Abstract: In one embodiment, a mechanism for transport-safe codings for cryptographic use is disclosed. In one embodiment, a method for transport-safe coding for cryptographic use includes converting an input data stream into index values associated with “n” printable characters, wherein “n” is a radix associated with a base-“n” coding scheme and a prime power less than 94, performing a cryptographic operation on the index values to encrypt the index values, and translating the encrypted values directly into an output data stream of printable characters associated with the encrypted values in a base-“n” coding scheme.

Abstract: The present invention relates to a confidential information processing device, a confidential information processing apparatus, and a confidential information processing method, and particularly to a confidential information processing device which performs multiple cryptographic computation for different target data included in a data stream. With this configuration, the context control unit outputs the stream on which the cryptographic computation is performed to an external device or other stream analysis unit. Thus, by setting the number of cryptographic computation on a correspondence table, the number of computation can be set to any number. Thus, the confidential information processing device according to the present invention can perform any number of cryptographic computations on one stream. Furthermore, without outputting the stream whenever a cryptographic computation is completed, multiple cryptographic computations can be performed with one stream input.

Abstract: Provided is an apparatus for computing a T-function based Stream Cipher (TSC)-4 stream cipher. The apparatus includes: two T-function units; and a nonlinear filter for receiving bits output from the two T-function units and generating an 8-bit output sequence per clock. Each of the T-function units includes: a first register for storing an internal state value of the lower N bits; an N-bit internal state updater for updating the internal state value of the lower N-bits stored in the first register; an intermediate result register for storing an intermediate result value output from the N-bit internal state updater; a second register for storing an internal state value of the upper M bits; and an M-bit internal state updater for updating the internal state value of the upper M bits stored in the second register using the value stored in the intermediate result register.

Abstract: A method and system for embedding a secret in a bit string for safeguarding the secret. In one embodiment, the method comprises computing the length of the overall bit string as a function of q and t, where q and t are determined from the length of the secret. The method further comprises generating a plurality of information pieces based on q and t, the information pieces including a transformed secret and information for extracting the secret from the overall bit string. The method further comprises concatenating the plurality of information pieces to form the overall bit string.

Abstract: The present invention provides a stream control device. The device includes a plurality of data processors that sequentially implement processing for stream data. The unit data of processing in each of the data processors has a certain data amount. The stream control device also includes a memory that is provided at a previous stage or a subsequent stage of the data processor, and stores the stream data. Each of the data processors includes a monitoring unit that monitors an amount of data stored in the memories at a previous stage and a subsequent stage of the data processor, and a data retriever that retrieves data to be processed from the memory at the previous stage.

Abstract: The use of keys to encrypt data in a transmitter and to decrypt encrypted data in a receiver are synchronized in accordance with a synchronization signal that opportunistically replaces a null packet in an MPEG transport stream. Additionally or alternatively, key related information is transmitted and/or received in place of a null packet in the MPEG transport stream and is used to encrypt and/or decrypt data transmitted and/or received in the MPEG transport stream.

Abstract: A technique for protecting media content that is to be accessible via multiple media tracks of a media file is provided. A method implementation of this technique comprises the step of providing a set of one or more first layer data items that are to be accessible via a first media track, with each first layer data item being decodable to be rendered as a portion of the media content. Moreover, a set of one or more second layer data items is provided that are to be accessible via at least one second media track, with each second layer data item being decodable to be rendered in combination with at least one decoded first layer data item as an enhanced portion of the media content. With each second layer data item a track reference index is associated that allows to identify the first media track via which the first layer data items are accessible.

Abstract: In one embodiment, a multi-mode Advanced Encryption Standard (MM-AES) module for a storage controller is adapted to perform interleaved processing of multiple data streams, i.e., concurrently encrypt and/or decrypt string-data blocks from multiple data streams using, for each data stream, a corresponding cipher mode that is any one of a plurality of AES cipher modes. The MM-AES module receives a string-data block with (a) a corresponding key identifier that identifies the corresponding module-cached key and (b) a corresponding control command that indicates to the MM-AES module what AES-mode-related processing steps to perform on the data block. The MM-AES module generates, updates, and caches masks to preserve inter-block information and allow the interleaved processing. The MM-AES module uses an unrolled and pipelined architecture where each processed data block moves through its processing pipeline in step with correspondingly moving key, auxiliary data, and instructions in parallel pipelines.

Abstract: Stream ciphers, including synchronous stream ciphers, self-synchronizing stream ciphers, and totally asynchronous stream ciphers, employ a working key and a quasigroup transformation, where the quasigroup used is based on an initial secret key. Error-correction and pseudo-random number generation improver methods also employ quasigroup transformations.

Abstract: An apparatus and method for generating a multiplex of media streams, the method includes the steps of: (i) receiving a set of media streams that comprises first type media stream components and second type media stream components; (ii) applying a modification process that is not adapted to modify second type media stream components, such as to provide at least one modified first type media stream component; and (iii) multiplexing at least the second type media stream components and the modified first type media stream components.

Abstract: An architecture and associated methods and devices are described in which a first selectable data path may be associated with a first port operating at a first data rate, a second selectable data path may be associated with a second port operating at a second data rate, and a third selectable data path may be associated with a third port operating at a third data rate that is higher than the first data rate and the second data rate. A plurality of security engines may be included which may be configurable to provide cipher key-based security for data associated with the first port and the second port using the first selectable path and the second selectable path, respectively, and configurable to provide cipher key-based security of data associated with the third port using the third selectable data path.

Abstract: A system including a pseudo-random number generator having a register to store an extended state having a reduced state and a dynamic constant, an initialization module to initialize a part of the extended state based on a Key and/or an Initial Value, a state update module to update the reduced state, an output word module to generate output words, the state update module and the output word module being adapted to operate through cyclical rounds, each round including updating the reduced state and then generating one of the output words, and an update dynamic constant module to update the dynamic constant, wherein in a majority of the rounds, updating of the reduced state and/or generation of the output word is based on the dynamic constant, and the dynamic constant is only updated in a minority of the rounds. Related apparatus and method are also described.

Abstract: Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive unclassified material by U.S. Government agencies and, as a consequence the de facto encryption standard for commercial applications worldwide. Performing concurrent error detection (CED) for protection of such a widely deployed algorithm is an issue of paramount importance. We present a low-cost CED method for AES. In this method, we make use of invariance properties of AES to detect errors. For the first time, the invariance properties of the AES, which are for the most part used to attack the algorithm, are being used to protect it from fault attacks. Our preliminary ASIC synthesis of this architecture resulted in an area overhead of 13.8% and a throughput degradation of 16.67%.

Abstract: A system for contributing to a concatenation of a first string and a second string may include a communication unit to receive an encrypted representation of a second share of the second string, the second string being identical to the second share of the second string combined with a first share of the second string and to send a rearranged representation of the encrypted representation of the second share of the second string to a second system. The system may further include a processing unit to rearrange a representation of the encrypted representation of the second share of the second string using a length value of a first share of the first string, the first string being identical to the first share of the first string combined with a second share of the first string.

Abstract: In a communications system, a method of transforming a set of message signals representing a message comprising the steps of first encoding one of the set of message signals in accordance with a first keyed transformation, a second encoding of the one of the set of message signals in accordance with at least one additional keyed transformation, a third encoding of the one of the set of message signals in accordance with a self inverting transformation in which at least one of the set of message signals is altered, a fourth encoding of the one of the set of message signals in accordance with at least one additional inverse keyed transformation wherein each of the at least one additional inverse keyed transformation is a corresponding inverse of at least one additional keyed transformation, and fifth encoding the one of the set of message signals in accordance with first inverse keyed transformation wherein the first inverse keyed transformation is the inverse of the first keyed transformation.

Abstract: A system to contribute to creating a substring of a string may include a communication unit and a processing unit. The communication unit may be configured to receive an encrypted representation of a second share of the string. The string may be identical to the second share of the string combined with a first share of the string. The communication unit may be configured to send a rearranged representation of the encrypted representation of the second share of the string to a further system. The processing unit may be configured to rearrange a representation of the encrypted representation of the second share of the string using a first share of a start value of the substring. The start value may be identical to the first share of the start value added to a second share of the start value.

Abstract: The invention concerns a method for controlling access to encrypted data (CT) by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on the encrypted data. Said control messages (ECM) contain at least one first control word (CW1) and a second control word (CW2), said control words each allowing access to the encrypted data (CT) during a predetermined period called cryptoperiod (CP). Said method includes the following steps: sending said encrypted data to at least one operating unit; and sending control messages (ECM) to said control unit, such a control message (ECM) containing at least two specific control words (CW1, CW2) being sent to the operating unit after sending the data encrypted by said first control word (CW1) and before sending the data encrypted by said second control word (CW2).

Abstract: The present invention is suitable for use in a multi-encrypted system that dynamically allocates stream identifiers in a secondary overlay stream depending upon the identifiers in a primary encrypted stream. The primary encrypted input stream is monitored to determine the presence of all identifier values. Once the identifier values are determined, the values are stored in an allocation table and marked as ‘in-use’ to ensure that these identifier values are not allocated to any of the secondary overlay streams. The primary encrypted stream is monitored and the allocation table is updated continuously to detect any changes or conflicts to the identifier values, and the secondary overlay streams are dynamically updated accordingly.

Abstract: A system and method for securing wireless transmissions is provided. A method for transmitting secure messages includes selecting a bin of codewords from a plurality of bins. The bin of codewords containing a plurality of sub-bins of codewords, and the selecting is based on a first message. The method also includes selecting a sub-bin of codewords from the plurality of sub-bins of codewords based on a second message, selecting a codeword from the sub-bin of codewords, and transmitting the selected codeword to a legitimate receiver.

Abstract: A stream encryption device generates a first pseudo random number sequence from key information, generates a second pseudo random number sequence according to clock control performed according to the first pseudo random number sequence, and subjects it to a nonlinear function calculation, thereby generating a key stream. The stream encryption device performs XOR operation with a plain text so as to create an encrypted text. The stream encryption device performs an encryption process in units of words by using a clock controller. It includes: a first pseudo random number generation means to generate a first pseudo random number sequence from key information; a second pseudo random number generation means to generate a second pseudo random number sequence based on clock control performed according to the first pseudo random number sequence; and, a keystream generation means to generate a keystream by applying a nonlinear function calculation to the second pseudo random number sequence.

Abstract: The subject matter described herein includes methods, systems, and computer readable medium for scrambled communication of data to, from, or over a medium. According to one aspect, the subject matter described herein includes a method for communicating data in scrambled form to or over a medium. The method includes receiving analog or digital data to be transmitted to or over a medium. The method further includes modulating samples representing at least signal using the analog or digital data to produce data modulated signal samples. The method further includes scrambling the data modulated signal samples using a predetermined scrambling algorithm. The method further includes transmitting the scrambled data modulated signal samples to or over the medium. The method further includes descrambling samples received from the medium using the inverse of the predetermined scrambling algorithm to obtain the unscrambled modulated signal samples, which can then be demodulated to retrieve original data.

Abstract: A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

Abstract: Content reproduction apparatus, content recording apparatus, network system, and method of recording and reproducing content are provide.

Abstract: Provided is an scrambling or descrambling method and apparatus. The scrambling system includes a data stream generating unit to generate data streams, a scrambling linear feedback shift register (LFSR) group to calculate a sequence output with respect to each of the generated data streams, and a scrambling processing unit to perform scrambling of the generated data streams based on the calculated sequence outputs. The descrambling system includes a data stream generating unit to generate scrambled data streams using scrambled data, a descrambling LFSR group to calculate a sequence output of each of the generated scrambled data streams, and a descrambling processing unit to perform descrambling of the scrambled data streams using the calculated sequence outputs.

Abstract: A process and system for enciphering and deciphering Unicode characters that is compatible with scripting languages such as JAVASCRIPT®, JSCRIPT® and VBSCRIPT®. The process and system can encipher each character individually and maintain the size of the character. The enciphered character is deciphered at the application layer at the client to provide endpoint security.

Abstract: A content delivery system, enabling a ciphertext to be reduced in size when using the ElGamal cipher, includes a content delivery device performing elliptic curve encryption on a content key, generating an encrypted content key that includes an x coordinate of an elliptic curve point obtained by the elliptic curve encryption, and outputting the encrypted content key. Further, the content delivery system includes content reception device receiving the encrypted content key, calculating a y coordinate of the elliptic curve point using the x coordinate included in the encrypted content key, and performing elliptic curve decryption using the elliptic curve point and other information included in the encrypted content key, to generate a decrypted content key.

Abstract: Techniques are disclosed to enable efficient implementation of secure hash functions and/or stream ciphers. More specifically, a family of graphs is described that has relatively large girth, large claw, and/or rapid mixing properties. The graphs are suitable for construction of cryptographic primitives such as collision resistant hash functions and stream ciphers, which allow efficient software implementation.

Abstract: A method of generating encryption and decryption keys for a multiple tier, variable key ladder (VKL) hierarchy includes determining a device key based on network connection and configuration data contained in conditional access system firmware, decrypting and extracting a session or category key from an input media stream or an Entitlement Management Message using the device key, and configuring a key ladder in response to at least one Entitlement Control Message (ECM), wherein the key ladder comprises the device key and at least one of (i) a program key, (ii) the session or category key, and (iii) at least one control word.

Abstract: According to embodiments of the invention, there is disclosed a data processing unit, a method of operating the same, computer program product and an instruction. In one embodiment according to the invention, there is provided a data processing unit for a computer processor, the data processing unit comprising a deep register access mechanism capable of performing a permutation operation on at least one data operand accessed from a register file of the computer processor, the permutation operation being performed in series with (i) register access for the data operand and (ii) execution of a data processing operation on the operand.

Abstract: The present invention relates to a variable length private key generator. According to one embodiment, the variable length private key generator includes a permuter. The permuter is configured to generate a key stream of a desired length by permuting a plurality of shift registers. The permuter includes the plurality of shift registers, a plurality of clocking modules, and/or an output module. Each clocking module corresponds to a different one of the plurality of shift registers and is configured to generate a clocking signal based on selected bits of the corresponding shift register. The output module is configured to output the key stream based on at least one clocking signal and output of at least one of the plurality of shift registers.

Abstract: Messages are encrypted/decrypted according to a modified triple wrap procedure in which the messages are encrypted/decrypted in three encryption/decryption operations and are processed in three additional operations using first, second, third, fourth, fifth, and sixth keys.

Abstract: A system and method are provided for performing remote surgical navigation in multiple systems from a single control center, where there are at least two remote navigation systems in separate procedure rooms having respective control computers. The system includes a Control Center separate from each procedure room that has a set of displays and interface input devices. A switch may also be included for connecting the Control Center to the set of displays, interface input devices, and remote navigation systems. A method is provided for performing multiple simultaneous remote medical procedures that includes displaying information transmitted from a remote navigation system to the Control Center, and accepting user input from a remote navigation system. The method provides for establishing an encryption key with the remote system, converting the user input to a script data and encrypting the data. The transmitted script command is then transmitted to the remote navigation system.

Abstract: A process for the secure distribution of compressed digital texts formed by blocks of binary data stemming from digital transformations applied to an original text, and including two stages: a preparatory stage including modifying at least one binary data in one of the blocks according to at least one substitution operation including extraction of the binary data in a block and its replacement by a decoy, and a transmission stage of a modified compressed digital text in conformity with the format of the original text, constituted of blocks modified during the course of the preparatory stage, and by a separate path of the modified compressed digital text, of digital complementary information permitting reconstitution of the original compressed digital text on the equipment of the addressee from the modified compressed digital text and from the complementary information.

Abstract: An apparatus comprising a first circuit and a second circuit. The first circuit may be configured to analyze an audio-video data stream to determine watermark appropriate information for the audio-video data stream. The second circuit may be configured to communicate the watermark appropriate information either in-band with or out-of-band from a bit stream communicating the audio-video data.

Abstract: The invention comprises an encoder for encoding a stegotext and a decoder for decoding the encoded stegotext, the stegotext being generated by modulating the log power spectrogram of a covertext signal with at least one key, the or each key having been added or subtracted in the log domain to the covertext power spectrogram in accordance with the data of the watermark code with which the stegotext was generated, and the modulated power spectrogram having been returned into the original domain of the covertext. The decoder carries out Fast Fourier Transformation and rectangular polar conversion of the stegotext signal so as to transform the stegotext signal into the log power spectrogram domain; subtracts in the log power domain positive and negative multiples of the key or keys from blocks of the log power spectrogram and evaluates the probability of the results of such subtractions representing an unmodified block of covertext in accordance with a predetermined statistical model.

Abstract: A method, apparatus and system enabling software access to navigational data in a decrypted media stream while protecting stream payloads. In one embodiment, a filter may route an encrypted content stream and associated information to a secure partition having a trusted computing component for decryption. Upon decryption, the trusted computing component may store the decrypted payload of the content in a secure storage location accessible to the trusted computing component. Thereafter, the decrypted navigational header information of the content may be used to navigate to the decrypted content via a trusted component such as a trusted rendering unit in the secure partition.

Abstract: A data transmitting apparatus generates, by using predetermined first key information and information data, a multi-level signal in which a signal level changes so as to be approximately random numbers, and converts the multi-level signal into a modulated signal, in a predetermined modulation method and transfer the same. A data receiving apparatus demodulates the modulated signal so as to be converted into a multi-level signal, and reproduces information data from the multi-level signal, using second key information which has the same content as first key information used by the data transmitting apparatus.

Abstract: In one embodiment, a method includes receiving gap information from an entertainment content source configured to provide an entertainment stream associated with a contributing source information providing a source of the entertainment stream and a chronological order to render the entertainment stream, the entertainment stream being encrypted and having an associated first decryption key multiplexed into a key distribution system, the gap information identifying a gap in the entertainment stream where an ad may be one of inserted or substituted, synchronizing a target ad from an advertisement stream to a time base corresponding to the gap, decrypting the entertainment stream using the first decryption key selected from the key distribution system based on the contributing source information, and rendering the entertainment stream and the target ad as a composite stream based on the chronological order, the target ad being rendered during the gap in the entertainment stream.

Abstract: Pseudorandom numbers may be generated from input seeds using expander graphs. Expander graphs are a collection of vertices that are interconnected via edges. Generally, a walk around an expander graph is determined responsive to an input seed, and a pseudorandom number is produced based on vertex names. Specifically, a next edge, which is one of multiple edges emanating from a current vertex, is selected responsive to an extracted seed chunk. The next edge is traversed to reach a next vertex. The name of the next vertex is ascertained and used as a portion of the pseudorandom number being produced by the walk around the expander graph.

Abstract: A method and apparatus are disclosed for efficiently scrambling one or more bytes of data according to DSL standards on a processor. This is achieved by providing an instruction for scrambling one or more bytes of data according to the DSL standards. Accordingly, the invention advantageously provides a processor with the ability to scramble data with a single instruction thus allowing for more efficient and faster scrambling operations for subsequent modulation and transmission.

Abstract: Provided are a method and apparatus for transmitting digital multimedia broadcasting data, and a method and apparatus for receiving digital multimedia broadcasting data. A basic audio signal and a multichannel audio signal are encoded to generate a basic audio stream and a multichannel audio stream, and a first data stream describing property and position data of the basic audio stream and a second data stream describing property and position data of the multichannel audio stream are transmitted as independent streams. According to the performance of the receiving apparatus, an audio signal may be decoded by using just the first data stream only or both the first data stream and the second stream.

Abstract: A data processing system includes: a stream decoder for decrypting a stream encrypted by broadcast encryption to obtain a first decrypted stream; an internal buffer for storing the first decrypted stream; and an encryption/decryption processor. The encryption/decryption processor decrypts a stream encrypted by content encryption to obtain a second decrypted stream and storing the second decrypted stream in the internal buffer, and reads one of the first and second decrypted streams from the internal buffer and encrypts the read-out stream by content encryption.

Abstract: A method for reducing the memory requirements of executing ciphering processes is disclosed which utilizes sequential key extraction and ciphering. By providing a base key for extracting therefrom multiple first sequential security keys; each key is sequentially extracted and employed. During the process overwriting of each sequential security key occurs with the next subsequently extracted sequential security key. In this manner memory requirements are lowered, power consumption reduced which are important in mobile applications.

Abstract: An architecture and associated methods and devices are described that include a plurality of stages of cipher round logic, each stage configured to perform cryptographic processing of plaintext data in a counter mode and output ciphertext data, a plurality of multipliers, each multiplier configured to receive the ciphertext data output from at least one associated stage of the plurality of stages of cipher round logic and continue the cryptographic processing to output at least a portion of an integrity check value (ICV), and control logic configured to provide a selection between a first option of performing the cryptographic processing at a first data rate using a first number of the plurality of stages and a first number of the plurality of multipliers, and a second option of performing the cryptographic processing at a second data rate using a second number of the plurality of stages and a second number of the plurality of multipliers.

Abstract: One embodiment is a system adapted to encrypt one or more packets of plaintext data in cipher-block chaining (CBC) mode. The system includes a plurality of digital logic components connected in series, where respective components are operative to process one or more rounds of a block cipher algorithm. A plurality of N bit registers are respectively coupled to the plurality of digital logic components. An XOR component receives blocks of plaintext data and blocks of ciphertext data, and XORs blocks of plaintext data for respective plaintext packets with previously encrypted blocks of ciphertext data for those plaintext packets. The XOR component iteratively feeds the XOR'd blocks of data into a first of the plurality of the digital logic components. In addition, a circuit component is operative to selectively pass blocks of ciphertext data fed back from an output of a final logic component to the XOR component.

Abstract: Embodiments of the invention are generally directed to signaling for transitions between modes of data transmission. A embodiment of a method includes transmitting a data stream over a data link from a first device to a second device, the data stream operating in a first mode; determining that the data stream is to be changed from the first mode to a second mode; and transmitting a message from the first device to the receiver over a control link, the message indicating that the first device will change the data stream from the first mode to the second mode, the message being sent prior to the change to the second mode.

Abstract: A communication apparatus includes a plurality of isochronous transfer processing units, each of which is configured to perform isochronous transfer using an isochronous channel set thereto; a security ensuring processing unit coupled to each of the plurality of isochronous transfer processing units, and configured to perform security ensuring processing to ensure the security of isochronous transfer performed by the corresponding isochronous transfer processing unit; and a security ensuring control unit configured to, in response to a request from a second communication apparatus for ensuring security of isochronous transfer, cause the security ensuring processing unit corresponding to the isochronous transfer processing unit which performs the isochronous transfer using an isochronous channel having been notified from the second communication apparatus along with or in advance of the request for ensuring security of isochronous transfer to perform the security ensuring processing.

Abstract: An information management apparatus includes a management unit for managing the type of integrated circuit chip and the type of command to be executed by the integrated circuit chip in such a manner as to correspond to each other; an information obtaining unit for obtaining information on the type of the integrated circuit chip to be controlled; and a command generation unit for generating a command of the type corresponding to the type of the integrated circuit chip to be controlled, the type of the integrated circuit chip being obtained by the information obtaining unit, from among a plurality of different types of commands corresponding to the command requested from a server and for transmitting the generated command to the server.

Abstract: A logic circuit for calculating an encrypted dual-rail result operand from encrypted dual-rail input operands according to a combination rule includes inputs for receiving the input operands and an output for outputting the encrypted result operand. Each operand may comprise a first logic state or a second logic state. The logic circuit comprises a first logic stage connected between the inputs and an intermediate node and a second logic stage connected between the intermediate node and the output. The logic stages are formed to calculate the first or second logic state of the encrypted result operand from the input operands according to the combination rule and to maintain or change exactly once the logic state of the encrypted result operand, independently of an order of arrival of the encrypted input operands, depending on the combination rule, in order to impress the calculated first logic state or second logic state on the output.

Abstract: Methods and apparatus for converting original data into a plurality of sub-bands using wavelet decomposition; encrypting at least one of the sub-bands using a key to produce encrypted sub-band data; and transmitting the encrypted sub-band data to a recipient separately from the other sub-bands.