentication of a device by invoking installation protocols and/or authentication protocols for a non-physical connection. A physical interface component provides a physical connection between at least one wireless device and at least one network entity in which the installation protocols and/or authentication protocols can be exchanged. The physical interface component can utilize a token key to establish multiple non-physical connections with multiple wireless devices. Additionally, the physical interface component can utilize a daisy chain scheme to install and/or authenticate a wireless device.

Abstract: A method of verifying a pair of correspondents in electronic transaction, the correspondents each including first and second signature schemes and wherein the first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The method comprises the step of the first correspondent signing information according to the first signature scheme and transmitting the first signature to the second correspondent, the second correspondent verifying the first signature received from the first correspondent, wherein the verification is performed according to the first signature scheme.

Abstract: Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated. A first terminal 102 includes a mechanism for protecting data by a private key in the public key method held by TPM, and a second terminal 103 includes a key in the private key method encrypted by the private key in the public key method held by TPM and a mechanism for protecting the data by the key. A Migration Authority 101 holds a security policy table describing a security policy and judges whether data movement from the first terminal 102 to the second terminal 103 is enabled according to the security policy table.

Abstract: A method and apparatus for establishing a cryptographic relationship between a first node and a second node in a communications network. The first node receives at least part of a cryptographic attribute of the second node, uses the received at least part of the cryptographic attribute to generate an identifier for the first node. The cryptographic attribute may a public key belonging to the second node, and the identifier may be a Cryptographically Generated IP address. The cryptographic relationship allows the second node to establish with a third node that it is entitled to act on behalf of the first node.

Abstract: Secure data transfer apparatus comprising a first device to be mounted in a housing in a predetermined normal configuration for normal operation wherein secure data transfer takes place between the first device and a second device in the housing, the first device including a detector configured to detect when the first device is placed in a predetermined initialization configuration different from the normal configuration and to enable an initialization data transfer between the devices for permitting normal operation to occur thereafter in said normal configuration.

Abstract: A method and system for secure communication is provided. The method for secure communication with devices includes: obtaining a parameter for protecting a content; authenticating each other by exchanging a certificate with the device; and exchanging a key with the device using a key authenticated through the certificate to establish a secure authenticated channel with the device. Accordingly, it is possible to establish the secure authenticated channel and perform secure communication by computing a secure authenticated channel key.

Abstract: The present disclosure provides systems and methods for secure and certified electronic messaging from a plurality of users to one or more electronic mailboxes and the like using a combination of biometric security, a separate and secure network and email infrastructure, email management processes, and the addition of text, audio and visual format options to sending emails messages.

Abstract: A digital broadcast receiver and a control method thereof are disclosed. The control method includes receiving a broadcast signal into which mobile service data and main service data are multiplexed, extracting TPC signaling information and FIC signaling information from a data group in the received mobile service data, acquiring a program table describing virtual channel information and a service of an ensemble, using the extracted FIC signaling information, the ensemble being a virtual channel group of the received mobile service data, detecting a conditional access descriptor indicating whether the mobile service data was encrypted, using the acquired program table, and controlling such that the encrypted mobile service data is decrypted, using information of the detected conditional access descriptor.

Abstract: A communication apparatus includes: a first storage unit configured to store a plurality of addresses of a plurality of first communication apparatuses; an acquiring unit configured to acquire a self-public key; a specifying unit configured to specify an address of at least one of the plurality of first communication apparatuses stored in the first storage unit when the self-public key is acquired; and a first public key sending unit configured to send the self-public key to the address of the at least one of the plurality of first communication apparatuses specified by the specifying unit.

Abstract: An apparatus for protecting contents streamed through re-transmission, includes a content service site for servicing a content, managing end user and re-sender re-transmitting the content streamed from the content service site to another user, and issuing and managing a re-transmission license and a content license. The end user pays a charge to the content service site, receives an issued license from the content service site, and uses the content received from the re-sender through re-transmission.

Abstract: A tachograph and a toll onboard unit as communication partners, which each have a data interface for a data communication via a vehicle data bus to which the communication partners are coupled. The tachograph and/or the toll onboard unit are implemented as a transmitter of data to ascertain a cryptographic check value as a function of user data, which are to be transmitted to the communication partner, and to transmit the cryptographic check value in addition to the user data to the communication partner. The toll onboard unit or the tachograph, respectively, as a receiver of data, is implemented to receive user data and the cryptographic check value associated with the user data from the communication partner and to check the received user data for corruption as a function of the received cryptographic check value.

Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.

Abstract: In a key-insulated cryptosystem according to the present invention, a plurality of external devices are associated with a number of updates of a terminal secret key which has already been updated, and a different piece of secret information is stored in each of the external devices. In addition, a key-updating method in the key-insulated cryptosystem according to the present invention includes steps of: selecting one of the external devices depending on the number of updates of the terminal secret key; and causing the selected external device to generate key-updating information used for updating the terminal secret key based on the number of updates and the stored secret information.

Abstract: Methods, systems, and computer program products for implementing a roaming controlled wireless network and services is provided. The method includes assigning an identifier and key to a multi-mode network-enabled communications device, the identifier and key inaccessible to an end user of the communications device. The method further includes assigning an identifier and key to a gateway device. The method further includes configuring an auto-provisioning element on each of the devices and remotely provisioning activation of roaming controlled communications services for the end user of the communications device. The remote provisioning includes transmitting a signal to one of the devices configured with the auto-provisioning element, which causes the devices to exchange identifiers and keys via a wireless local network. In response to exchanging the identifiers and keys between the devices, the communications device is permitted to communicate over the wireline network via the gateway device.

Abstract: A wireless access point and method of using a wireless access point to allow a user to use a pre-determined security key provided with the access point or a personal security key that is provided by the user. The access point is purchased with a pre-determined security key. A user of the access point may press a pairing button on the access point to automatically pair other devices with the access point using the pre-determined security key. A label with a passphrase that corresponds to the pre-determined security key is provided with the access point, allowing the user to manually enter the passphrase into devices that cannot automatically pair with the access point. The wireless access point also has a “security on/off” button. When the user presses the security on/off button, the access point may cease use of the pre-determined security key in favor of a personal security key.

Abstract: Methods for transferring a set of data from a first processing device to a second processing device are provided. Pursuant to these methods a secure shell (“SSH”) authentication is performed to authenticate a first user that is logged onto the first processing device to a second user that is logged onto the second processing device. The set of data is divided into a first data subset and a second data subset. The first data subset is encrypted to provide an encrypted data set. The encrypted data set is transferred from the first processing device to the second processing device. The second data subset is also transferred from the first processing device to the second processing device, but without encrypting the second data subset. Related data transfer systems and computer program products are also provided.

Abstract: An image forming apparatus includes a judging unit that judges whether a replacement part attached to the image forming apparatus needs replacement based on consumption information indicative of how much the replacement part has been consumed. The replacement part includes a storage unit that stores therein information including identification information unique to the replacement part. When the judging unit judges that the replacement part needs replacement, a reading unit reads the identification information from the replacement part, and an encrypting unit encrypts a predetermined piece of information in the replacement part based on the identification information read by the reading unit.

Abstract: A communications system in which a sending computer encrypts a message using a key associated with the computer which is to receive the message; and the receiving computer uses a key associated with the sending computer in the decryption process. The sending computer is equipped with a set of keys and each key within the set may be used for the encryption process, depending on the destination of the message; and the receiving computer chooses its key based on who the sending computer is.

Abstract: A system and method for securely exchanging plurality of information items used to generate a plurality of encryption keys used in a public key-and-private key system. In accordance with the principles of the invention, elements of exchanged information items, such as public key and synchronizing indictors are encrypted before the exchange. The information item element is encrypted using an encryption key determined from information items that were previously exchanged. The encryption of information items used to determine subsequent encryption keys provides additional security to the encryption key used in the transmission of informational data as the encrypted elements of the information item must be decrypted before the data message encryption key can be decrypted. The process of exchanging encrypted information items can be repeated until an agreed upon number of encrypting keys is determined.

Abstract: A communication system using quantum cryptography, comprising subscriber stations (1.i, 2.i) which are connected to quantum channels (3) and quantum-cryptographic devices (10, 11) which are associated with the quantum channels for generating a quantum key, wherein several interconnected switching stations (1, 2) are provided to which the subscriber stations (1,i, 2.i) are connected via the quantum channels (3) in order to generate a respective temporary quantum key.

Abstract: Disclosed is a mechanism for securely coupling a security IC and an FPGA. This mechanism creates a shared secret key; creates a password key; generates an encrypted shared secret key by encrypting the “shared secret key” with the password key; incorporates the “encrypted shared secret key” into an FPGA net list; programs the FPGA using the “FPGA net list”; transmits the “password key” from the security IC to the FPGA; allowing the FPGA to: obtain the “shared secret key” by decrypting the “encrypted shared secret key”; and store the “shared secret key” in at least one volatile memory location.

Abstract: The present invention aims at providing an electronic key lending method capable of ensuring the high security by a relatively easy method. An electronic key lending method of the present invention of lending an electronic key (7) that unlocks or locks an electronic lock (8) from a first communication terminal (10-1), includes an electronic key transmitting step of transmitting the electronic key (7) from the first communication terminal (10-1) to a second communication terminal (10-2) while an IMS session is established between the first communication terminal (10-1) and the second communication terminal (10-2).

Abstract: A quantum key distribution (QKD) cascaded network with loop-back capability is disclosed. The QKD system network includes a plurality of cascaded QKD relays each having two QKD stations Alice and Bob. Each QKD relay also includes an optical switch optically coupled to each QKD station in the relay, as well as to input ports of the relay. In a first position, the optical switch allows for communication between adjacent relays and in a second position allows for pass-through communication between the QKD relays that are adjacent the relay whose switch is in the first position.

Abstract: A method of distributing a quantum key from a sender to a recipient. The recipient generates a pulse having multiple photons; splits the pulse into first and second sub-pulses; phase modulates the first sub-pulse with a secret key; and transmits both the phase-modulated first sub-pulse and the second sub-pulse to the sender. The sender receives the phase-modulated first sub-pulse and the second sub-pulse from the recipient; encodes a quantum key bit into one of the sub-pulses received from the recipient; and transmits both the phase-modulated first sub-pulse and the second sub-pulse back to the recipient. Then, the recipient receives the phase-modulated first sub-pulse and the second sub-pulse from the sender; phase modulates the second sub-pulse with the secret key; combines the phase-modulated first sub-pulse and the phase-modulated second sub-pulse to produce a composite pulse; and processes the composite pulse in an attempt to detect the quantum key bit.

Abstract: According to one embodiment, a method is disclosed. The method includes generating a link key at a secure component within a first personal area network device and injecting the link key into a protocol stack component database within the first device. The link key may further be transmitted to a second device. Other embodiments are described and claimed.

Abstract: A method of joining a first device to a radio communications network controlled by a second device without contemporaneous user input of a secret at the second device, including: storing in the second device a secret generated at the second device; making the stored secret available in the first device; and creating in the first device and in the second device, using the secret, a secret key for use in securing communication between the first and second devices.

Abstract: The present invention provides a method for a data encryption device to perform network communications, the method comprising obtaining an indexed array of encryption keys, wherein the indexed array of encryption keys is shared with a data decryption device; obtaining a message to be encrypted; using a first random or pseudorandom number to determine an index; obtaining a first key from the array of encryption keys, wherein the first key corresponds to the index; selecting a second key from the plurality of encryption keys; encrypting the message using the first key and a second random or pseudorandom number; encrypting the index using the second key and a third random or pseudorandom number; transmitting the encrypted message and the encrypted index to the data decryption device.

Abstract: A method for a terminal including a first media access control (MAC) layer and a second MAC layer to create an authorization key includes performing a first network entry process to a base station through the first MAC layer, and performing a second network entry process for a frequency overlay to the base station through the second MAC layer. In this instance, the first network entry process includes acquiring a key for generating an authorization key through an authentication process according to an authentication method negotiated with the base station, and generating a first authorization key through the key for generating the authorization key. The second network entry process includes generating a second authorization key by using the key generated in the first network entry process for generating the authorization key.

Abstract: A method for establishing a common key for a group of at least three subscribers includes using a publicly known mathematical number group and a higher order element of the group g?G. In the first step, a message corresponding to Ni: =gzi mod p is sent by each subscriber to all other subscribers (Tj), (zi) being a random number chosen from the set (1, . . . , p-2) by a random number generator. In the second step, each subscriber (Ti) selects a transmission key kij:=(gzj)zi for each other subscriber (Tj) from the received message (gzj), with i?j, for transmitting their random number (zi) to the subscribers (Tj). In the third step, the common key k is calculated as k:=f(z1, z2, . . . , zn) for each subscriber Ti.

Abstract: Individual wireless devices communicate amongst each other exchanging identity information, authentication-state or both, thereby forming a collaborative-collection of wireless devices. This collaborative-collection of wireless devices offers improvements over individual wireless devices in three areas. First, device functions are affected by the group of devices that are active-members of the collaborative-collection, enabling improved functionality. Second, the times-of-membership and times-of-non-membership of the devices in the collaborative-collection are monitored and this information is used to affect the function of individual devices in the collaborative-collection, including improved security and authorization policies. Third, the authentication-state of the active-member devices in the collaborative-collection affects the function of the active-member devices in the collaborative-collection, also adding to improved security.

Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.

Abstract: An object of the present invention is to provide an electronic data encryption and decryption system allowing a privileged user to decrypt all encrypted data without using a plurality of secret keys but only by using a single secret key that the privileged user himself has. An electronic data encryption and decryption system includes: a privileged user device, a user device, and an encrypted data generation device. The privileged user device has: a privileged user key generation means for generating a privileged user secret key x and a privileged user public key x·P (P is a generator); a first session key generation means for generating a session key K; and a first decryption means for decrypting the encrypted data by using the session key K generated by the first session key generation means.

Abstract: A single-photon generator includes a single-photon generating device generating a single-photon pulse having a wavelength on the shorter wavelength side than a communication wavelength band, and a single-photon wavelength conversion device performing wavelength conversion of the single-photon pulse into a single-photon pulse of the communication wavelength band, using pump pulse light for single-photon wavelength conversion.

Abstract: A software architecture that permits for a unified mechanism for interfacing with multiple peer groups is disclosed. The architecture includes multiple peer group interfaces, each facilitating communication between computing systems in a corresponding peer group. In addition, a perhaps configurable number and type of service modules are configured to use the peer group interfaces to facilitate communication between peer groups in a manner that facilitates the service. A peer community application program interface is configured to allow one or more peer applications to enlist the services of the plurality of services by interfacing with the peer community application program interface.

Abstract: Methods and apparatus for generating, communicating, and/or using sets of addresses corresponding to a communications device are described. A first communications device generates, from a public key and a random number, both a first address and a second address. The generated address pair is communicated to a second communications device along with proof of ownership information regarding the address pair via an address signaling message such as a binding update message. The second communications device processes the received address signaling message and determines address pair validity and/or address pair ownership information. The first address may be associated with a first network, e.g., an unsecure WAN network, while the second address may be associated with a second network, e.g., a secure peer to peer network. Decisions on switching between using the first address to using the second address may be based on address validity and/or address ownership determinations.

Abstract: One embodiment of the present invention provides a system that uses a password-derived prime number to facilitate a secure key exchange between a client and a server across a network. During operation, the client receives a password from a user. Next, the client uses the password to determine a prime number P associated with the password. The client then uses the prime number P to determine a generator g associated with P. The client uses this prime number to calculate X=gx mod P, wherein x is a random number generated by the client. Next, the client sends X to the server. The client also receives Y=gy mod P from the server, wherein y is a random number generated by the server. The client then computes a secret key Ks=Yx mod p at the client, which the server can similarly obtain by computing Ks=Xy mod p. In this way, the client and the server can both obtain the same secret key Ks through insecure communications over the network.

Abstract: One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.

Abstract: Apparatus for distributing a quantum key between nodes Alice and Allie, comprising a coupler that splits generated photon pulses into first and second pulses P1 and P2; and an interface that transmits the P1's and P2's into a network. The P1's are received after modulation by Alice with respective phases selected from two encoding bases and further selected from within the selected encoding basis as a function of a bit value of a respective bit in a key bit string maintained by Alice. The P2's are received after similar modulation by Allie. A detector processes the P1's and P2's upon receipt to produce a sequence of detection outcomes indicative of phase mismatch between the P1's and corresponding P2's.

Abstract: A method of distributing encryption keys among nodes in a mobile ad hoc network, and a network device using the same. In particular, a method of distributing encryption keys, which guarantees the security of a ciphertext in the mobile ad hoc network. The method of distributing the encryption keys among nodes including a first node and a second node in the mobile ad hoc network include creating a private key and a public key based on a first encryption method by the first node; if the first node transmits the created public key to Node B, creating predetermined parameters operable to create a common key according to a second encryption method by the second node.

Abstract: A system for enabling authenticated communication between a first entity and at least one other entity, the system including a second entity, wherein: the first entity and the second entity share transport keys; and the second entity includes at least one authentication key configured to be transported from the second entity to the first entity using the transport keys, the authentication key being usable to enable the authenticated communication by the first entity.

Abstract: A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream.

Abstract: An approach is provided for providing secure packetized voice transmissions. A public/private key pair is generated at a call device (or endpoint). An encrypted voice stream is received from another call device, where the encrypted voice stream was encrypted using a public key of the public/private key pair. This encrypted voice stream when received at the call device is decrypted using a private key of the public/private key pair.

Abstract: A method of retrieving security information in a media access control (MAC) header by a wireless station may include receiving a data unit, such as a protocol data unit (PDU), from a remote wireless station. The PDU may include the MAC header. The method may also include reading two encryption key sequence (EKS) bits in the MAC header that denote both whether the data unit is encrypted and a position in an encryption key sequence for the data unit.

Abstract: A computer system includes an interface and a processor. The interface is adapted to receive a request from another computer system for identification of the first computer system. The adapter also furnishes a hash value that identifies the first computer system to the other computer system. The processor is coupled to the interface and is adapted to encrypt an identifier that identifies the first computer system with a key associated with the other computer system to provide the hash value.

Abstract: A user receives a message via a network service platform at their mobile handset. The user is required to input a PIN, password or other authentication data, before the received message is displayed. The service platform generates a partial encryption key and embeds this within a message which is subsequently encrypted and transmitted to the receiving device. The receiving device or handset receives the message and decrypts it using a previously stored pseudo-random seed, combined with a user entered PIN. The receiving device or handset extracts the partial key delivered with the message and uses this key data to generate a new pseudo-random seed which, in turn, is used to generate a sequence of characters in apparently random order. This sequence of characters or numbers is presented in a text-only form with a cursor or other highlighting method selecting the first character in the pseudo-random sequence. The user is then able enter their PIN by using cursor control keys, such as the right/left keys.

Abstract: An algorithm or an authentication system for a low-cost authenticating device such as a radio frequency identification (RFID) tag, or a sensor node are provided, by which authentication is processed efficiently without requiring complicated hardware. A claimant entity attempting to be authenticated and a verifying entity to authenticate the claimant entity, share a plurality of secret keys so that authentication is processed as the claimant entity responds to a challenge by the verifying entity. The verifying entity and the claimant entity perform authentication using Learning Parity with Noise (LPN) problem. The verifying entity and the claimant entity generate keys independently from one another, and exchange the generated keys. The claimant entity may generate an encrypted value for use in the authentication, using a basic Boolean Exclusive OR and a logical AND operations.

Abstract: A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.