Abstract: An apparatus and method for implementing a secure quantum cryptography system using two non-orthogonal states. For each qubit, the emitter station prepares a quantum system in one of two non-orthogonal quantum states in the time-basis to code bit values. Intra- and inter-qubit interference is then used to reveal eavesdropping attempts. Witness states are used to help reveal attacks performed across the quantum system separation.

Abstract: An encryption technique is disclosed for encrypting a plurality of data blocks of a data segment where the encryption selectively switches between a blockwise independent randomized (BIR) encryption mode and a cipher block chaining (CBC) encryption mode based on a configurable feedback stride. A corresponding decryption technique is also disclosed.

Abstract: A system and method for providing load balanced secure media content and data delivery (10) in a distributed computing environment is disclosed. Media content is segmented and encrypted into a set of individual encrypted segments on a centralized control center (15). Each individual encrypted segment has the same fixed size. The complete set of individual encrypted segments is staged to a plurality of intermediate control nodes (17, 19). Individual encrypted segments are mirrored from the staged complete set to a plurality of intermediate servers (21a-b, 23a-b). Requests are received from clients (11) for the media content at the centralized control center. Each individual encrypted segment in the set is received from one of an intermediate control node and an intermediate server optimally sited from the requesting client. The individual encrypted segments are reassembled into the media content for media playback.

Abstract: A method of providing cipher data during a period of time when output of a primary source of cipher data is unavailable is disclosed. The method comprises switching from a primary source of cipher data to an alternate source of cipher data at a beginning of the period of time; using the cipher data from the alternate source during the period of time; and switching back to the primary source at an end of the period of time.

Abstract: The present disclosure relates to a countermeasure method in an integrated circuit comprising at least one first logic circuit and at least one first input register supplying the first logic circuit with a datum, the method comprising steps of introducing a random datum into each first input register of the first logic circuit and of the first logic circuit reading the random datum in each first input register, then of introducing a datum to be processed into each first input register, and of the first logic circuit processing the datum in each first input register.

Abstract: An apparatus, method, system and computer-readable medium are provided for preserving an encryption of data when confronted by an attack, such as a side channel analysis (SCA) attack based on a statistical analysis. In some embodiments, hardware, software, and/or firmware associated with an encryption calculation may be exercised or accessed during a background operation when an actual or real operation is not taking place. During the background operation, dummy values for data and one or more keys may be input to the hardware. A switching between the real operation and the background operation may take place seamlessly such that measurement of a physical characteristic associated with the hardware is indistinguishable in terms of when the real and background operations are active. In this manner, the secrecy of a key used in connection with the real operation may be preserved.

Abstract: Instructions and logic provide secure cipher hashing algorithm round functionality. Some embodiments include a processor comprising: a decode stage to decode an instruction for a secure cipher hashing algorithm, the first instruction specifying a source data, and one or more key operands. Processor execution units, are responsive to the decoded instruction, to perform one or more secure cipher hashing algorithm round iterations upon the source data, using the one or more key operands, and store a result of the instruction in a destination register. One embodiment of the instruction specifies a secure cipher hashing algorithm round iteration using a Feistel cipher algorithm such as DES or TDES. In one embodiment a result of the instruction may be used in generating a resource assignment from a request for load balancing requests across the set of processing resources.

Abstract: A server receives identifying information of a user of a client device and data encrypted with a public key of a group, where the encrypted data includes an encrypted session key for secure content. The server determines whether the user is a member of the group using the identifying information of the user. If the user is a member of the group, the server decrypts the encrypted session key using a private key of the group, and causes the client device to obtain a session key to access the secure content.

Abstract: According to an embodiment, an encryption device includes a symmetric-key operation unit; a division unit; an exclusive OR operation unit; a multiplication unit that performs multiplication on a Galois field; and a control unit that controls the above units. When the input data is divided into blocks, with the predetermined length, and the first mode of operation is designated on a (j?1)-th block, the control unit performs control such that the multiplication unit performs multiplication with a predetermined value based on the (j?1)-th block, performs control such that the exclusive OR operation unit sums a multiplication result and data of a j-th block, and performs control such that the exclusive OR operation unit sums an operation result of the exclusive OR operation unit and an operation result of the multiplication unit on the (j?1)-th block.

Abstract: A method and system for hybrid encryption wherein all of the round function variables including the encryption algorithm change for each round. This permits the generation of block sizes and key sizes of any length and use standard block sizes and key sizes for the respective symmetric algorithm for each round function.

Abstract: Implementations of Advanced Encryption Standard (AES) encryption and decryption processes are disclosed. In one embodiment of S-box processing, a block of 16 byte values is converted, each byte value being converted from a polynomial representation in GF(256) to a polynomial representation in GF((22)4). Multiplicative inverse polynomial representations in GF((22)4) are computed for each of the corresponding polynomial representations in GF((22)4). Finally corresponding multiplicative inverse polynomial representations in GF((22)4) are converted and an affine transformation is applied to generate corresponding polynomial representations in GF(256). In an alternative embodiment of S-box processing, powers of the polynomial representations are computed and multiplied together in GF(256) to generate multiplicative inverse polynomial representations in GF(256).

Abstract: A vehicle central lock antitheft method and system includes a central lock system which is connected by radio with a remote controller for identity verification using rolling codes (S101, S102), wherein the central lock system chooses a security state (S103) and transmits the security state to an engine management system according to the verification result, the ignition IG status and the door switch status signal indicating opening or closing of the door (S104). The engine management system receives the security state transmitted by the central lock system and verifies the identity of the central lock system by code matching (S106); security identification between the engine management system and the central lock system is carried out by bidirectional encryption communication (S107). The engine management system then decides whether or not to lock the engine according to the result of the security identification.

Abstract: A method for protection of cloud computing includes homomorphic encryption of data. Partially or fully homomorphic encryption allows for data within the cloud to be processed without decryption. A partially or fully homomorphic encryption is provided. The proposed scheme can be used with both an algebraic and analytical approaches. A cloud service is implemented on a server. A client encrypts data using fully homomorphic encryption and sends it to the server. The cloud server performs computations without decryption of the data and returns the encrypted calculation result to the client. The client decrypts the result, and the result coincides with the result of the same calculation performed on the initial plaintext data.

Abstract: A method and device for transforming data with a secret parameter in an elliptic curve cryptosystem based on an elliptic curve defined over an underlying prime field, includes multiplying a point of the elliptic curve; representing the data to be transformed, by a scalar representing the secret parameter, wherein the multiplying includes performing at least one point addition operation and at least one point doubling operation on points of the elliptic curve; providing a representation in affine coordinates of the elliptic curve point to be multiplied and a representation in projective coordinates of intermediate elliptic curve points obtained during the multiplying; performing both the point addition operation and the point doubling operation by means of a sequence of elementary prime field operation types, the elementary prime field operation types including: a first type of prime field operations including field multiplication and field squaring of coordinates of the elliptic curve points and a second type

Abstract: According to one embodiment, a cryptographic apparatus includes: cryptographic cores (“cores”), an assigning unit, a concatenating unit, and an output controlling unit. If a CTS flag thereof is on, each core encrypts using a symmetric key cipher algorithm utilizing CTS, while using a symmetric key. When an input of a CTS signal is received, the assigning unit assigns first input data to a predetermined core and turns on the CTS flag thereof. The concatenating unit generates concatenated data by concatenating operation data generated during encrypting the first input data, with second input data that is input immediately thereafter. The output controlling unit controls outputting the concatenated data to the predetermined core, outputting first encrypted data obtained by encrypting the concatenated data, and over outputting second encrypted data obtained by encrypting the first input data, and further turns off the predetermined core's CTS flag.

Abstract: A method and apparatus for improving hardware flexibility for encrypting data based on the Advanced Encryption Standard (AES) block algorithm is provided. An encryption apparatus is equipped with a shared logic including a mode detector which detects a current AES mode performed by an AES block algorithm, a shared hardware for use in the detected AES mode, and a key controller which generates a key for performing encryption/decryption in the AES mode.

Abstract: A system and method for securing data by receiving encrypted data at a security appliance transmitted from a client, wherein at least a portion of the encrypted data is encrypted according to a first encryption protocol, and wherein the encrypted data is transmitted to the security appliance according to a first data transfer protocol. The encrypted data is then decrypted at the security appliance, wherein at least a portion of the decrypted data is re-encrypted according to a second encryption protocol at the security appliance. The re-encrypted data is transmitted from the security appliance to a storage device, wherein the re-encrypted data is transmitted according to a second data transfer protocol that is different than the first data transfer protocol.

Abstract: A server having an automaton whose state transitions in accordance with received characters, determines whether the automaton has transitioned to a final state on the basis of the characters. The server receives a coding sequence from the client in the characters included in the string. The coding sequence elements corresponding to the characters are values encrypting a non-unity using a first encryption scheme having homomorphism, and whose elements not corresponding to the characters are values encrypting a unity using the first encrypting scheme. The server generates, in response to receiving the coding sequence, exchange data encrypting a subsequent state key corresponding to each of a plurality of previous states of the automaton on the basis of the coding sequence using the first encryption scheme; encrypts exchange data with the corresponding previous state key and sends the encrypted exchange data to the client.

Abstract: A method for producing a hardware device, in particular a trusted platform module for the execution of at least one cryptographic algorithm, the hardware device corresponding to a real-time class, i.e., it fulfils specifiable run-time requirements for real-time applications, wherein the method comprises preparing at least one cryptographic algorithm in the manner of a program code; determining a maximum/longest execution time (WCET) for the algorithm, producing a tamper-proof hardware module, which is configured to execute the algorithm, and assigning the hardware module to a real-time class depending on the maximum/longest execution time (WCET).

Abstract: The Advanced Encryption Standard (AES) is a symmetric block cipher that can encrypt and decrypt information. Encryption (cipher) performs a series of transformations (Shift Rows, Substitute Bytes, Mix Columns) using the secret key (cipher key) to transforms intelligible data referred to as “plaintext” into an unintelligible form referred to as “cipher text”. The transformations (Inverse Shift Rows, Inverse Substitute Bytes, Inverse Mix Columns) in the inverse cipher (decryption) are the inverse of the transformations in the cipher. Encryption and decryption is performed efficiently through the use of instructions that perform the series of transformations. Combinations of these instructions allow the isolation of the transformations (Shift Rows, Substitute Bytes, Mix Columns, Inverse Shift Rows, Inverse Substitute Bytes, Inverse Mix Columns) to be obtained.

Abstract: A 3D object is protected by a first device that receives the 3D object, generates translation vectors that are added to the points of the 3D object to obtain a protected 3D object, and outputs the protected 3D object. The protected 3D object is unprotected by a second device by receiving the protected 3D object, generating translation vectors that are subtracted from the points of the protected 3D object to obtain an unprotected 3D object, and outputting the unprotected 3D object. Also provided are the first device, the second device and computer readable storage media.

Abstract: An integrated memory circuit applies to an S-box of a cryptographic circuit. The integrated memory circuit includes a row decoder, a column decoder, and a sense amplifier composed of a domino-RSL circuit, wherein data reading and data writing from/to memory cells of a memory cell array are performed via two complementary bit lines, and the transition probability of a signal line is equalized by input of random-number data supplied from a random-number generating circuit using an arbiter circuit.

Abstract: Processing of masked data using table lookups is described. A mask is applied to input data to generate masked input data. The mask and the masked input data are used in combination to locate an entry in a lookup table. The entry corresponds to a transformed version of the input data.

Abstract: Disclosed are a method and apparatus for a data storage library comprising a plurality of drives and a combination bridge controller device adapted to direct and make compatible communication traffic between a client and the plurality of drives. The combination bridge controller device is further adapted to encrypt a first data package received from the client. The combination bridge controller device is further adapted to transmit the encrypted first data package, a first moniker and a first message authentication code to one of the plurality of drives for storage to a cooperating mobile storage medium. The combination bridge controller device is further adapted to decrypt the first data package when used in combination with a first key associated with the first moniker and guarantee the decryption of the first data package was successfully accomplished with authentication of the first message authentication code.

Abstract: A method is described for negotiating the use of multi-link ciphering and for the generation of unique keys for each of the links using a single 4-way handshake protocol exchange.

Abstract: A method for verifying the integrity of a key implemented in a symmetrical ciphering or deciphering algorithm, including the steps of complementing to one at least the key; and verifying the coherence between two executions of the algorithm, respectively with the key and with the key complemented to one.

Abstract: Disclosed embodiments include methods and apparatuses for secure iterative processing of encrypted signals based on implementing a secure iterative processing protocol that avoids cipher blowup, and applying an iterative algorithm directly on the encrypted signals to generate an encrypted processed output signal. In a particular embodiment, the protocol comprises applying homomorphic linear processing, preparing and applying a rescaling module to avoid cypher blowup, and homomorphically adapting the encrypted signals. Specific embodiments implement iterative adaptive filtering algorithms in the encrypted domain including non-collaborative secure filtering and two-party filtering based on homomorphic encryption, interactive secure protocols, garbled circuits, or a combination thereof.

Abstract: A mobile terminal includes a near-field communication device capable of performing near-field wireless communication with an external device, and a controller configured to instruct the external device or the near-field communication device to execute a command. The near-field communication device has a storage unit, a first mutual authentication unit for authenticating the controller and for requesting the controller to authenticate the near-field communication device, a first communication key setting unit for setting a first communication key, a second mutual authentication unit for authenticating the external device and for requesting the external device to authenticate the near-field communication device, and a second communication key setting unit for setting a second communication key.

Abstract: An electronic book distribution system encrypts distributed electronic books (“eBooks”) with a content key. The content key is in turn encrypted with a voucher key. The voucher key for a particular eBook is generated based on a combination of (a) an ID or serial number of an eBook reader device to which the eBook is being distributed, (b) a user account secret associated with a user of the eBook reader device, and (c) metadata associated with the eBook itself.

Abstract: Methods and systems for cryptography use a reconfigurable platform to perform cryptographic functions. Where a reconfigurable platform is use the configuration may be used as a key or secret. The function schema may be maintained as public. The reconfigurable platform may be implemented in a manner to provide desirable families of functions, including reconfigurable functions which are pseudo one-way and pseudo random. An electronic device may include a reconfigurable platform adapted to perform cryptographic functions wherein a configuration of the reconfigurable platform is used as a secret.

Abstract: A data conversion algorithm achieving efficient data diffusion is achieved. For example, in a configuration where a various processes are executed on two data segments which are resultants of dividing a rectangular matrix of data containing arranged one-byte data blocks into two parts to perform data conversion, efficient data scrambling with less operation cost is achieved by executing a linear conversion process on one of the data segments, an exclusive OR operation between the two data segments, a shift process on one of the data segments, and a swap process between the two data segments. Moreover, cryptographic processing with a high security level is achieved by including nonlinear conversion or key application operation on the data segments.

Abstract: An information processing apparatus includes: a program executing unit which interprets and executes codes of a computer program created in a procedural language in an environment with a tamper resistant performance, wherein a security attribute and an authentication key are provided in units of functions in the computer program executed by the program executing unit, and wherein the program executing unit executes authentication processing with the authentication key for executing the function, which makes it possible to execute the function based on the security attribute.

Abstract: Methods and apparatus to speed up Galois Counter Mode (GCM) computations are described. In one embodiment, a carry-less multiplication instruction may be used to perform operations corresponding to verification of an encrypted message in accordance with GCM. Other embodiments are also described.

Abstract: To improve a communication system including two communication apparatuses in order to reduce a possibility of having communication thereof decrypted by a third party. The communication system includes a first communication apparatus and a second communication apparatus, where one of the communication apparatuses encrypts transmission subject data to generate encrypted data and transmits it to the other communication apparatus which then decrypts received encrypted data. Before performing encryption, each of the communication apparatuses cuts the transmission subject data by a predetermined number of bits to generate transmission subject cut data. In this case, each of the communication apparatuses varies the number of bits of the transmission subject cut data, and mixes dummy data of a size of which number of bits matches with the largest number of bits out of the numbers of bits of the transmission subject cut data into the transmission subject cut data other than that of the largest number of bits.

Abstract: An Advanced Encryption Standard (AES) key generation assist instruction is provided. The AES key generation assist instruction assists in generating round keys used to perform AES encryption and decryption operations. The AES key generation instruction operates independent of the size of the cipher key and performs key generation operations in parallel on four 32-bit words thereby increasing the speed at which the round keys are generated. This instruction is easy to use in software. Hardware implementation of this instruction removes potential threats of software (cache access based) side channel attacks on this part of the AES algorithm.

Abstract: An embodiment generally relates to a method of strong encryption. The method includes generating a first cryptographic key based on a random number and generating a second cryptographic key based on a password. The method also includes encrypting private data with the first cryptographic key to arrive at wrapped private data and encrypting the first cryptographic key with the second cryptographic key to arrive at a wrapped first cryptographic key.

Abstract: A side channel attack utilizes information gained from the physical implementation of a cryptosystem. Software and hardware-based systems and methods for preventing side channel attacks are presented. Cryptographic hardware may introduce dummy operations to compensate for conditional math operations in certain functions such as modular exponentiation. Cryptographic hardware may also introduce random stalls of the data path to introduce alterations in the power profile for the operation. A cryptographic function may be mapped to a micro code sequence having a plurality of instructions. Firmware in the cryptosystem may alter the micro code sequence by altering the order of instructions, add dummy operations in the micro code sequence, break the micro code sequence into multiple sub micro code sequences and/or change the register location for source and destination operands used in the sequence. These alterations are designed to randomly change the timing and power profile of the requested function.

Abstract: Mechanisms for evaluating downgrader code in application code with regard to a target deployment environment. Downgrader code in the application code is identified. Based on an input string, an output string that the downgrader code outputs in response to receiving the input string is identified. One or more sets of illegal string patterns are retrieved. Each of the one or more sets of illegal string patterns is associated with a corresponding deployment environment. The illegal string patterns are string patterns that a downgrader identifies in the information flow for security purposes. A determination is made as to whether the downgrader code is compatible with the target deployment environment based on the one or more sets of illegal string patterns and the output string. An output indicative of the results of the determining is generated.

Abstract: An encryption method and device employing a modified low-resource AES algorithm. The algorithm in one embodiment has a 128-bit key and a 16-bit data type, along with optimization functions including function inlining, memory move reduction via multiple transformations on a given state during a given iteration of a main loop of the algorithm, pointer-based accessing of the state from a transformation function, and a global key schedule. Another embodiment of the invention is a low-power secure communication device comprising a ZigBee-compliant transceiver having a maximum over-the-air data rate of 250 kbps, and a 16-bit RISC encryption processor configured to implement an AES algorithm adapted to encrypt data at a faster rate than 250 kbps. The AES algorithm only requires about 5000 bytes of ROM and about 250 bytes of RAM.

Abstract: In an advanced metering infrastructure environment, software program statements and/or data may be encrypted. A microcontroller unit may include a first cache configured to store a block of encrypted data obtained from an external memory device. A decryption engine may decrypt the block of encrypted data for storage in a second cache. An address alignment module may be configured to receive input from a program counter and to calculate an offset pointer. The offset pointer may indicate a particular word in the block of decrypted data within the second cache for transmission to an instruction register for use by an application program. An address generator may be configured to receive input from the address alignment module and to indicate a block of data in the external memory device to be loaded into the first cache, to thereby replace the encrypted data sent to the decryption engine.

Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.

Abstract: A cryptographic device includes a first state module, a key addition module, a byte substitution module, and a column mixing module. The first state module stores a first data block. The key addition module adds a key to the first data block to generate a second data block. The byte substitution module replaces each byte of the second data block to generate a third data block. The byte substitution module includes a first byte substitution sub-module that generates an intermediate data block in response to the second data block, a pipeline register that stores the intermediate data block, and a second byte substitution sub-module that generates the third data block in response to the intermediate data block. The column mixing module generates a fourth data block based on the third data block and provides the fourth data block to the first state module for storage.

Abstract: Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys.

Abstract: The present invention prevents illegitimate access to a user computing machine. A method in accordance with an embodiment includes: setting an authentication routine in the user computing machine; generating a virtual keyboard on the user computing machine; entering a user identification through the virtual keyboard, the user identification being entered according to a virtual keyboard form factor; comparing the entered user identification with a secure user identification previously stored in the user computing machine; and validating the user access to the user computing machine if a match occurs, otherwise denying access.

Abstract: Provided is a cryptographic device implementing an S-Box of an encryption algorithm using a many-to-one binary function. The cryptographic device includes: arrays of first logic gates including I first logic gates which each receive 2 bits of an input signal; 2N second logic gates which each receive corresponding J bits from among I bits output from the arrays of the first logic gates; and L third logic gates which each receive K bits from among 2N bits output from the second logic gates, wherein there is a many-to-one correspondence between the N bits of the input signal and the K bits input to each of the third logic gates, and wherein the N, I, J, K, and L are positive integers. Because a signal output from each array includes only one active bit, current is always consumed constantly to prevent internal data from leaking out to a hacker.

Abstract: The public exponent e of an RSA key is embedded in a RSA key object that lacks this exponent. During exponentiation, the public exponent e may be extracted and used to verify that the result of the exponentiation is correct. The result is output only if this is the case. The invention counters fault-attacks. Also provided are an apparatus and a computer program product.

Abstract: To realize a common-key block cipher process configuration with increased difficulty of key analysis and improved security. In a configuration for storing in a register an intermediate key generated by using a secret key transformation process and performing a transformation process on the register-stored data to generate a round key, a process of swapping (permuting) data segments constituting the register-stored data is executed to generate a round key. For example, four data segments are produced so that two sets of data segments having an equal number of bits are set, and a process of swapping the individual data segments is repeatedly executed to generate a plurality of different round keys. With this configuration, the bit array of each round key can be effectively permuted, and round keys with low relevance can be generated. A high-security cryptographic process with increased difficulty of key analysis can be realized.

Abstract: An encryption technique is disclosed for encrypting a plurality of data blocks of a data segment where the encryption selectively switches between a blockwise independent randomized (BIR) encryption mode and a cipher block chaining (CBC) encryption mode based on a configurable feedback stride. A corresponding decryption technique is also disclosed.

Abstract: An information processing device comprises: a non-linear transformation unit that takes a k/2-number of odd-numbered string data Bi (i=1, 3, . . . , k?1), k being an even number not smaller than 6, out of a k-number of string data {B1, B2, . . . , Bk}, as intermediate data Wi, and that XORs data transformed from the odd-numbered string data Bi based on a bijective F-function, in which an as-transformed value is determined responsive to a value of key data, and even-numbered string data Bi+1, to give intermediate data Wi+1; and a permutation unit that permutes the intermediate data {W1, W2, . . . , Wk} by the data {B1, B2, . . . , Bk}; in so permuting the intermediate data, the permutation unit permuting odd-numbered data by even-numbered data and permuting even-numbered data by odd-numbered data; the permutation unit not permuting Wi+1 by B((i+1)mod—k)+1, where i=0, 1, 2, . . . , k?1 and x mod y is a remainder left after dividing x by y, and not permuting Wi+1 by B((i+k-1)mod—k)+1.

Abstract: Authentication credentials from legacy applications are translated to Kerberos authentication requests. Authentication credentials from the legacy application are directed to an authentication proxy module. The authentication proxy module acts as a credential translator for the application by receiving a set of credentials such as a user name and password, then managing the process of authenticating to a Kerberos server and obtaining services from one or more Kerberized applications, including Kerberos session encryption. A credential binding module associates a user corresponding to authentication credentials from a legacy authentication protocol with one or more Kerberos credentials. Anonymous authentication credentials may be translated to authentication requests for a network directory services object, such as a computer object or service object.