Message Digest Travels With Message Patents (Class 713/181)
  • Patent number: 8132022
    Abstract: A method for performing hash operations including: receiving a hash instruction that is part of an application program, where the hash instruction prescribes one of the hash operations and one of a plurality of hash algorithms; translating the hash instruction into a first plurality of micro instructions and a second plurality of micro instructions; and via a hash unit disposed within execution logic, executing the one of the hash operations. The executing includes first executing the first plurality of micro instructions within the hash unit to produce output data; second executing the second plurality of micro instructions within an x86 integer unit in parallel with the first executing to test a bit in a flags register, to update text pointer registers, and to process interrupts during execution of the hash operation; and storing a corresponding intermediate hash value to memory prior to allowing a pending interrupt to proceed.
    Type: Grant
    Filed: December 23, 2010
    Date of Patent: March 6, 2012
    Assignee: VIA Technologies, Inc.
    Inventors: Thomas A. Crispin, G. Glenn Henry, Terry Parks
  • Patent number: 8122247
    Abstract: One example embodiment of the present invention discloses a method for processing an application packet for transmission, includes breaking the application packet into a plurality of segments, creating first pseudorandom bits, and generating partial tags based on each of the plurality of segments and portions of the first pseudorandom bits associated with each of the plurality of segments. The method further including combining the partial tags including a last partial tag associated with a last segment of the application packet to create an accumulated tag, generating an authentication tag based on the accumulated tag and second pseudorandom bits, storing the authentication tag, and transmitting the plurality of segments including the authentication tag.
    Type: Grant
    Filed: October 22, 2007
    Date of Patent: February 21, 2012
    Assignee: Alcatel Lucent
    Inventor: Sarvar Patel
  • Patent number: 8122487
    Abstract: A method of measuring round trip time (RTT) includes: chain-hashing at least one random number to create a plurality of hash values; (b) transmitting one of the created hash values to a device and starting to measure RTT of the device; and (c) receiving from the device a response to the transmitted hash value and ending the RTT measurement, thereby performing a more effective proximity check than a conventional proximity check requiring encryptions and decryptions of several tens of times through several thousands of times.
    Type: Grant
    Filed: March 22, 2006
    Date of Patent: February 21, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jae-heung Lee, Myung-sun Kim, Sung-hyu Han, Young-sun Yoon, Sun-nam Lee, Bong-seon Kim
  • Patent number: 8112635
    Abstract: A data processing system ciphers and transfers data between a first memory unit and a second memory unit, such as, for example, between a share memory architecture (SMA) static random access memory (SRAM) and a double data rate (DDR) synchronous dynamic random access memory (SDRAM). The system includes a ciphering engine and a data-mover controller. The data-mover controller includes at least one register having a field that specifies whether or not the transferred data should be ciphered. If the field specifies that the transferred data should be ciphered, the field also specifies the type of ciphering that is to be performed, such as a third generation partnership project (3GPP) standardized confidentially cipher algorithm “f8” or integrity cipher algorithm “f9”.
    Type: Grant
    Filed: December 9, 2009
    Date of Patent: February 7, 2012
    Assignee: InterDigital Technology Corporation
    Inventors: Edward L. Hepler, Robert G. Gazda
  • Patent number: 8112629
    Abstract: A two-party stateless protocol by which a server receives a request from a client, transmits a tamper-resistant challenge to the client, receives a response to the challenge, and validates the response, where each of the challenge and the response contain a copy of the request. If the client responds correctly to the challenge and does not modify the request during the protocol, the server executes the request.
    Type: Grant
    Filed: October 26, 2007
    Date of Patent: February 7, 2012
    Assignee: Red Hat, Inc.
    Inventor: James P. Schneider
  • Publication number: 20120030472
    Abstract: An authentication method is disclosed herein. The method includes: by a server, using a Trigger message nonce to generate a Trigger message, and sending the generated Trigger message to a client so that the client can extract the Trigger message nonce; after determining that the Trigger message nonce is valid, using the Trigger message nonce to generate a digest, and authenticating the Trigger message generated by using the Trigger message nonce; after the authentication succeeds, sending a session request to the server indicated by the Trigger message, where the session request carries a session ID. The corresponding system, server and client are disclosed herein. The present invention makes the authentication process more secure through the client and the server based on the DS or DM protocol.
    Type: Application
    Filed: October 11, 2011
    Publication date: February 2, 2012
    Inventors: Xiaoqian CHAI, Hongtao GAO, Kepeng LI, Linyi TIAN
  • Patent number: 8107622
    Abstract: A data hashing system operative to hash an incoming string of message words is an object of the present invention. The system generates a hash value tag comprising a deterministic random number string which uniquely identifies the incoming string. The system comprises at least first and second register arrays, at least one 1-way functionality in at least pseudo-randomizing function; and a set of at least first and second orthogonal feedback word stream generators operative to generate a set of at least first and second orthogonal feedback streams of message words respectively, including applying respective permutations to the incoming string.
    Type: Grant
    Filed: September 6, 2007
    Date of Patent: January 31, 2012
    Assignee: Fortress GB Ltd.
    Inventors: Carmi David Gressel, Gregory Van Bard, Orr David Dunkelman, Avi Hecht, Ran Granot
  • Patent number: 8108682
    Abstract: To achieve high safety, large-sized nonlinear permutation is employed; however, the larger permutation processing is, the more the period of time required for the processing is, which hence is not efficient. There is provided a hash value generation method or a hash value generator which has the following aspects and which is highly safe and is capable of executing processing at a high speed. 1. As a message insertion method, there is employed a linear conversion in which the insertion message affects all subblocks. 2. An internal state is divided into a plurality of subblocks, and nonlinear permutation is conducted in each subblock unit. 3. Additionally, the linear conversion of item 1 above may be configured such that each subblock of the internal state affects the subblocks of the output.
    Type: Grant
    Filed: February 9, 2009
    Date of Patent: January 31, 2012
    Assignee: Hitachi, Ltd.
    Inventors: Dai Watanabe, Hisayoshi Sato
  • Patent number: 8103001
    Abstract: A method of verification of rights is disclosed, contained in a security module associated to an apparatus processing broadcasted digital data. The apparatus is connected to a management center transmitting encrypted rights messages for accessing the digital data. The method includes reception and reading by the security module of all or part of a rights message including at least one right and means for verifying the right, decryption and verification of the rights message and updating of a rights memory, and storage of all or part of the rights message in a messages memory. During a further verification step, the method includes identification of at least one right present in the rights memory, search of the corresponding stored rights message and verification of the rights message, comparison of the right contained in the rights message with the corresponding right stored in the rights memory, and determination of a default state when the result of the comparison indicates a difference.
    Type: Grant
    Filed: October 6, 2006
    Date of Patent: January 24, 2012
    Assignee: Nagra France SAS
    Inventors: Dominique Le Floch, Michel Maillard
  • Patent number: 8103880
    Abstract: A system for improved communication system for providing web analytics data between a first computing device and a second, remote computing device preferably encodes frequently requested data into code words, and also provides the remote client with a look-up table and decoding logic. In one embodiment, the present invention also includes a method for updating the local look-up table in the event the table does not have a data value for a given code.
    Type: Grant
    Filed: December 20, 2005
    Date of Patent: January 24, 2012
    Assignee: Adobe Systems Incorporated
    Inventor: Michael Paul Bailey
  • Patent number: 8099514
    Abstract: A method in one embodiment is performed at least in part at a server in a network file system that includes said server and a plurality of clients connected by a network, the method comprising: receiving a data write request from one client; selecting a client as a write object of said data from the other clients according to a condition of said one client stored in advance and/or conditions of said other clients; and transmitting said data write request to the client selected as a write object. Additional systems, methods and computer program products are also presented.
    Type: Grant
    Filed: June 12, 2008
    Date of Patent: January 17, 2012
    Assignee: International Business Machines Corporation
    Inventors: Akihiro Kaneko, Miyuki Katsuki, Kazuhisa Misono, Takashi Yonezawa
  • Patent number: 8095803
    Abstract: A storage manager provides data privacy, while preserving the benefits provided by existing hash based storage systems. Each file is assigned a unique identifying code. Hashes of the content-derived chunks of the file are calculated based on the content of the chunk and the code identifying the file. When a request to store a chunk of data is received, it is determined whether a chunk associated with the hash has already been stored. Because hashes are based on privacy-preserving codes as well as content, chunks of duplicate copies of a file need not be stored multiple times, and yet privacy is preserved for content at a file level. In other embodiments, hashes indicating whether a given file is public and/or indicating the identity of the requesting user are also sent with storage requests. These additional hashes enable more robust transmission and storage efficiency, while still preserving privacy.
    Type: Grant
    Filed: March 9, 2007
    Date of Patent: January 10, 2012
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Richard J. Carter, Mark S. Miller, Alan H. Karp
  • Patent number: 8091116
    Abstract: A method of authenticating a user terminal with an access node providing restricted access to a communication network is provided. The method comprises the user terminal transmitting a request for an authentication token to a trusted network node via an unrestricted channel on the access node, the request comprising a network identity for a user of the user terminal. The network node verifies the identity of the user using the network identity, generates an authentication token and transmits the authentication token to the user terminal via the unrestricted channel. The user terminal derives login information from the authentication token and provides the login information to the access node. The access node authenticates the login information and removes the restricted access such that the communication network can be accessed by the user terminal.
    Type: Grant
    Filed: January 6, 2009
    Date of Patent: January 3, 2012
    Assignee: Skype Limited
    Inventors: Andres Kütt, Sergei Anikin, Madis Kaal
  • Patent number: 8090940
    Abstract: An electronic message is accessed. The message comprises a number of headers and a signature comprising a digital signature and a version of the headers. The message is verified based on analysis of the version of the headers and the digital signature. The version of the headers is compared with the headers and a policy is applied based on results of the comparison to determine further processing of the electronic message.
    Type: Grant
    Filed: June 1, 2005
    Date of Patent: January 3, 2012
    Assignee: Cisco Technology, Inc.
    Inventors: James L. Fenton, Michael A. Thomas
  • Patent number: 8086860
    Abstract: A means for avoiding hash collisions by means of message pre-processing function to increase randomness and reduce redundancy of an input message whereby hash collisions are avoided when it is applied before hashing any message and the message pre-processing function comprises 4 steps like shuffling of bits, compression T-function and LFSR which steps increase the entropy of the input message at the end of 4 rounds, the output becomes more random.
    Type: Grant
    Filed: March 27, 2008
    Date of Patent: December 27, 2011
    Assignee: Tata Consultancy Services Limited
    Inventor: Natarajan Vijayrangan
  • Patent number: 8086865
    Abstract: The present invention provides for authenticating a message, A security function is performed upon the message, The message is sent to a target. The output of the security function is sent to the target. At least one publicly known constant is sent to the target. The received message is authenticated as a function of at least a shared key, the received publicly known constants, the security function, the received message, and the output of the security function. If the output of the security function received by the target is the same as the output generated as a function of at least the received message, the received publicly known constants, the security function, and the shared key, neither the message nor the constants have been altered.
    Type: Grant
    Filed: May 7, 2008
    Date of Patent: December 27, 2011
    Assignee: International Business Machines Corporation
    Inventors: Daniel Alan Brokenshire, Harm Peter Hofstee, Mohammad Peyravian
  • Patent number: 8086862
    Abstract: Conventionally, when the version of a program has been upgraded, the whole of a currently stored program needs to be deleted to be replaced by a new program, and authentication needs to be performed again on such new program when it is activated. However, since the whole of the program is required to be stored and authenticated even when only a part of such program has changed, it consumes time and leads to the decrease in responsiveness. In order to solve this problem, the present invention extracts a difference between a new program and a currently stored old program, when such new program is to be stored, and the new program is to be stored after authentication is performed only on such difference.
    Type: Grant
    Filed: December 16, 2004
    Date of Patent: December 27, 2011
    Assignee: Panasonic Corporation
    Inventors: Satoshi Terao, Tadao Kusudo, Takakazu Shiomi
  • Patent number: 8086864
    Abstract: There are provided a low power SHA-1 hash algorithm apparatus having a low power structure and optimized to a trusted platform module (TPM) applied to a mobile trusted computing environment and a low power keyed-hash message authentication code (HMAC) encryption apparatus using the low power SHA-1 hash algorithm apparatus, the HMAC encryption apparatus including: a key padder padding key data for HMAC algorithm; an XOR operator XOR operating the padded key data and a padding constant; a data connector connecting a text to be encrypted, to data obtained by the XOR operating; a data padder padding the connected data; an SHA-1 hash algorithm part performing an SHA-1 hash algorithm on the padded data; a data selector selecting and applying one of a result of the SHA-1 hash algorithm and the text to be encrypted, to the data connector; and a controller controlling operations of the key padder, data connector, and data padder, a sequence of performing a hash algorithm of the SHA-1 hash algorithm part, and storing a
    Type: Grant
    Filed: April 15, 2008
    Date of Patent: December 27, 2011
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Moo Seop Kim, Young Sae Kim, Young Soo Park, Ji Man Park, Sung Ik Jun, Jong Soo Jang
  • Patent number: 8086863
    Abstract: Secure message transfer of at least one message from a sender to a receiver within a network system may be provided. For example, a message structure information regarding the at least one message may be computed on a sender-side and according to a pre-given scheme. The computed message structure information may be added as message account information into the at least one message to be sent. The message account information may be protected by a signature. The at least one message may be transferred through the network system to the receiver. On a receiver-side, the message account information may be validated after reception of the at least one message and according to the pre-given scheme.
    Type: Grant
    Filed: July 11, 2007
    Date of Patent: December 27, 2011
    Assignee: SAP AG
    Inventor: Maarten Rits
  • Patent number: 8086866
    Abstract: Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value ?i associated therewith, wherein the value ?i is given by ?i=h(?i+1), for a given hash function or other one-way function h. An initial distribution of helper values may be stored for the one-way chain of length s, e.g., at positions given by i=2j for 0?j?log2 s. A given one of the output values ?i at a current position in the one-way chain may be computed utilizing a first helper value previously stored for another position in the one-way chain between the current position and an endpoint of the chain. After computation of the given output value, the positions of the helper values are adjusted so as to facilitate computation of subsequent output values.
    Type: Grant
    Filed: June 2, 2008
    Date of Patent: December 27, 2011
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 8082447
    Abstract: A network device constructs an outgoing resource reservation message and determines an authentication value, using, for example, a cryptographic algorithm and at least a portion of the outgoing message. The network device identifies a destination node for the message and inserts the authentication value in the message. The network device sends the message across a network to the destination node for authentication at the destination node using the authentication value.
    Type: Grant
    Filed: February 13, 2009
    Date of Patent: December 20, 2011
    Assignee: Juniper Networks, Inc.
    Inventor: Nurettin Burcak Beser
  • Publication number: 20110307707
    Abstract: A method for securing files. The method includes an n-bit generator, executing on a first member of a group, generating a message digest using a first secret and a file constant value. The file constant value describes a file. The member extracts an encryption solution from at least the message digest, encrypts the file using the encryption solution to create the encrypted file, and sends the encrypted file and the file constant value to a second member.
    Type: Application
    Filed: March 25, 2010
    Publication date: December 15, 2011
    Applicant: PACID TECHNOLOGIES, LLC
    Inventor: Guy Fielder
  • Publication number: 20110307706
    Abstract: A method for securing communication between a plurality of members. The method includes a first member sending a first input to a second member, receiving a second input from the second member, and generating, by an n-bit generator, an initial message digest using the first input and the second input. Communications between the first member and the second member are encrypted using the initial message digest.
    Type: Application
    Filed: March 25, 2010
    Publication date: December 15, 2011
    Applicant: PACID TECHNOLOGIES, LLC
    Inventor: Guy Fielder
  • Publication number: 20110307705
    Abstract: A method for protecting a first secrets file. The method includes an n-bit generator generating a secrets file name for the secrets file and generating a decoy file names for decoy files. The secrets file includes a secret. Each of the decoy files includes decoy file contents, are a same size as the secrets file, and is associated with a modification time within a range of modification times. The modification time of the secrets file is within the range of modification times. The secrets file and decoy files are stored in a secrets directory.
    Type: Application
    Filed: March 25, 2010
    Publication date: December 15, 2011
    Applicant: PACID TECHNOLOGIES, LLC
    Inventor: Guy Fielder
  • Publication number: 20110302422
    Abstract: In the data security field, a modular cryptographic hash function process is embodied in a computer system or hardware (circuitry). The process is based on the mode of operation of the known “Shabal” hash function which uses a keyed permutation applied to each word of the message. Here a function is substituted for the permutation and additional final rounds are added to the function. Security is further enhanced over that of the Shabal hash function by avoiding use of the message blocks in computing certain of the data arrays, in order to frustrate known message attacks.
    Type: Application
    Filed: June 2, 2010
    Publication date: December 8, 2011
    Applicant: Apple Inc.
    Inventors: Augustin J. Farrugia, Benoit Chevallier-Mames, Mathieu Ciet
  • Publication number: 20110296193
    Abstract: Code-based hashing for message authentication code generation is described. In one aspect, a computer-implemented method receives a message and a secret key. A hash function is built based on respective portions of the secret key and a language interpreter. A formatted message is hashed using the hash function to generate a message authentication code for authentication of the message.
    Type: Application
    Filed: May 28, 2010
    Publication date: December 1, 2011
    Applicant: King Saud University
    Inventors: Khaled Soliman Alghathbar, Alaaeldin M. Hafez, Hanan Ahmed Hossni Mahmoud Abd Alla
  • Patent number: 8069353
    Abstract: Methods and apparatus for reducing the impact of latency associated with decrypting encrypted data are provided. Rather than wait until an entire packet of encrypted data is validated (e.g., by checking for data transfer errors), the encrypted data may be pipelined to a decryption engine as it is received, thus allowing decryption to begin prior to validation. In some cases, the decryption engine may be notified of data transfer errors detected during the validation process, in order to prevent reporting false security violations.
    Type: Grant
    Filed: June 19, 2008
    Date of Patent: November 29, 2011
    Assignee: International Business Machines Corporation
    Inventors: Bruce L. Beukema, Robert A. Drehmel, William E. Hall, Jamie R. Kuesel, Gilad Pivonia, Robert A. Shearer
  • Patent number: 8060755
    Abstract: An apparatus and method for performing cryptographic operations within microprocessor. The apparatus includes an instruction register having a cryptographic instruction disposed therein, a keygen unit, and an execution unit. The cryptographic instruction is received by a microprocessor as part of an instruction flow executing on the microprocessor. The cryptographic instruction prescribes one of the cryptographic operations, and also prescribes that a user-generated key schedule be employed when executing the one of the cryptographic operations. The keygen unit is operatively coupled to the instruction register. The keygen unit directs the microprocessor to load the user-generated key schedule. The execution unit is operatively coupled to the keygen unit. The execution unit employs the user-generated key schedule to execute the one of the cryptographic operations. The execution unit includes a cryptography unit.
    Type: Grant
    Filed: March 15, 2004
    Date of Patent: November 15, 2011
    Assignee: VIA Technologies, Inc
    Inventors: G. Glenn Henry, Thomas A. Crispin, Terry Parks
  • Patent number: 8060749
    Abstract: According to a conventional technique, in the case where a program is stored into a non-volatile memory once and then activated, authentication of the program is performed immediately before such activation. However, calculations such as decryption of encrypted values are required before the activation of the program starts, which causes the problem that responsiveness is decreased in proportion to the time required for calculations. In order to solve this problem, authentication of a program is performed immediately before such program is stored, so that no authentication is performed or only a part of the authentication is performed to verify the validity of certificates at program activation time.
    Type: Grant
    Filed: February 3, 2010
    Date of Patent: November 15, 2011
    Assignee: Panasonic Corporation
    Inventors: Tadao Kusudo, Takakazu Shiomi
  • Patent number: 8054969
    Abstract: A method is disclosed that enables the transmission of a digital message along with a corresponding media information signal, such as audio or video. A telecommunications device that is processing the information signal from its user, such as a speech signal, encodes the information signal by using a model-based compression coder. One such device is a telecommunications endpoint. Then, based on an evaluation of the perceptual significance of each encoded bit, or on some other meaningful characteristic of the signal, the endpoint's processor: (i) determines which encoded bits can be overwritten; and (ii) intersperses the digital message bits throughout the encoded signal in place of the overwritten bits. The endpoint then transmits those digital message bits as part of the encoded information signal. In this way, no additional bits are appended to the packet to be transmitted, thereby addressing the issue of compatibility with existing protocols and firewalls.
    Type: Grant
    Filed: February 15, 2007
    Date of Patent: November 8, 2011
    Assignee: Avaya Inc.
    Inventors: Akshay Adhikari, Sachin Garg, Anjur Sundaresan Krishnakumar, Navjot Singh
  • Patent number: 8055903
    Abstract: A method is disclosed that enables the transmission of a digital message along with a corresponding information signal, such as audio or video. The supplemental information contained in digital messages can be used for a variety of purposes, such as enabling or enhancing packet authentication. In particular, a telecommunications device that is processing an information signal from its user, such as a speech signal, encrypts the information signal by performing a bitwise exclusive-or of an encryption key stream with the information signal stream. The device, such as a telecommunications endpoint, then intersperses the bits of the digital message throughout the encrypted signal in place of those bits overwritten, in a process referred to as “watermarking.” The endpoint then transmits the interspersed digital message bits as part of a composite signal that also comprises the encrypted information bits. No additional bits are appended to the packet to be transmitted, thereby addressing compatibility issues.
    Type: Grant
    Filed: February 15, 2007
    Date of Patent: November 8, 2011
    Assignee: Avaya Inc.
    Inventors: Akshay Adhikari, Sachin Garg, Anjur Sundaresan Krishnakumar, Navjot Singh
  • Patent number: 8055902
    Abstract: A method, system, and computer program product for simultaneous multi-channel upload of a file to one or more servers while ensuring data integrity. A validation scheme employs hashes to allow segments of the data file to be separately validated. Thus, if the upload process is interrupted or otherwise corrupted, segments of previously transferred data which have been transferred correctly may be validated, eliminating the need for re-transmission of that correctly transferred data. Preferably, a grid broker may be incorporated, allowing simultaneous multi-channel upload of data in a grid computing environment.
    Type: Grant
    Filed: January 12, 2007
    Date of Patent: November 8, 2011
    Assignee: International Business Machines Corporation
    Inventors: Joseph M. Crichton, Michael P. Zarnick
  • Publication number: 20110271117
    Abstract: A User Equipment (UE), Home Agent node (HA), methods, and a telecommunications system are provided for use during negotiation of IP security associations, such as during an Internet Key Exchange (IKE) procedure, between the UE and the HA. The UE sends to the HA an authentication request comprising an indicator relative to a Home Network Prefix (HNP) to be assigned to the UE. Based on the indicator, the HA assigns a new HNP or re-assigns the HNP already assigned, and sends back a response comprising the assigned HNP. If the UE performs a handover to another access network or establishes a simultaneous binding to the other access network, the UE sends its own HNP in the authentication request thus asking the HA to re-assign the same HNP for the new connection being established. If the UE makes an initial access with a network, the indicator may be left blank, asking for the assignment of a new HNP for the UE.
    Type: Application
    Filed: October 25, 2010
    Publication date: November 3, 2011
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventor: Zu Qiang
  • Patent number: 8046584
    Abstract: Method for checking the signature of a message. The message, signature, and a certificate are sent by a signer having a public key to a recipient having a message storage device. The certificate is checked by a protected device connected to the message storage device and a checking result data element is sent for checking to a display device connected to the protected device. When the certificate is verified, a reduction of the message is calculated in the protected device and the message is recopied onto the display device. The signature is decrypted using the public key in the protected device, and the decrypted signature is compared with the reduction carried out. According to the comparison, a message is sent from the protected device to the display device indicating whether the signature conforms or does not conform to the message or to the public key of the signer put forward.
    Type: Grant
    Filed: November 12, 2003
    Date of Patent: October 25, 2011
    Assignee: Gemalto SA
    Inventor: Arnaud Fausse
  • Patent number: 8041949
    Abstract: An information processing system in which information transfers between communication devices through a network is limited within a prescribed range by registering unique information obtainable within the prescribed range into each device and permitting information transfer between devices which share common unique information, where the unique information is formed by a pair of public and secret unique information, a bridge device is controlled such that, upon receiving a proxy check request from a reception device, whether a transmission device is another bridge device or not is judged when the public unique information registered by the reception device is registered in the bridge device and one public unique information registered in the bridge device is registered by the transmission device. Then, the secret unique information registered by the reception device is transmitted to the transmission device when the transmission device is not another bridge device.
    Type: Grant
    Filed: March 4, 2005
    Date of Patent: October 18, 2011
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Hiroshi Isozaki, Takeshi Saito, Tatsuyuki Matsushita, Tooru Kamibayashi
  • Patent number: 8037310
    Abstract: A document authentication system and method combine digital and non-electronic (or visual) authentication methodologies in an integrated, unified manner. As well as providing indicia of digital authentication, the invention generates a physical artifact that can be validated by unaided human visual perception. The present invention thus provides an opportunity to improve the level of trust in authentication of documents, while preserving the advantages of both traditional and digital authentication mechanisms.
    Type: Grant
    Filed: November 30, 2004
    Date of Patent: October 11, 2011
    Assignee: Ricoh Co., Ltd.
    Inventor: Gregory J. Wolff
  • Patent number: 8032749
    Abstract: The invention relates to a method for remotely controlling and/or regulating at least one system (1), in particular an industrial system using a communications device (2) which is assigned to the system (1), and at least one receiver device (3), information relating to the system being transmitted from the communications device (2) to the at least one receiver device (3), the information containing a validation code which is generated by the communications device (2), a message being received by the communications device (2), the communications device (2) extracting a check code and instruction information from the message according to a first extraction rule, the communications device (2) validating the message by means of the validation code and check code, and the instruction information being implemented by the system (1) only when the validation is successful.
    Type: Grant
    Filed: April 4, 2003
    Date of Patent: October 4, 2011
    Assignee: ABB Research Ltd
    Inventors: Florian Straub, Thomas von Hoff, Mario Crevatin, Hans-Peter Züger, Bernhard Deck
  • Patent number: 8028169
    Abstract: It is possible to control electronic documents for partial disclosures and non-disclosures and prove to the third party that information other than non-disclosure part thereof has not been altered and the originality of decrypted information is assured.
    Type: Grant
    Filed: October 6, 2006
    Date of Patent: September 27, 2011
    Assignee: Fujitsu Limited
    Inventor: Takashi Yoshioka
  • Publication number: 20110231665
    Abstract: A method of authentication between first (QNodeX) and second (QNodeY) network nodes within a network suitable for implementing quantum cryptography comprises steps in which the first and second nodes each generate a cryptographic hash ([MXY]AI, [MYX]AJ) of a message ([MXY], [MYX]) using respective authentication keys (AI, AJ) shared with a third network node (QNodeW). The messages may be those exchanged between the first and second nodes during agreement of a quantum key to be used between the nodes. An authentication key to be shared by the first and second nodes may be established using the quantum key. The invention therefore allows an authentication key to be established and shared between the first and second network nodes without direct physical intervention. Networks having large numbers of network nodes may be re-keyed following replacement or maintenance of a network node much more quickly and easily than is the case where re-keying is achieved by physically supplying shared authentication keys.
    Type: Application
    Filed: December 2, 2009
    Publication date: September 22, 2011
    Applicant: QINETIQ LIMITED
    Inventor: Simon Robert Wiseman
  • Patent number: 8024574
    Abstract: A system for secure communication is provided. A random value generator is configured to generate a random value. A message validation code generator is coupled to the random value generator and configured to generate a message validation code based on a predetermined key, a message, and the random value. A one-time pad generator is coupled to the random number generator and configured to generate a one-time pad based on the random value and the predetermined key. And a masked message generator is coupled to the one-time pad generator and configured to generate a masked message based on the one-time pad and the message. A protected message envelope generator is coupled to the random value generator, the message validation code generator, and the masked message generator, and is configured to generate a protected message envelope based on the random value, the message validation code, and the masked message.
    Type: Grant
    Filed: January 22, 2004
    Date of Patent: September 20, 2011
    Assignee: International Business Machines Corporation
    Inventors: Daniel Brokenshire, Harm Peter Hofstee, Mohammad Peyravian
  • Patent number: 8024306
    Abstract: Provided are methods, apparatus and computer programs for enhanced access to resources within a network, including for controlling use of bandwidth-sensitive connections within a network and/or for automated recovery. Hash values are used as ‘unique’ identifiers for resources distributed across a network, and each one of a set of pool servers store the hash values for a set of computers within a LAN. When a resource is required, a hash value representing the resource can be retrieved and compared with hash values stored at a pool server to determine whether the pool server holds a matching hash value. Any such matching hash value found on the pool server represents an identification of a local copy of the required resource, because of the uniqueness property of secure ash values. The information within the pool server can be used to access the required resource.
    Type: Grant
    Filed: May 16, 2007
    Date of Patent: September 20, 2011
    Assignee: International Business Machines Corporation
    Inventors: Sudarshan Palliyil, Shivakumara Venkateshamurthy, Srinivas Belur Vijayaraghavan, Tejasvi Aswathanarayana
  • Publication number: 20110225425
    Abstract: A trusted read and write platform provides write-indisputability and read-undeniability for a distributed application. The platform is implemented at each node of the distributed application using a trusted platform module. To provide write-indisputability, the read and write platform of a node may generate a proof that is signed by the platform module and sent with a purportedly written result. The proof is decrypted using a public key associated with the platform module and includes indicators of the process taken by the read and write platform to write the result. To provide read-undeniability, the read and write platform may bind a key to a state of the platform module. A result to be read at the read and write platform is encrypted using the key and can only be decrypted when the read and write platform updates its state to the bound state.
    Type: Application
    Filed: March 11, 2010
    Publication date: September 15, 2011
    Applicant: Microsoft Corporation
    Inventors: Ramakrishna R. Kotla, Indrajit Roy
  • Patent number: 8015597
    Abstract: Issuing and disseminating a data about a credential includes having an entity issue authenticated data indicating that the credential has been revoked, causing the authenticated data to be stored in a first card of a first user, utilizing the first card for transferring the authenticated data to a first door, having the first door store information about the authenticated data, and having the first door rely on information about the authenticated data to deny access to the credential. The authenticated data may be authenticated by a digital signature and the first door may verify the digital signature. The digital signature may be a public-key digital signature. The public key for the digital signature may be associated with the credential. The digital signature may be a private-key digital signature. The credential and the first card may both belong to the first user.
    Type: Grant
    Filed: July 16, 2004
    Date of Patent: September 6, 2011
    Assignee: CoreStreet, Ltd.
    Inventors: Phil Libin, Silvio Micali, David Engberg, Alex Sinelnikov
  • Patent number: 8015413
    Abstract: An efficient solution for secure implementation of indirect addressing (IA) is described. IA may be used, for example, in networks of which the routing algorithms are not capable of multicast but also contain very constrained devices that, although requiring multicast, are not capable of repeated unicast. This ID is useful in wireless networks containing low-power low-cost devices.
    Type: Grant
    Filed: June 30, 2004
    Date of Patent: September 6, 2011
    Assignee: Koninklijke Philips Electronics N.V.
    Inventor: Thomas Andreas Maria Kevenaar
  • Publication number: 20110213984
    Abstract: A processing system (60) includes an input interface (62), a first processor (64), a second processor (66), and an output interface (68) arranged in a serial configuration. Each of the input interface (62), first processor (64), second processor (66), and output interface (68) computes a digest (92, 100, 110, and 114) using information, e.g., a unique parameter (94, 102, 112, 118), known only by that element (62, 64, 66, 68) and using information generated by that element (62, 64, 66, 68). The digests (92, 100, 110, and 114) are used to validate the integrity of payload data (86) processed by the system (60) to form processed data (104) and the system (60) only outputs the processed data (104) upon validation of data integrity. The serial configuration of system (60) may be implemented to provide high bit rate, redundant cryptographic services.
    Type: Application
    Filed: February 26, 2010
    Publication date: September 1, 2011
    Applicant: GENERAL DYNAMICS C4 SYSTEMS, INC.
    Inventors: Gerardo Orlando, David R. King, Mark Krumpoch, Evan Custodio
  • Publication number: 20110208973
    Abstract: The invention relates to overall optimization of an identification system (2) comprising a meshed wireless network of RF devices (17) on board an aircraft (1). Starting from an inventory (51) of components of the aircraft (1) that need to be identified, a list (50) is drawn up of “modeling” input parameters (34-39) and a series (27) is drawn up of functional constraints. A plurality of potential profiles (V1, Vn) is modeled for identification systems (2). Said plurality of potential profiles (V1-Vn) is sorted in order to define a restricted group (32) of acceptable versions, and then a target function (47) using automatic comparison (33) of multiple cases is applied to determine an eligible version (Vx) that is optimized, having decision and state variables (45, 46) with values that are of binary order for the aircraft (1) as a whole.
    Type: Application
    Filed: February 16, 2011
    Publication date: August 25, 2011
    Applicant: EUROCOPTER
    Inventors: Charlotte Jimenez, Stéphane Dauzere-Peres
  • Patent number: 7996679
    Abstract: A data migration system performs a tamper-resistant data migration for regulatory compliance systems. The system generates a secure hash for the data object, adds a timestamp to the hash, produces a signature for the data object using a private key, and includes the signature in a signature summary of data objects. Immediately prior to data migration, the system signs the signature summary of the set of data objects to be migrated. The signature of the data object maintains integrity of the data object by preventing undetectable modification to a data object during migration. The signed signature summary maintains completeness by preventing undetectable removal of a data object from or insertion of a data object into the set of data objects during migration.
    Type: Grant
    Filed: October 5, 2005
    Date of Patent: August 9, 2011
    Assignee: International Business Machines Corporation
    Inventors: Windsor Wee Sun Hsu, Xiaonan Ma
  • Patent number: 7996893
    Abstract: A computer implemented method, apparatus, and computer program product for performing an automated task in a role-based access control environment. A set of roles is assigned to a user to form assigned roles, wherein the role-based access control environment allows the user to assume a subset of the assigned roles at a given time. Responsive to receiving a request to execute an automated task, an identity of the user creating the automated task is identified. Responsive to determining that the user creating the automated task is not logged in, a set of session roles are identified based on the identity of the user. A session is created for the automated task. The automated task is performed in the session using the set of session roles.
    Type: Grant
    Filed: June 11, 2007
    Date of Patent: August 9, 2011
    Assignee: International Business Machines Corporation
    Inventors: Shiva Persaud-Deolall, Xinya Wang
  • Publication number: 20110191574
    Abstract: A method and apparatus for binding trusted platform module (TPM) keys to execution entities are described. In one embodiment, the method includes the receipt of an authorization request issued by an execution entity for authorization data. According to the authorization request, the execution entity may be measured to generate an entity digest value. Once the entity digest value is generated, a platform reference module may grant the authorization request if the entity digest value verifies that the execution entity is an owner of the key held by the TPM. Accordingly, in one embodiment, a platform reference module, rather than an execution entity, holds the authorization data required by a TPM to use a key owned by the execution entity and held within sealed storage by the TPM. Other embodiments are described and claimed.
    Type: Application
    Filed: January 28, 2011
    Publication date: August 4, 2011
    Inventors: Alexander Iliev, Vincent R. Scarlata, Carlos V. Rozas
  • Patent number: 7992198
    Abstract: An authentication mechanism is provided for a web method platform that allows homogeneous access for different types of clients according to a bootstrapping procedure utilized to establish the session. Different clients can be assigned different levels of trust based in part on the bootstrapping procedure and/or information provided during the procedure. The bootstrapping procedure can produce a token that is used by the clients in subsequent requests to provide previous authentication or state information to the platform. The token can comprise a shared secret used to ensure integrity of communications in some cases, and the token can be opaque to the client. Tokens can expire and require a client to re-bootstrap to provide higher levels of authentication protection, and tokens can be shared among a plurality of application servers to facilitate effective handling of requests in a farmed environment.
    Type: Grant
    Filed: September 14, 2007
    Date of Patent: August 2, 2011
    Assignee: Microsoft Corporation
    Inventors: Brian J. Guarraci, Christopher C. White, Niels Thomas Ferguson, Jeffrey Dick Jones, Sean Patrick Nolan, Johnson T. Apacible, Vijay Varadan