Abstract: Embodiments of the present invention provide an MTC device authentication method, an MTC gateway, and a related device, which are used to solve a problem that direct interaction between a large quantity of MTC devices and a network side brings a heavy load to a network when the MTC devices are authenticated in the prior art. The method includes: performing, by an MTC gateway, mutual authentication with a core network node; performing, by the MTC gateway, mutual authentication with an MTC device; reporting, by the MTC gateway, a result of the mutual authentication with the MTC device to the core network node; and providing, by the MTC gateway, a non access stratum link protection key K between the MTC device and the core network node according to a key K1 or a key K2.

Abstract: A method, computer readable medium and apparatus for hashing wireless traffic are disclosed. For example, the method hashes the wireless traffic uniformly by a plurality of probe servers based on at least one first key to provide a plurality of streams, and hashes at least one output stream of each of the plurality of probe servers uniformly based on at least one second key to provide a plurality of output streams. The method then provides the plurality of output streams to at least one aggregator server.

Abstract: This data protection system encrypts and stores data in a memory card, using a double encryption key scheme for encrypting the data with a data key and further encrypting the data key with a user key. This system provides data to a particular host device from the memory card and limits provision of the data to other host devices. The host device includes DPS program that governs control of writing data to, and reading data from the memory card. The memory card includes a first non-volatile memory and a memory controller that controls the first non-volatile memory. DPSA program is implemented in the memory controller that manages ID information for identifying a user capable of decrypting the encrypted data with the user key.

Abstract: An exponentiation method resistant against side-channel attacks and safe-error attacks. Input to the method is g in a multiplicatively written group G and a /-digit exponent d with a radix m>1 and output is z=gd-1·(d?1) is expressed as a series of (/?1) non-zero digits, d*0 . . . d*I-2, in the set {m?1, . . . , 2m?2} and an extra digit d*I-1 that is equal to dI-1?1, where dI-1 represents the most significant radix-m digit of d, and gd-1 is evaluated through a m-ary exponentiation algorithm on input g and (d?1) represented by d*0 . . . d*I-1. Also provided are an apparatus and a computer program product.

Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

Abstract: In the field of computer enabled cryptography, such as a block cipher, the cipher is hardened against an attack by protecting the cipher key, by applying to it a predetermined linear permutation before using one key to encrypt or decrypt a message. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key, or where each user session has its own key.

Abstract: Embodiments are directed towards enabling cryptographic key management without disrupting cryptographic operations. Embodiments may be employed to generate cryptographic keys based on at least one key parameter that may be provided by an administrator. The administrator may generate key managers and key request users that may be linked to particular cryptographic keys. The cryptographic keys may be stored on key exchange servers separate from the key management server. Responsive to a request for a cryptographic key, the key exchange servers may authenticate the key request user associated with the request. The key request may be validated based on at least one key parameter and a portion of the key request. The key exchange server may generate the requested cryptographic keys providing them to the key request user over the network.

Abstract: This document describes techniques and apparatuses enabling application of digital rights management (DRM) to media streams. In one embodiment, three license levels are used to protect numerous television channels without undue use of computing resources.

Abstract: A method and apparatus for an iterative cryptographic block under the control of a CPU and without a fixed number of stages. In one embodiment, a first cryptographic block descrambles received information using an internal key or a preprogrammed key to form a descrambled key or descrambled data. A data feedback path stores the descrambled data as internal data and provides the internal data or the external data as data input to the first cryptographic block. A key feedback path stores the descrambled key as an internal key and provides the internal key or the preprogrammed key to a key input of the first cryptographic block. A second cryptographic block descrambles received content using a final descrambling key. Other embodiments are described and claimed.

Abstract: A device for generating a session key which is known to a first communication partner and a second communication partner, for the first communication partner, from secret information which may be determined by the first and second communication partners, includes a first module operable to calculate the session key using a concatenation of at least a part of a random number and a part of the secret information. The device also includes a second module operable to use the session key for communication with the second communication partner.

Abstract: A method substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. A device substantially as shown and described the detailed description and/or drawings and/or elsewhere herein.

Abstract: A method for transmitting a Rights Object (RO) includes generating a password key by encrypting a password, generating the RO using the password key, and transmitting the RO from a first device to a second device. The second device and the first device share the password and the second device generates the password key using the same encryption method as that used by the first device to generate the password key. The second device decrypts a Message Authentication Code (MAC) key and a Rights Object Encryption Key (REK) using the password key, decrypts a Content Encryption Key (CEK) using the decrypted REK, and verifies integrity of the RO using the decrypted MAC key. The second device can use and/or access content associated with the RO using the decrypted CEK. The CEK may be generated by the first device or may be the CEK from a Rights Issuer.

Abstract: A system for encryption, and subsequent decryption, of encoded data allows for transcoding of the encrypted data. The data is encoded in such a way that different packets have different importance levels, so that some or all of the packets at the lower importance levels can be discarded or truncated in order to reduce the data rate. This is achieved by introducing dependencies into the encoding process. The packets at the highest importance level are encoded with reference only to other packets at the highest importance level, while the encoding of packets at lower importance levels also depend on the encoding of the packets at the highest importance level. The encoded data is then encrypted in such a way that the encryption process has dependencies that correspond to the dependencies in the encoding process.

Abstract: A method, of an aspect, includes challenging a set of Physically Unclonable Function (PUF) cells, of an integrated circuit device, and receiving a set of PUF bits from the PUF cells in response. A PUF key is generated based on the set of PUF bits. An encryption of the PUF key with an embedded key is output from the integrated circuit device. The integrated circuit device receives an encryption of a fuse key with the PUF key. Fuses of the integrated circuit device are programmed with at least one of the fuse key and the received encryption of the fuse key with the PUF key. Other methods, apparatus, and systems are also disclosed.

Abstract: Disclosed are methods, circuit, devices and systems for provisioning cryptographic material to a target device. According to embodiments, a cryptographic material provisioning (CMP) module may be adapted to process a provisioning message with a first message portion which is encrypted with a native key of the target device and which includes first cryptographic material along with a first permissions data vector, wherein the CMP may be further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.

Abstract: The present invention provides a solution to the problem of guaranteeing the integrity of software programs by encrypting all or part of each instruction of a program using a key based on all or part of one or a plurality of previous instructions, thus resulting in a different encryption key per instruction. The invention is applicable to software programs whose structures are not necessarily tree-like in nature and is also applicable when the program includes loops, jumps, calls or breaks etc. The invention allows for an exception to be flagged when an encrypted instruction is wrongly decrypted. There is no need for the first instruction to be in clear, since the instruction key may be appropriately initialized as required. The invention can be realized in software or entirely in hardware thereby eliminating the possibility of a third party intercepting a decrypted instruction or a decryption key.

Abstract: A microprocessor includes an architected register having a bit (may be x86 EFLAGS register reserved bit) set by the microprocessor. A fetch unit fetches encrypted instructions from an instruction cache and decrypts them (via XOR) prior to executing them, in response to the microprocessor setting the bit. The microprocessor saves the bit value to a stack in memory and then clears the bit in response to receiving an interrupt. The fetch unit fetches unencrypted instructions from the instruction cache and executes them without decrypting them after the microprocessor clears the bit. The microprocessor restores the saved value from the stack in memory to the bit in the architected register (and in one embodiment, also restores decryption key values) in response to executing a return from interrupt instruction. The fetch unit resumes fetching and decrypting the encrypted instructions in response to determining that the restored value of the bit is set.

Abstract: A method includes receiving data which has been encoded according to a first higher complexity protection scheme and compressed. The method also includes decompressing the data. The method also includes decoding the data according to the first higher complexity protection scheme using a first higher complexity key. The method also includes encoding at least the first portion of the data according to a second higher complexity protection scheme using a second higher complexity key. The method also includes encoding at least a second portion of the data according to a lower complexity protection scheme using a lower complexity key.

Abstract: A method and apparatus for client authentication using a pseudo-random number generation system. The pseudo-random number generation utilizes a secret key as well as state information as input into the hash function to generate a pseudo-random number. The state information that is part of the input can be any number of prior generated pseudo-random numbers. The authentication allows for synchronization of the client and server by exchanging state information. The authentication is not dependent on any absolute time and consequently the client and servers are not required to maintain a reliable shared time base.

Abstract: Data is transmitted between a first user and a second user via an information technology communications network, in a method comprising the steps of: generating a first hash value for a selected one of the data items; digitally signing and encrypting the first hash value with a secret identifier associated with the first user; transmitting to a second user the encrypted first hash value; receiving and storing the transmitted encrypted first hash value for audit purposes and generating a second hash value for the received encrypted first hash value; encrypting the second hash value with a private identifier associated with a second user and a public identifier associated with the first user; and returning the encrypted second hash value to the first user.

Abstract: A system for encrypting Secure Volumes using an encryption key which is saved in the open after being encoded inside a hardware token device utilizing a secure secret which is stored inside the device, and which never leaves the device. The encrypted volume can be accessed again only after a hardware token has decoded this encryption key. The system also provides means whereby the holder of a Master token and the holder of a Grand Master token may also have access to the volume as long as the user token was previously registered to the Master token, and the Master Token was previously registered to the Grand master token before the secured volume was encrypted. Also, the system allows members of user groups so designated at the time the volume is encrypted, to be able to have access to the volume as long as their token was previously registered with the same Master Token as the user that encrypted the volume and as long as the token encrypting the volume was also a member of the authorized user group.

Abstract: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key space division and sub-key derivation for mixed media digital rights management content and secure digital asset distribution. A system practicing the exemplary method derives a set of family keys from a master key associated with an encrypted media asset using a one-way function, wherein each family key is uniquely associated with a respective client platform type, wherein the master key is received from a server account database, and identifies a client platform type for a client device and a corresponding family key from the set of family keys. The system encrypts an encrypted media asset with the corresponding family key to yield a platform-specific encrypted media asset, and transmits the platform-specific encrypted media asset to the client device. Thus, different client devices receive device-specific encrypted assets which can be all derived based on the same master key.

Abstract: Embodiments of a wireless device and methods for rekeying with reduced packet loss in a wireless network are generally described herein. In some embodiments, during rekeying operations a new key for reception may be installed early (i.e., prior to receipt of a rekeying confirmation message). The use of the new key for transmission may be delayed until after receipt of the rekeying confirmation message. The early installation of the new key for reception may allow both the new key and old key to be active at the same time for use decrypting received packets to reduce packet loss during rekeying operations. The rekeying confirmation message may be the fourth message of a four-way handshake for rekeying. In some embodiments, two key identifiers may be alternated between four-way handshakes to prevent deletion of the old key.

Abstract: A method performed in a third computing device comprises: receiving a request from one of a first computing device and a second computing device; and in response to the request, facilitating establishment of a security association between the first computing device and the second computing device such that the first computing device and the second computing device can then facilitate establishment of a security association between first user equipment and second user equipment. The first computing device, the second computing device and the third computing device comprise at least a part of a key management hierarchy wherein the first computing device and the second computing device are on a lower level of the hierarchy and the third computing device is on a higher level of the hierarchy. The first and second computing devices are configured to perform a key management function for respective first and second user equipment.

Abstract: A key generation device according to the present invention hierarchically constructs a Y-ary tree structure where n reception devices are assigned to leaves, and forms subgroups where individual intermediate nodes existing between the leaves and a root of the Y-ary tree structure are defined as parent nodes. By providing new parameters to the individual intermediate parameters, the subgroups can be formed flexibly. In a case where no excluded customer exists or the number of excluded customers is small, the size of a header to be delivered and the calculation amount of an operation that a customer needs to perform can be reduced.

Abstract: The present invention relates to a method for secure communications and communication networks having communication devices, using secure means like encryption system for securing communications. More particularly, the present invention relates to a method for secure communications from a first node (N1) to a second node (N2) in a network, the first node comprising a first node keying material (KM(ID1)), the second node comprising a second node keying material (KM(ID2)), wherein the keying materials of the first node and of the second node comprise each a plurality of keying root shares formed by keying root share segments. The method using key segmentation for pre-distributing keying material according to a variable distribution for increasing the resiliency of existing methods.

Abstract: The invention relates to a method for decrypting encrypted broadband data by one or more authorized users comprising the following steps: provision of the encrypted broadband data (10) for a plurality of users; provision of encrypted or non-encrypted key data (30), which is of a comparatively narrower band than the broadband data (10) and which is personalized for one or more authorized users, exclusively in a decryption unit (40), said narrow-band key data (30) being held in the decryption unit (40) in a form that is not accessible to the authorized user; at least partial decryption of the encrypted broadband data (10) in the decryption unit (40) in order to output a broadband data stream (70) that is at least partially decrypted; or generation of broadband key information (30?) from the narrow-band key information (30) in the decryption unit (40) for the subsequent decryption of the encrypted broadband data (10).

Abstract: The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied.

Abstract: The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

Abstract: Disclosed is an apparatus and method for generating a security key in a mobile communication system that performs security key generation. An Authentication, Authorization and Accounting (AAA) server generates a Master Session Key (MSK) and an Enhanced MSK (EMSK) from a Long Term Credential key, and a Device-MSK (D-MSK), a User-MSK (U-MSK) and a Device and User-MSK (DU-MSK) from the MSK and the EMSK. An Access Gateway (AG) generates a Root-MSK (R-MSK) from the MSK and EMSK received from the AAA server. A Signaling Radio Network Controller (SRNC) generates a Pairwise Master Key (PMK) from the R-MSK received from the AG, and a Traffic Session Key (TSK) from the PMK. A Base Station (BS) sets up a radio connection to a Mobile Station (MS) using the TSK received from the SRNC, and performs radio communication using the set radio connection. The MS generates an MSK and an EMSK, and generates there from a D-MSK, a U-MSK, a DU-MSK, an R-MSK, a PMK, an SRK and a TSK, to perform radio communication with the BS.

Abstract: Various techniques and procedures related to encryption key versioning and rotation in a multi-tenant environment are presented here. One approach employs a computer-implemented method of managing encrypted data and their associated encryption keys. In accordance with this approach, a key splitting process securely stores a master key used to encrypt tenant-level encryption keys, a key versioning process is used to securely track updated encryption keys, and a key rotation process is used to rotate encrypted data to an updated version of a tenant-level encryption key.

Abstract: A storage device that supports Trusted Computer Group (TCG) security allows management of TCG security features by a Basic Input/Output System (BIOS) using non-TCG security commands supported by the BIOS. In one implementation, a BIOS that does not support TCG security but does support ATA security can use ATA drive unlock to invoke TCG drive unlock on the storage device. Further, the storage device can be transitioned among multiple security operating modes (e.g., Undeclared, ATA security or TCG security).

Abstract: A system, according to one embodiment, includes a master key for encryption of data; an encryption key site accessible by computer and storing a first piece of the master key; a configuration file resident in a computer file system, the configuration file storing a second piece of the master key; a computer database storing a third piece of the master key; a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key; a unique ID for the data; a classification level for the data; and an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data.

Abstract: A method, a system and a device for maintaining user service continuity are provided in an embodiment of the present invention. The method includes prohibiting a UE from accessing a forbidden network before handover is complete when the UE needs to perform network handover if the UE adopts a SIM access technology, thus avoiding service interruption of a SIM user due to access to an incorrect network. A system and a device for maintaining user service continuity are provided in an embodiment of the present invention.

Abstract: An asymmetric (dual key) data obfuscation process, based on the well known ElGamal cryptosystem algorithm, and which uses multiplicative cyclic groups to transform (obfuscate) digital data for security purposes. In the present system the data need not be a member of the cyclic group, unlike in the ElGamal cryptosystem algorithm. Also, any one of several additional mathematical data transformations are further applied to the transformed data, thereby enhancing security of the transformed data.

Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ, several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.

Abstract: In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained by that compromise to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is resistant to collusion when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association (SA) message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data.

Abstract: An adaptive security policy based scalable video service apparatus includes a video streaming server, an adaptive security policy server and a terminal. The video streaming server receives a service demand via a network and generates an encrypted streaming data. The adaptive security policy server analyzes a media structure and the service demand, by using a service profile received from the video streaming server, so as to generate a security policy description. The terminal generates and transmits the service demand to the video streaming server or the adaptive security server, obtains the encrypted streaming data from the video streaming server and decrypts the encrypted streaming data for playback, storing and retransmission.

Abstract: Present invention provides a data protection method, used by a data owner to share data with a data sharer securely through a data distribution system. The data owner first establishes a proxy relationship with the data sharer, while the data distribution system maintains a proxy relationship between the data owner and the data sharer, and after receiving encrypted shared data sent by the data owner, the data distribution system changes the encrypted shared data according to the proxy relationship, so that the data sharer may decrypt the data. By using the data protection method in the present invention, both encryption and decryption of data are a result of coordination of three parties, thereby avoiding a problem of data leakage caused by a problem of a single party.

Abstract: Methods and systems for secure client-side communication between multiple domains is provided. Such methods and systems can provide for decreased communication latency particularly effective for dynamic multi-domain and/or multi-tenant environments while allowing for granular security or specific security of messages and operations with regard to users, user sessions, groups, organizations, permissions sets, applications, or any other logical delineation. Such methods and systems may involve a variety of security components, for example, at least one set of instructions including a plurality of defined instruction to be utilized by users of the set of instructions to communicate, and cryptographic construct data in order to verify the data integrity and the authenticity of messages sent and received using the secure client-side communication between multiple domains.

Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g ? ( z ) ? = def ? ? i = 0 n - 1 ? ? ( v ? ( ? i ) - z ) , where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).

Abstract: A cryptographic engine for modulo N multiplication, which is structured as a plurality of almost identical, serially connected Processing Elements, is controlled so as to accept input in blocks that are smaller than the maximum capability of the engine in terms of bits multiplied at one time. The serially connected hardware is thus partitioned on the fly to process a variety of cryptographic key sizes while still maintaining all of the hardware in an active processing state.

Abstract: A Searchable Symmetric Encryption (SSE) mechanism is described which allows efficient dynamic updating of encrypted index information. The encrypted index information includes pointer information that is encrypted using a malleable encryption scheme. The SSE mechanism updates the encrypted index information by modifying at least one instance of the pointer information without decrypting the pointer information, and thereby without revealing the nature of the changes being made. In one implementation, the SSE mechanism includes a main indexing structure and a deletion indexing structure. An updating operation involves patching applied to both the main indexing structure and deletion indexing structure.

Abstract: A system is described for reducing leakage of meaningful information from cryptographic operations. The system uses a pairwise independent hash function to generate a modified secret key SK? having individual components. The system forms a modified secret key collection that includes SK? and its individual components. The system then uses the modified secret key collection to decrypt a message. The decryption involves providing multiple partial operation results in separate respective steps. Leakage of meaningful information is reduced due to difficulty in piecing together meaningful information from information leaked by the separate partial operations. In one example, the hash function has the form HK(r)=ar+b, where a, b, and r are selected values, such as random numbers. In another example, the hash function has the form HK(r)=Ar*B, where A, B, and r are selected values.

Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device (10) is a security module containing a first encrypting key, said private key (PAKV) of a pair of asymmetric encrypting keys. The second device is a receiver (11) comprising at least one second encrypting key, said public key (PAKB) of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key (13). The first device (10) generates a first random number (A), which is encrypted by said private key (PAKV), then transmitted to the second device (11), in which it is decrypted by means of the public key (PAKB). The second device (11) generates a second random number (B), which is encrypted by said public key (PAKB), then transmitted to the first device (10), in which it is decrypted by means of the private key (PAKV).

Abstract: A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record.

Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.

Abstract: A method and an apparatus are provided for generating an encryption key for broadcast encryption. The method of generating the encryption key for the broadcast encryption includes generating a first encryption key with respect to all nodes, configured in a plurality of depths, from a root node to a plurality of leaf nodes, and generating a second encryption key with respect to each intermediate node between the root node and the plurality of leaf nodes, wherein the generation of the second encryption key comprises generating any one of first and second keys using the first encryption key depending on whether a first child node, connected to a sibling node of the intermediate node, is on a left path or a right path of the intermediate node.

Abstract: Example embodiments provide various techniques for locating cryptographic keys stored in a cache. The cryptographic keys are temporarily stored in the cache until retrieved for use in a cryptographic operation. The cryptographic key may be located or found through reference to its cryptographic key identifier. In an example, a particular cryptographic key may be needed for a cryptographic operation. The cache is first searched to locate this cryptographic key. To locate the cryptographic key, the cryptographic key identifier that is associated with this cryptographic key is provided. In turn, the cryptographic key identifier may be used as an address into the cache. The address identifies a location of the cryptographic key within the cache. The cryptographic key may then be retrieved from the cache at the identified address and then used in the cryptographic operation.