Abstract: A mobile station, an access point, a gateway apparatus, a base station, and a handshake method thereof for use in a wireless network framework are provided. The wireless network framework comprises a first wireless network comprising the access point, and a second wireless network comprising the gateway apparatus and base station. There is an IP security tunnel between the access point and the gateway apparatus. When the mobile station handovers from the first wireless network to the second wireless network, it transmits a master session key to the gateway apparatus via the access point and the IP security tunnel. Additionally, when the mobile station handovers from the second wireless network to the first wireless network, it transmits a master session key to the access point. As a result, the authentication time, which is needed in handover procedure between the first wireless network and the second wireless network, is reduced effectively.

Abstract: A method and system for a secure telephone protocol are disclosed, which can be implemented using current Voice over IP (VoIP) protocols, Session Initiation Protocol (SIP, as specified in the Request for Comment (RFC) 3261 from the Internet Engineering Task Force (IETF)), Real Time Transport Protocol (RTP, as specified in RFC 3550), and Secure RTP (SRTP, as specified in RFC 3711). The secure telephone protocol can include a shared secret value that is cached and then re-used later to authenticate a long series of session keys to be used for numerous separate secure phone calls over a long period of time, thereby providing cryptographic key continuity without the need for voice authentication. In an embodiment, the secure telephone protocol can utilize the Diffie-Hellman key exchange during call setup, and AES for encrypting the voice stream.

Abstract: An apparatus, and an associated method, enables presence information of a presentity to be retrieved by a watcher. Elements, or portions, of the presence information may be made selectively opaque (unreadable) to any but authorized watchers or other consumers of the presentity information.

Abstract: The present invention is directed to a three-phase encryption method and a three-phase decryption method, and an apparatus implementing the three-phase encryption method and/or the three-phase decryption method. To encrypt a message according to the three-phase encryption method, a content of a message is converted from a first form M to a second form M?; the content of the message is separated according to a spacing pattern; and the content of the message is scrambled according to a scrambling pattern. To decrypt the message encrypted using the three-phase encryption method, the scrambling and spacing patterns are reversed, and the content of the message is converted from the second form M? to the first form M.

Abstract: In a method for generation of a secret session key for cryptographically securing a communication channel between a first communication partner and a second communication partner, the first communication partner generates at least one first key parameter, receives at least one second key parameter generated by the second communication partner, and generates the secret session key using the first key parameter and the second key parameter. The first communication partner generates, stores and communicates to the second communication partner a first random number, receives from the second communication partner a sent-back random number, compares the sent-back random number with the stored random number, and releases the generated secret session key for use given the presence of a predeterminable correlation between the sent-back first random number and the stored random number.

Abstract: An authenticating device 100 includes an authentication processing unit 197 to perform an authentication process with a communication device 200 using an authentication key, an update key generating unit 160 to generate a new authentication key when the communication device 200 does not hold an authentication key to be used in the authentication process by the authentication processing unit 197, and to generate a new authentication key for updating the authentication key when the communication device 200 holds the authentication key but the authentication process with the communication device 200 by the authentication processing unit 197 fails. The authentication processing unit 197 performs again the authentication process with the communication device 200 using the new authentication key generated by the update key generating unit 160.

Abstract: Methods and systems are provided for using an existing email transfer protocol, such as SMTP, to exchange digital objects in an authenticated manner. The provided methods and systems solve the bootstrapping problem of computer identities for P2P communication by authenticating the exchange of public information. If the electronic mail protocols are strong, in that sending an email message to a given address results in the message reaching that address with a high degree of confidence, then the exchange of public information performed in accordance with embodiments of the invention is confidently authenticated.

Abstract: A time required for actually starting encrypted communication after a trigger of an encrypted communication is shortened. When a key exchanging process is to be applied in order to exchange key information upon encrypting a communication performed between a communication terminal 11 and a gateway device 25, a network relay device 15 relays the key information, contents of the key exchanging process are divided into a former-half process and a later-half process, and the network relay device 15 executes the former-half process substitute for the communication terminal 11 to establish “IKE SA”. Then, information obtained as the result of the former-half process is transferred from the network relay device 15 to the communication terminal 11.

Abstract: During execution of BIOS at an information handling system, a processor communicates with the storage controller via a command line protocol (CLP) communications channel. Via the channel, the processor obtains identification information for storage devices associated with the storage controller. The processor communicates the identification information to a key management client, which obtains encryption keys based on the identification information from a key management server. The processor receives the encryption keys, and communicates them to the storage controller via the CLP communications channel. The CLP communications channel thus provides a convenient and flexible interface for communication of security information prior to execution of an operating system.

Abstract: A multi-tiered server management architecture is employed including an application development tier, an application operations tier, and a cluster operations tier. In the application development tier, applications are developed for execution on one or more server computers. In the application operations tier, execution of the applications is managed and sub-boundaries within a cluster of servers can be established. In the cluster operations tier, operation of the server computers is managed without concern for what applications are executing on the one or more server computers and boundaries between clusters of servers can be established. The multi-tiered server management architecture can also be employed in co-location facilities where clusters of servers are leased to tenants, with the tenants implementing the application operations tier and the facility owner (or operator) implementing the cluster operations tier.

Abstract: A system, method, and owner node for securely changing a mobile device from an old owner to a new owner, or from an old operator network to a new operator network. The old owner initiates the change of owner or operator. The old owner or operator then commands the mobile device to change a currently active first key to a second key. The second key is then transferred to the new owner or operator. The new owner or operator then commands the mobile device to change the second key to a third key for use between the mobile device and the new owner or operator. Upon completion of the change, the new owner or operator does not know the first key in use before the change, and the old owner does not know the third key in use after the change.

Abstract: A repository is created and maintained that receives and stores a plurality of attributes associated with digital components resident at a display complex and associated with particular digital cinema systems within that display complex. These attributes can be accessed by clients which thereafter use that data to securely convey digital content to a particular digital cinema system. Each display complex collects attributes associated with the digital cinema systems resident at the complex and pushes the data to a service module hosted on a server on a wide area network. Upon receiving the attributes corresponding to each digital component of each cinema system, the server conveys the data to a repository for storage. Thereafter, responsive to a request from a client, data needed to securely convey content to a digital cinema system is retrieved from the repository and conveyed to the requesting client.

Abstract: The invention relates to a method for data transmission, comprising the following steps: first data from a stochastic process is inputted into at least a first and a second subscriber of a communication network; and a symmetrical key is produced on the basis of the first data in both the first and the second subscriber, and stored in the same, for an encoded data transmission between said subscribers.

Abstract: A system for communication of a message in which the message intended for a third computer is first encrypted by a first computer and is sent to a second computer. The second computer, acting as an intermediary, + decrypts the message and re-encrypts the message before sending the message to the third computer which again decrypts the message.

Abstract: Extended authenticated key exchange with key confirmation is described. In one aspect, and before computing session keys to exchange information securely between an initiator and a responder, each party of the initiator and the responder, confirms whether the other party has received corresponding information to generate a valid session key. If either party determines that the other respective party has not received the corresponding information, the party terminates the extended authenticated key exchange with key confirmation protocol. Otherwise, when a party determines that the other party has received the corresponding information, the party generates a respective session key. In this manner, when both parties confirm that the other party has received the appropriate information for session key generation, both parties are assured that information can be exchanged between the parties securely using the session keys.

Abstract: The present invention relates to methods and apparatus for digital content distribution. A method of transferring digital content from a first entity (60) to a second entity (70) includes the steps of: a transfer control entity (50) transmitting a transmission key (KA) to the first entity, the first entity storing content data comprising digital content embedded with a first watermark (WA). The first entity applies the transmission key to the content data to remove the first watermark from the digital content and encrypt the digital content. The first entity transmits the encrypted digital content (CX) to the second entity. The transfer control entity transmits a receive key (KB) to the second entity and the second entity applies the receive key to the encrypted digital content to generate decrypted data comprising the decrypted digital content embedded with a second watermark (WB).

Abstract: In a log acquisition system comprising a log collection terminal for collecting log data and a log acquisition terminal for acquiring the log data collected by the log collection terminal from the log collection terminal, the log collection terminal stores a common key between the log collection terminal and the log acquisition terminal in a hardware security module inherently mounted in the log collection terminal, encrypts the collected log data as encrypted log data using the stored common key, and stores the encrypted log data, and the log acquisition terminal stores the common key in a hardware security module inherently mounted in the log acquisition terminal, acquires the encrypted log data from the log collection terminal, and decrypts the acquired encrypted log data with the common key.

Abstract: A method of sharing keys among a plurality of conditional access (CA) vendors having differing CA systems used at a distribution headend involves receiving a CA Value contribution from each of the plurality of CA vendors at the headend; hashing the CA Values from each of the plurality of CA vendors together using a hashing function to produce an output control word; and at an encrypter at the headend, using the output control word as a content key, wherein the content key is used as an encryption key to encrypt content provided to a plurality of receivers that decrypt the content using any of the conditional access systems. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Abstract: Embodiments of the present invention store application data and associated encryption key(s) on at least k+1 remote servers using LH* addressing. At least k+1 buckets are created on separate remote servers. At least k+1 key shares are generated for each of at least one encryption key. Each encryption key has a unique key number. Each key share is stored in a different key share record. Each of the key share records is stored in a different bucket using LH* addressing. Encrypted application data is generated by encrypting the application data with the encryption key(s). The encrypted application data is stored in encrypted data record(s). Each of the encrypted data records is stored in a different bucket among the buckets using LH* addressing.

Abstract: A method and system distributes N shares of a secret among cooperating entities by representing the secret as a secret polynomial, and forming a splitting polynomial with the secret polynomial as one or more of the coefficients. In one embodiment, the method represents the secret as a secret polynomial over GF(q), where q is a prime number or a power of a prime number. A splitting polynomial of degree (K?1) over GF(qm) is constructed, where K is the number of shares to reconstruct the secret and m is a positive integer. The coefficients of the splitting polynomial are formed with the secret polynomial and random information. The method further evaluates the splitting polynomial at N points with arithmetic defined on GF(qm) to generate the N shares of the secret.

Abstract: System and method for providing secure communications is provided. Initially, an exchange protocol, such as a password-authenticated key exchange protocol, is used to create a shared secret. From the shared secret, two keys are created: a utilized key and a stored key. The utilized key is used to encrypt messages between nodes. When it is time to replace the utilized key to maintain security, the stored key is utilized to encrypt messages for generating/distributing a new shared secret. The new shared secret is then used to generate a new utilized key and a new stored key. This process may be repeated any number of times to maintain security.

Abstract: A method and device for using a partial public key in a cryptosystem. The cryptosystem may be based on a group, such as an elliptic curve over a finite field. The device includes a first memory for storing system parameters of the cryptosystem and a second memory for storing a portion of a public key of the cryptosystem. The device receives the complete public key, or the remainder of the public key, via communication with another device. The received portion of the public key is used to form a validated public key. A processor of the device uses the validated public key for encrypting messages and/or verifying signatures. The size of the second memory is reduced since only part of the public key is stored.

Abstract: A method of establishing an e-mail secure transmission link between an initiator and a responder for the transmission of secure e-mail messages over a network comprising creation of a unique initiator designator or number, generation of a unique initiator exchange key component including the unique initiator designator or number, transmission of a request from the initiator to the responder to establish the e-mail secure transmission link and the unique initiator exchange key component, acceptance of the request by the responder to establish the e-mail secure transmission link, creation of a unique responder designator or number, combining of the unique responder designator and the unique initiator exchange key component to create a unique initiator/responder exchange key at the responder site, generation of a unique responder exchange key component including the unique responder designation, transmission of the unique responder exchange key component from the responder to the initiator, combining the unique

Abstract: A method and related secure communications system. The method includes detecting, by a base station, a mobile device docked with the base station and in response to the detecting, generating at least one encryption key in the base station. The method also includes transmitting the encryption key to the mobile station by the base station while the mobile device is docked with the base station. The method also includes communicating encrypted data with the mobile station, the encrypted data corresponding to the encryption key.

Abstract: The invention is a cryptographic system using chaotic dynamics. A chaotic system is used to generate a public key and an adjustable back door from a private key. The public key is distributed and can be used in a public key encryption system. The invention can also be used for authentication purposes. The adjustable back door of the invention can be used in conjunction with the public key to derive the private key. The degree of difficulty involved in deriving the private key is dependent on the adjustable back door. That is the value of the back door can be adjusted to vary the difficulty involved in deriving the private key.

Abstract: There is disclosed a method, apparatus, computer program and computer program product for facilitating secure data communications. The secure data communications is carried out using a secret key for encrypting data flowing between first and second entities over a communications link. First it is determined that the communications link has been idle. Once it is determined that there is now data to flow over the previously idle communications link, the generation of a new secret key is initiated. This new secret key is then used for encrypting data sent between the first and the second entities over the communications link.

Abstract: Firmware is securely downloaded from a host to an information storage device using an encryption key generated by the information storage device. The encryption key is generated in response to a firmware download request by the host. The host encrypts the firmware image with the encryption key and downloads the encrypted firmware image to the information storage device. The information storage device receives the encrypted firmware image, decrypts the firmware image, and updates its firmware with this firmware image.

Abstract: A method includes inputting into the computer a digital content file of the merchant, the digital content file including a header with information related to purchasing a digital content product and the digital content product in encoded form. The computer reads the downloaded header and displays at least some of the information related to purchasing the digital content product while concurrently downloading the encoded digital content product into the computer.

Abstract: A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.

Abstract: A system and method is provided to determine location information of a portable computing device and, in particular, to a secure and scalable system and method of decoupling and exposing handset originated location information to third parties. The system includes a location platform to determine location information of a remote user, and an encryption service configured to secure the location information of the remote user and send the secure location information to a content provider.

Abstract: Techniques for two-way authentication between two communication endpoints (e.g., two devices) using a one-way out-of-band (OOB) channel are presented. Here, in embodiments, both communication endpoints may be securely authenticated as long as the one-way OOB channel is tamper-proof. Embodiments of the invention do not require the one-way OOB channel to be private to ensure that both endpoints are securely authenticated. Since providing a two-way or private OOB channel adds to the cost of a platform, embodiments of the invention provide for a simple and secure method for two-way authentication that uses only a non-private one-way OOB channel and thus helping to reduce platform cost. Other embodiments may be described and claimed.

Abstract: The invention relates to methods for encoding and decoding media data (MD, CMD). One of the methods comprises the following steps: A request is transmitted by a subscriber terminal (1) over a control network (2) to a control server (3) to establish a set of encoding parameters (K) for control data. The request includes identification data (ID) of the subscriber terminal (1). The control server (3) thereupon specifies the set of encoding parameters (K) for control data, comprising a random number (R), a control data key (CK) and an integrity key (IK), wherein the control data key (CK) and the integrity key (IK) are dependent on the random number (R) and the identification data (ID). A media key (MK) dependent on the control data key (CK) and on the integrity key (IK) is then generated by the control server (3) and transmitted over a core network (4) to a media server (5). The media key (MK) is used to encode and decode the media data (MD, CMD) subsequently transmitted over a media network (6).

Abstract: A computer enabled secure method and apparatus for generating a cryptographic key, to be used in a subsequent cryptographic process, where the key is to be valid only for example during a specified time period. The method uses a polynomial function which is a function of an input variable such as time, and dynamically computes the key from the polynomial. This is useful for generating decryption keys used for distribution of encrypted content, where the decryption is to be allowed only during a specified time period.

Abstract: A computer-implemented method for protecting a computer network (22) includes receiving at a gateway (24) data transmitted from a source address for delivery to a destination on the computer network. The data are encrypted at the gateway using an encryption key selected from a set of one or more keys that are not available to the source address. The encrypted data are transmitted over the computer network toward the destination. The transmitted encrypted data are received and decrypted for use at the destination by means of one of the keys in the set.

Abstract: A first processing system determines whether a second processing system provides a trustworthy state for supporting a virtual security coprocessor. In response to determining that the second processing system provides a trustworthy state for supporting the virtual security coprocessor, the first processing system transfers the virtual security coprocessor to the second processing system. In one embodiment, the first processing system receives a key and proof of bindings of the key from the second processing system. The first processing system may determine whether the second processing system provides a trustworthy state for migration of the virtual security coprocessor, based at least in part on the proof of bindings received from the second processing system. After the second processing system receives the virtual security coprocessor, the virtual security coprocessor may be removed from the first processing system. Other embodiments are described and claimed.

Abstract: Disclosed is a method and a system for rendering content on external devices securely. The method comprises setting up a communication channel between a proxy rendering server of a mobile device and an external rendering server of an external device, authenticating at least the external rendering server and upon successful authentication transferring a key from the proxy rendering server to the external rendering server, transferring the content encrypted with the transferred key from the proxy rendering server to the external rendering server for rendering the content, wherein the rendering of the content is performed in one of two modes, either in a preprocessing mode or in a non-preprocessing mode, and wherein a DRM agent is only present in the mobile device.

Abstract: An optical network, having an optical communication link and first and second routers. The first router receives and classifies data, then forms a data burst based on destination. The first router sends an encrypted header and the data burst via the optical link. The second router, at least one hop from the first router, receives, decrypts and authenticates the header. Then, the second router extracts data burst information from the header and determines whether the address of the second router is the destination address for the data burst. If so, the second router receives the data burst and sends data to an appropriate line interface. If not, the second router selects and reserves a wavelength on a second optical link for the data burst. The second router selects an encryption key for the header, encrypts and sends the header, and then routes the data burst to the selected wavelength.

Abstract: The invention concerns a device (100) for receiving an optical signal comprising at least one optical signal of angular frequency ?0 modulated by an electrical signal of angular frequency ? whose phase ?1 varies according to the value of at least data bit to be transmitted. The reception device (100) comprises a polarisation separator (105) for separating the modulated optical signal of angular frequency ?0, into first and second optical signals of different polarisation, means (140, 102, 103, 104) of obtaining two electrical signals, means (110a) of modulating the first optical signal from the first electrical signal, means (110b) of modulating the second optical signal from the second electrical signal, and means (115) of combining the first modulated optical signal and the second modulated optical signal in order to form a recombined optical signal.

Abstract: A method and apparatus for generating provisioning data to provision a device are described. A provisioning bundle is validated according to a relationship between a configuration and a bundle sequence number identifying the provisioning bundle. A provisioning request includes a device hardware identifier identifying the device. An authorization for the provisioning request is determined for generating provisioning data including the provisioning bundle personalized by the device hardware identifier for the device.

Abstract: A method for operating a wireless sensor network, wherein the sensor network includes a multitude of distributed sensor nodes for sensing data within a pre-definable environment, and wherein the sensor nodes can exchange information via encrypted data transmissions over a radio Channel is—regarding the fact that during the operational phase of the network the Performance of changes in the network, in particular the composition of the sensor nodes that are integrated in the network, is allowed in a flexible way—characterized in that a subset of sensor nodes of the network is manipulated in order to establish a shared secret (x) by transferring a defined information to the sensor nodes of the subset over a secure out of band (OOB) Channel.

Abstract: The present invention relates to a method and a system for authorized decryption of encrypted data. First, the encrypted data is provided. Then the validity of at least two certificates is verified. If the validity check is positive, a key is provided, which can be used to decrypt the encrypted data.

Abstract: A process is described which can be used to generate a cryptographic key for a group of subscribers whose number is subject to change. The process can further provide that even after the group key has been established, subscribers can be removed from or added to the key directory without great effort.

Abstract: A two-way actively stabilized QKD system that utilizes control signals and quantum signals is disclosed. Because the quantum signals do not traverse the same optical path through the system, signal collisions in the phase modulator are avoided. This allows the system to have a higher transmission rate than a two-way system in which the quantum signals traverse the same optical path. Also, the active stabilization process, which is based on maintaining a fixed relationship between an intensity ratio of interfered control signals, is greatly simplified by having the interferometer loops located all in one QKD station.

Abstract: The present invention is directed to a method of securing typed conversations using encryption keys when interfacing in a public environment established in a Virtual World, in a Massively Multiplayer Online Role-Playing Game (MMORPG).

Abstract: Techniques for providing different levels of access based upon a same authentication factor are provided. A first message is received that is transformed with a first portion of a split private key, the first portion based upon a user password and another factor, and the split private key associated with an asymmetric key pair having a public key and the split private key. The user is authenticated for a first level of network access based upon the received first message being transformed with the first portion. A second message is received that is transformed with a second portion of the split private key, the second portion based upon the password only and not combinable with the first portion to complete the split private key. The user is authenticated for a second level of network access different that the first level based upon the received second message being transformed with the second portion.

Abstract: Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.

Abstract: A communication system, a communication apparatus, and a communication method are provided. A communications apparatus includes a generation unit for generating a transmission message sent to a different communications apparatus and effective for only one transmission, a first communications units for communicating with the different communications apparatus using Near Field Communication, a second communications unit for communicating with the different communications apparatus via a predetermined communication channel, and a control unit for controlling the communication functions. The second communications unit transmits the transmission message generated by the generation unit and receives a different transmission message transmitted from the different communications apparatus via the predetermined communication channel.

Abstract: An authentication scheme is provided for securely establishing an association with a second device over a wireless communication link. A cryptographic key exchange is performed between a first device and a second device, wherein cryptographic information for the first and second device is obtained. The first and second devices may independently generate a confirmation value based on the cryptographic information. Each device may obtain a confirmation image based on their respective confirmation values. A confirmation image is uniquely associated with a confirmation value so that no two confirmation values can be associated with the same confirmation image. The images for both the first and second devices are provided to an operator for authentication. If the confirmation images are identical, an association between the first and second devices may be confirmed by the operator. Comparing confirmation images may increase the reliability of operator authentication and is more efficient than comparing values.

Abstract: A one-way stabilized QKD system (10) that utilizes a control signal (CS) and a quantum signal (QS) that travel the same path through the system from a first QKD station (Alice) to a second QKD station (Bob). The control signal is detected at Bob and used to stabilize Bob's side of the interferometer against phase variations. The system also includes a polarization control stage (200) that controls (e.g., scrambles) the polarization of the photons entering Bob. The combination of the polarization control and the active phase stabilization of the interferometer at Bob's end allows for the stable operation of the interferometer when used as part of a one-way QKD system.

Abstract: A computer-implemented method for encryption and decryption using a quantum computational model is disclosed. Such a method includes providing a model of a lattice having a system of non-abelian anyons disposed thereon. From the lattice model, a first quantum state associated with the lattice is determined. Movement of non-abelian anyons within the lattice is modeled to model formation of first and second quantum braids in the space-time of the lattice. The first quantum braid corresponds to first text. The second quantum braid corresponds to second text. A second quantum state associated with the lattice is determined from the lattice model after formation of the first and second quantum braids has been modeled. The second quantum state corresponds to second text that is different from the first text.