Message Digest Travels With Message Patents (Class 713/181)
-
Patent number: 7992193Abstract: A method and an apparatus are disclosed for securing authentication, authorization and accounting (AAA) protocol messages. An encryption key, a device identifier value, and verification data are received and stored at a network device. The verification data comprises in part a copy the encryption key and the device identifier value, and has been encrypted using a private key of a server. A shared secret is generated by applying a computational function to the encryption key and the device identifier value. Based on the shared secret, a first message integrity check value for a message is generated. The message, the first integrity check value, and the verification data are sent to the server. The server decrypts the verification data using the private key, extracts the encryption key and the device identifier value, and generates the same shared secret by applying the same computational function to the extracted encryption key and device identifier value.Type: GrantFiled: March 17, 2005Date of Patent: August 2, 2011Assignee: Cisco Technology, Inc.Inventors: Fabio Maino, Michael Fine, Irene Kuffel, Arthur Zavalkovsky
-
Publication number: 20110185182Abstract: A method of authenticating a message from a sending party to a receiving party. The sending party generates a digest of the message using a key, and sends the digest to the receiving party. The receiving party also generating the digest of the message using the key, and compares the digests to confirm the message was sent by the sending party. The key may be sent by the sending party to the receiving party by an authenticatable method; alternatively, the parties may use a secret previously agreed key.Type: ApplicationFiled: May 29, 2009Publication date: July 28, 2011Inventors: Andrew William Roscoe, Long Haang Nguyen
-
Patent number: 7987369Abstract: A method for reducing overhead when transmitting an Internet Protocol (IP) packet begins by selecting a watermarking signature based on the IP address of the packet. The watermarking signature is applied to the packet and the IP address is removed from the packet. The packet is sent to a receiver, which looks up the IP address of the packet by using the watermarking signature. The watermarking signature can be a radio frequency watermarking signature or a digital watermarking signature. A similar method employing watermarking can be used to reduce medium access control header overhead.Type: GrantFiled: April 26, 2005Date of Patent: July 26, 2011Assignee: InterDigital Technology CorporationInventors: Guodong Zhang, Prabhakar R. Chitrapu
-
Patent number: 7987366Abstract: The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb).Type: GrantFiled: February 11, 2004Date of Patent: July 26, 2011Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventors: Rolf Blom, Mats Naslund, Elisabetta Carrara, Fredrik Lindholm, Karl Norrman
-
Patent number: 7987365Abstract: A subscription-based computing device has hardware and a subscription enforcer implemented in the hardware. The enforcer has an accumulator that accumulates a usage value as the computing device is being used and an expiration value register that stores an expiration value. The enforcer allows the computing device to operate in a subscription mode without hindrance and with full use when the usage value is less than the stored expiration value, and allows the computing device to operate in an expiration mode with hindrance and without full use when the usage value reaches the stored expiration value to signal that the subscription for the computing device has expired.Type: GrantFiled: March 24, 2006Date of Patent: July 26, 2011Assignee: Microsoft CorporationInventors: Andrew David Birrell, Charles P. Thacker, Michael Isard
-
Publication number: 20110179281Abstract: In the computer data security field, a cryptographic hash function process is embodied in a computer system or computer software or logic circuitry and is keyless, but highly secure. The process is based on (mathematical) quasi-group operations such as in the known “EDON-R” hash function. But here one or more blank rounds (iterations) of the quasi-group operation are concatenated to the EDON-R hash function operations, to overcome perceived security weaknesses in EDON-R.Type: ApplicationFiled: January 20, 2010Publication date: July 21, 2011Applicant: Apple Inc.Inventors: Benoit CHEVALLIER-MAMES, Mathieu Ciet, Augustin J. Farrugia
-
Patent number: 7983412Abstract: A method and system for automating customer slamming and cramming complaints includes an automated reporting system having one or more receiving devices and a complaint module. Customers who want to report a slam or cram access the automated reporting system and report the complaint without having to speak with a customer service representative. The complaint module obtains the customer telephone number and retrieves customer account information using the customer telephone number. Using the customer account information, the complaint module extrapolates a type of complaint for the customer complaint and prompts the customer for information regarding the customer complaint and the type of the complaint. The customer provides customer responses to the prompts and the complaint module provides an indication to the customer regarding each customer response.Type: GrantFiled: September 13, 2007Date of Patent: July 19, 2011Assignee: AT&T Intellectual Property I, L.P.Inventors: Kurt M. Joseph, Robert R. Bushey, Benjamin A. Knott, John M. Martin
-
Patent number: 7983421Abstract: Embodiments of the invention provide systems and methods for detection of tampering with an audit record for a database. According to one embodiment, a method for detection of tampering with an audit record for a database can comprise reading one or more audit records for a time period from an audit table. The one or more audit records can each include a time stamp and reading the one or more audit records can comprise reading audit records having a timestamp within the time period. An encrypted record, such as a message digest record, for the time period can be generated based on the one or more audit records and including the time stamps. The message digest record can be stored in a message digest table. In some cases, the message digest table can be maintained in a trusted data store.Type: GrantFiled: February 1, 2008Date of Patent: July 19, 2011Assignee: Oracle International CorporationInventors: Sashikanth Chandrasekaran, Viresh Garg
-
Patent number: 7979693Abstract: A relay apparatus comprises a frame relay processing unit for relaying a frame, a plurality of ports for sending and receiving the frame to and from the outside, and a cryptographic processing module corresponding to each of the ports. Each cryptographic processing module is connected to the corresponding port and to the frame relay processing unit by means of general-purpose interfaces such as MII. The cryptographic processing module performs the encryption process and decryption process so that the frame relay processing unit can concentrate on the relay process and the relay speed is not subject to degradation. Also, the cryptographic processing module can generate a different cryptographic key for each frame without requiring dynamic exchange of key information.Type: GrantFiled: January 12, 2007Date of Patent: July 12, 2011Assignee: Fujitsu LimitedInventors: Takamitsu Iida, Hideshi Sakurai, Satoshi Obara, Yukihiro Nakajima, Takayuki Sakuma
-
Patent number: 7979892Abstract: A peripheral device having one or more functions comprises: an input unit letting a user input identification information; function selection buttons each of which is previously associated with one of the functions and can be operated for selecting the associated function; a usage permission information storing unit previously storing usage permission information (indicating whether the use of each function has been permitted or not) while associating it with the identification information on each user; and a notification unit notifying the user whether the user is permitted to use each function or not when the identification information is inputted, by displaying the function selection buttons regarding functions that the user has been permitted to use and the function selection buttons regarding functions that the user has not been permitted to use in different styles discriminable from each other based on the usage permission information associated with the inputted identification information.Type: GrantFiled: November 29, 2006Date of Patent: July 12, 2011Assignee: Brother Kogyo Kabushiki KaishaInventor: Wataru Mizumukai
-
Publication number: 20110167268Abstract: In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network.Type: ApplicationFiled: January 6, 2010Publication date: July 7, 2011Applicant: Calix Networks, Inc.Inventors: Berkay Baykal, Shaun Noel Missett
-
Publication number: 20110161674Abstract: A method of generating a self-authenticating document while utilizing document digest stored on a server for verification purposes. Authentication information for the document is encoded in barcode which is printed on the document. A document digest is calculated from the authentication information and transmitted to a server to be stored. When authenticating a scanned copy of the document, the barcode is read to extract the authentication information. A target document digest is calculated from the extracted authentication information and transmitted to the server for verification. The server compares the target document digest with the previously stored document digest. If they are not the same, the barcode has been altered. If they are the same, the extracted authentication information is used to authenticate the scanned copy. A document ID may be generated and transmitted to the server, and used by the server to index or search for the stored document digest.Type: ApplicationFiled: December 29, 2009Publication date: June 30, 2011Applicant: KONICA MINOLTA SYSTEMS LABORATORY, INC.Inventor: Wei MING
-
Patent number: 7970821Abstract: The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.Type: GrantFiled: June 25, 2008Date of Patent: June 28, 2011Assignee: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Frank Hoering, Thomas D. Weigold
-
Patent number: 7971240Abstract: Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.Type: GrantFiled: April 20, 2009Date of Patent: June 28, 2011Assignee: Microsoft CorporationInventors: Wei-Quiang Michael Guo, John Hal Howard, Kok Wai Chan
-
Patent number: 7966662Abstract: An authentication system is disclosed. The authentication system includes a content provider configured to distribute encrypted content, wherein the encrypted content is generated using a content key, and a client having a symmetric key and configured to store the encrypted content received from the content provider and issue a request to the content provider, wherein the request includes a cryptographic function configured to have the symmetric key and the encrypted content as input, wherein the content provider is further configured to verify the client via the request to ensure that the client has received the encrypted content.Type: GrantFiled: January 6, 2005Date of Patent: June 21, 2011Assignee: QUALCOMM IncorporatedInventors: Gregory Gordon Rose, James Semple, Roy Franklin Quick, Jr., Philip Michael Hawkes
-
Patent number: 7966490Abstract: One or more mobility token managers (101) track movement of files (105) within a network. A mobility token manager (101) on a source computer (113) detects an attempt to write a file (105) to a target computer (117). Responsive to the detection, the mobility token manager (101) writes a mobility token (103) containing data concerning at least the file (105) and the write operation to the target computer (117). A mobility token manager (101) on the target computer (117) detects that the mobility token (103) is being written to the target computer (117). The mobility token manager (101) on the target computer (117) reads the mobility token (103), and determines relevant information concerning the file (105) associated with the mobility token (103).Type: GrantFiled: December 28, 2007Date of Patent: June 21, 2011Assignee: Symantec CorporationInventor: Ahmed Sallam
-
Patent number: 7962643Abstract: One embodiment of the present method and apparatus for reducing spam in peer-to-peer networks includes forming a search message including at least one decoy word and sending the search request message, including the decoy word(s), to one or more nodes in the network. Embodiments of the present invention make it possible to weed out nodes in the network that send spam in response to every search message (e.g., regardless of the search message's content).Type: GrantFiled: June 27, 2008Date of Patent: June 14, 2011Assignee: International Business Machines CorporationInventors: David A. George, Raymond B. Jennings, III, Jason D. LaVoie
-
Patent number: 7958364Abstract: A system for digitally signing electronic documents is disclosed. The system includes a mobile device, an application server and a database, the mobile device includes a requesting module and a digest encrypting module, the application server includes an obtaining module, a digest generating module and a merging module. The requesting module is configured for sending a request for a digital signature of an electronic document to the application server; the obtaining module is configured for obtaining the electronic document from the database; the digest generating module is configured for generating a digest of the electronic document, and sending the digest to the mobile device; the digest encrypting module is configured for encrypting the digest, generating an encrypted value, and sending the encrypted value to the application server; the merging module is configured for merging the encrypted value and the electronic document. A related computer-based method is also disclosed.Type: GrantFiled: November 15, 2007Date of Patent: June 7, 2011Assignees: Hong Fu Jin Precision Industry (ShenZhen) Co., Ltd., Hon Hai Precision Industry Co., Ltd.Inventors: Chung-I Lee, Chien-Fa Yeh, Chiu-Hua Lu, Xiao-Di Fan, Guo-Ling Ou-Yang
-
Patent number: 7958354Abstract: Using a high order shared knowledge mechanism where multiple parties are given multiple shares of a shared ‘common’ secret data, dependent upon role and scenario. It is possible to distribute pre-generated, accountable, as well as escrowed key material to remote units. When the order of the shares and quantities are controlled properly, it is possible to compromise an entity distributing the knowledge shares allowing reconstruction of ‘common’ secret data without loss of the actual data, and compromise of any party receiving the knowledge shares only compromises the common secret data which have already been distributed to that party. Multiple common secret data may be distributed to remote units which are only required to store a single set of knowledge shares to enable reception of multiple common secret data.Type: GrantFiled: February 14, 2008Date of Patent: June 7, 2011Assignee: Rockwell Collins, Inc.Inventor: Justin D. Davis
-
Patent number: 7958356Abstract: A system and method securely establishes a shared secret among nodes of a security appliance. The shared secret is established by distributing private keys among the nodes in accordance with a node ring protocol that uses a predetermined encryption algorithm to generate messages containing the keys. Briefly, each node is initially notified as to the number of nodes participating in the shared secret establishment. Each node generates a public-private key-pair, as well as a first message that includes the generated public key and an indication of the source of the generated public key (hereinafter “source generated public key”). The node then sends the first message to an adjacent node of the appliance. Upon receiving the first message, each node extracts the source generated public key from the message and stores the extracted information into a data structure of “partner” public keys.Type: GrantFiled: September 29, 2006Date of Patent: June 7, 2011Assignee: NetApp, Inc.Inventors: Ananthan Subramanian, Robert Jan Sussland, Lawrence Wen-Hao Chang
-
Patent number: 7953014Abstract: Network device testing equipment capable of testing network devices using small size packets and for a transferring ability and a filtering ability at a media speed is described. A configuration is adopted in which a Field Programmable Gate Array (FPGA) included in a transmitter or receiver on one or both of transmitting and receiving sides is connected directly to a physical layer chip of a network and computers on both the transmitting and receiving sides are connected thereto. Each of the FPGAs of the transmitter and receiver has a circuit which has an integrated function of transmitting a packet pattern generation function and a packet-receiving function, thereby enabling a test and an inspection in real time. When inspecting the filtering function, a hash table storing therein a hash value and a list of occurrence frequencies for hash values is utilized.Type: GrantFiled: March 7, 2006Date of Patent: May 31, 2011Assignees: National Institute of Advanced Industrial Science and Technology, DUAXES Corporation, BITS Co., Ltd.Inventors: Kenji Toda, Toshihiro Katashita, Kazumi Sakamaki, Takeshi Inui, Mitsugu Nagoya, Yasunori Terashima
-
Patent number: 7953225Abstract: A mobile wireless communications device which may include a housing, an antenna carried by the housing, a wireless transceiver carried by the housing and connected to the antenna, and at least one memory for storing a compressed software file, a digest of an uncompressed version of the software file, and a digital signature of the compressed software file and the digest generated based upon a private key. The device may further include a processor carried by the housing and cooperating with the wireless transceiver for performing wireless communications. The processor may also cooperate with the at least one memory for authenticating the compressed software file based upon the digital signature and a public key corresponding to the private key. Upon authentication of the compressed software file, the processor uncompresses the compressed software file. The uncompressed software file may then be re-authenticated at a time after installation based upon the digest.Type: GrantFiled: October 21, 2005Date of Patent: May 31, 2011Assignee: Harris CorporationInventors: Lloyd Palum, Robert Brutovski, Chris Rericha
-
Patent number: 7954157Abstract: A method is provided to facilitate the detection of file tampering, such as a computer virus, on a computer. In one example, a digital fingerprint is generated for each file on the computer using a substantially collision-free algorithm. The digital fingerprints of the computer files are compared with digital fingerprints of the computer files generated when the files were previously saved. If the digital fingerprint of that file differs from the digital fingerprint generated when that file was previously saved, a computer virus or other tampering may exist on the file.Type: GrantFiled: May 25, 2006Date of Patent: May 31, 2011Assignee: FalconStor, Inc.Inventors: Ronald S. Niles, Wai Lam
-
Publication number: 20110123021Abstract: The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database, for each record, extracting the data from the fields, concatenating the extracted data into an input message, running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps, and outputting a surrogate key.Type: ApplicationFiled: November 24, 2009Publication date: May 26, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: Clinton S. Tepper
-
Patent number: 7945779Abstract: For use in a distributed system where a client computer is operable to communicate with a server computer and to receive a digital certificate associated with a remote external component, apparatus for securing a communications exchange between computers includes a hasher, responsive to the client computer receiving a digital certificate, for hashing data associated with the client computer and the server computer with data associated with the digital certificate to create a first message digest, and a first transmitter for transmitting the first message digest to the remote external component.Type: GrantFiled: June 18, 2007Date of Patent: May 17, 2011Assignee: International Business Machines CorporationInventor: Cameron Kenneth Martin
-
Patent number: 7945535Abstract: In one embodiment, there is provided a method for a media storage device to manage digital content. The method comprises determining if there is digital content to be categorized into one or more galleries; automatically categorizing said digital content into the one or more galleries; and for digital content categorized into a gallery with an auto-publish flag, sending at least one of said digital content and a derivative form of said digital content to a server.Type: GrantFiled: December 13, 2005Date of Patent: May 17, 2011Assignee: Microsoft CorporationInventors: Michael J Toutonghi, Jaroslav Bengl
-
Patent number: 7945048Abstract: A method for securing patient identity comprising accessing an electronic medical records database including patient data for a plurality of patients. Each patient in the electronic medical records database is assigned a unique patient identifier. Patient data for a first patient, including a first patient identifier, is retrieved from the electronic medical records database. The first patient is de-identified from the patient data. De-identifying includes the creation of a first encoded patient identifier responsive to the first patient identifier. The de-identifying results in de-identified first patient data and includes the replacement of the first patient identifier with the first encoded patient identifier. The de-identified first patient data is transmitted to a data warehouse system. The method further comprises identifying a second patient in response to receiving report data that includes a second encoded patient identifier from the data warehouse system.Type: GrantFiled: April 16, 2009Date of Patent: May 17, 2011Assignee: General Electric CompanyInventors: Thomas N. Ricciardi, Curtis White
-
Patent number: 7941661Abstract: A method in which a test function is called in a system's internal authentication IC multiple times with a known incorrect value such that, if the internal IC is invalid, an expected invalid response is not generated and, otherwise, the internal IC generates a secret random number and its signature and encrypts these using a first secret key, an external authentication IC connected to the system calls a read function which decrypts the encrypted random number and signature using the first key, calculates the decrypted random number's signature, compares the signatures and upon a match encrypts the decrypted random number and a message of the external IC using a second secret key, the internal IC calls the test function which encrypts the random number and message using the second key, compares the encrypted random numbers and messages, validates the external IC if they match and invalidates the external IC otherwise.Type: GrantFiled: July 8, 2010Date of Patent: May 10, 2011Assignee: Silverbrook Research Pty LtdInventors: Simon Robert Walmsley, Kia Silverbrook
-
Patent number: 7937071Abstract: A device management (DM) system and a method of controlling the same, are discussed. According to an embodiment, the DM system comprises a DM server for transmitting a notification message in response to a device control request of a user, the notification message including unique authentication information having previously stored unique information of a device and basic authentication information having a setup value for setting up communication; and a device having a DM client, for receiving the notification message, performing authentications using the basic authentication information and the unique authentication information, and discarding the notification message if the authentications using the basic authentication information and the unique authentication information fail.Type: GrantFiled: June 19, 2007Date of Patent: May 3, 2011Assignee: LG Electronics Inc.Inventor: Joonho Lee
-
Patent number: 7937748Abstract: A communication apparatus includes a storage device to store security associations to be exchanged between an opposite party's apparatus, an update device to update the security associations stored in the storage device, before starting a sleep mode for a power-saving operation, and a notification device to notify a message of updating of the security associations by the update device to the opposite party's communication apparatus.Type: GrantFiled: March 27, 2006Date of Patent: May 3, 2011Assignee: Kabushiki Kaisha ToshibaInventors: Atsushi Inoue, Masahiro Ishiyama
-
Publication number: 20110099367Abstract: Certification of a key, which a Trusted Platform Module (TPM) has attested as being non-migratable, can be performed in a single round trip between the certificate authority (CA) and the client that requests the certificate. The client creates a certificate request, and then has the TPM create an attestation identity key (AIK) that is bound to the certificate request. The client then asks the TPM to sign the new key as an attestation of non-migratability. The client then sends the certificate request, along with the attestation of non-migratability to the CA. The CA examines the certificate request and attestation of non-migratability. However, since the CA does not know whether the attestation has been made by a trusted TPM, it certifies the key but includes, in the certificate, an encrypted signature that can only be decrypted using the endorsement key of the trusted TPM.Type: ApplicationFiled: October 28, 2009Publication date: April 28, 2011Applicant: MICROSOFT CORPORATIONInventors: Stefan Thom, Scott D. Anderson, Erik L. Holt
-
Publication number: 20110093714Abstract: Embodiments relate to systems, methods and devices for asymmetric cryptographic authentication. In an embodiment, a system includes an accessory comprising an authentication chip, the authentication chip comprising a public authentication key, a private authentication key and data signed by a private verification key; and a device comprising a public verification key forming a verification key pair with the private verification key, the device configured to read the data and public authentication key from the authentication chip, verify the data and the public authentication key using the public verification key, and authenticate the accessory for use with the device using the public authentication key if verified.Type: ApplicationFiled: October 20, 2009Publication date: April 21, 2011Applicant: Infineon Technologies AGInventors: Stephan Schaecher, Harald Hewel, Markus Gueller
-
Patent number: 7930544Abstract: A verification information generation system includes first and second data processing apparatuses. The first data processing apparatus has a unit holding first secret information, a unit receiving information associated with the second secret information from the second apparatus, a unit generating key information on the basis of the first secret information and the information associated with the second secret information, a unit generating key derivation auxiliary information allowing the key information to be derived from the second secret information, a unit generating verification information on the basis of information to be verified and the key information, and a unit outputting the information to be verified, the verification information, and the key derivation auxiliary information. The second secret information is information which is set in advance in the second data processing apparatus.Type: GrantFiled: October 25, 2005Date of Patent: April 19, 2011Assignee: Canon Kabushiki KaishaInventor: Keiichi Iwamura
-
Patent number: 7930550Abstract: Representing a number of assets on an originating computer begins with selecting the assets to be represented. Cryptographic hash asset identifiers are generated; each of the asset identifiers is computed using the contents of a particular asset. The asset identifier is a content-based or content-addressable asset name for the asset and is location independent. An asset list is generated that includes the asset identifiers computed from the assets. A cryptographic hash asset list identifier is generated that is computed from the asset list. The asset list identifier is stored for later retrieval. The assets selected are also stored for safekeeping either locally or on a computer network. In the event of loss of the files from the originating computer, the asset list identifier is retrieved. Using the asset list identifier, the original asset list is found and retrieved from its safe location.Type: GrantFiled: July 19, 2004Date of Patent: April 19, 2011Assignee: EMC CorporationInventors: Paul R. Carpentier, Jan F. Van Riel, Tom Teugels
-
Patent number: 7930551Abstract: A transmitting and receiving device share a secret which is split into first and second portions. A public function is used to generate a keystream. The length of the keystream is adjusted to equal the length of a message plus the length of the output of an MMH function. The MMH function is calculated as a function of the message and the adjusted keystream. Each L octets, L is the octet length of a MAC, of the output of the MMH function is accumulated into a summation value, which is concatenated with the second secret portion into a concatenation value. The output of the public function, now calculated as a function of the concatenation value, is used in place of a traditional one-time pad to generate the MAC which is sent along with the message to the receiving device.Type: GrantFiled: May 15, 2007Date of Patent: April 19, 2011Assignee: ARRIS Group, Inc.Inventor: David Reginald Evans
-
Patent number: 7925891Abstract: The present invention provides an apparatus and method for performing cryptographic operations on a plurality of message blocks within a processor to generate a message digest. In one embodiment, the apparatus has an x86-compatible microprocessor that includes translation logic and execution logic. The translation logic receives a single, atomic cryptographic instruction from a source therefrom, where the single, atomic cryptographic instruction prescribes generation of the message digest according to one of the cryptographic operations. The translation logic also translates the single, atomic cryptographic instruction into a sequence of micro instructions specifying sub-operations required to accomplish generation of the message digest according to the one of the cryptographic operations. The execution logic is operatively coupled to the translation logic. The execution logic receives the sequence of micro instructions, and performs the sub-operations to generate the message digest.Type: GrantFiled: March 25, 2005Date of Patent: April 12, 2011Assignee: Via Technologies, Inc.Inventors: Thomas A. Crispin, G. Glenn Henry, Terry Parks
-
Patent number: 7921463Abstract: Embodiments of methods and apparatus for providing an insertion and integrity protection system associated with a wireless communication platform are generally described herein. Other embodiments may be described and claimed.Type: GrantFiled: September 30, 2005Date of Patent: April 5, 2011Assignee: Intel CorporationInventors: Kapil Sood, Travis T. Schluessler, Christopher Lord
-
Patent number: 7921300Abstract: An x86-compatible microprocessor that executes an application program fetched from memory, including a single, atomic hash instruction directing the x86-compatible microprocessor to perform the hash operation. The single, atomic hash instruction has an opcode field and a repeat prefix field. The opcode field prescribes that the x86-compatible microprocessor accomplish the hash operation. The repeat prefix field is coupled to the opcode field and indicates that the hash operation prescribed by the single, atomic hash instruction is to be accomplished on one or more message blocks. The x86-compatible microprocessor has a hash unit that is configured to execute a plurality of hash computations on each of the one or more message blocks to generate a corresponding intermediate hash value, where a last intermediate hash value that is computed for a last message block after processing all previous message blocks includes a message digest corresponding to the one or more message blocks.Type: GrantFiled: October 12, 2004Date of Patent: April 5, 2011Assignee: Via Technologies, Inc.Inventors: Thomas A. Crispin, G. Glenn Henry, Terry Parks
-
Patent number: 7916031Abstract: A server component includes a network interface and an analysis component. The server component is at least partially implemented by an operative set of processor executable instructions configured for execution by at least one processor. The network interface is in operative communication with a network and is configured to communicate with at least two nodes of different node types. The network interface is also in operative communication with a local RFID tag attached to a corresponding module. A node of the at least two nodes is a printer-based node associated with a printing machine. The analysis component is configured to utilize the network interface to communicate with the node associated with the printing machine such that the analysis component is in operative communication with the local RFID tag attached to the corresponding module.Type: GrantFiled: September 13, 2010Date of Patent: March 29, 2011Assignee: Xerox CorporationInventors: Pravin N. Kothari, Mark Steven Amico, Paul Allen Hosier, Khan Lutful Kabir
-
Patent number: 7917763Abstract: The present invention relates to a device for detecting a manipulation of an information signal, having an extractor for extracting an information signal component characteristic for the information signal from the information signal, an encryptor for encrypting the information signal component to obtain an encrypted signal, and a comparator for comparing the encrypted signal to a reference signal, wherein the reference signal is an encrypted representation of a non-manipulated reference signal component of a reference information signal to detect the manipulation.Type: GrantFiled: May 10, 2007Date of Patent: March 29, 2011Assignee: Fraunhofer-Gesellschaft zur Foerderung der Angewandten Forschung E.V.Inventors: Ralph Kulessa, Jörg Pickel, Stefan Krägeloh, Patrick Aichroth, Frank Siebenhaar, Christian Neubauer, Wolfgang Spinnler
-
Patent number: 7916863Abstract: A security printing method includes generating a security file having a plurality of metadata fields and an information field concatenated together in an initial sequence. A security file identification is generated from the plurality of metadata fields and the information field. The security file identification corresponds to the initial sequence and is a one-way function of the plurality of metadata fields and the information field. The method further includes selecting a custom scrambling technique based on the security file identification, and scrambling the initial sequence using the selected custom scrambling technique, thereby creating a scrambled sequence of the plurality of metadata field and the information field.Type: GrantFiled: November 30, 2007Date of Patent: March 29, 2011Assignee: Hewlett-Packard Development Company, L.P.Inventors: Steven J. Simske, David Orr, Lonnie D. Mandigo
-
Publication number: 20110072266Abstract: The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A100 holds private keys 1 and 2, and performs authentication processing with the terminal device B101 using the private key 2. The private key 1 has been encrypted such that the private key 1 is decryptable only when secure boot is completed. The private key 2 has been encrypted such that the private key 2 is decryptable using the private key 1 only when the application module X that has been started is valid. When the authentication processing is successful, the terminal device B101 verifies that the terminal device A100 has completed secure boot and the application module X that has been started in the terminal device A100 is valid.Type: ApplicationFiled: October 9, 2009Publication date: March 24, 2011Inventors: Hisashi Takayama, Hideki Matsushima, Takayuki Ito, Tomoyuki Haga, Kenneth Alexander Nicolson
-
Patent number: 7913292Abstract: A unique system and method that facilitates visually identifying authentic UI objects, bundles, or windows is provided. A detection component can detect when user-based input has activated a verification mode with respect to one or more trusted UI objects rendered on-screen. A verification component can verify at least one of a source and identity associated with one or more UI objects in order to ensure the integrity related therewith. A verification rendering engine can re-render the one or more trusted UI objects in a manner that is based at least upon whether the one or more trusted UI objects are verified, thus improving visual recognition of verified trusted UI objects over non-verified UI objects.Type: GrantFiled: October 18, 2006Date of Patent: March 22, 2011Assignee: Microsoft CorporationInventors: Gregory D. Hartrell, David J. Steeves
-
Publication number: 20110066859Abstract: A method for authenticating a message that is transmitted wirelessly. The method includes providing a set of private key values that define a private key and performing a key pair generation process that provides a key pair including the private key and a public key, where performing the key pair generation process includes applying one or more hash functions to the private key values, where a succeeding hash function provides a hash of a previous hash function. The scheme uses a signature generation process that generates a message digest by applying a hash function on the message to be signed and then separates the message digest into two parts including signing bits and selection bits and using the private key to sign the message. A receiver verifies the authenticity of the received message using the public key and a signature verification algorithm.Type: ApplicationFiled: September 16, 2009Publication date: March 17, 2011Applicant: GM GLOBAL TECHNOLOGY OPERATIONS, INC.Inventors: Aravind V. Iyer, Debojyoti Bhattacharya
-
Patent number: 7908653Abstract: Improving security of a processing system may be accomplished by at least one of executing and accessing a suspect file in a sandbox virtual machine.Type: GrantFiled: June 29, 2004Date of Patent: March 15, 2011Assignee: Intel CorporationInventors: Ernie F. Brickell, Clifford D. Hall, Joseph F. Cihula, Richard Uhlig
-
Patent number: 7908484Abstract: Disclosed is a method and system to discourage a MITM attacker in a data communications system that includes client and a server. The method includes, in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an “algorithm” field to ‘algorithm=“AKAv1-HMAC-MD5”’ for directing the client to use the HMAC-MD5 keyed hash function when producing Digest credentials; and using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.Type: GrantFiled: August 18, 2004Date of Patent: March 15, 2011Assignee: Nokia CorporationInventors: Tao Haukka, Aki Niemi
-
Patent number: 7904724Abstract: A translation device has an input unit that inputs image data from a document; a detecting unit that detects a security information image, which indicates that the inputted image is a confidential image, from the inputted image data; a translating unit that translates the security information image detected by the detecting unit; and an outputting unit that outputs the translated image of the security information image.Type: GrantFiled: August 26, 2005Date of Patent: March 8, 2011Assignee: Fuji Xerox Co., Ltd.Inventors: Masahiro Kato, Hiroaki Ikegami, Katsuhiko Itonori, Masanori Onda, Hideaki Ashikaga, Shunichi Kimura, Masanori Satake, Hiroki Yoshimura
-
Publication number: 20110055581Abstract: In the computer data security field, this disclosure is of cryptographic hash function processes embodied in a computer system and which may be keyless, but are highly secure. The processes are based on the type of randomness exhibited by painting or drawing a picture. Computation of the hash value (digest) is the result of executing in computer code or logic circuitry an algorithm which models such a picture painting process using the message as an input to the picture painting algorithm, then executing the algorithm. A state of the resulting picture gives the hash digest value of the message. Message expansion or a derivation function (e.g., a pseudo random number generation process) may be applied to the message prior to execution of the picture painting process, for enhanced security.Type: ApplicationFiled: August 31, 2009Publication date: March 3, 2011Applicant: Apple Inc.Inventors: Benoit CHEVALLIER-MAMES, Mathieu CIET, Augustin J. FARRUGIA
-
Publication number: 20110055582Abstract: In the computer data security field, cryptographic hash function processes are embodied in a computer system and may be keyless, but are highly secure. The processes are based on the type of randomness exhibited by the well known game of dominos using a set of tiles arranged by players on a surface. Computation of the hash value (digest) is the result of executing in computer code or logic circuitry an algorithm which models such a domino game using the message as an input to the domino game algorithm, then executing the domino game algorithm. A state of the game algorithm which models the final layout of the pieces (tiles) gives the hash digest value of the message.Type: ApplicationFiled: August 31, 2009Publication date: March 3, 2011Applicant: Apple Inc.Inventors: Benoit CHEVALLIER-MAMES, Mathieu Ciet, Augustin J. Farrugia
-
Patent number: 7900062Abstract: Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed.Type: GrantFiled: July 26, 2007Date of Patent: March 1, 2011Assignee: Panasonic CorporationInventors: Masao Nonaka, Yuichi Futa, Toshihisa Nakano, Kaoru Yokota, Motoji Ohmori, Masaya Miyazaki, Masaya Yamamoto, Kaoru Murase, Senichi Onoda