Abstract: Methods and apparatus are provided for generation of forward secure pseudorandom numbers that are resilient to such forward clock attacks. A forward secure pseudorandom number is generated by obtaining a first state si corresponding to a current leaf node ?i in a hierarchical tree, wherein the current leaf ?i produces a first pseudorandom number ri?1; updating the first state si to a second state si+t corresponding to a second leaf node ?i+t; and computing a second pseudorandom number ri+t?1 corresponding to the second leaf node ?i+t, wherein the second pseudorandom number ri+t?1 is based on a forward clock reset index that identifies an instance of the hierarchical tree, wherein the instance of the hierarchical tree is incremented when one or more criteria indicating a forward clock attack are detected. The forward clock reset index can be encoded in a forward secure manner in the hierarchical tree.

Abstract: A file system data is divided into two or more data blocks. A unique encryption key is assigned to each data block with the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks and each of the data blocks is encrypted using its assigned encryption key. One of the data blocks within the file system is then selected and decrypted using the distinct encryption key assigned to the selected data block and a new encryption key, distinct for the previously assigned encryption key, is assigned to the selected data block and the selected data block is re-encrypted using the new encryption key. This process is then repeated for each data block on a sequential/cyclic and continually rotating basis.

Abstract: A system includes a sending access point and a receiving access point. The sending access point divides a data stream into sets of packets, encrypts a first set of packets using a first encryption protocol, encrypts a second set of packets using a second encryption protocol, where the second encryption protocol is different from the first encryption protocol, transmits, using a first channel over a wireless network, the first set of packets, and transmits, using a second channel over the wireless network, the second set of packets. The receiving access point receives the first set of packets and the second set of packets, decrypts the first set of packets using the first encryption protocol, and decrypts the second set of packets using the second encryption protocol.

Abstract: A streaming one time pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) and an Exclusive Or (XOR) (or other cipher) with a public key channel to encrypt and decrypt OTP data. There is no method in cryptography to thwart the OTP/XOR method and it is proven impossible to crack. The method also rotates the ports of the channels periodically to increase communication obfuscation. Through pre-fetching and cache of OTP data, latency increases from encryption are kept to an absolute minimum as the XOR for encryption and decryption is done with a minimal number of instructions.

Abstract: A process and system for enciphering and deciphering Unicode characters that is compatible with scripting languages such as JAVASCRIPT®, JSCRIPT® and VBSCRIPT®. The process and system can encipher each character individually and maintain the size of the character. The enciphered character is deciphered at the application layer at the client to provide endpoint security.

Abstract: Sensitive, Standard Telephone Equipment (STE) data is encapsulated into IP packets in a remotely deployed, secure communication system. The IP packets are addressed to a matching IP encapsulator/decapsulator device over the public Internet or other IP protocol network, that then passes it to a similar STE device over an ISDN link for decryption. The present invention is embodied in a system that provides secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, to a remote user. Most importantly, the embodiment allows for the routing of bulk encrypted (i.e., secure) data over a public network, e.g., the Internet.

Abstract: A streaming one time pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) and an Exclusive Or (XOR) (or other cipher) with a public key channel to encrypt and decrypt OTP data. There is no method in cryptography to thwart the OTP/XOR method and it is proven impossible to crack. The method also rotates the ports of the channels periodically to increase communication obfuscation. Through pre-fetching and cache of OTP data, latency increases from encryption are kept to an absolute minimum as the XOR for encryption and decryption is done with a minimal number of instructions.

Abstract: A data protection method and apparatus that can protect data through encryption using a Boolean function is provided. The data protection method includes applying an inverse affine transformation to data to be encrypted using a Boolean function; applying round operations of an Advanced Encryption Standard (AES) cryptographic algorithm to the inverse-affine transformed data; and producing ciphertext data by applying an affine transformation to the result of the round operations.

Abstract: An apparatus and method for generating a multiplex of media streams, the method includes the steps of: (i) receiving a set of media streams that comprises first type media stream components and second type media stream components; (ii) applying a modification process that is not adapted to modify second type media stream components, such as to provide at least one modified first type media stream component; and (iii) multiplexing at least the second type media stream components and the modified first type media stream components.

Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object includes creating in the storage device an encrypted logical data object including a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into the encrypted sections in accordance with an order the chunks are received, wherein the encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

Abstract: A method and system for hybrid encryption wherein all of the round function variables including the encryption algorithm change for each round. This permits the generation of block sizes and key sizes of any length and use standard block sizes and key sizes for the respective symmetric algorithm for each round function.

Abstract: Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples.

Abstract: A method for securing communication between members. The method includes a first member obtaining a secret. An n-bit generator executing on the first member generates a message digest using the first secret. The first member extracts algorithm selector bits and an encryption key from the message digest, and selects an encryption algorithm identified by the algorithm selector bits. The method further includes the first member encrypting a communication using the encryption algorithm and the encryption key to obtain an encrypted communication, and the first member sending, to a second member of the group, the first encrypted communication.

Abstract: A signature management apparatus and method of cutting-out streaming data. The signature management apparatus includes a signature-related information preparing device which prepares signature-related information for streaming data, a signature-related information storage device which partitions a sequence header of the streaming data into stream header information needed for reproduction of the streaming data and user header information which a user can freely use for storage, and stores the signature-related information within the user header information in a form that allows no start code to emerge.

Abstract: According to one embodiment, a cryptographic apparatus includes: cryptographic cores (“cores”), an assigning unit, a concatenating unit, and an output controlling unit. If a CTS flag thereof is on, each core encrypts using a symmetric key cipher algorithm utilizing CTS, while using a symmetric key. When an input of a CTS signal is received, the assigning unit assigns first input data to a predetermined core and turns on the CTS flag thereof. The concatenating unit generates concatenated data by concatenating operation data generated during encrypting the first input data, with second input data that is input immediately thereafter. The output controlling unit controls outputting the concatenated data to the predetermined core, outputting first encrypted data obtained by encrypting the concatenated data, and over outputting second encrypted data obtained by encrypting the first input data, and further turns off the predetermined core's CTS flag.

Abstract: A method for distributing a nominal audiovisual stream to a recipient device including modifying, in the nominal audiovisual stream, at least one nominal coefficient among the nominal coefficients to generate a modified main stream; generating complementary information such that the nominal audiovisual stream may be implemented based from the complementary information and on the modified main stream, applying a plurality of methods for protecting the complementary information to generate multiple protected complementary information, each of the protected complementary information enabling the nominal stream of the main stream to be implemented upon application of an access method compatible with the protection method which has been used to protect it; and transmitting to the recipient device the modified main stream and the multiple protected complementary information.

Abstract: The present document relates to techniques for authentication of data streams. Specifically, the present document relates to the insertion of identifiers into a data stream, such as a Dolby Pulse, AAC or HE AAC bitstream, and the authentication and verification of the data stream based on such identifiers. A method and system for encoding a data stream comprising a plurality of data frames is described. The method comprises the step of generating a cryptographic value of a number N of successive data frames and configuration information, wherein the configuration information comprises information for rendering the data stream. The method then inserts the cryptographic value into the data stream subsequent to the N successive data frames.

Abstract: An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers.

Abstract: A method and receiving device are provided that determine a synchronization byte in a plurality of transport stream packets, wherein the synchronization byte has a predetermined synchronization value. The method/receiving device receives, via a receiver, a portion of a first transport stream packet of the plurality of transport stream packets; detects, starting from the beginning of the portion of a first transport stream packet, a continuous four byte pattern that does not include the predetermined synchronization value; detects a first occurrence of a byte having the predetermined synchronization value; detects a subsequent byte separated from the first occurrence by a predetermined byte length; determines a byte value of the subsequent byte; and validates that the first occurrence is the synchronization byte based on a comparison of the byte value and the predetermined synchronization value.

Abstract: A control unit for controlling a card reader. The control unit includes an authentication management unit for transmitting/receiving information to/from a host and each of a first encryption magnetic head device and a second encryption magnetic head device to mutually authenticate each other. The authentication management unit includes (1) a commanding means for commanding one of the first encryption magnetic head device and the second encryption magnetic head device to create lower-level information for authentication, according to a request on authentication from the host, (2) a sharing means for transmitting the lower-level information for authentication received from the above-mentioned one device to the other device for the purpose of sharing it and (3) a transmission means for transmitting the lower-level information for authentication, having been shared in all of the first encryption magnetic head device and the second encryption magnetic head device, to the host.

Abstract: A method and an apparatus for enciphering and deciphering content with symmetric and asymmetric cryptography with the use of the shadow numbering system where two or more shadow values are used with two or more base values with a two side equation, on one side the value to encipher is multiplied with one of the shadow value then the modulus taken with the base value, to decipher the enciphered value is multiplied with the shadow value that didn't take part of the first equation then the modulus is taken with the base value, thus, deciphering the enciphered value.

Abstract: Outputs from at least one pseudo-random source are used to encode hidden value. The hidden value is encoded using index based quantities, for example, based on numerically ordering a sequence of outputs from pseudo-random source(s). In some examples, the numerical ordering of re-generated device-specific quantities is used to re-generate the hidden value, without necessarily requiring additional error correction mechanisms. Information leak may be reduced by constructing system whose “syndrome” helper bits are random, as measured, for example, by NIST's Statistical Tests for Randomness In some examples, index based coding provides coding gain that exponentially reduces total error correction code complexity, resulting in efficiently realizable PRS-based key generation systems. In some examples, index based coding allows noisy PRS to be robust across conditions where conventional error correction code cannot error correct.

Abstract: Some embodiments of a method and apparatus for encrypting and decrypting data have been presented. In one embodiment, a stream cipher is run in parallel with a block cipher to output a stream of bits with a length equal to a number of ciphertext blocks in an output stream of the block cipher. The method may further include pre-processing a current plaintext block based on the stream of bits and the number of ciphertext blocks in the output stream of the block cipher. Then the block cipher may encipher the pre-processed block to generate a current ciphertext block.

Abstract: A method of handling media content comprises providing a set of one or more first layer data items that are to be accessible via a first media track. Each first layer data item is decodable to be rendered as a portion of the media content. Moreover, a set of one or more second layer data items is provided that are to be accessible via at least one second media track, each second layer data item being decodable to be rendered in combination with at least one decoded first layer data item as an enhanced portion of the media content. With each second layer data item a track reference index is associated that identifies the first media track via which the first layer data items are accessible. Then, the second layer data items and the associated track reference indices are encrypted for being transmitted to a content recipient.

Abstract: An encryption method is disclosed, including two passes over a sequence of N input digital data X1, . . . XN blocks where the first pass executes iterative linear algebraic operations from the last input block XN to the first input block X1 to obtain a sequence of intermediary resulting YN . . . Y1 blocks. The second pass executes a block ciphering in a chaining mode from the first intermediary resulting Y1 block to the last one YN to obtain a sequence of encrypted output Z1 . . . ZN blocks. The decryption is carried out only in one pass from the first input encrypted Z1 block to the last input encrypted block ZN. The deciphering operations are executed in an iterative loop of inverse linear algebraic operations after deciphering the first input encrypted Z1 block to obtain an output sequence of decrypted X1, . . . XN blocks.

Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

Abstract: A non-linear transformation processing structure having a high implementation efficiency and a high security is realized. Data transformation is performed using a first non-linear transformation part performing non-linear transformation using a plurality of small S-boxes; a linear transformation part receiving all the outputs from the first non-linear transformation part and performing data transformation using a matrix for performing optimal diffusion mappings; and a second non-linear transformation part including a plurality of small non-linear transformation parts that perform non-linear transformation on individual data units into which output data from the linear transformation part is divided. With this structure, appropriate data diffusion can be achieved without excessively increasing a critical path, and a structure with a high implementation efficiency and a high security can be achieved.

Abstract: A method and system for server-side key generation for non-token clients is described.

Abstract: Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value.

Abstract: A method and system for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

Abstract: A processor is disclosed for ciphering of first data. The processor includes a key store and a first data store. In use the processor for ciphering the first data in accordance with a first cipher process and a first secret key to provide output data, during ciphering of the first data inserting within the cipher processor other data for ciphering in accordance with at least a portion of the first cipher process, the other data inserted within a sequence of cipher processor operations and scheduled for obfuscating the output data.

Abstract: A method is disclosed for providing first data and a first secret key to a cipher processor for ciphering. The first data is ciphered in accordance with a first cipher process and the first secret key to provide output data. Before ciphering of the first data, extra data is inserted within the cipher processor for ciphering in accordance with at least a portion of said first cipher process. The extra data is inserted within a sequence of cipher processor operations for obfuscating the output data.

Abstract: A Right Object renewal method and apparatus for a right-protected digital broadcast service that is capable of predicting the expiration of a Right Object issued for the right-protected broadcast channel and renewing the Right Object prior to the expiration of the Right object based on the predicted expiry is provided.

Abstract: A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes generating a document, including marking one or more portions of the document as private; and sending the document to an intermediary system for transmission to a destination system. Prior to the document being transmitted to the destination system, the marked portions of the document are encrypted by the intermediary system using a key that is unavailable to the destination system.

Abstract: Methods and systems for encrypting and decrypting data are described. In one embodiment, a computing system determines a first initialization vector (IV) from another IV and a sequence number of a block of information, and hashes the first IV to create a hash. The computing system then determines a first block from the first block of information and the first hash and enciphers the first block to generate a block of ciphertext. In another embodiment, the computing system deciphers the block of ciphertext to generate the first block, and determines the first IV from the other IV and a sequence number of a block of information. The computing system hashes the first IV to create a hash and determines a block of information corresponding to the first block of ciphertext from the first block and the hash.

Abstract: A plant control system may include a manipulation monitoring terminal that includes a local user authentication unit configured to authenticate a user who logs in the manipulation monitoring terminal and a domain controller that includes a domain user authentication unit and communicates with the manipulation monitoring terminal. The manipulation monitoring terminal may include a user authentication alarm unit configured to generate a security alarm when the local user authentication unit performs user authentication on the user in a state in which the domain controller is in normal operation.

Abstract: A cryptographic device includes a first state module, a key addition module, a byte substitution module, and a column mixing module. The first state module stores a first data block. The key addition module adds a key to the first data block to generate a second data block. The byte substitution module replaces each byte of the second data block to generate a third data block. The byte substitution module includes a first byte substitution sub-module that generates an intermediate data block in response to the second data block, a pipeline register that stores the intermediate data block, and a second byte substitution sub-module that generates the third data block in response to the intermediate data block. The column mixing module generates a fourth data block based on the third data block and provides the fourth data block to the first state module for storage.

Abstract: VoIP systems often use multiple ciphers for different components. The present invention includes a system and method for early detection of encrypted signals in packet networks that may be encrypted using any of a multitude of ciphers.

Abstract: A method for an encryption of a data stream is provided. The method includes: providing the data stream, providing at least two first random number generators having a first cryptographic strength, wherein each of the at least two first random number generators is switchable between states including a clocked state and a working state, and providing a second random number generator having a second cryptographic strength, wherein the second cryptographic strength is higher than the cryptographic strength. The method further includes switching the states of the at least two first random number generators using an output of the second random number generator and using an XOR-function for combining the data stream with an output of one of the at least two first random number generators, which is in the working state, such that a ciphered data stream is created.

Abstract: In the field of computer enabled cryptography, such as a block cipher, the cipher is hardened against an attack by protecting the cipher key, by applying to it a predetermined linear permutation before using one key to encrypt or decrypt a message. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key, or where each user session has its own key.

Abstract: A method and apparatus for an iterative cryptographic block under the control of a CPU and without a fixed number of stages. In one embodiment, a first cryptographic block descrambles received information using an internal key or a preprogrammed key to form a descrambled key or descrambled data. A data feedback path stores the descrambled data as internal data and provides the internal data or the external data as data input to the first cryptographic block. A key feedback path stores the descrambled key as an internal key and provides the internal key or the preprogrammed key to a key input of the first cryptographic block. A second cryptographic block descrambles received content using a final descrambling key. Other embodiments are described and claimed.

Abstract: Methods and apparatus that reduce user identification overhead for communications. In one aspect of the invention, a reciprocal transmission channel characteristic (e.g., the channel impulse response) is used to derive shared and anonymous user identification between two wireless devices. In one embodiment, subscription-less data transmissions are broadcast from a base station to multiple user equipment, each user equipment receiving its correspondingly identified subscription-less data. The use of quantization levels and/or levels of tolerance for compensating for non-ideal differences in recipient and transmitter channel characteristics are also disclosed.

Abstract: Method and apparatus for obfuscating computer software code, to protect against reverse-engineering of the code. The obfuscation here is of the part of the code that performs a Boolean logic operation such as an exclusive OR on two (or more) data variables. In the obfuscated code, each of the two variables is first modified by applying to it a function which deconstructs the value of each of the variables, and then the exclusive OR operation is replaced by an arithmetic operation such as addition, subtraction, or multiplication, which is performed on the two deconstructed variables. The non-obfuscated result is recovered by applying a third function to the value generated by the arithmetic operation. This obfuscation is typically carried out by suitably annotating (modifying) the original source code.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data via a pseudo-random polymorphic tree. A server, using a seed value shared with a client device, generates a tag stream according to a byte-string algorithm. The server passes the tag stream and the data to be transmitted to the client device through a pseudo-random polymorphic tree serializer to generate a pseudo-random polymorphic tree, which the server transmits to the client device. The client device, using the same seed and byte-string algorithm, generates the same tag stream as on the server. The client passes that tag stream and the received pseudo-random polymorphic tree through a pseudo-random polymorphic tree parser to extract the data. Data to be transmitted from the server to the client device is hidden in a block of seemingly random data, which changes for different seed values. This approach obfuscates data and has low processing overhead.

Abstract: A system for encryption, and subsequent decryption, of encoded data allows for transcoding of the encrypted data. The data is encoded in such a way that different packets have different importance levels, so that some or all of the packets at the lower importance levels can be discarded or truncated in order to reduce the data rate. This is achieved by introducing dependencies into the encoding process. The packets at the highest importance level are encoded with reference only to other packets at the highest importance level, while the encoding of packets at lower importance levels also depend on the encoding of the packets at the highest importance level. The encoded data is then encrypted in such a way that the encryption process has dependencies that correspond to the dependencies in the encoding process.

Abstract: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of sequenced rounds, the cipher is hardened against attack by a protection process. The protection process uses block lengths that are larger or smaller than and not an integer multiple of those of an associated standard cipher, and without using message padding. This is operative in conjunction with standard block ciphers such as the AES, DES or triple DES ciphers, and also with various block cipher cryptographic modes such as CBC or EBC.

Abstract: Provided is a data security method and apparatus using a characteristic preserving encryption. The data security apparatus includes an interface communicating with a user terminal or a database server, an input unit receiving information, an output unit outputting information, an encryption unit encrypting data in the data security method, a storage unit storing information, and a control unit controlling functions of the interface, the input unit, the output unit, the encryption unit or the storing unit.

Abstract: The aim of the present invention is to propose a method for providing attribute-based encryption for conjunctive normal form (CNF) expressions, the said CNF expression comprising at least one clause over a set of attributes, the said method using a key generation engine, an encryption engine and a decryption engine.

Abstract: A method and associated apparatus for use in a data distribution process to allow an untrusted intermediary to re-encrypt data for transmission from an originator to a message receiver without revealing the data (message) or the cipher to the intermediary. This method uses a composition of two ciphers for re-encrypting the message at the intermediary, without revealing the plain text message or either cipher to the intermediary.

Abstract: A method includes, in a data storage device, receiving data having a particular proportion of zero values and one values and scrambling the data to generate scrambled data that has the particular proportion of zero values and one values.