Block/data Stream Enciphering Patents (Class 380/37)
  • Patent number: 10382952
    Abstract: A method, system, and/or computer program product generate a secondary security key from a primary security key. One or more processors, receive a primary security key. The processor(s) retrieve a first numeric code that is an alternate numeric representation of a first character in the primary security key. The processor(s) retrieve a second numeric code that is an alternate numeric representation of a second character in the primary security key. The processor(s) add the first numeric code to the second numeric code to generate a running total value. The processor(s) designate the running total value as a secondary security key, and encrypt data with the secondary security key.
    Type: Grant
    Filed: May 19, 2016
    Date of Patent: August 13, 2019
    Assignee: International Business Machines Corporation
    Inventors: Mark V. Chitti, Kirby G. Dahman, Ronda L. McCain, Kurt A. Rybczyk, Keith C. Williams
  • Patent number: 10372948
    Abstract: A memory device is provided which comprises a memory array, a first scrambling circuit and a second scrambling circuit. The first scrambling circuit is configured to provide first scrambled data with a first scrambling pattern in response to input data. The second scrambling circuit is configured to provide second scrambled data with a second scrambling pattern in response to the first scrambled data.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: August 6, 2019
    Assignee: TAIWAN SEMICONDUCTOR MANUFACTURING COMPANY LTD.
    Inventors: Kai-Chun Lin, Ku-Feng Lin, Hung-Chang Yu, Yu-Der Chih
  • Patent number: 10348485
    Abstract: Examples describe herein relate to chaining operations under a molecular encryption scheme, including, but not limited to, defining a composite operation, wherein the composite operation comprises two or more separate operations, receiving input for the composite operation, invoking the composite operation for the input, performing the composite operation based on the input, and determining output corresponding to the input.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: July 9, 2019
    Assignee: FORNETIX LLC
    Inventors: Gerald J. Stueve, Stephen Edwards, Lina M. Baquero, Charles White
  • Patent number: 10348486
    Abstract: A method for at least partially updating encrypted data stored on one or more servers includes dividing the encrypted data into equal sized chunks; encrypting each chunk using an all-or-nothing encryption scheme (AONE) with an encryption key, wherein an additional randomness per chunk is embedded into the AONE; outputting a plurality of ciphertext blocks for each chunk; storing the encrypted chunks on the one or more servers such that an i-th ciphertext block of each encrypted chunk is stored on an i-th server, wherein a result of a predetermined function performed on the randomness for all encrypted chunks is stored with each encrypted chunk; determining one or more chunks to update; reverting the predetermined function by accessing all the encrypted chunks; decrypting the one or more chunks to update based on the result of, updating the decrypted chunks; re-encrypting the updated decrypted chunks, and storing the re-encrypted chunks.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: July 9, 2019
    Assignee: NEC CORPORATION
    Inventor: Ghassan Karame
  • Patent number: 10325109
    Abstract: An embodiment of the invention may include a method, computer program product, and system for securing data. The embodiment may include receiving, by a management program, identification of a selected cryptographic security module. The selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface. The selected cryptographic security module contains unique individual symbols that contain references to functions and is selected from a plurality of mutually exclusive cryptographic security modules. Based on the received identification of the selected cryptographic security module, the embodiment may include generating, by the management program, a global configuration file. The embodiment may include transmitting, by the management program, a notification to an agent program on a client computer.
    Type: Grant
    Filed: September 14, 2017
    Date of Patent: June 18, 2019
    Assignee: International Business Machines Corporation
    Inventors: Jose M. Gomez Claros, Alan W. McLachlan, Andrew R. Schmidt
  • Patent number: 10271096
    Abstract: A source device and a method of transmitting content are provided. The source device includes a controller configured to check a version of a content protection method supported by a sink device from the repeater, to encrypt the content based on a version of the content protection method applied to the content, and to set a value of type information of the content protection method based on the version of the content protection method applied to the content and the version of the content protection method supported by the sink device, and a communicator including communication circuitry configured to transmit the encrypted content and the type information of the content protection method to the repeater, wherein the type information of the content protection method for determining whether the content received from the source device is output to the sink device from the repeater, based on the version of the content protection method supported by the sink device.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: April 23, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Sung-bo Oh
  • Patent number: 10243941
    Abstract: Systems and methods are provided and include a control module that receives a communication packet from a communication node that includes at least one of a vehicle sensor and a vehicle system via a controller area network bus. The control module determines whether the communication packet from the communication node indicates that the vehicle sensor or the vehicle system associated with the communication node is operating outside of a predetermined acceptable operating range. The control module sends an authentication message to the communication node in response to the communication packet indicating that the vehicle sensor or vehicle system is operating outside of the predetermined acceptable operating range. The control module determines whether a valid authentication code is received from the communication node and performs a remedial action for the communication node in response to the valid authentication code not being received from the communication node.
    Type: Grant
    Filed: November 1, 2016
    Date of Patent: March 26, 2019
    Assignee: DENSO International America, Inc.
    Inventor: Michael Bima
  • Patent number: 10230528
    Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.
    Type: Grant
    Filed: May 4, 2015
    Date of Patent: March 12, 2019
    Assignee: Intel Corporation
    Inventors: Binata Bhattacharyya, Amy L. Santoni, Raghunandan Makaram, Francis X. McKeen, Simon P. Johnson, George Z. Chrysos, Siddhartha Chhabra
  • Patent number: 10230697
    Abstract: A non-transitory computer-readable recording medium storing computer-readable instructions that, when executed by a first user terminal, cause the first user terminal to perform a method including: receiving a first message including a first attached file, generating at least one encryption key for encrypting the first message by taking into account a type of the first attached file, encrypting the first attached file of the first message by using the encryption key, adding sender information of the first message to the first message, and transmitting the first message including the sender information to a message server, may be provided.
    Type: Grant
    Filed: July 6, 2016
    Date of Patent: March 12, 2019
    Assignee: Line Corporation
    Inventors: Ki Bin Shin, Jong Il Won
  • Patent number: 10148425
    Abstract: An encryption system and method has processors and a memory system, the memory system configured to hold at least one macroblock, an encryption key, and machine-readable instructions for encrypting the macroblock. The instructions include instructions for dividing the macroblock into subblocks by rows and encrypting the rows, for dividing the macroblock into subblocks by columns and encrypting the columns, and for performing a combining cipher of the cipher blocks to produce a final ciphertext of the macroblock. In alternative embodiments, the macroblock is divided in dimensions in addition to rows and columns. In embodiments, ciphertext is chained by using its ciphertext as part of a key for later macroblocks of a sequence, or propagated into later sequences of macroblocks.
    Type: Grant
    Filed: August 3, 2017
    Date of Patent: December 4, 2018
    Assignee: Massively Parallel Technologies, Inc.
    Inventor: Kevin D. Howard
  • Patent number: 10142103
    Abstract: A system and method for generating pseudorandom numbers by initializing a counter value for a call-counter, sending a bit-wise form of the counter value from the counter to a mixing function, and mixing the counter value to generate the pseudorandom number. The mixing function may be a XOR tree, substitution-permutation, or double-mix Feistel. The pseudorandom number generator can operate by mixing the bits of the call-counter, repeatedly mixing its own output, or a combination thereof. The counter is incremented by a predetermined value. In order to provide backward secrecy, the pseudorandom number is processed by a one-way function or is hashed with a cryptographic hash function, and the result thereof is used as an input value for a subsequent cycle of the mixing function. Also, several mixing functions can be operated in parallel with their output XORed.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: November 27, 2018
    Assignee: THE BOEING COMPANY
    Inventor: Laszlo Hars
  • Patent number: 10114766
    Abstract: A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: October 30, 2018
    Assignee: Secturion Systems, Inc.
    Inventor: Richard J. Takahashi
  • Patent number: 10078749
    Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.
    Type: Grant
    Filed: August 16, 2017
    Date of Patent: September 18, 2018
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Weihua Mao, Shu-Yi Yu
  • Patent number: 10069622
    Abstract: A cryptography apparatus includes multiple multiplication units and logic circuitry. The multiplication units are arranged in two or more multiplication levels, and are configured to operate in accordance with Galois-Field (GF) arithmetic over respective Galois fields. The logic circuitry is configured to receive input data whose word-size exceeds a maximal input word-size among the multiplication units, to hold a cryptographic key including multiple sub-keys whose number does not exceed a number of the multiplication units, and to perform a cryptographic operation on the input data by applying the sub-keys to the multiplication units.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: September 4, 2018
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventor: Moshe Alon
  • Patent number: 10025617
    Abstract: A system for providing a steganographic message to a hypervisor may include a memory having computer readable instructions and one or more processors for executing the computer readable instructions. The computer readable instructions may include identifying a plurality of selected bits of usage data of a virtual machine. Further according to the computer readable instructions, a desired message may be encoded as a steganographic message stored in the plurality of selected bits in the usage data. Encoding the desired message may include manipulating one or more resources of the virtual machine to cause a change in the plurality of selected bits in the usage data. The usage data may be provided to the hypervisor, and the steganographic message may be observable in the usage data.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: July 17, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Eli M. Dow, Thomas D. Fitzsimmons, Frank R. LeFevre, Jessie Yu
  • Patent number: 10013517
    Abstract: High level synthesis for a circuit design may include detecting, using a processor, an encrypted, high level programming language (HLL) core for inclusion in a circuit design, decrypting, using the processor, the encrypted HLL core into volatile memory, and generating, using the processor, an encrypted, intermediate representation (IR) of the circuit design including an encrypted IR of the HLL core. An encrypted hardware description language (HDL) circuit design may be generated, using the processor, from the encrypted IR of the circuit design. The encrypted HDL circuit design includes an encrypted HDL core that is functionally equivalent to the encrypted HLL core.
    Type: Grant
    Filed: January 6, 2016
    Date of Patent: July 3, 2018
    Assignee: XILINX, INC.
    Inventors: Sheng Zhou, Bin Ochotta, Alec J. Wong, Pradip K. Jha, Qin Zhang
  • Patent number: 10009168
    Abstract: An encryption system and method has processors and a memory system, the memory system configured to hold at least one macroblock, an encryption key, and machine readable instructions for encrypting the macroblock. The instructions include instructions for dividing the macroblock into at subblocks by rows and encrypting the rows, for dividing the macroblock into subblocks by columns and encrypting the columns, and for performing a combining cipher of the first, second, third and fourth cipher blocks to produce a final ciphertext of the macroblock. In alternative embodiments, the macroblock is divided in a third, or fourth dimension in addition to rows and columns. In embodiments, ciphertext is chained by using it ciphertext as part of a key for later macroblocks of a sequence, or propagated into later sequences of macroblocks.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: June 26, 2018
    Assignee: Massively Parallel Technologies, Inc.
    Inventor: Kevin D. Howard
  • Patent number: 9996708
    Abstract: A processing system includes a processing core and a hardware accelerator communicatively coupled to the processing core. The hardware accelerator includes a data register having a plurality of data bits and a key register having a plurality of key bits. The hardware accelerator also includes a data mode selector module to select one of an encrypt mode or a decrypt mode for processing the plurality of data bits. The hardware accelerator further includes a key mode selector module to select one of the encrypt mode or the decrypt mode for processing the plurality of key bits.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: June 12, 2018
    Assignee: Intel Corporation
    Inventors: Sudhir K. Satpathy, Sanu K. Mathew, Kirk S. Yap, Vinodh Gopal
  • Patent number: 9979718
    Abstract: A means for managing security and access to resources associated with blocks/sub-components of a distributed validating network, such as a blockchain network. Tags are created that can be applied to blocks so that a designated entity/user can locate the block though presentation of keywords associated with the tag. Additionally, a security token is generated that is assigned or otherwise provided to the designated entity/user which is configured to grant the designated entity access to resources in the block. Further, logic may be defined and applied to either the tag, the block and/or the security token that provides control over the access granted to the designated entities/users. The logic may define the period of time for which a designated entity/user is granted access to the block and/or the block's resources or the logic may define an amount of access granted to the designated entity/user.
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: May 22, 2018
    Assignee: BANK OF AMERICA CORPORATION
    Inventor: Manu Jacob Kurian
  • Patent number: 9967092
    Abstract: A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: May 8, 2018
    Assignee: VIA TECHNOLOGIES, INC.
    Inventors: G. Glenn Henry, Terry Parks, Brent Bean, Thomas A. Crispin
  • Patent number: 9960908
    Abstract: A hardware cipher module to cipher a packet. The cipher module includes a key scheduling engine and a ciphering engine. The key scheduling engine is configured to receive a compact key and iteratively generate a set of round keys, including a first round key, based on the compact key and determine, based upon a cipher mode indication and a type of ciphering whether to generate a key-scheduling-done indication after the first round key is generated and before all of the set of round keys are generated or to generate the key-scheduling-done indication after all of the set of round keys is generated. The ciphering engine is configured to begin to cipher the packet with one of the set of round keys as a result of receiving the key schedule done indication.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: May 1, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Ron Diamant, Nafea Bshara, Erez Izenberg
  • Patent number: 9954676
    Abstract: A method of performing a keyed cryptographic operation mapping an input message to an output message, wherein the cryptographic operation includes at least one round including a non-linear mapping function configured to map input data to output data, including: splitting the input data into n split input data, wherein the splitting of the input data varies based upon the value of the input message; inputting each split input data into the non-linear mapping function to obtain n split output data, wherein a combination the n split output data indicates an output data, wherein the output data results when the input data is input to the non-linear mapping function.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: April 24, 2018
    Assignee: NXP B.V.
    Inventor: Wil Michiels
  • Patent number: 9940772
    Abstract: Chip cards are used to secure credit and debit payment transactions. To prevent fraudulent transactions, the card must protect cryptographic keys used to authenticate transactions. In particular, cards should resist differential power analysis and/or other attacks. To address security risks posed by leakage of partial information about keys during cryptographic transactions, cards may be configured to perform periodic cryptographic key update operations. The key update transformation prevents adversaries from exploiting partial information that may have been leaked about the card's keys. Update operations based on a hierarchical structure can enable efficient transaction verification by allowing a verifying party (e.g., an issuer) to derive a card's current state from a transaction counter and its initial state by performing one operation per level in the hierarchy, instead of progressing through all update operations performed by the card.
    Type: Grant
    Filed: October 24, 2007
    Date of Patent: April 10, 2018
    Assignee: CRYPTOGRAPHY RESEARCH, INC.
    Inventor: Paul C. Kocher
  • Patent number: 9921975
    Abstract: A cryptographic processing device comprises a cipher control circuit operative to execute at least one of encryption of plaintext data and decryption of ciphertext data on the basis of conversion parameter data; and a memory cell array that includes a plurality of memory cells, the plurality of memory cells including: a memory cell in a variable state, in which a resistance value reversibly changes between a plurality of changeable resistance value ranges in accordance with an electric signal applied thereto; and a memory cell in an initial state, which does not change to the variable state unless a forming stress for changing the memory cell in the initial state to the variable state is applied thereto, a resistance value of the memory cell in the initial state being within an initial resistance value range which does not overlap with the plurality of changeable resistance value ranges, wherein in the memory cell array, data including the conversion parameter data is stored on the basis of whether each of th
    Type: Grant
    Filed: April 13, 2015
    Date of Patent: March 20, 2018
    Assignee: Panasonic Intellectual Property Management Co., Ltd.
    Inventors: Yoshikazu Katoh, Takuji Maeda, Shinji Inoue, Masato Suto
  • Patent number: 9904807
    Abstract: A memory system includes a controller configured to write data to a nonvolatile memory. The controller includes a buffer unit configured to hold write data including a plurality of pieces of unit data, a sequencer configured to receive the write data from the buffer unit and individually output the plurality of pieces of unit data sequentially, and a plurality of cores, each being configured to encrypt at least one of the pieces of unit data output from the sequencer. The buffer is further configured to output the plurality of pieces of unit data sequentially to the sequencer, such that a last piece of unit data is output consecutively after a preceding piece of unit data is output.
    Type: Grant
    Filed: August 25, 2015
    Date of Patent: February 27, 2018
    Assignee: TOSHIBA MEMORY CORPORATION
    Inventor: Kiyotaka Matsuo
  • Patent number: 9891944
    Abstract: A computer-implemented method may include identifying a plurality of selected bits of usage data of a virtual machine. A desired message may be encoded, by a computer processor, as a steganographic message stored in the plurality of selected bits in the usage data. Encoding the desired message may include manipulating one or more resources of the virtual machine to cause a change in the plurality of selected bits in the usage data. The usage data may be provided to the hypervisor, and the steganographic message may be observable in the usage data.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: February 13, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Eli M. Dow, Thomas D. Fitzsimmons, Frank R. LeFevre, Jessie Yu
  • Patent number: 9887972
    Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of R1, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: February 6, 2018
    Inventor: Elad Barkan
  • Patent number: 9882879
    Abstract: Methods, apparatus and articles of manufacture for using steganography to protect cryptographic information on a mobile device are provided herein. A method includes querying a user to select one or more items of data stored on a computing device to be used in connection with one or more cryptographic actions associated with said computing device, and protecting one or more items of cryptographic information within the one or more selected items of data.
    Type: Grant
    Filed: June 27, 2013
    Date of Patent: January 30, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Yedidya Dotan, Lawrence N. Friedman, William M. Duane, John Brainard
  • Patent number: 9860219
    Abstract: Embodiments of the present invention relate to runtime instantiation of broadcast encryption schemes. In one embodiment, a method of and computer program product for runtime instantiation of broadcast encryption schemes is provided. A broadcast encryption definition is read. The broadcast encryption definition defines a broadcast encryption scheme and includes a plurality of function definitions. Based on the plurality of function definitions, it is determined whether the broadcast encryption definition defines encrypting or decrypting content. Based on the plurality of function definitions a type of the broadcast encryption scheme is determined.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: January 2, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: John B. Geagan, III
  • Patent number: 9846596
    Abstract: Described is a system for a cloud control operations plane. In operation, a job is broadcast to a plurality of physical hosts, one or more of the physical hosts having a control operations plane (COP) node and a service node associated with the COP node. The COP nodes jointly create a private job assignment. A set of job assignments is redundantly distributed to individual COP nodes pursuant to the private job assignments, such that each individual COP node is only aware of its own assignment and corresponding job. The service nodes then each complete a task associated with the job and generate an output. When a set of service nodes performing a redundant job complete their task, the corresponding COP nodes jointly perform a private result checking protocol to generate a final output. The final output is then sent to the user.
    Type: Grant
    Filed: June 24, 2014
    Date of Patent: December 19, 2017
    Assignee: HRL Laboratories, LLC
    Inventors: Aleksey Nogin, Kirill Minkovich, Karim El Defrawy, Joshua W. Baron, Eric P. Tressler, Gavin D. Holland
  • Patent number: 9826482
    Abstract: Mobile platform power management is an important problem especially for battery-powered small form factor platforms such as smartphones, tablets, wearable devices, Internet of Things (IOT) devices, and the like. One exemplary technique disclosed herein defines a method for a fine-grained wake-up mode for Wi-Fi/BT/BLE that utilizes a low-power wake-up radio. For example, the actual data contained in the wake-up packet can be forwarded directly to a memory block of the device without waking-up the Wi-Fi/BT/BLE radio. As another example, if an IEEE 802.11 MAC frame is contained in the wake-up packet, then just the MAC processor of the Wi-Fi/BT/BLE radio can be woken up to process the IEEE 802.11 MAC frame contained in the wake-up packet, and have the PHY module of the Wi-Fi/BT/BLE radio kept powered off or in a low power mode to, for example, save energy.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: November 21, 2017
    Assignee: INTEL CORPORATION
    Inventors: Minyoung Park, Alexander W. Min
  • Patent number: 9800415
    Abstract: Digital signatures may be verified by maintaining a database of information of digital signatures and documents to which they were applied. Verification of electronically signed documents may be requested, with verification performed by comparing information of the electronically signed document with information in the database. The digital signatures may include graphic images, and may be transferred from one party to another.
    Type: Grant
    Filed: August 25, 2010
    Date of Patent: October 24, 2017
    Inventor: Robert H. Cohen
  • Patent number: 9779262
    Abstract: Disclosed is a method and apparatus to decrypt file segments in parallel. In one embodiment, an integrated circuit may be used with a storage device of a computing device that comprises: a hardware interface to communicate with the storage device; a crypto-engine to encrypt file segments to be stored on the storage device and to decrypt file segments read from the storage device; and a processor. The processor may be configured to: read a plurality of decrypted file segments from the storage device through the crypto-engine in parallel; and to store the plurality of decrypted file segments.
    Type: Grant
    Filed: April 20, 2015
    Date of Patent: October 3, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Ron Keidar, Osman Koyuncu, Assaf Shacham
  • Patent number: 9762384
    Abstract: The method for encoding a character string by a data processing device disclosed in the present specification comprises the steps of: acquiring input data; performing a one-way function to generate ciphertext based on the input data; and converting the ciphertext to output data. In the conversion step, the output characters constituting the output data are selected from the group of input characters constituting the input data, and the length of the output data becomes a specific length.
    Type: Grant
    Filed: July 1, 2013
    Date of Patent: September 12, 2017
    Assignee: PENTA SECURITY SYSTEMS INC.
    Inventors: SangGyoo Sim, Duk Soo Kim, Kyung Moon Nam, Taejoon Jung, Seok Woo Lee
  • Patent number: 9756122
    Abstract: In one embodiment, in a hierarchy of nodes, a master node having two or more child nodes obtains from the two or more child nodes two or more sets of data samples or summaries associated therewith, the two or more sets of data samples being representative of traffic processed via two or more sets of servers corresponding to the two or more child nodes, wherein a size of each of the two or more sets of data samples is proportional to an allocation of traffic among the two or more sets of servers corresponding to the two or more child nodes. Each of the two or more sets of data samples is obtained from a different one of the two or more child nodes and represents traffic processed by a corresponding one of the two or more sets of servers. The master node combines the two or more sets of data samples or summaries associated therewith such that a combined set of data is generated. The master node ascertains a numerical value from the combined set of data.
    Type: Grant
    Filed: March 20, 2015
    Date of Patent: September 5, 2017
    Assignee: Yahoo Holdings, Inc.
    Inventors: Mike Wexler, Robert Ames, Ian Flint
  • Patent number: 9742826
    Abstract: A method for transmitting complex multimedia data is provided. The method includes selecting one of a data headers composed of basic transmission units determined according to an amount of multimedia included in the complex multimedia data, generating a basic transmission unit of the complex multimedia data according to the selected data header, packetizing the complex multimedia data in the basic transmission unit; and transmitting the packetized complex multimedia data to a receiver.
    Type: Grant
    Filed: October 11, 2013
    Date of Patent: August 22, 2017
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kyung-Mo Park, Sung-Ryeul Rhyu, Sung-Oh Hwang, Jae-Yeon Song
  • Patent number: 9679161
    Abstract: A method, system, and/or computer program product stores information in a distributed data-processing environment. The method comprises: encrypting, by one or more processors, a piece of information; splitting, by one or more processors, the encrypted piece of information into at least one first encrypted block and at least one second encrypted block, at least part of said at least one first encrypted block being required for decrypting said at least one second encrypted block; distributing, by one or more processors, said at least one first encrypted block for storing in at least one first location; and distributing, by one or more processors, said at least one second encrypted block for storing in at least one second location.
    Type: Grant
    Filed: April 9, 2014
    Date of Patent: June 13, 2017
    Assignee: GLOBALFOUNDRIES INC.
    Inventors: Gianluca Della Corte, Alessandro Donatelli, Antonio M. Sgro
  • Patent number: 9674155
    Abstract: A method begins by a dispersed storage (DS) processing module segmenting a data partition into a plurality of data segments. For a data segment of the plurality of data segments, the method continues with the DS processing module dividing the data segment into a set of data sub-segments and generating a set of sub keys for the set of data sub-segments based on a master key. The method continues with the DS processing module encrypting the set of data sub-segments using the set of sub keys to produce a set of encrypted data sub-segments and aggregating the set of encrypted data sub-segments into encrypted data. The method continues with the DS processing module generating a masked key based on the encrypted data and the master key and combining the encrypted data and the masked key to produce an encrypted data segment.
    Type: Grant
    Filed: June 13, 2013
    Date of Patent: June 6, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Jason K. Resch
  • Patent number: 9667417
    Abstract: A digital security bubble encapsulation is received from a sender. The encrypted digital security bubble encapsulation includes an encrypted message, an encrypted first key, and an identifier associated with an intended recipient. The encrypted digital security bubble encapsulation is decrypted. The received identifier and a device identifier are compared. The encrypted first key is decrypted in response to a determination that the identifier received in the digital security bubble encapsulation matches the device identifier. The encrypted message is decrypted using the first key.
    Type: Grant
    Filed: July 2, 2015
    Date of Patent: May 30, 2017
    Assignee: Wickr Inc.
    Inventors: Robert Statica, Kara Lynn Coppa, Christopher A. Howell
  • Patent number: 9641490
    Abstract: Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.
    Type: Grant
    Filed: January 5, 2016
    Date of Patent: May 2, 2017
    Assignee: Intertrust Technologies Corporation
    Inventors: Umesh Maheshwari, Radek Vingralek, W. Olin Sibert
  • Patent number: 9634827
    Abstract: A method and system. Ciphertext is generated by applying an initialization vector and an encryption key to plaintext. The initialization vector is combined with the ciphertext to generate encrypted data, by using an embedding rule to perform the combining, wherein using the embedding rule includes generating the encrypted data by: dividing the initialization vector into a specified number of bits to obtain an ordered sequence of initialization vector fragments; dividing the ciphertext into a specified number of bits to obtain ciphertext fragments; and distributing the initialization vector fragments between the ciphertext fragments according to the order of the initialization vector fragments in the sequence.
    Type: Grant
    Filed: March 23, 2016
    Date of Patent: April 25, 2017
    Assignee: International Business Machines Corporation
    Inventor: Yasuhiro Onoda
  • Patent number: 9634832
    Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of R1, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.
    Type: Grant
    Filed: May 14, 2015
    Date of Patent: April 25, 2017
    Inventor: Elad Barkan
  • Patent number: 9608806
    Abstract: In a content protection scheme, and in response to a request for a content segment received by a server, the server generates and associates with the segment a message that confers entitlement to a session-specific key from which one or more decryption keys may be derived. The decryption keys are useful to decrypt the segment at runtime as it is about to be rendered by a player. Before delivery, the server encrypts the segment to generate an encrypted fragment, and it then serves the encrypted fragment (and the message) in response to the request. At the client, information in the message is used to obtain the session-specific key. Using that key, the decryption keys are derived, and those keys are then used to decrypt the received encrypted fragment. The decryption occurs at runtime. The approach protects content while in transit to and at rest in the client browser environment.
    Type: Grant
    Filed: October 27, 2014
    Date of Patent: March 28, 2017
    Assignee: Akamai Technologies, Inc.
    Inventors: Christopher R. Knox, Alex Olugbile
  • Patent number: 9608818
    Abstract: Provided is a cryptographic communication system including a first semiconductor device and a second semiconductor device. The first semiconductor device includes a common key generation unit that generates a common key CK(a) by using a unique code UC(a) and correction data CD(a), and an encryption unit that encrypts the common key CK(a) generated in the common key generation unit by using a public key PK(b) of the second semiconductor device. The second semiconductor device includes a secret key generation unit that generates a secret key SK(b) by using a unique code UC(b) and correction data CD(b), and a decryption unit that decrypts the common key CK(a) encrypted in the encryption unit by using the secret key SK(b).
    Type: Grant
    Filed: February 4, 2015
    Date of Patent: March 28, 2017
    Assignee: RENESAS ELECTRONICS CORPORATION
    Inventors: Shigemasa Shiota, Shigeru Furuta, Masayuki Hirokawa, Akira Yamazaki, Daisuke Oshida
  • Patent number: 9602284
    Abstract: A user workstation stores a vendor identifier and encrypted data comprising a first string of randomized data, a second string of randomized data, and encrypted text, the encrypted text further comprising a first security answer. The user workstation receives credentials information and a second security answer. The user workstation then generates an encryption key. Further, the user workstation uses the encryption key to decrypt the encrypted text and extract the first security answer. Then, the user workstation compares the second security answer with the first security answer and authenticates the second username if the second security answer is the same as the first security answer.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: March 21, 2017
    Assignee: Bank of America Corporation
    Inventors: Shankar Ramasubramanian Iyer, Maria Auxilia Dominique, Ankit A. Khandelwal, Dhrumit Desai, Navanith R. Keerthi, Lavanya Tangutur
  • Patent number: 9584316
    Abstract: A digital security bubble encapsulation is disclosed. A first key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a second key. The second key is encrypted using the first key. The encrypted message, the encrypted second key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.
    Type: Grant
    Filed: January 8, 2015
    Date of Patent: February 28, 2017
    Assignee: Wickr Inc.
    Inventors: Robert Statica, Kara Lynn Coppa, Christopher A. Howell
  • Patent number: 9572158
    Abstract: Method and residential control node for enabling encrypted residential communication of user data between two wireless communication devices. The method comprises receiving a radio bearer mapping from a communication network node, establishing a connection with a first wireless communication device, in accordance with the radio bearer mapping, and establishing a connection with a second wireless communication device, in accordance with the radio bearer mapping. Furthermore, the method comprises obtaining a first key which is based on a key of the first wireless communication device, from the communication network node, and obtaining a second key which is based on a key of the second wireless communication device. Thereby, the residential control node is enabled to decrypt user data received from the first wireless communication device by the first key, and encrypting the user data by the second key, before sending the user data to the second wireless communication device.
    Type: Grant
    Filed: April 30, 2014
    Date of Patent: February 14, 2017
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Kim Laraqui, Karl Norrman, Ioanna Pappa
  • Patent number: 9536102
    Abstract: A method receives authentication credentials for a user from a client device and receives a request from the user for content stored on a remote storage system. A portion of the content is encrypted and a corresponding decryption key is available only at the computer system. The remaining portion of the content is unencrypted. The method retrieves the content from the remote storage system and uses the received credentials to determine whether the user is authorized to view the encrypted portion. When the user is not authorized, the method forms alternative content by replacing the encrypted portion with a substitute element and transmits the alternative content to the client device. When the user is authorized, the method decrypts the encrypted portion of the content using the decryption key, and combines the decrypted portion with the unencrypted portion to form updated content. The updated content is transmitted to the client device.
    Type: Grant
    Filed: February 18, 2016
    Date of Patent: January 3, 2017
    Assignee: GOOGLE INC.
    Inventor: Ben Margolin
  • Patent number: 9525546
    Abstract: A cryptography apparatus includes multiple multiplication units and logic circuitry. The multiplication units are arranged in two or more multiplication levels, and are configured to operate in accordance with Galois-Field (GF) arithmetic over respective Galois fields. The logic circuitry is configured to receive input data whose word-size exceeds a maximal input word-size among the multiplication units, to hold a cryptographic key including multiple sub-keys whose number does not exceed a number of the multiplication units, and to perform a cryptographic operation on the input data by applying the sub-keys to the multiplication units.
    Type: Grant
    Filed: September 23, 2014
    Date of Patent: December 20, 2016
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventor: Moshe Alon
  • Patent number: 9516000
    Abstract: Embodiments of the present invention relate to runtime instantiation of broadcast encryption schemes. In one embodiment, a method of and computer program product for runtime instantiation of broadcast encryption schemes is provided. A broadcast encryption definition is read. The broadcast encryption definition defines a broadcast encryption scheme and includes a plurality of function definitions. Based on the plurality of function definitions, it is determined whether the broadcast encryption definition defines encrypting or decrypting content. Based on the plurality of function definitions a type of the broadcast encryption scheme is determined.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: December 6, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: John B. Geagan, III