Abstract: Computer and communications systems and methods are provided in which a first computing system sends a second computing system a message and an associated deep-string and the second computing system applies a key of a cryptographic system or a one-way function to the deep-string to determine the deep-string's deep-string-depth. The second computing device then uses the determined deep-string-depth in determining subsequent behavior regarding the message. In some environments, a third computing device may generate and provide deep-strings of various deep-string-depths to the first computing device to ensure more favorable behavior of the second computing device.

Abstract: The present embodiments relate to a communication system, communication method, information processor, method, device, program, and recording medium which permit plural algorithms to be treated and which can impart expansibility to communications. A capability list stores a capability list in which capabilities regarding algorithms for encryption and decryption treated by a reader/writer are described. Similarly, a capability list stores a capability list in which capabilities regarding algorithms for encryption and decryption treated by an IC card are described. The reader/writer and the IC card exchange their mutual capability lists, select algorithms capable of securing a security level according to the importance of the data sent and received, and perform communications based on the selected algorithms. The present embodiments can be applied, for example, to a device that performs communications by the NFCIP method.

Abstract: Methods, systems, and computer program products for encrypting photograph metadata are provided. An image file is received. The image file includes digital image data and a plurality of data fields. A first data field of the plurality of data fields includes a first metadata. A rule set for modifying the first metadata is received. In response to determining that at least one rule of the rule set corresponds to the first metadata, the first metadata is encrypted based to create a second metadata. The second metadata is stored in the image file.

Abstract: Deduplication and compression evaluation methods and systems involve one or more processors generating a hash value for each block of data in a block storage device and creating a random substitution cypher using the respective hash values for each of said blocks of data as seed values to a random number generator. Thereafter, positions of run lengths for each of said blocks of data are randomly shuffled by the one or more processors with no run lengths having identical run length values disposed adjacent one another, a synthetic version of each of said blocks of data is generated using the substituted, shuffled, run lengths.

Abstract: Data items to be stored in a queue are received, where the queue is distributed among a plurality of memory banks. The data items are distributed among the plurality of memory banks, including selecting memory banks in which to store the data items based on pseudorandom numbers generated for the data items, where the pseudorandom numbers are generated using a first pseudorandom number generator initialized with a first seed. Subsequently the data items are retrieved from the plurality of memory banks, including selecting memory banks from which to retrieve the data items based on the pseudorandom numbers regenerated for the data items, where the pseudorandom numbers are regenerated using a second pseudorandom number generator initialized with the first seed.

Abstract: A method, apparatus, and program product for generating check data for a location within an area of a workspace include receiving an identifier for a selected location that has check data associated therewith. Candidate check data for use with the selected location is generated. The candidate check data is evaluated for a match against at least one of existing check data for the selected location or check data associated with a related location. Based on the evaluation, a determination is made of whether the candidate check data is acceptable for use for the selected location.

Abstract: A device (CD) is intended for controlling authenticity of a code received with a message by an electronic device (ED2) and resulting from application to this message of a bijective algorithm with at least one predetermined key. This device (CD) has i) a first computation means (CM1) arranged for applying partly this bijective algorithm with this predetermined key, from a starting step to a chosen intermediate step, to the received message, in order to get a first result, ii) a second computation means (CM2) arranged for applying partly in a reverse manner the bijective algorithm with the predetermined key, from an ending step to this chosen intermediate step, to the received code while using the received message, in order to get a second result, and iii) a comparison means (CM3) arranged for comparing these first and second results and for outputting an information representative of the authenticity of the received code when the first and second results are identical.

Abstract: Data security is enhanced by computing an authentication tag based at least in part on encrypted data and additional authenticated data that includes at least a nonce. The computed authentication tag is compared against a provided authentication tag. The encrypted data is decrypted and made available for use.

Abstract: Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.

Abstract: An improved method for data encryption has been developed. The method includes storing data, multiple prime numbers and random numbers within an electronic memory storage device. Next, calculating a public number using the multiple prime numbers and providing a public number to a recipient apparatus that has knowledge of the multiple prime numbers. The method then encrypts the stored data with a randomly generated key that is determined with elliptical curve cryptography (ECC) and deletes the randomly generated key after use. Next, the method calculates a common shared secret between the sender and recipient using the prime numbers, a recipient public number and the second random number. The sender and recipient calculate parameters using a key equation based on the randomly generated key and random numbers and a common shared secret.

Abstract: There is provided an information processing device including a secret key generator that generates a secret key from a random number received from an external device that provides a service, and a given value, a public key generator that generates a public key on the basis of the secret key by using a function identically set in a plurality of the services, a transmitter that transmits the public key to the external device, and an authentication processor that conducts authentication with the external device using the secret key.

Abstract: Provided are a tag generation device, method and program which are capable of parallel execution, need no precomputation, and are capable of reducing block-cipher calls to the minimum necessary using one block cipher key when a tag to be attached to a message is generated.

Abstract: A system, method, and device for stochastically processing data. There is an architect module operating on a processor configured to manage and control stochastic processing of data, a non-deterministic data pool module configured to provide a stream of non-deterministic values that are not derived from a function, a plurality of functionally equivalent data processing modules each configured to stochastically process data as called upon by the architect module, a data feed configured to feed a data set desired to be stochastically processed, and a structure memory module including a memory storage device and configured to provide sufficient information for the architect module to duplicate a predefined processing architecture and to record a utilized processing architecture.

Abstract: A private key is held which conforms to an ElGamal encryption system on a semigroup, calculation of an order of an element of the semigroup being computationally difficult, information corresponding to ciphertext conforming to the ElGamal encryption system is input, a private key s is used to decrypt the information corresponding to the ciphertext in conformance to the ElGamal encryption system, and information corresponding to a result of decrypting the ciphertext is obtained and output. Alternatively, whether it is computationally difficult or easy to calculate the order of the element of the semigroup is determined, and the safety of a decryption service providing device is evaluated based on the determination result.

Abstract: An entropy source extracts noise associated with the sampling of an RC circuit. The decay time of the RC circuit and other parameters are selected so that a buffer used to sample the voltage remains in an indeterminate voltage region over multiple clock cycles to generate random transitions. The entropy source may be implemented to be compliant with government standards for entropy sources utilized to generate random numbers.

Abstract: Devices and methods include communication devices and network devices configured to automatically connect to each other over a password protected network connection without a user setting the password for the password protected network connection. The communication devices may communicate over the password protected network connection to the network device and further to a communication service for providing interpretive services for hearing-impaired users, such as text captions, during a call. Predetermined network names and associated passwords may be persistent prior to set up as well as after a hard reset in which other user defined settings may be erased.

Abstract: A system for securely transmitting data includes a control device and at least one security module. The control device is configured for producing a cryptographic key using a physically unclonable function (PUF). The at least one security module is configured for communicating with the control device at least one of confidentially and authentically using the cryptographic key. The control device has no storage for storing the cryptographic key. The control device includes at least one hardware device that is configured for providing a specific feature combination. The control device also includes a calculation unit that is configured for producing the cryptographic key using the specific feature combination and the physically unclonable function (PUF).

Abstract: Systems and methods for multi-factor entropy sourcing for random number generators. An example method may comprise: identifying, by a processing device, a plurality of entropy sources; receiving random bits from each of the plurality of entropy sources; identifying a minimum number of bits among numbers of bits received from each of two or more entropy sources of the plurality of entropy sources; mixing, into an entropy pool, at least the identified minimum number of bits received from each entropy source of two or more entropy sources; and increasing a size of the entropy pool by the identified minimum number of bits.

Abstract: An image forming apparatus, which is provided with a display device including a plurality of segments, registers a number having digits larger than the digits that can be displayed on the display device as a specific symbol other than numbers from 0 to 9 to be displayed on the display device including the plurality of segments, and controls the display device including the plurality of segments to display the registered arbitrary number when the display device including the plurality of segments is instructed to display the specific symbol.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include defining multiple primitives, each primitive including ranking and unranking methods. Two or more of the multiple primitives are selected, and an operation is performed on the selected primitives, thereby defining a complex format. Upon and encryption processor receiving a data record comprising a plaintext, the complex format is applied to the plaintext, thereby generating a ciphertext, and the ciphertext is transmitted to a remote computer. Upon receiving the ciphertext, the remote computer can apply the complex format to the received ciphertext, thereby regenerating the plaintext.

Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

Abstract: Computer and communications systems and methods are provided in which a first computing system sends a second computing system a message and an associated deep-string and the second computing system applies a key of a cryptographic system or a one-way function to the deep-string to determine the deep-string's deep-string-depth. The second computing device then uses the determined deep-string-depth in determining subsequent behavior regarding the message. In some environments, a third computing device may generate and provide deep-strings of various deep-string-depths to the first computing device to ensure more favorable behavior of the second computing device.

Abstract: A virtual application packaged for a specific executing environment may be executed on a processing device having an executing environment different from the specific executing environment. A reference, included in extracted installer metadata, to one or more key paths of a hierarchically-structured data store may be modified according to a set of rules related to the executing environment detected in the processing device. The modified extracted installer metadata may be provided to an installer for installing the virtual application. During execution of the virtual application, a request to read, write, or modify the hierarchically-structured data store may be intercepted and changed, such that a first key path included in the request may be mapped to a second key path, based on the detected executing environment. Similarly, a response to the request, which may include the second key path, may be intercepted and modified, to the first key path.

Abstract: A system and method provide for shared access to a database in a semi-trusted platform. In the method, for each of a set of users, provision is made for regenerating a respective user key, based on a respective predefined user input, such as a hashed password. One or more of the users is authorized to have access to an encrypted database. For each of these, the method includes encrypting a key for the encrypted database with the respective user's user key to generate an encrypted database key. During a user session, one of the authorized users is provided with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key. The database key and each user's user key are not stored on the platform and are thus inaccessible to platform administrators and unauthorized users between user sessions.

Abstract: An embodiment of a method of operating a storage system includes combining a password, a first number, and a number of iterations to produce a first key, encrypting the first key, receiving a second number, and encrypting the second number with the first key to produce an encrypted second key.

Abstract: In one embodiment, a method generates first entropy using a true random number generator in a management computer configured to manage a main computer in a computing device. The main computer controls a set of physical nodes including a set of services running in a set of virtual machines. The method then provides the first entropy to the main computer and the first entropy is combined with second entropy generated by the main computer to generate third entropy. The third entropy is provided to the set of physical nodes where the set of virtual machines access the third entropy via a hypervisor.

Abstract: A system and method includes a processing unit connected with a memory, the processing unit configured to access data from the memory. A memory transaction unit is added between the processing unit and the memory. The memory transaction unit is configured to perform dummy read- and write-operations at random memory locations at random times and/or insert random delays before real accesses by the processing unit from the memory.

Abstract: Encryption of data within a memory 6 is provided by key generation circuitry 12 which serves to generate a key as a function of the address within the memory 6 being accessed and then encryption circuitry 14 or decryption circuitry 16 which serve respectively to encrypt or decrypt the data as a function of the key that has been generated based upon the address. The encryption and the decryption may be performed using a bitwise XOR operation. The key generation circuitry may have the form of physically unclonable function circuitry, which varies from instance to instance of implementation and that operates to generate the same key for the same address upon both write and read operations within the same instance.

Abstract: A method, system, and computer program product for random number generation using a network of mobile devices are provided in the illustrative embodiments. From a set of mobile devices, a corresponding set of data packets is received. A presence of raw sensor data is detected in a first data packet received from a first mobile device in the set of mobile devices. The raw sensor data comprises data corresponding to changing value of an output of a sensor in a set of sensors installed in the first mobile device. The raw sensor data is separated from the first data packet, resulting in an original data packet. A first random number is generated using the raw sensor data.

Abstract: A true random number generator (TRNG) uses sources of uncertainty found within graphics processing units (GPUs) together with signal processing techniques, for example histogram equalization, to obtain maximum entropy.

Abstract: The system and method described herein may provide unified transport and security protocols. In particular, the unified transport and security protocols may include a Secure Frame Layer transport and security protocol that includes stages for initially configuring a requester device and a responder device, identifying the requester device and the responder device to one another, and authenticating message frames communicated between the requester device and the responder device. Additionally, the unified transport and security protocols may further include a Secure Persistent User Datagram Protocol that includes modes for processing message frames received at the requester device and the responder device, recovering the requester device in response to packet loss, retransmitting lost packets sent between the requester device and the responder device, and updating location information for the requester device to restore a communications session between the requester device and the responder device.

Abstract: Disclosed are various embodiments for providing a plurality of notifications to mobile devices. A broadcast is rendered by a device that is detected by a mobile device. Software on the mobile device decodes the broadcast to obtain an identification number associated with a notification. The mobile device requests a notification based at least on the identification number. A notification is sent to the mobile device if certain requirements associated with the notification are met. The notification may then be rendered on a display of the mobile device.

Abstract: A method for dynamically associating, by a server, access rights with a resource includes the step of receiving, by the server, a request for a resource from a client. The server requests, from a policy engine, an identification of a plurality of access rights to associate with the resource, the plurality of access rights identified responsive to an application of a policy to the client. The server associates the resource with the plurality of access rights via a rights markup language. The server transmits the resource to the client with the identification of the associated plurality of access rights. An application program on the client makes an access control decision responsive to the associated plurality of access rights. The application program provides restricted access to the resource responsive to the access control decision.

Abstract: A method and system is disclosed for encrypting and decrypting data, with decryption contingent upon user-defined conditions being met. The encryption process comprises a method for using pointers to indicate the locations and sizes of encryption components, utilizing randomly determined patterns to be used for a random number of characters of text data being encrypted. For each randomly determined block of text, a randomly determined pattern is selected, which specifies how to combine the encryption components, including the shuffled and encrypted text, and references to that block's seed key, the size and composition of which are randomly determined. Decryption comprises of a methodology for reversing the process to decode encrypted text, iteratively extracting the decryption components in accordance with the pattern indicator identified for each block of encrypted text, as determined by the pointers, and dependent upon satisfying all user-defined conditions necessary to enable decryption.

Abstract: A method for preventing misuse of a random access procedure including transmitting a random access preamble, receiving a random access response message which includes a random access response that is scrambled using the identity of the random access preamble transmitted by the mobile station, checking that the random access response is in response to the random access preamble transmitted by the mobile station, and decoding the random access response.

Abstract: Techniques are described for using unique features of a storage medium for authentication of data as originating from the storage medium, and also for installing software and data to a storage medium in a way which inhibits unauthorized copying of the software and data to another storage medium. Cryptoprocessing keys are created using unique features of the storage medium such as location information related to storage of selected elements of a software installation on the storage medium, or alternatively defective block information relating to the storage medium. The cryptoprocessing keys are used to encrypt data for transmission to a remote server. The remote server uses the cryptoprocessing keys to decrypt the data and authenticates the data as having been encrypted with the correct keys.

Abstract: Methods, systems and devices related to authentication of chips using physical unclonable functions (PUFs) are disclosed. In preferred systems, differentials of PUFs are employed to minimize sensitivity to temperature variations as well as other factors that affect the reliability of PUF states. In particular, a PUF system can include PUF elements arranged in series and in parallel with respect to each other to facilitate the measurement of the differentials and generation of a resulting bit sequence for purposes of authenticating the chip. Other embodiments are directed to determining and filtering reliable and unreliable states that can be employed to authenticate a chip.

Abstract: The present embodiments relate to a communication system, communication method, information processor, method, device, program, and recording medium which permit plural algorithms to be treated and which can impart expansibility to communications. A capability list stores a capability list in which capabilities regarding algorithms for encryption and decryption treated by a reader/writer are described. Similarly, a capability list stores a capability list in which capabilities regarding algorithms for encryption and decryption treated by an IC card are described. The reader/writer and the IC card exchange their mutual capability lists, select algorithms capable of securing a security level according to the importance of the data sent and received, and perform communications based on the selected algorithms. The present embodiments can be applied, for example, to a device that performs communications by the NFCIP method.

Abstract: A system and method for improving performance while transferring encrypted data in an input/output (I/O) operation are provided. The method includes receiving a block of data. The method also includes dividing the block of data into a plurality of sub-blocks of data. The method further includes performing a first operation on a first sub-block. The method also includes performing a second operation on a second sub-block at substantially the same time as performing the first operation on the first sub-block. The method still further includes reassembling the plurality of sub-blocks into the block of data.

Abstract: In a method of managing queues in an egress queuing system in a network device, a plurality of packets to be stored in a first egress queue are received. The first egress queue is distributed among a plurality of memory banks. The packets are distributed among the plurality of memory banks. Memory banks in which to store the packets are selected based on pseudorandom numbers generated for the packets. The pseudorandom numbers are generated using a first pseudorandom number generator initialized with a first seed. Subsequently, the packets are retrieved from the plurality of memory banks. Memory banks from which to retrieve the packets are selected based on pseudorandom numbers regenerated for the packets. The pseudorandom numbers are regenerated using a second pseudorandom number generator initialized with the first seed.

Abstract: A system and method of generating a one-way function and thereby producing a random-value stream. Steps include: providing a plurality of memory cells addressed according to a domain value wherein any given domain value maps to all possible range values; generating a random domain value associated with one of the memory cells; reading a data value associated with the generated random domain value; generating dynamically enhanced data by providing an additional quantity of data; removing suspected non-random portions thereby creating source data; validating the source data according to a minimum randomness requirement, thereby creating a validated source data; and integrating the validated source data with the memory cell locations using a random edit process that is a masking, a displacement-in-time, a chaos engine, an XOR, an overwrite, an expand, a remove, a control plane, or an address plane module. The expand module inserts a noise chunk.

Abstract: According to one embodiment, semiconductor memory device and a random number generator includes A semiconductor memory device includes: a semiconductor memory 30, a random number generator 10 generating a random number sequence, and a data writing unit 20 storing data in the semiconductor memory 30 using the random number sequence. The random number generator 10 includes: a random number generating unit generating an M-bit random number sequence; a coefficient selecting unit outputs a first coefficient or a second coefficient to the random number generating unit; and a bit selecting unit which outputs the random number sequence obtained by selecting N bits from M-bit random number sequence output from the random number generating unit.

Abstract: An apparatus comprises a dynamic random-access memory (DRAM) for storing data. Refresh control circuitry is provided to control the DRAM to periodically perform a refresh cycle for refreshing the data stored in each memory location of the DRAM. A refresh address sequence generator generates a refresh address sequence of addresses identifying the order in which memory locations of the DRAM are refreshed during the refresh cycle. To deter differential power analysis attacks on secure data stored in the DRAM, the refresh address sequence is generated with the addresses of at least a portion of the memory locations in a random order which varies from refresh cycle to refresh cycle.

Abstract: This invention provides a novel method, system, and apparatus allowing an authorized user access to controlled assets when a passcode method malfunctions, such as when a user forgets a password, a token malfunction, or a biometric mismatch. The invention allows temporary access to an access control system without knowing the password and without sending the user the password or a new random password. The user is able to set a new password without knowing the previous password. Furthermore, stored encrypted data is preserved and made accessible once again via the new passcode. This invention works for many authentication methods such as restoring access when a password, token, access card, or biometric sample is used.

Abstract: A method, apparatus, and program product for generating check data for a location within an area of a workspace include receiving an identifier for a selected location that has check data associated therewith. Candidate check data for use with the selected location is generated. The candidate check data is evaluated for a match against at least one of existing check data for the selected location or check data associated with a related location. Based on the evaluation, a determination is made of whether the candidate check data is acceptable for use for the selected location.

Abstract: The present invention relates to a computer-implemented method, system and computer readable medium for embedding a watermark into a video and extracting a watermark from the original or copy of the watermarked video. The method comprises converting a video frame from RGB color space to YUV color space. Divide a chrominance component into plurality of blocks. Select plurality of blocks based on size of watermark. Associate a pixel in the watermark with selected plurality of blocks. Embed the watermark corresponding to selected plurality of blocks wherein embedding comprises replacing a first pixel value of the block with maximum value of first column of the block if binary value of the corresponding watermark pixel is one or else replace with minimum value. Combine Y component and chrominance components resulting processed YUV video frame and convert it to RGB video frame. Extract the watermark substantially in a reverse process.

Abstract: A machine instruction is provided that includes an opcode field to provide an opcode, the opcode to identify a perform pseudorandom number operation, and a register field to be used to identify a register, the register to specify a location in memory of a second operand to be used. The machine instruction is executed, and execution includes obtaining a modifier field of a register associated with the machine instruction; based on the modifier field having a first value, performing a deterministic pseudorandom number seed operation, which includes obtaining seed material based on information stored in the second operand; using a 512 bit secure hash technique and the seed material to provide one or more seed values; and storing the one or more seed values in a parameter block.

Abstract: A true random number generator, a method of generating a true random number and a system incorporating the generator or the method. In one embodiment, the generator includes: (1) a ring oscillator including inverting gates having power inputs and (2) a time-varying power supply coupled to the power inputs to provide power thereto and including power perturbation circuitry operable to perturb the power provided to at least one of the power inputs.

Abstract: A communication terminal may include a receiver configured to receive data via a first channel or via a second channel; and a controller configured to control the receiver such that it receives a part of first data from a first facility of a first network by means of the first channel in a first part of a period in which the transmission of the first data by the first facility overlaps the transmission of the second data by the second facility and that the receiver receives a part of the second data from the second facility by means of the second channel during a second part of the period so that the first part of the period and the second part of the period do not overlap and so that the part of the first data which is received in the first part of the period meets a predetermined criterion.

Abstract: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.