Abstract: A method for encrypting data includes receiving a block of plaintext for a data set at one or more computers, acquiring a cryptographic key for the data set, generating an initialization vector for the block of plaintext based on the block of plaintext, and encrypting the block of plaintext using the cryptographic key and the initialization vector.

Abstract: A sentinel value is combined with a data segment, and encrypted. A digest of the encrypted combined data segment is calculated, and used in conjunction with an encryption key to generate a masked key. This masked key is then appended to the encrypted combined data segment and transmitted to an encoder. When the data segment is retrieved, the original encryption key can be recovered and used to decrypt the data segment. The sentinel value can then be extracted from the data segment and checked for integrity. The data segment can then be delivered, discarded, flagged, or otherwise handled based on the integrity of the sentinel value.

Abstract: An information processor has an information dispersing function, a dividing unit for dividing a first data (DT0) into n pieces of disperse information, and executing secret sharing scheme capable of restoring the first data (DT0) by using arbitrary k pieces (1<k<n) of disperse information out of the n pieces of disperse information, a first storage control unit for storing the arbitrary k pieces of disperse information generated by the dividing unit into plurality of portable recording devices, an editing unit for reconstructing the first data (DT0) by using the k pieces of disperse information stored in the plurality of recording devices and editing the restored first data (DT0), a difference generating unit, after the dividing unit divides a second data which is post-data (DT1) originated in the restored first data into n pieces of post-edit disperse information, for calculating the difference between post-edit disperse information corresponding to the recording device and pre-edit disperse informatio

Abstract: A universally known and accepted unique item that is independently identifiable and difficult to counterfeit is used as an authenticator item. The identity of this item is included in an authorization calculation which can only be accomplished by an authorizing authority. The authenticator can be a serial numbered item such as a currency bill or note. The document may be created anywhere in plain paper, electronic or other forms. Creation may be by any of an issuing authority, an agent, a bearer and even the buyer. The document's authenticity may be verified without communication back to the issuing authority. The invention allows cancellation to prevent negotiation of an electronic document regardless of how many copies are extant in computers or other form merely by defacing or destroying the associated authenticator.

Abstract: A method and system for creating random cryptographic keys in hardware is described. One or more bits are generated via one or more random bit circuits. Each random bit circuit includes a sensing device coupled to a first device and a second device to compare the first device against the second device and to generate a random bit from a random state value. The generated bits from the random bit circuits are read, and a cryptographic key may then be computed based on the generated bits.

Abstract: A method and apparatus for performing MAC security (MACSec) operations. In one embodiment, the apparatus comprises a plurality of discrete elements coupled together to perform MAC security processing, the plurality of discrete elements able to operate on distinct packets related to MAC security simultaneously, and wherein each of the plurality of discrete elements is in an independently controlled power domain that enters a reduced power consumption state independently of other discrete elements in the plurality of discrete elements when not in use.

Abstract: A communication apparatus includes: a first storage unit storing a received electronic mail; a verification unit executing a first verification about an electronic signature attached to the received electronic mail; a printing unit printing the received electronic mail if a verification result of the first verification is positive; a deletion unit deleting the printed electronic mail from the first storage unit; and a storage control unit controlling a second storage unit to store the mail information about the received electronic mail in the second storage unit if the verification result of the first verification is negative. The verification unit again executes the first verification about a specific electronic signature attached to a specific electronic mail which mail information is stored in the second storage unit. The printing unit prints the specific electronic mail if a verification result by again executing the first verification about the specific electronic signature is positive.

Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.

Abstract: A method of guaranteeing the integrity of at least one computer software program transmitted by a transmitter to a decoder which is equipped with an encryption/decryption module via a long-distance information transmission network. The inventive method includes inserting (at 52) a supplementary piece of information into a message containing the information necessary for the decoder to decrypt the information signals transmitted by the transmitter, the supplementary information enabling the encryption/decryption module to verify that it has effectively received each computer software program transmitted.

Abstract: The present invention provides a method for transferring encrypted information from one storage area to other storage area wherein cryptographic data protection scheme having protection attributes are applied on the data. A crypto container having cryptographic properties represents cryptographically protected data. The attributes that have been attached to the container at the time when data is added or removed from the container determine the scheme of data protection being applied. Crypto container can be converted or serialized for storage or transmission, here the conversion spread only to the protected data parts which possibly includes crypto containers in protected form but may not the attached crypto attributes. These attributes must be stored or transmitted in another form.

Abstract: In various embodiments, a method for signing tags associated with objects includes receiving a first identifier associated with a tag. A first signature is generated for the tag based on the identifier and a public key. The first identifier and the first signature are then stored in the tag.

Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.

Abstract: Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM).

Abstract: A method for communicating information between at least a pair of correspondents, the method comprising the steps of each of the correspondents selecting a plurality of cryptographic algorithms known to each of the correspondents. One of the correspondents applies the algorithms in a predetermined manner to a message for producing a set of processed information. The set of processed information is transmitted to the other correspondent. The other correspondent applies complimentary operations of the cryptographic schemes in accordance with the predetermined manner for deriving information related to the message from the processed information.

Abstract: Disclosed herein is an electronic financial transaction system and method providing a real-time authentication service through a wire/wireless communication network that is provided with an electronic slip processing function and a deposit account, so electronic financial transaction users can authenticate electronic financial transactions in real time. The system and method of the present invention is provided with an electronic slip processing function. Accordingly, electronic financial transaction users can authenticate electronic financial transactions in real time using electronic slips without temporal and spatial restrictions, so electronic financial transactions can be safely, conveniently and rapidly carried out Additionally, an approval authority can approve financial transactions in real time without temporal and spatial restrictions, so a multi-approval function through a mobile communication network is provided to prevent a leakage of information and a misappropriation of money.

Abstract: An authentication method is disclosed herein. The method includes: by a server, using a Trigger message nonce to generate a Trigger message, and sending the generated Trigger message to a client so that the client can extract the Trigger message nonce; after determining that the Trigger message nonce is valid, using the Trigger message nonce to generate a digest, and authenticating the Trigger message generated by using the Trigger message nonce; after the authentication succeeds, sending a session request to the server indicated by the Trigger message, where the session request carries a session ID. The corresponding system, server and client are disclosed herein. The present invention makes the authentication process more secure through the client and the server based on the DS or DM protocol.

Abstract: A multimedia recording system verifies whether or not multimedia data created from an object belongs to the intended object, and has a multimedia recording apparatus which acquires object-specifying information specifying the object, creates first digest data from the multimedia data and creates authentication data by encrypting the first digest data with the object-specifying information, and records the authentication data, a server apparatus which decrypts the authentication data by using the object-specifying information previously registered on the server apparatus to create second digest data, compares the second digest data with the first digest data of the multimedia recording apparatus, and outputs a result of comparison of the first digest data and the second digest data as comparison data, and a verification apparatus which displays a result of verification of whether or not the multimedia data created from the object belongs to the intended object based on the comparison data sent from the server

Abstract: A secure approach for sending a original message from a sender to a receiver. The sender may encrypt the original message by performing an XOR (or XNOR) operation of the original message and a first random message (same size as original message) on a bit by basis to generate a second message. The receiver may also perform an XOR of the second message with a locally generated second random message. The resulting message is sent to the sender system. The sender system may again perform XOR operation of the received message and the first random message, and send the resulting message to receiver. The receiver may perform XOR operation on the received output to generate the original message sent by the sender. Other technologies such as digital signatures and key pairs (public key infrastructure) may be used in each communication between the sender and receiver to further enhance security.

Abstract: The present invention provides an architecture and method for a gaming-specific platform that features secure storage and verification of game code and other data, provides the ability to securely exchange data with a computerized wagering gaming system, and does so in a manner that is straightforward and easy to manage. Some embodiments of the invention provide the ability to identify game program code as certified or approved, such as by the Nevada Gaming Regulations Commission or other regulatory agency. The invention provides these and other functions by use of encryption, including digital signatures and hash functions as well as other encryption methods.

Abstract: A secure signing method, a secure authentication method, and an IPTV system are disclosed. The secure signing method includes preparing digital signature header fields and setting an attribute, calculating a hash digest of content using a hashing algorithm, storing the calculated hash value in a message digest field of the digital signature header, encrypting the message digest using a secret key and inserting the encrypted message digest in a signature field of the digital signature header, and associating the digital signature header with the content by prefixing the digital signature header to the content.

Abstract: It is intended, in the mobile information terminal, to achieve compactization, cost reduction and reduction in the burden of information processing, while taking the enciphering process for the information into consideration. The cipher signal process unit for enciphering the transmission information and the cipher process selection unit for selecting whether or not to use the cipher signal process unit are provided to select whether or not to execute the enciphering of the transmission information, according to the necessity in executing the communication of information, thereby dispensing the enciphering process as far as possible and alleviating the burden of the process involved in the enciphering.

Abstract: A method, article, and system for providing an effective implementation of data structures, and application programming interface (API) functions that allow secure execution of functions behind a secure boundary. The controlling mechanism is a flexible, extendable, and non-forgeable block that details how values and parameters behind the secure boundary can be changed. The invention allows for one entity to execute a security function that will normally require extensive authorizations or dual or multiple control. The method and system comprise instructions that are cryptographically protected against alteration or misuse, wherein the instructions further comprise a trusted block that defines security policies that are permitted when an application program employs the trusted block in APIs. The trusted block has a number of fields containing rules that provide an ability to limit how the trusted block is used, thereby reducing the risk of the trusted block being employed in unintended ways.

Abstract: The present invention relates to an asymmetrical encryption method. The public key is made up of a large composite number n; the private key is made up of the factors of the composite number. The encryption is made up of a number of iterations of individual encryption steps that are successively reversed during the decryption. In this context, the reversal of an individual encryption step requires the solving of a quadratic equation modulo m [sic]. The private key is preferably made up of the large prime numbers p and q. The public key is the product n of these two prime numbers, as well as a comparatively small integer L which is greater than one. The message m is made up of two integral values m1 and m2, thus m=(m1, m2), both values being in the set Zn={0, 1, 2, . . . , n?1}. The encryption is accomplished via the equation c=fL(m).

Abstract: Multi-level file digests for electronic files are disclosed. A top level digest represents a single digest for the associated electronic file. Lower level digests represent digests for portions of the associated electronic file. The top level digest is derived from the lower level digests. The top level digest is useful for facilitating rapid comparison to determine whether electronic files are the same. In one embodiment, electronic files are encrypted with a block encryption scheme, and digests are efficiently calculated and stored on a block-by-block basis. Advantageously, when modifications to an encrypted electronic file occurs, only those modified blocks need to be processed to undergo decryption and re-encryption to determine the appropriate digest.

Abstract: A mechanism that allows firmware to be updated in a secure manner is discussed. Two attributes are used in the actual ROM to refer to a Virtual ROM module. The two attributes are a version attribute and a reference to a separate module that is capable of validating updates. The update process updates the message digest associated with the first Virtual ROM module and the version attribute associated with the first Virtual ROM module. The update process also produces a new copy of the corresponding file (that may be located on the local disk) that when hashed will “match” the new message digest.

Abstract: Methods and apparati are provided for use in cryptographically processing information based on elliptic and other like curves. The methods and apparati allow pairings, such as, for example, Weil pairings, Tate Pairings, Squared Weil pairings, Squared Tate pairings, and/or other like pairings to be determined based on algorithms that utilize a parabola. The methods and apparati represent an improvement over conventional algorithms since they tend to me more computationally efficient.

Abstract: A method of generating and sending a message from a first entity is provided in which a message including an action is determined, an authentication code is generated on the basis of the determined action and a parameter, and the message and authentication code are sent from the first entity. The parameter is indicative of an attribute of the action.

Abstract: A method, system and computer program product for computing a message authentication code for data in storage of a computing environment. An instruction specifies a unit of storage for which an authentication code is to be computed. An computing operation computes an authentication code for the unit of storage. A register is used for providing a cryptographic key for use in the computing to the authentication code. Further, the register may be used in a chaining operation.

Abstract: The present invention relates to a method for providing content in a communication system. The method comprises encoding content to a first part and a second part. Furthermore, the method comprises protecting the second part of the content against unauthorised use. Furthermore, the method comprises transmitting the content to user equipment associated with an identity module. The present invention relates also to a method for obtaining content in user equipment in a communication system. The method comprises receiving content encoded to a first layer and a protected second layer. Furthermore, the method comprises requesting for opening the protection of the second layer, receiving opening means and opening the protection of the second layer using the opening means interacting with an identity module associated with the user equipment. Furthermore, a network element and user equipment are configured to execute the method.

Abstract: A new method and framework for scheduling receive-side processing of data streams received from a remote requesting client by a multiprocessor system computer is disclosed. The method receives data packets from the remote requesting client via a network and, for each data packet, applies a cryptographically secure hashing function to portions of the received data packet yielding a hash value. The method further applies the hash value to a processor selection policy to identify a processor in the multiprocessor system as a selected processor to perform receive-side processing of the data packet. The method queues the received data packet for processing by the selected processor and invokes a procedure call to initiate processing of the data packet.

Abstract: A method is provided to audit license restrictions of a computer program in an enterprise computing environment. In one example, a digital fingerprint is generated of at least one file in the computer program using a substantially collision-free algorithm, and a digital fingerprint is generated for each file on each computer in the enterprise using the substantially collision-free algorithm. The digital fingerprints from the enterprise files are compared with the digital fingerprint of the computer program file, and the number of fingerprint matches is counted. Another method is provided for inventorying a computer program in an enterprise computing environment. In examples of both methods, a file may be divided into data blocks and a digital fingerprint may be generated for each data block.

Abstract: A self-authenticating printed document (101) comprises text and a symbol (102) printed on the document (101). The symbol (102) includes a verification value, which is representative of the entire data content of the text, and error correction codes for correcting the text. The verification value is used to check the integrity of the text after the document has been corrected using the error correction codes.

Abstract: An information processing apparatus has an authentication & key exchange unit, a contents receiver, a contents decryption unit and a contents confirmation request unit. The authentication & key exchange unit performs authentication & key exchange processing by using a given protocol with the communication apparatus and generates a first key shared with the communication apparatus. The contents receiver receives encrypted contents obtained by encrypting the contents with a second key generated by using the first key and the key information, and the key information attached to the encrypted contents. The contents decryption unit decrypts the encrypted contents by using the first key and the key information. The contents confirmation request unit instructs the communication apparatus to transmit or confirm the key information held by the communication apparatus, when the contents decryption unit decrypts the contents based on the second key firstly generated by using the first key.

Abstract: Embodiments of methods and apparatus for providing an access profile system associated with a broadband wireless access network are generally described herein. Other embodiments may be described and claimed.

Abstract: A method of validating a consumable authentication chip is provided having the steps of: numerously calling a trusted chip's test function with an incorrect value to generate an invalid response or not generate the response thereby invalidating the consumable chip; if generated, in the trusted chip, generating a secret random number, calculating its signature and symmetrically encrypting the number/signature using a first secret key; calling the consumable chip's read function with the encrypted number/signature to symmetrically decrypt the encrypted number/signature using the first key, calculate the decrypted number's signature, compare the signatures, and if they match, symmetrically encrypt the decrypted random number and a data message using a second secret key; calling the trusted chip's test function with the message and the encrypted number/message to symmetrically encrypt the number and message using the second key, compare the encrypted numbers/messages, validate the consumable chip if they match, a

Abstract: An apparatus for enciphering data by which enciphered digital information data with improved cipher strength are obtained by subjecting digital information data to enciphered process responding to random number data or pseudo-random number data produced in accordance with key data, and which comprises an enciphering portion for subjecting an HD signal to enciphering process to produce an enciphered HD signal, a cipher producing portion for producing, in response to key data, a cipher data from which random number data or pseudo-random number data are obtained to be supplied to the enciphering portion, a register for supplying the cipher producing portion with input data, and a line number data extracting portion for extracting line number data from the HD signal to be supplied to the register as initial data.

Abstract: A method for transmitting digital data to a recipient via a communications network includes providing digital data and digitally signing the digital data using N cryptographic keys. Each of the N cryptographic keys is associated with a same sender of the digital data, and N>1. The recipient receives the digital data and verifies the digital signature using N cryptographic keys associated with the N cryptographic keys used to sign the digital data. In dependence upon verifying the digital signature, the recipient accepts the digital data as being authentic.

Abstract: Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.

Abstract: A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream.

Abstract: The message authentication code with blind factorization and randomization is a computational method for improving the security of existing Message Authentication Code (MAC) methods through the use of blind integer factorization. Further, blind randomization is used as a countermeasure to minimize collision attacks where different plaintexts produce the same MAC.

Abstract: The elliptic curve-based message authentication code is a computational method for improving the security of existing message authentication code (MAC) generating methods through the use of elliptic curve cryptography. Particularly, the message authentication codes and elliptic curve cryptography are based on an elliptic curve discrete logarithm problem, which is well known in mathematics to be a computationally hard problem.

Abstract: The invention detects changes in one or more parameter values sent by a server through user space. In one embodiment, a Web server communicates with a client over the Internet. Before sending the parameter value or values to the client, the server performs a pre-processing step, creating a formatted data string. The server then transmits the formatted data string to the client in a URL or a cookie. When the client returns the formatted data string and other data to the server, the server performs a post-processing step to verify that the parameter value or values have not been tampered with. This round trip technique is a departure from approaches that merely detect tampering of data as it passes between two nodes of a network.

Abstract: Provided are a synchronization identifier generating method for synchronizing digital contents and an apparatus for the same. The synchronization identifier generating method includes setting a sampling level that indicates a frequency of sampling digital contents; sampling the digital contents on the basis of the set sampling level; generating a first message digest on the basis of data sampled during the sampling the digital contents; and generating a synchronization identifier including the set sampling level and the first message digest.

Abstract: An executing device conducts playback of contents. The executing device is equipped with a highly efficient processor and reduces the processing load involved in verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the executing device is capable of improving the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: An efficient multicast key management is achieved by using seals. A security server generates a seal. In one embodiment, the seal contains a key. In another embodiment, the seal contains information for generating a key. An application server requests the seal from the security server and broadcasts the seal to a plurality of recipients. A recipient wishing to encrypt or decrypt a data stream transmits the received seal to the security server to be opened. If the recipient is authorized, the security server transmits a permit to the authorized recipient. In one embodiment, the recipient generates a key from the permit. In another embodiment, the permit is the key. If the recipient is a sender, the recipient encrypts data using the key and broadcasts the same encrypted data stream to all receivers. If the recipient is a receiver, the recipient decrypts an encrypted data stream using the key. In one embodiment, a seal with a corresponding offset value is sent periodically in a data stream.

Abstract: A method of verifying a validity of a Secure Micro (SM) is provided. The method of verifying a validity of an SM, the method including: storing and maintaining a validity verification message used to verify the validity of the SM, the validity verification message being generated by a Trusted Authority (TA) based on unique information of the SM, and the SM and the TA sharing the unique information of the SM; and verifying the validity of the SM using the validity verification message and the unique information shared by the SM, when an SM client is executed.

Abstract: A method of verifying the integrity of a software application that can be executed on a host terminal includes (i) determining at least one series of control instructions forming an executable certificate for the software application, which can be executed by the host terminal during execution of the software application to be verified; (ii) on the host terminal, executing the software application to be verified, receiving the executable certificate determined during step (i) and executing the series of control instructions for the certificate which can be executed in the memory context of the host terminal; (iii) comparing the result thus obtained through execution of the control instructions with the result expected from an authentic software application; and (iv) in the event of a positive comparison, continuing with the execution of the software application to be verified.

Abstract: A flash memory storage system is provided. The flash memory storage system includes a controller having a rewritable non-volatile memory and a flash memory chip. The rewritable non-volatile memory stores a data token and the flash memory chip stores a security data and a message digest. When the security data in the flash memory chip is updated, the controller updates the data token and generates an eigenvalue, and updates the message digest according to the updated data token and the updated eigenvalue by using a one-way hash function, respectively. When the security data in the flash memory chip is processed by the controller, the controller determinates whether the security data is falsified according to the data token, the eigenvalue and the message digest. In such a way, the security data stored in the flash memory storage system can be effectively protected.

Abstract: A computing environment maintains the integrity of data stored in system memory. The system has an address bus that comprises a plurality of address lines. The value of at least a portion of the address line is determined by a real page number stored in a page table. The system also comprises an encryption circuit that converts data from plaintext to ciphertext as a function of a key value. A circuit derives the key value as a function of at least a portion of the address line that is set by the real page number.

Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K?, which equal K if and only if new messages originated from the center and have not been corrupted.