Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.

Abstract: A method for symmetric receive-side scaling (RSS) in a network device having an ingress side RRS router and an egress side RSS router and a plurality of queues for handling packets. The method comprises identifying an internet protocol (IP) version being used for the network. The transport layer headers (TLHs) existence status is identified. A secret key by each of the egress side RSS router and the ingress side RSS router is identified. The key is based on the identification of the IP version and the TLHs existence status. The secret key ensures that packets sent from a source to a destination and packets sent from the destination to the source are routed by the egress side RSS router and the ingress side RSS router to a common queue among the plurality of queues. The secret key is stored at a storage in the network device. The secret key is used by the ingress side RSS router and the egress side RSS router for routing packets.

Abstract: For a defined cryptographic process including an original substitution table, split masked substitution tables are provided to resist cryptographic attacks. The split masked substitution tables are defined with reference to a set of random value data words and a mask value. An entry in the split masked substitution tables is defined by selecting bits from the corresponding entry in the original masked substitution table, as masked by the corresponding one of the set of random value data words and by selecting bits from the corresponding one of the set of random value data words as masked by the mask value. The split masked substitution tables are usable in a modified cryptographic process based on the defined cryptographic process to permit a masked output to be generated. The split masked substitution tables are refreshed by each entry in the tables being refreshed upon access during execution of the modified cryptographic process.

Abstract: A method for encrypting data is provided. The method includes formatting data represented in a weighted number system into data blocks. The method also includes converting the data blocks into a residue number system representation. The method further includes generating a first error generating sequence and inducing errors in the data blocks after converting the data blocks into a residue number system representation. It should be understood that the errors are induced in the data blocks by using the first error generating sequence. After inducing errors into the data blocks, the data of the data blocks is formatted into a form to be stored or transmitted. The method also includes generating a second error generating sequence synchronized with and identical to the first error generating sequence and correcting the errors in the data blocks using an operation which is an arithmetic inverse of a process used in inducing errors.

Abstract: The invention relates to a device for processing datastreams in a communications unit with two mutually-separate data-processing regions, which provide at least two separate message paths. The message paths are connected respectively to a message transmitter and a message receiver, wherein, in each message path, an encoding module is provided, which is connected both to a first data-processing region and also to a second data-processing region. Furthermore, in the second data-processing region, a distribution unit is provided, which is connected to the message paths of the first data-processing region and to all encoding modules of the corresponding message paths in order to distribute given messages in a targeted manner.

Abstract: Format-translating encryption (FTE) cryptographic operations may be implemented using a cryptographic system that translates plaintext strings to ciphertext strings of a different format and that translates ciphertext strings to plaintext strings of a different format. Plaintext strings may have a format defined by a first regular expression. Corresponding ciphertext strings may have a format defined by a second regular expression that is different than the first regular expression. During encryption operations, a format-translating encryption algorithm may employ a format-preserving encryption (FPE) encryption algorithm. During decryption operations, a format-translating encryption algorithm may employ an FPE decryption algorithm.

Abstract: An integrated circuit (1) is provided with function modules (2) which comprise a central processing unit (4) for treating data and executing a program and a cache memory (5). Until now, it was complicated and costly to ensure the manipulation security of the modules. The function modules (2) comprise an encoding unit (6) for data encoding and decoding.

Abstract: A method of performing trick play on a scrambled data stream, the method comprising: extracting position information corresponding to scrambling information from an input scrambled transport stream; demultiplexing a transport stream of a predetermined position according to the stored position information of the scrambling information and extracting the scrambling information and a scrambled data stream pertaining to the scrambling information; descrambling the extracted scrambled data stream by using the extracted scrambling information; and decoding a reference picture based on the position information.

Abstract: An apparatus includes an encryption module and a first key addition module. The encryption module generates a ciphertext block based on a cipher key and an input block. The encryption module includes a key module configured to provide Nr round keys based on the cipher key, and a cipher module configured to perform Nr cycles of encryption based on the input block and the Nr round keys. The cipher module includes an inversion module configured to generate first intermediate data by performing a matrix inversion operation on the input block, and a combined operation module configured to generate second intermediate data by performing, on the first intermediate data, an affine transformation operation and a mix columns operation. The first key addition module is configured to generate the input block based on the cipher key and a plaintext block. The first key addition module is external to the encryption module.

Abstract: The pseudorandom number generating system repeatedly performs simple transformation of a non-secure pseudorandom number sequence that may be generated quickly, and thus may quickly generate a highly secure pseudorandom number sequence having a long period. Furthermore, the encryption system and the decryption system do not generate a large encryption function difficult to be deciphered based on a shared key 122, but prepare multiple functions 126, which perform fast, different types of transformation, and select a combination of functions determined based on information of the shared key 122, and make the selected functions transform a text multiple times, thereby encrypt the text. Each of the functions is fast, and thus transformation by the entire combination is also fast. Furthermore, since the combination of functions and repetitive count can be changed, future improvement in specification is easy. Moreover, security is high since which functions are applied in what order is unknown.

Abstract: Systems and methods are provided for partially encrypting one or more portions of an electronic file and decrypting the partially encrypted file. In one implementation, a computer-implemented method partially encrypts an electronic file. The method identifies one or more portions of the electronic file to be encrypted. The one or more portions are identified based on metadata in the electronic file that designate the one or more portions to be encrypted. The method encrypts the identified one or more portions of the electronic file using encryption software.

Abstract: Efficient secure password protocols are constructed that remain secure against offline dictionary attacks even when a large, but bounded, part of the storage of a server responsible for password verification is retrieved by an adversary through a remote or local connection. A registration algorithm and a verification algorithm accomplish the goal of defeating a dictionary attack. A password protocol where a server, on input of a login and a password, carefully selects several locations from the password files, properly combines their content according to some special function, and stores the result of this function as a tag that can be associated with this password and used in a verification phase to verify access by users.

Abstract: Techniques for an efficient and provably secure protocol by which two parties, each holding a share of a Cramer-Shoup private key, can jointly decrypt a ciphertext, but such that neither party can decrypt a ciphertext alone. In an illustrative embodiment, the secure protocol may use homomorphic encryptions of partial Cramer-Shoup decryption subcomputations, and three-move ?-protocols for proving consistency.

Abstract: Methods and systems for a transport single key change point for all package identifier channels are disclosed and may include descrambling a received transport stream comprising multiple package identifier (PID) channels with multiple key change points, and synchronizing at least a portion of the multiple key change points to occur at a common time. The transport stream may be conditional access or copy protect scrambled. The timing of the key change points may be synchronized by modifying one or more scrambling control bits for the descrambled received transport stream. At least one PID channel in said descrambled received transport stream may be re-scrambled utilizing one or more of the scrambling control bits, and a portion of the PID channels may bypass the re-scrambling. The re-scrambling may include one or more of CP re-scrambling and CA re-scrambling. Each PID channel may be de-scrambled and/or re-scrambled utilizing a separate key.

Abstract: A method of providing an encrypted data stream, includes obtaining a first data stream, partitioned into sections corresponding to key periods, each of a plurality of the key periods being associated with a respective value of a key, wherein each section corresponding to a key period associated with a value of the key includes at least one encrypted data unit decryptable using that associated key value, obtaining a sequence of key messages, at least some of which carry key information for obtaining at least one of the key values, obtaining a replacement data stream section, forming an encrypted output data stream, corresponding at least partially to the first data stream, by inserting the replacement data stream section so as to replace a corresponding part of the first data stream with a tail end of the replacement data stream section preceding at least part of a section of the first stream corresponding to a certain key period, and providing as output the encrypted output data stream in synchrony with an as

Abstract: A method, apparatus and system enabling software access to navigational data in a decrypted media stream while protecting stream payloads. In one embodiment, a filter may route an encrypted content stream and associated information to a secure partition having a trusted computing component for decryption. Upon decryption, the trusted computing component may store the decrypted payload of the content in a secure storage location accessible to the trusted computing component. Thereafter, the decrypted navigational header information of the content may be used to navigate to the decrypted content via a trusted component such as a trusted rendering unit in the secure partition.

Abstract: There is provided a computer-implemented method for authentication, the method comprising: defining a demanded level of security in an authorization service of a server; providing at least one authentication mechanism comprising at least one instance for at least one client; providing a policy comprising a security level for the at least one instance; receiving at least one request from the client to the server; authenticating the request based on the policy and the demanded level of security by the authentication service; and permitting the request if the demanded level of security is reached.

Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.

Abstract: A transmitting apparatus 100 includes an initialization vector generating unit 110 for generating initialization vector IV1-IV5 for encrypting stream data with a stream encryption method, wherein the initialization vector is changed at every initialization intervals defined by a stream encryption module; an initialization packet generating unit 140 for generating an initialization packet IP containing an initialization vector used when stream data following the initialization packet are encrypted and another initialization vector used when another stream data different from the stream data following the initialization packet are encrypted; an encryption unit 120 for initializing the stream encryption module using a generated initialization vector, and performing stream encryption on stream data following the initialization vector; an encryption packet generating unit 130 for generating an encryption packet EP containing stream-encrypted data; and a transmission unit 150 for transmitting the initialization pac

Abstract: An approach is provided for providing secure packetized voice transmissions. A public/private key pair is generated at a call device (or endpoint). An encrypted voice stream is received from another call device, where the encrypted voice stream was encrypted using a public key of the public/private key pair. This encrypted voice stream when received at the call device is decrypted using a private key of the public/private key pair.

Abstract: An encrypted-stream processing circuit includes: a decryption mechanism decrypting an encrypted stream; a stream-data processing mechanism separating a plurality of packets included in a stream decrypted by the decryption mechanism in accordance with a packet identifier identifying the packet, and creating a partial stream by extracting a part from the stream under the control of a CPU (Central Processing Unit); and an encryption mechanism encrypting the partial stream, wherein the decryption mechanism, the stream-data processing mechanism, and the encryption mechanism are included in a packaged integrated circuit, and are connected to the CPU through a bus.

Abstract: A system, method, and network interface obscures the existence of data encryption in a communication network is provided. A set of characters is generated by using a set of encryption keys as an input to a pseudo-random function. Each character corresponds to an index value. The encrypted data is divided into a plurality of parts. Each part is sectioned into a plurality of groups. Each group of the plurality of groups is encoded by mapping the group to a character in the set of characters according to its corresponding index value. The mapped characters are transmitted through the communication network.

Abstract: Embodiments may include receiving a protected version of content that includes multiple encryption chains each including encrypted blocks of content. The protected version of content may include one or more initialization vectors for decrypting the encrypted blocks of content and discard information that specifies non-content portions of one or more data blocks to be discarded after decryption. Embodiments may also include performing chained decryption on the multiple encryption chains using the initialization vectors specified by the decryption information. The chained decryption may result in a sequence of decrypted data blocks. Embodiments may also include, based on the discard information, locating and removing the non-content portions of one or more data blocks in the sequence of decrypted data blocks. Embodiments may also include generating the protected version of content. Embodiments may also include performing any of the aforesaid techniques on one or more computers.

Abstract: An encrypted program received in an MPEG transport stream is decrypted by receiving an address in the MPEG transport stream, reading a key from a memory in accordance with the received address, and decrypting the encrypted program based on the key.

Abstract: Systems and methods for establishing a security-related mode of operation for computing devices. A policy data store contains security mode configuration data related to the computing devices. Security mode configuration data is used in establishing a security-related mode of operation for the computing devices.

Abstract: Some embodiments of a method and an apparatus to strengthen key schedule for arcfour have been presented. In one embodiment, an S array of a predetermined size is initialized. The S array is usable in a key generating process of arcfour encryption. The key generation process is extended to generate keys, which are substantially random and substantially unbiased. Using the keys generated, a stream cipher performs arcfour encryption on plaintext data to output ciphertext data.

Abstract: A system and method for controlling power windows of a vehicle includes a receiver mounted on the vehicle for receiving an open window request signal wirelessly from a portable device, at least one exterior condition sensor mounted on the vehicle for detecting an adverse exterior condition relative to the vehicle, and a controller mounted on the vehicle for communicating with the receiver and the at least one exterior condition sensor. The controller commands opening of the one or more power windows when the receiver receives the open window request signal provided the at least one exterior condition sensor does not detect an adverse exterior condition relative to the vehicle.

Abstract: The present invention applies with a diffused mechanism, as such, a variable series of diffusion functions embedded within a diffusion-medium, to generate a maximum diffusion-cycle and nonlinear complexity; additionally, it performs in a serial process for simple design, further, in a parallel process for saving time, or even in a hardware architecture, to gain greater acceleration. FIG. 1 shows an embodiment of the present invention in flow chart diagram form, comprising steps of: selecting a diffusion-area A, a diffusion-medium S, and a diffusion mechanism Ft1 100; initializing A by an input password 200; performing Ft1 to obtain a new value of A 300; inputting a plaintext in encryption or a ciphertext for decryption, bit by bit 400; XORing a plaintext bit in encryption or a ciphertext bit in decryption with a certain bit of A for stream output 500; continuing until completing the plaintext in encryption, or the ciphertext in decryption 600.

Abstract: In some embodiments, a key shared between communicating parties is mapped to a key variant using a block cipher. The key variant is mapped into a sequence of basis offsets using shifts and conditional xors. A nonce-dependent base offset is formed, and a sequence of offsets is constructed by starting with the base offset and then xoring, for each offset, an appropriate basis offset. Each message block is combined with a corresponding offset, enciphered, and then combined again with the offset, yielding a ciphertext block. The message fragment is xored with a computed pad to give a ciphertext fragment. A checksum is formed using the message blocks, the message fragment, and the pad, and is then combined with an offset and enciphered to yield a tag. The encrypted message includes the ciphertext blocks, the ciphertext fragment, and the tag.

Abstract: An approach is provided for minimizing co-channel interference in a communication system is disclosed. A header of a first frame is scrambled based on a first unique word. A header of a second frame is scrambled based on a second unique word. The first frame including the corresponding scrambled header and the second frame including the corresponding scrambled header are transmitted, respectively, over adjacent co-channels of the communication system. Each of the frames further includes a payload and a pilot block. The payload and the pilot block of the first frame are scrambled based on a first scrambling sequence. The payload and the pilot block of the second frame are scrambled based on a second scrambling sequence. The above arrangement is particularly suited to a digital satellite broadcast and interactive system.

Abstract: A system for storing encrypted data comprises a processor and a memory. The processor is configured to receive an encrypted segment. The encrypted segment is determined by breaking a data stream, a data block, or a data file into one or more segments and encrypting each of the one or more segments. The processor is further configured to determine whether the encrypted segment has been previously stored, and in the event that the encrypted segment has not been previously stored, store the encrypted segment. The memory is coupled to the processor and configured to provide the processor with instructions.

Abstract: A method of generating a key stream for a precomputed state information table. The method comprises initializing a counter and an accumulator with non-zero values; combining state information identified by the counter with the accumulator; swapping state information identified by the counter with state information identified by the accumulator; combining the two pieces of state information; outputting the state information identified by the combination as a byte of the key stream; adding a predetermined number odd number to the counter; and repeating the above steps to produce each byte of the key stream.

Abstract: Embodiments of the invention include methods of transmitting a hidden message within a secured primary data transmission. In one embodiment, a method involves transmitting a primary data transmission over a computer network from a source host to a receiving host. Intentionally-corrupted packets are introduced within the primary data transmission in a manner providing a hidden message. For example, a pattern of intentionally-corrupted packets may be used to encode the hidden message. Alternatively, the hidden message may be embedded within the data area of the intentionally-corrupted packets. The intentionally-corrupted packets are received and interpreted at the receiving host to determine the hidden message.

Abstract: A block cipher algorithm based encryption processing method comprises the following steps: external key registration, external data registration, key expansion, data encryption conversion, internal data registration, and data iteration processing, which solves the problems of the prior ciphering method based on block cipher algorithm, such as low ciphering efficiency and high implementation cost, and efficiently reduces the resource consumption under the premise of keeping the high efficiency of the prior art, thereby reducing the implementation cost of the device. When the number of the conversion component is 1, the resource consumption is only about 60 percent of the prior art; and when the number of the conversion component is 2, the resource consumption is only about 70 percent of the prior art.

Abstract: In a data stream individually encoded data stream (ds1 . . . n), data packets formed as key data packets (sp1 . . . n) are to be inserted, with which the data stream-individual key information (si1 . . . n) is transmitted with the associated data stream (ds1 . . . n). For analyzing and/or recording, at least one key data packet (sp1 . . . n) is searched for in the associated data stream (ds1 . . . n), and the data stream-individual key information (si1 . . . n) is determined. By means of the data stream-individual key information (si1 . . . n), the associated data stream (ds1 . . . n) is decoded. The generation and insertion of key information (si1 . . . n) can be achieved with minor administrative effort, thus considerably reducing the effort for the analysis or diagnosis (ds1 . . . n) of the simultaneously transmitted, encoded data streams (ds1 . . . n).

Abstract: Several methods and a system of multilayer encryption of a transport stream data and modification of a transport header are disclosed. An exemplary embodiment provides a method of a multilayer encryption. The method includes further encrypting an initially encrypted transport stream data to generate a multilayer encrypted data using a processor and a memory. The method also includes determining a further encryption flag data. The encryption method modifies a transport header of the multilayer encrypted data. In addition, the encryption method includes the further encryption flag data in an adapted component of a modified transport header.

Abstract: Coding is provided in which a multi-media object is coded to obtain a bit-stream, and quality information is added to the bit-stream, which quality information indicates a quality of the object in relation to a given position in (or a given part of) the bit-stream. By adding quality information to the bit-stream, jointly storing or transmitting multiple coded objects can be optimized in that the quality of the object can be easily taken into account.

Abstract: A cryptographic system (CS) is provided. The CS (800) comprises a data stream receiving means (DSRM), a generator (702), a mixed radix converter (MRC) and an encryptor (908). The DSRM (902) is configured to receive a data stream (DS). The generator is configured to selectively generate a random number sequence (RNS) utilizing a punctured ring structure. The MRC (704) is coupled to the generator and configured to perform a mixed radix conversion to convert the RNS from a first number base to a second number base. The encryptor is coupled to the DSRM and MRC. The encryptor is configured to generate an altered data stream by combining the RNS in the second number base with the DS. The punctured ring structure and the MRC are configured in combination to produce an RNS in the second number base which contains a priori defined statistical artifacts after the mixed radix conversion.

Abstract: A method, apparatus and system enabling software access to navigational data in a decrypted media stream while protecting stream payloads. In one embodiment, a filter may route an encrypted content stream and associated information to a secure partition having a trusted computing component for decryption. Upon decryption, the trusted computing component may store the decrypted payload of the content in a secure storage location accessible to the trusted computing component. Thereafter, the decrypted navigational header information of the content may be used to navigate to the decrypted content via a trusted component such as a trusted rendering unit in the secure partition.

Abstract: The present disclosure includes methods and devices for parallel encryption/decryption. In one or more embodiments, an encryption/decryption device includes an input logic circuit, an output logic circuit, and a number of encryption/decryption circuits arranged in parallel between the input logic circuit and the output logic circuit. For example, each encryption/decryption circuit can be capable of processing data at an encryption/decryption rate, and the number of encryption/decryption circuits can be equal to or greater than an interface throughput rate divided by the encryption/decryption rate.

Abstract: Embodiments of the invention include methods of transmitting a hidden message within a secured primary data transmission. In one embodiment, a method involves transmitting a primary data transmission over a computer network from a source host to a receiving host. Intentionally-corrupted packets are introduced within the primary data transmission in a manner providing a hidden message. For example, a pattern of intentionally-corrupted packets may be used to encode the hidden message. Alternatively, the hidden message may be embedded within the data area of the intentionally-corrupted packets. The intentionally-corrupted packets are received and interpreted at the receiving host to determine the hidden message.

Abstract: A system and method for encrypting an electronic file in a mobile electronic device reads bytes of the electronic file from a cache of a memory system and divides the bytes into a plurality of byte lines. The system and method further assigns a numerical cipher to each byte line and searches a position of each numerical cipher in a corresponding byte line. Furthermore, the system and method encrypt each byte line by inserting one or more random bytes into each byte line, and generates an encrypted electronic file by combining all the encrypted byte lines.

Abstract: A block cipher ARIA substitution apparatus, the apparatus includes a first Sbox operation unit for performing operations of a substitution box S1 and a substitution box S1?1; a second Sbox operation unit for performing operations of a substitution box S2 and a substitution box S2?1; and a control unit for determining modes of the first Sbox operation unit and the second Sbox operation unit. The first Sbox operation unit has a first inverse affine transformation unit for performing an inverse affine operation for obtaining S1?1; a finite field inverse element operation unit for computing an inverse element of GF(28) or a result value of the first inverse affine transformation unit; a first affine transformation unit for performing an affine operation for obtaining S1; and a first and a second multiplexer.

Abstract: In a transmitter, data is encrypted by use of a data key, the data key is encrypted based on a first modification key, and the first modification key is encrypted based on a second modification key such that the first and second modification keys are different keys. The encrypted data, the encrypted data key, and the encrypted first modification key are transmitted to a receiver. In the receiver, the encrypted first modification key, the encrypted data key, and the encrypted data are received from the transmitter. The encrypted first modification key is decrypted based on the second modification key, the encrypted data key is decrypted based on the decrypted first modification key, and the encrypted data is decrypted by use of the decrypted data key.

Abstract: A method of countering side-channel attacks on an elliptic curve cryptosystem (ECC) is provided. The method comprises extending a definition field of an elliptic curve of the ECC to an extension ring in a first field; generating a temporary ciphertext in the extension ring and countering attacks on the ECC; and generating a final ciphertext for the first field if a fault injection attack on the ECC is not detected. The countering of attacks on the ECC may comprise countering a power attack on the ECC. Checking if there is a fault injection attack on the ECC may be performed by determining if the temporary ciphertext satisfies a second elliptic curve equation. The fault detection algorithms takes place in a small subring of the extension ring, not in the original field, to minimize the computational overhead. The method can improve the stability of the ECC and reduce computational overhead of the ECC.

Abstract: A multi-level data encoding system is provided that is operable on a computer. The encoding system includes a data input device adapted to input a data set and store the data set in a database. The system further includes an encoder adapted to encode the data set and separate the encoded data set into two files, wherein each character of the data set comprises a unique electronic footprint. Additionally, the system includes a data field adapted to organize the encoded data set for proper decoding, a master file comprising one file of the encoded data set and an overlay file comprising the other file of the encoded data set. The system also includes a decoder adapted to align the overlay file onto the master file to decode the encoded data set.

Abstract: A cryptographic system (500) that includes a data stream receiving device (502) configured for receiving a modified data stream representing data entries encrypted using a chaotic sequence of digits. The system also includes user processing device (503, 505) configured for receiving user access information specifying an initial value for the chaotic sequence of digits and data field location information associated with selected ones of the data entries. The system further includes a synchronized pair of chaotic sequence generators (300) coupled to the user processing devices configured for generating encryption and decryption sequences based on the initial value and the data field location information. The system additionally includes an encryption device (504) and a decryption device (506) coupled to the chaotic sequence generators and the data stream receiving device, the decrypter configured for generating an output data stream from the modified data stream by applying the decryption sequences.

Abstract: Disclosed herein is a method of securing keyboard input information by directly controlling a keyboard controller of a keyboard. The keyboard includes the keyboard controller, an interrupt controller, an input information processing module and a keyboard security module. The method includes a status information checking step of enabling the input information processing module to check status information of the keyboard controller; an interrupt inactivation step of inactivating an interrupt request function of the keyboard controller; an input information encryption step of encrypting the keyboard input information written to the keyboard input/output ports; a transfer step of transferring the encrypted input information to the keyboard security module; and an input information deletion step of deleting the keyboard input information remaining in the keyboard controller.

Abstract: A computer system for identifying an individual using a biometric characteristic of the individual includes a biometric sensor for generating a first code, and a controller including a memory for storing the first code and a dynamic binary code conversion algorithm. When the controller receives a sensor code from the biometric sensor, it compares the sensor code with the first code stored in the memory, and if the identity between the sensor code and the first code is verified, the controller generates a first binary code by means of the dynamic binary code conversion algorithm and outputs the first binary code from which the computer system generates a second binary code by means of the dynamic binary code conversion algorithm. The computer system then verifies the identity of the individual if the second binary code matches the first binary code.

Abstract: A method for performing an encrypted voice call between a first terminal and a second terminal supporting a Voice over Internet Protocol (VoIP)-based voice call. In the method, the first and second terminals generate and store a bio key using biographical (bio) information of a user in advance before performing a voice call, the first terminal sends a request for a voice call to the second terminal and establishing a session, the first and second terminals exchange and store a bio key stored in each terminal, and the first and second terminals generate a session shared key using the exchanged bio key and starting a Secure Real-time Transport Protocol (SRTP) session, and a restored bio key by acquiring bio information from received data. User authentication is then performed by comparing the bio key with the restored bio key.