Abstract: Methods and apparatus are provided for efficiently normalizing and denormalizing data for cryptography processing. The normalization and denormalization techniques can be applied in the context of a cryptography accelerator coupled with a processor. Hardware normalization techniques are applied to data prior to cryptography processing. Context circuitry tracks the shift amount used for normalization. After cryptography processing, the processed data is denormalized using the shift amount tracked by the context circuitry.

Abstract: A communication device having a private key and configured to implement an elliptic curve security mechanism for successful operation of which it: (a) receives a first value from another device, (b) computes a second value as the scalar multiplication of the first value with its private key and (c) returns that second value for use by the other device; the mechanism being such that the first value defines a pair of coordinates representing a first point and the second value defines a pair of coordinates representing a second point and being such that the first value is valid only if it lies on an elliptic curve of predefined form; the device being configured to implement the mechanism by the steps of: receiving data as the first value; making a first evaluation as to whether the first value is a singular point with respect to the elliptic curve; computing the second value as the scalar multiplication of the first value with the private key; making a second evaluation as to whether the second value lies on the

Abstract: An electronic device prior to entering a distribution channel is equipped with a Loss Prevention Client which permits limited use of the device until correct authentication is provided by a legitimate purchaser. By permitting limited use before authentication, the device remains both useful to a legitimate purchaser and valuable to a thief. While allowing operation in the possession of a thief, options can be provided to permit tracking of the device or to allow proper purchase of the device.

Abstract: Embodiments of a cryptograph processing device and method for adapting to shared-cache attacks are generally described herein. Other embodiments may be described and claimed. In some embodiments, the cryptographic processing device comprises first and second processing units, and a cache that is shared by the first and second processing units. The first processing unit may monitor a number of cache misses that occur during the performance of a first cryptographic process and may switch to performing a second cryptographic process after the number of cache misses exceeds a threshold.

Abstract: A data transmission method is achieved by transmitting a contents data transmission request from a host device to a module; by dividing a first contents data into a plurality of blocks in the module; by transmitting the plurality of blocks from the module to the host device; and by combining the plurality of blocks to produce a second contents data. A plurality of data buses are used for the transmission of the contents data transmission request and the plurality of blocks.

Abstract: A receiver device consistent with certain embodiments that receives and decrypts digital cable or satellite television signals has a receiver that tunes and demodulates the television signal into a digital transport stream. A decrypter decrypts the digital transport stream using a pair of decryption keys. A first decryption key array stored in a first storage location forming a part of the receiver device, and a second key array stored in a second storage location forming a part of the receiver device, the first and second key arrays representing ordered pairs of keys. An authorization table is stored in a third storage location forming a part of the receiver device, the authorization table containing a mapping, wherein each ordered pair of decryption keys corresponds to a different one of a plurality of Multichannel Video Program Distributors (MVPD). This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Abstract: An information reproducing apparatus of the present invention includes a secure module and a main memory. The information in the secure module can not be accessed from outside. The secure module reads, using a direct access method, information relating to software stored in the main memory. The secure module checks a falsification of the software by comparing the information read with the information stored in advance in the secure module.

Abstract: In one embodiment of the present invention, a secure cryptographic circuit arrangement is provided. The secure cryptographic circuit includes a cryptographic processing block, a spreading sequence generator, and a delay control circuit. The cryptographic processing block has a plurality of signal paths. One or more of the plurality of signal paths includes respective adjustable delay circuits. The spreading sequence generator is configured to output a sequence of pseudo-random numbers. The delay control circuit has an input coupled to an output of the spreading sequence number generator and one or more outputs coupled to respective delay adjustment inputs of the adjustable delay circuits. The delay control circuit is configured to adjust the adjustable delay circuits based on the pseudo-random numbers.

Abstract: A method for dependent trust in a computer system is provided. In this method, trust dependency relationships are defined among components of the computer system, specifying, for a component, which components it relies on in ensuring the integrity or confidentiality of its code or data. Subsequently, trust dependencies are resolved and the results are used in performing certain operations described in Trusted Computing Group standards including generating an attestation reply, sealing data, and unsealing data. In addition, methods for computing an integrity measurement for a Core Root of Trust for Measurement of a trust-dependent component are included. A system for dependent trust in a computer system is also described.

Abstract: An electronic ticket providing system capable of distributing and browsing the information relating to a ticket can be realized while maintaining the security and transferability of an IC card. The electronic ticket information is divided into formal ticket data and provisional ticket data. The formal ticket data includes authentication information for admission, ticket notation information, and authentication information for acquisition of information for a ticket owner. The provisional ticket data includes the ticket notation information, and authentication information for acquisition of information for a ticket purchase requester. The electronic ticket information is distributed from an electronic ticket vending server to a mobile telephone over a communications network. In the mobile telephone, the formal ticket data is stored in a removable storage medium such as an IC card, etc. having high security and transferability, and the provisional ticket data is stored in the internal memory.

Abstract: A Tamper-Resistant Communication layer (TRC) adapted to mitigate ad hoc network attacks launched by malicious nodes is presented. One embodiment of the invention utilizes TRC, which is a lean communication layer placed between a network layer and the link layer of a network protocol stack. All aspects of the network protocol stack, with the exception of the routing protocol and data packet forwarding mechanism in the network layer, are unchanged. TRC takes charge of certain key functions of a routing protocol in order to minimize network attacks. Additionally, TRC implements highly accurate self-monitoring and reporting functionality that can be used by nodes in the network to detect compromised nodes. TRC of a node controls its ability to communicate with other nodes by providing non-repudiation of communications. The tamper-resistant nature of TRC provides high assurance that it cannot be bypassed or compromised.

Abstract: A Personal Computer Memory Card International Association (PCMCIA) card is disclosed. The PCMCIA card may include a cryptographic module, a communications interface, and a processor. The cryptographic module may perform Type 1 encryption of data received from a computer into which the card is inserted. The cryptographic module may support High Assurance Internet Protocol Encryption (HAIPE). The communications interface may provide connectivity to a network adapter. The communications interface may include a Universal Serial Bus (USB) interface. The processor may detect whether a network adapter is coupled to the communications interface, identify a device driver that corresponds to the network adapter, and employ the device driver to provide operative communication between the cryptographic module and the network adapter. The PCMCIA card may contain a datastore that maintains a plurality device drivers. For example, the plurality of device drivers support any one of IEEE 802.x, Ethernet, V.

Abstract: A method and an apparatus ensuring protection of digital data are provided. In addition to re-encrypting the data using an unchangeable key, the data is double re-encrypted using a changeable key. The changeable key is used first and the unchangeable key is then used, or in another case, the unchangeable key is used first, and the changeable key is then used. In the aspect of embodiments, there is a case adopting a software, a case adopting a hardware, or a case adopting the software and the hardware in combination. The hardware using the unchangeable key developed for digital video is available. In adopting the software, encryption/decryption is performed in a region below the kernel which cannot be handled by the user to ensure the security for the program and for the key used. More concretely, encryption/decryption is performed with RTOS using a HAL and a device driver, i.e., a filter driver, a disk driver and a network driver, in an I/O manager.

Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table.

Abstract: The present invention relates to an information processing apparatus by which a communication channel providing a high degree of privacy is established between a PDA and a data communication server. Data encrypted with a temporary key is shared by a PDA and a memory card. The memory card decrypts the data by the shared temporary key, and then stores the data in the memory card. Data encrypted with a temporary key shared by a PC and the memory card. The PC decrypts the data by the shared temporary key, and then stores the data in the PC. The PC and the data communication server are connected to each other, and perform mutual authentication. The data encrypted with a temporary key shared by the PC and the data communication server as a result of the authentication is transmitted from the PC to the data communication server via a broadband network.

Abstract: In one embodiment, a computer system comprises at least a first computing cell and a second computing cell, each computing cell comprising at least one processor, at least one programmable trusted platform management device coupled to the processor via a hardware path which goes through at least one trusted platform management device controller which manages operations of the at least one programmable trusted platform device, and a routing device to couple the first and second computing cells.

Abstract: A method for management of access means to conditional access data may include: initiating, from a security module of a multimedia unit, a verification of the next renewal date of the access means, which are associated to time information and are controlled by a management centre; determining, in the security module, the next renewal date of the access means; if the next renewal date of the access means is closer than a preset duration, then sending a request from the security module to the multimedia unit that requests the renewal of the access means; sending the request for renewal of the access means from the multimedia unit to the management centre; verifying by the management centre, if the multimedia unit is authorized to renew the access means; and in the case of a positive response, sending of an access means renewal message to the multimedia unit.

Abstract: A communication system comprises a content provider system configured to receive a content request indicating content and a device identifier, determine a first key based on the device identifier, process the content using the first key to modify the content from an unprotected state to a protected state, and transfer the content in the protected state. The communication system further comprises an end user system configured to receive the content in the protected state and process the content with a second key to modify the content from the protected state to an unprotected state wherein the second key is internally hard coded to the end user system.

Abstract: In one embodiment, an add-on pre-scanner card is removably pluggable into a local bus of a computer. The add-on pre-scanner card may be coupled to a computer network to receive network traffic. The add-on pre-scanner card may be configured to extract payloads from received packets and scan the payloads for computer viruses. The add-on pre-scanner card may pass scanned payloads and other data to the computer by way of a shared memory interface. The pre-scanner card may identify each payload as infected with a virus, virus-free, or unknown to allow the computer to distinguish payloads that do not need further scanning from those that do. The computer may further scan for viruses payloads that the pre-scanner card cannot ascertain as either virus free or virus infected.

Abstract: Methods of authenticating a user design in a programmable integrated circuit. The methods utilize an identifier unique to the programmable IC and a data word taken from the user design. The data word can be unique to the design and can include a string of data taken from the configuration data for the design, or the values of circuit nodes read from selected points throughout the design. A function is performed on the identifier and the data word, producing a key specific to the user design as implemented in that programmable IC. The key is compared to an expected value. When the key matches the expected value, the user design is enabled. When the key does not match the expected value, at least a portion of the user design is disabled. Circuitry for performing the steps of the method can be implemented in the programmable resources of the programmable IC.

Abstract: Two kinds of security chips having a security interface are provided. One kind of security chip comprises a processor module, an encrypt/decrypt module, a memory module, a power detecting module and a security I/O module, and all of the modules are connected with each other by an internal bus in the security chip; the other kind of security chip comprises a processor module, an encrypt/decrypt module, a memory module, a power detecting module and an I/O interface module, all of the modules being connected with each other by the internal bus in the security chip, wherein, the security chip also comprises a security input module, a security output module and a south bridge interface module, and all of the modules are connected with each other by the internal bus in the security chip.

Abstract: A Personal Computer Memory Card International Association (PCMCIA) card may establish, via a non-secure network, a secure communications channel between a computer and a secure network. The non-secure network may define a first address space. The secure network may define a second address space. The PCMCIA card may include a cryptography module, a network adapter, and/or a processor. The cryptography module may provide Type 1 cryptography of data communicated between the computer and the secure network. The network adapter may be in communication with the non-secure network and may be associated with a first network address from the first address space. The processor may be in communication with the secure network via the cryptography module and the network adapter. The processor may identify a second network address for the computer from the second address space and may communicate the second network address to the computer, for example via dynamic host control protocol (DHCP).

Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.

Abstract: A storage means which can be accessed by an authentication apparatus stores content data, a first digest table including primary digest values corresponding to a plurality of data portions constituting the content data, a second digest table including secondary digest values corresponding to a plurality of data portions of the first digest table, and a digital signature generated from the second digest table. In a first reading step, the second digest table and the digital signature are read out from the storage means into a memory of the authentication apparatus. In a first authentication step, the authenticity of the content data is verified using the digital signature read out into the memory and the second digest table read out into the memory.

Abstract: Control system of an electronic instrument for metrological measurements, comprising an electronic local processing unit including a handling application of said instrument. The system includes a control application for said handling application, which can be associated with said local processing unit, said control application being suitable for generating a univocal certification code for the application.

Abstract: A remote connecting and shielding power supply system for receiving electricity and data from an electrical outlet and comprising a power line module embedded within the power supply for stripping data from electricity when received within the power supply and a single board computer also embedded within the power supply for shielding the motherboard of a device from unwanted data.

Abstract: Methods for creating an interactive gaming environment are provided. In various embodiments, methods of the present invention may include initializing an interactive game application at a game server which is then characterized as having an active status, notifying a lobby server concerning the active status of the game server, registering the application with a universe management server via the lobby server, and allowing users to join the interactive gaming environment. The users joining the interactive gaming environment may be identified by a server key obtained from the game server.

Abstract: A network device for processing data packets includes an encryption services module, a number of network interfaces and a forwarding module. A network interface receives a packet requiring encryption services and forwards the packet. The forwarding module receives at least a portion of the data packet, where the portion includes header information. The forwarding module identifies a security association for the data packet, appends the security association to the portion of the data packet and forwards the portion of the data packet including the security association to the encryption services module. The encryption services module processes the packet in accordance with the security association.

Abstract: The present disclosure provides a system and method for performing modular exponentiation. The method may include dividing a first polynomial into a plurality of segments and generating a first product by multiplying the plurality of segments of the first polynomial with a second polynomial. The method may also include generating a second product by shifting the contents of an accumulator with a factorization base. The method may further include adding the first product and the second product to yield a first intermediate result and reducing the first intermediate result to yield a second intermediate result. The method may also include generating a public key based on, at least in part, the second intermediate result. Of course, many alternatives, variations and modifications are possible without departing from this embodiment.

Abstract: A method and apparatus is disclosed for preventing the unintended retention of secret data caused by preferred state/burn-in in secure electronic modules. Sequentially storing the data and its inverse on alternating clock cycles, and by actively overwriting it to destroy it, prevents SRAM devices from developing a preferred state. By encrypting a relatively large amount of secret data with a master encryption key, and storing said master key in this non-preferred state storage, the electronic module conveniently extends this protection scheme to a large amount of data, without the overhead of investing or actively erasing the larger storage area.

Abstract: A removable drive such as a USB drive or key is provided for connecting to computer devices to provide secure and portable data storage. The drive includes a drive manager adapted to be run by an operating system of the computer device. The drive manager receives a password, generates a random key based on the password, encrypts a user-selected data file in memory of the computer device using the key, and stores the encrypted file in the memory of the removable drive. The drive manager performs the encryption of the data file without corresponding encryption applications being previously loaded on the computer system. The drive manager may include an Advanced Encryption Standard (AES) cryptography algorithm. The drive manager generates a user interface that allows a user to enter passwords, select files for encryption and decryption, and create folders for storing the encrypted files on the removable drive.

Abstract: A method for protecting at least one first datum to be stored in an integrated circuit, including, upon storage of the first datum, performing a combination with at least one second physical datum coming from at least one network of physical parameters, and only storing the result of this combination, and in read mode, extracting the stored result and using the second physical datum to restore the first datum.

Abstract: Briefly, a low-cost system and method for pseudo-random nonce value generation is disclosed.

Abstract: The invention is a method, system, and apparatus providing user control and security of a PC system. Using the hardware and associated installation software, the system is capable of uniquely securing a PC system without the need for name and password entry. The secure USB device contains a unique asymmetrical key pair, unique device ID, secure storage area, and the firmware to control all of this. In providing the security and control, one embodiment of the invention does not require biomechanical devices or name and password entry systems. There are no passwords and login names to be found, and the encryption/decryption keys are protected from exposure. This provides a more secure environment, as the keys are protected from exposure. The user is in control of the PC system and the data which is desired to be kept secure.

Abstract: A system-on-a-chip (SoC) to process digital audio-video content includes one or more input/output (I/O) interfaces to transmit the digital audio-video content to corresponding I/O devices coupled to the SoC and to receive the digital audio-video content from the corresponding I/O devices. The SoC also includes a cryptographic engine to encrypt the digital audio-video content being transmitted via the I/O interfaces to the corresponding I/O devices and to decrypt the digital audio-video content received via the I/O interfaces from the corresponding I/O devices.

Abstract: A highly configurable kernel supports a wide variety of content protection systems. The kernel may reside in a host that interacts with a secure processor maintaining content protection clients. After establishing communication with the secure processor, the host receives messages from content protection clients requesting rules for message handling operations to support client operations. This flexible configuration allows for dynamic reconfiguration of host and secure processor operation.

Abstract: To provide a content playback device capable of protecting content according to DRM, when decrypting encrypted content recorded on a recording medium and playing the decrypted content. If key generation information is “00”, a key control unit 104 concatenates a decrypted media key and content information in this order, and applies a one-way function to the concatenation result to generate a content key. If the key generation information is “10”, the key control unit 104 sets a rights key as the content key. If the key generation information is “01”, the key control unit 104 concatenates the decrypted media key and the rights key in this order, and applies a one-way function to the concatenation result to generate the content key.

Abstract: Methods for creating an interactive gaming environment are provided. In various embodiments, methods of the present invention may include initializing an interactive game application at a game server which is then characterized as having an active status, notifying a lobby server concerning the active status of the game server, registering the application with a universe management server via the lobby server, and allowing users to join the interactive gaming environment. The users joining the interactive gaming environment may be identified by a server key obtained from the game server.

Abstract: A printing system and printer with an electronic signature capability, and a method thereof are provided. To print security documents using an electronic signature stored in a portable memory, the printing system of the invention includes a portable memory for storing an electronic signature. A memory interface connects detachably to the portable memory. A printer receives the electronic signature from the memory interface, composes the received electronic signature with print data, and executes a print operation. Accordingly, a stamping or signature process on numerous documents can be facilitated, and excessive stamping or signature execution can be prevented. Moreover, the electronic signature of the invention can be executed on various types of forms or documents.

Abstract: In accordance with one embodiment, a method for securing control words is provided. The method includes receiving scrambled digital content in a descrambler integrated circuit. The method further includes receiving an encrypted control word in the descrambler integrated circuit, decrypting the encrypted control word using a key stored in a register circuit of the descrambler integrated circuit, and descrambling the scrambled digital content in the descrambler integrated circuit using the decrypted control word.

Abstract: Apparatus and method to scramble data prior to placing it on a bus or in memory uses embedded hardware keys for encryption/decryption. The hardware keys may be used in addition to software encryption. Different hardware keys may be used to process most significant bits and least significant bits of a data word. Different hardware keys may be used to process messages from/to different channels. The hardware key may be comprise a series of fixed logic cells.

Abstract: The present invention provides an apparatus and method for performing cryptographic operations on a plurality of message blocks within a processor to generate a message digest. In one embodiment, the apparatus has an x86-compatible microprocessor that includes translation logic and execution logic. The translation logic receives a single, atomic cryptographic instruction from a source therefrom, where the single, atomic cryptographic instruction prescribes generation of the message digest according to one of the cryptographic operations. The translation logic also translates the single, atomic cryptographic instruction into a sequence of micro instructions specifying sub-operations required to accomplish generation of the message digest according to the one of the cryptographic operations. The execution logic is operatively coupled to the translation logic. The execution logic receives the sequence of micro instructions, and performs the sub-operations to generate the message digest.

Abstract: A method is provided for re-initializing a cryptographic processing module (102) at a location designated as an unclassified environment. The method includes storing in a database (122) a module unique recovery vector (310, 510) assigned to a cryptographic processing module. The method also includes indexing the module unique recovery vector in the database using a unique module identifying code (for example, a serial number) assigned to the cryptographic processing module. The method further includes subsequently communicating the module unique recovery vector from the database, over a computer network (120), to a remote computing environment (400) that is unclassified. The module unique recovery vector is used to re-initialize the cryptographic processing module.

Abstract: In an information reproducing apparatus having an open architecture, a secure module stores first information, and has a structure which does not allow access to the first information from outside, and a memory has a structure which can be accessed from outside. A decryption unit loaded in the memory decrypts an encryption applied to the first information by using a predetermined key. A key supply unit implemented in the secure module supplies the predetermined key to the decryption unit. An authentication unit implemented in the secure module supplies second information to the decryption unit, refers to third information returned in response to the second information, and checks for authenticity of the decryption unit. A key-supply stop unit implemented in the secure module stops supply of the predetermined key by the key supply unit when the authentication unit does not authenticate the decryption unit.

Abstract: The invention is directed to systems and methods for communicating sensitive and/or confidential medical information with the use of encryption. Specifically, the invention is directed to transmitting a request for sensitive medical data, where the request includes a public key for encryption as an XML node. The public key may be used by the responding party to encrypt at least a portion of the response and respond to the request. The only party in the network path that is able to decrypt the message is the originator of the request because the requestor will have a private keys which is required to decrypt the response data.

Abstract: A device for encryption of data. The device may include a first coupling for connection to a computer, a second coupling for connection to an external data storage device, and an encryption circuit for encryption and decryption of data stored on or being transferred to the external data storage device, wherein the encryption circuit is arranged such that during encryption a decryption key is stored on the external data storage device, and such that during decryption the decryption key is retrieved from the external data storage device.

Abstract: A system, method and media drive for selectively encrypting a data packet. The system includes an encryption key for use in encrypting the data packet, a verification data element derived from the encryption key, an encryption engine for selectively encrypting the data packet using the encryption key, and a verification engine in electronic communication with the encryption engine. The verification engine is configured to receive the encryption key and the verification data element, determine when the verification data element corresponds to the encryption key as received by the verification engine, and prohibit encryption of the data packet by the encryption engine when the verification data element does not correspond to the encryption key as received by the verification engine.

Abstract: A clock signal extractor (11) is connected to an interface of an information equipment (2) for processing an information signal, to extract a clock signal component from the information signal. A clock signal generator (12) generates a pseudo clock signal having an optional phase difference relative to the clock signal component extracted by the clock signal extractor (11). A prevention signal generator (13) generates, based on the pseudo clock signal generated by the clock signal generator (12), a leakage prevention signal having an electromagnetic wave strength stronger than electromagnetic waves leaking from the information signal. A prevention signal output unit (14) outputs the leakage prevention signal generated by the prevention signal generator (13).

Abstract: A content provider 101 distributes a secure container 104 storing content data encrypted using content key data, content key data encrypted using distribution key data, and encrypted usage control policy data indicating the handling of the content data to a SAM 1051 of a user home network 103 etc. The SAM 1051, etc. decrypts the content data and usage control policy data stored in the secure container 104 and determines the purchase mode and usage mode and other handling of the content data based on said decrypted usage control policy data.

Abstract: Systems and methods that facilitate processing data, such as by encryption/decryption, and storing and retrieving data to/from memory such that actual data can be distinguished from information associated with, or representative of, erased/blank memory locations. A processor can include a comparing component that compares information input to the processor to determine whether such information is associated with actual data, or associated with, or representative of, erased/blank memory locations. Information associated with, or representative of, an erased/blank memory location can be processed so that it can be interpreted as such by other components. If actual data is processed such that the comparing component interprets the processed data to be equivalent to an erased/blank memory location, then the data can be re-processed, so it is not interpreted as such, before being forwarded to its next destination.