Plural Generators Patents (Class 380/47)
  • Patent number: 10496839
    Abstract: Sensitive data is protected in a software product. A source file of the software product is compiled to generate an object file, in which the source file includes at least one piece of sensitive data marked with a specific identifier. The object file has a secure data section for saving storage information of the at least one piece of sensitive data at compile-time and run-time. The object file is linked to generate an executable file. The executable file updates the secure data section at run-time. Sensitive data is also protected when a core dump is generated.
    Type: Grant
    Filed: December 8, 2017
    Date of Patent: December 3, 2019
    Assignee: International Business Machines Corporation
    Inventors: Rui Feng, Shuang Shuang Jia, Da Fei Shi, Lijun Wei
  • Patent number: 10291596
    Abstract: A system comprising a terminal and a server, wherein the terminal is installed in the system by the server being configured to: identify the terminal; generate key generation data, comprising at least one data seed; distribute the at least one seed to the terminal; generate key data and meta data based on said at least one seed and a function; store an identifier for the terminal along with the key data and the meta data for the terminal, wherein the terminal is arranged to receive the at least one seed from the server; generate key data and meta data based on said at least one seed and the same function; store the key data and the meta data, wherein the key data and the meta data stored in the terminal are the same as the key data and the meta data stored in the server.
    Type: Grant
    Filed: October 8, 2015
    Date of Patent: May 14, 2019
    Assignee: KELISEC AB
    Inventor: Elise Revell
  • Patent number: 9660805
    Abstract: The present invention discloses methods and devices for securing keys when key-management processes are subverted by an adversary. Methods include the steps of: upon receiving a creation request in the computing-environment, creating a secure key in at least one location in a computing environment by repetitively computing respective secure-key contributions: in at least one location; and in a set of N computing resources in the computing environment, wherein N is a non-negative integer; and applying the respective secure-key contributions to change a secure-key value, wherein: the respective secure-key contributions cannot be omitted or modified by at least one location; and the secure key is never revealed to the computing resources; thereby enabling the computing resources in the computing environment to ensure that the secure key is truly random; wherein at least one location is a region of memory located in a computing resource operationally connected to the computing-environment.
    Type: Grant
    Filed: May 13, 2015
    Date of Patent: May 23, 2017
    Assignee: Porticor Ltd.
    Inventors: Gilad Parann-Nissany, Yaron Sheffer, Alon Rosen
  • Patent number: 9455968
    Abstract: A method includes (1) receiving, by a mobile computing device (MCD), user-specific data from a user, (2) processing (a) a user share of a cryptographic key, the user share being fixed based on the received user-specified data, and (b) a local share of the cryptographic key to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares, and (3) decrypting encrypted data stored on the MCD using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to the resource.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: September 27, 2016
    Assignee: EMC Corporation
    Inventors: Salah Machani, Nikolaos Triandopoulos, Lawrence N. Friedman
  • Patent number: 9400495
    Abstract: For machine procedure simulation, a synchronization module stores a plurality of equipment procedures in a procedure database. Each equipment procedure corresponds to an equipment instance of a plurality of equipment instances and each equipment instance corresponds to an equipment reference code. The synchronization module further synchronizes the plurality of equipment procedures to a mobile device. A retrieval module receives a first equipment reference code at the mobile device and retrieves a first equipment procedure indexed to the first equipment reference code. The first equipment procedure includes a machine simulation for the first equipment instance. A training module receives a procedure step directed to the machine simulation. In addition, the training module displays an operator simulation interacting with the machine simulation in response to the procedure step.
    Type: Grant
    Filed: February 27, 2015
    Date of Patent: July 26, 2016
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: Jimi Michalscheck, Kelly Michalscheck
  • Patent number: 9117073
    Abstract: In systems and methods of network path generation, instructions are transferred from a first network node to a second network node instructing the second network node to establish a first secure communication link with the first network node. According to the instructions, instructions are transferred from the second network node to a third network node instructing the third network node to establish a second secure communication link with the second network node. Within the first secure communication link and the second communication link, a third secure communication link between the first network node and the third network node is established.
    Type: Grant
    Filed: February 8, 2013
    Date of Patent: August 25, 2015
    Assignee: MANTECH ADVANCED SYSTEMS INTERNATIONAL, INC.
    Inventors: Matthias P. Daue, Aaron M. Carreras, Douglas E. Albert
  • Patent number: 9077444
    Abstract: A wireless method and apparatus for late entry in frequency hopping systems that, during call setup, computes a random permutation sequence through a hop set of frequencies, chooses preamble frequencies to omit data thereon in lieu of preamble data, and swaps frequencies in the random permutation sequence such that synchronization frequencies lie next to the preamble frequencies with an expected delay such that late entrants can join. The wireless method and apparatus meets the FCC requirement of maintaining a pseudorandom hopping pattern and equal distribution of all frequencies in a hop set while guaranteeing late entry and having no effect on battery performance of radios.
    Type: Grant
    Filed: September 12, 2013
    Date of Patent: July 7, 2015
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Duminda A Dewasurendra, Mark A Boerger, Mahes M Ekanayake, John K McKinney
  • Patent number: 9037875
    Abstract: In one or more embodiments, an integrated circuit includes a programmable memory, a key generation module and a module. The programmable memory is to maintain a first key portion. The key generation module is to generate a key using the first key portion from the programmable memory and a second key portion received via a memory interface. The module is to encrypt or decrypt data using the key.
    Type: Grant
    Filed: April 15, 2013
    Date of Patent: May 19, 2015
    Assignee: Marvell International Ltd.
    Inventors: Tze Lei Poo, Gregory Burd, Phuc Thanh Tran, Saeed Azimi
  • Patent number: 9032208
    Abstract: A communication terminal that can adjust which section of a one-time pad cipher key is used and achieve cipher communication when there is a possibility that the one-time pad cipher keys are not completely matched between communication terminals. A cipher key transfer device acquires a one-time pad cipher key from a key sharing system, divides the acquired one-time pad cipher key with a predetermined number of bits, and transfers the same to a mobile communication terminal after converting the same into one-time pad cipher key cartridges. Along with the partner's terminal, the mobile communication terminal negotiates which one-time pad cipher key cartridge will be used to perform cipher communication, decides the one-time pad cipher key cartridge to be used, and begins cipher communication.
    Type: Grant
    Filed: August 24, 2010
    Date of Patent: May 12, 2015
    Assignee: Mitsubishi Electric Corporation
    Inventors: Hirosato Tsuji, Yoichi Shibata
  • Patent number: 9015826
    Abstract: A mobile platform security apparatus and method is provided. The apparatus may perform a security setting by generating a first authentication key, a second authentication key, and a third authentication key for each function called by an application program. The apparatus may store the first authentication key and an identifier for identifying the application program in a first storage unit, the second authentication key and the identifier in a secret domain of a second storage unit, and register the third authentication key and the identifier as a function parameter in the application program. Subsequently, if the function is called by the application program, the apparatus may determine values for the first authentication key, the second authentication key, and the third authentication key corresponding to the called function, and may perform authentication processing using the three authentication key values.
    Type: Grant
    Filed: September 16, 2011
    Date of Patent: April 21, 2015
    Assignee: Pantech Co., Ltd.
    Inventor: Jae Choon Park
  • Patent number: 9015487
    Abstract: Disclosed is a method for virtual pairing of a first peer device with a second peer device. In the method, a nonce is generated at the first peer device for use in virtually pairing the first and second peer devices to establish a first-type wireless connection. The nonce is forwarded from the first peer device to the second peer device over an already established second-type wireless connection between the first and second peer devices. At least one new key is generated from the nonce and a shared key for the already established second-type wireless connection. The first peer device is virtually paired with the second peer device using the at least one new key to establish the first-type wireless connection between the first and second peer devices.
    Type: Grant
    Filed: March 31, 2009
    Date of Patent: April 21, 2015
    Assignee: QUALCOMM Incorporated
    Inventors: Lu Xiao, Gregory Gordon Rose, David Jonathan Julian
  • Patent number: 9008311
    Abstract: A communication system that includes a sender computer and plurality of designated receiver computers coupled to the sender through a communication link. Each one of the receiver computers is equipped with computational resources stronger than the computational resources of an adversary computer. There is provided a method for sending a secret from the sender computer to a designated receiver computer. The sender computer defining a succession of computational tasks having respective solutions. The computational tasks are so defined such that the duration of solving each task by the receiver computer is shorter than what would have been required for the adversary computer to solve the task. Next, the sender computer sending through the link the succession of tasks encrypted by previous solutions and the receiver computer receiving the tasks and is capable of decrypting the secret faster than what would have been required for the adversary computer to decrypt the secret.
    Type: Grant
    Filed: June 23, 2005
    Date of Patent: April 14, 2015
    Assignee: Ben-Gurion University of the Negev Research and Development Authority
    Inventors: Shlomi Dolev, Ephraim Korach, Galit Uzan
  • Patent number: 8995653
    Abstract: Embodiments of the present invention address deficiencies of the art in respect to symmetric key generation and provide a method, system and computer program product for symmetric key generation using an asymmetric private key. In one embodiment, a symmetric key generation data processing system can include a symmetric key generator configured with a programmatic interface including an input parameter for a seed, an input parameter for an asymmetric private key, and an output parameter for a symmetric key. The symmetric key generator can include program code enabled to generate the symmetric key by encrypting the seed with the asymmetric private key.
    Type: Grant
    Filed: July 12, 2005
    Date of Patent: March 31, 2015
    Assignee: International Business Machines Corporation
    Inventors: Alan D. Eldridge, David S. Kern
  • Patent number: 8995660
    Abstract: A cryptographic communication technology that is based on functional encryption and that can operate flexibly is provided. A conversion rule information pair is determined in advance, which has attribute conversion rule information prescribing a conversion rule for converting attribute designation information to attribute information used in a functional encryption algorithm and logical expression conversion rule information prescribing a conversion rule for converting logical expression designation information to logic information used in the functional encryption algorithm. One kind of conversion rule information included in the conversion rule information pair is used to obtain first attribute information or first logic information from input information. The first attribute information or the first logic information is used for encryption.
    Type: Grant
    Filed: July 22, 2011
    Date of Patent: March 31, 2015
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventors: Tetsutaro Kobayashi, Kaku Takeuchi, Sakae Chikara
  • Patent number: 8989374
    Abstract: According to one embodiment, a memory being used to store a host identification key, a host constant (HC), and a first key, the first key being generated based on the host constant (HC); a first generator configured to decrypt a family key block read from an external device with the host identification key to generate a family key; a second generator configured to decrypt encrypted secret identification information read from the external device with the family key to generate a secret identification information; a third generator configured to generate a random number; a fourth generator configured to generate a session key by using the first key and the random number; a fifth generator configured to generate a first authentication information by processing the secret identification information with the session key in one-way function operation.
    Type: Grant
    Filed: June 15, 2012
    Date of Patent: March 24, 2015
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita
  • Patent number: 8983068
    Abstract: An NLFSR of length k, configured to output a sequence of masked values x?i=xi+mi according to a masked recurrence x?n+k=f(x?n, . . . , x?n+k?1), the NLFSR including a nonlinear feedback function configured to compute f(x?n, . . . , x?n+k?1) so as to obtain a feedback value, a correction function configured to compute (mn, . . . , nn+k?1)+mn+k+h(mn, mn+k?1, xn, . . . , xn+k?1) to obtain a correction value c, and a corrector configured to correct the feedback value {circumflex over (x)}?n+k using the correction value c to obtain a corrected feedback value which forms x?n+k.
    Type: Grant
    Filed: March 6, 2013
    Date of Patent: March 17, 2015
    Assignee: Infineon Technologies AG
    Inventors: Berndt Gammel, Stefan Mangard
  • Patent number: 8964982
    Abstract: A cryptographic communication technology that is based on predicate encryption and that can operate flexibly is provided. A conversion rule information pair is determined in advance, which has attribute conversion rule information prescribing a conversion rule for converting attribute designation information to attribute information used in a predicate encryption algorithm and predicate conversion rule information prescribing a conversion rule for converting predicate designation information to predicate information used in the predicate encryption algorithm. One kind of conversion rule information included in the conversion rule information pair is used to obtain first attribute information or first predicate information from input information. The first attribute information or the first predicate information is used for encryption.
    Type: Grant
    Filed: April 23, 2010
    Date of Patent: February 24, 2015
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventors: Kaku Takeuchi, Tetsutaro Kobayashi, Sakae Chikara
  • Patent number: 8958555
    Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g(z)?i=0n?1(v(?i)?z), where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).
    Type: Grant
    Filed: June 19, 2013
    Date of Patent: February 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Craig B. Gentry, Shai Halevi
  • Patent number: 8954740
    Abstract: A server receives identifying information of a user of a client device and data encrypted with a public key of a group, where the encrypted data includes an encrypted session key for secure content. The server determines whether the user is a member of the group using the identifying information of the user. If the user is a member of the group, the server decrypts the encrypted session key using a private key of the group, and causes the client device to obtain a session key to access the secure content.
    Type: Grant
    Filed: October 4, 2010
    Date of Patent: February 10, 2015
    Assignee: Symantec Corporation
    Inventors: Vincent E. Moscaritolo, Damon Cokenias, David Finkelstein
  • Patent number: 8954745
    Abstract: A method and apparatus are provided to allow a user of a communications device to utilize one-time password generators for two-way authentication of users and servers, i.e., proving to users that servers are genuine and proving to servers that users are genuine. The present invention removes the need for a user to have a separate physical device, e.g., token, per company or service, reduces the cost burden on the companies and allows for two-way authentication via multiple access methods, e.g., telephone, web interfaces, automatic teller machines (ATMs), etc. Also, the present invention may be utilized in consumer and enterprise applications.
    Type: Grant
    Filed: April 3, 2007
    Date of Patent: February 10, 2015
    Assignee: Alcatel Lucent
    Inventors: Debra L. Cook, Vijay K. Gurbani, Maarten Wegdam
  • Patent number: 8935762
    Abstract: An authentication server and user device are provided. The authentication server includes: a memory for storing a user identification code associated with a user; a function generator for generating a plurality of functions, the functions adapted to produce a pass code based on the user identification code; a memory for storing a function associated with the user; an application generator for generating an application adapted to implement the function on a user device; an application distributor for distributing the application to the user device; a transaction code generator for generating a transaction code for a transaction; a transaction code distributor for supplying the transaction code to the application; and a controller for receiving a pass code for the transaction from the user device and for authenticating the transaction based on the received pass code, the function, the user identification code and the transaction code.
    Type: Grant
    Filed: June 26, 2007
    Date of Patent: January 13, 2015
    Assignee: G3-Vision Limited
    Inventors: Guy Moas, Ram Gabay
  • Patent number: 8929554
    Abstract: Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution (“QKD”) are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.
    Type: Grant
    Filed: June 6, 2013
    Date of Patent: January 6, 2015
    Assignee: Los Alamos National Security, LLC
    Inventors: Richard John Hughes, Jane Elizabeth Nordholt, Charles Glen Peterson
  • Publication number: 20140369499
    Abstract: According to an embodiment, a cryptographic device includes a first operation unit that receives a shared key and generates plural expanded keys; and a second operation unit that receives plaintext or ciphertext and performs at least one of encryption and decryption using the expanded keys. First data pieces are obtained by dividing the plaintext into predetermined units of words or obtained by dividing the ciphertext into predetermined units of words. The second operation unit includes a data array determination unit that determines, at a time of encryption, an array order of the first data pieces included in the plaintext as a first order, and determines, at a time of decryption, an array order of the first data pieces included in the ciphertext as a second order; and a main data computation unit that performs, on the first data pieces, computation of at least one of encryption and decryption in the determined order.
    Type: Application
    Filed: March 12, 2014
    Publication date: December 18, 2014
    Applicant: KABUSHIKI KAISHA TOSHIBA
    Inventor: Takeshi KAWABATA
  • Patent number: 8898463
    Abstract: According to one embodiment, a device includes a cell array including an ordinary area, a hidden area, and an identification information record area in which identification information which defines a condition for accessing the hidden area is recorded. An authentication circuit performs authentication. A sensing circuit recognizes information recorded in the identification information storage area, determines the information recorded in the identification information record area when an access request selects the hidden area, validates an access to the hidden area when determined that the identification information is recorded, and invalidates an access to the hidden area when determined that the identification information is not recorded.
    Type: Grant
    Filed: June 15, 2012
    Date of Patent: November 25, 2014
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita
  • Patent number: 8886935
    Abstract: According to some embodiments, a key management apparatus for deploying in a smart grid system adapted to receive metering data from smart meters connected to at least one relay via a network, includes: a key control mechanism that derives a key array of individual purpose specific keys from one master key such that the purpose specific key in the key array are each independent cryptographic keys for each specific usage in an application or for each application if there is only one specific usage in an application.
    Type: Grant
    Filed: March 23, 2011
    Date of Patent: November 11, 2014
    Assignees: Kabushiki Kaisha Toshiba, Telcordia Technologies Inc.
    Inventors: Yoshihiro Ohba, Mitsuru Kanda, Subir Das, David Famolari
  • Patent number: 8861722
    Abstract: A device for generating a session key which is known to a first communication partner and a second communication partner, for the first communication partner, from secret information which may be determined by the first and second communication partners, includes a first module operable to calculate the session key using a concatenation of at least a part of a random number and a part of the secret information. The device also includes a second module operable to use the session key for communication with the second communication partner.
    Type: Grant
    Filed: June 10, 2010
    Date of Patent: October 14, 2014
    Assignee: Infineon Technologies AG
    Inventors: Berndt Gammel, Wieland Fischer, Stefan Mangard
  • Patent number: 8862867
    Abstract: The disclosure discloses a method for protecting security of layer-3 mobility user plane data in Next Generation Network (NGN), includes: performing authentication by a terminal with an authentication server; after the authentication is passed, obtaining a shared key material by both the terminal and the authentication server; generating, by the terminal and the authentication server, a mobility data security key according to the shared key material; transmitting, by the authentication server, the generated mobility data security key to a mobility data transmission module; protecting security of the layer-3 mobility user plane data, by the terminal and the mobility data transmission module, by using the mobility data security key. The disclosure also discloses a system for protecting security of layer-3 mobility user plane data in NGN.
    Type: Grant
    Filed: March 22, 2010
    Date of Patent: October 14, 2014
    Assignee: ZTE Corporation
    Inventors: Hongyan Wang, Yinxing Wei
  • Patent number: 8861721
    Abstract: The system and method for securing scalar multiplication against simple power attacks (SPAs) delays required point additions in elliptic curve cryptosystem scalar multiplication. A buffer is used to store the points that will be added later until the buffer is full or the last bit of a multiplier k is inspected, Then, the stored points in the buffer are added to the accumulation point. The same procedure is repeated whenever the buffer is full again. This makes the power trace appears as a repeated sequence of consecutive point doubling followed by consecutive point additions. This makes it very difficult for an attacker to know the exact value of the inspected bit during the scalar multiplication process.
    Type: Grant
    Filed: December 26, 2012
    Date of Patent: October 14, 2014
    Assignee: Umm Al-Qura University
    Inventor: Turki Faisal Al-Somani
  • Patent number: 8842826
    Abstract: A method and apparatus are provided for performing information-theoretically secure cryptography using joint randomness not shared by others. Two valid communicating entities independently generate samples of a shared source that is not available to an illegitimate entity. The shared source may be a satellite signal, and each legitimate entity may generate uniformly distributed samples from a binary phase-shift keying signal received on an independent channel. Alternatively, the shared source may be a channel between the two legitimate entities, such that each legitimate entity generates samples of unknown distribution based on the channel impulse response of the channel. One legitimate entity generates an encryption key, a quantization error, and a syndrome from its samples. The quantization error and the syndrome are reported to the other legitimate entity. The other legitimate entity generates a matching encryption key using its samples, the quantization error, and the syndrome.
    Type: Grant
    Filed: May 12, 2009
    Date of Patent: September 23, 2014
    Assignee: InterDigital Patent Holdings, Inc.
    Inventors: Chunxuan Ye, Alexander Reznik
  • Patent number: 8811615
    Abstract: Outputs from at least one pseudo-random source are used to encode hidden value. The hidden value is encoded using index based quantities, for example, based on numerically ordering a sequence of outputs from pseudo-random source(s). In some examples, the numerical ordering of re-generated device-specific quantities is used to re-generate the hidden value, without necessarily requiring additional error correction mechanisms. Information leak may be reduced by constructing system whose “syndrome” helper bits are random, as measured, for example, by NIST's Statistical Tests for Randomness In some examples, index based coding provides coding gain that exponentially reduces total error correction code complexity, resulting in efficiently realizable PRS-based key generation systems. In some examples, index based coding allows noisy PRS to be robust across conditions where conventional error correction code cannot error correct.
    Type: Grant
    Filed: August 5, 2010
    Date of Patent: August 19, 2014
    Assignee: Verayo, Inc.
    Inventors: Meng-Day Yu, Srinivas Devadas
  • Patent number: 8804963
    Abstract: A computer readable medium stores a program causing a computer to execute a key generating processing. The computer generates a signatory private key which is used in an electronic signature, a signatory public key, a signatory public key certificate, a certification public key which is used when recording the signatory private key in a PKI card and a certification private key, transmits the certification private key to the PKI card via a secure communication path, and transmits an encoded signatory key obtained by encoding the signatory public key certificate and the signatory private key using the certification public key to the PKI card via the secure communication path or a non-secure communication path.
    Type: Grant
    Filed: September 14, 2009
    Date of Patent: August 12, 2014
    Assignee: Fuji Xerox Co., Ltd.
    Inventor: Masamichi Koike
  • Patent number: 8804952
    Abstract: The system and method for securing scalar multiplication against differential power attacks (DPAs) delays required point additions in elliptic curve cryptosystem scalar multiplication. A buffer is used to store the points that will be added later in a random manner. Then, a randomly selected one of the stored points in the buffer is added to the accumulation point, or several randomly selected points are added consecutively. This makes the power trace appear as a repeated sequence of consecutive point doubling followed by consecutive point additions, which makes it very difficult for an attacker to know the exact value of the inspected bit during the scalar multiplication process.
    Type: Grant
    Filed: December 26, 2012
    Date of Patent: August 12, 2014
    Assignee: Umm Al-Qura University
    Inventor: Turki Faisal Al-Somani
  • Patent number: 8787564
    Abstract: Systems, methods, software, and combinations thereof for evaluating entropy in a cryptography system are described. In some aspects, sample values are produced by an entropy source system. A typicality can be determined for each of the sample values. A grading is determined for preselected distributions based on the typicalities of the sample values. A subset of the preselected distributions are selected based on the gradings. An entropy of the entropy source system is calculated based on the subset of the plurality of distributions.
    Type: Grant
    Filed: November 30, 2011
    Date of Patent: July 22, 2014
    Assignee: Certicom Corp.
    Inventor: Daniel Richard L. Brown
  • Patent number: 8788810
    Abstract: In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.
    Type: Grant
    Filed: December 29, 2009
    Date of Patent: July 22, 2014
    Assignee: Motorola Mobility LLC
    Inventors: Jiang Zhang, Alexander Medvinsky, Paul Moroney, Petr Peterka
  • Publication number: 20140198914
    Abstract: A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid.
    Type: Application
    Filed: January 30, 2014
    Publication date: July 17, 2014
    Applicant: SecureRF Corporation
    Inventors: IRIS ANSHEL, Michael Anshel, Dorian Goldfeld
  • Patent number: 8738924
    Abstract: An electronic system is provided, in which a smart chip, a smart chip controller, a processor, a system memory, and an access management module is provided. The smart chip controller communicates with the smart chip. The processor performs a mutual authentication with the smart chip. The system memory is accessible to the smart chip and the processor. The access management module is coupled between the processor and the smart chip controller. The access management module prevents the processor accessing a certain range of the system memory according to a block command from the smart chip controller, in response of that the mutual authentication between the processor and the smart chip is failed.
    Type: Grant
    Filed: April 22, 2008
    Date of Patent: May 27, 2014
    Assignee: Via Technologies, Inc.
    Inventors: Zhun Huang, Jiin Lai
  • Patent number: 8724803
    Abstract: A method and apparatus for secure generation of a short-term key SK for viewing information content in a Multicast-broadcast-multimedia system are described. A short-term key is generated by a memory module residing in user equipment (UE) only when the source of the information used to generate the short-term key can be validated. A short-term key can be generated by a Broadcast Access Key (BAK) or a derivative of BAK and a changing value with a Message Authentication Code (MAC) appended to the changing value. A short-term key (SK) can also be generated by using a private key and a short-term key (SK) manager with a corresponding public key distributed to the memory module residing in the user equipment (UE), using a digital signature.
    Type: Grant
    Filed: September 1, 2004
    Date of Patent: May 13, 2014
    Assignee: QUALCOMM Incorporated
    Inventors: James Semple, Gregory Gordon Rose
  • Patent number: 8712046
    Abstract: A cryptographic key split combiner includes a plurality of key split generators adapted to generate cryptographic key splits, a key split randomizer adapted to randomize the cryptographic key splits to produce a cryptographic key, and a digital signature generator. Each of the key split generators is adapted to generate key splits from seed data. The digital signature generator is adapted to generate a digital signature based on the cryptographic key. The digital signature generator can also be adapted to generate the digital signature based on a credential value. A process for forming cryptographic keys includes generating a plurality of cryptographic key splits from seed data. The cryptographic key splits are randomized to produce a cryptographic key. A digital signature is generated based on the cryptographic key. Generating a digital signature based on the cryptographic key can include generating the digital signature based on a credential value.
    Type: Grant
    Filed: July 9, 2012
    Date of Patent: April 29, 2014
    Assignee: TecSec Inc.
    Inventors: Edward M. Scheidt, C. Jay Wack
  • Patent number: 8712057
    Abstract: A method and apparatus for an iterative cryptographic block under the control of a CPU and without a fixed number of stages. In one embodiment, a first cryptographic block descrambles received information using an internal key or a preprogrammed key to form a descrambled key or descrambled data. A data feedback path stores the descrambled data as internal data and provides the internal data or the external data as data input to the first cryptographic block. A key feedback path stores the descrambled key as an internal key and provides the internal key or the preprogrammed key to a key input of the first cryptographic block. A second cryptographic block descrambles received content using a final descrambling key. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 21, 2008
    Date of Patent: April 29, 2014
    Assignees: Sony Corporation, Sony Electronics Inc.
    Inventor: Brant Candelore
  • Publication number: 20140112470
    Abstract: The present invention relates to the field of computer technologies and discloses a method and a system for key generation, backup, and migration based on trusted computing, including: receiving a key generation request input by a user; controlling a trusted platform module to generate a platform migratable key, encrypting the platform migratable key by using a public key of a root key of the trusted platform module, and storing a cipher-text key of the platform migratable key; controlling the trusted platform module to generate a user migratable key, encrypting the user migratable key by using a public key of the platform migratable key, and storing a cipher-text key of the user migratable key; and controlling the trusted platform module to generate a binding key of the user, encrypting the binding key by using a public key of the user migratable key, and storing a cipher-text key of the binding key.
    Type: Application
    Filed: December 30, 2013
    Publication date: April 24, 2014
    Applicants: Peking University, Huawei Technologies Co., Ltd.
    Inventors: Qingni SHEN, Yahui YANG, Xin YANG, Lei XU
  • Patent number: 8705732
    Abstract: A device for generating a session key which is known to a first communication partner and a second communication partner, for the first communication partner, from secret information which may be determined by the first and second communication partners, includes a first module operable to calculate the session key using a concatenation of at least a part of a random number and a part of the secret information. The device also includes a second module operable to use the session key for communication with the second communication partner.
    Type: Grant
    Filed: June 10, 2010
    Date of Patent: April 22, 2014
    Assignee: Infineon Technologies AG
    Inventors: Berndt Gammel, Wieland Fischer, Stefan Mangard
  • Patent number: 8699706
    Abstract: A method for transmitting a Rights Object (RO) includes generating a password key by encrypting a password, generating the RO using the password key, and transmitting the RO from a first device to a second device. The second device and the first device share the password and the second device generates the password key using the same encryption method as that used by the first device to generate the password key. The second device decrypts a Message Authentication Code (MAC) key and a Rights Object Encryption Key (REK) using the password key, decrypts a Content Encryption Key (CEK) using the decrypted REK, and verifies integrity of the RO using the decrypted MAC key. The second device can use and/or access content associated with the RO using the decrypted CEK. The CEK may be generated by the first device or may be the CEK from a Rights Issuer.
    Type: Grant
    Filed: November 9, 2012
    Date of Patent: April 15, 2014
    Assignee: Pantech Co., Ltd.
    Inventor: Kun-uk Kim
  • Patent number: 8700899
    Abstract: A first cryptographic device is configured to determine at least a key for a current epoch and a key for a subsequent epoch, and to transmit the keys for the current and subsequent epochs over a secure channel to a second cryptographic device. The second cryptographic device utilizes the key for the current epoch to decrypt an additional key that was encrypted for storage in a previous epoch, performs at least one cryptographic function using the decrypted additional key, utilizes the key for the subsequent epoch to encrypt the additional key for storage, and erases at least the key for the current epoch and the decrypted additional key. In such an arrangement, the additional key is initially locked under the key for the current epoch, then unlocked to perform the cryptographic function, and then locked again under the key for the subsequent epoch.
    Type: Grant
    Filed: June 27, 2012
    Date of Patent: April 15, 2014
    Assignee: EMC Corporation
    Inventor: Ari Juels
  • Patent number: 8693682
    Abstract: A system for encryption, and subsequent decryption, of encoded data allows for transcoding of the encrypted data. The data is encoded in such a way that different packets have different importance levels, so that some or all of the packets at the lower importance levels can be discarded or truncated in order to reduce the data rate. This is achieved by introducing dependencies into the encoding process. The packets at the highest importance level are encoded with reference only to other packets at the highest importance level, while the encoding of packets at lower importance levels also depend on the encoding of the packets at the highest importance level. The encoded data is then encrypted in such a way that the encryption process has dependencies that correspond to the dependencies in the encoding process.
    Type: Grant
    Filed: March 25, 2010
    Date of Patent: April 8, 2014
    Assignee: SQR Systems Ltd
    Inventors: Nithin Mohan Thomas, David Roger Bull, David Wallace Redmill
  • Patent number: 8694786
    Abstract: A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.
    Type: Grant
    Filed: October 4, 2011
    Date of Patent: April 8, 2014
    Assignee: International Business Machines Corporation
    Inventors: Rajiv Augu, Steven A. Bade, Jeb R Linton, Dimitrios Pendarakis, George C. Wilson, Lee Hardy Wilson
  • Patent number: 8660268
    Abstract: A method and apparatus for client authentication using a pseudo-random number generation system. The pseudo-random number generation utilizes a secret key as well as state information as input into the hash function to generate a pseudo-random number. The state information that is part of the input can be any number of prior generated pseudo-random numbers. The authentication allows for synchronization of the client and server by exchanging state information. The authentication is not dependent on any absolute time and consequently the client and servers are not required to maintain a reliable shared time base.
    Type: Grant
    Filed: April 29, 2008
    Date of Patent: February 25, 2014
    Assignee: Red Hat, Inc.
    Inventor: James Paul Schneider
  • Patent number: 8654972
    Abstract: A stream encryption device generates a first pseudo random number sequence from key information, generates a second pseudo random number sequence according to clock control performed according to the first pseudo random number sequence, and subjects it to a nonlinear function calculation, thereby generating a key stream. The stream encryption device performs XOR operation with a plain text so as to create an encrypted text.
    Type: Grant
    Filed: May 6, 2011
    Date of Patent: February 18, 2014
    Assignee: KDDI Corporation
    Inventors: Shinsaku Kiyomoto, Toshiaki Tanaka
  • Patent number: 8649519
    Abstract: A method and apparatus for secure distribution of digital content is provided. In accordance with at least one embodiment, an intermediate device maintains an authorized content sink list which it uses to allow reauthorization of a first content sink for access to first content from a first content source when the first content sink has a first content sink entry on the authorized content sink list. In accordance with at least one embodiment, reauthorization is conditioned upon a first content sink entry currency status having not yet expired. In accordance with at least one embodiment, the intermediate device allows authentication of the first content sink by the first content source when no first content sink entry exists on the authorized content sink list or when the first content sink entry currency status has expired.
    Type: Grant
    Filed: August 24, 2010
    Date of Patent: February 11, 2014
    Assignee: RGB Systems, Inc.
    Inventor: Brian Taraci
  • Patent number: 8630416
    Abstract: Embodiments of a wireless device and methods for rekeying with reduced packet loss in a wireless network are generally described herein. In some embodiments, during rekeying operations a new key for reception may be installed early (i.e., prior to receipt of a rekeying confirmation message). The use of the new key for transmission may be delayed until after receipt of the rekeying confirmation message. The early installation of the new key for reception may allow both the new key and old key to be active at the same time for use decrypting received packets to reduce packet loss during rekeying operations. The rekeying confirmation message may be the fourth message of a four-way handshake for rekeying. In some embodiments, two key identifiers may be alternated between four-way handshakes to prevent deletion of the old key.
    Type: Grant
    Filed: December 21, 2009
    Date of Patent: January 14, 2014
    Assignee: Intel Corporation
    Inventors: Emily H. Qi, Jesse R. Walker, Robert J. Stacey, Herbert Liondas, Marc Jalfon
  • Publication number: 20130336481
    Abstract: According to one embodiment, a memory being used to store a host identification key, a host constant (HC), and a first key, the first key being generated based on the host constant (HC); a first generator configured to decrypt a family key block read from an external device with the host identification key to generate a family key; a second generator configured to decrypt encrypted secret identification information read from the external device with the family key to generate a secret identification information; a third generator configured to generate a random number; a fourth generator configured to generate a session key by using the first key and the random number; a fifth generator configured to generate a first authentication information by processing the secret identification information with the session key in one-way function operation
    Type: Application
    Filed: June 15, 2012
    Publication date: December 19, 2013
    Applicant: Kabushiki Kaisha Toshiba
    Inventors: Yuji NAGAI, Taku KATO, Tatsuyuki MATSUSHITA