Abstract: Compressed entertainment content such as audio or video or both includes additional aspects and operations associated their way. The compressed audio may be used to signal computers such as a telephone or reminder for an appointment. A melody line may be extracted from the audio, or the audio may be used exactly as it is. Another aspect stores traders within the entertainment content such as in MP3. Those traders are used to trigger the system to retrieve other parts of the content to be displayed at the same time that that particular part of the MP3 is being play. The content may include video or text, or maybe links to other content such as broadband content four times sensitive content. Another aspect describes encryption which is keyed to the disk ID to prevent playing oven illegally copied disk. Another aspect reads a specified amount of information then spins down the disk to conserve battery power.

Abstract: A method for distributing updates for a key is described. One or more update requests are received per unit of time. The number of received update requests per unit of time is multiplied by a maximum update period to estimate the number of active nodes in a group. The total number of received update requests per unit of time is determined. An amount representing additional update requests per unit of time is obtained from the difference between the total number of received updates and a determined maximum. A minimum update period for a group of nodes is determined.

Abstract: The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.

Abstract: A technique carries out seed (or key) derivation within an electronic apparatus (e.g., a hand holdable electronic apparatus such as a token, an authentication server, etc.). The technique involves acquiring a stored representation of a derived seed, the stored representation of the derived seed resulting from an earlier-performed cryptographic operation based on a higher-level seed. The technique further involves (i) performing a current cryptographic operation based on a stored representation of the higher-level seed, the current cryptographic operation resulting in a current representation of the derived seed, and (ii) providing a corruption detection signal indicating whether the current representation of the derived seed matches the stored representation of the derived seed.

Abstract: System and methods for initializing secure communications with lightweight devices are described herein. In one embodiment, the method includes enabling a device manager to securely communicate with a lightweight device, the method comprising receiving encrypted data from the device manager, wherein the device manager received the encrypted data from the lightweight device. In the embodiment, the method also includes decrypting the encrypted data to produce access information, wherein the access information enables the device manager to securely communicate with the lightweight device. In the embodiment, the method also includes securely transmitting the access information to the device manager.

Abstract: A system and method for sending encrypted messages to a distribution list that facilitates the sending of such messages only to individuals or other entities associated with the distribution list that will be able to read the message.

Abstract: Method and system for storing data in a storage device accessible through a storage area network is provided. The method includes receiving data from a host system; generating a first encryption key for encrypting data information that describes the received data; generating a second encryption key that encrypts the first encryption key and the encrypted data information; generating an encryption packet that includes the second encryption key, the first encryption key and the data information; storing the encryption packet at one or more memory locations; and periodically refreshing the encryption packet without periodically encrypting the received data for securely storing the received data.

Abstract: A method of enciphering data which is applicable to cipher-transmission of digital information data, in which the HD-SDI signal DHS is subjected to enciphering process using common key data DEY which is common to encipherment and decipherment to produce enciphered HD-SDI signal DHSE, the common key data DEY are subjected to enciphering process using open key data DOY to produce enciphered common key data DXY, and the enciphered HD-SDI signal DHSE accompanied with the enciphered common key data DXY are send to be transmitted, so that such a fear that the common key data DEY are eavesdropped on the transmission thereof can be effectively reduced.

Abstract: A data providing system is provided which includes: a storage section which stores an encoded file obtained by encoding a data file to be distributed with a predetermined common key and an encoded information file obtained by encoding an information data file including information on the common key with a private key different from the common key; and a file transfer section which transfers the encoded file and the encoded information file from the storage section to external electronic device.

Abstract: The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb).

Abstract: Techniques for secure generation of a seed for use in performing one or more cryptographic operations, utilizing a seed generation protocol carried out by a seed generation client (110c) and a seed generation server (110s). The seed generation server (110s) provides a first string to the seed generation client (110c). The seed generation client (110c) generates a second string, encrypts the second string utilizing a key (216), and sends the encrypted second string to the seed generation server (110s). The seed generation client (110c) generates the seed as a function of at least the first string and the second string. The seed generation server (110s) decrypts the encrypted second string (222) and independently generates the seed as a function of at least the first string and the second string.

Abstract: A system is provided that uses identity-based encryption (IBE) to allow a sender to securely convey information in a message to a recipient over a communications network. IBE public key information may be used to encrypt messages and corresponding IBE private key information may be used to decrypt messages. Information on which IBE public key information was used in encrypting a given message may be provided to the message recipient with the message. Multiple IBE public keys may be used to encrypt a single message. A less sensitive IBE public key may be used to encrypt a more sensitive public key, so that the more sensitive public key can remain hidden as it is sent to the recipient.

Abstract: A system for digitally signing electronic documents is disclosed. The system includes a mobile device, an application server and a database, the mobile device includes a requesting module and a digest encrypting module, the application server includes an obtaining module, a digest generating module and a merging module. The requesting module is configured for sending a request for a digital signature of an electronic document to the application server; the obtaining module is configured for obtaining the electronic document from the database; the digest generating module is configured for generating a digest of the electronic document, and sending the digest to the mobile device; the digest encrypting module is configured for encrypting the digest, generating an encrypted value, and sending the encrypted value to the application server; the merging module is configured for merging the encrypted value and the electronic document. A related computer-based method is also disclosed.

Abstract: In one embodiment, a storage device is provided that includes: a storage medium; and a storage engine, the storage engine being configured to generate a secure session key and to receive encrypted content and a corresponding encrypted content key from a host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium.

Abstract: Disclosed herein is a method and apparatus for partially encoding/decoding data for a commitment service and a method of using encoded data. The apparatus includes an encoding/decoding module for encoding/decoding a database to be committed to a server using a private key of the user, obtained by accessing a key storage unit through a key management module which manages information about the private key of the user, stored in the key storage unit, and also encoding/decoding an SQL query required to use a DB committed to the server. The encoding/decoding module partially encodes/decodes one or more of table names, field names, and attribute values of the DB. In the present invention, the table names, field names, and field attribute values of the DB are partially encoded while the existing structure of the DB is maintained, and the partially encoded DB is committed to the server.

Abstract: For the authentication of messages communicated in a distributed system from an originator to a destination a keyed-hashing technique is used according to which data to be authenticated is concatenated with a private (secret) key and then processed to the cryptographic hash function. The data are transmitted together with the digest of the hash function from the originator to the destination. The data comprises temporal validity information representing the temporal validity of the data. For example the setup key of a communication is therefore only valid within a given time interval that is dynamically defined by the communication originator. After the time interval is exceeded the setup key is invalid and cannot be reused again.

Abstract: Virtual disks management methods and systems. First, a file space is set and a first password is set. A first device code is acquired. The file space is encrypted according to the first password and the first device code to obtain an encrypted file. Thereafter, a designation of the encrypted file is received. A second password is received, and a second device code is acquired. It is determined whether the second password conforms to the first password, and whether the second device code conforms to the first device code. If so, the encrypted file is mounted as a virtual disk.

Abstract: A content playback apparatus reduces load concentration on a specific server apparatus that manages content keys of encrypted content, while protecting copyrights of the content. The content apparatus makes playback of content recorded in a recording medium sold possible after the specific server breaks down. A key acquisition control unit (204) reads a playback control information table (211) from a recording medium (102) via a reading unit (201). The key acquisition unit (204) acquires a rights key via a key acquisition intermediation unit (223) from an apparatus specified by an acquisition-destination type and a request-destination type that are stored in the playback control information table (211) and that corresponding to the content to be played. The key acquisition unit (204) generates a content key using the acquired rights key and, when required, a medium key recorded in a medium. A decryption unit (203) decrypts encrypted content using the content key.

Abstract: Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.

Abstract: For the keys in a key tree group composed of root keys for each of multiple stakeholders, a shared key is generated between the multiple stakeholders, and access restrictions with respect to the generated shared key are flexibly set. A shared key control unit and a tamper-resistant module are provided for each of the multiple stakeholders. The shared key is set based on stakeholder dependency relationships. After the shared key is set, access to the shared key is controlled so that access is not possible by malicious stakeholders, so as to maintain the security level.

Abstract: Techniques for securing data access are presented. A sender encrypts data into a first integer value. A first knot is selected along with first and second keys. The first knot, first integer value, first key, and second key are used to produce a final knot. The final knot is transmitted as a graphical image to a receiver over a network. The receiver uses the first knot, final knot, first key, and second key to derive the first integer value. The first integer value is decrypted to produce the original data that the sender intended to send securely to the receiver.

Abstract: A method and apparatus for processing a Rights Object (RO) are provided. A method for upgrading the RO includes: acquiring, by a Digital Rights Management (DRM) Agent, RO related information of the RO that requires updating from a Secure Removable Media (SRM) Agent; providing, by the DRM Agent, the RO related information to a Rights Issuer (RI), and obtaining a new RO from the RI; and interacting, by the DRM Agent, with the SRM Agent to upgrade the RO that requires updating on the SRM by means of the new RO. According to the embodiments of the present invention, the DRM Agent acquires RO related information which is stored on the SRM and does not have Move rights, and interacts with the RI to move the RO out from the SRM, so as to move the RO without the Move rights out from the SRM, thus extending an application of the RO without the Move rights.

Abstract: Accessing a data set with secret and non-secret data. A method includes accessing a data set image. The data set image comprises secret data. The data set image is derived from an authorized data set associated with a master key that authorizes access to the secret data. The master key is not provided with the data set image. The method further comprises restoring the data set image to a computing system to create a degraded data set. Data in the degraded data set other than the secret data is accessed without restoring the master key.

Abstract: A key management of cryptographic keys has a data package including one or more cryptographic keys that are transferred to a personal device 100 from a secure processing point 150 of a device assembly line in order to store device specific cryptographic keys in the personal device 100. In response to the transferred data package, a backup data package is received by the secure processing point 150 from the personal device 100, which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage 125 of a chip 110 included in the personal device 100. The secure processing point 150 is arranged to store the backup data package, together with an associated unique chip identifier read from the personal device 100, in a permanent, public database 170.

Abstract: Provided is a re-authentication apparatus in a Downloadable Conditional Access System (DCAS), the re-authentication apparatus includes: a receiving unit to receive a key request message from a Secure Micro (SM); a determination unit to determine whether to perform re-authentication depending on downloading of SM client image; an identification unit to identify an SM identifier using the key request message, when the re-authentication is performed as a result of the determination; an extraction unit to retrieve previous session information corresponding to the SM identifier and to extract keying information about the previous session information; and an encryption unit to control an encryption key about the SM client image to be reused, the SM client image being encrypted in a previous session based on the previous session information using the keying information.

Abstract: A storage system 1 includes a channel interface (IF) unit 11 having an interface with a server 3, a disk IF unit 16 having an interface with a hard disk group 2, a memory unit 21 for storing data to be read/written from/to the server 3 or the hard disk group 2, a switching unit 51, and the hard disk group 2. The channel IF unit 11, the disk IF unit 16, and the memory unit 21 are connected to each other through the switching unit 51, and an encryption and decryption processing unit 201 is provided between a host IF unit 101 and a transfer controller 103 in the channel IF unit 11.

Abstract: A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.

Abstract: The present invention includes one or more clients in communication with a server. The client desires to send a storage construct to the server for storage. The client negotiates a transmission key with the server. The client generates a storage key associated specifically with the storage construct. The client encrypts the storage construct using the storage key and encrypts the storage key using the transmission key. The encrypted storage construct and encrypted storage key are sent to the server. The server decrypts the storage key using the transmission key. The server stores the storage construct on a storage device separate from a storage device storing the storage key. Preferably, any changes to the storage construct location, the storage key location, or the storage construct name are tracked and proper modifications are made to an association relating the location of the storage construct and the location for the corresponding storage key.

Abstract: A system, method and media drive for selectively encrypting a data packet. The system includes an encryption key for use in encrypting the data packet, a verification data element derived from the encryption key, an encryption engine for selectively encrypting the data packet using the encryption key, and a verification engine in electronic communication with the encryption engine. The verification engine is configured to receive the encryption key and the verification data element, determine when the verification data element corresponds to the encryption key as received by the verification engine, and prohibit encryption of the data packet by the encryption engine when the verification data element does not correspond to the encryption key as received by the verification engine.

Abstract: The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data.

Abstract: A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.

Abstract: A method of authenticating a user includes providing a user key to an authentication authority, providing a transmission message from the authentication authority in response to the user key, providing a secret message using the transmission message, displaying the secret message to the user using a display screen, and providing a user response to the authentication authority in response to the user observing the secret message.

Abstract: According to one embodiment of the invention, there is provided an information recording and reproducing apparatus which records information in a recording medium and reproduces information recorded in the recording medium, the information recording and reproducing apparatus includes a first recording section which records in the recording medium an encrypted encryption key aggregate where at least one encryption key for encrypting each of a plurality of pieces of information has been encrypted and registered and information encrypted using the encryption key, a second recording section which records encrypted first private key information used to encrypt or decrypt the encryption key into the recording medium and which, if the encrypted encryption key aggregate has not been recorded in the recording medium, records the first private key information into the recording medium only when the encrypted encryption key aggregate is recorded in the recording medium.

Abstract: An online service and system are provided through which digital content publishers can package, protect, market and sell their content through on-line retailers, and through which on-line retailers can both build a unique inventory of digital content with all associated marketing metadata to sell through their on-line stores and seamlessly integrate the digital content into their on-line shopping cart. The system provides publishers with abstract fulfillment such that they only.

Abstract: A system and method securely replicates a configuration database of a security appliance. Keys stored on an original configuration database of an original security appliance are organized as a novel key hierarchy. A replica or clone of the original security appliance may be constructed in accordance with a cloning technique of the invention. Construction of the cloned security appliance illustratively involves sharing of data between the appliances, as well as substantially replicating the key hierarchy on a cloned configuration database of the cloned appliance.

Abstract: An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.

Abstract: A method of performing IBE cryptography comprising the steps of a key generation server transmitting a master public key to a processor, the processor generating or retrieving a fresh master public key derived from the master public key transmitted by the key generation centre, and the processor using the fresh master public key to generate a public key for transmitting a message to a recipient device having a corresponding private key. The processor may store the fresh master public key in a read only memory for repeated use or it may dynamically generate it. To dynamically generate the fresh master public key the processor multiplies the original master public key by a curve co-factor. The processor may be incorporated into a hand-held card, and it may transfer information to a linked second processor for performing some of the calculations.

Abstract: A hybrid broadcast encryption method is provided. The hybrid broadcast encryption method includes setting initialization values, generating a node secret using the initialization values; generating a private secret using the node secret; sending the node secret and the private secret; generating a broadcast message based on a revoked group; encrypting a session key using a key encryption key (KEK) which is allocated to every user group and the broadcast message; and broadcasting to every user the encrypted session key and the broadcast message.

Abstract: The present invention proposes a solution to prevent a program flow in a processing unit from being modified with respect to an intended program flow, thereby ensuring that important steps such as verifying or authenticating are not bypassed. The invention is particularly aimed at security modules within receiver/decoders in a pay-TV system and involves performing a set of predetermined operations during the processing of entitlement management messages and/or entitlement control messages, said operations being redundant with respect to the normal processing of said messages while leading to the calculation of keys which can then be used to verify that the intended program flow has been respected.

Abstract: Apparatus and methods for computer file management including components and steps for distributing to servers a plurality of mixed images that are generated for each of N, where N?3, sets of distributed information generated by distributing secret information using a threshold secret sharing scheme, the plurality of mixed images being generated by mixing at different mixing ratios an image based on the distributed information with (Ka?1) images, where Ka satisfies 1<Ka<N; transmitting Kb passwords, where Kb satisfies 1<Kb<N, entered by a user, and obtaining from the plurality of servers at least Ka mixed images for each of Kb sets; first restoring the Kb sets of distributed information based on the Ka mixed images that are obtained; and second restoring the secret information using the Kb sets of distributed information that have been restored.

Abstract: A first infrastructure system device other than a mobile station generates key material and forwards the key material to a second infrastructure system device other than a mobile station. A determination is made as to whether a mobile station for which the key material is directed is active on the system, and if so the key material is forwarded to a base station where the mobile station is active. The base station forwards the key material to the mobile station.

Abstract: Security is secured according to the type of a license so that unnecessary processing load is reduced. A license accumulation control unit (102) and a license transfer control unit (103) identifies a usage-rule type (204) which indicates whether or not a license (200) includes a usage rule (205) which requires updating each time a content is used, and encrypts the license (200) by using different encrypting methods depending on whether or not the usage rule (205) is included in the license (200). The license accumulation control unit (102) encrypts a content key: with a domain key when the license 200 does not include the usage rule (205); and with a license management device unique key, when the usage rule (205) is included, and accumulates the encrypted key in a license accumulation unit (110).

Abstract: Methods, systems and computer readable mediums are provided for recovering keys. A key transport session key is generated, and a key encryption key is derived based on a server master key and an identification associated with a token. The key transport session key is encrypted with the key encryption key as a first wrapped key transport session key. An encrypted storage session key and an encrypted private key are retrieved from an archive. The encrypted storage session key is decrypted with a server storage key as a storage session key. The encrypted private key is decrypted with the storage session key. The decrypted private key is encrypted with the key transport session key as a wrapped private key. The wrapped private key and the first wrapped key transport session key are forwarded.

Abstract: A recording device configured to store content data in an encrypted manner, the recording device comprises a memory unit which stores various data, and a controller which controls the memory unit. The controller possesses a controller key and unique identification information, and is configured to generate a controller-unique key unique for each controller in accordance with the controller key and the identification information. The memory unit stores an MKB generated by encrypting a medium key with a device key set that is a collection of a plurality of device keys, an encrypted device key set generated by encrypting the device key set with the controller-unique key, and a device-key-set index which uniquely identifies the device key set.

Abstract: A method for providing secure communications among a plurality of ad hoc devices includes authenticating one or more first devices within a first network; authenticating one or more second devices within a second network; transmitting a group key to the authenticated first devices and to the authenticated second devices; establishing an ad hoc network by at least one of the authenticated first devices and at least one of the authenticated second devices using the group key; and communicating within the ad hoc network among the at least one of the authenticated first devices and the at least one of the authenticated second devices.

Abstract: Methods and apparatus permit a one-way downloadable security for electronic signals such as cable television, free-to-air, direct broadcast satellite, electronic device enablement, and other services. The system can allow a broadcast transmission capability (1) to provide an encrypted signal to an individual reception capability (2) in a manner that maintains the full security of a traditional decryption key process while completely eliminating any need for a trusted authority. By including a nascent decryption key generator that may create a secure, key-based environment from an unsecure individualized information transmission (12), a sequence of key(s) from a root key(s) to a derived key(s) to a temporary key(s) and ultimately to a fully random key(s) can be generated in activating a device or a decryption capability for a subscriber.

Abstract: By using a symmetric key to encrypt mobile device data before transmitting the data to a backup location in a backup operation, access to the data, at the backup location, may be restricted. To facilitate later decryption of the backed up mobile device data, the mobile device may also transmit the symmetric key to the off-device location. However, to limit use of the symmetric key, the mobile device may encrypt the symmetric key using authentication data, before transmitting the encrypted symmetric key to the backup location.

Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.

Abstract: A document access control scheme uses digital “skeleton keys” to distribute access permissions for encrypted documents in a manner that does not require that rights management files (RMFs) be associated with each document. Multiple skeleton keys can be issued for the same document. The skeleton keys themselves can be opened by one or more other skeleton keys for different levels of document access.

Abstract: Disclosed is a mechanism for securely coupling a security IC and an FPGA. This mechanism creates a shared secret key; creates a password key; generates an encrypted shared secret key by encrypting the “shared secret key” with the password key; incorporates the “encrypted shared secret key” into an FPGA net list; programs the FPGA using the “FPGA net list”; transmits the “password key” from the security IC to the FPGA; allowing the FPGA to: obtain the “shared secret key” by decrypting the “encrypted shared secret key”; and store the “shared secret key” in at least one volatile memory location.