Subscribe: Untitled
http://www.freepatentsonline.com/rssfeed/rssapp380.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
based  bit  content  data  decryption  device  encrypted  encryption key  encryption  key  method  monoid  security  system 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Untitled

Untitled





 



TECHNIQUES FOR MANAGING SECURITY MODE COMMAND (SMC) INTEGRITY FAILURES AT A USER EQUIPMENT (UE)

Thu, 27 Oct 2016 08:00:00 EDT

The present disclosure describes a method and an apparatus for managing security mode command (SMC) integrity failures at a user equipment (UE). For example, a method is provided for managing SMC integrity failures which receives a SMC message at the UE from a network entity. A message authentication code for data integrity (MAC-I) failure based at least on a mismatch of a security parameter at the UE may be detected at the UE. Moreover, a corrective action may be performed at the UE in response to the detection of the MAC-I failure at the UE.



METHOD AND SYSTEM FOR SECURE PEER-TO-PEER MOBILE COMMUNICATIONS

Thu, 27 Oct 2016 08:00:00 EDT

A system and method for secure peer-to-peer mobile communications using cryptographic mobile unlock tokens (“CK tokens”) in conjunction with mobile devices. Each CK token integrates an entire cryptosystem. Executing these cryptographic based functions entirely in the token have significant operational advantages over the typically memory-only tokens. A more secure, scalable, and lower overall system cost are just a few advantages of the CK token over executing these functions within the smartphone. Of the many uses discussed for the CK token, mobile phone enabling, stored value and medical applications, most have centered on the use of the card in conjunction with a smartphone as the touch point in the transaction.



FACSIMILE DEVICE, FACSIMILE COMMUNICATION SYSTEM, AND FACSIMILE DEVICE CONTROL METHOD

Thu, 27 Oct 2016 08:00:00 EDT

A facsimile device includes: an operation part; a storage part for storing therein the same common key as in a reception-side facsimile device; a transmission data generation part for generating message data; an encryption key generation part for generating an encryption key with use of a signal value of a cryptograph-generation applied signal, which is a signal selected from among signals transmitted to and received from the reception-side facsimile device; an encryption part for generating encrypted data of the message data with use of the generated encryption key; and a communication part for transmitting the encrypted data and decryption information including information as to the cryptograph-generation applied signal to the reception-side facsimile device.



METHOD, APPARATUS, AND SYSTEM FOR CLOUD-BASED ENCRYPTION MACHINE KEY INJECTION

Thu, 27 Oct 2016 08:00:00 EDT

A cloud-based encryption machine key injection system includes at least one key injection sub-system including a key generation device and a quantum key distribution device connected with the key generation device, and a cloud-based encryption machine hosting sub-system including an encryption machine carrying a virtual encryption device and a quantum key distribution device connected with the encryption machine. The key injection sub-system and the encryption machine hosting sub-system are connected with each other through their respective quantum key distribution devices. The key generation device may generate a root key component of the virtual encryption device and transmit the root key component to the encryption machine. The encryption machine may receive root key components from one or more key generation devices and synthesize a root key of the virtual encryption device in accordance with the received root key components.



KEY MANAGEMENT METHOD USED IN ENCRYPTION PROCESSING FOR SAFELY TRANSMITTING AND RECEIVING MESSAGES

Thu, 27 Oct 2016 08:00:00 EDT

Provided is a key management method to secure security in an onboard network system having multiple electronic control units storing a shared key. In the key management method of the onboard network system including multiple electronic units (ECUs) that perform communication by frames via a bus, a master ECU stores a shared key to be mutually shared with one or more ECUs. Each of the ECUs acquire a session key by communication with the master ECU based on the stored shared key, and after this acquisition, executes encryption processing regarding a frame transmitted or received via the bus, using this session key. In a case where a vehicle in which the onboard network system is installed is in a particular state, the master ECU executes inspection of a security state of the shared key stored by the ECU or the like.



DYNAMIC KEY AND RULE STORAGE PROTECTION

Thu, 27 Oct 2016 08:00:00 EDT

A media processing device includes a key store memory to store a plurality of cryptographic keys and a rule set memory to store a plurality of rules for the plurality of cryptographic keys. The media processing device further includes an integrity module to determine a first cyclical redundancy check (CRC) value from the plurality of rules stored in the rule set memory and compare the first CRC with a second CRC value associated with the plurality of rules. The media processing device further includes an arbitration module to prevent further access to the plurality of rules in the rule set memory responsive to the integrity verification module signaling a mismatch between the first CRC and the second CRC.



RANDOM CIPHER PAD CRYPTOGRAPHY

Thu, 27 Oct 2016 08:00:00 EDT

Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the Data RCP. The Data RCP is encrypted using the Key RCP to produce a subsequent Data RCP. The subsequent Data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a Data RCP to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the Data RCP to produce a subsequent Key RCP. A data structure is encrypted using the Data RCP to produce an encrypted data structure.



SECURE COMMUNICATION METHOD AND APPARATUS AND MULTIMEDIA DEVICE EMPLOYING THE SAME

Thu, 27 Oct 2016 08:00:00 EDT

A secure communication apparatus may include a security module for generating an encrypted bitstream by encrypting at least a portion of data forming a bitstream and inserting at least a portion of key information used in the encryption into the bitstream and for decrypting encrypted data by acquiring at least a portion of key information for the decryption from a received encrypted bitstream, and a communication module for transmitting and receiving the encrypted bitstream.



OPERATOR LIFTING IN CRYPTOGRAPHIC ALGORITHM

Thu, 27 Oct 2016 08:00:00 EDT

A system for performing an operation on data using obfuscated representations of the data is disclosed. Obtaining means are configured to obtain a first obfuscated representation of a first data value and obtain a second obfuscated representation of a second data value. A determining means 102 is configured to determine an obfuscated representation of a third data value, by performing the corresponding operations on the obfuscated representation of the first data value and the obfuscated representation of the second data value. Obfuscating means 101 may be configured to generate the first obfuscated representation based on the first data value and generate the second obfuscated representation based on the second data value. De-obfuscating means 103 may be configured to de-obfuscate the obfuscated representation of the third data value in order to obtain the third data value using a system of equations.



RSA ALGORITHM ACCELERATION PROCESSORS, METHODS, SYSTEMS, AND INSTRUCTIONS

Thu, 20 Oct 2016 08:00:00 EDT

A processor includes a decode unit to decode an instruction. The instruction indicates a first 64-bit source operand having a first 64-bit value, indicates a second 64-bit source operand having a second 64-bit value, indicates a third 64-bit source operand having a third 64-bit value, and indicates a fourth 64-bit source operand having a fourth 64-bit value. An execution unit is coupled with the decode unit. The execution unit is operable, in response to the instruction, to store a result. The result includes the first 64-bit value multiplied by the second 64-bit value added to the third 64-bit value added to the fourth 64-bit value. The execution unit may store a 64-bit least significant half of the result in a first 64-bit destination operand indicated by the instruction, and store a 64-bit most significant half of the result in a second 64-bit destination operand indicated by the instruction.



PROTECTION OF REGISTERS AGAINST UNILATERAL DISTURBANCES

Thu, 20 Oct 2016 08:00:00 EDT

A device includes one or more registers and circuitry. The circuitry subjects a key having a number of bits to a first function which takes a selection value into account, generating a result having a number of bits which is twice the number of bits of the key, and stores the result in the one or more registers. In response to a call for the key, the circuitry subjects the result stored in the one or more registers to a second function which takes the selection value into account to generate a response having a same value as the key.



Method and System for Real Time Data Protection with Private Key and Algorithm for Transmission and Storage

Thu, 20 Oct 2016 08:00:00 EDT

This invention relates to a method and system using private key and algorithm for data protection during recording, storage, transmission, transaction, and display, and particularly to a method and system that provides no overhead, low latency, high speed, real time, and strong protection to any type of data, whether in the format of text, audio, photo, video, or mix of them. The invention provides means to a low cost system with great flexibility to support various personal or commercial interactive hardware and software applications that require security and protection of privacy of the user data.



MULTI-PULSE COMMUNICATION USING SPREADING SEQUENCES

Thu, 13 Oct 2016 08:00:00 EDT

Various exemplary embodiments relate to a method of communicating by a transmitter. Embodiments of the method may include creating information to be used by a receiver to define a spreading sequence for a subsequent packet, coding the information into a current communications packet, and transmitting the current communications packet.



SESSION BASED WATERMARKING OF MEDIA CONTENT USING ENCRYPTED CONTENT STREAMS

Thu, 13 Oct 2016 08:00:00 EDT

Methods for session based watermarking of media content using encrypted content streams are provided. At least two content streams of the same media content are watermarked with different watermark information and encrypted using different encryption percentages. During a playback session, a unique sequence is generated and provided to a client device for use by the client device in selecting consecutive content segments from the different content streams to produce the original media content with a watermark that uniquely identifies a user of the client device. When selecting the different content segments, the client device compares the encryption percentage of certain selected content segments with the expected encryption percentage for those content segments to determine whether the content streams have been tampered with.



METHOD AND SYSTEM FOR ENCRYPTING/DECRYPTING PAYLOAD CONTENT OF AN OTN FRAME

Thu, 13 Oct 2016 08:00:00 EDT

The present disclosure relates to a system and method of encrypting and decrypting Optical Transport Network (OTN) payload content. A transmitter of the system includes a series of ordered encryption keys and a counter for generating an initialization vector to be combined with one of the encryption keys for encrypting the OTN payload content. A receiver of the system includes a series of ordered decryption keys and a counter for generating an initialization vector to be combined with one of the decryption keys for decrypting the encrypted OTN payload content. The system synchronizes switching, at the transmitter and the receiver, the encryption and decryption keys to the next keys in each series. The system also synchronizes the counters for generating the same initialization vector at the transmitter and the receiver.



METHOD, APPARATUS AND SYSTEM FOR SECURITY APPLICATION FOR INTEGRATED CIRCUIT DEVICES

Thu, 13 Oct 2016 08:00:00 EDT

At least one method, apparatus and system disclosed involves providing a restricted access protocol for accessing a memory device. A first memory portion of a memory device is selected for providing an access confirmation. At least one of setting or resetting of memory cells of the first memory portion is performed. A first voltage is provided for switching the memory cells. The first voltage is associated with a predetermined switching probability. A first input signal comprising at least one address associated with the memory cells is provided. A first responsive signal is received in response to the input signal. The first responsive signal comprises data relating to the state of the memory cells. An access key is provided for the access confirmation based upon a relationship between the first input signal and the first responsive signals for providing an access key.



ENCRYPTION DEVICE AND METHOD FOR DEFENDING A PHYSICAL ATTACK

Thu, 13 Oct 2016 08:00:00 EDT

Provided are a security device and a method for operating same. The security device may conceal an encryption key used for an encryption algorithm in an encryption module in correspondence to security attacks such as reading information on where the encryption key is stored in a memory by disassembling an IC chip, or extracting said information through microprobing. The encryption key may be included as a physical encryption key module in an encryption module, and a certain storage medium for storing the encryption key may be included in the encryption module. Accordingly, the encryption key is not transmitted via a bus in a security device for encryption.



METHOD FOR ENCRYPTION AND DECRYPTION OF SYMBOLS THROUGH SINGLE-USE, REAL-TIME CHANGING CODES OF GREAT LENGTH AND COMPLEXITY

Thu, 13 Oct 2016 08:00:00 EDT

The method of encryption and decryption of each symbol takes a single-use code, changes the used code and changes all relationships within the execution system in real time. It consists of pairs of symbols and random natural numbers, and strings of codes.In the beginning of communication, the sender and receiver are familiar with all initial conditions.The value used for performing all changes is revealed after the execution of each respective step of encoding and decoding every symbol.This value depends on each step, it changes reiteratively and is not directly attached to the symbol being encoded/decoded.Prior to the execution of any step, the value of this change is unknown to either sender or receiver of the message. The total change of codes and numbers, as well as of all relationships, is increased with each step of utilizing this method.



SYSTEM FOR SHARING A CRYPTOGRAPHIC KEY

Thu, 13 Oct 2016 08:00:00 EDT

A system (200) for configuring a network device (300) for sharing a key, the shared key being • bits long, the system comprising:—a key material obtainer (210) for—obtaining in electronic form a first private set of bivariate polynomials (252, {hacek over (z)}″(,)), and a second private set of reduction integers (254, f″), with each bivariate polynomial in the first set there is associated a reduction integer of the second set, and a public global reduction integer (256, . . . ) associated with the second private set of reduction integers (254, f),—a network device manager (230) for obtaining in electronic form an identity number (310, ¥) for the network device, the identity number being • bits long, wherein •>•, and—a polynomial manipulation unit (220) for computing for the network device a univariate private key polynomial (229) from the first and second private sets by—obtaining a set of univariate polynomials by—for each particular polynomial of the first private set, substituting the identity number (¥) into said particular polynomial {hacek over (z)}″(¥,) and reducing modulo the reduction integer associated with said particular polynomial, and—summing the set of univariate polynomials,—the network device manager being further configured for electronically storing the generated univariate private key polynomial (229, 236) and the public global reduction integer (256, . . . ) at the network device.



METHOD OF UPDATING A FILE TREE STORED ON A STORAGE SERVER

Thu, 13 Oct 2016 08:00:00 EDT

One embodiment relates to a method of updating, by an electronic device of a first user of a tree of data files and/or folders of the first user stored in a storage server configured to implement a re-encryption mechanism, this tree comprising at least one target folder that the first user has authorized a second user to access by providing the storage server with a re-encryption key for this target folder from the first user to the second user.



Methods and apparatuses of digital data processing

Thu, 13 Oct 2016 08:00:00 EDT

The invention Ubit can make data semantics understandable to both humans and machine; semantic translating tools no needed any more, such as compiler, interpreter, semantic analysis, web parser, domain name resolution; machine embodies real intelligence. The three password authentication makes entity authentication nearly unbreakable. Three key encryption can easily realize one-time pad, and also can used in data storage encryption; making data in perfect secure.Ubit presents an interface method between human and human, between machine and human, and between machine and machine; makes all data compatible one another; and anyone can access anything, from anywhere, and in anytime.The methods make hardware and software much more precisely, efficiency and space saved.All methods can be easily implemented.



System and Method to View Encrypted Information on a Security Enabled Display Device

Thu, 13 Oct 2016 08:00:00 EDT

A secure display device includes a display and a decoder. The secure display device receives encoded content that includes information that encodes a secure image, and provides the encoded content to the decoder. The decoder decodes the encoded content to retrieve the secure image, and sends the secure image to the display. The display shows the secure image.



HDMI Extender with Bidirectional Power Over Twisted Pair

Thu, 13 Oct 2016 08:00:00 EDT

Disclosed are various embodiments of transmit and receive connectivity devices that receive a media signal from a source device coupled to the HDMI port and to convert the media signal to a converged media signal based on a converged signal specification. The converged media signal can be transmitted between the transmit and receive connectivity devices through a multi-position multi-contact port. The converged media signal can be converted to a media signal based on the converged signal specification. The converted media signal can be output to a sink device via an HDMI port.



WIRELESS RELAY DEVICE, WIRELESS COMMUNICATION SYSTEM, AND WIRELESS RELAY METHOD

Thu, 06 Oct 2016 08:00:00 EDT

A wireless relay device for relaying encrypted data via a wireless network according to one aspect of the present invention includes a relay controller and an encryption processor. The relay controller is configured to relay a first data to a predetermined relay destination as a second data via the wireless network. The first data is transmitted to the wireless relay device via the wireless network and is addressed to the wireless relay device. The encryption processor is configured to decrypt the first data into a decrypted first data and to input the decrypted first data into the relay controller, and encrypt the second data to be relayed by the relay controller.



WIRELESS NETWORK FAST AUTHENTICATION / ASSOCIATION USING RE-ASSOCIATION OBJECT

Thu, 06 Oct 2016 08:00:00 EDT

A method, an apparatus, and a computer program product for wireless communication are provided. The apparatus may be a STA. The STA sends, in a re-association procedure, a re-association object to a first AP to establish a first security association with the first AP. The re-association object is encrypted by using a first key unknown to the STA. The re-association object includes a second key derived from a second security association in a previous association procedure between the STA and a second AP. The STA receives a response from the first AP indicating that the first security association has been successfully established. The STA authenticates the response.



METHOD AND APPARATUS FOR MANAGING SECURITY KEY IN A NEAR FIELD D2D COMMUNICATION SYSTEM

Thu, 06 Oct 2016 08:00:00 EDT

The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The present disclosure further relates to a method and apparatus for managing a security key in a communication system are provided. The method includes transmitting a first key request message including an identifier (ID) of an originating user equipment (UE) to a server through a mobility management entity (MME), receiving a key response message including security parameters and a secret key of the originating UE from the server, determining a security key based on the security parameters and the secret key of the originating UE by the originating UE, and communicating with a terminating UE based on the security key by the originating UE, while a connection between the originating UE and the terminating UE is maintained.



METHOD FOR TRANSMITTING SECURITY DATA AND METHOD FOR RECEIVING SAME

Thu, 06 Oct 2016 08:00:00 EDT

According to one embodiment of the present specification, a method for transmitting security data is disclosed. The method for transmitting security data can comprise the steps of: outputting a first sequence by scrambling a bit stream of dummy data; outputting a second sequence by scrambling the security data to be transmitted by using the bit stream; and transmitting a first code word and a second code word obtained by encoding the first sequence and the second sequence.



METHOD AND APPARATUS FOR ESTABLISHING A KEY AGREEMENT PROTOCOL

Thu, 06 Oct 2016 08:00:00 EDT

A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user's private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user's private key may be iteratively multiplied by the other user's public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key.



DATA PROCESSING SYSTEM, ENCRYPTION APPARATUS, DECRYPTION APPARATUS, AND COMPUTER READABLE MEDIUM

Thu, 06 Oct 2016 08:00:00 EDT

An encrypted text transmitting apparatus 100 and a key generation apparatus 300 generate a first encryption key and a first decryption key for a first decryption algorithm, generate a second encryption key and a second decryption key for a second decryption algorithm, encrypt the first decryption key using the second encryption key according to an encryption algorithm associated with the second decryption algorithm to generate an encrypted first decryption key, and encrypt plaintext data using the first encryption key according to an encryption algorithm associated with the first decryption algorithm to generate encrypted text data. A key device 400 performs a decryption process of the encrypted first decryption key using the second decryption key according to the second decryption algorithm. An encrypted text receiving apparatus 200 performs a decryption process of the encrypted text data using the first decryption key decrypted by the key device 400, according to the first decryption algorithm.



METHOD AND APPARATUS FOR MIGRATING ENCRYPTED DATA

Thu, 06 Oct 2016 08:00:00 EDT

An approach is provided for managing the migration of large amounts of encrypted data. A migration platform processes a master key associated with the source database to decrypt an envelope key associated with the data to be migrated. The migration platform also retrieves a master key associated with the target database and encrypts the envelope key based on the master key associated with the target database.



CRYPTOGRAPHIC HASH GENERATION SYSTEM

Thu, 06 Oct 2016 08:00:00 EDT

A first module divides a string into a number of blocks. A second module associates the blocks with monoid elements in a list of first monoid elements to produce second monoid elements. A third module applies a first function to an initial monoid element and a first of the second monoid elements producing a first calculated monoid element and evaluates an action of the initial monoid element on the first function producing a second function. A fourth module applies the second function to the first calculated monoid element and to a second of the second monoid elements producing a second calculated monoid element and evaluates the action of the first calculated monoid element on the first function producing a third function. Further modules iteratively, corresponding to the number of blocks, apply the produced function to calculated monoid elements and the second monoid elements to produce a hash of the string



COMMUNICATION SYSTEM

Thu, 06 Oct 2016 08:00:00 EDT

A system effective to communicate a message between two devices. A first device may include a plaintext to monoid element module effective to receive a plaintext message and apply a first function to the plaintext message to produce a first monoid element. A monoid element evaluator module may be effective to receive and insert submonoid generators into a monoid expression to produce a second monoid element in response. An encryption device module may be effective to apply a second function to the first monoid element, the second monoid element, the monoid expression, and a third monoid element to produce an encrypted plaintext message. Decryption may be performed on the encrypted plaintext message knowing the private key which includes the first function, the second function, the third monoid element and the submonoid generators list.



CONTROL CIRCUIT OF WIRELESS USER EQUIPMENT

Thu, 29 Sep 2016 08:00:00 EDT

A control circuit of a wireless user equipment includes: a PDCP layer computing circuit for reading a PDCP SDU from a PDCP SDU buffer of a memory device of the wireless user equipment, and for generating a ciphered data based on the PDCP SDU; a RLC layer computing circuit for generating a RLC PDU based on the ciphered data; a MAC layer computing circuit for generating a MAC PDU based on the RLC PDU; and a channel encoding circuit for encoding the MAC PDU. The PDCP layer computing circuit directly transmits the ciphered data to the RLC layer computing circuit, the RLC layer computing circuit directly transmits the RLC PDU to the MAC layer computing circuit, and the MAC layer computing circuit directly transmits the MAC PDU to the channel encoding circuit, without buffering above data in any buffering circuit outside the control circuit.



APPARATUS AND METHOD FOR AUTHENTICATING NETWORK DEVICES

Thu, 29 Sep 2016 08:00:00 EDT

The disclosed apparatus may include (1) a reply-reception module, stored in memory, that receives, from a satellite device, an authentication reply that includes an original authentication message digitally signed by the aggregation device using a private key of the aggregation device and that is digitally signed by the satellite device using a private key of the satellite device, (2) a forwarding module, stored in memory, that forwards the authentication reply to a network management server, (3) a validation-reception module, stored in memory, that receives, from the network management server in response to forwarding the authentication reply, a validation message, and (4) an authentication module, stored in memory, that authenticates the satellite device based at least in part on receiving the validation message. Various other apparatuses, systems, and methods are also disclosed.



IMAGING SYSTEMS WITH EMBEDDED DATA TRANSMISSION CAPABILITIES

Thu, 29 Sep 2016 08:00:00 EDT

An imaging system may output embedded data in an output frame. Selected bits of pixel data words, corresponding to data read out from imaging pixels and non-imaging pixels, may be modified to correspond to bits of embedded data. Modifying pixel data words may include receiving a pixel data word and decatenating the pixel data words into fragments of the data word. A first fragment may correspond to bits of the data word that are replaced by embedded data bits output from an embedded data engine. A second fragment may be modified using arithmetic circuitry based on whether the embedded data bits that replace the first fragment are the same as bits of the first fragment. An output data word may be produced that includes embedded data bits at its least significant bits, most significant bits, or intermediate bits.



RUNTIME INSTANTIATION OF BROADCAST ENCRYPTION SCHEMES

Thu, 29 Sep 2016 08:00:00 EDT

Embodiments of the present invention relate to runtime instantiation of broadcast encryption schemes. In one embodiment, a method of and computer program product for runtime instantiation of broadcast encryption schemes is provided. A broadcast encryption definition is read. The broadcast encryption definition defines a broadcast encryption scheme and includes a plurality of function definitions. Based on the plurality of function definitions, it is determined whether the broadcast encryption definition defines encrypting or decrypting content. Based on the plurality of function definitions a type of the broadcast encryption scheme is determined.



STABLE PROBING-RESILIENT PHYSICALLY UNCLONABLE FUNCTION (PUF) CIRCUIT

Thu, 29 Sep 2016 08:00:00 EDT

Embodiments include apparatuses, methods, and systems for a physically unclonable function (PUF) circuit. The PUF circuit may include an array of PUF cells to generate respective PUF bits of an encryption code. Individual PUF cells may include first and second inverters cross-coupled between a bit node and a bit bar node. The individual PUF cells may further include a first pre-charge transistor coupled to the bit node and configured to receive a clock signal via a first clock path, and a second pre-charge transistor coupled to the bit bar node and configured to receive the clock signal via a second clock path. Features and techniques of the PUF cells are disclosed to improve the stability and/or bias strength of the PUF cells, to generate a dark bit mask for the array of PUF cells, and to improve resilience to probing attacks. Other embodiments may be described and claimed.



Methods And Systems For Key Generation

Thu, 29 Sep 2016 08:00:00 EDT

Methods and systems for key generation and device management are disclosed. A root key can be stored on a component which can be integrated with a device, and the component can store a product class identifier. The product class identifier can define a class of products, devices, features, hardware components, or other entities. One or more keys can be generated and stored on the devices based on the product class identifier and the root key. A network operator or service provider can then provide services to a class of devices that includes the device, or perform and manage other functions. The services can be authorized or otherwise implemented based on the one or more new keys stored at the devices within the class of devices.



INFORMATION PROCESSING APPARATUS, ENCRYPTION APPARATUS, AND CONTROL METHOD

Thu, 29 Sep 2016 08:00:00 EDT

An information processing apparatus includes a storage unit, an encryption processing unit that encrypts data to be stored in the storage unit, and a control unit that stores a first key in a unit different from the encryption processing unit, wherein the first key, which is used to decrypt data encrypted by the encryption processing unit and stored in the storage unit, is encrypted using a second key set in the encryption processing unit.



QUANTUM KEY DISTRIBUTION DEVICE, QUANTUM KEY DISTRIBUTION SYSTEM, AND QUANTUM KEY DISTRIBUTION METHOD

Thu, 29 Sep 2016 08:00:00 EDT

According to an embodiment, a quantum key distribution device includes a sharer, a key distillation processor, a first manager, and a second manager. The sharer is configured to share a photon string with the another quantum key distribution device using quantum key distribution via a quantum distribution channel, and obtain a photon bit string corresponding to the photon string. The key distillation processor is configured to generate a link key from the photon bit string. The first manager is configured to store the link key as a link transmission key. The second manager is configured to store, in a storage, a first application key from an application key to be used in cryptographic data communication, encrypt a second application key from the application key, using the link transmission key, and send the encrypted second application key to another quantum key distribution device via a classical communication channel.



IMAGING SYSTEMS WITH DATA ENCRYPTION AND EMBEDDING CAPABALITIES

Thu, 29 Sep 2016 08:00:00 EDT

An imaging system may embed encrypted data into image data. The imaging system may generate image data in response to light received at a pixel array. The imaging system may include encryption circuitry that accesses an encryption key. The encryption circuitry may receive data related to the imaging system and/or to an environment in which an image is captured and encrypt the data using the encryption key. The imaging system may include data embedding circuitry that embeds the encrypted data into the image data to generate an output image. The components of the imaging system may be formed on a single imaging system chip. The encrypted data embedded in the output image may be extracted using an extraction engine and decrypted using a decryption engine and decryption key such that the data may be accessed by a user with access to the decryption key.



MULTIPLE AUTHORITY DATA SECURITY AND ACCESS

Thu, 29 Sep 2016 08:00:00 EDT

A request to perform one or more operations using a second key that is inaccessible to a customer of a computing resource service provider is received from the customer, with the request including information that enables the computing resource service provider to select the second key from other keys managed on behalf of customers of the computing resource service provider. A first key, and in addition to the first key, an encrypted first key, is provided to the customer. Data encrypted under the first key is received from the customer. The encrypted first key and the data encrypted under the first key is caused to be stored in persistent storage, such that accessing the data, in plaintext form, from the persistent storage requires use of both a third key and the second key that is inaccessible to the customer.



PSEUDORANDOM BIT SEQUENCES IN AN INTERCONNECT

Thu, 29 Sep 2016 08:00:00 EDT

In an example, a linear feedback shift register (LFSR) provides pseudorandom bit sequences (PRBSs) to an interconnect for training, testing, and scrambling purposes. The interconnect may include a state machine, with states including LOOPBACK, CENTERING, RECENTERING, and ACTIVE states, among others. The interconnect is permitted to move from “CENTERING” to “LOOPBACK” via a sideband signal. In LOOPBACK, CENTERING, and RECENTERING, PRBSs are used for training and testing purposes to electrically characterize and test the interconnect, and to locate a midpoint for a reference voltage Vref. A unique, noncorrelated PRBS is provided to each lane, calculated using one common output bit.



POLYMORPHIC ENCRYPTION KEY ALLOCATION SCHEME

Thu, 29 Sep 2016 08:00:00 EDT

Embodiments of the present invention relate to encryption key allocation with additional security elements to lessen vulnerability to certain attacks. In one embodiment, a method and computer program product is provided for broadcast encryption. A key bundle encoded in a non-transient machine-readable medium is received. The key bundle comprises a first cryptographic key and an associated first cryptographic function identifier. Encrypted content is received. A key block corresponding to a subset difference tree is received. A first cryptographic triple function corresponding to the first cryptographic function identifier is determined. The subset difference tree is traversed using the first cryptographic key and the first cryptographic triple function to obtain a content cryptographic key. The content cryptographic key is applied to the encrypted content to obtain decrypted content.



PRIVACY AND MODELING PRESERVED DATA SHARING

Thu, 29 Sep 2016 08:00:00 EDT

A method for generating a classification model using original data that is sensitive or private to a data owner. The method includes: receiving, from one or more entities, a masked data set having masked data corresponding to the original sensitive data, and further including a masked feature label set for use in classifying the masked data contents; forming a shared data collection of the masked data and the masked feature label sets received; and training, by a second entity, a classification model from the shared masked data and feature label sets, wherein the classification model learned from the shared masked data and feature label sets is the same as a classification model learned from the original sensitive data. The sensitive features and labels cannot be reliably recovered even when both the masked data and the learning algorithm are known.



Systems and Methods for Protecting Video Content

Thu, 29 Sep 2016 08:00:00 EDT

Systems and methods for content-protecting video codecs are described. At least one embodiment of the invention comprises a system for protecting video content comprising computer memory comprising a stored set of instructions for processing video data; and at least one microprocessor configured to process the video data according to the stored set of instructions, the stored set of instructions requiring identification of data to be removed, at least a portion of which is essential to obtaining a visually acceptable reproduction of video, the stored set of instructions being further configured to replace removed data with data-hiding values, wherein the visually acceptable reproduction of video cannot be generated without a key that enables recovery of enough of the removed data from the data-hiding values that replaced the removed data.



CONFIGURABLE MULTI-LANE SCRAMBLER FOR FLEXIBLE PROTOCOL SUPPORT

Thu, 22 Sep 2016 08:00:00 EDT

Various structures and methods are disclosed related to configurable scrambling circuitry. Embodiments can be configured to support one of a plurality of protocols. Some embodiments relate to a configurable multilane scrambler that can be adapted either to combine scrambling circuits across a plurality of lanes or to provide independent lane-based scramblers. Some embodiments are configurable to select a scrambler type. Some embodiments are configurable to adapt to one of a plurality of protocol-specific scrambling polynomials. Some embodiments relate to selecting between least significant bit (“LSB”) and most significant bit (“MSB”) ordering of data. In some embodiments, scrambler circuits in each lane are adapted to handle data that is more than one bit wide.



Policy-Based Key Sharing

Thu, 22 Sep 2016 08:00:00 EDT

Methods of providing policy based access to master keys, enabling keys to be distributed to groups of users in a secure manner while minimizing disruptions to the user in the event of changes to group membership or changes to user attributes. User attributes are identified. Policies are rewritten in terms of user attributes. New unique user attribute keys are generated for each attribute for each user. An access tree is constructed with user attribute keys as leaf nodes and Boolean algebra operations as internal nodes. Shamir polynomials are used for AND nodes, and broadcast polynomials are used for OR nodes. Master keys are accessible by traversing the access tree from the leaf nodes to the root node constructing the polynomials attached to all the nodes along the access path.



DEVICE AND METHOD FOR RESISTING NON-INVASIVE ATTACKS

Thu, 22 Sep 2016 08:00:00 EDT

A device and method for resisting, non-invasive attacks are disclosed herein. The device includes a random number generator that generates a random number, and a multiplier that multiplies first data and second data in a unit of a bit length determined based on the random number.



QUANTUM-KEY DISTRIBUTION APPARATUS, QUANTUM-KEY DISTRIBUTION METHOD, AND COMPUTER PROGRAM PRODUCT

Thu, 22 Sep 2016 08:00:00 EDT

According to an embodiment, a quantum-key distribution apparatus includes a quantum-key sharer, a shifter, a corrector, a privacy amplifier, and an estimator. The quantum-key sharer performs photon sharing processing and acquires a photon bit string. The shifter generates a shared bit string by performing shifting processing. The corrector generates a corrected bit string by correcting errors in the shared bit string by performing error correction processing. The privacy amplifier generates an encryption key by performing privacy amplification processing that compresses the corrected bit string. The estimator estimates an encryption-key generation rate based on an output value and a given value at execution phases of respective pieces of processing of the photon sharing processing, the shifting processing, the error correction processing, and the privacy amplification processing.