Message Digest Travels With Message Patents (Class 713/181)
  • Patent number: 7900062
    Abstract: Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed.
    Type: Grant
    Filed: July 26, 2007
    Date of Patent: March 1, 2011
    Assignee: Panasonic Corporation
    Inventors: Masao Nonaka, Yuichi Futa, Toshihisa Nakano, Kaoru Yokota, Motoji Ohmori, Masaya Miyazaki, Masaya Yamamoto, Kaoru Murase, Senichi Onoda
  • Patent number: 7894608
    Abstract: A secure approach for sending a original message from a sender to a receiver. The sender may encrypt the original message by performing an XOR (or XNOR) operation of the original message and a first random message (same size as original message) on a bit by basis to generate a second message. The receiver may also perform an XOR of the second message with a locally generated second random message. The resulting message is sent to the sender system. The sender system may again perform XOR operation of the received message and the first random message, and send the resulting message to receiver. The receiver may perform XOR operation on the received output to generate the original message sent by the sender. Other technologies such as digital signatures and key pairs (public key infrastructure) may be used in each communication between the sender and receiver to further enhance security.
    Type: Grant
    Filed: August 4, 2008
    Date of Patent: February 22, 2011
    Assignee: International Business Machines Corporation
    Inventor: Devi Prashanth
  • Publication number: 20110040978
    Abstract: Sending signed e-mail messages. An output data stream is created for streaming a signed e-mail message, and streamed attachment data is read. In response to receiving a portion of the read streamed attachment data, the received portion of the attachment data is digested to generate a digest value, and the received portion of the attachment data is sent to a mail server via the output data stream. The received portion of the attachment data is smaller than the size of the attachment data. The digest value is updated as additional portions of the streamed attachment data are received and digested. In response to sending all attachment data to the mail server, a signer generates the signature data by signing the digest value using a signer's private key, and the generated signature data is sent to the mail server via the output stream.
    Type: Application
    Filed: August 14, 2009
    Publication date: February 17, 2011
    Applicant: CANON KABUSHIKI KAISHA
    Inventor: Yeongtau Louis Tsao
  • Publication number: 20110040977
    Abstract: The present method is directed, in the computer data security field, to cryptographic sponge and hash function processes which are embodied in a computer system and are typically keyless, but highly secure. The processes are based on the type of randomness exhibited by manipulation of the well known three dimensional Rubik's cube puzzle. Computation of the hash or sponge value (digest) is the result of executing in a model (such as computer code or logic circuitry) an algorithm modeling such a puzzle using the message as an input to the cube puzzle algorithm, then executing the cube puzzle algorithm. A state of the modeled cube puzzle (the final cube puzzle arrangement) after execution gives the sponge or hash digest value of the message.
    Type: Application
    Filed: August 11, 2009
    Publication date: February 17, 2011
    Applicant: Apple Inc.
    Inventors: Augustin J. FARRUGIA, Benoit Chevallier-Mames, Mathieu Ciet
  • Publication number: 20110035597
    Abstract: An efficient solution for secure implementation of indirect addressing (IA) is described. IA may be used, for example, in networks of which the routing algorithms are not capable of multicast but also contain very constrained devices that, although requiring multicast, are not capable of repeated unicast. This ID is useful in wireless networks containing low-power low-cost devices.
    Type: Application
    Filed: October 20, 2010
    Publication date: February 10, 2011
    Applicant: KONINKLIJKE PHILIPS ELECTRONICS N.V.
    Inventor: Thomas Andreas Maria Kevenaar
  • Publication number: 20110029780
    Abstract: Systems and methods are provided for managing the transfer of electronic files. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a hash of the encrypted file, and sends it to a trusted third party. The trusted third party compares the hash that was computed by the receiver with another hash computed by the sender. If the two hashes match, the third party sends the file decryption key to the receiver. In some embodiments, the receiver may also send the third party payment information so that the sender, the content owner, and/or the third party can be paid for their role in the transaction. In a preferred embodiment, the payment information is only sent to, and/or used by, the third party once the third party has confirmed to the satisfaction of the receiver that the encrypted file in the receiver's possession will decrypt correctly.
    Type: Application
    Filed: September 30, 2010
    Publication date: February 3, 2011
    Applicant: Intertrust Technologies Corp.
    Inventors: Binyamin Pinkas, Tomas Sander, William G. Home
  • Patent number: 7882349
    Abstract: Method for detecting an attack on a broadcast key shared between an access point and its wireless clients. Upon detection of the attack, actions are implemented to react to the attack as defined in one or more security policies. Detection of the attack is achieved by examining both a link message integrity check and an infrastructure management frame protection (IMFP) message integrity check contained in a broadcast management frame.
    Type: Grant
    Filed: December 6, 2005
    Date of Patent: February 1, 2011
    Assignee: Cisco Technology, Inc.
    Inventors: Nancy Cam-Winget, Mark Krischer, Robert B. O'Hara, Jr.
  • Patent number: 7873831
    Abstract: A signature system with a mechanism to identify element(s) of a signed document includes a sender having a signature module with a digest generator. The digest generator generates digests for identifying selected elements of the document. The resulting “identifying” digests are then used in generating a signature in which the sender signs the digests rather than the original elements. The receiver can then process the signature and use these digests to distinguish between elements, as needed.
    Type: Grant
    Filed: February 26, 2004
    Date of Patent: January 18, 2011
    Assignee: Microsoft Corporation
    Inventors: Vijay K. Gajjala, Giovanni M. Della-Libera, Vaithialingam B. Balayoghan, Tomasz Janczuk
  • Publication number: 20110007895
    Abstract: In accordance with a broad aspect, a method is provided to securely configure a computing device. A configuration indication is received into the computing device, including receiving a digital signature generated based on the configuration indication. Generation of the digital signature accounts for a unique identifier nominally associated with the computing device. The received configuration indication may be verified to be authentic including processing the unique identifier, the received configuration indication and the received digital signature. The computing device may be operated or interoperated with in accordance with the received configuration indication. In one example, a service interoperates with the computing device. The configuration indication and digital signature may be provided from the computing device to the service, and the service may interoperate with the computing device in accordance with the configuration indication and the digital signature.
    Type: Application
    Filed: September 9, 2010
    Publication date: January 13, 2011
    Inventors: Christopher R. Wysocki, Alan Ward
  • Patent number: 7870391
    Abstract: A mobile communication terminal having a function of managing multimedia data is provided, including: a main memory including a multimedia database storing the multimedia data; a signal processor converting the multimedia data stored in the main memory into data of a format suitable to be output to a display of the mobile communication terminal; a back_end chip which processes the multimedia data outputted from the signal processor, stores digest information of multimedia data upon occurrence of an update event of the multimedia data, and provides the stored digest information upon receiving a signal of requesting the digest information to be synchronized; and a front_end chip including a controller which requests the digest information stored in the back_end chip, compares and synchronizes the digest information offered from the back_end chip and digest information stored in advance in the front_end chip.
    Type: Grant
    Filed: December 9, 2005
    Date of Patent: January 11, 2011
    Assignee: Pantech & Curitel Communications, Inc.
    Inventors: Jung-mook Kang, Su-hyun Yim
  • Patent number: 7869445
    Abstract: A communication system includes a source node for transmitting data and general nodes that function as relay nodes for relaying the data or destination nodes for receiving the data. Data encoding is performed in each node of the communication system. The source node is linked to the general nodes by one or more independent paths. The number of independent paths from the source node to each of the general nodes is counted. A tap-proof index is calculated based on the maximum number of independent paths and the size of a set of elements formed by the encoded data. The security level against tapping is determined according to the value of the tap-proof index.
    Type: Grant
    Filed: February 14, 2008
    Date of Patent: January 11, 2011
    Assignee: Mitsubishi Electric Corporation
    Inventor: Haruko Kawahigashi
  • Publication number: 20110004746
    Abstract: A chip mountable on a customer replaceable unit monitoring memory (CRUM) unit used in an image forming job includes a central processing unit (CPU) with its own operating system (OS), which operates separately from an OS of the image forming apparatus, to perform authentication communication with a main body of the image forming apparatus using the OS of the CPU. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented.
    Type: Application
    Filed: September 24, 2010
    Publication date: January 6, 2011
    Applicant: Samsung Electronics Co., Ltd
    Inventors: Jae-sung LEE, Yoon-tae Lee, Won-il Cho
  • Patent number: 7861077
    Abstract: A secure user authentication system, operable over a client-server communications network to authenticate a system user. The system includes an application server which includes a site which is able to be enabled, and an authentication server, which is able to enable the application server site. The authentication server includes a core database, and receives and stores user authentication-enabling data in the core database. The system further includes a client, and a client program which is able to be actuated in the client. The client program includes the user authentication-enabling data. Upon actuation, the client program automatically directly connects to the authentication server, and sends the client authentication-enabling data to the authentication server, for secure user authentication by the authentication server.
    Type: Grant
    Filed: October 6, 2006
    Date of Patent: December 28, 2010
    Assignee: Multiple Shift Key, Inc.
    Inventor: Raymond J. Gallagher, III
  • Patent number: 7859412
    Abstract: A module monitoring system and related method includes a plurality of nodes and a server component. Each node of the plurality of nodes is in operative communication with a network and with at least one RFID attached to a module. Each node of the plurality of nodes is a node type and at least two nodes of the plurality of nodes are different node types. A node of the at least two nodes is a printer-based node and is associated with a printing machine. The node associated with the printing machine is also in operative communication with a local RFID tag attached to a corresponding module. The server component includes a network interface and an analysis component. The network interface is in operative communication with the network and communicates with the at least two nodes utilizing the network.
    Type: Grant
    Filed: June 16, 2008
    Date of Patent: December 28, 2010
    Assignee: Xerox Corporation
    Inventors: Pravin N. Kothari, Mark Steven Amico, Paul Allen Hosier, Khan Lutful Kabir
  • Patent number: 7861083
    Abstract: A security system in which wireless transmitting security devices use a hybrid or dual encoding methodology, wherein a first part of a data message is encoded in a return-to-zero (RZ) format and a second part of the data message is encoded in a non-return-to-zero (NRZ) format, thereby increasing error detection and correction. In a first aspect of the invention, status information is included in the first part of the message and redundant status information is included in the second part of the message. In a second aspect of the invention, message sequence information is included in the second part of the message to avoid processing of stale or out-of-sequence messages.
    Type: Grant
    Filed: January 23, 2009
    Date of Patent: December 28, 2010
    Assignee: Honeywell International Inc
    Inventor: Thomas Schmit
  • Patent number: 7856557
    Abstract: A method of authentication of data to be sent in a digital transmission system, the data being organized in a series of at least three files, involving generating a first authentication value for at least one first file, storing said first authentication value in a second file, generating a second authentication value for said second file, storing said second authentication value in a third file, and transmitting said first, second, and third files to a receiver.
    Type: Grant
    Filed: January 26, 2007
    Date of Patent: December 21, 2010
    Assignee: THOMSON Licensing S.A.
    Inventor: Jean-Bernard G. M. Beuque
  • Publication number: 20100318804
    Abstract: The present invention relates specifically to a modified digital signature algorithm together with a polynomial-based hash function, in which the last step of the calculation of the final hash value, the exponentiation, is omitted. Such a modification eliminates some of the potential attacks to which a basic hash function algorithm is susceptible. It further introduces several flexibilities to a digital signature scheme. For example, hashing and MAC-ing procedures omit an exponentiations step, whereby the security of data is increased as the possibility of successful attack is diminished. Furthermore, the present invention may be implemented either by way of hardware or software. It may also be capable of generating a digital signature for any set of parameters extracted from a message. Generation of a digital signature may occur without the step of a hashing or MAC-ing procedure.
    Type: Application
    Filed: June 12, 2008
    Publication date: December 16, 2010
    Inventor: Nikolajs Volkovs
  • Patent number: 7853799
    Abstract: A programmable encryption approach involves the use of a downloadable decryptor. According to an example embodiment of the present invention, an FPGA device includes a microcontroller for configuring logic circuitry on the FPGA device. A memory register is implemented for storing encryption key data and a message authentication code (MAC). When the FPGA device is to be configured using a configuration bitstream, a MAC is calculated for a decryptor and sent to the microcontroller along with an encryption key. The microcontroller stores the encryption key and MAC in a register to which access is limited. When the decryptor is downloaded to the microprocessor, a MAC is calculated on the downloaded decryptor and compared with the stored MAC. If the calculated MAC matches the stored MAC, the decryptor is allowed to access the key.
    Type: Grant
    Filed: June 24, 2004
    Date of Patent: December 14, 2010
    Assignee: Xilinx, Inc.
    Inventor: Stephen M. Trimberger
  • Patent number: 7853796
    Abstract: Computer software or integrated circuit for performing a secure hashing method including one or more of the following: representing an initial sequence of bits as a specially constructed set of polynomials; transformation of this set by masking; partitioning the transformed set of polynomials into a plurality of classes; forming the bit string during the (separated) partitioning; for each of the plurality of classes, factoring each of the polynomials and so as to define a set of irreducible polynomials and collecting these factors in registers defined for each of the plurality of classes; wrapping the values of the registers from the plurality of classes by means of an enumeration; organizing the enumerations and the bit strings into a knapsack; and performing an exponentiation in a group to obtain the hash value or the MAC value.
    Type: Grant
    Filed: May 9, 2007
    Date of Patent: December 14, 2010
    Inventors: Nikolajs Volkovs, Vijaya Kumar Murty
  • Patent number: 7849318
    Abstract: A secret string is established so as to be known only to a client computing system and a server computing system. A non-encrypted version of a message, a message counter value, and first hash value are received by the server computing system from the client computing system. The first hash value, based on a content of the message, the message counter value, and the secret string, is generated at the client computing system using a first hash algorithm. Using the first hash algorithm, the server generates second hash value based on the content of the received message, the received message counter value, and the secret string. The server computing system accepts the received non-encrypted version of the message as authentic upon determining that the received message counter value is greater than a previously received message counter value and that the second hash value matches the first hash value.
    Type: Grant
    Filed: June 19, 2007
    Date of Patent: December 7, 2010
    Assignee: Yahoo! Inc.
    Inventors: Kai Zhang, Linlong Jiang
  • Patent number: 7844819
    Abstract: Since there is a possibility that an application downloaded to a terminal performs an invalid operation, an operation of the downloaded application is very much restricted, and the application can not use local resources of the terminal. With the use of information for authenticating the application, which is held in a tamper resistant region of an authentication module, authentication for the application downloaded to a download section of the terminal is performed to confirm its source or whether or not it has been tampered with. Only an authenticated application is permitted to use the local resources of the terminal or the authentication module, so that an invalid application is prevented from using the local resources. Furthermore, there is no need to make the terminal have the tamper resistant region, manufacturing costs of the terminal can be held at a low level.
    Type: Grant
    Filed: November 26, 2002
    Date of Patent: November 30, 2010
    Assignee: Panasonic Corporation
    Inventor: Atsushi Minemura
  • Patent number: 7844832
    Abstract: A system and method for authenticating the source of, protecting the contents of, and ensuring the integrity of information. The information may be any digital information which can be stored in a computer file. The information is encapsulated in a computer file which also includes the biometrically verified identity of the person who packaged the information. The contents of the computer file are encrypted, and a unique message digest value is generated and stored in a secure central database. The message digest value functions as the digital signature of the encrypted information, and is used to ensure the integrity of the information.
    Type: Grant
    Filed: November 29, 2006
    Date of Patent: November 30, 2010
    Inventors: Ron L. Nation, Rodney P. Meli, William T. Garner
  • Publication number: 20100299528
    Abstract: The present invention proposes a solution to prevent a program flow in a processing unit from being modified with respect to an intended program flow, thereby ensuring that important steps such as verifying or authenticating are not bypassed. The invention is particularly aimed at security modules within receiver/decoders in a pay-TV system and involves performing a set of predetermined operations during the processing of entitlement management messages and/or entitlement control messages, said operations being redundant with respect to the normal processing of said messages while leading to the calculation of keys which can then be used to verify that the intended program flow has been respected.
    Type: Application
    Filed: May 24, 2010
    Publication date: November 25, 2010
    Applicant: NAGRAVISION S.A.
    Inventor: Dominique Le Floch
  • Publication number: 20100299529
    Abstract: A method for securing communication between members. The method includes a first member obtaining a secret. An n-bit generator executing on the first member generates a message digest using the first secret. The first member extracts algorithm selector bits and an encryption key from the message digest, and selects an encryption algorithm identified by the algorithm selector bits. The method further includes the first member encrypting a communication using the encryption algorithm and the encryption key to obtain an encrypted communication, and the first member sending, to a second member of the group, the first encrypted communication.
    Type: Application
    Filed: March 25, 2010
    Publication date: November 25, 2010
    Applicant: PACID TECHNOLOGIES, LLC
    Inventor: Guy Fielder
  • Patent number: 7840814
    Abstract: A method for managing an original executable code downloaded into a reprogrammable computer on-board system such as a microprocessor card. The code includes a cryptographic signature and is executable by the microprocessor once the validity of the signature has been checked. Off the card, a modified executable code corresponding to the original code and adapted to a pre-defined specific use is identified. A software component is calculated, which when applied to the original code, enables the modified code to be reconstructed. The software component is signed, and the signed original code and the signed software component are downloaded into the card. On the card, the signature of the original code and the software component are checked, and the software component is applied to the original code in order to reconstruct the modified code for the execution of the same by the microprocessor.
    Type: Grant
    Filed: April 2, 2004
    Date of Patent: November 23, 2010
    Assignee: Gemalto SA
    Inventors: Alexandre Benoit, Ludovic Rousseau
  • Patent number: 7840637
    Abstract: An example embodiment of a includes a Home Page, a Web Presence Tool Page, and a Product and Community Forum which is created and maintained by a Hosting Provider. The Home Page may be made accessible to Hosting Customers and Partners and is an ideal location for placement of ads since all members of the Web Hosting Community are funneled through this Web page. The Web Presence Tool Page may display information generated by a Partner regarding the Partner's application which may be viewed by the Hosting Customers. The Product and Community Forum may allow the Hosting Customers to share information regarding all the applications with other Hosting Customers.
    Type: Grant
    Filed: February 21, 2007
    Date of Patent: November 23, 2010
    Assignee: The Go Daddy Group, Inc.
    Inventors: Warren Adelman, Michael Chadwick
  • Publication number: 20100293385
    Abstract: A system and method for authenticating an HTTP message. A relying party may respond to a request from a requester by sending an HTTP message with authentication specifications to the requester. The requester responds with a new request that adheres to a scheme specified by the relying party. A framework allows for a security token to be located in an HTTP header or a message body, with various options such as fragmenting the token available. An option allows for cryptographically binding the security token to the body of a message. An authentication framework provides for an implementation by an HTTP stack or by an application.
    Type: Application
    Filed: May 14, 2009
    Publication date: November 18, 2010
    Applicant: Microsoft Corporation
    Inventors: Arun K. Nanda, Hervey Wilson
  • Patent number: 7836310
    Abstract: An improved system and approaches for protecting passwords are disclosed. A file security system for an organization operates to protect the files of the organization and thus prevents or limits users from accessing some or all of the files (e.g., documents) associated with the organization. According to one aspect, a password entered by a user is used, provided it is authenticated, to obtain a respective authentication string (a relatively longer string of numbers or characters). The retrieved authentication string is then used to enable the user to enter the file security system and/or to access secured files therein. According to another aspect, user passwords are not stored in the file security system to avoid security breaches due to unauthorized capture of user passwords.
    Type: Grant
    Filed: November 1, 2002
    Date of Patent: November 16, 2010
    Inventor: Yevgeniy Gutnik
  • Publication number: 20100287380
    Abstract: A writing area security system (10) includes a CPU (34), a flash memory (64), and a memory controller (62). The memory controller (62), when receiving a read command of data stored in the flash memory (64) from the CPU (34), performs a parity check on the data. The memory controller (62) outputs the data to the CPU (34) only when the parity of the read data is correct.
    Type: Application
    Filed: September 4, 2007
    Publication date: November 11, 2010
    Applicant: NINTENDO CO., LTD.
    Inventors: Shinji Kurimoto, Masashi Seiki
  • Patent number: 7831039
    Abstract: Circuitry for encrypting at least a part of an input data flow and generating a tag based on the input data flow with the same ciphering algorithm and the same key including a first ciphering branch arranged to encrypt the at least part of the input data; a second ciphering branch arranged to generate the tag; and a single key schedule unit arranged to receive the key, to generate at least one sub-key based on the key and to provide the at least one sub-key to the first and second ciphering branches.
    Type: Grant
    Filed: June 7, 2006
    Date of Patent: November 9, 2010
    Assignees: STMicroelectronics S.r.l., STMicroelectronics Inc.
    Inventors: Guido Bertoni, Jefferson E. Owen
  • Patent number: 7832013
    Abstract: A method for analyzing a security grade of an information property, and more particularly, a method by which a security grade (a risk degree in security) is analyzed objectively and quantitatively such that risk degree management of an information property can be efficiently performed, is provided. The method for analyzing a security grade of an information property includes: selecting an information property as an object of security grade analysis, among information properties for which risk degree analysis and importance evaluation in managerial, physical, and technological aspects are performed; calculating the property risk degree of the selected property based on the weighted mean of risk degrees and importance evaluation; and mapping the weighted mean of the risk degree and the importance on a 2-dimensional plane having the X-axis indicating the weighted mean of a risk degree and the Y-axis indicating importance, and based on the appearing result, determining the priority of a safeguard.
    Type: Grant
    Filed: March 17, 2005
    Date of Patent: November 9, 2010
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Won Joo Park, Youn Seo Jeong, Dong Il Seo
  • Publication number: 20100281263
    Abstract: A recording device for recording one or more of a plurality of subcontents recorded on a first recording medium, onto a second recording medium, the first recording medium having further recorded thereon digest values of the subcontents, and a medium signature generated based on the digest values of the subcontents, the plurality of subcontents constituting one content, the recording device comprising: a subcontent acquisition unit operable to select and acquire one or more of subcontents permitted to be copied; an excluded digest value acquisition unit operable to acquire excluded digest values from the first recording medium, the excluded digest values being digest values of nonselected subcontents; a signature acquisition unit operable to acquire the medium signature from the first recording medium; and a write unit operable to write, onto the second recording medium, (i) the one or more selected subcontents, (ii) the excluded digest values, and (iii) the medium signature.
    Type: Application
    Filed: February 7, 2008
    Publication date: November 4, 2010
    Inventors: Sanzo Ugawa, Masaya Yamamoto, Shunji Harada, Toshihisa Nakano
  • Publication number: 20100275031
    Abstract: This method securely transmits data from a secure control system [110] located on an isolated computer network [100] to a separate computer [210] outside the isolated control network [100]. The method includes several features designed to minimize the risk of outside cyber attack on the control system [110] while ensuring that the data is transmitted correctly and promptly. The system uses a non-routable unidirectional physical data link [300]. Messages [400] are redundantly transmitted to computer [210] without acknowledgement along with checksums [430,450]. The checksum information is used to validate that the message header [420] and the message data [440] have been received correctly. Redundant information contained in repeated message data blocks [440] is discarded after the transmitted message [400] is correctly received and decoded. An ordered transmission sequence is used to minimize the message delay if an individual message [400] was not received correctly on its first transmission.
    Type: Application
    Filed: April 22, 2010
    Publication date: October 28, 2010
    Inventor: Allan G. Ferry
  • Publication number: 20100275030
    Abstract: A method for electronically storing and retrieving at a later date a true copy of a document stored on a remote storage device comprises: sending a document in electronic format from a document owner's computing device to a store entity for storing the document; generating a digest of the document while the document is at the store entity by applying a hash function to the document; signing the digest electronically with a key while said document is at the store entity; generating a receipt that includes the digest and the key; sending the receipt to the document owner; and verifying, at the document owner's computing device, that the received receipt corresponds to the document sent from the owner's computing device.
    Type: Application
    Filed: April 22, 2009
    Publication date: October 28, 2010
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: John G. Rooney
  • Publication number: 20100268960
    Abstract: A method for encrypting data includes receiving a block of plaintext for a data set at one or more computers, acquiring a cryptographic key for the data set, generating an initialization vector for the block of plaintext based on the block of plaintext, and encrypting the block of plaintext using the cryptographic key and the initialization vector.
    Type: Application
    Filed: April 17, 2009
    Publication date: October 21, 2010
    Applicant: SUN MICROSYSTEMS, INC.
    Inventors: Darren James Moffat, James P. Hughes
  • Publication number: 20100268938
    Abstract: A sentinel value is combined with a data segment, and encrypted. A digest of the encrypted combined data segment is calculated, and used in conjunction with an encryption key to generate a masked key. This masked key is then appended to the encrypted combined data segment and transmitted to an encoder. When the data segment is retrieved, the original encryption key can be recovered and used to decrypt the data segment. The sentinel value can then be extracted from the data segment and checked for integrity. The data segment can then be delivered, discarded, flagged, or otherwise handled based on the integrity of the sentinel value.
    Type: Application
    Filed: April 14, 2010
    Publication date: October 21, 2010
    Applicant: CLEVERSAFE, INC.
    Inventor: JASON K. RESCH
  • Patent number: 7818579
    Abstract: An information processor has an information dispersing function, a dividing unit for dividing a first data (DT0) into n pieces of disperse information, and executing secret sharing scheme capable of restoring the first data (DT0) by using arbitrary k pieces (1<k<n) of disperse information out of the n pieces of disperse information, a first storage control unit for storing the arbitrary k pieces of disperse information generated by the dividing unit into plurality of portable recording devices, an editing unit for reconstructing the first data (DT0) by using the k pieces of disperse information stored in the plurality of recording devices and editing the restored first data (DT0), a difference generating unit, after the dividing unit divides a second data which is post-data (DT1) originated in the restored first data into n pieces of post-edit disperse information, for calculating the difference between post-edit disperse information corresponding to the recording device and pre-edit disperse informatio
    Type: Grant
    Filed: May 7, 2007
    Date of Patent: October 19, 2010
    Assignee: Fujitsu Limited
    Inventors: Naoki Nishiguchi, Kouichi Yasaki
  • Patent number: 7818812
    Abstract: A universally known and accepted unique item that is independently identifiable and difficult to counterfeit is used as an authenticator item. The identity of this item is included in an authorization calculation which can only be accomplished by an authorizing authority. The authenticator can be a serial numbered item such as a currency bill or note. The document may be created anywhere in plain paper, electronic or other forms. Creation may be by any of an issuing authority, an agent, a bearer and even the buyer. The document's authenticity may be verified without communication back to the issuing authority. The invention allows cancellation to prevent negotiation of an electronic document regardless of how many copies are extant in computers or other form merely by defacing or destroying the associated authenticator.
    Type: Grant
    Filed: January 22, 2008
    Date of Patent: October 19, 2010
    Assignee: International Business Machines Corporation
    Inventor: David Alan Kra
  • Patent number: 7813507
    Abstract: A method and system for creating random cryptographic keys in hardware is described. One or more bits are generated via one or more random bit circuits. Each random bit circuit includes a sensing device coupled to a first device and a second device to compare the first device against the second device and to generate a random bit from a random state value. The generated bits from the random bit circuits are read, and a cryptographic key may then be computed based on the generated bits.
    Type: Grant
    Filed: April 21, 2005
    Date of Patent: October 12, 2010
    Assignee: Intel Corporation
    Inventors: Ernie Brickell, Rachael Parker
  • Patent number: 7814329
    Abstract: A method and apparatus for performing MAC security (MACSec) operations. In one embodiment, the apparatus comprises a plurality of discrete elements coupled together to perform MAC security processing, the plurality of discrete elements able to operate on distinct packets related to MAC security simultaneously, and wherein each of the plurality of discrete elements is in an independently controlled power domain that enters a reduced power consumption state independently of other discrete elements in the plurality of discrete elements when not in use.
    Type: Grant
    Filed: April 7, 2006
    Date of Patent: October 12, 2010
    Assignee: Marvell International Ltd.
    Inventors: Guy T. Hutchison, Awais B. Nemat
  • Publication number: 20100250950
    Abstract: A communication apparatus includes: a first storage unit storing a received electronic mail; a verification unit executing a first verification about an electronic signature attached to the received electronic mail; a printing unit printing the received electronic mail if a verification result of the first verification is positive; a deletion unit deleting the printed electronic mail from the first storage unit; and a storage control unit controlling a second storage unit to store the mail information about the received electronic mail in the second storage unit if the verification result of the first verification is negative. The verification unit again executes the first verification about a specific electronic signature attached to a specific electronic mail which mail information is stored in the second storage unit. The printing unit prints the specific electronic mail if a verification result by again executing the first verification about the specific electronic signature is positive.
    Type: Application
    Filed: March 19, 2010
    Publication date: September 30, 2010
    Applicant: BROTHER KOGYO KABUSHIKI KAISHA
    Inventor: Shohei Tsujimoto
  • Patent number: 7805614
    Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.
    Type: Grant
    Filed: March 31, 2005
    Date of Patent: September 28, 2010
    Assignee: Northrop Grumman Corporation
    Inventors: Kenneth W. Aull, William Gravell, James B. Rekas
  • Patent number: 7802106
    Abstract: A method of guaranteeing the integrity of at least one computer software program transmitted by a transmitter to a decoder which is equipped with an encryption/decryption module via a long-distance information transmission network. The inventive method includes inserting (at 52) a supplementary piece of information into a message containing the information necessary for the decoder to decrypt the information signals transmitted by the transmitter, the supplementary information enabling the encryption/decryption module to verify that it has effectively received each computer software program transmitted.
    Type: Grant
    Filed: December 3, 2003
    Date of Patent: September 21, 2010
    Assignee: Logiways France
    Inventor: Christian Benardeau
  • Patent number: 7800499
    Abstract: In various embodiments, a method for signing tags associated with objects includes receiving a first identifier associated with a tag. A first signature is generated for the tag based on the identifier and a public key. The first identifier and the first signature are then stored in the tag.
    Type: Grant
    Filed: June 5, 2007
    Date of Patent: September 21, 2010
    Assignee: Oracle International Corporation
    Inventor: Samuelson Rehman
  • Patent number: 7802102
    Abstract: The present invention provides a method for transferring encrypted information from one storage area to other storage area wherein cryptographic data protection scheme having protection attributes are applied on the data. A crypto container having cryptographic properties represents cryptographically protected data. The attributes that have been attached to the container at the time when data is added or removed from the container determine the scheme of data protection being applied. Crypto container can be converted or serialized for storage or transmission, here the conversion spread only to the protected data parts which possibly includes crypto containers in protected form but may not the attached crypto attributes. These attributes must be stored or transmitted in another form.
    Type: Grant
    Filed: October 24, 2006
    Date of Patent: September 21, 2010
    Assignee: International Business Machines Corporation
    Inventors: Roman A. Pletka, Patrick Droz, Christian Cachin
  • Publication number: 20100235644
    Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.
    Type: Application
    Filed: May 27, 2010
    Publication date: September 16, 2010
    Inventor: William V. Oxford
  • Patent number: 7797539
    Abstract: A method for communicating information between at least a pair of correspondents, the method comprising the steps of each of the correspondents selecting a plurality of cryptographic algorithms known to each of the correspondents. One of the correspondents applies the algorithms in a predetermined manner to a message for producing a set of processed information. The set of processed information is transmitted to the other correspondent. The other correspondent applies complimentary operations of the cryptographic schemes in accordance with the predetermined manner for deriving information related to the message from the processed information.
    Type: Grant
    Filed: July 19, 2001
    Date of Patent: September 14, 2010
    Assignee: Certicom Corporation
    Inventors: Donald B. Johnson, Scott A. Vanstone
  • Patent number: 7797237
    Abstract: Disclosed herein is an electronic financial transaction system and method providing a real-time authentication service through a wire/wireless communication network that is provided with an electronic slip processing function and a deposit account, so electronic financial transaction users can authenticate electronic financial transactions in real time. The system and method of the present invention is provided with an electronic slip processing function. Accordingly, electronic financial transaction users can authenticate electronic financial transactions in real time using electronic slips without temporal and spatial restrictions, so electronic financial transactions can be safely, conveniently and rapidly carried out Additionally, an approval authority can approve financial transactions in real time without temporal and spatial restrictions, so a multi-approval function through a mobile communication network is provided to prevent a leakage of information and a misappropriation of money.
    Type: Grant
    Filed: December 6, 2001
    Date of Patent: September 14, 2010
    Inventor: Min-Suh Kim
  • Patent number: 7797543
    Abstract: Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM).
    Type: Grant
    Filed: September 29, 2000
    Date of Patent: September 14, 2010
    Assignee: United States Postal Service
    Inventors: Leo J. Campbell, Jon L. Cook, Charles R. Chamberlain, Michael J. McGrath, Isadore Schoen
  • Publication number: 20100217997
    Abstract: An authentication method is disclosed herein. The method includes: by a server, using a Trigger message nonce to generate a Trigger message, and sending the generated Trigger message to a client so that the client can extract the Trigger message nonce; after determining that the Trigger message nonce is valid, using the Trigger message nonce to generate a digest, and authenticating the Trigger message generated by using the Trigger message nonce; after the authentication succeeds, sending a session request to the server indicated by the Trigger message, where the session request carries a session ID. The corresponding system, server and client are disclosed herein. The present invention makes the authentication process more secure through the client and the server based on the DS or DM protocol.
    Type: Application
    Filed: May 7, 2010
    Publication date: August 26, 2010
    Inventors: Xiaoqian CHAI, Hongtao Gao, Kepeng Li, Linyi Tian