Abstract: Disclosed is a method for implementing a symmetric key encryption algorithm against power analysis attacks, including: generating and storing an affine transform table; generating and storing a masked inversion table; and operating a masked S-box using the affine transform table and the masked inversion table.

Abstract: A system and method of for obtaining a pseudorandom number generator are disclosed. A set of state modules, each with a limit value, may be provided. In an embodiment, each of the limit values may be relatively prime to the other limit values. In response to one or more events, the values of the state modules are incremented. At some frequency that may be statistically independent from the occurrence of the one or more events, the values of the state modules are obtained and combined to form a random number. The values may be combined as desired and, if desired, may be combined modulo 2w, where 2w represents the number of possible random values.

Abstract: A random wave envelope is created from a set of bounded random numbers by additively combining a triangle, a square and a sine wave. The random wave envelope is then used to create a sequence of wave random numbers from the wave envelope, which are used to generate random-variant keys for encryption in place of the pre-placed encryption key. An ambiguity envelope is thus created over the transmission of data packets as random-variant-keys are used that are distinct and separate for each packet and may also be distinct and separate for each incoming and outgoing packet. The random-variant keys are only created at the time of the actual use for encrypting or decrypting a data packet and not before and then discarded after one time use. The random-variant keys may be used in wireless network using wireless access points, cellular phone and data networks and ad hoc mobile wireless networks.

Abstract: A transmitting apparatus 100 includes an initialization vector generating unit 110 for generating initialization vector IV1-IV5 for encrypting stream data with a stream encryption method, wherein the initialization vector is changed at every initialization intervals defined by a stream encryption module; an initialization packet generating unit 140 for generating an initialization packet IP containing an initialization vector used when stream data following the initialization packet are encrypted and another initialization vector used when another stream data different from the stream data following the initialization packet are encrypted; an encryption unit 120 for initializing the stream encryption module using a generated initialization vector, and performing stream encryption on stream data following the initialization vector; an encryption packet generating unit 130 for generating an encryption packet EP containing stream-encrypted data; and a transmission unit 150 for transmitting the initialization pac

Abstract: The present invention discloses methods, media, and systems for handling hard-coded credentials, the system including: an interception module configured for: intercepting credential usage upon receiving an application request for application credentials in order to provide access to a host application; a configuration/settings module configured for reading system configurations and settings for handling the application credentials; a credential-mapping module configured for: applying appropriate credential-mapping logic based on the system configurations and settings; and upon determining that the application credentials need to be replaced, obtaining appropriate credentials from a secured storage.

Abstract: A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: An archival storage cluster of preferably symmetric nodes includes a data privacy scheme that implements key management through secret sharing. In one embodiment, the protection scheme is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen or otherwise compromised. Due to the secret sharing scheme, any t of the n nodes must be present before the cluster can mount the drives. Thus, to un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal.

Abstract: A method for encoding video includes receiving data, and encrypting the data using at least four Huffman trees. A method for encoding video includes receiving data, and encrypting the data such that an internal state of a stream cipher is independent of plaintext and ciphertext. A video encoding system for encoding video in a computing environment includes means for accessing data, and means for encrypting the data such that there are approximately 2106 possibilities.

Abstract: A method of authenticating an entity by a verification entity, said entities sharing a pair of secret keys X and Y which are n×m (n, m>i) binary matrices. The method may be applied to cryptographic protocols for authenticating electronic chips at a very low cost.

Abstract: A non-copyable data storage disk (NCDisk) that may be used in a secure data storage system. Stored data items on the NCDisk may only be used through the data storage system, and cannot be copied to and used by any other devices. Digital data written to the NCDisk is automatically converted to a new format by the NCDisk itself before being stored on it. Similarly, when reading a data item out from the NCDisk, the NCDisk itself automatically converts the stored data item to a new data format that a reading device can recognize. Data conversion does not involve the computer operating system. The data conversion unit may include a chipset level 2 secure key management module that generates and manages the keys used for the data conversion.

Abstract: A method and system for programming and reading data with reduced read errors in a memory device. In one approach, date to be written to the memory device is scrambled using a first pseudo random number which is generated based on a number of a page of the memory device to which the data is to be written and a second pseudo random number which is generated based on a number of a block of the memory device to which the data is to be written. This avoids bit line-to-bit line and block-to-block redundancies which can result in read errors. The data may also be scrambled based on a number of a section within a page.

Abstract: The invention relates to a system for generating unpredictable pseudorandom numbers in a chaotic manner, comprising discrete chaotic map processing means and an XOR gate for generating unpredictable pseudorandom numbers. The method is based on introducing a high degree of entropy in the system by cyclically shifting chaotic maps to the right.

Abstract: A pseudo-random number generator 100 generates a pseudo-random number by the following operation. At C.2, S1[B41] is determined from B41 set in a second internal memory, and S2[B40] is determined from B40. Then, R[J] is generated from S1[I], S1[B41], and S2[B40]. At C.3, S1[I] is newly generated based on S1[B41] and S2[B40]. At C.4, B4 is updated from S2(I). In the above, the relationship between R[J] and S2(I) is cut off, which makes difficult to estimate S2(I) from R[J], and security is increased. Further, since S1[I], S1[B41], S2[B40], etc. have 4 bytes, the processing speed is high.

Abstract: A system includes a key path generator that generates a key path based on a plurality of encryption keys. A block coding unit generates a plurality of codewords based on a plurality of data blocks. A block scrambling unit scrambles the plurality of codewords to generate a plurality of encrypted blocks by entropy processing, chaos processing and permutation processing each of the plurality of codewords, based on the plurality of encryption keys.

Abstract: A system and method for controlling power windows of a vehicle includes a receiver mounted on the vehicle for receiving an open window request signal wirelessly from a portable device, at least one exterior condition sensor mounted on the vehicle for detecting an adverse exterior condition relative to the vehicle, and a controller mounted on the vehicle for communicating with the receiver and the at least one exterior condition sensor. The controller commands opening of the one or more power windows when the receiver receives the open window request signal provided the at least one exterior condition sensor does not detect an adverse exterior condition relative to the vehicle.

Abstract: Described is a method and system for establishing an authenticated wireless communication (e.g., using Bluetooth technology) between first and second mobile devices. The first device (e.g., a mobile barcode scanner) sends a signal to establish a wireless communication with the second device. The first device includes a data capturing arrangement (“DCA”) as an only input device interface with a user thereof. The second device initiates an authentication process by requesting the first device to obtain a PIN code from the user. Once the first device obtains the PIN code from the user via the DCA, a pairing process is performed to compare the PIN code to entries in a database of authorized PIN codes. When the pairing process has been successfully completed, a link key is generated to establish the authenticated wireless communication between the first and second devices.

Abstract: Secure Variable Data Rate Transceivers and methods for implementing Secure Variable Data Rate are presented. An efficient and systematic method and circuit for implementing secure variable data rate transceivers are presented. The SVDR method is based on block ciphers. An index method is presented for minimizing transmission overhead. This allows SVDR to achieve higher security by using the full ciphermode stream.

Abstract: The invention relates to a method of generating a pseudorandom string of terms belonging to a finite body K of cardinal q?2 intended to be used in a cryptography procedure, said method comprising the iterative calculation of a system (?) of m polynomials with n variables belonging to the finite body K. According to the invention, the coefficients of these m polynomials are regenerated at each iteration. The invention also relates to pseudorandom string generator intended to implement this method.

Abstract: The image forming apparatus includes: a random number information generation part that generates random number information; a first encryption part that encrypts the random number information generated by the random number information generation part with using a first encryption key; a second encryption key generation part that newly generates a second encryption key from the random number information generated by the random number information generation part; a second encryption part that encrypts specific information for identifying the apparatus with using the second encryption key generated by the second encryption key generation part; a code data creation part that creates code data based on encrypted random number information encrypted by the first encryption part and encrypted specific information encrypted by the second encryption part; and an image forming part that forms a code image based on the code data created by the code data creation part on a recording medium.

Abstract: A base station of a wireless communication system includes: a base station side data generation portion generating a number of sets of scramble data which are different from each other while the number of sets of the scramble data is the same as or more than the number obtained by multiplying the number of the sub-channels used in said overall wireless communication system by the number of the subcarriers; a base station side storage portion which stores the scramble data; a base station side upper layer control portion which outputs both transmission data for a terminal at other end of a communication and information of sub-channels; a base station side lower layer control portion which, based on the information of the sub-channels, controls the base station side storage portion to output scramble data corresponding to the sub-channels; a base station side scramble portion which conducts a multiplication operation between the transmission data output from the base station side upper layer control portion and

Abstract: The present application relates to cloud storage technology and especially relates to a cloud storage data access method, apparatus and system based on OTP. This method includes: generating and storing true random numbers of a predetermined length and a random seed of a predetermined length composed of the true random numbers via a preset method; acquiring data from the random seed for several times and cascading the data acquired each time into a true random data string of no shorter than the length of plaintext; based on the true random data string, generating a true random cryptographic key of no shorter than the length of the plaintext, encrypting the plaintext using this cryptographic key and transmitting ciphertext to a cloud storage data center. This application also provides a cloud storage data access apparatus and system based on OTP.

Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: A hierarchical group key management approach based on linear geometry is disclosed.

Abstract: A key generation system is disclosed that provides for the generation of privileged group keys based on the input of a privileged group. The system performing the key generation has stored component keys corresponding to every possible subset X of the unitary set, where subsets X have k or fewer members. The privileged group key is generated for the privileged set by passing ordered component keys of subsets X that do not contain members of the privileged set to a pseudo random function.

Abstract: An electronic circuit includes a more-secure processor having hardware based security for storing data. A less-secure processor eventually utilizes the data. By a data transfer request-response arrangement between the more-secure processor and the less-secure processor, the more-secure processor confers greater security of the data on the less-secure processor. A manufacturing process makes a handheld device having a storage space, a less-secure processor for executing modem software and a more-secure processor having a protected application and a secure storage. A manufacturing process involves generating a per-device private key and public key pair, storing the private key in a secure storage where it can be accessed by the protected application, combining the public key with the modem software to produce a combined software, signing the combined software; and storing the signed combined software into the storage space.

Abstract: The speed at which encrypt and decrypt operations may be performed in a general purpose processor is increased by providing a separate encrypt data path and decrypt data path. With separate data paths, each of the data paths may be individually optimized in order to reduce delays in a critical path. In addition, delays may be hidden in a non-critical last round.

Abstract: The method of performing elliptic polynomial cryptography with elliptic polynomial hopping allows for the encryption of messages through elliptic polynomial cryptography, i.e., using elliptic polynomials with multi x-coordinates, and particularly with the utilization of elliptic polynomial hopping based upon both the elliptic polynomial and its twist, regardless of whether the elliptic polynomial and its twist are isomorphic with respect to one another. Each plaintext block is encrypted by a different elliptic polynomial, and the elliptic polynomials used are selected by an initial secret key and a random number generator. The method is particularly useful for symmetric encryption systems, and provides a block cipher fundamentally based upon a computationally hard problem.

Abstract: There is described a method for transmitting synchronization messages, for example PTP messages of the IEEE 1588 standard, the PTP message being inserted into a data packet in line with the Internet Protocol, the data packet having an IP header, and the data packet having a UDP header. In this case, for the encrypted transmission on the PTP message, the data packet is addressed to a UDP port that is reserved for encrypted PTP messages, the data packet is provided with an additional S-PTP header that is provided for encryption, the PTP message is extended with a pseudo random number, and the PTP message is encrypted together with the pseudo random number.

Abstract: Systems and methods related to providing error correction in a text caption are disclosed. A method may comprise displaying a text caption including one or more blocks of text on each of a first device and a second device remote from the first device. The method may also include generating another block of text and replacing a block of text of the text caption with the another block of text. Furthermore, the method may include displaying the text caption on the second device having the block of text of the first text caption replaced by the another block of text.

Abstract: Secure communication of data between devices includes encrypting unencrypted data at a first device by reordering unencrypted bits provided in parallel on a device bus, including data and control bits, from an unencrypted order to form encrypted data including a plurality of encrypted bits in parallel in an encrypted order defined by a key. The encrypted data may be transmitted to another device where the encrypted data is decrypted by using the key to order the encrypted bits to restore the unencrypted order thereby to reform the unencrypted data.

Abstract: Data storage devices having one or more data security features are provided according to various embodiments of the present invention. In one embodiment, a data storage device comprises buffer and a buffer client. The buffer client comprises a scrambler configured to receive a configuration setting and a secret key on a certain event, to configure a scrambling function based on the received configuration setting, and to scramble data with the secret key using the scrambling function, wherein the buffer client is configured to write the scrambled data to the buffer.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract: A digital rights management system (DRM) for restricting and permitting content access in a digital content distribution network such as a network used to deliver television programming. The DRM uses distributed authentication and provisioning so that the potentially many different entities involved in the content distribution network can have localized management and control. Distributed authentication can use single or multiple instances of authentication services. A ticket granting service (TGS) is used to allow clients to request services. In one approach, multiple authentication services use a common key that is known to the TGS. In another approach, unique keys are provided to each authentication service and these keys are communicated to the TGS. Distributed provisioning allows different entities to grant access rights or other resources. Provisioning service (PS) processes can execute at multiple different physical locations.

Abstract: A system includes a key path generator that generates a key path based on a plurality of encryption keys. A block descrambling unit generates a plurality of codewords to by de-entropy processing, de-chaos processing and de-permutation processing each of a plurality of encrypted blocks. A decoder generates a plurality of data blocks by decoding the plurality of codewords.

Abstract: Complex encryption keys, in an encryption scheme using an encryption algorithm and an n-bit length encryption key that does not depend upon using longer keys, has the steps: (i) parsing the n-length key into a set of numbers, (ii) mapping each set of numbers to a wave, and (iii) combining the set of waves additively yielding a complex wave, where a sequence of random numbers, called wave random numbers from the wave amplitude may be derived. The wave random numbers are then used for generating different types of complex encryption keys, such as random transient keys (RTK), random helical keys (RGH) and random length keys (RLK). These complex keys are transient encryption keys and are deleted after each use and recreated at a different time and place for decryption by repeating the process steps.

Abstract: A method for managing keys making it possible for a user to access one or more given services S in a communication system, in which the user is not able to be continuously connected to this service. A key K(t) is generated, which provides access to the service of day [t] for all the t<tfin by using a one-way function in the following manner (a one-way function being defined as being a function for which it is not currently possible by computing means to obtain the inverse function). A root key K(tfin) is used and the key K(tfin-1) is generated for the day [tfin-1] prior to the day tfin, by using a function f such that K(tfin?1)=f(K(tfin)). The new value of key K(tfin-1) is used in order to generate the key for the previous day K(tfin-2) and this step is reiterated over the limited time period of day [t] to day [t+d] in order to obtain the chain K(t+d?1), K(t+d?2), etc.

Abstract: A method of generating a number includes asynchronously updating a plurality of linear feedback shift registers, selecting a mixing function using a balanced entropy value, and determining the number from bit values selected from the plurality of linear feedback shift registers based on the selected mixing function.

Abstract: Plain text, a secret key and a primitive polynomial that defines a finite field of even characteristic are received. The plain text is divided into a plurality of plain text blocks. For each plain text block of the plurality of plain text blocks other than a first plain text block, the plain text block is multiplied by a preceding cipher text block over the finite field of even characteristic, modulo the primitive polynomial, to generate an intermediate block, wherein the preceding cipher text block was generated from a preceding plain text block. Each intermediate block is processed by a block cipher using the secret key to generate a subsequent cipher text block. The block cipher operates in a nonlinear feedback mode of operation.

Abstract: The present invention is directed toward secure access systems. Specifically, a method and system is provided that enhances the security of unidirectional communication protocols used in access control systems, such as the Wiegand protocol. The enhancements may include obfuscation of data, a two-way packet-mode communications, and blind synchronization of pseudo-random number generators.

Abstract: A mobile communication device is provided with an integral transducer used to refresh a random data pool without connection to an external source of new random data.

Abstract: A random number generating device includes: a random number generator configured to have a plurality of random number generating elements that generate a random number in response to supply of a spin-injection current; and a temperature controller.

Abstract: Elliptic polynomial cryptography with secret key embedding is a method that allows for the encryption of messages through elliptic polynomial cryptography and, particularly, with the embedding of secret keys in the message bit string. The method of performing elliptic polynomial cryptography is based on the elliptic polynomial discrete logarithm problem. It is well known that an elliptic polynomial discrete logarithm problem is a computationally “difficult” or “hard” problem.

Abstract: Disclosed herein are a method and apparatus for generating a session key and a cluster key using a network coding scheme. The apparatus includes a random number generation unit, a combination generation unit, a combination transmission unit, a coding result reception unit, and a restoration unit. The random number generation unit generates the random number of a node. The combination generation unit generates a combination based on a master key of the node and the random number. The combination transmission unit transfers the combination to a key distribution server. The coding result reception unit receives a result of a network coding, corresponding to an ID of the node, from the key distribution server. The restoration unit for generating a session key by restoring a random number, corresponding to a counterpart node of the node, using the result of the network coding and the random number.

Abstract: Methods and apparatus for improved scrambling and/or descrambling of packets in a communications network are described, e.g., improved scrambling/descrambling of MPEG-2 transport stream packets over an Internet Protocol network. Advance Encryption Standard (AES) under cipher block chaining is utilized in scrambling some transport stream packets. Methods and apparatus for computing an initialization vector or vectors used by the AES are also described. The initialization vector can be set to either a constant or a programmable random number. Scrambling methods and apparatus directed to scrambling solitary termination blocks with a reduced size packet payload e.g., less than 128 bits in an MPEG-2 transport stream packet, are also described. Various features are useful for and can be implemented in set-top boxes and IPTV scramblers in the headsets.

Abstract: A method of encrypting a plain text message that is m characters in length is described. A one off random key having a length of m characters is generated. The random key uses a character set and modulus that is compatible with the plain text message. A first substitution encryption of the plain text message is performed using the generated random key. A string of random fill characters that is f characters in length, f being a number between zero and infinity is generated. The generated random key and the string of random fill characters is concatenated to the encrypted plain text message to generate an encrypted message string. The encrypted message string has a length 2m+f. The encrypted message string is transmitted to a receiver.

Abstract: The present disclosure describes systems and methods of generating a cryptographic session key based on a known master key shared between a sender communicator and a receiver communicator in a communication network. In one example, a method includes receiving a request from the receiver communicator, by the sender communicator, to establish a communication session between the sender and the receiver communicator. The method further includes generating an open random number signal at the sender communicator and combining the generated open random number signal with the known master key to generate the cryptographic session key.

Abstract: A system and method are disclosed for securely transmitting and receiving a signal. A nonlinear keying modulator is used in the transmitter to encrypt the signal using a nonlinear keying modulation technique. A nonlinear keying demodulator is used in the receiver to decrypt the signal.

Abstract: Key management and user authentication systems and methods for quantum cryptography networks that allow for users securely communicate over a traditional communication link (TC-link). The method includes securely linking a centralized quantum key certificate authority (QKCA) to each network user via respective secure quantum links or “Q-links” that encrypt and decrypt data based on quantum keys (“Q-keys”). When two users (Alice and Bob) wish to communicate, the QKCA sends a set of true random bits (R) to each user over the respective Q-links. They then use R as a key to encode and decode data they send to each other over the TC-link.

Abstract: The invention relates to a method for providing an assertion message (200) from a proving party (20) to a relying party (40), the method comprising the steps of: —creating an assertion (A) comprising one or more statements, —creating an assertion proof (p A), —creating a temporary private key and a corresponding temporary public key (K) from the assertion (A) and the assertion proof (p A), —creating a key proof (PK) for the temporary public key (K), —creating an assertion message signature (S) by means of the temporary private key, —creating the assertion message (200) comprising the temporary public key (K), the assertion proof (PA), the key proof (PK), the assertion (A), a message body (220) and the assertion message signature (S) to the relying party (40).

Abstract: A system and method for providing an indication of randomness quality of random number data generated by a random data service. The random data service may provide random number data to one or more applications adapted to generate key pairs used in code signing applications, for example. In one aspect, the method comprises the steps of: retrieving random number data from the random data service; applying one or more randomness tests to the retrieved random number data to compute at least one indicator of the randomness quality of the random number data; associating the at least one indicator with at least one state represented by a color; and displaying the color associated with the at least one indicator to a user. The color may be displayed in a traffic light icon, for example.