Nbs/des Algorithm Patents (Class 380/29)
  • Patent number: 10038550
    Abstract: Instructions and logic provide secure cipher hashing algorithm round functionality. Some embodiments include a processor comprising: a decode stage to decode an instruction for a secure cipher hashing algorithm, the first instruction specifying a source data, and one or more key operands. Processor execution units, are responsive to the decoded instruction, to perform one or more secure cipher hashing algorithm round iterations upon the source data, using the one or more key operands, and store a result of the instruction in a destination register. One embodiment of the instruction specifies a secure cipher hashing algorithm round iteration using a Feistel cipher algorithm such as DES or TDES. In one embodiment a result of the instruction may be used in generating a resource assignment from a request for load balancing requests across the set of processing resources.
    Type: Grant
    Filed: August 8, 2013
    Date of Patent: July 31, 2018
    Assignee: Intel Corporation
    Inventors: Vinodh Gopal, Wajdi K. Feghali
  • Patent number: 10032007
    Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.
    Type: Grant
    Filed: March 19, 2018
    Date of Patent: July 24, 2018
    Assignee: BlackBerry Limited
    Inventors: David Paul Yach, Herbert Anthony Little, Michael Stephen Brown
  • Patent number: 10027670
    Abstract: A method can include receiving a request from a requestor to a given resource, which requestor is registered to access a set of one or more resources. The request includes a ticket that includes signature data generated by an authenticating entity in response to authenticating the requestor. The signature data may be decrypted to provide a decrypted signature. The ticket may be validated in response to the request based on evaluating the decrypted signature. A response can be provided to the requestor based on the validation, and the response can grant the requestor access to the given resource if the validation determines the ticket to be authentic and authorized for the given resource or the response can deny the requestor access to the given resource if the validation determines to reject the ticket.
    Type: Grant
    Filed: May 4, 2017
    Date of Patent: July 17, 2018
    Assignee: Mitel Networks, Inc.
    Inventors: Michael S. W. Tovino, Amy S. Pendleton
  • Patent number: 10021085
    Abstract: Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.
    Type: Grant
    Filed: March 16, 2017
    Date of Patent: July 10, 2018
    Assignee: Jonetix Corporation
    Inventors: Paul Ying-Fung Wu, Richard J. Nathan, Harry Leslie Tredennick
  • Patent number: 10015009
    Abstract: A method of implementing a method of mapping an input message to an output message by a keyed cryptographic operation, wherein the keyed cryptographic operation includes a plurality of rounds using a Feistel network, including: receiving an input having a first half and a second half; performing, by a basic block, a portion of a round function on the second half to produce a portion of an encoded output, and wherein the basic block provides a portion of the second half as a portion of an encoded first input to a next round; and XORing the portion of the encoded output and a portion the first half to produce a portion of an encoded second input to the next round.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: July 3, 2018
    Assignee: NXP B.V.
    Inventor: Wilhelmus Petrus Adrianus Johannus Michiels
  • Patent number: 9942756
    Abstract: Methods, systems and apparatus for securing credential distribution are disclosed. One method includes receiving notification from a credential management system that a wireless device is associated with an authenticated user of the credential management system. The method further includes receiving the private network credentials of the authenticated user, storing the private network credentials and the identifier of the wireless device, receiving an authentication request from a router, returning a response to the authentication request to the router, wherein the response includes internet domains and connection bandwidths the wireless device is allowed to use, authenticating the wireless device, ensuring that the wireless device is authorized to receive private network credentials; and distributing, by the cloud system, the private network credentials to the wireless device, thereby allowing the wireless device to obtain local network access with the private network credentials.
    Type: Grant
    Filed: November 12, 2015
    Date of Patent: April 10, 2018
    Assignee: Cirrent, Inc.
    Inventors: Robert A. Conant, Barbara Nelson
  • Patent number: 9906363
    Abstract: The present invention makes it possible, in encrypted data verification, to avoid the leaking of information related to the original plaintext, thereby ensuring safety. The system of the present invention is provided with: means (103 in FIG. 1) for generating first and second auxiliary data for verifying whether or not the Hamming distance of a plaintext between a first encrypted data in which input data is encrypted and is recorded in a storage device, and a second encrypted data obtained by encrypting input data of a target to be checked is equal to or less than a predetermined value; and means (402 and 403 in FIG. 1) for taking the difference between the first encrypted data recorded in the storage device, and the second encrypted data, and determining, using the first and second auxiliary data, whether or not the Hamming distance of the plaintext corresponding to the difference between the first encrypted data and the second encrypted data is equal to or less than the predetermined value.
    Type: Grant
    Filed: July 12, 2013
    Date of Patent: February 27, 2018
    Assignee: NEC CORPORATION
    Inventors: Satoshi Obana, Toshiyuki Isshiki, Kengo Mori, Toshinori Araki
  • Patent number: 9875367
    Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.
    Type: Grant
    Filed: February 23, 2017
    Date of Patent: January 23, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Mark A. Check, Vincenzo Condorelli
  • Patent number: 9876641
    Abstract: A system and method for using mixing functions to generate and manipulate authentication keys based on the data being decrypted to mitigate the effect of side channel attacks based on differential power analysis (DPA). The mixing function may be based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations.
    Type: Grant
    Filed: October 8, 2015
    Date of Patent: January 23, 2018
    Assignee: THE BOEING COMPANY
    Inventors: Laszlo Hars, Donald P. Matthews, Jr.
  • Patent number: 9831873
    Abstract: Electronic logic gates that operate using N logic state levels, where N is greater than 2, and methods of operating such gates. The electronic logic gates operate according to truth tables. At least two input signals each having a logic state that can range over more than two logic states are provided to the logic gates. The logic gates each provide an output signal that can have one of N logic states. Examples of gates described include NAND/NAND gates having two inputs A and B and NAND/NAND gates having three inputs A, B, and C, where A, B and C can take any of four logic states. Systems using such gates are described, and their operation illustrated. Optical logic gates that operate using N logic state levels are also described.
    Type: Grant
    Filed: February 10, 2015
    Date of Patent: November 28, 2017
    Assignee: California Institute of Technology
    Inventors: Adrian Stoica, Radu Andrei
  • Patent number: 9832155
    Abstract: Methods and apparatus are disclosed to monitor impressions of social media messages. An example method includes receiving at a server a request for media, the request addressed to a uniform resource locator, the request corresponding to a social media message to be presented with the media, and the request including a user identifier. The method also includes crediting the social media message with an impression based on the request being addressed to the uniform resource locator. The method also includes identifying that the impression corresponds to an original intended recipient of the social media message based on the user identifier matching a second user identifier stored in a list of subscribers that subscribe to receive messages from an original sender of the social media message.
    Type: Grant
    Filed: January 31, 2013
    Date of Patent: November 28, 2017
    Assignee: The Nielsen Company (US), LLC
    Inventors: Steven Splaine, Stanley Woodruff, Ronan Heffernan, Alexandros Deliyannis, Dustin Barlow
  • Patent number: 9832014
    Abstract: A symmetrical iterated block encryption method includes: a bitwise XOR combination of a predetermined data word of a predetermined block with a predetermined data word of a predetermined round key; and a bitwise XOR combination of the predetermined data word with at least one other predetermined data word.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: November 28, 2017
    Assignee: ROBERT BOSCH GMBH
    Inventors: Paulius Duplys, Sebastien Leger
  • Patent number: 9819486
    Abstract: A method of implementing a cryptographic operation using a substitution box, comprising: specifying a set of self-equivalent functions for the substitution box; determining the minimum diversification number of the substitution box over the set of self-equivalent functions; comparing the minimum diversification number to a threshold value; including and implementing a cryptographic operation with selected substitution box when the minimum diversification number is greater or equal to a threshold value.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: November 14, 2017
    Assignee: NXP B.V.
    Inventors: Wil Michiels, Jan Hoogerbrugge
  • Patent number: 9813388
    Abstract: An application is instrumented with a document protection service provider interface (SPI). The interface is used to call an external function, e.g., an encryption utility, to facilitate secure document exchange between a sending entity and a receiving entity. When the application invokes the SPI, the user is provided with a display panel. The end user provides a password for encryption key generation, together with an indication of desired encryption strength. The service provider uses the password to generate an encryption key. In one embodiment, the service provider provides the key to the service provider interface, which then uses the key to encrypt the document and to complete the file transfer operation. In the alternative, the service provider itself performs encryption. The SPI generates and sends a message to the receiving entity that includes the key or a link to enable the receiving entity to retrieve the key.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: November 7, 2017
    Assignee: International Business Machines Corporation
    Inventors: Heather Maria Hinton, Ivan Matthew Milman
  • Patent number: 9798887
    Abstract: Disclosed is an apparatus and method to securely activate or revoke a key. For example, the apparatus may comprise: a storage device to store a plurality of pre-stored keys; a communication interface to receive an activate key command and a certificate associated with one of the pre-stored keys; and a processor. The processor may be coupled to the storage device and the communication interface and may be configured to: implement the activate key command to reboot the apparatus with the pre-stored key and the certificate; and determine if the reboot is successful.
    Type: Grant
    Filed: August 26, 2015
    Date of Patent: October 24, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Ron Keidar, Yau Chu, Xu Guo
  • Patent number: 9794230
    Abstract: A method and system for encrypting data packets in a multimedia stream are disclosed. Each data packet includes a header portion and a payload portion. In one embodiment, one or more data packets are selected from an incoming multimedia stream. Further, one or more of a header portion and a payload portion are selected within the one or more data packets. Furthermore, one or more regions in the selected one or more of the header portion and the payload portion are encrypted using an encryption algorithm.
    Type: Grant
    Filed: July 19, 2014
    Date of Patent: October 17, 2017
    Assignee: ITTIAM SYSTEMS (P) LTD.
    Inventors: Pavan Divakar, Rakshith Shantharaju, Shashank Hegde, Bhavani Gopalakrishna Rao, Abhinandan Kedlaya, Puneet Gupta
  • Patent number: 9794852
    Abstract: The present disclosure relates to a method performed by a network element in a communication network for routing an IP session to a radio device over a WLAN, the IP session comprising at least one bearer. The method comprises obtaining an identifier for each of the at least one bearer of the IP session. The method also comprises mapping downlink data packets of the IP session to the identifier for each of the at least one bearer of the IP session. The method also comprises transmitting each of the DL packets on a bearer of said at least one bearer, together with the identifier for the bearer it has been mapped to, over the WLAN to the radio device. The disclosure also relates to a network element and a radio device, as well as to other methods thereof.
    Type: Grant
    Filed: January 16, 2015
    Date of Patent: October 17, 2017
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Jan Backman, Dinand Roeland, Stefan Rommer, Daniel Nilsson
  • Patent number: 9774443
    Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: September 26, 2017
    Assignee: Apple Inc.
    Inventors: Benoit Chevallier-Mames, Bruno Kindarji, Thomas Icart, Augustin J. Farrugia, Mathieu Ciet
  • Patent number: 9762400
    Abstract: Embodiments include apparatuses, methods, and systems for a physically unclonable function (PUF) circuit. The PUF circuit may include an array of PUF cells to generate respective PUF bits of an encryption code. Individual PUF cells may include first and second inverters cross-coupled between a bit node and a bit bar node. The individual PUF cells may further include a first pre-charge transistor coupled to the bit node and configured to receive a clock signal via a first clock path, and a second pre-charge transistor coupled to the bit bar node and configured to receive the clock signal via a second clock path. Features and techniques of the PUF cells are disclosed to improve the stability and/or bias strength of the PUF cells, to generate a dark bit mask for the array of PUF cells, and to improve resilience to probing attacks. Other embodiments may be described and claimed.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: September 12, 2017
    Assignee: Intel Corporation
    Inventors: Sanu K. Mathew, Sudhir K. Satpathy
  • Patent number: 9754125
    Abstract: An external system (such as a website) that interacts with users communicates with a social networking system to access information about the users, who may also be users of the social networking system. If a privacy setting is changed in the social networking system, and the change applies to information that has been shared with an external system, the change is enforced at the external system. For example, the external system may be notified that the information is invalid and must be deleted, or the external system may periodically request the information so that changes to the privacy settings are eventually experienced at the external systems. When an external system again needs the information, whether expired naturally or actively invalidated by the social network, the external system sends a new request for the information, which is subject to the (possibly revised) privacy settings.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: September 5, 2017
    Assignee: Facebook, Inc.
    Inventors: Michael Steven Vernal, Wei Zhu, James M. Leszczenski, Joshua E. Elman, David Brookes Morin, Charles Duplain Cheever, Ruchi Sanghvi
  • Patent number: 9742765
    Abstract: Provided is an authentication system in which a client terminal that receives input of request information is connected to a server that executes a process with regard to the request information. The client terminal includes: a first authentication information generation unit that generates first authentication information based on information which is shared with the server; an encryption unit that generates encryption information; and a transmission unit that transmits the request information and encryption information to the server.
    Type: Grant
    Filed: January 7, 2015
    Date of Patent: August 22, 2017
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Saburo Toyonaga, Hiroyuki Tanaka, Masakatsu Matsuo
  • Patent number: 9721249
    Abstract: Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.
    Type: Grant
    Filed: November 7, 2016
    Date of Patent: August 1, 2017
    Assignee: Protegrity Corporation
    Inventors: Ulf Mattsson, Yigal Rozenberg
  • Patent number: 9712319
    Abstract: Disclosed is an apparatus and method for encrypting plaintext data. The method includes: receiving at least one plaintext data input; applying a Nonce through a function to the at least one plaintext data input to create Nonced plaintext data outputs and/or to intermediate values of a portion of an encryption function applied to the at least one plaintext data input to create intermediate Nonced data outputs; and applying the encryption function to at least one of the Nonced plaintext data outputs and/or the intermediate Nonced data outputs to create encrypted output data. The encrypted output data is then transmitted to memory.
    Type: Grant
    Filed: February 2, 2016
    Date of Patent: July 18, 2017
    Assignee: QUALCOMM Incorporated
    Inventor: Roberto Avanzi
  • Patent number: 9699167
    Abstract: A method can include receiving a request from a requestor to a given resource, which requestor is registered to access a set of one or more resources. The request includes a ticket that includes signature data generated by an authenticating entity in response to authenticating the requestor. The signature data may be decrypted to provide a decrypted signature. The ticket may be validated in response to the request based on evaluating the decrypted signature. A response can be provided to the requestor based on the validation, and the response can grant the requestor access to the given resource if the validation determines the ticket to be authentic and authorized for the given resource or the response can deny the requestor access to the given resource if the validation determines to reject the ticket.
    Type: Grant
    Filed: January 6, 2015
    Date of Patent: July 4, 2017
    Assignee: Shoretel, Inc.
    Inventors: Michael S. W. Tovino, Amy S. Pendleton
  • Patent number: 9692592
    Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.
    Type: Grant
    Filed: September 27, 2015
    Date of Patent: June 27, 2017
    Assignee: Apple Inc.
    Inventors: Bruno Kindarji, Benoit Chevallier-Mames, Mathieu Ciet, Augustin J. Farrugia, Thomas Icart
  • Patent number: 9686260
    Abstract: The user of any one portable terminal sends a content information request including a user ID to a distribution server. In response, the distribution server distributes a stream data of content that can be used on the user's terminal. If the user of first portable terminal intends to let a second portable terminal try out a certain content, the user sends to the distribution server the trial permission information including the user's own user ID, a content ID of the content of interest, and a digital signature. The distribution server authenticates the received information before distributing a streaming data of a trial-oriented content with the content ID and user ID attached to it as search keys. This allows the content that can be used on a given user terminal to be tried out on another user terminal without the latter user having recourse to the steps of searching for the content in question.
    Type: Grant
    Filed: July 24, 2014
    Date of Patent: June 20, 2017
    Assignee: Sony Corporation
    Inventor: Ryosuke Nomura
  • Patent number: 9672265
    Abstract: Described herein is a computer implemented method for simplifying a hierarchical edit script comprising nodes describing operations which can be applied to dataset A to generate dataset B. The method comprises identifying nodes in the hierarchical edit script that can potentially be simplified and forming one or more node groups, each node group comprising one or more sibling nodes from the hierarchical edit script that are of a same node type and that can potentially be simplified. For each node group the method further comprises identifying a node group type based on a type the node or nodes in the node group, based on the node group type, processing the node group to generate a single node, the single node capturing the operations described by the node or nodes in the node group, and replacing the node group in the hierarchical edit script with the single node.
    Type: Grant
    Filed: May 20, 2015
    Date of Patent: June 6, 2017
    Assignee: ATLASSIAN PTY LTD
    Inventors: Haymo Meran, Tobias Steiner
  • Patent number: 9641491
    Abstract: A method includes generating a first sequence of data words for sending over an interface. A second sequence of signatures is computed and interleaved into the first sequence, so as to produce an interleaved sequence in which each given signature cumulatively signs the data words that are signed by a previous signature in the interleaved sequence and the data words located between the previous signature and the given signature. The interleaved sequence is transmitted over the interface.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: May 2, 2017
    Assignee: WINBOND ELECTRONICS CORPORATION
    Inventors: Uri Kaluzhny, Nir Tasher
  • Patent number: 9639674
    Abstract: A method of performing a keyed cryptographic operation by a cryptographic system mapping an encoded input message to an output message, including: receiving an encoding selection parameter p; receiving the encoded input message, wherein the encoding on the input message corresponds to the encoding selection parameter p; decoding the input message using an inverse of a default input encoding; computing a first portion of the cryptographic operation on the decoded input message to produce a first portion output; and compensating the first portion output based upon the encoding selection parameter p.
    Type: Grant
    Filed: December 18, 2014
    Date of Patent: May 2, 2017
    Assignee: NXP B.V.
    Inventors: Wil Michiels, Jan Hoogerbrugge
  • Patent number: 9614668
    Abstract: In a general aspect, a conversion scheme is used with a cryptographic system. In some aspects, a pad bit vector is generated based on a size of a message bit vector, and a record bit vector is generated based on the pad bit vector. The record bit vector indicates the size of the pad bit vector. The record bit vector, the message bit vector, and the pad bit vector are combined to yield a first bit vector. A hash function is applied to the first bit vector, and an encryption function is applied to a portion of the first bit vector. A ciphertext is generated based on the output of the hash function and the output of the encryption function.
    Type: Grant
    Filed: September 14, 2016
    Date of Patent: April 4, 2017
    Assignee: ISARA Corporation
    Inventors: Sean Simmons, Jiayuan Sui
  • Patent number: 9602273
    Abstract: A device and method for performing a keyed cryptographic operation mapping an input message to an output message including a first and a second round, wherein the cryptographic operation includes a key scheduling method that produces round keys based upon the encryption key, including: instructions for receiving a first input by the first round; instructions for receiving a second input by the first round; instructions for outputting the second input as a third input to the second round; instructions for performing a first cryptographic operation on the second input using a first static round key to produce a first cryptographic output; and instructions for combining first input, the first cryptographic output, and a second encoded dynamic round key to produce a fourth input to the second round, wherein the second encoded dynamic round key is produced by inputting an encoded dynamic encryption key into the key scheduling method.
    Type: Grant
    Filed: May 6, 2015
    Date of Patent: March 21, 2017
    Assignee: NXP B.V.
    Inventors: Wil Michiels, Jan Hoogerbrugge
  • Patent number: 9596089
    Abstract: The invention relates to a method for generating a certificate for signing electronic documents by means of an ID token (106), having the following steps: —sending (201) a transaction request for a user to carry out a transaction, —as a result of the sending of the transaction request, a check is carried out as to whether the certificate (519) is available and if this is not the case, carrying out the following steps: generating (206) an asymmetrical key pair consisting of a private key and a public key using an ID token, said ID token (106) being assigned to the user; storing (207) the generated asymmetrical key pair on the ID token, wherein at least the private key is stored in a protected memory region of the ID token; transmitting (208; 509) the generated public key (518) to a first computer system, and generating (209) the certificate (519) by means of the first computer system for the public key.
    Type: Grant
    Filed: June 10, 2011
    Date of Patent: March 14, 2017
    Assignee: BUNDESDRUCKEREI GMBH
    Inventors: Enrico Entschew, Klaus-Dieter Wirth
  • Patent number: 9569210
    Abstract: An apparatus is described that includes an execution unit within an instruction pipeline. The execution unit has multiple stages of a circuit that includes a) and b) as follows: a) a first logic circuitry section having multiple mix logic sections each having: i) a first input to receive a first quad word and a second input to receive a second quad word; ii) an adder having a pair of inputs that are respectively coupled to the first and second inputs; iii) a rotator having a respective input coupled to the second input; iv) an XOR gate having a first input coupled to an output of the adder and a second input coupled to an output of the rotator. b) permute logic circuitry having inputs coupled to the respective adder and XOR gate outputs of the multiple mix logic sections.
    Type: Grant
    Filed: July 6, 2016
    Date of Patent: February 14, 2017
    Assignee: Intel Corporation
    Inventors: Gilbert M. Wolrich, Kirk S. Yap, James D. Guilford, Erdinc Ozturk, Vinodh Gopal, Wajdi K. Feghali, Sean M. Gulley, Martin G. Dixon
  • Patent number: 9571269
    Abstract: A problem to be solved is to reduce processing time when a block cipher which refers to a table is implemented in software. An encryption device includes: a round-key generation module which generates a round key from a secret key; a table-entry generation module which adds a starting address of an n-bit S-box table (n?2) aligned to a 2m-bit boundary (m?n) in a memory, and the round key, and holds an obtained value as a table entry; and a data mixing module which mixes data by referring to the S-box stored in the first memory, by using, as a table index, an exclusive OR between the table entry stored in the second memory and the data.
    Type: Grant
    Filed: June 27, 2013
    Date of Patent: February 14, 2017
    Assignee: NEC CORPORATION
    Inventor: Tomoyasu Suzuki
  • Patent number: 9563729
    Abstract: A first signal and a second signal associated with a circuit may be identified. A first count of a number of times that the second signal is associated with a transition when the first signal is at a first value may be determined. Furthermore, a second count of a number of times that the second signal is associated with a transition when the first signal is at a second value may be determined. A value corresponding to the dependence between the second signal and the first signal may be calculated based on the first count and the second count.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: February 7, 2017
    Assignee: CRYPTOGRAPHY RESEARCH, INC.
    Inventors: Andrew John Leiserson, Megan Anneke Wachs
  • Patent number: 9558375
    Abstract: A device includes one or more registers and circuitry. The circuitry subjects a key having a number of bits to a first function which takes a selection value into account, generating a result having a number of bits which is twice the number of bits of the key, and stores the result in the one or more registers. In response to a call for the key, the circuitry subjects the result stored in the one or more registers to a second function which takes the selection value into account to generate a response having a same value as the key.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: January 31, 2017
    Assignee: STMicroelectronics (Rousset) SAS
    Inventors: Pierre-Yvan Liardet, Yannick Teglia, Jerome Tournemille
  • Patent number: 9544131
    Abstract: A cryptographic device performs modular addition between a first integer value x and a second integer value y in a processor by: obtaining a first masked input {circumflex over (x)}, a second masked input ?, a first mask rx and a second mask ry, the first masked input {circumflex over (x)} resulting from the first integer value x masked by the first mask rx and the second masked input ? resulting from the second integer value y masked by the second mask ry; computing a first iteration masked carry value ?1, using the first masked input {circumflex over (x)}, the second masked input ?, the first mask rx, the second mask ry and a carry mask value ?; recursively updating the masked carry value ?i to obtain a final masked carry value ?k?1, wherein the masked carry value is updated using the first masked input {circumflex over (x)}, the second masked input ?, the first mask rx, the second mask ry, and the carry mask value ?; combining the first masked input {circumflex over (x)} and the second masked input ? and t
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: January 10, 2017
    Assignee: THOMSON LICENSING
    Inventors: Mohamed Karroumi, Benjamin Richard, Marc Joye
  • Patent number: 9544266
    Abstract: A method includes receiving, at a server, a request from a DNS client. The request identifies a domain name to be resolved that is not able to be resolved by the server. The method includes identifying a hash of the domain name as being part of a set of hashes. The hash of the domain name identified at the server was computed using a first cryptographic technique. However, the hash can be computed by an external system using a second cryptographic technique. The first cryptographic technique is able to compute the hash in substantially fewer or substantially less complex operations than the operations required to compute the hash using the second cryptographic technique. The method further includes returning a result indicating that the domain name cannot be resolved, including returning an indicator identifying the set of hashes.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: January 10, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Jonathan Roshan Tuliani
  • Patent number: 9509495
    Abstract: A data protection method and apparatus that can protect data through encryption using a Boolean function is provided. The data protection method includes applying an inverse affine transformation to data to be encrypted using a Boolean function; applying round operations of an Advanced Encryption Standard (AES) cryptographic algorithm to the inverse-affine transformed data; and producing ciphertext data by applying an affine transformation to the result of the round operations.
    Type: Grant
    Filed: August 8, 2014
    Date of Patent: November 29, 2016
    Assignees: Samsung Electronics Co., Ltd, SNU R&DB Foundation
    Inventors: Kyunghee Lee, Junghee Cheon, Eunyoung Kwon, Bumhan Kim, Jinsu Kim, Hongtae Kim, Hansol Ryu, Hyunsook Hong
  • Patent number: 9491165
    Abstract: A first device may receive a first password from a second device. The first password may be generated based on first time information and first location information identifying a geographic location of the second device. The first device may, determine a second password based on second time information and second location information identifying the geographic location of the second device. The first device may determine that the second device is located at the geographic location at a particular time when characters in the first password match characters in the second password, and may provide a service based on determining that the second device is located at the geographic location at the particular time.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: November 8, 2016
    Assignee: Juniper Networks, Inc.
    Inventor: Srikanth Prabhu Koneru
  • Patent number: 9483634
    Abstract: Methods and apparatus are disclosed for generating a short term password that may be used to access a data warehouse. According to aspects of the disclosure, a user may request a password after inputting a data warehouse environment, an ID name, and a reason for the password reset. A server may receive the request and determine whether the difference in time of the present request and a previous request for the same ID name and data warehouse environment is greater than a time limit. Additionally, the server may determine whether a previous user has logged in using a password for the same ID name and data warehouse environment. Thereafter, the server may generate and output a short term password that expires after the time limit.
    Type: Grant
    Filed: January 25, 2016
    Date of Patent: November 1, 2016
    Assignee: Bank of America Corporation
    Inventors: Denise Alexander, Sugumar Balaraman, Thiyagu Chandran, Prabhu Davidraj, Judeson Bobson John, Mary E. Merrill, Meenakshi Sundaram Natarajan, Senthil Thiyagarajan, Jerome Zott
  • Patent number: 9405537
    Abstract: An apparatus is described that includes an execution unit within an instruction pipeline. The execution unit has multiple stages of a circuit that includes a) and b) as follows. a) a first logic circuitry section having multiple mix logic sections each having: i) a first input to receive a first quad word and a second input to receive a second quad word; ii) an adder having a pair of inputs that are respectively coupled to the first and second inputs; iii) a rotator having a respective input coupled to the second input; iv) an XOR gate having a first input coupled to an output of the adder and a second input coupled to an output of the rotator. b) permute logic circuitry having inputs coupled to the respective adder and XOR gate outputs of the multiple mix logic sections.
    Type: Grant
    Filed: December 22, 2011
    Date of Patent: August 2, 2016
    Assignee: Intel Corporation
    Inventors: Gilbert M. Wolrich, Kirk S. Yap, James D. Guilford, Erdinc Ozturk, Vinodh Gopal, Wajdi K. Feghali, Sean M. Gulley, Martin G. Dixon
  • Patent number: 9350533
    Abstract: An approach is provided for enabling a web browser to decrypt and to display encrypted information based on entropy calculations of the information. The decryption manager determines at least one entropy value for at least one element of at least one webpage. The decryption manager causes, at least in part, a decryption of the at least one element to generate at least one decrypted element based, at least in part, on a comparison of the at least one entropy value against one or more entropy threshold values.
    Type: Grant
    Filed: September 4, 2012
    Date of Patent: May 24, 2016
    Assignee: NOKIA TECHNOLOGIES OY
    Inventor: Ian Justin Oliver
  • Patent number: 9319878
    Abstract: Enhanced cryptographic techniques are provided which facilitate higher data rates in a wireless communication system. In one aspect, improvements to the ZUC algorithm are disclosed which can reduce the number of logical operations involved key stream generation, reduce computational burden on a mobile device implementing ZUC, and extend battery life. The disclosed techniques include, for instance, receiving, at a wireless communication apparatus, a data stream having data packets for ciphering or deciphering. The wireless apparatus can generate a cipher key for the cryptographic function, determine a starting address of a first data packet in the data stream and shift the cipher key to align with the starting address of the first data packet. Once aligned, the processing apparatus applies the cryptographic function to a first block of the first data packet using the shifted cipher key and manages a remaining portion of the cipher key to handle arbitrarily aligned data across multiple packets.
    Type: Grant
    Filed: September 11, 2013
    Date of Patent: April 19, 2016
    Assignee: QUALCOMM Incorporated
    Inventors: Justin Y. Wei, Antoine Dambre, Christopher Ahn, Gurvinder Singh Chhabra
  • Patent number: 9305590
    Abstract: A device comprises a data storage media storing data content and a digital signature. At least a portion of the digital signature is encrypted on the data storage media. The device also includes a removable control circuitry including a unique key. If the unique key corresponds to the encrypted portion of the digital signature, the removable control circuitry allows access to the data content. If the unique key does not correspond to the encrypted portion of the digital signature, the removable control circuitry prevents access to the data content. Embodiments of the invention may be useful to prevent a user from accessing the data content without the original control circuitry used to write the data content. For example, embodiments of the invention may prevent a user from using a different control circuitry that would readily allow unauthorized copying and distribution of the data content.
    Type: Grant
    Filed: October 16, 2007
    Date of Patent: April 5, 2016
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventor: Michael H. Miller
  • Patent number: 9294266
    Abstract: Disclosed is an apparatus and method for encrypting plaintext data. The method includes: receiving at least one plaintext data input; applying a Nonce through a function to the at least one plaintext data input to create Nonced plaintext data outputs and/or to intermediate values of a portion of an encryption function applied to the at least one plaintext data input to create intermediate Nonced data outputs; and applying the encryption function to at least one of the Nonced plaintext data outputs and/or the intermediate Nonced data outputs to create encrypted output data. The encrypted output data is then transmitted to memory.
    Type: Grant
    Filed: June 27, 2013
    Date of Patent: March 22, 2016
    Assignee: QUALCOMM Incorporated
    Inventor: Roberto Avanzi
  • Patent number: 9246882
    Abstract: An approach is provided for generating a structured and partially regenerable identifier. An identification generation platform receives a request to generate at least one regenerable that includes, at least in part, a plurality of fields. The identification generation platform determines to separately hash and/or encrypt the respective ones of the plurality of fields. A generation of the at least one identifier is caused, based at least in part, on the hashed and/or encrypted respective ones of the plurality of fields.
    Type: Grant
    Filed: August 24, 2012
    Date of Patent: January 26, 2016
    Assignee: NOKIA TECHNOLOGIES OY
    Inventor: Ian Justin Oliver
  • Patent number: 9235797
    Abstract: An IC card may include a substrate having opposing first and second surfaces, and a circuit carried by the substrate adjacent the first surface of the substrate. The substrate may include a first area defining a first sector of the substrate carrying the circuit and configured to be separated from the IC card, the first sector having a form and size based upon a first IC card format, the first area having a first line delimiting the first sector to the first IC card format. The substrate may include a second area defining a second sector around the first sector and configured to be separated from the IC card based upon a second line. The second sector may have a form and size based upon at least one of a second IC card format and a third IC card format.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: January 12, 2016
    Assignee: STMICROELECTRONICS S.R.L.
    Inventors: Giuliano Filpi, Antonio Sismundo, Raffaele Caiazzo
  • Patent number: 9197412
    Abstract: A cryptography circuit protected by masking, said circuit including means for encrypting binary words using at least one key krc, means for applying linear processing operations and nonlinear processing operations to said words and means for masking said words. The binary words are unmasked upstream of the nonlinear processing operations by using a mask kri and masked downstream of said processing operations by using a mask kr+1i, the masks kri and kr+1i being chosen from a set of masks that is specific to each instance of the circuit.
    Type: Grant
    Filed: November 8, 2010
    Date of Patent: November 24, 2015
    Assignee: Institut Telecom—Telecom Paris Tech
    Inventors: Sylvain Guilley, Jean-Luc Danger
  • Patent number: 9166793
    Abstract: A method and system for authenticating messages is provided. A message authentication system generates an encrypted message by encrypting with a key a combination of a message and a nonce. The message authentication system generates a message authentication code based on a combination of the message and the nonce modulo a divisor. To decrypt and authenticate the message, the message authentication system generates a decrypted message by decrypting with the key the encrypted message and extracts the message and the nonce. The message authentication system then regenerates a message authentication code based on a combination of the extracted message and the extracted nonce modulo the divisor. The message authentication system then determines whether the regenerated message authentication code matches the original message authentication code. If the codes match, then the integrity and authenticity of the message are verified.
    Type: Grant
    Filed: December 4, 2012
    Date of Patent: October 20, 2015
    Assignee: University of Washington
    Inventors: Radha Poovendran, Basel Alomair