Abstract: In various embodiments, once the client registers onto the system, a third party (a “requestor”) may transmit a request to the client for the client to provide the requestor with access to the client data. In at least one embodiment, a requestor may be an entity or person that desires to utilize client data for the requestor's business purposes. In one embodiment, upon registration with the application, the system generates and assigns the requestor a requestor key. In one or more embodiments, the system transmits the requestor key along with each requestor request. In some embodiments, the client may accept or reject the requestor's request. In many embodiments, if the client accepts the requestor's request, the system grants the requestor access to the client data.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing blockchain-based data authorization. One of the methods includes receiving, by a blockchain node, a data acquisition transaction submitted by a data user for obtaining target data possessed by a data owner, determining, by the blockchain node, that the data user has obtained authorization of the target data, and executing, by the blockchain node, a smart contract invoked by the data acquisition transaction to issue an authorization token to the data user in response to determining that the data user has authorization of the target data, where the authorization token is sent to a privacy computing platform.

Abstract: Systems and methods for implementing a Device Identifier Composition Engine (DICE)-based trusted computing base architecture, among various hardware, firmware, and software layers, are described. In an example, attestation and security operations may be supported in a multi-layered approach, by operations to: obtain a component identifier from a particular layer of at least one operational layer in a computing system; obtain a first compound device identifier, produced as an attestation value at a lower layer; and process, with a function, the component identifier from the particular layer and the first compound device identifier from the lower layer, to produce a second compound device identifier. In various examples, the second compound device identifier indicates attestation of at least one layer located at or below the particular layer.

Abstract: In an example of this disclosure, a method may include receiving, by a database server, a data write request. The data write request may include authentication information corresponding to a first call session and first additional information. The method may include generating, by the database server, a first unique identifier based on the first additional information. The authentication information may correspond to the first unique identifier. The method may include storing the first unique identifier and the authentication information in a data structure in a memory of the database server.

Abstract: Methods, systems, and computer readable media for implementing bandwidth limitations on specific application traffic at a proxy element are disclosed. One exemplary method includes receiving, at a proxy element, a packet flow from at least one source client, identifying encrypted packets associated with a specific application traffic type from among the packet flow, and directing the identified encrypted packets to a bandwidth limiter in the proxy element. The method further includes applying a bandwidth limitation operation to the identified encrypted packets and decrypting the identified encrypted packets if an accumulated amount of payload bytes of the identified encrypted packets complies with the parameters of the bandwidth limitation operation.

Abstract: A storage device includes a non-volatile memory configured to store an encryption key and a data key encrypted with the encryption key, writes data using the data key, and reads the data using the data key; and a storage controller, wherein the storage controller is configured to receive a first security setting command which allows access to the data key, using a first password, generates a first key on the basis of the first password in response to the first security setting command, encrypts the encryption key with the first key to generate a first encrypted encryption key, encrypts the first key with the encryption key to generate an encrypted first key, and stores the first encrypted encryption key and the encrypted first key in the non-volatile memory.

Abstract: In various embodiments, once the client registers onto the system, a third party (a “requestor”) may transmit a request to the client for the client to provide the requestor with access to the client data. In at least one embodiment, a requestor may be an entity or person that desires to utilize client data for the requestor's business purposes. In one embodiment, upon registration with the application, the system generates and assigns the requestor a requestor key. In one or more embodiments, the system transmits the requestor key along with each requestor request. In some embodiments, the client may accept or reject the requestor's request. In many embodiments, if the client accepts the requestor's request, the system grants the requestor access to the client data.

Abstract: Aspects of the invention include receiving a request from an initiator channel on an initiator node to initiate a secure communication with a responder channel on a responder node. The receiving is at a local key manager (LKM) executing on the initiator node. A security association is created at the LKM between the initiator node and the responder node. An identifier of a shared key assigned for communication between the initiator node and the responder node is obtained, and a message requesting initialization of the secure communication between the initiator channel and the responder channel is built. The message includes the identifier of the shared key. The message is sent to the initiator channel.

Abstract: A method for performing privacy-preserving or secure multi-party computations enables multiple parties to collaborate to produce a shared result while preserving the privacy of input data contributed by individual parties. The method can produce a result with a specified high degree of precision or accuracy in relation to an exactly accurate plaintext (non-privacy-preserving) computation of the result, without unduly burdensome amounts of inter-party communication. The multi-party computations can include a Fourier series approximation of a continuous function or an approximation of a continuous function using trigonometric polynomials, for example, in training a machine learning classifier using secret shared input data.

Abstract: An electronic device may be configurable to operate in a scrambling mode and a non-scrambling mode while processing chat audio and microphone audio for a first player participating in an online multiplayer game. While operating in the non-scrambling mode, the electronic device may be configured to transmit the microphone audio without scrambling the microphone audio. While operating in the scrambling mode, the electronic device may be configured to scramble the microphone audio and transmit the scrambled microphone audio. The electronic device may be operable to select a scrambling key used to scramble the microphone audio based on a signal received by the electronic device that indicates a role of the player in the online multiplayer game. The role of the player may correspond to which of two or more opposing teams the first player is a member of in the online multiplayer game.

Abstract: The exemplary embodiments disclose a system and method, a computer program product, and a computer system for encryption. The exemplary embodiments may include receiving an encryption request from a first smart device, preparing a response to the encryption request and generating a key, encrypting the prepared response with the generated key, sending the encrypted response to the first smart device, splitting the key into two or more pieces, sending the two or more key pieces to a second smart device, sending the two or more key pieces from the second smart device to the first smart device, assembling the two or more key pieces into the key on the first smart device, and decrypting the encrypted response on the first smart device using the assembled key.

Abstract: An embodiment encryption method, implemented by an electronic circuit including a first non-volatile memory, comprises the creation of one or more first pairs of asymmetrical keys, the first pair or each of the first pairs comprising first private and public keys, and, for the or at least one of the first pairs, storing the first public key in the first memory, receiving a second public key during a communication session, and forming a first symmetrical key from the first private key and the second public key, the first public key staying stored in the first memory after the communication session.

Abstract: A method for transmitting data includes: obtaining original data to be encrypted on a network device; determining a decryption geographic location of the original data to be encrypted, and selecting a hotspot within a range of the decryption geographic location; afterwards, using attribute information of the selected hotspot as an encryption key to encrypt the original data to be encrypted, and obtaining ciphertext data and sending the ciphertext data to user equipment. The attribute information is available to the user equipment by the user equipment scanning the hotspot within the range of the decryption geographic location. The present disclosure realizes encryption of the original data based on an actual decryption geographic location which is used as the encryption key of the original data to be encrypted.

Abstract: Exemplary embodiments include methods and/or procedures for Packet Data Convergence Protocol, PDCP, processing performed in a network node of a multi-hop, integrated access backhaul, IAB, communication network. Exemplary methods can include receiving (610) a configuration that includes a first characteristic associated with at least one of the following: the node and data packets received by the network node. Exemplary methods can also include receiving (620) a data packet having one or more packet characteristics, and determining (630) if there is a match between the one or more packet characteristics and the first characteristic. Exemplary methods can also include enabling or disabling (640) a first PDCP processing operation on the data packet based on the result of the determination. Other exemplary embodiments include network nodes configured and/or arranged to perform operations corresponding to the exemplary methods and/or procedures.

Abstract: A method includes all-or-nothing (AONT) encoding a first data chunk of a plurality of data chunks in accordance with distributed data storage parameters to produce a first set of AONT encoded data pieces, where the distributed data storage parameters include a T number that corresponds to a minimum number AONT encoded data pieces needed to recover a data chunk of the plurality of data chunks, and where the first set of AONT encoded data pieces includes the T number of AONT encoded data pieces. The method further includes facilitating storage of the first set of AONT encoded data pieces in a set of storage units of the storage network, where the set of storage units includes the T number of storage units.

Abstract: A system and method for searching for a specific datum among data stored in a permanent memory of a user unit linked to a central authority, comprising: receiving in the user unit, a processing key derived, in said central authority, using a key derivation function applied on a secret piece of information, said key derivation function being a first iterative one-way function; storing said processing key in a temporary memory of the user unit; receiving from said central authority the specific datum converted by a second one-way function using said processing key; in the user unit, converting at least a part of the data stored in the permanent memory using said second one-way function and said processing key; comparing said converted specific datum received from the central authority with the converted data from the permanent memory, thereby providing a search result; and deleting said processing key from the temporary memory.

Abstract: An encryption system and method that addresses private computation in public clouds and provides the ability to perform operations of encrypted data (including equality determinations and compare for less than operations) are provided.

Abstract: Disclosed examples decrypt a first block of sequential blocks using a first decryption key generated based on a first hash of a second decryption key and bit stream data, the first decryption key associated with the first block of the sequential blocks to generate a first segment of a band entropy coded bit stream; generate a third decryption key for a second block of the sequential blocks based on a second hash of the first decryption key and data of the first block of the sequential blocks; decrypt the second block of the sequential blocks using the third decryption key associated with the second block of the sequential blocks to generate a second segment of the band entropy coded bit stream; and merge the first and second segments of the band entropy coded bit stream to generate a source data bit stream using a bit mask for demultiplexing.

Abstract: A media presentation and distribution system includes a verification server that handles dynamic verification of playback of media assets on a client device. The client device receives an asset stream of media assets that comprises one or more tags embedded in the media assets. The client device detects an asset identifier associated with each of the media assets during playback of each media asset on the client device, based on identification of a tag of the one or more tags. The verification server verifies the playback of the media assets on the client device based on received support information from the client device. The playback of the media assets are verified to satisfy defined asset delivery criteria and to identify and debug a deviation or one or more errors with the playback of the media assets.

Abstract: A media presentation and distribution system includes a verification server that handles dynamic verification of playback of media assets on a client device. The client device receives an asset stream of media assets that comprises one or more tags embedded in the media assets. The client device detects an asset identifier associated with each of the media assets during playback of each media asset on the client device, based on identification of a tag of the one or more tags. The verification server verifies the playback of the media assets on the client device based on received support information from the client device. The playback of the media assets are verified to satisfy defined asset delivery criteria and to identify and debug a deviation or one or more errors with the playback of the media assets.

Abstract: A media presentation and distribution system includes a verification server that handles dynamic verification of playback of media assets on a client device. The client device receives an asset stream of media assets that comprises one or more tags embedded in the media assets. The client device detects an asset identifier associated with each of the media assets during playback of each media asset on the client device, based on identification of a tag of the one or more tags. The verification server verifies the playback of the media assets on the client device based on received support information from the client device. The playback of the media assets are verified to satisfy defined asset delivery criteria and to identify and debug a deviation or one or more errors with the playback of the media assets.

Abstract: Communicating a message via a leakage-deterring encryption scheme. A sender computer stores a public key pko of a recipient key-pair (pko, sko) of a message recipient, a commitment c, bound to the public key pko, to a secret s of the message recipient, and a public key pkt of a decryptor key-pair (pkt, skt). A receiver computer stores a secret key sko of the recipient key-pair (pko, sko), the commitment c and an opening o to the commitment. A decryptor computer stores a secret key skt of the decryptor key-pair (pkt, skt). The sender computer is adapted to encrypt a message m for the message recipient by generating ciphertexts. The sender computer sends the ciphertexts to the receiver computer. The receiver computer is adapted to send a ciphertext to the decryptor computer and provide a proof. The decryptor computer is adapted to verify the proof.

Abstract: A media presentation and distribution system includes a verification server that handles dynamic verification of playback of media assets on a client device. The client device receives an asset stream of media assets that comprises one or more tags embedded in the media assets. The client device detects an asset identifier associated with each of the media assets during playback of each media asset on the client device, based on identification of a tag of the one or more tags. The verification server verifies the playback of the media assets on the client device based on received support information from the client device. The playback of the media assets are verified to satisfy defined asset delivery criteria and to identify and debug a deviation or one or more errors with the playback of the media assets.

Abstract: A media presentation and distribution system includes a verification server that handles dynamic verification of playback of media assets on a client device. The client device receives an asset stream of media assets that comprises one or more tags embedded in the media assets. The client device detects an asset identifier associated with each of the media assets during playback of each media asset on the client device, based on identification of a tag of the one or more tags. The verification server verifies the playback of the media assets on the client device based on received support information from the client device. The playback of the media assets are verified to satisfy defined asset delivery criteria and to identify and debug a deviation or one or more errors with the playback of the media assets.

Abstract: A media presentation and distribution system includes a verification server that handles dynamic verification of playback of media assets on a client device. The client device receives an asset stream of media assets that comprises one or more tags embedded in the media assets. The client device detects an asset identifier associated with each of the media assets during playback of each media asset on the client device, based on identification of a tag of the one or more tags. The verification server verifies the playback of the media assets on the client device based on received support information from the client device. The playback of the media assets are verified to satisfy defined asset delivery criteria and to identify and debug a deviation or one or more errors with the playback of the media assets.

Abstract: Examples set out herein provide a method comprising using first cryptographic key data specific to a computing device to verify a package of machine readable instructions to run on the computing device. The verified package may be executed to generate a random number using a true random number generator of the computing device, and to store the generated random number. Second cryptographic key data may be generated by a pseudorandom number generator of the computing device based on a seed comprising a combination of the random number as a first seed portion and a second seed portion. A portion of the second cryptographic key data may be sent to a certifying authority. The method may further comprising receiving a certification value based on the sent portion of the second cryptographic key data from the certifying authority and storing the certification value.

Abstract: The subject matter discloses a method and a system for securely distributing a credential and encryption keys for physical devices. The system comprises a security server and a physical device. the physical device comprises a memory module configured to store a share of the credential, a communication module configured to exchange signals, and a processing module configured to execute calculations upon request received on a wireless manner via the communication module from the security server, the calculations are transmitted to the security server to execute a multi-party computation process. The multi-party computation process outputs two shares of the credential, a first share is stored in the physical device. The physical device does not have access to the credential.

Abstract: The disclosure concerns a method implemented by a processing device. The method includes performing a first execution by the processing device of a computing function based on one or more initial parameters stored in a first memory device. The execution of the computing function generates one or more modified values of at least one of the initial parameters, wherein during the first execution the one or more initial parameters are read from the first memory device and the one or more modified values are stored in a second memory device. The method also includes performing a second execution by the processing device of the computing function based on the one or more initial parameters stored in the first memory device.

Abstract: A disclosed example separates a source data bit stream into at least a high bit stream and a low bit stream, the high bit stream and the low bit stream associated with an entropy band having an entropy designation indicating a level of entropy content, the entropy designation selected from an entropy designation range between a high entropy designation and a low entropy designation; entropy code the high bit stream and the low bit stream separately; create the at least two band entropy coded bit streams; generate a bit mask with a hash, the hash having inputs of at least a strong encryption key and selected data that is from the source data bit stream, the selected data not encrypted during any encryption process; merge the at least two band entropy coded bit streams into a resultant band entropy coded bit stream based on a sequence of at least one indexed value obtained from the bit mask; and at least one of store or share the resultant band entropy coded bit stream in a same file format as the source data b

Abstract: A system and method for providing secure communication between a source and a destination that is secured by secret sharing, during a vulnerability window in which all secret shares are collected in one or more points along the communication paths. Accordingly, during the regular operation of the communication protocol, a common random secret OTP is created by sending random bits from the sender to the receiver and the source is allowed to perform bitwise XOR operation between the information to be sent and the common random secret OTP, prior to using secret sharing. The results of the bitwise XOR operation are sent to the destination using secret sharing and the destination reconstructs the random secret and decrypts the received data, using the common established random secret. The common random secret is based on polynomial randomization being transferred from the source to the destination using secret sharing.

Abstract: An electronic random number generating device (100) for generating a sequence of random numbers, the electronic random number generating device comprising an electronic parameter storage (110) configured to store multiple functions and for each function of the multiple functions an associated modulus, not all moduli being equal, and an electronic function evaluation device (120) configured to generate an internal sequence of random numbers, the function evaluation device being configured to generate a next number in the internal sequence of random numbers by for each function of the multiple functions, evaluating the function for a previously generated value in the internal sequence of random numbers modulo the modulus associated with the evaluating function, so obtaining multiple evaluation results, and applying a combination function to the multiple evaluation results to obtain the next number in the internal sequence, and an output (140) configured to generate a next number in the sequence of random number

Abstract: A method for providing an update of code on a memory-constrained device includes a) determining a minimum necessary compressed code space (MNCCS) of the update of code, b) dividing the update of code into a plurality of chunks, c) applying an All-Or-Nothing Encryption scheme (AONE) on each chunk, d) providing integrity information of least one intermediate ciphertext block of each AONE encrypted chunk, e) verifying integrity of the one or more intermediate ciphertext blocks based on the provided integrity information, f) providing the encryption key of the AONE for decryption of the update of code if integrity was verified, and g) decrypting the intermediate ciphertext blocks using the provided encryption key and updating the code.

Abstract: An encryption module and method for performing an encryption/decryption process executes two cryptographic operations in parallel in multiple stages. The two cryptographic operations are executed such that different rounds of the two cryptographic operations are performed in parallel by the same instruction or the same finite state machine (FSM) state for hardware implementation.

Abstract: A computer-implemented method, in a content delivery (CD) network, wherein said CD network delivers content on behalf of multiple content providers. The method includes, at a client, requesting one or more parts of a randomly generated test object; in response to said requesting, receiving one or more response objects; generating one or more portions of said randomly generated test object, and comparing the one or more response objects received to at least some of the one or more portions of the object generated. Based on said comparing, when said one or more response objects received do not match said at least some of the one or more portions of the object generated, reporting and logging an error.

Abstract: A pre-encryption process for symmetric encryption processes that inputs a bit stream into any existing or future encryption standard to increase encryption complexity with a disproportionate increase in processing time. The first encoding step is the two-stage generation of two strong keys based on a seed strong crypto key and known information from the Source Data bit stream. The second step is to split and encode the bit stream based on entropy levels. After entropy coding, the aligned bit streams are multiplexed in a cyclic fashion to generate one resulting bit stream. The third step is to slice the resulting bit stream into blocks, encrypting each block and adding each block to a coded output bit stream. Each new strong crypto key is derived from the previous crypto key and the previous pre-processed bit stream data. The decoding process is provided that is a simplified inverse of the encoding process.

Abstract: Systems and methods for providing multimedia content from one process or component to another process or component over an unsecured connection are provided. One embodiment includes obtaining the cryptographic information, extracting the at least partially encrypted video data from the container file to create an elementary bitstream, enciphering the cryptographic information, inserting the cryptographic information in the elementary bitstream, providing the elementary bitstream to a video decoder, extracting the cryptographic information from the elementary bitstream at the video decoder, deciphering the cryptographic information, decrypting the elementary bitstream with the cryptographic information and decoding the elementary bitstream for rendering on a display device using the video decoder.

Abstract: A system for encrypting data and transferring or storing data securely may include a computing device including an encryptor configured to generate an encryption key from a network resource and encrypt data using the encryption key to generate encrypted data, and a decryptor configured to generate a decryption key from the network resource and decrypt the encrypted data to generate the non-encrypted data.

Abstract: A method for providing eavesdropping detection of an optic fiber communication between two users includes the steps of exchanging both data and probe signals through at least two channels (400, 500) between the users, exchanging probe signals (143) on one channel (500 or 400) between quantum probe signal terminals, extracting a key for authentication from the probe signals, and exchanging data signals (142) between transmission units on another channel (400 or 500). A first portion of the key generated by the quantum probe signal terminals is used to authenticate the terminals, wherein a second portion of the key is dedicated to define commutation occurrences of commutation devices adapted to commutate the use of the channels (400, 500) for data (142) and probe (143) signals, thus detecting an eavesdropping event (300) which triggers an alarm (750). A further portion of the key can be used to encrypt the messages.

Abstract: A method and apparatus for embedding a data message in a carrier object using steganography. The method provides a secret key and determines an indicator channel from a plurality of color channels in the carrier object, wherein the indicator channel is the color channel in the carrier object that has a maximum number of different pixel values in the carrier object. The method generates a sorted indicator channel value array based on the channel values and the frequency of occurrence of each value of the indicator channel in the carrier object. For each indicator channel value in the sorted indicator channel value array, the method iterates through the carrier object to determine the pixel in the carrier object whose indicator channel value is the same as the current indicator channel value in the sorted indicator channel value array.

Abstract: A method of improving the efficiency of an encryption/decryption process implementing the NIST FIPS 197 standard which includes a substitution box (S-box) and an inverse substitution (inverse S-box), comprises concatenating the S-box and inverse S-box to form a combined lookup table, and folding the concatenated table to generate a folded lookup table. The folded lookup table may be indexed for an encryption operation and for a decryption operation using a signal indicative of whether encryption or decryption is used.

Abstract: To protect customer data and provide increased workflow security for processing requested by a customer, a secure communicational channel can be established between a customer and one or more hardware accelerators such that even processes executing on a host computing device hosting such hardware accelerators are excluded from the secure communicational channel. An encrypted bitstream is provided to hardware accelerators and the hardware accelerators obtain therefrom cryptographic information supporting the secure communicational channel with the customer. Such cryptographic information is stored and used exclusively from within the hardware accelerator, rendering it inaccessible to processes executing on a host computing device. The cryptographic information can be a shared secret, an appropriate one of a pair of cryptographic keys, or other like cryptographic information.

Abstract: An apparatus includes an interface and logic circuitry. The interface is configured to communicate over a communication link. The logic circuitry is configured to convert between a first stream of plaintext bits and a second stream of ciphered bits that are exchanged over the communication link, by applying a cascade of a stream ciphering operation and a mixing operation that cryptographically maps input bits to output bits.

Abstract: A wireless charging apparatus and a wireless charging method are provided. The method includes selecting at least one of a wireless power reception mode and a wireless power transmission mode by a wireless charging apparatus, wirelessly receiving electric power when the wireless power reception mode is selected, and wirelessly transmitting electric power when the wireless power transmission mode is selected.

Abstract: Systems and methods for providing multimedia content from one process or component to another process or component over an unsecured connection are provided. One embodiment includes obtaining the cryptographic information, extracting the at least partially encrypted video data from the container file to create an elementary bitstream, enciphering the cryptographic information, inserting the cryptographic information in the elementary bitstream, providing the elementary bitstream to a video decoder, extracting the cryptographic information from the elementary bitstream at the video decoder, deciphering the cryptographic information, decrypting the elementary bitstream with the cryptographic information and decoding the elementary bitstream for rendering on a display device using the video decoder.

Abstract: An efficient data deduplication method for use in a dispersed storage network (DSN). After a data object is received for storage in the DSN, it is determined whether a substantially identical data object has previously been encrypted and stored. The determination may be made, for example, by comparing an encryption key reference value relating to the data object to key reference information stored in DSN memory. If not detected, the data object is encrypted using an encryption key based on the data object. The encrypted data object is then compressed and stored. The encryption key and a key reference value are also stored as encoded key slices in DSN memory. If the data object was previously stored, it is encrypted using a retrieved encryption key that is substantially identical to the data object. The data object may then be compressed for storage using a pattern based data compression function.

Abstract: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.

Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.

Abstract: An information processing apparatus includes connection means, reception means, and installation means. The connection means automatically connects to a server. The reception means automatically performs processes of receiving one or more programs from the server. The installation means automatically performs processes of installing the programs on the information processing apparatus.

Abstract: A system for measuring in an anonymous manner one or more spatial positions of one or more user devices within a region, wherein the system includes a wireless arrangement for receiving signals from the one or more user devices for determining the one or more spatial positions of the one or more user devices, wherein the wireless arrangement is operable to receive one or more user identification codes from the one or more user devices, wherein the one or more user identification codes include N bits; the system is operable to apply a mapping function to map the one or more user identification codes to form one or more corresponding secondary identification codes by decreasing an entropy of the one or more user identification codes by K bits; and the system is operable to modify the one or more corresponding secondary identification codes by increasing entropy of the one or more corresponding secondary identification codes by M bits.

Abstract: A non-linear processor, which subjects an input value from a feedback shift register storing an internal state of a stream cipher to non-linear processing to output a key stream, is connected to internal registers, which store output values from a non-linear substitution circuit which subjects the input value to non-linear substitution processing. The non-linear processor is provided with an exclusive-OR unit, which is at an input end of each of the internal registers and carries out an operation of a random number generated from part of values stored in the feedback shift register and the output value of the non-linear substitution circuit to mask the output value of the non-linear substitution circuit, and another exclusive-OR unit, which is provided at an output end of the internal register and performs an operation to unmask the value stored in the internal register.