Data Stream/substitution Enciphering Patents (Class 380/42)
  • Patent number: 10045040
    Abstract: In one embodiment, a system includes a Headend apparatus including a watermark processor to generate secondary video streams from sections of a primary video stream, group the secondary video streams in groups of at least two secondary video streams, the secondary video streams including units of data for use in watermarking across cryptoperiods in an end-user device which selects one secondary video stream in each group for rendering as part of a composited video stream in order to embed units of data of an identification in the composited video stream, wherein in each cryptoperiod, the watermark processor is operative to generate different groups of the secondary video streams from different non-overlapping portions of the primary video stream, and an encryption processor to generate control words, encrypt each secondary video stream with a different control word, and change the control word of each secondary video stream every cryptoperiod.
    Type: Grant
    Filed: August 21, 2016
    Date of Patent: August 7, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: David Wachtfogel, Michal Devir, Harel Cain
  • Patent number: 9912975
    Abstract: A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.
    Type: Grant
    Filed: March 11, 2016
    Date of Patent: March 6, 2018
    Assignee: ERICSSON AB
    Inventors: Kevin J. Ma, Robert Hickey, Paul Tweedale
  • Patent number: 9852306
    Abstract: A method comprises receiving a first cryptographic token for one search term and a second cryptographic token is generated using the one search term and at least another search term. A first search is conducted using the first cryptographic token to generate a first result set, and the second cryptographic token is used for computing a subset of results of the first result set.
    Type: Grant
    Filed: August 5, 2013
    Date of Patent: December 26, 2017
    Assignee: International Business Machines Corporation
    Inventors: Charles D. Cash, Stanislaw Jarecki, Charanjit S. Jutla, Hugo M. Krawczyk, Marcel C. Rosu, Michael Steiner
  • Patent number: 9813705
    Abstract: Systems, methods, and devices for processing video data are disclosed. Some examples relate to receiving or forming a parameter set having an identifier that is fixed length coded, wherein a parameter set identification (ID) for the parameter set is before any syntax element in the parameter set that is entropy coded and using the parameter set having the identifier that is fixed length coded to decode or encode video data. Other examples determine whether a first parameter set ID of a first parameter set of a first bitstream is the same as a second parameter set ID of a second parameter set of a second bitstream. In response to determining that the second parameter set ID is the same as the first parameter set ID, changing the second parameter set ID to a unique parameter set ID. A parameter set associated with the unique parameter set ID may be transmitted.
    Type: Grant
    Filed: April 25, 2013
    Date of Patent: November 7, 2017
    Assignee: QUALCOMM Incorporated
    Inventor: Ye-Kui Wang
  • Patent number: 9794062
    Abstract: A system and method for providing a scrambled tweak mode of block cipher encryption for a device that mitigates the effect of side channel attacks based on differential power analysis (DPA). The scrambled tweak mode encryption engine creates noise at the start of the encryption process by obfuscating the counter value with the use of the very fast mixing function, such as a mixing function based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations. Because the counter values are scrambled and the mixing functions operate very fast in parallel hardware, the input of the block cipher is pseudorandom and groups of blocks can't be correlated.
    Type: Grant
    Filed: October 8, 2015
    Date of Patent: October 17, 2017
    Assignee: THE BOEING COMPANY
    Inventor: Laszlo Hars
  • Patent number: 9760564
    Abstract: Mechanisms for identifying hidden meaning in a portion of natural language content are provided. A primary portion of natural language content is received and a secondary portion of natural language content is identified that references the natural language content. The secondary portion of natural language content is analyzed to identify indications of meaning directed to elements of the primary portion of natural language content. A probabilistic model is generated based on the secondary portion of natural language content modeling a probability of hidden meaning in the primary portion of natural language content. A hidden meaning statement data structure is generated for the primary portion of natural language content based on the probabilistic model.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: September 12, 2017
    Assignee: International Business Machines Corporation
    Inventors: Donna K. Byron, Benjamin L. Johnson, Lakshminarayanan Krishnamurthy, Krishna Kummamuru, Timothy P. Winkler
  • Patent number: 9678893
    Abstract: The present invention relates to a secure caching technique for shared distributed caches. A method in accordance with an embodiment of the present invention includes: encrypting a key K to provide a secure key, the key K corresponding to a value to be stored in a cache; and storing the value in the cache using the secure key.
    Type: Grant
    Filed: May 4, 2012
    Date of Patent: June 13, 2017
    Assignee: International Business Machines Corporation
    Inventors: Keys D. Botzum, Peter D. Birk
  • Patent number: 9646143
    Abstract: Systems and methods for automatically maintaining the anonymity or privacy of a stream of data as it is transmitted over a network or provided for other use, by receiving a data stream in real-time from an original source and identifying a data subset of interest within the original data stream. The data subset of interest is segregated from the data stream for either obfuscating at least a portion of the data subset in accordance with certain criteria or encrypting it. The data subset is obfuscated or encrypted for purpose of transmission over the network or for testing and reunited at a target source with the remainder of the data stream.
    Type: Grant
    Filed: November 6, 2015
    Date of Patent: May 9, 2017
    Assignee: Progress Software Corporation
    Inventor: Anthony Lavinio
  • Patent number: 9628274
    Abstract: A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.
    Type: Grant
    Filed: November 14, 2014
    Date of Patent: April 18, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Jason Jenks, Tushaar Sethi, Brandon B. Low, Jason Cetina, Jesper Mikael Johansson, Waylon Brunette, Hanson Char, Spencer Proffit
  • Patent number: 9571462
    Abstract: An extensible personality-based secure messaging infrastructure deployed in a computerized system comprising at least one central processing unit, a memory, a storage system and a network interface unit, the system being accessible by a user, the system comprising: an application resource database configured to store at least one resource entry; a contact information database comprising at least one peer personality entry and an own personality entry, the at least one peer personality entry corresponding to at least one resource entry in the resource database; a key storage operatively coupled to the contact information database and comprising a plurality of communication channel key entries, a plurality of peer personalities key entries and a plurality of application resource key entries, and at least one of the plurality of the peer personalities key entries corresponding to at least one peer personality entry in the contact information database.
    Type: Grant
    Filed: February 4, 2013
    Date of Patent: February 14, 2017
    Assignee: Anchorfree, Inc.
    Inventor: Roman Kuzmenko
  • Patent number: 9521159
    Abstract: Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is received by the security appliance to access data associated with the log. Responsive thereto and without requiring separate registration with the cloud-based logging service, the data is retrieved by the security appliance from the logging service and is presented via an interface of the security appliance.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: December 13, 2016
    Assignee: Fortinet, Inc.
    Inventor: Jun Yin
  • Patent number: 9497167
    Abstract: Methods and systems for filtering communication packets using a multi-stage filtering system that receives a large volume of communication packets from a communication network that filters the packets in two or more successive stages. The system comprises at least one front-end filtering unit and multiple back-end filtering units. Typically although not necessarily, the front-end filtering unit filters the packets based on layer-2 to layer-4 attributes of the packets. The back-end filtering units, on the other hand, filter the packets based on content extracted from the packet payloads. The back-end filtering units may perform filtering, for example, based on keyword spotting, application classification, malware detection and other content-related criteria. The front-end filtering unit typically performs filtering at the individual packet level and/or at the level of request-response transactions.
    Type: Grant
    Filed: July 29, 2013
    Date of Patent: November 15, 2016
    Assignee: VERINT SYSTEMS LTD.
    Inventors: Dana Weintraub, Naomi Frid
  • Patent number: 9491003
    Abstract: Disclosed are a method and apparatus for keeping orders among messages when transmitting and receiving messages within a Converged IP Messaging (CPM) session. A message transmission and reception method in a network comprises receiving a message including sequential identification information and a cumulative size, and outputting the received message, wherein the sequential identification information is an identifier allowing identification of orders managed within a session, transmission and reception being performed in the session, and the cumulative size is the sum of sizes of messages, the messages being sent by a subject having sent the received message within the session, wherein the output order of the received message is decided based upon the sequential identification information and sequential identification information relating to messages received prior to the received message.
    Type: Grant
    Filed: June 10, 2010
    Date of Patent: November 8, 2016
    Assignee: LG ELECTRONICS INC.
    Inventors: Hyeonsoo Lee, Dongyoung Lee, Kangsuk Huh
  • Patent number: 9485288
    Abstract: There is provided a peer-to-peer communication method in a content centric network environment. In embodiments, the peer-to-peer communication method in a content centric network (hereinafter referred to as a “CCN”) environment includes, receiving, by a CCN router, a join message including a desired service name of a user node from the user node, transmitting, by the CCN router, the join message to a rendezvous point mapped to the service name and forming a share tree, receiving, by the CCN router, a content request message including a name of content that is provided through the service from the user node, and transmitting, by the CCN router, the content request message through an interface connected to the share tree.
    Type: Grant
    Filed: December 5, 2013
    Date of Patent: November 1, 2016
    Assignee: Research & Business Foundation Sungkyunkwan University
    Inventors: Yusung Kim, Younghoon Kim, Ikjun Yeom
  • Patent number: 9479983
    Abstract: A communication device performs a method for determining when to switch between multiple communication modes of a transceiver subsystem. The method includes detecting an indication that a multimedia message is ready for transmission. The method also includes switching, by the transceiver subsystem in response to detecting the indication, from an infrastructure communication mode to a peer-to-peer communication mode, and transmitting the multimedia message in the peer-to-peer communication mode. The method further includes determining that the multimedia message transmission is complete, and switching, by the transceiver subsystem, back to the infrastructure communication mode in response to determining that the multimedia message transmission is complete.
    Type: Grant
    Filed: February 18, 2014
    Date of Patent: October 25, 2016
    Assignee: Google Technology Holdings LLC
    Inventor: Daniel C Konrad
  • Patent number: 9443096
    Abstract: Methods and systems to allow for selective access to supplemental content that is associated with more generally distributed original content. In an embodiment, supplemental content may be encrypted, then integrated with original content using a steganographic technique. The resulting aggregated content may then be made available to users. Users may then extract the encrypted supplemental content from the original content. Those users having the proper privilege level may be given a cryptographic key to allow decryption of the supplemental content. Those without the necessary privilege will not be given this decryption key, and will therefore be unable to access the supplemental content.
    Type: Grant
    Filed: August 1, 2014
    Date of Patent: September 13, 2016
    Assignee: Intel Corporation
    Inventor: Oleg Pogorelik
  • Patent number: 9425964
    Abstract: A signal processing method for a display device is provided. The display device is capable of connecting a portable consumer electronic device via a high-definition link (MHL) port. Via the communication bus (CBUS) in the MHL port, a set of encryption codes is provided to the portable consumer electronic device. Based on an encrypted identification fed back from the portable consumer electronic device, it is determined whether the portable consumer electronic device passes authentication. If the portable consumer electronic device passes the authentication, when a human interface device provides a user command to the display device, the user command is encrypted according to the set of encryption codes to generate an encrypted user command compliant to the CBUS specification. Via the CBUS of the MHL port, the encrypted user command is provided to the portable consumer electronic device.
    Type: Grant
    Filed: June 4, 2014
    Date of Patent: August 23, 2016
    Assignee: MStar Semiconductor, Inc.
    Inventors: Meng-Che Tsai, Yu-Cheng Kuo
  • Patent number: 9355258
    Abstract: The invention relates to a system and a method for privacy preservation of sensitive attributes stored in a database. The invention reduces the complexity and enhances privacy preservation of the database by determining the distribution of sensitive data based on Kurtosis measurement. The invention further determines and compares the optimal value of k-sensitive attributes in k-anonymity data sanitization model with the optimal value of l sensitive attributes in l diversity data sanitization model using adversary information gain. The invention reduces the complexity of the method for preserving privacy by applying k anonymity only, when the distribution of the sensitive data is leptokurtic and optimal value of k is greater than the optimal value of l.
    Type: Grant
    Filed: September 25, 2012
    Date of Patent: May 31, 2016
    Assignee: Tata Consultancy Services Limited
    Inventors: Arijit Ukil, Jaydip Sen
  • Patent number: 9338143
    Abstract: A computer-implemented method for coordinating content transformation includes receiving, at a computer server subsystem and from a web server system, computer code to be served in response to a request from a computing client over the internet; modifying the computer code to obscure operation of the web server system that could be determined from the computer code; generating transformation information that is needed in order to reverse the modifications of the computer code to obscure the operation of the web server system; and serving to the computing client the modified code and the reverse transformation information.
    Type: Grant
    Filed: October 16, 2013
    Date of Patent: May 10, 2016
    Assignee: Shape Security, Inc.
    Inventors: Marc R. Hansen, Sumit Agarwal, Subramanian Varadarajan, Justin D. Call
  • Patent number: 9236865
    Abstract: An apparatus for generating random bits includes a plurality of mapping devices. A respective mapping device is configured to map a predefined number of input signals, with the aid of a combinatorial mapping, into a predefined number of output signals. The plurality of mapping devices are concatenated with one another, and at least one combinatorial mapping is configured such that a state change of an input signal of a respective mapping device is mapped on average onto more than one output signal of the respective mapping device. No feedback loop is present such that a state change of at least one feedback output signal of a specific mapping device is fed as a state change of at least one input signal to another mapping device such that one or a plurality of output signals of the specific mapping device is influenced by the state change of the feedback output signal.
    Type: Grant
    Filed: May 2, 2014
    Date of Patent: January 12, 2016
    Assignee: Siemens Aktiengesellschaft
    Inventors: Pascale Böffgen, Markus Dichtl
  • Patent number: 9210135
    Abstract: Embodiments are directed towards resynchronizing the processing of a monitored flow based on hole detection. A network monitoring device (NMD) may be employed to passively monitor flows of packets for a session between endpoints. The NMD may receive copies of the monitored flow and perform processes on the monitored flow. In some situations, some copies of packets may not be fully processed by the NMD, creating a hole in the processing. If a hole is detected in the monitored flow and the processing of the monitored flow is desynchronized, then the NMD may suspend processing until it is resynchronized or for a remainder of the session. If the processing is desynchronized, then the NMD may resynchronize the processing by resuming the processing of the monitored flow at a downstream position of the monitored flow based on the detected hole.
    Type: Grant
    Filed: September 29, 2014
    Date of Patent: December 8, 2015
    Assignee: ExtraHop Networks, Inc.
    Inventors: Jesse Abraham Rothstein, Arindum Mukerji, Bhushan Prasad Khanal
  • Patent number: 9195838
    Abstract: A method, non-transitory computer readable medium and apparatus for securing user input and/or output on a mobile endpoint device. For example, the method receives an input on the mobile endpoint device, encrypts and authenticates the input in a trusted domain of the mobile endpoint device executing an application and sends the input that is encrypted and authenticated to an untrusted domain of the mobile endpoint device over a secure channel.
    Type: Grant
    Filed: July 2, 2012
    Date of Patent: November 24, 2015
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Jeffrey E. Bickford, Mikhail Istomin, Evgene Vahlis
  • Patent number: 9178697
    Abstract: Techniques are disclosed for improving security in virtual private network. In one embodiment, key information is generated for a virtual private network (VPN) connection between a first device and a second device. A plurality of shares is then generated based on the key information. A first set of one or more shares is stored on a dongle that is paired to the first device. A second set of one or more shares is stored on the first device. In response to a request to resume the VPN connection, the first set of shares is retrieved from the dongle. The key information is reconstructed based on the first set of shares and the second set of shares. The reconstructed key information may then be used to resume the VPN connection.
    Type: Grant
    Filed: August 12, 2014
    Date of Patent: November 3, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Philip John Steuart Gladstone, David A. McGrew
  • Patent number: 9154538
    Abstract: Methods and apparatus are disclosed for facilitating online storage of files (e.g., audio tracks, video, etc.) for playback/access or sale/exchange by the owners of the files without violating copyrights that copyright holders have in the files. For example, by providing a playback service that does not store additional versions of an audio file when the file is transmitted to, and immediately played on, a user device without buffering, the present invention avoids violating copyright laws by not making copies of the file. Numerous other aspects are disclosed.
    Type: Grant
    Filed: September 15, 2012
    Date of Patent: October 6, 2015
    Assignee: CFPH, LLC
    Inventors: Howard Lutnick, Dean P. Alderucci
  • Patent number: 9148411
    Abstract: A Headend system including a encoder to encode input data yielding a plurality of data packets, each of the packets having a header and a payload, a post encoding processor to identify ones of the data packets having a payload with a suspected known plaintext, and modify at least some of the identified packets, and an encryption processor to encrypt at least some of the data packets yielding encrypted data packets. Related apparatus and methods are also described.
    Type: Grant
    Filed: December 18, 2012
    Date of Patent: September 29, 2015
    Assignee: Cisco Technology Inc.
    Inventors: Martin Gold, Keith Millar, Harel Cain, David Wachtfogel, Michal Devir, Max Berman, Brett Walzer
  • Patent number: 9143326
    Abstract: A method and system for encrypting data. An initialization is generated. Ciphertext is generated from plaintext by applying the initialization vector and an encryption key to the plaintext. The initialization vector is combined with the ciphertext to generate encrypted data, by using an embedding rule to perform the combining.
    Type: Grant
    Filed: February 6, 2013
    Date of Patent: September 22, 2015
    Assignee: International Business Machines Corporation
    Inventor: Yasuhiro Onoda
  • Patent number: 9124425
    Abstract: Systems, methods, and apparatuses are provided for ciphering error detection and recovery. A method may include using a first set of one or more cipher input parameters to decipher ciphered data ciphered using a second set of one or more cipher input parameters. The method may further include comparing a value of at least a portion of the deciphered data to an expected value. The method may additionally include determining an occurrence of a ciphering error when the value of the at least a portion of the deciphered data is not equal to the expected value. The method may also include initiating a ciphering resynchronization procedure in response to the determination that a ciphering error occurred so as to resynchronize at least one of the first set of cipher input parameters with at least one of the second set of cipher input parameters. Corresponding systems and apparatuses are also provided.
    Type: Grant
    Filed: June 30, 2009
    Date of Patent: September 1, 2015
    Assignee: Nokia Technologies Oy
    Inventor: Keiichi Kubota
  • Patent number: 9104400
    Abstract: A data processing system 2 includes a single instruction multiple data register file 12 and single instruction multiple processing circuitry 14. The single instruction multiple data processing circuitry 14 supports execution of cryptographic processing instructions for performing parts of a hash algorithm. The operands are stored within the single instruction multiple data register file 12. The cryptographic support instructions do not follow normal lane-based processing and generate output operands in which the different portions of the output operand depend upon multiple different elements within the input operand.
    Type: Grant
    Filed: December 30, 2014
    Date of Patent: August 11, 2015
    Assignee: ARM Limited
    Inventors: Matthew James Horsnell, Richard Roy Grisenthwaite, Stuart David Biles, Daniel Kershaw
  • Patent number: 9092448
    Abstract: A method and system for collecting and transmitting data across or through a firewall using HTTP and/or XML between computer systems that do not otherwise grant access to each other. A method and system for preparing data reports using data and report generation modules using HTTP and/or XML between computer systems.
    Type: Grant
    Filed: December 17, 2012
    Date of Patent: July 28, 2015
    Assignee: JPMORGAN CHASE BANK, N.A.
    Inventor: Bruce James Skingle
  • Patent number: 9083515
    Abstract: Methods and apparatus are provided for generation of forward secure pseudorandom numbers that are resilient to such forward clock attacks. A forward secure pseudorandom number is generated by obtaining a first state si corresponding to a current leaf node ?i in a hierarchical tree, wherein the current leaf ?i produces a first pseudorandom number ri?1; updating the first state si to a second state si+t corresponding to a second leaf node ?i+t; and computing a second pseudorandom number ri+t?1 corresponding to the second leaf node ?i+t, wherein the second pseudorandom number ri+t?1 is based on a forward clock reset index that identifies an instance of the hierarchical tree, wherein the instance of the hierarchical tree is incremented when one or more criteria indicating a forward clock attack are detected. The forward clock reset index can be encoded in a forward secure manner in the hierarchical tree.
    Type: Grant
    Filed: December 27, 2012
    Date of Patent: July 14, 2015
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Nikolaos Triandopoulos, Ari Juels, Ronald Rivest
  • Patent number: 9037870
    Abstract: A file system data is divided into two or more data blocks. A unique encryption key is assigned to each data block with the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks and each of the data blocks is encrypted using its assigned encryption key. One of the data blocks within the file system is then selected and decrypted using the distinct encryption key assigned to the selected data block and a new encryption key, distinct for the previously assigned encryption key, is assigned to the selected data block and the selected data block is re-encrypted using the new encryption key. This process is then repeated for each data block on a sequential/cyclic and continually rotating basis.
    Type: Grant
    Filed: August 16, 2013
    Date of Patent: May 19, 2015
    Assignee: Intuit Inc.
    Inventors: Peter Xiaohu Zheng, Toan Huynh
  • Patent number: 9008314
    Abstract: A system includes a sending access point and a receiving access point. The sending access point divides a data stream into sets of packets, encrypts a first set of packets using a first encryption protocol, encrypts a second set of packets using a second encryption protocol, where the second encryption protocol is different from the first encryption protocol, transmits, using a first channel over a wireless network, the first set of packets, and transmits, using a second channel over the wireless network, the second set of packets. The receiving access point receives the first set of packets and the second set of packets, decrypts the first set of packets using the first encryption protocol, and decrypts the second set of packets using the second encryption protocol.
    Type: Grant
    Filed: November 18, 2008
    Date of Patent: April 14, 2015
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Scott D. Arena
  • Patent number: 8995652
    Abstract: A streaming one time pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) and an Exclusive Or (XOR) (or other cipher) with a public key channel to encrypt and decrypt OTP data. There is no method in cryptography to thwart the OTP/XOR method and it is proven impossible to crack. The method also rotates the ports of the channels periodically to increase communication obfuscation. Through pre-fetching and cache of OTP data, latency increases from encryption are kept to an absolute minimum as the XOR for encryption and decryption is done with a minimal number of instructions.
    Type: Grant
    Filed: November 26, 2014
    Date of Patent: March 31, 2015
    Assignee: Introspective Power, Inc.
    Inventor: Anthony Scott Thompson
  • Patent number: 8958554
    Abstract: A process and system for enciphering and deciphering Unicode characters that is compatible with scripting languages such as JAVASCRIPT®, JSCRIPT® and VBSCRIPT®. The process and system can encipher each character individually and maintain the size of the character. The enciphered character is deciphered at the application layer at the client to provide endpoint security.
    Type: Grant
    Filed: November 30, 2009
    Date of Patent: February 17, 2015
    Assignee: Red Hat, Inc.
    Inventor: James Paul Schneider
  • Patent number: 8958416
    Abstract: Sensitive, Standard Telephone Equipment (STE) data is encapsulated into IP packets in a remotely deployed, secure communication system. The IP packets are addressed to a matching IP encapsulator/decapsulator device over the public Internet or other IP protocol network, that then passes it to a similar STE device over an ISDN link for decryption. The present invention is embodied in a system that provides secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, to a remote user. Most importantly, the embodiment allows for the routing of bulk encrypted (i.e., secure) data over a public network, e.g., the Internet.
    Type: Grant
    Filed: September 27, 2012
    Date of Patent: February 17, 2015
    Assignee: TeleCommunication Systems, Inc.
    Inventor: Steven S. Anspach
  • Publication number: 20150043730
    Abstract: A streaming one time pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) and an Exclusive Or (XOR) (or other cipher) with a public key channel to encrypt and decrypt OTP data. There is no method in cryptography to thwart the OTP/XOR method and it is proven impossible to crack. The method also rotates the ports of the channels periodically to increase communication obfuscation. Through pre-fetching and cache of OTP data, latency increases from encryption are kept to an absolute minimum as the XOR for encryption and decryption is done with a minimal number of instructions.
    Type: Application
    Filed: December 16, 2013
    Publication date: February 12, 2015
    Applicant: Introspective Power, Inc.
    Inventor: Anthony Scott THOMPSON
  • Publication number: 20150043731
    Abstract: A data protection method and apparatus that can protect data through encryption using a Boolean function is provided. The data protection method includes applying an inverse affine transformation to data to be encrypted using a Boolean function; applying round operations of an Advanced Encryption Standard (AES) cryptographic algorithm to the inverse-affine transformed data; and producing ciphertext data by applying an affine transformation to the result of the round operations.
    Type: Application
    Filed: August 8, 2014
    Publication date: February 12, 2015
    Inventors: Kyunghee LEE, Junghee CHEON, Eunyoung KWON, Bumhan KIM, Jinsu KIM, Hongtae KIM, Hansol RYU, Hyunsook HONG
  • Patent number: 8954756
    Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object includes creating in the storage device an encrypted logical data object including a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into the encrypted sections in accordance with an order the chunks are received, wherein the encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.
    Type: Grant
    Filed: February 16, 2012
    Date of Patent: February 10, 2015
    Assignee: International Business Machines Corporation
    Inventors: Chaim Koifman, Nadav Kedem, Avi Zohar
  • Patent number: 8953646
    Abstract: An apparatus and method for generating a multiplex of media streams, the method includes the steps of: (i) receiving a set of media streams that comprises first type media stream components and second type media stream components; (ii) applying a modification process that is not adapted to modify second type media stream components, such as to provide at least one modified first type media stream component; and (iii) multiplexing at least the second type media stream components and the modified first type media stream components.
    Type: Grant
    Filed: October 11, 2011
    Date of Patent: February 10, 2015
    Assignee: ARRIS Solutions, Inc.
    Inventors: Nery Strasman, Amit Esbet, Oren Reches
  • Patent number: 8942371
    Abstract: A method and system for hybrid encryption wherein all of the round function variables including the encryption algorithm change for each round. This permits the generation of block sizes and key sizes of any length and use standard block sizes and key sizes for the respective symmetric algorithm for each round function.
    Type: Grant
    Filed: August 30, 2010
    Date of Patent: January 27, 2015
    Inventors: Jerzy Henryk Urbanik, Przemyslaw Bartlomiej Bezeg
  • Patent number: 8938619
    Abstract: Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples.
    Type: Grant
    Filed: December 29, 2010
    Date of Patent: January 20, 2015
    Assignee: Adobe Systems Incorporated
    Inventor: Viswanathan Swaminathan
  • Patent number: 8934625
    Abstract: A method for securing communication between members. The method includes a first member obtaining a secret. An n-bit generator executing on the first member generates a message digest using the first secret. The first member extracts algorithm selector bits and an encryption key from the message digest, and selects an encryption algorithm identified by the algorithm selector bits. The method further includes the first member encrypting a communication using the encryption algorithm and the encryption key to obtain an encrypted communication, and the first member sending, to a second member of the group, the first encrypted communication.
    Type: Grant
    Filed: March 25, 2010
    Date of Patent: January 13, 2015
    Assignee: PACid Technologies, LLC
    Inventor: Guy Fielder
  • Patent number: 8909921
    Abstract: A signature management apparatus and method of cutting-out streaming data. The signature management apparatus includes a signature-related information preparing device which prepares signature-related information for streaming data, a signature-related information storage device which partitions a sequence header of the streaming data into stream header information needed for reproduction of the streaming data and user header information which a user can freely use for storage, and stores the signature-related information within the user header information in a form that allows no start code to emerge.
    Type: Grant
    Filed: November 12, 2008
    Date of Patent: December 9, 2014
    Assignee: Fujitsu Limited
    Inventor: Takashi Yoshioka
  • Patent number: 8908859
    Abstract: According to one embodiment, a cryptographic apparatus includes: cryptographic cores (“cores”), an assigning unit, a concatenating unit, and an output controlling unit. If a CTS flag thereof is on, each core encrypts using a symmetric key cipher algorithm utilizing CTS, while using a symmetric key. When an input of a CTS signal is received, the assigning unit assigns first input data to a predetermined core and turns on the CTS flag thereof. The concatenating unit generates concatenated data by concatenating operation data generated during encrypting the first input data, with second input data that is input immediately thereafter. The output controlling unit controls outputting the concatenated data to the predetermined core, outputting first encrypted data obtained by encrypting the concatenated data, and over outputting second encrypted data obtained by encrypting the first input data, and further turns off the predetermined core's CTS flag.
    Type: Grant
    Filed: March 1, 2011
    Date of Patent: December 9, 2014
    Assignee: Kabushiki Kaisha Toshiba
    Inventor: Koichi Fujisaki
  • Patent number: 8903087
    Abstract: A method for distributing a nominal audiovisual stream to a recipient device including modifying, in the nominal audiovisual stream, at least one nominal coefficient among the nominal coefficients to generate a modified main stream; generating complementary information such that the nominal audiovisual stream may be implemented based from the complementary information and on the modified main stream, applying a plurality of methods for protecting the complementary information to generate multiple protected complementary information, each of the protected complementary information enabling the nominal stream of the main stream to be implemented upon application of an access method compatible with the protection method which has been used to protect it; and transmitting to the recipient device the modified main stream and the multiple protected complementary information.
    Type: Grant
    Filed: March 12, 2007
    Date of Patent: December 2, 2014
    Assignee: Nagra France
    Inventors: Sebastien Dupuis, Pierre Breese
  • Patent number: 8885818
    Abstract: The present document relates to techniques for authentication of data streams. Specifically, the present document relates to the insertion of identifiers into a data stream, such as a Dolby Pulse, AAC or HE AAC bitstream, and the authentication and verification of the data stream based on such identifiers. A method and system for encoding a data stream comprising a plurality of data frames is described. The method comprises the step of generating a cryptographic value of a number N of successive data frames and configuration information, wherein the configuration information comprises information for rendering the data stream. The method then inserts the cryptographic value into the data stream subsequent to the N successive data frames.
    Type: Grant
    Filed: August 6, 2010
    Date of Patent: November 11, 2014
    Assignee: Dolby International AB
    Inventors: Reinhold Boehm, Alexander Groeschel, Holger Hoerich, Daniel Homm, Wolfgang A. Schildbach, Michael Schug, Oliver Watzke, Martin Wolters, Thomas Ziegler
  • Patent number: 8879727
    Abstract: An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers.
    Type: Grant
    Filed: August 29, 2008
    Date of Patent: November 4, 2014
    Assignee: IP Reservoir, LLC
    Inventors: David E. Taylor, Brandon Parks Thurmon, Ronald S. Indeck
  • Patent number: 8872970
    Abstract: A method and receiving device are provided that determine a synchronization byte in a plurality of transport stream packets, wherein the synchronization byte has a predetermined synchronization value. The method/receiving device receives, via a receiver, a portion of a first transport stream packet of the plurality of transport stream packets; detects, starting from the beginning of the portion of a first transport stream packet, a continuous four byte pattern that does not include the predetermined synchronization value; detects a first occurrence of a byte having the predetermined synchronization value; detects a subsequent byte separated from the first occurrence by a predetermined byte length; determines a byte value of the subsequent byte; and validates that the first occurrence is the synchronization byte based on a comparison of the byte value and the predetermined synchronization value.
    Type: Grant
    Filed: October 31, 2011
    Date of Patent: October 28, 2014
    Assignee: Google Technology Holdings LLC
    Inventors: Krishna Prasad Panje, Virendra Singh, Sundar Murthy Tumuluru
  • Patent number: 8863238
    Abstract: A control unit for controlling a card reader. The control unit includes an authentication management unit for transmitting/receiving information to/from a host and each of a first encryption magnetic head device and a second encryption magnetic head device to mutually authenticate each other. The authentication management unit includes (1) a commanding means for commanding one of the first encryption magnetic head device and the second encryption magnetic head device to create lower-level information for authentication, according to a request on authentication from the host, (2) a sharing means for transmitting the lower-level information for authentication received from the above-mentioned one device to the other device for the purpose of sharing it and (3) a transmission means for transmitting the lower-level information for authentication, having been shared in all of the first encryption magnetic head device and the second encryption magnetic head device, to the host.
    Type: Grant
    Filed: November 15, 2012
    Date of Patent: October 14, 2014
    Assignee: Nidec Sankyo Corporation
    Inventor: Tsutomu Baba
  • Patent number: 8811606
    Abstract: A method and an apparatus for enciphering and deciphering content with symmetric and asymmetric cryptography with the use of the shadow numbering system where two or more shadow values are used with two or more base values with a two side equation, on one side the value to encipher is multiplied with one of the shadow value then the modulus taken with the base value, to decipher the enciphered value is multiplied with the shadow value that didn't take part of the first equation then the modulus is taken with the base value, thus, deciphering the enciphered value.
    Type: Grant
    Filed: October 13, 2010
    Date of Patent: August 19, 2014
    Assignee: UnoWeb Inc.
    Inventor: John Almeida