Thu, 25 Aug 2016 08:00:00 EDTA negotiation processing method for a security algorithm, a control network element, and a control system where the negotiation processing method for a security algorithm includes selecting, by a control network element according to a security capability of first user equipment (UE) and a security capability of second UE, a security algorithm supported by both the first UE and the second UE, and notifying, by the control network element, the selected security algorithm to the first UE and the second UE, and hence, negotiation of a security algorithm between two UEs in proximity communication can be implemented under the control of a control network element.
Thu, 25 Aug 2016 08:00:00 EDTSystems and methods for communication in a wireless network are disclosed. In one aspect, a method includes generating a medium access control (MAC) address for a first group of wireless devices, storing the MAC address for the first group of wireless devices in an address field of a first message, and transmitting, by a first wireless device of the first group of wireless devices, the first message to a second wireless device of the first group of wireless devices. In some aspects, the wireless network comprises a neighbor aware network (NAN). In some aspects, a wireless device may be able to determine a method of encryption or decryption for the first message based at least in part on the MAC address for the first group of wireless devices.
Thu, 25 Aug 2016 08:00:00 EDTMethods and device for personalizing a secure element (e.g., a eUICC) may include or implement operations for receiving a personalization request issued by an operator to download a personalized profile in compliance with a model into the secure element, and the request may include personalization data, an identifier of the secure element and the identifier of the model. Other operations may include using the identifier of the secure element to identify a pre-personalization server suitable for pre-personalizing the secure element; obtaining a message from the pre-personalization server, the message including a pre-personalization script for the secure element based on the description of the model; generating a personalization script for the secure element by using the pre-personalization script and the personalization data; and sending the personalization script to the secure element, the secure element being suitable for executing the personalization script to install the personalized profile in the secure element.
Thu, 25 Aug 2016 08:00:00 EDTProvided are methods and systems for processing information. In one example method a first frame of a first group of frames of an information transmission can be processed. The first frame can be encoded without reference to other frames of the information transmission. Additionally, a second frame can be processed in the first group of frames. The second frame can be processed with reference to a frame from a second group of frames of the information transmission.
Thu, 25 Aug 2016 08:00:00 EDTMethod and system of key distribution by trusted nodes for a vehicular ad hoc network, the nodes of said network having at least one pair of public-private keys and the corresponding certificates, issued by a CA, said method comprising each vehicle node, on entering said network region, requesting a set of keys from an RSU node that is within range and within that region, said RSU node sending said vehicle node a set of private keys, selected from a pool of private keys, and a list with the key identifiers of the private keys shared by said vehicle node and the other vehicle nodes that have most recently contacted said RSU for a predetermined period of time; such that two nodes are able to establish a secure connection without further interaction by deriving a shared secret which is a cryptographic hash function of the keys shared by said two nodes.
Thu, 25 Aug 2016 08:00:00 EDTA cryptographic apparatus and method is provided with which the circuit scale does not become large, even if a circuit that makes exposure of the secret key difficult by using Differential Power Analysis is equipped. First key data (dQ) representing a quotient obtained by exponentiating, with respect to respect prime data (pi), using respective random number setting data representing exponents (rpi) corresponding to respective prime data, and then obtaining multiplication data by multiplying the respective exponentiated data, and then dividing secret key data (d) by the multiplication data, and second key data (dR) representing a reminder obtained by dividing the secret key data by the multiplication data are stored in a storing unit in advance, and using the first key data and the second key data, a decryption process using RSA or ECC having a countermeasure against Differential Power Analysis (DPA) is performed.
Thu, 25 Aug 2016 08:00:00 EDTA technique perturbs an extent key to compute a candidate extent key in the event of a collision with metadata (i.e., two extents having different data that yield identical hash values) stored in a memory of a node in a cluster. The perturbing technique may be used to compute a candidate extent key that is not previously stored in an extent store instance. The candidate extent key may be computed from a hash value of an extent using a perturbing algorithm, i.e., a hash collision computation, which illustratively adds a perturb value to the hash value. The perturb value is illustratively sufficient to ensure that the candidate extent key resolves to a same hash bucket and node (extent store instance) as the original extent key. In essence, the technique ensures that the original extent key is perturbed in a deterministic manner to generate the candidate extent key, so that the original extent and candidate extent key “decode” to the same hash bucket and extent store instance.
Thu, 25 Aug 2016 08:00:00 EDTA quantum key distribution system is provided. The quantum key distribution system includes a plurality of routing devices configured to relay keys and a quantum key distribution device connected with the routing devices and configured to use two or more different paths to perform corresponding quantum key negotiations with another quantum key distribution device to obtain shared keys. The two or more different paths each include one or more of the routing devices.
Thu, 25 Aug 2016 08:00:00 EDTA flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.
Thu, 25 Aug 2016 08:00:00 EDTA secure communication system utilizes multiple “decoy” data signals to hide one or more true data signals. The true data signal(s) are encrypted, and received at a scrambling unit according to an original set of channel assignments. The channel assignments are optically switched with multiple decoy data signals to form a multi-channel “scrambled” output signal that is thereafter transmitted across a communication system. The greater the number of decoy signals, the greater the security provided to the open-air system. Further security may be provided by encrypting the decoy signals prior to scrambling and/or by utilizing a spatially diverse set of transmitters and receivers. Without the knowledge of the channel assignment(s) for the true signal(s), an eavesdropper may be able to intercept (and, with time, perhaps descramble) the open-air transmitted signals, will not be able to distinguish the true data from the decoys without also knowing the channel assignment(s).
Thu, 25 Aug 2016 08:00:00 EDTA method, system, and computer program product for securing access to stored messages using identity-base encryption are disclosed. The method includes generating a master private key and generating a corresponding master public key. The master private key and the master public key are both generated at a messaging client. The method also includes transmitting the master private key from the messaging client to a messaging server. The transmittal of the master private key to the messaging server is performed without transmitting the master private key.
Thu, 25 Aug 2016 08:00:00 EDTA computer-implemented method is described. A first portion and a second portion of a message are received from a user via a user interface of a computer device. Each portion includes one or more letters. The first portion includes initials of a person. The method includes generating a virtual cryptic note. The virtual cryptic note includes the first portion arranged in a first orientation, and the second portion arranged in a second orientation that is rotated relative to the first orientation with the one or more letters of the second portion overlapping the initials of the first portion. The virtual cryptic note can be modified by changing an order of the first portion relative to the second portion or changing the orientation of at least one of the first portion and the second portion. The first portion and the second portion can be encrypted.
Thu, 25 Aug 2016 08:00:00 EDTA method for concealing sensitive information on a portable device via a steganographic image is disclosed. The portable device can be in the form of a card such as a driver's license or credit card and the hidden information may include a person's name or account number.
Thu, 18 Aug 2016 08:00:00 EDTAccording to one exemplary embodiment, a method for obfuscating a traffic pattern associated with a plurality of network traffic within a tunnel connection is provided. The method may include detecting the tunnel connection. The method may also include analyzing a connection environment associated with the detected tunnel connection. The method may then include determining a packet handling technique based on the analyzed connection environment, whereby the packet handling technique provides a way for creating a noise packet that will be discarded by a network stack at a target node or before the target node. The method may include determining a noise strategy based on the determined packet handling technique. The method may also include sending a plurality of noise packets into the tunnel connection based on the determined noise strategy to obfuscate the traffic pattern.
Thu, 18 Aug 2016 08:00:00 EDTA new construction of CP-ABE, named Privacy Preserving Constant CP-ABE (PPC-CP-ABE) that significantly reduces the ciphertext to a constant size with any given number of attributes is disclosed. PPCCP-ABE leverages a hidden policy construction such that the recipients' privacy is preserved efficiently. A Privacy Preserving Attribute Based Broadcast Encryption (PP-AB-BE) scheme is disclosed. PP-AB-BE is flexible because a broadcasted message can be encrypted by an expressive hidden access policy, either with or without explicit specifying the receivers. PP-AB-BE significantly reduces the storage and communication overhead. Also, PP-AB-BE attains minimal bound on storage overhead for each user to cover all possible subgroups in the communication system.
Thu, 18 Aug 2016 08:00:00 EDTA method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.
Thu, 18 Aug 2016 08:00:00 EDTAn identity authentication method for a quantum key distribution process includes selecting, by a sender, preparation bases of an identity authentication bit string in accordance with a preset basis vector selection rule; sending, by a sender, quantum states of the identity authentication bit string and quantum states of a randomly generated key bit string by using different wavelengths. The identity authentication bit string is interleaved in the key bit string at a random position and with a random length. The method further includes measuring, by a receiver, the received quantum states in the quantum state information in accordance with the different wavelengths and measurement bases selected according to the preset basis vector selection rule to obtain identity authentication information from the measurement of the identity authentication bit string; and determining, by the receiver, whether the identity authentication information obtained through the measurement corresponds with the preset basis vector selection rule.
Thu, 18 Aug 2016 08:00:00 EDTA method and system secures an encryption key for utilization on a secured network by receiving, at a trusted node, an encryption key request from a requesting node, the encryption key request including a public encryption key of a public/private encryption key pair associated with the requesting node; determining, at the trusted node, if the requesting node has previously supplied enough virtual currency to support the request; choosing an encryption key for distributing to the requesting node when it is determined the requesting node has enough virtual currency; encrypting the chosen encryption key with the public encryption key of a public/private encryption key pair associated with the requesting node; and sending the encrypted encryption key to the requesting node.
Thu, 18 Aug 2016 08:00:00 EDTA method of inserting chunks of bits into a target stream of bits within a computing system. The method includes the step of providing a target stream of bits. The method includes the step of providing a chunk stream of bits. The method includes the steps of chunking the chunk stream of bits into one or more chunks of bits; performing a random edit process on the target stream of bits by determining a random point within the target stream of bits and identifying random points within the target stream based on the mask stream until either the mask has no more insertion points or the target stream has no more bits.
Thu, 18 Aug 2016 08:00:00 EDTThis technology manipulates both the plaintext and ciphertext before and after encryption respectively and prior to dissemination to recipients. The manipulation mitigates the possibility of discovery of the encryption key(s) and/or encryption parameters. Even if all of the encryption parameters are known and the encryption key is made available, considerable information would still need to be obtained to enable the recipient to be able to properly decrypt an encrypted message.
Thu, 18 Aug 2016 08:00:00 EDTA method for encrypting data in a near field communication system is provided. The method includes generating encrypted data based on first data input in a current state and second data input in a state immediately preceding the current state, and encoding the encrypted data through a predetermined error correcting code.
Thu, 18 Aug 2016 08:00:00 EDTAn apparatus of this invention is directed to a ciphertext generation apparatus that can compare the magnitudes of encrypted numerical values and largely reduce the risk of information leakage while maintaining the confidentiality. This ciphertext generation apparatus includes a derived key generator that generates a derived key based on a main key and a document, an auxiliary derived key generator that generates an auxiliary derived key based on the main key, the document, and the derived key, an identifier-specific ciphertext generator that generates, based on an identifier of the document, the derived key, and the auxiliary derived key, an identifier-specific ciphertext in which the identifier is encrypted, and a relative value ciphertext generator that generates, based on the identifier and the derived key, a relative value ciphertext in which a relative value generated from the main key, the document, and the derived key is encrypted. A character string including the identifier-specific ciphertext and the relative value ciphertext is generated as a ciphertext for the document.
Thu, 18 Aug 2016 08:00:00 EDTProvided are a device and a method for generating an identification key by using a process variation in a semiconductor process. A semiconductor is manufactured by adjusting a gate side edge position of a contact such that a difference between a probability that a gate of a transistor is shorted from a drain or a source by the contact and a probability that the gate is not shorted is less than or equal to a predetermined threshold. When the manufactured semiconductor does not have a separate process, whether there is a short circuit between the gate and the drain or the source is stochastically generated by the process variation, whether there is a short circuit is detected through a reader, and an identification key is provided.
Thu, 18 Aug 2016 08:00:00 EDTExample embodiments of the systems and methods of multidimensional encrypted data transfer disclosed herein also introduce novel and unobvious methods to store and access information. In example embodiments of the systems and methods of multidimensional encrypted data transfer disclosed herein, a multidimensional data structure is developed. For example, at least one additional dimension is added to a 2D data structure. Data may be encoded within multiple facets. Example embodiments of the multidimensional encoding include non-limiting examples of stacking or providing images or tiles in a very short period of time and moving a 3-dimensional object in space. In one example application, a number of distinct 2D data structures are presented over a time period in a .gif file.
Thu, 18 Aug 2016 08:00:00 EDTAn electronic key system includes an onboard apparatus and a portable apparatus. The electronic key system establishes wireless communication with a secret key common between the onboard apparatus and the portable apparatus, and authenticates the portable apparatus registered as the portable apparatus of an authorized user. The portable apparatus includes a portable apparatus code transmitter that transmits a portable apparatus code. The onboard apparatus includes an onboard code transmitter that transmits an onboard code. The onboard apparatus further includes a portable apparatus code receiver, and an onboard-side key generation portion. The portable apparatus further includes an onboard code receiver, and a portable-apparatus-side key generation portion.
Thu, 11 Aug 2016 08:00:00 EDTMethods and systems for delivering content are disclosed. An example method can comprise receiving, at a gateway device located at a user network, packetized data asset via a packet switched network. The gateway device can convert the packetized data asset to a non-packetized data asset, and transmit the non-packetized data asset via a non-packet switched network to a computing device.
Thu, 11 Aug 2016 08:00:00 EDTMultivariate public key signature/verification system including a signature module and a verification module. The signature module contains a processor, first affine transformation inversion component, isomorphic inversion component, trapdoor component, isomorphic component, and second affine transformation inversion component. Corresponding computations are executed sequentially by the components on a message to be signed; solutions are generated after being processed by the trapdoor component; one solution is selected randomly and transmitted to the isomorphic component and second affine component for processing, and a signature generated is transmitted with the message to the processor. The verification module contains the processor and a public key transformation component. The signature is transmitted by the processor to the transformation component and substituted into each multivariate polynomial in a public key mapping. The processor judges whether the obtained data is equal to the message in a memory: if yes, the signature is valid, if not, it is invalid.
Thu, 11 Aug 2016 08:00:00 EDTA quantum communication system, comprising: a plurality of transmitter units, each transmitter unit comprising a source of quantum signals;a receiver unit, comprising: a quantum receiver, comprising at least one detector configured to detect quantum signals; anda first classical communication device; and a passive optical splitter, wherein the plurality of transmitter units are optically coupled to the receiver unit through the passive optical splitter, wherein the passive optical splitter is optically coupled to the quantum receiver through a first spatial channel and optically coupled to the first classical communication device through a second spatial channel, and wherein the passive optical splitter is configured to distribute an inputted optical signal irrespective of its wavelength.
Thu, 11 Aug 2016 08:00:00 EDTAn encryption device 200 outputs a ciphertext ct including a ciphertext c and a ciphertext c˜. The ciphertext c has been set with one of attribute information x and attribute information v related to each other. The ciphertext c˜ has been set with one of attribute information y and attribute information z related to each other. A decryption device 300 outputs a re-encryption key rk including a decryption key k*rk, a decryption key k˜*rk, and encrypted conversion information φrk. The decryption key k*rk is obtained by converting the decryption key k* which is set with the other one of attribute information x and attribute information v, with conversion information W1,t. The decryption key k˜*rk has been set with the other one of the attribute information y and the attribute information z. The encrypted conversion information φrk is obtained by encrypting the conversion information W1,t by setting one of attribute information x′ and attribute information v′ related to each other. A re-encryption device 400 outputs a re-ciphertext ret including a ciphertext crenc and a decryption key k*renc. The ciphertext crenc is obtained by setting one of additional information H and additional information Θ to the ciphertext ct. The decryption key k*renc is obtained by setting the other one of the additional information H and the additional information Θ to the re-encryption key rk.
Thu, 11 Aug 2016 08:00:00 EDTA pre-encryption process for symmetric encryption processes that inputs a bit stream into any existing or future encryption standard to increase encryption complexity with a disproportionate increase in processing time. The first encoding step is the two-stage generation of two strong keys based on a seed strong crypto key and known information from the Source Data bit stream. The second step is to split and encode the bit stream based on entropy levels. After entropy coding, the aligned bit streams are multiplexed in a cyclic fashion to generate one resulting bit stream. The third step is to slice the resulting bit stream into blocks, encrypting each block and adding each block to a coded output bit stream. Each new strong crypto key is derived from the previous crypto key and the previous pre-processed bit stream data. The decoding process is provided that is a simplified inverse of the encoding process.
Thu, 11 Aug 2016 08:00:00 EDTIn one embodiment, a method for reducing information leakage in order to counter side channel attacks against a secure execution environment is described, the method including receiving at the secure execution environment a first input comprising a key comprising a sequence of k input elements in a commutative ring, CR, receiving at the secure execution environment a second input comprising a text comprising a sequence of p input elements in the commutative ring, CR, defining an input INP comprising a sequence of j input elements, wherein INP comprises either one or both of the first input or the second input, performing one of a matrix randomization operation or a polynomial randomization operation on the inputs, and producing a randomized output.
Thu, 11 Aug 2016 08:00:00 EDTA post-quantum physical-layer encryption/decryption system based on chaotic Baseband Modulation Hopping (BMH). The baseband constellation, mapping, power level, and phase will vary symbol-by-symbol according to assigned random sequences. Pre-shared secret keys are used as the chaotic system parameters, initialization, and quantization parameters to generate the BMH codes. The BMH physical-layer encryption/decryption system can be combined with digital-domain based encryption algorithms such as AES, code-based post-quantum cryptography, and other physical-layer secure communication techniques such as Frequency Hopping (FH) and Direct Sequence Spread Spectrum (DSSS). It can also be combined with Quantum Key Distribution (QKD) to provide mutual authenticated key distribution. This invention can be applied to all kinds of communication systems including wireless (radio frequency, optical, quantum channel, sonar) and wire (optical fiber, power-line, telephone line, wire quantum channel, etc.), single carrier and multi-carrier, OFDM, MIMO channels.
Thu, 11 Aug 2016 08:00:00 EDTA system for authentication of paper sheet and other articles includes an optical sensor configured to generate an image of a first side of an article and a processor operatively connected to the optical sensor. The processor is configured to generate an image of the article with the optical sensor, the image including features that are illuminated by an external illumination source through the article, and generate an output indicating if the article is authentic in response to the features corresponding to a predetermined plurality of features that are generated from another image of the article corresponding to features in the generated image and in response to a cryptographic signature corresponding to feature data that are extracted from the other image corresponding to a valid cryptographic signature of a predetermined party.
Thu, 11 Aug 2016 08:00:00 EDTA processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.
Thu, 04 Aug 2016 08:00:00 EDTOne embodiment of the invention is directed to a method comprising receiving a plurality of data packets including encoded data. The method further comprises determining a plurality of time delays between the plurality of data packets, and translating the plurality of time delays to obtain a decoding key for decoding the encoded data in the data packets. The decoding key may be used to decode the encoded data to obtain the data.
Thu, 04 Aug 2016 08:00:00 EDTMethod and system for personalizing a chip, intended to be integrated into a smart card, comprising a tester associated to an FPGA device connected to the chip, the chip being part of a wafer comprising a plurality of chips and a disposable hardware module for verifying presence of the chip on the wafer. The tester sends a first secret code to the FPGA device, which commands the chip to initiate a test mode activation. The FPGA device encrypts a second secret code by using a secret encryption algorithm parameterized with a random number received from the chip and the first secret code to obtain a first cryptogram which is sent to the chip. The chip determines a second cryptogram by carrying out a Boolean function over a result obtained by decryption of the first cryptogram using the inverse algorithm parameterized with the random number and the first secret code. The second cryptogram is compared with a result obtained by carrying out the Boolean function over the second secret code temporarily stored on the chip. The FPGA device personalizes the chip only if the second cryptogram matches the calculated result.
Thu, 04 Aug 2016 08:00:00 EDTAn information processing apparatus has an encryption part that encrypts by block encryption, and is embeddable in an electronic apparatus, and achieves the above object by segmenting an authentication target message into one or more blocks for every 128 bits, the authentication target message including at least a predetermined authentication parameter and first encryption information that is obtained by encrypting plaintext information by the encryption part, successively computing each of the one or more segmented blocks by a GHASH function including a predetermined algorithm, using a plurality of 8-bit arrays including 16 elements, and generating second encryption information that is obtained by encrypting a computed result by the encryption part, to generate an authentication tag.
Thu, 04 Aug 2016 08:00:00 EDTAn encryption system and method has processors and a memory system, the memory system configured to hold at least one macroblock, an encryption key, and machine readable instructions for encrypting the macroblock. The instructions include instructions for dividing the macroblock into at subblocks by rows and encrypting the rows, for dividing the macroblock into subblocks by columns and encrypting the columns, and for performing a combining cipher of the first, second, third and fourth cipher blocks to produce a final ciphertext of the macroblock. In alternative embodiments, the macroblock is divided in a third, or fourth dimension in addition to rows and columns. In embodiments, ciphertext is chained by using it ciphertext as part of a key for later macroblocks of a sequence, or propagated into later sequences of macroblocks.
Thu, 28 Jul 2016 08:00:00 EDTEach of the first communication apparatus and the second communication apparatus includes a near field communication unit. The first communication apparatus acquires a public key stored in a memory of the near field communication unit of the second communication apparatus, encrypts, by using the acquired public key, data to be processed by the second communication apparatus, and transmits the encrypted data to the second communication apparatus. The second communication apparatus decrypts the transmitted encrypted data by a private key which corresponds to the public key and is stored in a memory of the second communication apparatus.
Thu, 28 Jul 2016 08:00:00 EDTA cryptographic system includes an online computer, an offline computer and custom hardware and software by which the two computers can securely communicate to facilitate the creation, secure use, and maintenance of private cryptographic keys. The system securely stores private cryptographic keys while still enabling the keys to be quickly and easily accessed as needed in a variety of applications including, but not limited to, electronic financial transactions, cryptographic transaction processing, medical record access, email encryption, or any other cryptographic authentication process.
Thu, 28 Jul 2016 08:00:00 EDTA method is provided for obfuscating program code to prevent unauthorized users from accessing video. The method includes receiving an original program code that provides functionality. The original program code is transformed into obfuscated program code defining a randomized branch encoded version of the original program code. The obfuscated program code is then stored, and a processor receiving input video data flow uses the obfuscated program code to generate an output data flow.
Thu, 28 Jul 2016 08:00:00 EDTEmbodiments of the invention provide methods for key fob to control unit verification, retention, and revocation. After an initial pairing between a key fob and a control unit, the devices share a secret operation key (OpKey). For verification, the key fob sends the 8 lowest-order bits of a 128-bit counter and some bits of an AES-128, OpKey encrypted value of the counter to the control unit. For key revocation and retention, the control unit is prompted to enter an OpKey retention and revocation mode. Subsequently, each of the remaining or new key fobs is prompted by the user to send a verification message to the control unit. When the control unit is prompted to exit the OpKey retention and revocation mode, it retains the OpKeys of only the key fobs that sent a valid verification message immediately before entering and exiting the OpKey retention and revocation mode.
Thu, 28 Jul 2016 08:00:00 EDTFor secure wireless communications the sender device uses a rail encoder that outputs dual rail-encoded states of light in a time slot. The states of light dual rail-encode information according to a phase and/or intensity difference between the dual rails, and the rail-encoded states of light may further be converted to a polarization-encoded state. This may be implemented using at least two polarizing beam-splitters with at least one quarter-wave plate disposed therebetween; and/or with integrated waveguides that convert three optical inputs to two optical outputs that are input to a polarization rotator-combiner. The encoder may randomly define the polarization-encoded state such as by randomly selecting from a finite number of at least N=3 possible polarization rotations. The recipient device may use 2N parallel, channels to decode the dual rail-encoded states of light, each channel comprising a detector configured to detect one of N possible polarization states.
Thu, 28 Jul 2016 08:00:00 EDTAccording to an embodiment, a quantum key distribution device includes a quantum key distributor, a sifter, a corrector, an identifier, a classifier, a calculator, and a privacy amplifier. The quantum key distributor obtains a photon string from a photon string of two or more intensities of light pulses. The sifter obtains pulse information indicating the light pulse to which each bit of a shared bit string corresponds. The corrector corrects an error included in the shared bit string and generates a post-correction bit string. The identifier generates error position information. The classifier classifies each bit of the post-correction bit string. The calculator calculates the error rate for each light pulse and each base using the error position information. The privacy amplifier generates a cryptographic key from the post-correction bit string on the basis of the error rate.
Thu, 28 Jul 2016 08:00:00 EDTQuantum secure communication systems communicate quantum signals for quantum key distribution and classical signals with encrypted data and commands via a single optical fiber. In some systems, the single fiber carries classical data in both directions along with quantum communications. For example, quantum keys can be used to encrypt packets for bidirectional communication between two parties. In other systems, a single fiber is used for one way classical communications and quantum communications. The communication systems are secured using a security parameter based on the quantum and classical communications across the optical fiber.
Thu, 28 Jul 2016 08:00:00 EDTA method of communicating with a detonator assembly wherein an encryption key associated with the detonator assembly is stored in the detonator assembly and a message, intended for the detonator assembly, is encrypted at the control location using the encryption key whereupon the encrypted message is transmitted to each of a plurality of detonator assemblies and each received message is decrypted and validated.
Thu, 28 Jul 2016 08:00:00 EDTA secret quotient transfer device that can reduce the communication cost. On the assumption that u denotes a natural number and represents a boundary value, m denotes an integer that satisfies a relation m≦2u, i denotes an integer from 0 to m−1, a plain text a is an integer that is equal to or greater than 0 and smaller than an arbitrary modulo p, the integers a and 0 are congruent modulo 2u, and the plain text a is expressed as a sum of m sub-shares x0, . . . , xm-1, the secret quotient transfer device computes a quotient q of the division of a total sum aZ of the sub-shares by p according to q=Σ(i
Thu, 28 Jul 2016 08:00:00 EDTAn operation apparatus includes a message expansion unit, a state data initiation unit, a state data generation unit, and a chain variable update unit. The message expansion unit generates a plurality of expanded messages using a message. The state data initiation unit generates the initial value of state data using chain variable data. The state data generation unit generates the final value of the state data by iterating a combination function and a step function using the state data and the plurality of expanded messages. The chain variable update unit updates the chain variable data using the state data of the final value.
Thu, 28 Jul 2016 08:00:00 EDTA format-preserving cipher including an encryption and a decryption scheme supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted, thus avoiding a necessarily sequential access into the input plaintext data. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, and credit card numbers, thus fitting a variety of industrial needs.
Thu, 28 Jul 2016 08:00:00 EDTA method of initializing an electronic lock in the field includes the steps of providing a unique lock identifier for a lock, providing a unique organization identifier for an organization, generating master encryption keys for the organization derived from the unique organization identifier for that organization, communicating the unique organization identifier and master encryption keys for the organization to a remote mobile device, using the mobile device to remotely generate individual encryption keys for the lock utilizing one of the master encryption keys, the unique organization identifier and the unique lock identifier for the one of the plurality of locks, and using the mobile device to remotely program a manager key to communicate the individual encryption keys to the lock. Communicating the individual encryption keys initializes the lock to the organization's lock management system and permits the lock to encrypt and decrypt communications exclusively with the organization's lock management system.