Abstract: Data encryption system includes a data generation device, a security key mapping device, an internet transmission security device, and a receiver. The data generation device is used for generating raw data. The security key mapping device is linked to the data generation device for encrypting the raw data to generate a plurality of encrypted data blocks according to a security key. The internet transmission security device is linked to the security key mapping device for transmitting and protecting the plurality of encrypted data blocks. The receiver is linked to the internet transmission security device for receiving the plurality of encrypted data blocks.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: A method, system, and/or computer program product generate a secondary security key from a primary security key. One or more processors, receive a primary security key. The processor(s) retrieve a first numeric code that is an alternate numeric representation of a first character in the primary security key. The processor(s) retrieve a second numeric code that is an alternate numeric representation of a second character in the primary security key. The processor(s) add the first numeric code to the second numeric code to generate a running total value. The processor(s) designate the running total value as a secondary security key, and encrypt data with the secondary security key.

Abstract: A memory device is provided which comprises a memory array, a first scrambling circuit and a second scrambling circuit. The first scrambling circuit is configured to provide first scrambled data with a first scrambling pattern in response to input data. The second scrambling circuit is configured to provide second scrambled data with a second scrambling pattern in response to the first scrambled data.

Abstract: Examples describe herein relate to chaining operations under a molecular encryption scheme, including, but not limited to, defining a composite operation, wherein the composite operation comprises two or more separate operations, receiving input for the composite operation, invoking the composite operation for the input, performing the composite operation based on the input, and determining output corresponding to the input.

Abstract: A method for at least partially updating encrypted data stored on one or more servers includes dividing the encrypted data into equal sized chunks; encrypting each chunk using an all-or-nothing encryption scheme (AONE) with an encryption key, wherein an additional randomness per chunk is embedded into the AONE; outputting a plurality of ciphertext blocks for each chunk; storing the encrypted chunks on the one or more servers such that an i-th ciphertext block of each encrypted chunk is stored on an i-th server, wherein a result of a predetermined function performed on the randomness for all encrypted chunks is stored with each encrypted chunk; determining one or more chunks to update; reverting the predetermined function by accessing all the encrypted chunks; decrypting the one or more chunks to update based on the result of, updating the decrypted chunks; re-encrypting the updated decrypted chunks, and storing the re-encrypted chunks.

Abstract: An embodiment of the invention may include a method, computer program product, and system for securing data. The embodiment may include receiving, by a management program, identification of a selected cryptographic security module. The selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface. The selected cryptographic security module contains unique individual symbols that contain references to functions and is selected from a plurality of mutually exclusive cryptographic security modules. Based on the received identification of the selected cryptographic security module, the embodiment may include generating, by the management program, a global configuration file. The embodiment may include transmitting, by the management program, a notification to an agent program on a client computer.

Abstract: A source device and a method of transmitting content are provided. The source device includes a controller configured to check a version of a content protection method supported by a sink device from the repeater, to encrypt the content based on a version of the content protection method applied to the content, and to set a value of type information of the content protection method based on the version of the content protection method applied to the content and the version of the content protection method supported by the sink device, and a communicator including communication circuitry configured to transmit the encrypted content and the type information of the content protection method to the repeater, wherein the type information of the content protection method for determining whether the content received from the source device is output to the sink device from the repeater, based on the version of the content protection method supported by the sink device.

Abstract: Systems and methods are provided and include a control module that receives a communication packet from a communication node that includes at least one of a vehicle sensor and a vehicle system via a controller area network bus. The control module determines whether the communication packet from the communication node indicates that the vehicle sensor or the vehicle system associated with the communication node is operating outside of a predetermined acceptable operating range. The control module sends an authentication message to the communication node in response to the communication packet indicating that the vehicle sensor or vehicle system is operating outside of the predetermined acceptable operating range. The control module determines whether a valid authentication code is received from the communication node and performs a remedial action for the communication node in response to the valid authentication code not being received from the communication node.

Abstract: A non-transitory computer-readable recording medium storing computer-readable instructions that, when executed by a first user terminal, cause the first user terminal to perform a method including: receiving a first message including a first attached file, generating at least one encryption key for encrypting the first message by taking into account a type of the first attached file, encrypting the first attached file of the first message by using the encryption key, adding sender information of the first message to the first message, and transmitting the first message including the sender information to a message server, may be provided.

Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.

Abstract: An encryption system and method has processors and a memory system, the memory system configured to hold at least one macroblock, an encryption key, and machine-readable instructions for encrypting the macroblock. The instructions include instructions for dividing the macroblock into subblocks by rows and encrypting the rows, for dividing the macroblock into subblocks by columns and encrypting the columns, and for performing a combining cipher of the cipher blocks to produce a final ciphertext of the macroblock. In alternative embodiments, the macroblock is divided in dimensions in addition to rows and columns. In embodiments, ciphertext is chained by using its ciphertext as part of a key for later macroblocks of a sequence, or propagated into later sequences of macroblocks.

Abstract: A system and method for generating pseudorandom numbers by initializing a counter value for a call-counter, sending a bit-wise form of the counter value from the counter to a mixing function, and mixing the counter value to generate the pseudorandom number. The mixing function may be a XOR tree, substitution-permutation, or double-mix Feistel. The pseudorandom number generator can operate by mixing the bits of the call-counter, repeatedly mixing its own output, or a combination thereof. The counter is incremented by a predetermined value. In order to provide backward secrecy, the pseudorandom number is processed by a one-way function or is hashed with a cryptographic hash function, and the result thereof is used as an input value for a subsequent cycle of the mixing function. Also, several mixing functions can be operated in parallel with their output XORed.

Abstract: A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: A cryptography apparatus includes multiple multiplication units and logic circuitry. The multiplication units are arranged in two or more multiplication levels, and are configured to operate in accordance with Galois-Field (GF) arithmetic over respective Galois fields. The logic circuitry is configured to receive input data whose word-size exceeds a maximal input word-size among the multiplication units, to hold a cryptographic key including multiple sub-keys whose number does not exceed a number of the multiplication units, and to perform a cryptographic operation on the input data by applying the sub-keys to the multiplication units.

Abstract: A system for providing a steganographic message to a hypervisor may include a memory having computer readable instructions and one or more processors for executing the computer readable instructions. The computer readable instructions may include identifying a plurality of selected bits of usage data of a virtual machine. Further according to the computer readable instructions, a desired message may be encoded as a steganographic message stored in the plurality of selected bits in the usage data. Encoding the desired message may include manipulating one or more resources of the virtual machine to cause a change in the plurality of selected bits in the usage data. The usage data may be provided to the hypervisor, and the steganographic message may be observable in the usage data.

Abstract: High level synthesis for a circuit design may include detecting, using a processor, an encrypted, high level programming language (HLL) core for inclusion in a circuit design, decrypting, using the processor, the encrypted HLL core into volatile memory, and generating, using the processor, an encrypted, intermediate representation (IR) of the circuit design including an encrypted IR of the HLL core. An encrypted hardware description language (HDL) circuit design may be generated, using the processor, from the encrypted IR of the circuit design. The encrypted HDL circuit design includes an encrypted HDL core that is functionally equivalent to the encrypted HLL core.

Abstract: An encryption system and method has processors and a memory system, the memory system configured to hold at least one macroblock, an encryption key, and machine readable instructions for encrypting the macroblock. The instructions include instructions for dividing the macroblock into at subblocks by rows and encrypting the rows, for dividing the macroblock into subblocks by columns and encrypting the columns, and for performing a combining cipher of the first, second, third and fourth cipher blocks to produce a final ciphertext of the macroblock. In alternative embodiments, the macroblock is divided in a third, or fourth dimension in addition to rows and columns. In embodiments, ciphertext is chained by using it ciphertext as part of a key for later macroblocks of a sequence, or propagated into later sequences of macroblocks.

Abstract: A processing system includes a processing core and a hardware accelerator communicatively coupled to the processing core. The hardware accelerator includes a data register having a plurality of data bits and a key register having a plurality of key bits. The hardware accelerator also includes a data mode selector module to select one of an encrypt mode or a decrypt mode for processing the plurality of data bits. The hardware accelerator further includes a key mode selector module to select one of the encrypt mode or the decrypt mode for processing the plurality of key bits.

Abstract: A means for managing security and access to resources associated with blocks/sub-components of a distributed validating network, such as a blockchain network. Tags are created that can be applied to blocks so that a designated entity/user can locate the block though presentation of keywords associated with the tag. Additionally, a security token is generated that is assigned or otherwise provided to the designated entity/user which is configured to grant the designated entity access to resources in the block. Further, logic may be defined and applied to either the tag, the block and/or the security token that provides control over the access granted to the designated entities/users. The logic may define the period of time for which a designated entity/user is granted access to the block and/or the block's resources or the logic may define an amount of access granted to the designated entity/user.

Abstract: A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.

Abstract: A hardware cipher module to cipher a packet. The cipher module includes a key scheduling engine and a ciphering engine. The key scheduling engine is configured to receive a compact key and iteratively generate a set of round keys, including a first round key, based on the compact key and determine, based upon a cipher mode indication and a type of ciphering whether to generate a key-scheduling-done indication after the first round key is generated and before all of the set of round keys are generated or to generate the key-scheduling-done indication after all of the set of round keys is generated. The ciphering engine is configured to begin to cipher the packet with one of the set of round keys as a result of receiving the key schedule done indication.

Abstract: A method of performing a keyed cryptographic operation mapping an input message to an output message, wherein the cryptographic operation includes at least one round including a non-linear mapping function configured to map input data to output data, including: splitting the input data into n split input data, wherein the splitting of the input data varies based upon the value of the input message; inputting each split input data into the non-linear mapping function to obtain n split output data, wherein a combination the n split output data indicates an output data, wherein the output data results when the input data is input to the non-linear mapping function.

Abstract: Chip cards are used to secure credit and debit payment transactions. To prevent fraudulent transactions, the card must protect cryptographic keys used to authenticate transactions. In particular, cards should resist differential power analysis and/or other attacks. To address security risks posed by leakage of partial information about keys during cryptographic transactions, cards may be configured to perform periodic cryptographic key update operations. The key update transformation prevents adversaries from exploiting partial information that may have been leaked about the card's keys. Update operations based on a hierarchical structure can enable efficient transaction verification by allowing a verifying party (e.g., an issuer) to derive a card's current state from a transaction counter and its initial state by performing one operation per level in the hierarchy, instead of progressing through all update operations performed by the card.

Abstract: A cryptographic processing device comprises a cipher control circuit operative to execute at least one of encryption of plaintext data and decryption of ciphertext data on the basis of conversion parameter data; and a memory cell array that includes a plurality of memory cells, the plurality of memory cells including: a memory cell in a variable state, in which a resistance value reversibly changes between a plurality of changeable resistance value ranges in accordance with an electric signal applied thereto; and a memory cell in an initial state, which does not change to the variable state unless a forming stress for changing the memory cell in the initial state to the variable state is applied thereto, a resistance value of the memory cell in the initial state being within an initial resistance value range which does not overlap with the plurality of changeable resistance value ranges, wherein in the memory cell array, data including the conversion parameter data is stored on the basis of whether each of th

Abstract: A memory system includes a controller configured to write data to a nonvolatile memory. The controller includes a buffer unit configured to hold write data including a plurality of pieces of unit data, a sequencer configured to receive the write data from the buffer unit and individually output the plurality of pieces of unit data sequentially, and a plurality of cores, each being configured to encrypt at least one of the pieces of unit data output from the sequencer. The buffer is further configured to output the plurality of pieces of unit data sequentially to the sequencer, such that a last piece of unit data is output consecutively after a preceding piece of unit data is output.

Abstract: A computer-implemented method may include identifying a plurality of selected bits of usage data of a virtual machine. A desired message may be encoded, by a computer processor, as a steganographic message stored in the plurality of selected bits in the usage data. Encoding the desired message may include manipulating one or more resources of the virtual machine to cause a change in the plurality of selected bits in the usage data. The usage data may be provided to the hypervisor, and the steganographic message may be observable in the usage data.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of R1, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: Methods, apparatus and articles of manufacture for using steganography to protect cryptographic information on a mobile device are provided herein. A method includes querying a user to select one or more items of data stored on a computing device to be used in connection with one or more cryptographic actions associated with said computing device, and protecting one or more items of cryptographic information within the one or more selected items of data.

Abstract: Embodiments of the present invention relate to runtime instantiation of broadcast encryption schemes. In one embodiment, a method of and computer program product for runtime instantiation of broadcast encryption schemes is provided. A broadcast encryption definition is read. The broadcast encryption definition defines a broadcast encryption scheme and includes a plurality of function definitions. Based on the plurality of function definitions, it is determined whether the broadcast encryption definition defines encrypting or decrypting content. Based on the plurality of function definitions a type of the broadcast encryption scheme is determined.

Abstract: Described is a system for a cloud control operations plane. In operation, a job is broadcast to a plurality of physical hosts, one or more of the physical hosts having a control operations plane (COP) node and a service node associated with the COP node. The COP nodes jointly create a private job assignment. A set of job assignments is redundantly distributed to individual COP nodes pursuant to the private job assignments, such that each individual COP node is only aware of its own assignment and corresponding job. The service nodes then each complete a task associated with the job and generate an output. When a set of service nodes performing a redundant job complete their task, the corresponding COP nodes jointly perform a private result checking protocol to generate a final output. The final output is then sent to the user.

Abstract: Mobile platform power management is an important problem especially for battery-powered small form factor platforms such as smartphones, tablets, wearable devices, Internet of Things (IOT) devices, and the like. One exemplary technique disclosed herein defines a method for a fine-grained wake-up mode for Wi-Fi/BT/BLE that utilizes a low-power wake-up radio. For example, the actual data contained in the wake-up packet can be forwarded directly to a memory block of the device without waking-up the Wi-Fi/BT/BLE radio. As another example, if an IEEE 802.11 MAC frame is contained in the wake-up packet, then just the MAC processor of the Wi-Fi/BT/BLE radio can be woken up to process the IEEE 802.11 MAC frame contained in the wake-up packet, and have the PHY module of the Wi-Fi/BT/BLE radio kept powered off or in a low power mode to, for example, save energy.

Abstract: Digital signatures may be verified by maintaining a database of information of digital signatures and documents to which they were applied. Verification of electronically signed documents may be requested, with verification performed by comparing information of the electronically signed document with information in the database. The digital signatures may include graphic images, and may be transferred from one party to another.

Abstract: Disclosed is a method and apparatus to decrypt file segments in parallel. In one embodiment, an integrated circuit may be used with a storage device of a computing device that comprises: a hardware interface to communicate with the storage device; a crypto-engine to encrypt file segments to be stored on the storage device and to decrypt file segments read from the storage device; and a processor. The processor may be configured to: read a plurality of decrypted file segments from the storage device through the crypto-engine in parallel; and to store the plurality of decrypted file segments.

Abstract: The method for encoding a character string by a data processing device disclosed in the present specification comprises the steps of: acquiring input data; performing a one-way function to generate ciphertext based on the input data; and converting the ciphertext to output data. In the conversion step, the output characters constituting the output data are selected from the group of input characters constituting the input data, and the length of the output data becomes a specific length.

Abstract: In one embodiment, in a hierarchy of nodes, a master node having two or more child nodes obtains from the two or more child nodes two or more sets of data samples or summaries associated therewith, the two or more sets of data samples being representative of traffic processed via two or more sets of servers corresponding to the two or more child nodes, wherein a size of each of the two or more sets of data samples is proportional to an allocation of traffic among the two or more sets of servers corresponding to the two or more child nodes. Each of the two or more sets of data samples is obtained from a different one of the two or more child nodes and represents traffic processed by a corresponding one of the two or more sets of servers. The master node combines the two or more sets of data samples or summaries associated therewith such that a combined set of data is generated. The master node ascertains a numerical value from the combined set of data.

Abstract: A method for transmitting complex multimedia data is provided. The method includes selecting one of a data headers composed of basic transmission units determined according to an amount of multimedia included in the complex multimedia data, generating a basic transmission unit of the complex multimedia data according to the selected data header, packetizing the complex multimedia data in the basic transmission unit; and transmitting the packetized complex multimedia data to a receiver.

Abstract: A method, system, and/or computer program product stores information in a distributed data-processing environment. The method comprises: encrypting, by one or more processors, a piece of information; splitting, by one or more processors, the encrypted piece of information into at least one first encrypted block and at least one second encrypted block, at least part of said at least one first encrypted block being required for decrypting said at least one second encrypted block; distributing, by one or more processors, said at least one first encrypted block for storing in at least one first location; and distributing, by one or more processors, said at least one second encrypted block for storing in at least one second location.

Abstract: A method begins by a dispersed storage (DS) processing module segmenting a data partition into a plurality of data segments. For a data segment of the plurality of data segments, the method continues with the DS processing module dividing the data segment into a set of data sub-segments and generating a set of sub keys for the set of data sub-segments based on a master key. The method continues with the DS processing module encrypting the set of data sub-segments using the set of sub keys to produce a set of encrypted data sub-segments and aggregating the set of encrypted data sub-segments into encrypted data. The method continues with the DS processing module generating a masked key based on the encrypted data and the master key and combining the encrypted data and the masked key to produce an encrypted data segment.

Abstract: A digital security bubble encapsulation is received from a sender. The encrypted digital security bubble encapsulation includes an encrypted message, an encrypted first key, and an identifier associated with an intended recipient. The encrypted digital security bubble encapsulation is decrypted. The received identifier and a device identifier are compared. The encrypted first key is decrypted in response to a determination that the identifier received in the digital security bubble encapsulation matches the device identifier. The encrypted message is decrypted using the first key.

Abstract: Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of R1, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: A method and system. Ciphertext is generated by applying an initialization vector and an encryption key to plaintext. The initialization vector is combined with the ciphertext to generate encrypted data, by using an embedding rule to perform the combining, wherein using the embedding rule includes generating the encrypted data by: dividing the initialization vector into a specified number of bits to obtain an ordered sequence of initialization vector fragments; dividing the ciphertext into a specified number of bits to obtain ciphertext fragments; and distributing the initialization vector fragments between the ciphertext fragments according to the order of the initialization vector fragments in the sequence.

Abstract: In a content protection scheme, and in response to a request for a content segment received by a server, the server generates and associates with the segment a message that confers entitlement to a session-specific key from which one or more decryption keys may be derived. The decryption keys are useful to decrypt the segment at runtime as it is about to be rendered by a player. Before delivery, the server encrypts the segment to generate an encrypted fragment, and it then serves the encrypted fragment (and the message) in response to the request. At the client, information in the message is used to obtain the session-specific key. Using that key, the decryption keys are derived, and those keys are then used to decrypt the received encrypted fragment. The decryption occurs at runtime. The approach protects content while in transit to and at rest in the client browser environment.

Abstract: Provided is a cryptographic communication system including a first semiconductor device and a second semiconductor device. The first semiconductor device includes a common key generation unit that generates a common key CK(a) by using a unique code UC(a) and correction data CD(a), and an encryption unit that encrypts the common key CK(a) generated in the common key generation unit by using a public key PK(b) of the second semiconductor device. The second semiconductor device includes a secret key generation unit that generates a secret key SK(b) by using a unique code UC(b) and correction data CD(b), and a decryption unit that decrypts the common key CK(a) encrypted in the encryption unit by using the secret key SK(b).

Abstract: A user workstation stores a vendor identifier and encrypted data comprising a first string of randomized data, a second string of randomized data, and encrypted text, the encrypted text further comprising a first security answer. The user workstation receives credentials information and a second security answer. The user workstation then generates an encryption key. Further, the user workstation uses the encryption key to decrypt the encrypted text and extract the first security answer. Then, the user workstation compares the second security answer with the first security answer and authenticates the second username if the second security answer is the same as the first security answer.

Abstract: A digital security bubble encapsulation is disclosed. A first key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a second key. The second key is encrypted using the first key. The encrypted message, the encrypted second key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.

Abstract: Method and residential control node for enabling encrypted residential communication of user data between two wireless communication devices. The method comprises receiving a radio bearer mapping from a communication network node, establishing a connection with a first wireless communication device, in accordance with the radio bearer mapping, and establishing a connection with a second wireless communication device, in accordance with the radio bearer mapping. Furthermore, the method comprises obtaining a first key which is based on a key of the first wireless communication device, from the communication network node, and obtaining a second key which is based on a key of the second wireless communication device. Thereby, the residential control node is enabled to decrypt user data received from the first wireless communication device by the first key, and encrypting the user data by the second key, before sending the user data to the second wireless communication device.