Abstract: Arbitrary numerical distributions are presented for use in devices having limited processing and storage capabilities by having the device accept strings of arbitrarily distributed numbers from a source outside of the device. In one embodiment, a master controller creates a table of values which follow the desired minimum, maximum, mean, and standard deviation, etc. of the particular desired statistical distribution required. The created table is then communicated to the limited capacity device and can be used whenever a distribution of random values is required. The master controller could have one of several slave devices associated with it in the system. In another embodiment, where the storage capability of the device is large enough to store a table of values with sufficient different entries to create a distribution of satisfactory “randomness” for the particular application, a random number generator within the device is used to select the order of presentation of the table of values.

Abstract: A system and methods that generates a physical unclonable function (“PUF”) security key for an integrated circuit (“IC”) through use of equivalent resistance variations in the power distribution system (“PDS”) to mitigate the vulnerability of security keys to threats including cloning, misappropriation and unauthorized use.

Abstract: Provided is an apparatus and method that may generate and verify an originality verification (OV). An OV generating apparatus may generate primary information that is based on generator information and a pseudorandom number, may generate at least one secondary information based on the pseudorandom number, may obtain parameters used when the pseudorandom number is generated, may generate the OV including the primary information, the at least one secondary information, and the parameters, and may distribute the OV to an OV request device. When the OV distributed from the OV request device is received, the OV generating apparatus may regenerate the pseudorandom number based on the parameters included in an OV request message, and may verify the OV included in the verification request message as the OV that is generated by the OV generating apparatus.

Abstract: The invention relates to a method for creating a second asymmetric cryptographic pair of keys (206), wherein a first private key (G0, 154) together with a first public key (O0, 126) forms a first asymmetric cryptographic pair of keys (K0, 218), wherein the method comprises the following steps: receiving a user identifier; calculating a second private key (G1), wherein a random value (z) and the user identifier are considered in the calculation; calculating a second public key (O1) from the second private key using an asymmetric cryptographic key creation method, wherein the second private key and the second public key form the second asymmetric cryptographic pair of keys (K1, 206); creating a first ciphertext (C_G0—O1, 212; 186) by encrypting the first private key (G0) with the second public key (O1); storing the first ciphertext (C_G0—O1, 212; 186).

Abstract: A method of coding a secret, a numerical value d, subdivided into a number N of secret elements [di]n1, a composition law () applied to the elements di giving the value d. The following are calculated: (A) a first image (TN) of the secret by iterative calculation and application of the law () between the first image Ti-1 of rank i?1 and of the product according to this law of the element (di) of next rank and of a random value (Ri) of a first set, (B) a first numerical value (S1) by application of the law () to the N random values (Ri), (C) a second numerical value (S2) by application of the law to the N?1 random values (Aj) of a second set, (D) a second image T? of the secret by application of the inverse law () to the first image (TN) and to the second numerical value (S2) so as to generate an intermediate image (Tx) and then application of the inverse law to the intermediate image (Tx) and to the second numerical value (S2).

Abstract: A sensor apparatus includes a housing with a security device, a secure first computation device, a second computation device and a sensor element. The sensor apparatus detects a temperature in the housing, to activate the first computation device only when the detected temperature is in a predefined temperature range, to determine a session key by the first computation device and to store the session key in a second memory of the second computation device, to deactivate the first computation device after the session key has been stored, to determine data on the basis of a sensor signal detected using the sensor element and to encrypt and/or sign the data by the second computation device on the basis of the session key.

Abstract: The disclosure relates to message encoding. One claim recites an apparatus comprising: electronic memory for storing a digital watermark plural-bit message; an electronic processor programmed for: providing a plural-bit seed; randomizing the plural-bit seed; and encoding the randomized plural-bit seed with convolutional encoding, the encoded, randomized plural-bit seed comprising a key for transforming the digital watermark plural-bit message, the digital watermark plural-bit message to be hidden in host audio or video via a digital watermarking process. Of course, other claims and combinations are provided too.

Abstract: A calculation device for calculating two groups G and GT the orders of which are identical to each other and in which a bilinear mapping from two elements belonging to the group G and to the group GT is existent is provided. A public key, a master key, an attribute value number, a user number, and a random number are input, an attribute value indicated by the attribute value number is summed up with an element of the master key, an attribute value secret, the reciprocal of the sum, is generated, a user-specific random number is generated by using the user number and the random number, a user-specific secret is generated from the user-specific random number and the public key, and the attribute value secret is exponentiated to the user-specific secret to generate a user-specific attribute value secret key.

Abstract: The invention provides a method of generating arbitrary numbers given a seed, characterized by providing a challenge derived from the seed to a physical token, receiving an initial response from the physical token, combining the initial response with helper data associated with the challenge to produce a stable response, and generating the arbitrary numbers using a pseudo-random number generator using the stable response as a seed for the generator. Preferably one or more of these pseudo-random permutations are used as one or more round function(s) in a Feistel block cipher. The generated arbitrary numbers may also be used to create a cryptographic key.

Abstract: A secure method for transmitting a control word between a server and a plurality of processing entities so as to respectively produce and utilize the control word. Preferably such a method is applied to the field of conditional access methods and systems for preventing the fraudulent use of compromised decryption keys resulting from a coalition of pirate hackers.

Abstract: A system and methods for secure communication are disclosed. A network packet comprising encrypted network address comprising an unencrypted network address encrypted by a first GPS time and a first pseudo random number is received. The encrypted network address is decrypted using the first GPS time and the first pseudo random number to provide the unencrypted network address. The network packet is transmitted based on the unencrypted network address.

Abstract: A message authentication device, a message authentication method, a message authentication program and a storage medium therefor are provided, so as to realize higher speed processing than an authentication mode of existing block cipher, in combination of block cipher and one of its parts, with theoretical security in accordance with a high efficient preliminary process and with an efficient amount of available memory.

Abstract: A random intrinsic chip ID generation employs a retention fail signature. A 1st and 2nd ID are generated using testing settings with a 1st setting more restrictive than the 2nd, creating more fails in the 1st ID bit string that includes 2nd ID bit string. A retention pause time controls the number of retention fails, adjusted by a BIST engine, wherein the fail numbers satisfy a predetermined fail target. Verification confirms whether the 1st ID includes the 2nd ID bit string, the ID being the one used for authentication. Authentication is enabled by a 3rd ID with intermediate condition such that 1st ID includes 3rd ID bit string and 3rd ID includes 2nd ID bit string. The intermediate condition includes a guard-band to eliminate bit instability problem near the 1st and 2nd ID boundary. The intermediate condition is changed at each ID read operation, resulting in a more secure identification.

Abstract: A disclosed method for enabling a seamless authenticated access to an Aggregator's Wi-Fi network includes steps of receiving a request to establish a data session from a mobile device and at a public mobile service provider network, authenticating the mobile device in response to the request to establish the data session, and establishing the data session upon successful authentication. The method further includes steps of receiving an activation key associated with the mobile device from the mobile device and at the public mobile service provider network and recording the activation key against an identification of the mobile device such as a Mobile Directory Number assigned to the mobile device. The activation key is used to generate a password, which is used to authenticate the mobile device request to access the Aggregator's Wi-Fi network.

Abstract: In one embodiment, a mechanism for generating pseudo-random number sequences is disclosed. In one embodiment, a method includes receiving seed values for a pseudorandom number generator (PRNG) in a computing system, the seed values being polynomials. The method further includes running the PRNG using the seed values as initialization parameters, the running including performing operations of the PRNG over GF(2n), and generating a sequence of pseudorandom numbers.

Abstract: A system provides for the distribution of intellectual property logic blocks from a source to a user wherein the user may use the logic blocks during development but is prevented from using the block in production without permission. A sensor is connected in parallel with a first signal from the block and in series with a second signal from the block. When activity on the first signal exceeds a predetermined count, the output of the second signal is corrupted. In some embodiments all such sensors are connected to an aggregator which allows all blocks to continue to operate until all of them have exceeded their predetermined activity count. A state machine compares the values of two keys, one stored within the block, to another value stored in the state machine controller, and allows the block to be used in production if the key values coincide.

Abstract: There is provided a cryptographic communication apparatus for conducting a key exchange procedure with another cryptographic communication apparatus that shares a password. The apparatus includes a first encryption unit that encrypts information that is based on a first random number using a public key of the another apparatus, a second encryption unit that encrypts the information that is based on the first random number encrypted by the first encryption unit using the password, a third encryption unit that encrypts information that is based on a second random number using the first random number, and transmits a first signal and a second signal to the another apparatus, the first signal including the information that is based on the first random number encrypted by the second encryption unit, and the second signal including information that is based on the second random number encrypted by the third encryption unit.

Abstract: A common key block encryption device includes a first hash unit applying locked key permutation to a variable-length s-bit plaintext, and outputting a fixed-length n-bit first block and a second (s-n)-bit block; a first encryption processing unit outputting a third block encrypted by element of n-bit block tweakable block cipher using tweak, inputting the first block; a second encryption processing unit generating a random number (s-n)-bit block with a result of group computation of the third block and the first block as input by using an arbitrary cipher having theoretical security at least against a known-plaintext attack; and a second hash unit applying the locked key permutation to the result of the group computation of the random number block and the second block, and to the third block to output a fifth n-bit block and a sixth (s-n)-bit block. The fifth and sixth blocks are concatenated into an s-bit encryption.

Abstract: An integrated circuit (1) is provided with function modules (2) which comprise a central processing unit (4) for treating data and executing a program and a cache memory (5). Until now, it was complicated and costly to ensure the manipulation security of the modules. The function modules (2) comprise an encoding unit (6) for data encoding and decoding.

Abstract: A streaming system includes an authoring unit (2), a stream server (3) and a client terminal (5). The authoring unit generates a file composed of encrypted contents data and the ancillary information at least containing the packetizing control information for generating an RTP packet, a non-encrypted codec dependent header made up of the information pertinent to encoded contents data, and the encryption information for decrypting the encrypted contents data form packet to packet. The streaming server packetizes the encrypted contents data along with at least the codec dependent header and distributes the resulting data as a stream. The client terminal refers to the codec dependent header of the received packet, re-assembles the packet, and decrypts the encrypted contents data of the re-assembled packet to generate contents data.

Abstract: An authentication loading control feature enables a service provider to control the number of authentication procedures or percentage of time that authentication procedures are performed by a network element adapted to perform authentication procedures (e.g., a Serving GPRS Support Node (SGSN) of a UMTS network); and an information recapture feature enables the network element to obtain, in the absence of authentication, UE information that conventionally would have been received as a part of the authentication procedure as needed, for example and without limitation, to support charging and lawful intercept functions.

Abstract: The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

Abstract: The present invention proposes a method for executing a blinded modular exponentiation, based on a window method with a window size of k bits so using 2k pre-calculated variables (Yi=Xi mod N for i=0 to 2k?1), on input data X of n bits to obtain output data S of n bits, S=Xd mod N, where d is the exponent of size m bits and N is the modulus of n bits, comprising the steps of: •blinding the pre-calculated variables by a blinding value Bi being a pseudo-random variable of the size of the modulus (n bits) and lower than the modulus (Yj=Yi×B1 mod N for i=0 to 2k?1) •executing the modular exponentiation with the blinded pre-calculated variables, to obtain an intermediate result (A), •unblinding the intermediate result by a unblinding value C1=(B1g)?1 mod N where g equals the concatenation of m/k times the value “1” coded on k bits, to obtain the output data S.

Abstract: Embodiments of methods for restoration an anti-theft platform are generally described herein. Other embodiments may be described and claimed.

Abstract: Various embodiments for providing datapath security in a system-on-a-chip (SOC) device are described. In one embodiment, an apparatus may comprise a security controller to configure one or more functional units connected to a shared on-chip bus embedded in an SOC device to communicate with other functional units through one or more secure datapaths. The one or more functional units may be arranged to encrypt clear data, send encrypted data out through a secure datapath, receive encrypted data in from a secure datapath, and decrypt the encrypted data to recover clear data. Other embodiments are described and claimed.

Abstract: The pseudorandom number generating system repeatedly performs simple transformation of a non-secure pseudorandom number sequence that may be generated quickly, and thus may quickly generate a highly secure pseudorandom number sequence having a long period. Furthermore, the encryption system and the decryption system do not generate a large encryption function difficult to be deciphered based on a shared key 122, but prepare multiple functions 126, which perform fast, different types of transformation, and select a combination of functions determined based on information of the shared key 122, and make the selected functions transform a text multiple times, thereby encrypt the text. Each of the functions is fast, and thus transformation by the entire combination is also fast. Furthermore, since the combination of functions and repetitive count can be changed, future improvement in specification is easy. Moreover, security is high since which functions are applied in what order is unknown.

Abstract: An asymmetric (dual key) data obfuscation process, based on the well known ElGamal cryptosystem algorithm, and which uses multiplicative cyclic groups to transform (obfuscate) digital data for security purposes. In the present system the data need not be a member of the cyclic group, unlike in the ElGamal cryptosystem algorithm. Also, any one of several additional mathematical data transformations are further applied to the transformed data, thereby enhancing security of the transformed data.

Abstract: In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained by that compromise to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is resistant to collusion when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association (SA) message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data.

Abstract: A first memory unit is arranged outside a block that is under security control. The block includes: a second memory unit; an acquisition unit for acquiring biological information on a living body from a captured image of a location of the living body; an encryption unit for encrypting attribute information with an encryption key; a registration unit for registering encrypted attribute information encrypted by the encryption unit into the first memory unit, and registering the biological information and the encryption key into the second memory unit; and a presentation unit for decrypting the encrypted attribute information with the encryption key and presenting the attribute information decrypted to the service provision server if the biological information registered in the second memory unit and biological information acquired by the acquisition unit coincide with each other.

Abstract: An apparatus and method for generating a shared secret between at least two wireless portable electronic devices. A shared secret is generated by holding together the at least two devices and shaking them. An acceleration of the at least two devices is measured at least during a time window beginning at a time corresponding to when a magnitude of the acceleration exceeds a predetermined threshold. The acceleration is sampled, resulting in a plurality of vectors, such that a first vector is an initial sample of the acceleration during the time window. In some embodiments, the acceleration is measured in three dimensions. Dot products are calculated between the first vector and each of a plurality of subsequent vectors, resulting in an array of scalars. At least a portion of this array is used to generate the shared secret between the at least two devices.

Abstract: The present invention relates to cryptographic secret key distribution, wherein a value for a number of iterations can be individually set, so that the number of messages to be exchanged during generating a cryptographic secret key can be varied based on the set value of the iteration number.

Abstract: A system and a method for cryptographic reduced-coupon reloading are provided, where a coupon includes a pseudo-random number ri=PRFK(i), where i is an index for labeling the coupon, PRF is a predetermined pseudo-random function and K is a regeneration key, and a “reduced-coupon” xi=ƒ(ri), where ƒ is a predetermined one-way function, where: a candidate device and a second device acquire a common value of a token T, the candidate device transmits a verification value vT to the second device, the second device verifies whether the verification value is equal to PRF?Q(T), where PRF? is a predetermined keyed pseudo-random function identical to, or derived from, the pseudo-random function PRF, where Q is an authentication key owned by the second device and known to the candidate device provided the candidate device is a legitimate reloading device, and if the verification is positive, one or several reduced-coupon(s) provided by the candidate device are stored in the second device.

Abstract: A hardware- and software-efficient class of cryptanalytically-safe pseudorandom number generators is disclosed. Embodiments of the class can be implemented with only a modest use of program space and as few as 512 bytes of non-volatile data space, such embodiments suitable to a wide range of computer architectures, ranging from resource-constrained microcontrollers to high-end, multi-core processors.

Abstract: According to one embodiment, in an encryption device, a segmentation unit segments masked plain data into pieces of first segmented data. A first processing unit generates pieces of second segmented data from the pieces of first segmented data. A nonlinear transform unit generates pieces of third segmented data transformed from the pieces of second segmented data. A data integration unit integrates fourth segmented data to generate masked encrypted data. An unmask processing unit generates encrypted data from the masked encrypted data. The exclusive OR of the pieces of second segmented data matches the exclusive OR of input data, subjected to nonlinear transform processing and calculated from the plain data, and the first mask. The exclusive OR of the pieces of third segmented data matches the exclusive OR of transform data, obtained when the nonlinear transform processing is performed on the input data, and the second mask.

Abstract: The invention provides an enciphering apparatus and method, a deciphering apparatus and method and an information processing apparatus and method by which illegal copying can be prevented with certainty. Data enciphered by a 1394 interface of a DVD player is transmitted to a personal computer and a magneto-optical disk apparatus through a 1394 bus. In the magneto-optical disk apparatus with which a change to a function is open to a user, the received data is deciphered by a 1394 interface. In contrast, in the personal computer with which a change to a function is open to a user, the enciphered data is deciphered using a time variable key by a 1394 interface, and a result of the decipherment is further deciphered using a session key by an application section.

Abstract: A Searchable Symmetric Encryption (SSE) mechanism is described which allows efficient dynamic updating of encrypted index information. The encrypted index information includes pointer information that is encrypted using a malleable encryption scheme. The SSE mechanism updates the encrypted index information by modifying at least one instance of the pointer information without decrypting the pointer information, and thereby without revealing the nature of the changes being made. In one implementation, the SSE mechanism includes a main indexing structure and a deletion indexing structure. An updating operation involves patching applied to both the main indexing structure and deletion indexing structure.

Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g ? ( z ) ? = def ? ? i = 0 n - 1 ? ? ( v ? ( ? i ) - z ) , where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).

Abstract: A cryptographic engine for modulo N multiplication, which is structured as a plurality of almost identical, serially connected Processing Elements, is controlled so as to accept input in blocks that are smaller than the maximum capability of the engine in terms of bits multiplied at one time. The serially connected hardware is thus partitioned on the fly to process a variety of cryptographic key sizes while still maintaining all of the hardware in an active processing state.

Abstract: To anonymize information from a service-providing apparatus and an information processing apparatus (device), this information processing apparatus is provided with: the an information receiver for receiving anonymized (concealed) information that has been anonymized with anonymizing information; the an anonymized random-number generator for generating random numbers or anonymized random numbers obtained by anonymizing the random numbers with anonymizing information; and a random-number-added information generator for generating random-number-added information on the basis of the anonymized information and the random numbers or anonymized random numbers.

Abstract: A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record.

Abstract: A method for authenticating an entity by a verifier, the entity having an identifier, the verifier having a pair of private and public keys, comprising: sending to the entity a first random number selected by the verifier; a step wherein the entity encrypts a value by means of the public key of the verifier, said value including the first random number and an authentication datum on which the identifier of the entity depends; and the entity of said encrypted value sending a reply to authenticate said entity. The invention can be applied to the field of low-cost cryptography, especially the field of radio-identification.

Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device (10) is a security module containing a first encrypting key, said private key (PAKV) of a pair of asymmetric encrypting keys. The second device is a receiver (11) comprising at least one second encrypting key, said public key (PAKB) of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key (13). The first device (10) generates a first random number (A), which is encrypted by said private key (PAKV), then transmitted to the second device (11), in which it is decrypted by means of the public key (PAKB). The second device (11) generates a second random number (B), which is encrypted by said public key (PAKB), then transmitted to the first device (10), in which it is decrypted by means of the private key (PAKV).

Abstract: Current MAC algorithms impose a significant system performance requirement in order to process messages in real time. According to an exemplary embodiment of the present invention, a hardware implemented generator for generating a MAC is provided, that results in a significant improvement in hardware performance requirements for processing messages in real time. The engine is based on linear feedback shift registers which are adapted to generate secure MACs.

Abstract: Systems and methods for providing Kerberos pre-authentication are presented. According to a method embodiment, a request for authentication is received from a principal of an authentication service. The principal in the authentication service is authenticated. A key associated with the authenticated principal in the authentication service is provided to a Kerberos Key Distribution Center (KDC).

Abstract: A method and apparatus for securing the interface between a Universal Integrated Circuit Card (UICC) and a Terminal in wireless communications is disclosed. The security of Authentication and Key Agreement (AKA) and application level generic bootstrapping architecture (GBA) with UICC-based enhancements (GBA_U) procedures is improved. A secure shared session key is used to encrypt communications between the UICC and the Terminal. The secure shared session key generated using authenticating or non-authenticating procedures.

Abstract: A public-key encryption system. Encryption of a k-bit plaintext m is performed by picking a random generating ciphertext and outputting the ciphertext. N is a non-prime integer (preferably the product of two primes p and q), y is an element in multiplicative group of integers modulo N, and k is an integer larger than 1, Decryption of ciphertext c using private key is performed by recovering such that holds and outputting plaintext m, wherein denotes the 2k-th power residue symbol modulo p, which is defined. Also provided are an encryption device and a decryption device. The encryption scheme provides better bandwidth than the Goldwasser-Micali encryption scheme.

Abstract: A secure information storage management system may securely manage the storage of confidential information. A randomizer module may randomly generate a schema that specifies a random number of pieces, a random size for each piece, a random sequence for the pieces, and/or a random location where each piece is to be stored. The randomizer module may divide the confidential information into pieces that collectively constitute the confidential information in conformance with the schema. A storage management module may cause each piece of confidential information to be stored at a different, non-contiguous storage location. When present, the storage management module may cause each piece to be stored at the location for it that is specified in the schema.

Abstract: Some embodiments provide systems and techniques for performing parameterizable cryptography. An encryption key can be determined based at least on a string associated with an authorization policy. The encryption key can then be used to encrypt information. The decryption key can also be determined based at least on the string associated with the authorization policy. Note that the authorization policy must be satisfied to decrypt information. In some embodiments, the systems and techniques for performing parameterizable cryptography are blindable. These blindable embodiments can be used to preserve privacy.

Abstract: Provided is a data acquisition module. The data acquisition module includes a memory and a controller. The controller includes an encryption module configured to encrypt information written to the memory using a key included in the controller. The key is unique to the controller. Also provided is a method for processing identification information. The method includes encrypting information with a key included in a controller and storing the encrypted information. The key is unique to the controller.

Abstract: Data are converted between an unencrypted and an encrypted format according to the Rijndael algorithm, including a plurality of rounds. Each round is comprised of a fixed set of transformations applied to a two-dimensional array, designating states, of rows and columns of bit words. At least a part of the transformations are applied on a transposed version of the state, wherein rows and columns are transposed for the columns and rows, respectively.