Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object includes creating in the storage device an encrypted logical data object including a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into the encrypted sections in accordance with an order the chunks are received, wherein the encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

Abstract: An apparatus and method for generating a multiplex of media streams, the method includes the steps of: (i) receiving a set of media streams that comprises first type media stream components and second type media stream components; (ii) applying a modification process that is not adapted to modify second type media stream components, such as to provide at least one modified first type media stream component; and (iii) multiplexing at least the second type media stream components and the modified first type media stream components.

Abstract: A method, system, and media are provided for securely communicating data. One embodiment of the method includes encrypting a data stream by way of a first algorithm; creating at least two subsets of data from the data stream by extracting one or more data portions from the encrypted data stream, thereby leaving a remaining portion and an extracted portion; communicating the remaining portion to a destination by way of a first communications channel; encrypting the extracted portion utilizing a second algorithm; communicating the encrypted extracted portion to the destination by way of a second communications channel; and providing for recombining the remaining portion and the encrypted extracted portion to facilitate recovery of the encrypted data stream.

Abstract: Prior to transmission, a message is divided into multiple transmission units. A sub-message authentication code is obtained for each of the transmission units. A composed message authentication code is obtained for the whole message based on the sub-message authentication codes of the multiple transmission units. The multiple transmission units and the composed message authentication code are then transmitted. A receiver of the message receives a plurality of transmission units corresponding to the message. A local sub-message authentication code is calculated by the receiver for each transmission unit. A local composed message authentication code is calculated by the receiver based on the local sub-message authentication codes for the plurality of transmission units. The local composed message authentication code is compared to a received composed message authentication code to determine the integrity and/or authenticity of the received message.

Abstract: A method and system for hybrid encryption wherein all of the round function variables including the encryption algorithm change for each round. This permits the generation of block sizes and key sizes of any length and use standard block sizes and key sizes for the respective symmetric algorithm for each round function.

Abstract: Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples.

Abstract: Systems and methods for authenticating playback devices using timestamp validation in accordance with embodiments of the invention are disclosed. One embodiment includes securely storing at least one timestamp in memory within a playback device in response to the occurrence of at least one predetermined event, where a stored timestamp is based on the current time of a system clock when an event occurs, generating a cryptographic key using the at least one timestamp, securing cryptographic data using the cryptographic key, receiving a request to playback encrypted content, where the encrypted content is accessible using the cryptographic data, accessing the at least one timestamp, generating the cryptographic key, accessing the cryptographic data using at least the cryptographic key, and playing back the content using the playback device.

Abstract: The present invention provides a method and device for setting up a wireless network connection. The second device sets up a connection with the wireless network according to the network configuration information. With the present invention, user participation when a terminal is connected to the wireless network is reduced, and efficiency in setting up a wireless network connection is improved.

Abstract: A method for data cryptography includes accepting input data, which contains a section that is to undergo a cryptographic operation and starts at an offset with respect to a beginning of the input data, by a Direct Memory Access (DMA) module. The input data is aligned by the DMA module to cancel out the offset. The aligned input data is read out of the DMA module, and the cryptographic operation is performed on the section.

Abstract: According to one embodiment, a cryptographic apparatus includes: cryptographic cores (“cores”), an assigning unit, a concatenating unit, and an output controlling unit. If a CTS flag thereof is on, each core encrypts using a symmetric key cipher algorithm utilizing CTS, while using a symmetric key. When an input of a CTS signal is received, the assigning unit assigns first input data to a predetermined core and turns on the CTS flag thereof. The concatenating unit generates concatenated data by concatenating operation data generated during encrypting the first input data, with second input data that is input immediately thereafter. The output controlling unit controls outputting the concatenated data to the predetermined core, outputting first encrypted data obtained by encrypting the concatenated data, and over outputting second encrypted data obtained by encrypting the first input data, and further turns off the predetermined core's CTS flag.

Abstract: A method for distributing a nominal audiovisual stream to a recipient device including modifying, in the nominal audiovisual stream, at least one nominal coefficient among the nominal coefficients to generate a modified main stream; generating complementary information such that the nominal audiovisual stream may be implemented based from the complementary information and on the modified main stream, applying a plurality of methods for protecting the complementary information to generate multiple protected complementary information, each of the protected complementary information enabling the nominal stream of the main stream to be implemented upon application of an access method compatible with the protection method which has been used to protect it; and transmitting to the recipient device the modified main stream and the multiple protected complementary information.

Abstract: The present disclosure relates to providing remote access to applications with an increased level of security. A server for providing access to applications is provided, as well as a method therefor, comprising an input channel and an output channel to connect a client with said server, an interface coupled to said input channel and an application, said interface to receive input data from said client via said input channel and to communicate said received input data to the application, and a renderer coupled to said output channel and said application, said renderer to render the output of said application into a data stream to be transferred via the output channel to the client, wherein the input data and the data stream are both encrypted.

Abstract: Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content.

Abstract: A method for delivering encrypted content to a subscriber terminal on-demand through a communication network is provided. The method begins when SRM receives a request for content from the subscriber terminal. In response to the request, the SRM directs a video server to transmit the content as an unencrypted transport stream to an encryptor. The packets in the unencrypted transport stream include a header with a destination address associated with the subscriber terminal. The encryptor encrypts the content in the unencrypted transport stream to generate an encrypted transport stream. The encryptor also inserts in the packet headers of the packets in the encrypted transport stream the destination address associated with the subscriber terminal obtained from the packet headers in the unencrypted transport stream. Finally, the encrypted transport stream is transmitted to the subscriber terminal over the communication network.

Abstract: In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of chaos introduction exhibited by a game process such as the well known shuffling of a deck of playing cards. Computation of the hash value (digest) is the result of executing in a model (such as computer code or logic circuitry) a game algorithm that models the actual game such as a playing card shuffling algorithm using the message as an input to the algorithm, then executing the card shuffling algorithm on the input. A state (order) of the modeled deck of cards after a shuffle (or multiple shuffles) gives the hash digest value.

Abstract: An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers.

Abstract: A system to protect MAC control messages is presented. In one embodiment, the system comprises a processor, a memory coupled to the processor, and a communication device coupled to the processor to communicate wirelessly over multiple sub-channels in an orthogonal frequency division multiple access (OFDMA) wireless network. The communication device is operable to determine that a MAC control message is protected if an indicator within the MAC control message is set. The communication device validates, if the indicator is set, integrity of the MAC control message in conjunction with a CMAC (cipher-message authentication code) tuple concatenated with the MAC control message.

Abstract: Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure.

Abstract: A disclosed data encoding apparatus includes: an arbitrary number of storage units; a data transfer control unit dividing input data into data blocks in accordance with the arbitrary number of storage units and transferring the data blocks to each storage unit; and encoding units having the same number as the storage units, the encoding units encoding the data blocks using a different cryptographic key for each storage unit while the data blocks are transferred by the data transfer control unit, wherein each storage unit stores the data blocks encoded by the encoding units.

Abstract: A method comprises receiving a bit stream associated with at least one video image, wherein the bit stream comprises at least one macroblock header and a plurality of macroblocks. The method continues by encrypting the at least one macroblock header. The method concludes by transmitting the bit stream such that the at least one macroblock header is in an encrypted format and at least one macroblock is in an unencrypted format.

Abstract: The invention relates to the general field of digital security and more particularly cryptography. In particular it proposes a device and a method of encrypting a sequence of data. The invention also relates to a cryptographic device (1) and a cryptographic method of generating a pseudo-random data sequence (13) and their favored use in the field of digital security, in particular for encrypting and decrypting data and for cryptographically hashing messages.

Abstract: Efficient methods for implementing security and manageability for stored data objects involve logical object reorganization, computation and injection of metadata, and specialized data access operations. Methods for utilization and incorporation of cryptographic key hierarchies and security functions for data objects are disclosed. Cryptographic keying and other data management operations may be performed for individual blocks within a data object rather than only for the entire data object in order to achieve performance objectives.

Abstract: Methods and systems for cryptography use a reconfigurable platform to perform cryptographic functions. Where a reconfigurable platform is use the configuration may be used as a key or secret. The function schema may be maintained as public. The reconfigurable platform may be implemented in a manner to provide desirable families of functions, including reconfigurable functions which are pseudo one-way and pseudo random. An electronic device may include a reconfigurable platform adapted to perform cryptographic functions wherein a configuration of the reconfigurable platform is used as a secret.

Abstract: Some embodiments of a method and apparatus for encrypting and decrypting data have been presented. In one embodiment, a stream cipher is run in parallel with a block cipher to output a stream of bits with a length equal to a number of ciphertext blocks in an output stream of the block cipher. The method may further include pre-processing a current plaintext block based on the stream of bits and the number of ciphertext blocks in the output stream of the block cipher. Then the block cipher may encipher the pre-processed block to generate a current ciphertext block.

Abstract: To improve a communication system including two communication apparatuses in order to reduce a possibility of having communication thereof decrypted by a third party. The communication system includes a first communication apparatus and a second communication apparatus, where one of the communication apparatuses encrypts transmission subject data to generate encrypted data and transmits it to the other communication apparatus which then decrypts received encrypted data. Before performing encryption, each of the communication apparatuses cuts the transmission subject data by a predetermined number of bits to generate transmission subject cut data. In this case, each of the communication apparatuses varies the number of bits of the transmission subject cut data, and mixes dummy data of a size of which number of bits matches with the largest number of bits out of the numbers of bits of the transmission subject cut data into the transmission subject cut data other than that of the largest number of bits.

Abstract: An encryption method is disclosed, including two passes over a sequence of N input digital data X1, . . . XN blocks where the first pass executes iterative linear algebraic operations from the last input block XN to the first input block X1 to obtain a sequence of intermediary resulting YN . . . Y1 blocks. The second pass executes a block ciphering in a chaining mode from the first intermediary resulting Y1 block to the last one YN to obtain a sequence of encrypted output Z1 . . . ZN blocks. The decryption is carried out only in one pass from the first input encrypted Z1 block to the last input encrypted block ZN. The deciphering operations are executed in an iterative loop of inverse linear algebraic operations after deciphering the first input encrypted Z1 block to obtain an output sequence of decrypted X1, . . . XN blocks.

Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

Abstract: A method and system for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

Abstract: Systems and methods for providing multimedia content from one process or component to another process or component over an unsecured connection are provided. One embodiment includes obtaining the cryptographic information, extracting the at least partially encrypted video data from the container file to create an elementary bitstream, enciphering the cryptographic information, inserting the cryptographic information in the elementary bitstream, providing the elementary bitstream to a video decoder, extracting the cryptographic information from the elementary bitstream at the video decoder, deciphering the cryptographic information, decrypting the elementary bitstream with the cryptographic information and decoding the elementary bitstream for rendering on a display device using the video decoder.

Abstract: A method (400) for processing location information relating to a certain mobile station in a cellular network is presented. The method involves a first network element, which is connected to the cellular network, and second and third network elements, which are connected to a packet data network. The first network receives (401) a location information request (201) relating to the mobile station from a second network element. A security document relating to the second network element is requested (404) from a third network element; establishment (406) of one security association pointing from the second network element to the first network element and involving information is the security document is initiated; after successful establishment of said security association, the data origin of the location service request is authenticated (408); and after successful authentication, a location procedure relating to the mobile station in the cellular network is initiated (410).

Abstract: Methods and systems for encrypting and decrypting data are described. In one embodiment, a computing system determines a first initialization vector (IV) from another IV and a sequence number of a block of information, and hashes the first IV to create a hash. The computing system then determines a first block from the first block of information and the first hash and enciphers the first block to generate a block of ciphertext. In another embodiment, the computing system deciphers the block of ciphertext to generate the first block, and determines the first IV from the other IV and a sequence number of a block of information. The computing system hashes the first IV to create a hash and determines a block of information corresponding to the first block of ciphertext from the first block and the hash.

Abstract: A processing unit transforms first input information into first nonlinear transformed information that is transformed into first linear transformed information, and transforms second input information into second nonlinear transformed information that is transformed into second linear transformed information. An exclusive-or section performs an exclusive-or operation based on the first and second linear transformed information. When the first nonlinear and linear transformed information are expressed as a first and second sequence vector, respectively, and the second nonlinear and linear transformed information are expressed as a third and fourth sequence vector, respectively, then a first row vector chosen from a first inverse matrix of a first matrix that transforms the first sequence vector to the second sequence vector, and a second row vector chosen from a second inverse matrix of a second matrix that transforms the third sequence vector to the fourth sequence vector, are linearly independent.

Abstract: The present invention is suitable for use in a multi-encrypted system that dynamically allocates stream identifiers in a secondary overlay stream depending upon the identifiers in a primary encrypted stream. The primary encrypted input stream is monitored to determine the presence of all identifier values. Once the identifier values are determined, the values are stored in an allocation table and marked as ‘in-use’ to ensure that these identifier values are not allocated to any of the secondary overlay streams. The primary encrypted stream is monitored and the allocation table is updated continuously to detect any changes or conflicts to the identifier values, and the secondary overlay streams are dynamically updated accordingly.

Abstract: A cryptographic device includes a first state module, a key addition module, a byte substitution module, and a column mixing module. The first state module stores a first data block. The key addition module adds a key to the first data block to generate a second data block. The byte substitution module replaces each byte of the second data block to generate a third data block. The byte substitution module includes a first byte substitution sub-module that generates an intermediate data block in response to the second data block, a pipeline register that stores the intermediate data block, and a second byte substitution sub-module that generates the third data block in response to the intermediate data block. The column mixing module generates a fourth data block based on the third data block and provides the fourth data block to the first state module for storage.

Abstract: The public exponent e of an RSA key is embedded in a RSA key object that lacks this exponent. During exponentiation, the public exponent e may be extracted and used to verify that the result of the exponentiation is correct. The result is output only if this is the case. The invention counters fault-attacks. Also provided are an apparatus and a computer program product.

Abstract: One embodiment of the present invention provides a system that facilitates encrypting data. During operation, the system receives unencrypted data to be encrypted. Next, the system preprocesses the unencrypted data to create preprocessed unencrypted data, wherein preprocessing the unencrypted data involves generating a salt (wherein the salt facilitates in determining if the subsequently encrypted data has been altered) and concatenating the salt and the unencrypted data to create the preprocessed unencrypted data. Next, the system encrypts the preprocessed unencrypted data to create the encrypted data. Because the salt has already been applied to the plaintext data, it does not need to be reapplied during the encryption phase as is typically done in encryption. Finally, the system stores a copy of the salt with the encrypted data.

Abstract: An encryption technique is disclosed for encrypting a plurality of data blocks of a data segment where the encryption selectively switches between a blockwise independent randomized (BIR) encryption mode and a cipher block chaining (CBC) encryption mode based on a configurable feedback stride. A corresponding decryption technique is also disclosed.

Abstract: A system for storing encrypted compressed data comprises a processor and a memory. The processor is configured to determine whether an encrypted compressed segment has been previously stored. The encrypted compressed segment was determined by breaking a data stream, a data block, or a data file into one or more segments and compressing and then encrypting each of the one or more segments. The processor is further configured to store the encrypted compressed segment in the event that the encrypted compressed segment has not been previously stored. The memory is coupled to the processor and configured to provide the processor with instructions.

Abstract: An information processing device comprises: a non-linear transformation unit that takes a k/2-number of odd-numbered string data Bi (i=1, 3, . . . , k?1), k being an even number not smaller than 6, out of a k-number of string data {B1, B2, . . . , Bk}, as intermediate data Wi, and that XORs data transformed from the odd-numbered string data Bi based on a bijective F-function, in which an as-transformed value is determined responsive to a value of key data, and even-numbered string data Bi+1, to give intermediate data Wi+1; and a permutation unit that permutes the intermediate data {W1, W2, . . . , Wk} by the data {B1, B2, . . . , Bk}; in so permuting the intermediate data, the permutation unit permuting odd-numbered data by even-numbered data and permuting even-numbered data by odd-numbered data; the permutation unit not permuting Wi+1 by B((i+1)mod—k)+1, where i=0, 1, 2, . . . , k?1 and x mod y is a remainder left after dividing x by y, and not permuting Wi+1 by B((i+k-1)mod—k)+1.

Abstract: A secure processing device may include an external memory storing encrypted data, and a processor cooperating with the external memory. The processor is configured to generate address requests for the encrypted data in the external memory, cache keystreams based upon an encryption key, and generate decrypted plaintext based upon the cached keystreams and the encrypted data requested from the external memory. For example, the processor may be further configured to predict a future address request, and the future address request may be associated with a cached keystream.

Abstract: A microprocessor includes a storage element having a plurality of locations each storing decryption key data associated with an encrypted program. A control register field (may be x86 EFLAGS register reserved field) specifies a storage element location associated with a currently executing encrypted program. The microprocessor restores from memory to the control register a previously saved value of the field in response to executing a return from interrupt instruction. A fetch unit fetches encrypted instructions of the currently executing encrypted program and decrypts them using the decryption key data stored the storage element location specified by the restored field value. A kill bit associated with each storage element location may be employed if the location is clobbered because more encrypted programs are multitasked than available locations in the storage element, in which case an exception is generated to re-load the clobbered decryption key data in response to the return from interrupt instruction.

Abstract: In the field of computer enabled cryptography, such as a block cipher, the cipher is hardened against an attack by protecting the cipher key, by applying to it a predetermined linear permutation before using one key to encrypt or decrypt a message. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key, or where each user session has its own key.

Abstract: The described system and method provide for an encryption and authentication technique that achieves enhanced integrity verification through assured error-propagation using a multistage sequence of pseudorandom permutations. The method generates intermediate data-dependent cryptographic variables at each stage, which are systematically combined into feedback loops. The encryption technique also generates an authentication tag with minimal post processing that is the size of the state. The size of the state is dependent on the number of pseudorandom permutations and the size of the LFSR. The authentication tag provides a unique mapping to the plaintext for any number of plaintext blocks that is less than or equal the size of the state. In addition to being a stand alone encryption algorithm, the disclosed technique is applicable to any mode that uses pseudorandom permutations such as, key dependent lookup tables, S-Boxes, and block ciphers such as RC5, TEA, and AES.

Abstract: A system and method for encryption of data is disclosed. At least one block of the data is received. The at least one block of data is modified to cause each unique data element within the at least one block to appear with a respective predetermined frequency ratio. The block of data is encrypted into ciphertext based at least on an encryption key.

Abstract: An embodiment of the invention provides an apparatus and method for online data conversion. The apparatus and method are configured to read data that is overlapped by a window in a first position in a volume, convert the data into a converted text, write the converted text into the volume, and slide the window to a second position in the volume.

Abstract: A method of simplifying a combinational circuit establishes an initial combinational circuit operable to calculate a set of target signals. A quantity of multiplication operations performed in a first portion of the initial combinational circuit is reduced to create a first, simplified combinational circuit. The first portion includes only multiplication operations and addition operations. A quantity of addition operations performed in a second portion of the first, simplified combinational circuit is reduced to create a second, simplified combinational circuit. The second portion includes only addition operations. Also, the second, simplified combinational circuit is operable to calculate the target signals using fewer operations than the initial combinational circuit.

Abstract: In the field of cryptography, such as for a computer enabled block cipher, a cipher or other cryptographic process is hardened against an attack by protecting the cipher key or subkeys by using a masking process for these keys. The subkeys are thereby protected by applying to them a mask or set of masks to hide their contents. This is especially advantageous in a “White Box” computing environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during execution. Further, this method and the associated apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key or where each user session has its own key.

Abstract: A fetch unit fetches a sequence of blocks of encrypted instructions of an encrypted program from an instruction cache at a corresponding sequence of fetch address values. While fetching each block of the sequence, the fetch unit generates a decryption key as a function of key values and the corresponding fetch address value, and decrypts the encrypted instructions using the generated decryption key by XORing them together. A switch key instruction instructs the microprocessor to update the key values in the fetch unit while the fetch unit is fetching the sequence of blocks. The fetch unit inherently provides an effective decryption key length that depends upon the function and amount of key values used. Including one or more switch key instructions within the encrypted program increases the effective decryption key length up to the encrypted program length.

Abstract: A system and method for securely storing and transmitting digital information includes a computing device connected to at least one of a network device or a storage device or both. The system and method also includes a communication network connected to the at least one of a network device or the at least one of a storage device, or both.

Abstract: A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream.