Abstract: In one embodiment, method that can be performed on a system, is provided to security implementations for storage devices. In one embodiment, the method comprises providing a separate encryption seed for each of a plurality of separate addressable blocks of a non-volatile storage device, wherein a common encryption method is to encrypt data to be stored on the plurality of separate addressable blocks. In one embodiment, the storage device is a portable storage device. In one embodiment, encryption seed is an Initialization Vector (IV). In one embodiment, the encryption seeds comprise at least one of a media serial number and a logical block address corresponding to the respective block of the non-volatile storage device. In an alternative embodiment, the method further comprises storing at least a part of the separate encryption seed of the separate blocks of the non-volatile storage device within the respective blocks of the storage device.

Abstract: Described herein is an efficient encryption method and system having improved security features based on randomness. The method and system utilize a random dictionary insertion and a random dictionary permutation, and a key stream generated by a stream cipher. Security analysis results show that the method and system provides a higher level of security without incurring any coding efficiency loss, compared with a existing encoding methods.

Abstract: An encryption-decryption circuit for encrypting and decrypting data. The encryption-decryption circuit comprises: 1) an N-bit shift register for storing and shifting an N bit keyword; 2) a first exclusive-OR gate array for receiving M bits from the N-bit shift register and generating a one-bit exclusive-OR result that is shifted into an input of the N-bit shift register; and 3) a second exclusive-OR gate array comprising K exclusive-OR gates, each of the K exclusive-OR gates receiving one of K bits from the N-bit shift register and one of K data bits from a received K-bit data word and generating therefrom an exclusive-OR result. The K exclusive-OR gates thereby produce one of: i) a K-bit encrypted data word and ii) a K-bit unencrypted data word.

Abstract: A method for monitoring execution of a sequence of data processing program instructions in a security module associated to a multimedia unit connected to a managing center supplying control messages authorizing access to broadcast data streams. The security module comprises a processor for executing the instructions, a memory, and a monitoring module for analyzing the instructions before execution by the processor. The managing center comprises a security module emulator generating reference data sets by executing a sequence of instructions induced by data of a given control message in the program. The reference data sets are appended to control messages sent to the security module. The monitoring module analyzes a sequence of program instructions for determining a check data set which is compared with a reference data set received from the control messages. When the reference and check data sets match, the program continues executing. Otherwise, further control message processing stops.

Abstract: A method for generating a root key is described. Stable bits of a plurality of comparator outputs are identified. The root key is selected from a number of the identified stable bits. A statistically unique value is calculated from the root key using a cryptographically secure function. An identifier of the identified stable bits and the statistically unique value are stored in a memory.

Abstract: Apparati, methods, and computer-readable media for strengthening a one-time pad encryption system. A method embodiment of the present invention comprises the steps of encrypting plaintext (1) with an OTP key (2) in an XOR operation to produce ciphertext (3); and obfuscating the ciphertext (3) with an AutoKey (4) in an XOR operation to produce AutoKeyed ciphertext (5), wherein the AutoKey (4) is a reusable key.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a gateway comprising a controller to receive from a communication device a request for media content, receive a key and a record associated with the communications device from an interactive Television (iTV) system, wherein the record comprises a list of entitled media content, determine whether the requested media content is in the list of entitled media content, retrieve the requested media content from the iTV system when the requested media content is determined to be in the list of entitled media content, encrypt the retrieved media content utilizing the key, and transmit the encrypted media content to the communications device. Other embodiments are disclosed.

Abstract: A method and apparatus are disclosed for managing components of a secret key according to a secret sharing scheme. The disclosed secret sharing scheme divides a secret value, R, into n secret components (R1, R2, . . . , Rn) and one super component, S, in such a way that R can be computed from (i) any k or more Ri components (k<n); or (ii) S and any one component of Ri. The secret components (R1, R2, . . . , Rn) are distributed to a number of authorized users. A multiple threshold secret sharing scheme assigns various users in a group into one of a number of classes. Each user class has a corresponding threshold level that indicates the number of users that must come together with their assigned components to obtain access to the shared secret. The multiple threshold scheme divides the secret into n components each having an assigned threshold level (i.e., the number of such components that are required to obtain the secret).

Abstract: A system, method, apparatus and machine-readable medium for stashing an information packet, received by a network interface device, are provided. The method includes i) extracting information from the received information packet; ii) determining the stashing size of the information packet; and iii) stashing the information packet, based on the determined size. The information can be extracted from the layer-2, layer-3 and layer-4 headers and trailers of the information packet. Dynamic stashing results in an enhanced performance of the communication systems.

Abstract: A bit sequence which is generated by a feedback shift register is decimated with a variable decimation value m (m?|N) in a predetermined manner which is known on the decryption side, i.e. in that every mth bit of the bit sequence is picked out from the bit sequence so as to obtain the key bit stream.

Abstract: An apparatus for enciphering data by which enciphered digital information data with improved cipher strength are obtained by subjecting digital information data to enciphered process responding to random number data or pseudo-random number data produced in accordance with key data, and which comprises an enciphering portion for subjecting an HD signal to enciphering process to produce an enciphered HD signal, a cipher producing portion for producing, in response to key data, a cipher data from which random number data or pseudo-random number data are obtained to be supplied to the enciphering portion, a register for supplying the cipher producing portion with input data, and a line number data extracting portion for extracting line number data from the HD signal to be supplied to the register as initial data.

Abstract: Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.

Abstract: A method of encrypting and transmitting data and a system for transmitting encrypted data. The method includes one or more different encryption algorithms, and may include employing different encryption algorithms to achieve multiple levels of encryption. A first encryption algorithm is based upon multiple rearrangements of bits representing data to obtain encoded data. A second encryption algorithm is based upon performing multiple XOR operations on bits representing data so that each data word is at least encoded with previous data words. The system comprises first and second computers and a plurality of communication parameters. The two computers are communicably connected to a network, and the second computer is adapted to route a transmission to the first computer. The transmission includes a data part and a header part, both of which are encrypted by the second computer utilizing the communication parameters. The first computer decrypts the transmission utilizing the communication parameters.

Abstract: A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream.

Abstract: A parallel processing shrinking key generator is provided. The parallel processing shrinking key generator includes: a selection linear feedback shift register (LFSR); a source LFSR; a selection logic circuit for selecting one of a source bit of the source LFSR and a predetermined input bit according to a selection bit of the selection LFSR; an index counter for assigning an index where output bits of the selection logic circuit are stored at a next clocking of a clock signal; and an output amount register for shifting an output bit of the selection logic circuit according to the assignment of the index counter.

Abstract: An anonymous vehicular broadcast system that has encrypted links between the roadway infrastructure and the vehicles. The vehicles each have a common private key that is generated from a certification key, provided by a certification authority, and a configuration key that is generated at each power up of the vehicle. The configuration key is not stored in the vehicle so that the vehicle is only stores a portion of the private key.

Abstract: A method for processing streaming media contents is provided. The method includes: encrypting the streaming media contents and generating corresponding Entitlement Control Message (ECM) and Entitlement Management Message (EMM); and transmitting the encrypted streaming media contents, the ECM and the EMM to a terminal device, in which each I frame of the encrypted streaming media contents is segmented into multiple data packets for transmission and the ECM is transmitted during the transmission of the multiple data packets. A conditional access system and a system for processing streaming media contents are also provided. Through the above technical solutions, fuzzy screen phenomena in processing streaming media contents may be eliminated, channel-switching time or dark screen time may be reduced, and thus the user's experience may be improved.

Abstract: A wireless vehicle and infrastructure system is described that allows for utilization of a quasi-anonymous common private key/digital certificate pool, such that all vehicles are authenticated to the system, but no one vehicle/user can be readily identified during their use of the system because of their use of set of common private key/digital certificate pairs that are assigned to each vehicle from the pool and are common across multiple vehicles. Vehicle/user anonymity is only temporarily removed during vehicle/user re-authentication and re-issuance of new common private key/digital certificate pairs from the pool in the wireless vehicle and infrastructure system.

Abstract: The present invention is directed to a three-phase encryption method and a three-phase decryption method, and an apparatus implementing the three-phase encryption method and/or the three-phase decryption method. To encrypt a message according to the three-phase encryption method, a content of a message is converted from a first form M to a second form M?; the content of the message is separated according to a spacing pattern; and the content of the message is scrambled according to a scrambling pattern. To decrypt the message encrypted using the three-phase encryption method, the scrambling and spacing patterns are reversed, and the content of the message is converted from the second form M? to the first form M.

Abstract: The present invention provides a receiving apparatus including a device key generating unit which generates a device key, a work key generating unit which generates a work key, a device key storing unit which sequentially stores the generated device key, every time the device key is updated, and a recording unit which stores a digital broadcast signal in a transport stream format, wherein in a case where the device key generating unit cannot generate, from the stored transport stream, a device key necessary for descrambling the stored transport stream when the stored transport stream is to be reproduced, the work key generating unit decrypts an encrypted work key that is obtained from the stored transport stream, using the device key stored in the device key storing unit, and generates a work key.

Abstract: Described herein are various embodiments of a coding technique that utilize a stream cipher for switching between first and second coding conventions for encoding a symbol sequence. The first coding convention specifies a first mapping between a symbol and a first codeword and the second coding convention specified a second mapping between the symbol and a second codeword. According to the invention, a key generated by the stream cipher is used to selected one of the first and second coding convention and the mapping of the selected coding convention is then utilized for encoding the symbol.

Abstract: A system and method for secure wireless cryptographic communication among participants in a wireless computing network is presented. This secure communication method is based on a random modulation technique and a domino match. Once the initial modulation scheme is selected, each data transmission includes an indication of what modulation scheme should be used for the next data transmission. If a given number of bits are to be used, the modulation scheme for the final transmission may be limited to complete the bit transfer. The bit value assignments within particular modulation schemes may also be varied for each subsequent transmission.

Abstract: In accordance with one embodiment, a method for securing control words is provided. The method includes receiving scrambled digital content in a descrambler integrated circuit. The method further includes receiving an encrypted control word in the descrambler integrated circuit, decrypting the encrypted control word using a key stored in a register circuit of the descrambler integrated circuit, and descrambling the scrambled digital content in the descrambler integrated circuit using the decrypted control word.

Abstract: A plurality of storage location numbers (“SLNs”), each having a cryptographic period, is received at a first device (100). A system cryptographic period is determined based on the SLN cryptographic periods. Prior to expiration of each system cryptographic period, if at least one SLN requires an updated, the first device sends updated key material for the at least one SLN. A second device (102) maintains first, second, and third keysets, wherein the first and second keysets comprise key material. The second device receives a message to make the first keyset active, and a second message for updating at least a portion of the key material in the second keyset with updated key material for at least one SLN. The second device makes the third keyset equivalent to the second keyset, updates the second keyset with the updated key material, and receives a third message to make the second keyset active.

Abstract: A system that facilitates efficient code construction comprises a component that receives a first code and a transformation component that transforms the first code to a new code. The new code has essentially same length parameters as the first code but is hidden to a computationally bounded adversary. The first code can be designed in the noise model and appear random to a computationally bounded adversary upon transformation.

Abstract: Stream cipher encryption and message authentication. Stream cipher encryption is performed by generating a keystream at the transmitting end from a state value, applying the keystream to plaintext to generate an encrypted message block having at least a portion of the plaintext converted to ciphertext, and updating the state value as a function of said at least a portion of the plaintext. Stream cipher decryption is performed by generating a keystream at the receiving end from the same state value, applying the keystream to the encrypted message block to convert the ciphertext to plaintext, and updating the state value as a function of the plaintext. Message authentication techniques are also described.

Abstract: A method of registering network devices in a digital rights management system (DRMS) includes receiving a digital certificate transmitted by the network device requesting registration and verifying the validity of the certificate. The DRMS may then send cryptographic information to the applying network device. The network device may be authorized for registration via a user interface to the DRMS. The DRMS may conduct a proximity test to determine of the network device is proximate to the DRMS. If the certificate is validated, authorization is received, and the proximity test indicates that the network device is proximate to the DRMS, the network device may be registered. A registered network device is then authorized to play protected digital content.

Abstract: Receiving a request for an attestation of platform configuration from an attestation requestor, receiving an acceptable configuration, and if the platform matches the acceptable configuration, sending an attestation of platform configuration including a signed response indicating that the platform configuration matches an acceptable configuration to the attestation requester.

Abstract: The present invention is directed to a system and method for secure transmission of electronic document data on a network. The method begins with the receipt of user identification data associated with the identity of a user of document processing devices on the associated network. A password key, composed of a first share and a second share, is then generated from the user identification data. The first share is then communicated to an associated storage area. Electronic document data is then received, and an encryption key is randomly generated. The electronic document data is then encrypted using the encryption key. The second share is then appended to the encrypted electronic document and the combined data is communicated to an associated document processing device.

Abstract: The present invention makes use of techniques such as those described by Boneh and Franklin to allow for the realisation of a pseudo-asymmetric encryption scheme whereby one public encryption corresponds to a plurality of private decryption keys. This scheme therefore provides a solution to the problem of inefficient use of bandwidth in asymmetrical encryption schemes which inherently require that a plurality of encryptions of data be broadcast to a plurality of receivers. The invention further ensures that the advantage of traceability, typical found in asymmetric encryption schemes, is maintained due to the characteristic that each receiver uses a unique traceable decryption key. The traceability thus achieved by the present invention allows for the revocation of a security module which has been involved in the abusive use of conditional access data, particularly by means of clones of security modules whose security has been compromised.

Abstract: Systems, methods, and data structures for transparently embedding non-compliant data in a data stream are described. One method includes embedding random encryption/decryption information into an MEPG multimedia, video, or audio stream transparently to an MPEG decoder in an ISO/MPEG 13818-1 compliant system to control access. The invention works for variable length data streams and involves a PES header. Spare bytes, stuffing bytes, or additional bytes as defined in the MPEG specification for PES headers are used to store key information by a computer capable of modifying the original data stream. There is no need for a parallel data stream for the key information because the key information is transparently inserted directly into the data stream. Additional information is embedded into the data stream that can be used for encryption/decryption without having to modify other components in a playback system.

Abstract: Distributing information, including the steps of watermarking the digital content, distributing the digital content using a multi-source system, and partially fingerprinting digital content at each stage of moving information from a point of origin to the viewer. “Adaptation” of the digital content to the recipient includes maintaining the digital content in encrypted form at each such intermediate device, including decrypting the digital content with a key unique to both the device and the specific movie, selecting a portion of the watermark locations into which to embed information, embedding fingerprinting information into those locations sufficient to identify the recipient, and encrypting the fingerprinted digital content with a new such key.

Abstract: According to some embodiments, verification information is provided for a digital video signal. For example, a digital video signal including a first portion and a second portion may be determined at a video server. Verification information associated with the first portion may be calculated using a verification function and encrypted. The encrypted verification information may then be embedded into the second portion.

Abstract: A method for minimizing overhead occurring caused by control information for encryption performed to protect MBMS data for an MBMS service in a mobile communication system. This method is implemented by distinguishing a case in which control information used for encryption is updated from another case in which the control information used for encryption is not updated, and transmitting different control information according to the distinguishment result. That is, when the control information used for encryption is not updated, only minimized control information is transmitted, and when the control information for encryption is updated, the entire updated control information is transmitted. Accordingly, the amount of control information transmitted along with MBMS data is minimized, contributing to an increase in the amount of MBMS data transmitted per unit time.

Abstract: An encryption/decryption system capable of supplying data only to a user making a request. A computer encrypts data with a common key, encrypts the common key with a public key, and transmits the encrypted data and the encrypted common key. A copy machine receives these data, encrypts challenge data with the public key, and transmits the encrypted challenge data to an IC card. The IC card decrypts the encrypted challenge data with a private key, and feeds the decrypted challenge data back to the copy machine. The copy machine transmits the IC card an encrypted common key of reception data offering decrypted challenge data identical to the original challenge data. The IC card decrypts the encrypted common key and feeds the decrypted common key back to the complex copy machine. The complex copy machine decrypts the encrypted data with the common key.

Abstract: A method and system for processing a data set. More particularly, the present invention provides a method and system for encrypting or decrypting a data set so that the data set remains entirely in the ASCII printable range. The method and system of the present invention allow a key of any length to be selected. Once selected, the key is formatted to the length of the data set and then masked so that predetermined bits are set to zero. An exclusively-OR result is then formed with the data set and the masked key to yield an encrypted data set.

Abstract: A method and apparatus for digital content access control comprises determining the occurrence of a synchronization event that triggers synchronization of information used by one or more content provisioners to create an authenticated digital content request that is based at least in part on a digital content request comprising a request for digital content with information used by one or more content repositories to validate the authenticated digital content request and to return the digital content based at least in part on the validation. The method also comprises determining the information in response to the sychronization event and sending the information to at least one of the group comprising the one or more content provisioners and the one or more content repositories.

Abstract: A data storage device is secured by extracting timing information encoded within a password-related symbol stream received by the storage device and denying access if the timing information is incorrect or the symbol stream is not identical to a valid authentication sequence. In one embodiment, each symbol corresponds to a password, and at least one symbol is transmitted within a specified timing window while at least one other symbol must be transmitted at a random time that varies with each authentication attempt. In certain embodiments, a computing device associated with the data storage device is configured to provide a single password prompt, receive a character sequence corresponding to a plurality of passwords from a user, and communicate an encrypted symbol stream to the storage device with a specified timing pattern imposed thereon.

Abstract: A data storage device is secured by extracting timing information encoded within a password-related symbol stream received by the storage device and denying access if the timing information is incorrect or the symbol stream is not identical to a valid authentication sequence. In one embodiment, each symbol corresponds to a password, and at least one symbol is transmitted within a specified timing window while at least one other symbol must be transmitted at a random time that varies with each authentication attempt. In certain embodiments, a computing device associated with the data storage device is configured to provide a single password prompt, receive a character sequence corresponding to a plurality of passwords from a user, and communicate an encrypted symbol stream to the storage device with a specified timing pattern imposed thereon.

Abstract: In one embodiment, a system comprises debug functionality, a debug interface communicatively coupled to the debug functionality, and a hardware key interface. Communication with the debug functionality over the debug interface is not permitted if an authorized hardware key is not communicatively coupled to the hardware key interface.

Abstract: The present invention is directed to a system and method for secure communication of electronic documents to a document processing device. A document processing request containing electronic document data is received containing document data in an unencrypted form. A seed value is then received and used to generate a random number. The random number is used to encrypt the electronic document. The seed value, in a header, is transmitted, along with the encrypted electronic document, to a document processing device. The document processing device extracts the seed value from the header and uses the seed value to generate a random number. The encrypted document is then decrypted using the random number generated from the seed value. The document processing device subsequently performs the selected document processing operation on the decrypted electronic document.

Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.

Abstract: Stream ciphers, including synchronous stream ciphers, self-synchronizing stream ciphers, and totally asynchronous stream ciphers, employ a working key and a quasigroup transformation, where the quasigroup used is based on an initial secret key. Error-correction and pseudo-random number generation improver methods also employ quasigroup transformations.

Abstract: According to the invention, a method for protecting digital television from unauthorized digital receivers within a population of digital receivers is disclosed. Each digital receiver in the population has a unique identifier. In one step, provisioning information is received from a subset of the population of digital receivers indicating that the subset is potentially within range to receive digital television from a broadcaster. First decryption information is distributed to the subset of the population of digital receivers. The first decryption information allows for potentially decrypting a plurality of programs coextensively in time. The unauthorized digital receivers are cryptographically excluded from using the first decryption information. A first program is encrypted using a first method that is cryptographically related to second decryption information. The first program is sent. The second decryption information is distributed and cryptographically secured with the first decryption information.

Abstract: A server and a client hold common secret information in respective secret information holding units. A server Cyclic Redundancy Check (CRC) unit in the server generates a CRC code after adding the secret information to communication data, and transmits the communication data with the CRC code attached. A client CRC unit of the client generates a CRC code after adding the secret information to communication data, and checks whether or not an error has occurred in the communication data on the communication path. Since the client holds the secret information, the client determines that an error has not occurred, and obtains the communication data. On the other hand, a router, which does not hold the secret information, is unable to obtain the communication data. This prevents the communication data from being transferred to devices outside an authorized domain.

Abstract: The invention is directed to a system for securing an integrated circuit chip used in an electronic device by utilizing a circuit or other entity to produce physically unclonable functions (PUF) to generate a security word, such as an RSA public or private key. A PUF, according to its name and configuration, performs functions that are substantially difficult to be duplicated or cloned. This allows the invention to provide a unique and extremely secure system for authentication. In operation, the stored parameters can be used to more efficiently and quickly authenticate the device without the need to run the burdensome security key generation processes without compromising the level of security in the device. Such a system can be used to substantially eliminate the time to produce security keys when a user needs to authenticate the device at power up or other access point.

Abstract: An encryption apparatus and method for providing an encrypted file system are provided. The encryption apparatus and method of the illustrative embodiments uses a combination of encryption methodologies so as to reduce the amount of decryption and re-encryption that is necessary to a file in the Encrypted File System in the event that the file needs to be modified. The encryption methodologies are interleaved, or alternated, with regard to each block of plaintext. In one illustrative embodiment, Plaintext Block Chaining (PBC) and Cipher Block Chaining (CBC) encryption methodologies are alternated for encrypting a sequence of blocks of data. The encryption of a block of plaintext is dependent upon the plaintext or a cipher generated for the plaintext of a previous block of data in the sequence of blocks of data so that the encryption is more secure than known Electronic Code Book encryption methodologies.

Abstract: A system and method for wireless cryptographic key exchange among participants in a wireless computing network is presented. This allows the authorized participants in the wireless communication session not have the same key before the wireless computing session begins. This wireless online key exchange/generation is based on a random modulation technique and a domino match. Once the initial modulation scheme is selected, each data transmission includes an indication of what modulation scheme should be used for the next data transmission. If a given number of bits are to be used, the modulation scheme for the final transmission may be limited to complete the bit transfer. The bit value assignments within particular modulation schemes may also be varied for each subsequent transmission.

Abstract: A method and radio receiver are provided for receiving and deciphering RF signals having encrypted data information relevant to the receiver environment. According to one aspect of the present invention, the receiver includes an input for receiving an RF signal having a data stream including a key selector and encrypted data including a message, and a demodulator for demodulating the data stream and outputting encrypted data including the message. The receiver further includes a data decryption circuit including memory for storing one or more groups of decryption keys based on a characteristic of the receiver environment. The data decryption circuit selects a decryption key based on the key selector and decrypts the message based on the selected decryption key.

Abstract: To encrypt a digital object, a key ID is selected for the digital object, and a function ƒ( ) having an input and an output is selected. The selected key ID is then employed as the input to the function ƒ( ), and the output of such function ƒ( ) is employed as the key (KD) for the digital object: ƒ(key ID)key (KD). The digital object is then according to such key (KD), and the encrypted digital object is distributed.