Plural Generators Patents (Class 380/47)
  • Publication number: 20130336481
    Abstract: According to one embodiment, a memory being used to store a host identification key, a host constant (HC), and a first key, the first key being generated based on the host constant (HC); a first generator configured to decrypt a family key block read from an external device with the host identification key to generate a family key; a second generator configured to decrypt encrypted secret identification information read from the external device with the family key to generate a secret identification information; a third generator configured to generate a random number; a fourth generator configured to generate a session key by using the first key and the random number; a fifth generator configured to generate a first authentication information by processing the secret identification information with the session key in one-way function operation
    Type: Application
    Filed: June 15, 2012
    Publication date: December 19, 2013
    Applicant: Kabushiki Kaisha Toshiba
    Inventors: Yuji NAGAI, Taku KATO, Tatsuyuki MATSUSHITA
  • Patent number: 8606039
    Abstract: An information processing apparatus comprises: a division unit dividing input data; a processing unit performing predetermined processing for the divided data; a generation unit generating intermediate data by referencing the processed divided data, and combining the intermediate data; a temporary storage unit storing the processed divided data; and a detection unit selecting a group of divided data that includes the processed divided data, and determining whether or not all processed divided data in the selected group is stored, is provided. As a result of the determination, if it is determined that all the processed divided data is stored, the generation unit generates intermediate data and then deletes all the processed divided data in the selected group, and if it is determined that a part of the processed divided data is not stored, the processing unit preferentially generates the part of the processed divided data.
    Type: Grant
    Filed: September 23, 2009
    Date of Patent: December 10, 2013
    Assignee: Canon Kabushiki Kaisha
    Inventor: Tetsurou Kitashou
  • Patent number: 8595501
    Abstract: A network helper is provided that assists verifiers in executing a puzzle-based protocol for authentication of a token. A token stores a secret key and one or more puzzle-generating algorithms. The helper stores a plurality of puzzles associated with a particular token. When requested to do so by a verifier, the helper provides a plurality of pseudorandomly selected puzzles for the token to a verifier. The puzzles are encoded with information that is used between the verifier and token to establish a secured symmetric key. The verifier selects one or a few of the encoded puzzles and breaks them by a brute force attack. Because the helper does not know which puzzles have been selected, it has to break all puzzles to attempt to figure out the symmetric key. However, if a large number of puzzles are utilized, say millions, then breaking all of them becomes a computationally prohibitive task.
    Type: Grant
    Filed: May 9, 2008
    Date of Patent: November 26, 2013
    Assignee: QUALCOMM Incorporated
    Inventors: Gregory Gordon Rose, Alexander Gantman, Miriam Wiggers De Vries, Michael Paddon, Philip Michael Hawkes
  • Patent number: 8577032
    Abstract: A common key block encryption device includes a first hash unit applying locked key permutation to a variable-length s-bit plaintext, and outputting a fixed-length n-bit first block and a second (s-n)-bit block; a first encryption processing unit outputting a third block encrypted by element of n-bit block tweakable block cipher using tweak, inputting the first block; a second encryption processing unit generating a random number (s-n)-bit block with a result of group computation of the third block and the first block as input by using an arbitrary cipher having theoretical security at least against a known-plaintext attack; and a second hash unit applying the locked key permutation to the result of the group computation of the random number block and the second block, and to the third block to output a fifth n-bit block and a sixth (s-n)-bit block. The fifth and sixth blocks are concatenated into an s-bit encryption.
    Type: Grant
    Filed: August 1, 2008
    Date of Patent: November 5, 2013
    Assignee: NEC Corporation
    Inventor: Kazuhiko Minematsu
  • Patent number: 8572379
    Abstract: A server and a client mutually exclusively execute server-side and client-side commutative cryptographic processes and server-side and client-side commutative permutation processes. The server has access to a hash table, while the client does not. The server and client perform a method including: encrypting and reordering the hash table using the server; communicating the encrypted and reordered hash table to the client; further encrypting and further reordering the hash table using the client; communicating the further encrypted and further reordered hash table back to the server; and partially decrypting and partially undoing the reordering using the server to generate a double-blind hash table. To read an entry, the client hashes and permute an index key and communicates same to the server which retrieves an item from the double-blind hash table using the hashed and permuted index key and sends it back to the client which decrypts the retrieved item.
    Type: Grant
    Filed: August 8, 2011
    Date of Patent: October 29, 2013
    Assignee: Xerox Corporation
    Inventor: Nicola Cancedda
  • Patent number: 8565427
    Abstract: A Set Top Box (STB) or client computer includes a communication interface operable to receive digital messages and digital content, memory operable, and processing circuitry coupled to the communication interface and to the memory. The STB is operable to receive a digital message, extract a key portion from the digital message, decrypt the key portion, descramble the digital content using the decrypted key portion, extract a rights portion from the digital message, decrypt the rights portion, determine protected and unprotected digital content based upon the rights portion, write the unprotected digital content to an unprotected portion of the memory, and write the protected digital content to a protected portion of the memory. The decrypted key portion may include a plurality of Program IDs (PIDs) and the decrypted rights portion may include protection data for each PID. A security processor may prevent a central processing unit from accessing the protected portion of the memory.
    Type: Grant
    Filed: March 29, 2011
    Date of Patent: October 22, 2013
    Assignee: Broadcom Corporation
    Inventors: Steve (Stephane) Rodgers, Sherman (Xuemin) Chen
  • Patent number: 8559480
    Abstract: An apparatus and method for generating a scrambling code in a radio communication system is disclosed. In particular, an apparatus and method for generating a scrambling code using a Gold-like sequence even when m is a multiple of 4 for a length 2m?1 of a pseudo-random sequence is disclosed. Two LFSRs (LFSR a and LFSR a?) for generating the Gold-like sequence by two different polynomials of degree m are included. The LFSR a? is constructed by a reciprocal primitive polynomial of the primitive polynomial of degree m over GF(2) used to construct the LFSR a. In order to generate 2m different scrambling codes, one fixed initial value is input to the LFSR a and different initial values of m bits are input to the LFSR a? according to system-specific information.
    Type: Grant
    Filed: January 15, 2010
    Date of Patent: October 15, 2013
    Assignee: Pantech Co., Ltd.
    Inventors: Sung Jun Yoon, Sung Jin Suh, Myung Cheul Jung
  • Patent number: 8553880
    Abstract: The pseudorandom number generating system repeatedly performs simple transformation of a non-secure pseudorandom number sequence that may be generated quickly, and thus may quickly generate a highly secure pseudorandom number sequence having a long period. Furthermore, the encryption system and the decryption system do not generate a large encryption function difficult to be deciphered based on a shared key 122, but prepare multiple functions 126, which perform fast, different types of transformation, and select a combination of functions determined based on information of the shared key 122, and make the selected functions transform a text multiple times, thereby encrypt the text. Each of the functions is fast, and thus transformation by the entire combination is also fast. Furthermore, since the combination of functions and repetitive count can be changed, future improvement in specification is easy. Moreover, security is high since which functions are applied in what order is unknown.
    Type: Grant
    Filed: May 12, 2006
    Date of Patent: October 8, 2013
    Assignees: Ochanomizu University, Hiroshima University
    Inventors: Makoto Matsumoto, Takuji Nishimura, Mutsuo Saito, Mariko Hagita
  • Patent number: 8548171
    Abstract: In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained by that compromise to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is resistant to collusion when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association (SA) message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data.
    Type: Grant
    Filed: February 27, 2009
    Date of Patent: October 1, 2013
    Assignee: Cisco Technology, Inc.
    Inventors: David McGrew, Brian E. Weis
  • Patent number: 8543837
    Abstract: In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable module returns the signature to a server from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms. The server that is performing the system configuration integrity check maintains a database of expected system configurations and performs subset of hashing and encryption algorithms as contained in the dynamically generated executable module. The result returned by the downloaded executable module is compared to that computed locally, and an error condition is raised if they do not match.
    Type: Grant
    Filed: December 20, 2011
    Date of Patent: September 24, 2013
    Assignee: IGT
    Inventors: Robert Bigelow, Jr., Dwayne A Davis, Kirk Rader
  • Publication number: 20130243193
    Abstract: A digital signature generation apparatus includes memory to store finite field Fq and section D(ux(s, t), uy(s, t), s, t) as secret key, section being one of surfaces of three-dimensional manifold A(x, y, s, t) which is expressed by x-coordinate, y-coordinate, parameter s, and parameter t and is defined on finite field Fq, x-coordinate and y-coordinate of section being expressed by functions of parameter s and parameter t, calculates hash value of message m, generates hash value polynomial by embedding hash value in 1-variable polynomial h(t) defined on finite field Fq, and generates digital signature Ds(Ux(t), Uy(t), t) which is curve on section, the x-coordinate and y-coordinate of curve being expressed by functions of parameter t, by substituting hash value polynomial in parameter s of section.
    Type: Application
    Filed: May 6, 2013
    Publication date: September 19, 2013
    Applicant: Kabushiki Kaisha Toshiba
    Inventors: Koichiro AKIYAMA, Yasuhiro GOTO
  • Patent number: 8532289
    Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g ? ( z ) ? = def ? ? i = 0 n - 1 ? ? ( v ? ( ? i ) - z ) , where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).
    Type: Grant
    Filed: August 9, 2011
    Date of Patent: September 10, 2013
    Assignee: International Business Machines Corporation
    Inventors: Craig B. Gentry, Shai Halevi
  • Patent number: 8532288
    Abstract: A cryptographic engine for modulo N multiplication, which is structured as a plurality of almost identical, serially connected Processing Elements, is controlled so as to accept input in blocks that are smaller than the maximum capability of the engine in terms of bits multiplied at one time. The serially connected hardware is thus partitioned on the fly to process a variety of cryptographic key sizes while still maintaining all of the hardware in an active processing state.
    Type: Grant
    Filed: December 1, 2006
    Date of Patent: September 10, 2013
    Assignee: International Business Machines Corporation
    Inventors: Camil Fayad, John K. Li, Siegfried K. H. Sutter, Phil C. Yeh
  • Patent number: 8533489
    Abstract: A Searchable Symmetric Encryption (SSE) mechanism is described which allows efficient dynamic updating of encrypted index information. The encrypted index information includes pointer information that is encrypted using a malleable encryption scheme. The SSE mechanism updates the encrypted index information by modifying at least one instance of the pointer information without decrypting the pointer information, and thereby without revealing the nature of the changes being made. In one implementation, the SSE mechanism includes a main indexing structure and a deletion indexing structure. An updating operation involves patching applied to both the main indexing structure and deletion indexing structure.
    Type: Grant
    Filed: September 29, 2010
    Date of Patent: September 10, 2013
    Assignee: Microsoft Corporation
    Inventors: Thomas M. Roeder, Seny F. Kamara
  • Patent number: 8522028
    Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device (10) is a security module containing a first encrypting key, said private key (PAKV) of a pair of asymmetric encrypting keys. The second device is a receiver (11) comprising at least one second encrypting key, said public key (PAKB) of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key (13). The first device (10) generates a first random number (A), which is encrypted by said private key (PAKV), then transmitted to the second device (11), in which it is decrypted by means of the public key (PAKB). The second device (11) generates a second random number (B), which is encrypted by said public key (PAKB), then transmitted to the first device (10), in which it is decrypted by means of the private key (PAKV).
    Type: Grant
    Filed: June 10, 2003
    Date of Patent: August 27, 2013
    Assignee: Nagravision S.A.
    Inventors: Olivier Brique, Christophe Nicolas, Marco Sasselli
  • Patent number: 8503674
    Abstract: Cryptographic keys and, subsequently, the data they are intended to protect, are safeguarded from unwarranted attacks utilizing various systems and methodologies designed to minimize the time period in which meaningful versions of cryptographic keys exist in accessible memory, and therefore, are vulnerable. Cryptographic keys, and consequently the data they are intended to protect, can alternatively, or also, be protected from attackers utilizing systems and a methodology that employs a removable storage device for providing authentication factors used in the encryption and decryption processing. Cryptographic keys and protected data can alternatively, or also, be protected with a system and methodology that supports data separation on the storage device(s) of a computing device. Cryptographic keys and the data they are intended to protect can alternatively, or also, be protected employing a system and methodology of virtual compartmentalization that effectively segregates key management from protected data.
    Type: Grant
    Filed: April 28, 2011
    Date of Patent: August 6, 2013
    Assignee: Microsoft Corporation
    Inventors: Octavian T. Ureche, Innokentiy Basmov, Grigory B. Lyakhovitskiy, Stefen Thom
  • Patent number: 8494168
    Abstract: Example embodiments provide various techniques for locating cryptographic keys stored in a cache. The cryptographic keys are temporarily stored in the cache until retrieved for use in a cryptographic operation. The cryptographic key may be located or found through reference to its cryptographic key identifier. In an example, a particular cryptographic key may be needed for a cryptographic operation. The cache is first searched to locate this cryptographic key. To locate the cryptographic key, the cryptographic key identifier that is associated with this cryptographic key is provided. In turn, the cryptographic key identifier may be used as an address into the cache. The address identifies a location of the cryptographic key within the cache. The cryptographic key may then be retrieved from the cache at the identified address and then used in the cryptographic operation.
    Type: Grant
    Filed: April 28, 2008
    Date of Patent: July 23, 2013
    Assignee: NetApp, Inc.
    Inventor: Joakim Tolfmans
  • Patent number: 8483394
    Abstract: Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution (“QKD”) are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.
    Type: Grant
    Filed: September 30, 2010
    Date of Patent: July 9, 2013
    Assignee: Los Alamos National Security, LLC
    Inventors: Jane Elizabeth Nordholt, Richard John Hughes, Charles Glen Peterson
  • Patent number: 8474022
    Abstract: A self-service system and method for credential reset permits an administrator to customize policies for credential reset based on any user or group of users. Administrators may choose to set a more stringent policy for credential reset for users or groups that have higher-level permissions to access sensitive information within the resource protected by the credential. Customizable, plug-in gates are provided to permit administrators fine grained control over reset policy definition. When the user initiates a credential reset, the reset policy applicable to that user is invoked, and the user is presented with gates to pass pursuant to the applicable reset policy. The user's responses are compared to responses presented by the user at registration. If the responses meet the reset policy's threshold for accuracy, the user is permitted to reset the credential.
    Type: Grant
    Filed: June 15, 2007
    Date of Patent: June 25, 2013
    Assignee: Microsoft Corporation
    Inventors: Sorin Iftimie, Ikrima Elhassan, Bruce P. Bequette
  • Patent number: 8473741
    Abstract: The present disclosure is directed to systems and methods including accessing a first private value, generating a first intermediate value based on the first private value, receiving a second intermediate value that is based on a second private value, generating a first comparison value based on the second intermediate value, receiving over the network a second comparison value that is based on the first intermediate value, comparing the first comparison value and the second comparison value to generate a result, and displaying the result, the result indicating that the first private is greater than the second private value when the first comparison value is less than the second comparison value, and the result indicating that the first private value is less than or equal to the second private value when the first comparison value is greater than the second comparison value.
    Type: Grant
    Filed: May 3, 2010
    Date of Patent: June 25, 2013
    Assignee: SAP AG
    Inventor: Florian Kerschbaum
  • Patent number: 8468579
    Abstract: The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.
    Type: Grant
    Filed: June 15, 2007
    Date of Patent: June 18, 2013
    Assignee: Microsoft Corporation
    Inventors: Carl Melvin Ellison, Paul J. Leach, Butler Wright Lampson, Melissa W. Dunn, Ravindra Nath Pandya, Charles William Kaufman
  • Patent number: 8452963
    Abstract: A computer-implemented process comprises receiving, at a first computer, a base cryptographic seed through a secure connection to a second computer; generating one or more protected access credential parameters; combining said base cryptographic seed with at least a portion of said generated protected access credential parameters using a hashed message authentication code function to generate a master key; encrypting at least a portion of said generated protected access credential parameters using at least a portion of said generated master key; incorporating said encrypted protected access credential parameters and at least a portion of said generated protected access credential parameters into a protected access credential. In an embodiment, a master server securely distributes the seed and the process is performed by a plurality of access servers to separately generate the same master key for use in subsequent authentication communications using an authentication protocol such as EAP-FAST.
    Type: Grant
    Filed: January 27, 2009
    Date of Patent: May 28, 2013
    Assignee: Cisco Technology, Inc.
    Inventor: Noam Singer
  • Publication number: 20130114810
    Abstract: A cryptographic communication technology that is based on functional encryption and that can operate flexibly is provided. A conversion rule information pair is determined in advance, which has attribute conversion rule information prescribing a conversion rule for converting attribute designation information to attribute information used in a functional encryption algorithm and logical expression conversion rule information prescribing a conversion rule for converting logical expression designation information to logic information used in the functional encryption algorithm. One kind of conversion rule information included in the conversion rule information pair is used to obtain first attribute information or first logic information from input information. The first attribute information or the first logic information is used for encryption.
    Type: Application
    Filed: July 22, 2011
    Publication date: May 9, 2013
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Tetsutaro Kobayashi, Kaku Takeuchi, Sakae Chikara
  • Patent number: 8433066
    Abstract: The present invention relates to a method for generating an encryption/decryption key, and especially for generating a one-time encryption/decryption key used for symmetric encryption, i.e. where the same key is used both for encryption and decryption. In order to start key generation a first node sends a request to a central server for setting up communication with a second node. The central server sends a key generating file both the nodes. Each node generates a different intermediate data set, i.e a first and second data set. The first data set generated by the first node is sent to the second node, which based on this data set generates a third data set which is sent back to the first node. The generating of a first cryptographic key in node is based on bit by bit comparison between the third and the first intermediate data set and the generation of a second cryptographic key is based on bit by bit comparison between the first and the second intermediate data set.
    Type: Grant
    Filed: July 5, 2010
    Date of Patent: April 30, 2013
    Assignee: Kelisec AB
    Inventor: Elise Revell
  • Patent number: 8386765
    Abstract: There is described a method for transmitting synchronization messages, for example PTP messages of the IEEE 1588 standard, the PTP message being inserted into a data packet in line with the Internet Protocol, the data packet having an IP header, and the data packet having a UDP header. In this case, for the encrypted transmission on the PTP message, the data packet is addressed to a UDP port that is reserved for encrypted PTP messages, the data packet is provided with an additional S-PTP header that is provided for encryption, the PTP message is extended with a pseudo random number, and the PTP message is encrypted together with the pseudo random number.
    Type: Grant
    Filed: March 24, 2006
    Date of Patent: February 26, 2013
    Assignee: Siemens Aktiengesellschaft
    Inventors: Steffen Fries, Jean Georgiades, Stephan Schüler
  • Patent number: 8385548
    Abstract: Apparatus and method for producing quantum entangled signal and idler photon pairs is provided. The apparatus makes use of a nonlinear optical fiber to generate the entangled photons. The use of an external broad band light source for alignment of any downstream measurement apparatuses is disclosed. One or more polarized output signals can be generated at both the signal and idler wavelengths using the alignment source, allowing the downstream measurement apparatuses to be aligned using classical light. Multiple signal and idler wavelengths can be generated and aligned using such a system.
    Type: Grant
    Filed: February 18, 2010
    Date of Patent: February 26, 2013
    Assignee: Nucrypt LLC
    Inventors: Gregory S. Kanter, Shawn Wang
  • Patent number: 8375225
    Abstract: Data storage devices having one or more data security features are provided according to various embodiments of the present invention. In one embodiment, a data storage device comprises buffer and a buffer client. The buffer client comprises a scrambler configured to receive a configuration setting and a secret key on a certain event, to configure a scrambling function based on the received configuration setting, and to scramble data with the secret key using the scrambling function, wherein the buffer client is configured to write the scrambled data to the buffer.
    Type: Grant
    Filed: December 11, 2009
    Date of Patent: February 12, 2013
    Assignee: Western Digital Technologies, Inc.
    Inventor: Danny O. Ybarra
  • Publication number: 20130034229
    Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.
    Type: Application
    Filed: August 5, 2011
    Publication date: February 7, 2013
    Applicant: Apple Inc.
    Inventors: Conrad Sauerwald, Vrajesh Rajesh Bhavsar, Kenneth Buffalo McNeil, Thomas Brogan Duffy, JR., Michael Lambertus Hubertus Brouwer, Matthew John Byom, Mitchell David Adler, Eric Brandon Tamura
  • Patent number: 8351603
    Abstract: A random number generating device includes: a random number generator configured to have a plurality of random number generating elements that generate a random number in response to supply of a spin-injection current; and a temperature controller.
    Type: Grant
    Filed: November 10, 2010
    Date of Patent: January 8, 2013
    Assignee: Sony Corporation
    Inventors: Yuki Oishi, Yutaka Higo, Hiroshi Kano, Masanori Hosomi, Hiroyuki Ohmori, Kazutaka Yamane, Kazuhiro Bessho
  • Patent number: 8345713
    Abstract: Methods and apparatus for improved scrambling and/or descrambling of packets in a communications network are described, e.g., improved scrambling/descrambling of MPEG-2 transport stream packets over an Internet Protocol network. Advance Encryption Standard (AES) under cipher block chaining is utilized in scrambling some transport stream packets. Methods and apparatus for computing an initialization vector or vectors used by the AES are also described. The initialization vector can be set to either a constant or a programmable random number. Scrambling methods and apparatus directed to scrambling solitary termination blocks with a reduced size packet payload e.g., less than 128 bits in an MPEG-2 transport stream packet, are also described. Various features are useful for and can be implemented in set-top boxes and IPTV scramblers in the headsets.
    Type: Grant
    Filed: October 25, 2006
    Date of Patent: January 1, 2013
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Muxiang Zhang
  • Patent number: 8340298
    Abstract: Key management and user authentication systems and methods for quantum cryptography networks that allow for users securely communicate over a traditional communication link (TC-link). The method includes securely linking a centralized quantum key certificate authority (QKCA) to each network user via respective secure quantum links or “Q-links” that encrypt and decrypt data based on quantum keys (“Q-keys”). When two users (Alice and Bob) wish to communicate, the QKCA sends a set of true random bits (R) to each user over the respective Q-links. They then use R as a key to encode and decode data they send to each other over the TC-link.
    Type: Grant
    Filed: April 16, 2007
    Date of Patent: December 25, 2012
    Assignee: MagiQ Technologies, Inc.
    Inventors: Robert Gelfond, Audrius Berzanskis
  • Patent number: 8311214
    Abstract: Communication and validation of information transfer from a transmitter to a receiver is achieved by generating a cipher (400) from a message m (410) using parameters of an elliptic curve, a generator point P (406) on the elliptic curve and a public key Q (416) of the receiver. The cipher includes a first element that is the product kP of a random number k (404) with the generator point P and a second element that is the product of m and the x-coordinate of the product kQ. The message m is generated from two mathematically independent representations of the information and, optionally, a random number. The cipher is communicated to the receiver and decoded to recover a message m? (502). A validation token (500) is generated by the receiver and passed to the transmitter, which validates communication of the information to the receiver if the product mkQ is equal to the validation token.
    Type: Grant
    Filed: April 24, 2006
    Date of Patent: November 13, 2012
    Assignee: Motorola Mobility LLC
    Inventors: Ronald F. Buskey, Barbara B. Frosik, Douglas A. Kuhlman
  • Publication number: 20120275596
    Abstract: Cryptographic keys and, subsequently, the data they are intended to protect, are safeguarded from unwarranted attacks utilizing various systems and methodologies designed to minimize the time period in which meaningful versions of cryptographic keys exist in accessible memory, and therefore, are vulnerable. Cryptographic keys, and consequently the data they are intended to protect, can alternatively, or also, be protected from attackers utilizing systems and a methodology that employs a removable storage device for providing authentication factors used in the encryption and decryption processing. Cryptographic keys and protected data can alternatively, or also, be protected with a system and methodology that supports data separation on the storage device(s) of a computing device. Cryptographic keys and the data they are intended to protect can alternatively, or also, be protected employing a system and methodology of virtual compartmentalization that effectively segregates key management from protected data.
    Type: Application
    Filed: April 28, 2011
    Publication date: November 1, 2012
    Applicant: Microsoft Corporation
    Inventors: Octavian T. Ureche, Innokentiy Basmov, Grigory B. Lyakhovitskiy, Stefan Thom
  • Patent number: 8300826
    Abstract: Disclosed is a distributed information generation apparatus which generates a polynomial F in which secret information s is embedded to output distributed secret information, generates a polynomial G in which an output when a fixed value t is entered into the polynomial F is embedded as the secret information, and generates distributed distributed secret information. The reconstruction apparatus receives k sets of the distributed secret information to generate a polynomial F?, and receives k sets of the distributed distributed secret information to generate a polynomial G?. When a value embedded in the polynomial G? as the secret information and an output obtained by entering the fixed value into the polynomial F? is equal, the distributed information generation apparatus outputs the embedded value. When the embedded value is not equal to the output, the distributed information generation apparatus outputs information indicating detection of cheating.
    Type: Grant
    Filed: January 30, 2008
    Date of Patent: October 30, 2012
    Assignee: NEC Corporation
    Inventor: Toshinori Araki
  • Patent number: 8295480
    Abstract: A recursive based approach to key generation produces keys for encrypted communication. Simple mathematical operations are utilized with the inherent uncertainty of an interactive process between two endpoints to establish a common secret key. The uncertainty-based key cipher starts with some public information and some private information. The public information includes a vocabulary (alphabet) and keypad, and the private information can include an authentication code. The keypad is an abstraction that represents, for example, a set of “buttons.” These buttons will be used to translate a working key into a text that could be used to evaluate coincidences in a generated working key. Each keypad button can have more than one possible value. The number of options inside the button is the so called “uncertainty level.
    Type: Grant
    Filed: September 24, 2007
    Date of Patent: October 23, 2012
    Assignee: Avaya Inc.
    Inventor: Luciano Godoy Fagundes
  • Patent number: 8290151
    Abstract: A device for determining an inverse of an initial value related to a modulus, comprising a unit configured to process an iterative algorithm in a plurality of iterations, wherein an iteration includes two modular reductions and has, as an iteration loop result, values obtained by an iteration loop of an extended Euclidean algorithm.
    Type: Grant
    Filed: October 12, 2007
    Date of Patent: October 16, 2012
    Assignee: Infineon Technologies AG
    Inventor: Wieland Fischer
  • Patent number: 8265272
    Abstract: Some embodiments of a method and an apparatus to generate pseudo random bits for a cryptographic key have been presented. In one embodiment, a set of Blum-Blum-Shub (BBS) pseudo random number generators is executed substantially in parallel. Each of the BBS pseudo random number generators may generate a series of pseudo random bits. A subset of pseudo random bits is extracted from each of the series of pseudo random bits from each of the plurality of BBS pseudo random number generators. Subsets of the series of pseudo random bits from the BBS pseudo random number generators are combined to generate a cryptographic key.
    Type: Grant
    Filed: August 29, 2007
    Date of Patent: September 11, 2012
    Assignee: Red Hat, Inc.
    Inventor: James Paul Schneider
  • Patent number: 8254571
    Abstract: A halting key derivation function is provided. A setup process scrambles a user-supplied password and a random string in a loop. When the loop is halted by user input, the setup process may generate verification information and a cryptographic key. The key may be used to encrypt data. During a subsequent password verification and key recovery process, the verification information is retrieved, a user-supplied trial password obtained, and both are used together to recover the key using a loop computation. During the loop, the verification process repeatedly tests the results produced by the looping scrambling function against the verification information. In case of match, the trial password is correct and a cryptographic key matching the key produced by the setup process may be generated and used for data decryption. As long as there is no match, the loop may continue indefinitely until interrupted exogenously, such as by user input.
    Type: Grant
    Filed: December 21, 2007
    Date of Patent: August 28, 2012
    Assignee: Voltage Security, Inc.
    Inventor: Xavier Boyen
  • Patent number: 8233622
    Abstract: Synchronized pseudo-random number outputs are produced at a transmitter and a receiver of a high-speed serial interconnection. At the transmitter, using logic XOR operations, each data word of parallel data is selectively scrambled with one of the pseudo-random numbers and transmitted via a high-speed serial interface. The receiver de-scrambles the received serial data stream and restores the parallel data.
    Type: Grant
    Filed: June 18, 2008
    Date of Patent: July 31, 2012
    Assignee: International Business Machines Corporation
    Inventors: Atsuya Okazaki, Yasunao Katayama
  • Patent number: 8229115
    Abstract: Consistent with embodiments of the present invention, systems and methods are disclosed for deriving a secure key.
    Type: Grant
    Filed: July 15, 2009
    Date of Patent: July 24, 2012
    Assignee: Cisco Technology, Inc.
    Inventor: Howard G. Pinder
  • Patent number: 8223974
    Abstract: A method and nodes provide self-healing encryption keys from a server to a client. Forward keys and backward keys are generated at the server. The server sends to the client a pair comprising a forward key for a first instant and a backward key for a later instant, the first and later instants being separated by a self-healing period. The client calculates a backward key for the first instant by processing the received backward key for the later instant. The server updates the keys to the client. If the client misses an update, it processes the first forward key to obtain a next one. If the client misses an updated backward key within the self-healing period, it uses the already processed backward key. If the client misses a later backward key, it sends a feedback to the server, responsive to which the server adjusts the self-healing period.
    Type: Grant
    Filed: July 31, 2009
    Date of Patent: July 17, 2012
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventor: Angelo Rossi
  • Patent number: 8218760
    Abstract: Method and device for generating factors of a RSA modulus N with a predetermined portion Nh, the RSA modulus comprising at least two factors. A first prime p is generated; a value Nh that forms a part of modulus N is obtained; a second prime q is generated in an interval dependent from p and Nh so that pq is a RSA modulus that shares Nh; and information enabling the calculation of the modulus/V is outputted.
    Type: Grant
    Filed: February 19, 2008
    Date of Patent: July 10, 2012
    Assignee: Thomson Licensing
    Inventor: Marc Joye
  • Patent number: 8213612
    Abstract: Software can be downloaded securely using a multi-encryption method, where the decryption is completed when the software is executed. In one aspect, a multi-encrypted data item is received. One or more of the encryptions on the multi-encrypted data item is decrypted, yielding a partially decrypted data item. The partially decrypted data item is stored in a reserved portion of a storage medium. The partially decrypted data item is fetched from the storage medium and decrypted to yield the data item. The decryption can be performed using one or more circuits that implement multiple decryption processes, including multiple algorithm-key combinations.
    Type: Grant
    Filed: December 7, 2007
    Date of Patent: July 3, 2012
    Assignee: Inside Contactless S.A.
    Inventors: Majid Kaabouch, Alexandre Croguennec, Eric Le Cocquen
  • Patent number: 8199910
    Abstract: A signature generation apparatus generates a signature for a message m from the i-th user, and computes any two or three of a[1]?[x] (mod n), a[2]?[s] (mod n), and w?[t] (mod l) are in parallel. For this reason, the signature generation apparatus is provided with a plurality of fast arithmetic units (sub-IPs) within the IP core. The individual sub-IPs are connected to each other via a narrow-band, single-layer local bus.
    Type: Grant
    Filed: June 30, 2009
    Date of Patent: June 12, 2012
    Assignee: NEC Corporation
    Inventors: Sumio Morioka, Toshinori Araki
  • Patent number: 8160248
    Abstract: Methods and systems for authenticated mode control in controlled devices are disclosed. A method for changing a mode in a controlled device from a current mode includes selecting one of several available key derivation functions based on a target mode, generating a target mode specific root key using a global root key and the selected key derivation function, and the use of that root key to affect a change of the controlled device to a target mode. Corresponding devices and systems are also disclosed. In one embodiment, the methods are applicable to a cable television distribution system and the changing of the operating mode of a set top box from one conditional access provider to another.
    Type: Grant
    Filed: April 2, 2009
    Date of Patent: April 17, 2012
    Assignee: Broadcom Corporation
    Inventor: Andrew Dellow
  • Publication number: 20120087495
    Abstract: The present invention relates to a method for generating an encryption/decryption key, and especially for generating a one-time encryption/decryption key used for symmetric encryption, i.e. where the same key is used both for encryption and decryption. In order to start key generation a first node sends a request to a central server for setting up communication with a second node. The central server sends a key generating file both the nodes. Each node generates a different intermediate data set, i.e a first and second data set. The first data set generated by the first node is sent to the second node, which based on this data set generates a third data set which is sent back to the first node. The generating of a first cryptographic key in node is based on bit by bit comparison between the third and the first intermediate data set and the generation of a second cryptographic key is based on bit by bit comparison between the first and the second intermediate data set.
    Type: Application
    Filed: July 5, 2010
    Publication date: April 12, 2012
    Applicant: KELISEC AB
    Inventor: Elise Revell
  • Patent number: 8121290
    Abstract: An efficient pseudo-random function and an efficient limited number of times authentication system using such a function are realized. A pseudo-random function calculating device comprises a key creating means and a pseudo-random function calculating means. The key creating means creates a public key made of a set of at least a first component and a second component as components constituting an element of a finite group and a secret key made of an integer and secretly saves the created secret key in a secret key memory section but makes the public key public. The pseudo-random function calculating means outputs the element of a finite group as function value of the pseudo-random function upon receiving an integer as input.
    Type: Grant
    Filed: May 26, 2006
    Date of Patent: February 21, 2012
    Assignee: NEC Corporation
    Inventor: Isamu Teranishi
  • Patent number: 8117461
    Abstract: In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable modules are created on a server machine and are themselves signed using industry standard PKI techniques, and contain randomly chosen subset from a repertoire of proven hashing and encryption algorithms that are executed on the system to be checked to create a unique signature of the state of that system. The dynamically generated executable module returns the signature to the server machine from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms.
    Type: Grant
    Filed: September 13, 2006
    Date of Patent: February 14, 2012
    Assignee: IGT
    Inventors: Robert Bigelow, Jr., Dwayne A. Davis, Kirk Rader
  • Patent number: 8107628
    Abstract: A data communication apparatus, performing a secret communication, is provided to reduce a random number generation speed using a plurality of random number generators. The data communication apparatus includes random number generation sections generating random numbers, which are each a multi-level pseudo random number, using predetermined key information includes a multi-level signal modulation section selecting a level, from among multi-levels previously prepared, selected level corresponding to information data and a multi-level sequence, which is composed of a combination of values of the random numbers and generating a multi-level modulated signal including a noise having a predetermined noise level using the selected level. Levels of a multi-level signal are in a range of the noise level, and a signal point allocation is set such that all values which are possibly taken by each of the random numbers are allocated to the plurality of levels of the multi-level signal.
    Type: Grant
    Filed: May 27, 2008
    Date of Patent: January 31, 2012
    Assignee: Panasonic Corporation
    Inventors: Tsuyoshi Ikushima, Masaru Fuse, Satoshi Furusawa, Tomokazu Sada
  • Patent number: 8090101
    Abstract: A method and system for generating a secret key from joint randomness shared by wireless transmit/receive units (WTRUs) are disclosed. A first WTRU and a second WTRU perform channel estimation to generate a sampled channel impulse response (CIR) on a channel between the first WTRU and the second WTRU. The first WTRU generates a set of bits from the sampled CIR and generates a secret key and a syndrome, (or parity bits), from the set of bits. The first WTRU sends the syndrome, (or parity bits), to the second WTRU. The second WTRU reconstructs the set of bits from the syndrome, (or parity bits), and its own sampled CIR, and generates the secret key from the reconstructed set of bits.
    Type: Grant
    Filed: December 19, 2006
    Date of Patent: January 3, 2012
    Assignee: InterDigital Technology Corporation
    Inventors: Chunxuan Ye, Alexander Reznik, Yogendra Shah, Gregory S. Sternberg