Abstract: In order to provide various service types to the users in a case of supplying the contents constituted from multiple resources via broadcast, the following apparatuses are provided. An encryption apparatus (100) encrypts the resources-to-be-encrypted of the contents, stores the encrypted resources in the packets and transmits the packets via broadcast. An encryption portion which encrypts each of contents constituted from multiple resources by applying a corresponding encryption key and generates and transmits packets that store encrypted data or non-encrypted data of the resources. A licensing apparatus (2) providing a license via communication network while the license includes both a license identifier which indicates a broadcast range in which the license is effective and the decryption key provided in correspondence with each of resources-to-be-encrypted.

Abstract: Slice-based prioritized secure video streaming comprises a transmitter receiving a slice comprising a plurality of macroblocks and selecting an encryption key based at least in part on a relative importance of secure transmission of the macroblocks. If the importance is high, a master key is selected. If the importance is medium, a first key derivable by applying a one-way function to the master key is selected. If the importance is low, a second key derivable by applying the one-way function to the first key is selected. The slice is encrypted using the encryption key. A receiver receives the encrypted slice, decrypts a header of the slice using the master key, to obtain an indication of a relative importance of secure transmission of the macroblocks. The receiver selects a decryption key based at least in part on the indication, and decrypts the slice using the decryption key.

Abstract: Embodiments of the present invention provide a data transmission method, a Coaxial-Cable Network Unit (CNU) and a Coaxial-cable Line Terminal (CLT). The method is applied to a point-to-multipoint Coaxial-cable Network, wherein the point-to-multipoint Coaxial-cable Network includes a Coaxial-cable Line Terminal, CLT, and a plurality of Coaxial-Cable Network Units, CNUs; the CLT shares transmission medium with the CNUs. The method includes: obtaining, by the CLT, an uplink receiving scrambling code, and decrypting, by the CLT, with the obtained uplink receiving scrambling code, data sent from a CNU after being encrypted with an uplink transmission scrambling code; and obtaining, by the CNU, a downlink receiving scrambling code, and decrypting, by the CNU, data received by the CNU with the obtained downlink receiving scrambling code; wherein the uplink receiving scrambling code is different from the downlink receiving scrambling code.

Abstract: In one embodiment, a mechanism for transport-safe codings for cryptographic use is disclosed. In one embodiment, a method for transport-safe coding for cryptographic use includes converting an input data stream into index values associated with “n” printable characters, wherein “n” is a radix associated with a base-“n” coding scheme and a prime power less than 94, performing a cryptographic operation on the index values to encrypt the index values, and translating the encrypted values directly into an output data stream of printable characters associated with the encrypted values in a base-“n” coding scheme.

Abstract: Systems and methods for wireless communications are provided. These include data deciphering components, interrupt processing components, adaptive aggregations methods, optimized data path processing, buffer pool processing, application processing where data is formatted in a suitable format for a destination process, and Keystream bank processing among other hardware acceleration features. Such systems and methods are provided to simplify logic designs and mitigate processing steps during wireless network data processing.

Abstract: Sensitive, Standard Telephone Equipment (STE) data is encapsulated into IP packets in a remotely deployed, secure communication system. The IP packets are addressed to a matching IP encapsulator/decapsulator device over the public Internet or other IP protocol network, that then passes it to a similar STE device over an ISDN link for decryption. The present invention is embodied in a system that provides secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, to a remote user. Most importantly, the embodiment allows for the routing of bulk encrypted (i.e., secure) data over a public network, e.g., the Internet.

Abstract: Techniques for securely and adaptively delivering multimedia content are disclosed in which a set of alternate access units for each time slot is obtained. Then, the encryption stream index of each access unit from the set of alternate access units of the previous time slot are obtained. An encryption stream index is then assigned to each access unit in the set of alternate access units in the current time slot, such that the encryption index increases over time. Thus, the invention overcomes the problem of encrypting a multimedia stream that may have multiple access units for each time slot by selecting the encryption index for each access unit such that the encryption index increases, regardless of which access unit the delivery system (e.g., server) selects for transmission.

Abstract: Techniques for securely and adaptively delivering multimedia content. It is assumed that a set of alternate access units for each time slot is obtained. Then, the encryption stream index of each access unit from the set of alternate access units of the previous time slot are obtained. An encryption stream index is then assigned to each access unit in the set of alternate access units in the current time slot, such that the encryption index increases over time. Thus, the invention overcomes the problem of encrypting a multimedia stream that may have multiple access units for each time slot by selecting the encryption index for each access unit such that the encryption index increases, regardless of which access unit the delivery system (e.g., server) selects for transmission.

Abstract: Stream cipher encryption and message authentication. Stream cipher encryption is performed by generating a keystream at the transmitting end from a state value, applying the keystream to plaintext to generate an encrypted message block having at least a portion of the plaintext converted to ciphertext, and updating the state value as a function of said at least a portion of the plaintext. Stream cipher decryption is performed by generating a keystream at the receiving end from the same state value, applying the keystream to the encrypted message block to convert the ciphertext to plaintext, and updating the state value as a function of the plaintext. Message authentication techniques are also described.

Abstract: A method and apparatus for protecting privacy in power line communication (PLC) networks. Data transmitted on a PLC network is encrypted according to a network key and can be properly received only by registered devices that have the proper network ID and network key value so that proper decryption can be performed. According to the invention a streaming media device is provided with a compatible network ID and network key during a registration process facilitated by coupling the device (applicant) to a direct power line connection associated with another device (administrator). The network key, and optionally network ID, are then shared over the direct connection without being distributed over the PLC network at large. By way of example, the data is prevented from being distributed across the PLC network in response to using selectable filtering of PLC data, and preferably a secure data communication mechanism, such as public-private key encoding.

Abstract: A cipher engine performs cipher processing (encrypting/decrypting) on logical data streams in a physical data stream in a storage device. As the physical data stream changes from a first logical data stream to a second logical data stream, and the cipher engine switches from cipher processing the first logical data stream to the second logical data stream, cipher information of the first logical data stream is stored in a cipher state memory, cipher information of the second logical data stream is retrieved from the cipher state memory, and the cipher engine resumes cipher processing the second logical data stream using the cipher information of the second logical data stream. Advantageously, a virtually unlimited number of logical data streams is supported and duplicate cipher hardware is avoided.

Abstract: An encrypted-stream processing circuit includes: a decryption mechanism decrypting an encrypted stream; a stream-data processing mechanism separating a plurality of packets included in a stream decrypted by the decryption mechanism in accordance with a packet identifier identifying the packet, and creating a partial stream by extracting a part from the stream under the control of a CPU (Central Processing Unit); and an encryption mechanism encrypting the partial stream, wherein the decryption mechanism, the stream-data processing mechanism, and the encryption mechanism are included in a packaged integrated circuit, and are connected to the CPU through a bus.

Abstract: Encryption is provided with additional diffusion components to construct a block cipher with a large and variable block size. The cipher incorporates an encryption system or algorithm such that the cipher is at least as secure as the encryption system or algorithm. Additional components of the cipher provide improved diffusion. This combination ensures that the cipher is at least as strong as the encryption algorithm, and at the same time it provides additional security properties due to its improved diffusion.

Abstract: A self-service terminal (10) is described. The terminal (10) includes a plurality of modules (14) arranged in a network (16) so that the modules are operable to communicate using the network (16). Each module (14) has storage means (34) for storing data and cipher means (32) for encrypting and decrypting communications, whereby the cipher means (32) is operable to encrypt data prior to sending or receiving a communication, and subsequently to decrypt a received encrypted communication by applying a Boolean function to the encrypted data and to the received encrypted communication. A module (14) for use in an SST (10) and a method of encrypting a communication for transmission between interconnected modules (14) in a self-service terminal (10) are also described.

Abstract: A communication system has a plurality of nodes that perform encrypted communication via a LAN, each using an identical common cipher key. The common cipher key is replaced at fixed or irregular intervals, by being transmitted from a main node in a broadcast mode via the LAN to respective secondary nodes that are to share the key. When the key is successfully received by a secondary node, it returns a confirmation signal. The system can be configured such that a notification list of secondary nodes for which key acquisition has been confirmed is transmitted to all of the secondary nodes.

Abstract: A cascaded interconnect system with one or more memory modules, a memory controller and a memory bus that utilizes periodic recalibration. The memory modules and the memory controller are directly interconnected by a packetized multi-transfer interface via the memory bus and provide scrambled data for use in the periodic recalibration.

Abstract: A conditional access system for multimedia data is disclosed that offers acceptable security at drastically reduced requirements on hardware performance. A selectively encrypted transport stream is formed from a clear transport stream by detecting particular data packets within the clear transport stream, removing and encrypting the particular data packets with an event encryption key, and inserting the encrypted data packets into the remaining clear transport stream at insertion positions corresponding to the original positions of the particular data packets in the clear transport stream. For specific embodiments that include decryption circuitry inside a user smart card, the level of security of such system is even higher than that of conventional ones.

Abstract: An apparatus and method for encoding and decoding additional information into a stream of digitized samples in an integral manner. The information is encoded using special keys. The information is contained in the samples, not prepended or appended to the sample stream. The method makes it extremely difficult to find the information in the samples if the proper keys are not possessed by the decoder. The method does not cause a significant degradation to the sample stream. The method is used to establish ownership of copyrighted digital multimedia content and provide a disincentive to piracy of such material.

Abstract: A first bit sequence is generated using a first pseudorandom bit source. A second bit sequence is generated using a second pseudorandom bit source. A third bit sequence is generated by multiplying the first bit sequence with the second bit sequence over a finite field of even characteristic, modulo a fixed primitive polynomial. A message is received. The third bit sequence is comingled with the message to conceal contents of the message.

Abstract: An encryption apparatus and method for generating a ciphertext from an input plaintext of the same length as the ciphertext by parallel processing of the input signal. Since a non-delayed signal is synchronized to a delayed signal, an accurate ciphertext is produced. Therefore, the encryption speed is increased, the number of devices for timing synchronization is reduced, an encryption system is stabilized, and production cost is reduced.

Abstract: Security processing circuits are discussed which may be used alone or as part of a network interface device of a host system using a single DES engine to accomplish 3DES processing. The security processing circuit is adapted for selectively encrypting outgoing data and decrypting incoming data, where the network interface device may be fabricated as a single integrated circuit chip. Methods are also provided for performing 3DES encryption and decryption services between the host system and a network, in which security information is obtained from the host system, which is used together with a set of secret keys for 3DES processing data utilizing a single DES engine and an intermediate result fed back to the single DES engine of the 3DES IPsec circuit.

Abstract: A method for scaling a progressively encrypted sequence of scalable data is disclosed. The method includes associating data with the progressively encrypted sequence of scalable data that identifies combinable portions of the progressively encrypted sequence of scalable data to combine in order to produce a scaled version of the progressively encrypted sequence of scalable data. The scaled version of the progressively encrypted sequence of scalable data is scaled to possess a desired scalable attribute. Moreover, the scaled version of the progressively encrypted sequence of scalable data is scaled without being decoded. A cryptographic checksum is computed for at least one combinable portion of the progressively encrypted sequence of scalable data and, a cryptographic checksum is associated with the at least one combinable portion of the progressively encrypted sequence of scalable data.

Abstract: A signature management apparatus and method of cutting-out streaming data. The signature management apparatus includes a signature-related information preparing device which prepares signature-related information for streaming data, a signature-related information storage device which partitions a sequence header of the streaming data into stream header information needed for reproduction of the streaming data and user header information which a user can freely use for storage, and stores the signature-related information within the user header information in a form that allows no start code to emerge.

Abstract: Systems for instant messaging private tags preferably comprise a parser for parsing an instant message for sensitive data and an encryption engine for encrypting the sensitive data. A modified uuencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided.

Abstract: A cryptographic system (CS) is provided. The CS (800) comprises a data stream receiving means (DSRM), a generator (702), a mixed radix converter (MRC) and an encryptor (908). The DSRM (902) is configured to receive a data stream (DS). The generator is configured to selectively generate a random number sequence (RNS) utilizing a punctured ring structure. The MRC (704) is coupled to the generator and configured to perform a mixed radix conversion to convert the RNS from a first number base to a second number base. The encryptor is coupled to the DSRM and MRC. The encryptor is configured to generate an altered data stream by combining the RNS in the second number base with the DS. The punctured ring structure and the MRC are configured in combination to produce an RNS in the second number base which contains a priori defined statistical artifacts after the mixed radix conversion.

Abstract: A system for the encryption and decryption of data employing dual ported RAM to accelerate data processing operations during the computation of the encryption and decryption algorithm. The system includes logic to track data changes in the dual ported memory for fast table initialization; a means to accelerate operations by performing read/write operations in different iterations of the algorithm to separate ports on the dual ported RAM in the same clock cycle; and a means to resolve data manipulation conflicts between out of order read/write operations so that the system correctly computes the desired algorithm.

Abstract: The invention provides as smart card, a secured client with a smart card and a method for use in a smart card. The smart card is configured for counting ECMs associated to a particular portion of the content stream and storing loyalty points on the smart card. This enables e.g. counting of ECMs related to advertisements. Watching advertisements results in earning loyalty points that can be used to watch television programs for free.

Abstract: Information communication terminals for transmitting/receiving information that includes a plurality of elements are connected to each other via a network. A information communication terminal at a transmitting side sets security-coupling levels to a plurality of elements, sets a dividing rule for dividing the information into a plurality of pieces of loosely coupled information based on the set security-coupling levels, divides the information into a plurality of pieces of loosely coupled XML data based on the set dividing rule, and transmits the divided plurality of pieces of loosely coupled XML data and the set dividing rule.

Abstract: A centralized distribution server includes converter means for embedding content data into a digital delivery stream and transmitting means for transmitting the digital delivery stream to at least one of the subscriber terminals via a forward network channel. The at least one subscriber terminal includes receiving means for receiving the digital delivery stream from the centralized server and interface means for enabling access to the digital delivery stream and/or the content data embedded therein by a subscriber.

Abstract: Methods and apparatuses for minimizing co-channel interference in communications systems are disclosed. A method in accordance with the present invention comprises scrambling a first header of the first signal using a first scrambling code, scrambling a second header of the second signal using a second scrambling code, and transmitting the first signal and the second signal with the scrambled first header and the scrambled second header over different channels of the communication system.

Abstract: Systems and method for partial encryption are disclosed. One example method comprises: creating a program association table to include a first program number which identifies a program encrypted in accordance with a first encryption scheme, and a second program number which identifies the same program encrypted in accordance with a second encryption scheme; and creating a program map table for the same program to include first audio and video identifiers associated with the first encryption scheme and second audio and video identifiers associated with the second encryption scheme.

Abstract: A method of performing trick play on a scrambled data stream, the method comprising: extracting position information corresponding to scrambling information from an input scrambled transport stream; demultiplexing a transport stream of a predetermined position according to the stored position information of the scrambling information and extracting the scrambling information and a scrambled data stream pertaining to the scrambling information; descrambling the extracted scrambled data stream by using the extracted scrambling information; and decoding a reference picture based on the position information.

Abstract: The invention relates to embedding a spread spectrum watermark in a data signal as well as to detection of the embedded watermark. A data signal (4) is encrypted (15) or received in the form of an encrypted data signal (9), the signal being encrypted by modifying (3) it in accordance with one or more entries of a look-up-table (2) in which an encryption table (6) is stored. The encryption is carried out by a first computing device (15) such as a server device. The watermark is actually embedded while decrypting (13) the signal. This takes place in a second computing device (16), possibly in a client device, in a similar manner The client device employs a decryption table (8), which is a modified (i.e. watermarked) version of the encryption table (6). The decryption table may generated by the server and securely communicated to the client. The data signal is decrypted in accordance with entries of a look-up-table (12).

Abstract: A method, system and apparatus for sharing media content securely and reliably among various computing devices in a private network through media streaming technology is provided.

Abstract: A security system, method and device for use in a network for providing a real-time stream are provided. A server updates security association of a terminal device by periodically providing a key stream. When the key stream for changing the security association of the terminal device is received from the server, the terminal device updates stored key stream information after identifying at least one changed field in the key stream and performs a security policy with the server using the updated key stream information. When a security setting operation is performed through a stream notification periodically provided from the server, an unnecessary waste of system resources can be reduced by updating only a specific changed field through the stream notification and reducing the load of generating a security association table.

Abstract: An information processing apparatus capable of effectively preventing unauthorized use of content distributed through a network when playing the content. The information processing apparatus includes a tamper-resistant secure module, a receiving block, and a playback block. The secure module includes a key storage block for storing a decryption key, a decryption block, and an encryption block. The receiving block receives distribution data distributed through the network and transfers the data to the decryption block. The decryption block decrypts the distribution data to obtain content by using the decryption key. The encryption block divides the content to a plurality of split pieces of content and encrypts them by using a temporary encryption key. Information on a temporary decryption key is output each time the temporary encryption key is changed. The playback block decrypts the encrypted pieces of content by using the temporary decryption key and combines and plays them.

Abstract: The invention relates to a method, a system, an electronic device and a computer program for providing at least one content stream to an electronic device applying Digital Rights Management (DRM). In the method a master integrity key is obtained in a streaming node. An encrypted master integrity key is obtained in an electronic device. The encrypted master integrity key is decrypted in the electronic device. At least one session integrity key is formed in the streaming node and in the electronic device using at least the master integrity key and the integrity of at least one content stream is protected between the streaming node and the electronic device using the at least one session integrity key.

Abstract: An interface block (11) converts the format of input downstream data (STRM). A CPU (12) receives the format-converted data (DIF) and realizes the MAC function. A TEK process block (13) receives TEK process data (DTEK) obtained from the data (DIF), analyzes the data structure of the TEK process data, and performs decryption processing based on a result of the analysis.

Abstract: Provided is a data communication apparatus which is highly concealable and significantly increases time necessary for an eavesdropper to analyze cipher text. A multi-level code generation section (156a) generates, by using predetermined key information, a multi-level code sequence in which a signal level changes so as to be random numbers. The multi-level processing section (111b) combines a multi-level code sequence and information data, and generates a multi-level signal having a level corresponding to a combination of the multi-level code sequence and the information data. In the multi-level code generation section (156a), a random number sequence generation section (157) generates a binary random number sequence by using the predetermined key information. A multi-level conversion section (158) generates a multi-level code sequence from the binary random number sequence in accordance with a predetermined encoding rule.

Abstract: Secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes receiving encrypted streamed content encrypted with a first key, generating a substitution key stream based on the first key and a second key, generating a transposition key stream based on the first and second keys, and simultaneously decrypting and re-encrypting the encrypted streamed content using a combination of the substitution and transposition streams to produce re-encrypted streamed content encrypted with the second key.

Abstract: A method of encrypting a transmission unit of a generalized scalable bit-stream includes, encrypting a plurality of logic units of the transmission unit using a unique encryption key for each logic unit, where the unique encryption keys for the transmission unit form a set of encryption keys. The method further includes providing a user with a subset of decryption information that corresponds to a subset of the encryption keys. The subset of the decryption information allows decryption of a subset of the logic units in the transmission unit up to a predetermined decryption level of the transmission unit.

Abstract: A data storage device is secured by extracting timing information encoded within a password-related symbol stream received by the storage device and denying access if the timing information is incorrect or the symbol stream is not identical to a valid authentication sequence. In one embodiment, each symbol corresponds to a password, and at least one symbol is transmitted within a specified timing window while at least one other symbol must be transmitted at a random time that varies with each authentication attempt. In certain embodiments, a computing device associated with the data storage device is configured to provide a single password prompt, receive a character sequence corresponding to a plurality of passwords from a user, and communicate an encrypted symbol stream to the storage device with a specified timing pattern imposed thereon.

Abstract: A method for protecting a dynamically reconfigurable computing system includes generating an encoding key and passing the encoding key, through a system level bus, to at least one field programmable logic device and to a function library included within the system. The function library contains a plurality of functions for selective programming into the at least one field programmable logic device. A lock is generated so as to prevent external resources with respect to the system from accessing the encoding key during the passing thereof.

Abstract: A data storage device is secured by extracting timing information encoded within a password-related symbol stream received by the storage device and denying access if the timing information is incorrect or the symbol stream is not identical to a valid authentication sequence. In one embodiment, each symbol corresponds to a password, and at least one symbol is transmitted within a specified timing window while at least one other symbol must be transmitted at a random time that varies with each authentication attempt. In certain embodiments, a computing device associated with the data storage device is configured to provide a single password prompt, receive a character sequence corresponding to a plurality of passwords from a user, and communicate an encrypted symbol stream to the storage device with a specified timing pattern imposed thereon.

Abstract: Techniques are disclosed to limit short-term correlations associated with outputs of stream cipher keystream generators. Output values of a generator are paired such that the paired outputs are sufficiently far apart to be considered independent. In one described implementation, a method includes sequentially storing a plurality of results provided by a stream cipher output rule in a first, second, and third storage units. A pairing function pairs individual values from the first and third storage units that are at least a threshold value apart. Upon reaching the threshold value of the output rule results, the contents of the first, second, and third storage units are rotated serially.

Abstract: Ternary (3-value) and higher, multi-value digital scramblers/descramblers in digital communications. The method and apparatus of the present invention includes the creation of ternary (3-value) and higher value truth tables that establish ternary and higher value scrambling functions which are its own descrambling functions. The invention directly codes by scrambling ternary and higher-value digital signals and directly decodes by descrambling with the same function. A disclosed application of the invention is the creation of composite ternary and higher-value scrambling devices and methods consisting of single scrambling devices or functions combined with ternary or higher value shift registers. Another disclosed application is the creation of ternary and higher-value spread spectrum digital signals. Another disclosed application is a composite ternary or higher value scrambling system, comprising an odd number of scrambling functions and the ability to be its own descrambler.

Abstract: Methods and apparatus are provided for implementing a cryptography engine for cryptography processing. A variety of techniques are described. A cryptography engine such as a DES engine can be decoupled from surrounding logic by using asynchronous buffers. Bit-sliced design can be implemented by moving expansion and permutation logic out of the timing critical data path. An XOR function can be decomposed into functions that can be implemented more efficiently. A two-level multiplexer can be used to preserve a clock cycle during cryptography processing. Key scheduling can be pipelined to allow efficient round key generation.

Abstract: Methods, systems, and products are disclosed for specifying a signature for an encrypted packet stream. One method receives the encrypted stream of packets, and encryption obscures the contents of a packet. A signature for insertion into the stream of packets is specified, and the signature identifies a type of data encrypted within the stream of packets. The signature identifies the contents of the packet despite the encryption obscuring the contents.

Abstract: A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

Abstract: A confidential information processing device performs a cryptographic operation on first input data and second input data. A first cryptographic operation circuit includes: a first register for holding first information; and a first cryptographic operation unit. A first pseudo-cryptographic operation circuit includes a second register for holding second information. A first arbitration circuit causes the first cryptographic operation unit to perform the cryptographic operation on the first input data using the first information held in the first register, when a cryptographic operation request for the first input data is made to the first cryptographic operation circuit, and causes the first cryptographic operation unit to perform the cryptographic operation on the second input data using the second information held in the second register, when a cryptographic operation request for the second input data is made to the first pseudo-cryptographic operation circuit.