Thu, 23 Feb 2017 08:00:00 ESTOne embodiment provides a system for efficiently and securely encrypting, transmitting, and decrypting video data, including selective encryption of image frames. During operation, the system obtains by a content-transmitting device, an image frame which is used to form a video stream. In response to determining that the image frame satisfies a predetermined condition for encryption, the system encrypts the image frame based on an encryption algorithm. The system encapsulates the encrypted image frame based on encapsulation information. The system includes encryption identification information for the image frame in the encapsulation information.
Thu, 23 Feb 2017 08:00:00 ESTA processor to support platform migration of secure enclaves is disclosed. In one embodiment, the processor includes a memory controller unit to access secure enclaves and a processor core coupled to the memory controller unit. The processor core to identify a control structure associated with a secure enclave. The control structure comprises a plurality of data slots and keys associated with a first platform comprising the memory controller unit and the processor core. A version of data from the secure enclave is associated with the plurality of data slots. Migratable keys are generated as a replacement for the keys associated with the control structure. The migratable keys control access to the secure enclave. Thereafter, the control structure is migrated to a second platform to enable access to the secure enclave on the second platform.
Thu, 23 Feb 2017 08:00:00 ESTThe present application discloses an authentication method used in a QKD process, and further discloses additional authentication methods and corresponding apparatuses, as well as an authentication system. The method comprises: selecting, by a transmitter according to a basis selection rule, a basis of preparation for transmitter authentication information that is generated with a first pre-provisioned algorithm and varies dynamically, and transmitting quantum states containing key information and the transmitter authentication information; and measuring, by a receiver, quantum states of the transmitter authentication information according to the basis selection rule, and ending the QKD process if a measurement result is inconsistent with corresponding information calculated with the first pre-provisioned algorithm. By means of this technical solution, dynamic authentication of a requestor of QKD can be achieved in a QKD process, a defense can be provided against spoofing attacks, man-in-the-middle attacks and distributed denial of service (DDoS) attacks, and the security of the QKD process is improved; furthermore, a waste of quantum key resources can be avoided as well.
Thu, 23 Feb 2017 08:00:00 ESTEmbodiments of the present application provide apparatus and methods for generating a shared key, including setting up a key negotiation connection, and determining an algorithm code by negotiating using the key negotiation connection. An algorithm corresponding to the algorithm code is retrieved from a pre-stored algorithm library, and a pre-stored seed key is calculated using the algorithm to obtain a shared key. Compared with traditional key generation methods, embodiments of the present invention avoid the problem of a high bit error rate that occurs in the traditional quantum key generation methods, especially quantum key generation methods. One exemplary method determines an algorithm code through negotiation, retrieves a pre-stored algorithm corresponding to the algorithm code, and generates a new shared key using a seed key.
Thu, 23 Feb 2017 08:00:00 ESTAccording to one embodiment, an apparatus for scrambling a message is provided. The apparatus includes a processor and a memory in communication with the processor. The memory contains instructions executable by the processor that are configured to cause the apparatus to retrieve webpage data of at least one webpage. The at least one webpage is different from the message. The memory contains instructions executable by the processor that are configured to cause the apparatus to perform a hash operation on the webpage data to generate hashed webpage data, generate at least one pseudo-random value based at least in part on the hashed webpage data and generate a scrambled message by performing a first logical operation on the at least one generated pseudo-random value and the message.
Thu, 23 Feb 2017 08:00:00 ESTEmbodiments of the present invention relate to encryption key allocation with additional security elements to lessen vulnerability to certain attacks. In one embodiment, a method and computer program product is provided for broadcast encryption. A key bundle encoded in a non-transient machine-readable medium is received. The key bundle comprises a first cryptographic key and an associated first cryptographic function identifier. Encrypted content is received. A key block corresponding to a subset difference tree is received. A first cryptographic triple function corresponding to the first cryptographic function identifier is determined. The subset difference tree is traversed using the first cryptographic key and the first cryptographic triple function to obtain a content cryptographic key. The content cryptographic key is applied to the encrypted content to obtain decrypted content.
Thu, 23 Feb 2017 08:00:00 ESTA method for encryption, decryption, or encryption and decryption of data in a crypto device having at least one crypto core may include: generating a tweak value corresponding to block data, which is placed at a random position from which the encryption, decryption, or encryption and decryption starts, from among sequential block data; and/or performing the encryption, decryption, or encryption and decryption from the block data using the tweak value. A method for encryption, decryption, or encryption and decryption of block data may include: generating a tweak value corresponding to the block data at a random position; and/or performing the encryption, decryption, or encryption and decryption of the block data using the tweak value.
Thu, 23 Feb 2017 08:00:00 ESTA cryptographic system (10) performs a cryptographic process using a basis. B and a basis B*. An encryption device (200) generates a ciphertext including a transmission-side vector being a vector in the basis B and being generated using one vector of a first vector consisting of coefficients yj of a polynomial having xi as roots and a second vector consisting of v1i being a power of v1. A decryption device (300) decrypts the ciphertext generated by the encryption device (200) with a decryption key including a reception-side vector being a vector in the basis B* and being generated using the other vector of the first vector and the second vector.
Thu, 23 Feb 2017 08:00:00 ESTMethods, systems, and computer program products for encrypting photograph metadata are provided. An image file is received. The image file includes digital image data and a plurality of data fields. A first data field of the plurality of data fields includes a first metadata. A rule set for modifying the first metadata is received. In response to determining that at least one rule of the rule set corresponds to the first metadata, the first metadata is encrypted based to create a second metadata. The second metadata is stored in the image file.
Thu, 16 Feb 2017 08:00:00 ESTVector instructions for performing SNOW 3G wireless security operations are received and executed by the execution circuitry of a processor. The execution circuitry receives a first operand of the first instruction specifying a first vector register that stores a current state of a finite state machine (FSM). The execution circuitry also receives a second operand of the first instruction specifying a second vector register that stores data elements of a liner feedback shift register (LFSR) that are needed for updating the FSM. The execution circuitry executes the first instruction to produce a updated state of the FSM and an output of the FSM in a destination operand of the first instruction.
Thu, 16 Feb 2017 08:00:00 ESTFrom the least significant bit of the current secret key, k bits are retrieved, obtaining a binary window sequence. A binary bit string of concatenation of the random number to the more significant bits of the window sequence is obtained if the most significant bit of the window sequence is 0, subtracting a bit string from the current secret key to obtain a new secret key, or the bit string of a complement of the base number for the window sequence in binary system is calculated if the most significant bit of the window sequence is 1, obtaining a bit string by adding a minus sign to a bit string obtained by concatenating the random number to the more significant bits of the bit string, subtracting the bit string from the current secret key to obtain a new secret key.
Thu, 16 Feb 2017 08:00:00 ESTA method for generating a secret key shared by a group of at least three terminals from characteristics of wireless communication channels connecting the terminals in twos, including, at each of the terminals of the group, the implementation of the following steps of: acquiring signals from wireless communication channels, known as adjacent channels, connected to the terminal and generating a representation of each adjacent channel; for at least one wireless communication channel, known as a non-adjacent channel, not connected to the terminal, acquiring at least one image signal of the non-adjacent channel and generating a representation of the non-adjacent channel, determining the secret key from a combination of the representations of the adjacent channels and at least one representation of non-adjacent channel.
Thu, 16 Feb 2017 08:00:00 ESTA method for generating a secret or a key in a network, the network including at least one first and one second member and a transmission channel between at least the first and the second members. The first and second members being able to place at least one first value and one second value on the transmission channel. The first member causes a first member value sequence and the second member causes a second member value sequence to be transmitted over the transmission channel largely synchronously with each other. The first member and the second member generate a shared secret or a shared key on the basis of information about the first member value sequence and the second member value sequence and on the basis of an overlap value sequence resulting from the overlap of the first member value sequence with the second member value sequence on the transmission channel.
Thu, 16 Feb 2017 08:00:00 ESTAccording to a first aspect of the present disclosure, a method for facilitating secure communication in a network is conceived, comprising: encrypting, by a source node in the network, a new cryptographic key using a current cryptographic key as an encryption key; transmitting, by said source node, the encrypted new cryptographic key to a destination node in the network. According to a second aspect of the present disclosure, a method for facilitating secure communication in a network is conceived, comprising: receiving, by a destination node in the network, an encrypted new cryptographic key from a source node in the network; decrypting, by said destination node, the encrypted new cryptographic key using a current cryptographic key as a decryption key. According to a third aspect of the present disclosure, corresponding computer program products are provided. According to a fourth aspect of the present disclosure, a corresponding source node is provided. According to a fifth aspect of the present disclosure, a corresponding destination node is provided.
Thu, 16 Feb 2017 08:00:00 ESTAn apparatus for generating a random number includes a plurality of metastability entropy sources, a first meta-ring oscillator, and a second meta-ring oscillator. The first meta-ring oscillator includes a first portion of the plurality of metastability entropy sources. The second meta-ring oscillator includes a second portion of the plurality of metastability entropy sources. Each of the first meta-ring oscillator and the second meta-ring oscillator generates a first random number based on a metastability signal in a first mode and operate as a ring oscillator and generate a second random number in a second mode. A number of metastability entropy sources included in the first meta-ring oscillator are less than a number of metastability entropy sources included in the second meta-ring oscillator. The first meta-ring oscillator includes at least one metastability entropy source.
Thu, 16 Feb 2017 08:00:00 ESTA format-preserving cipher including encryption and decryption schemes supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, credit card numbers and discontinuous datasets, thus fitting a variety of industrial needs.
Thu, 16 Feb 2017 08:00:00 ESTThere is provided a method of generating a ciphertext. The method includes encrypting an input data to produce an encrypted data, and randomizing the encrypted data to produce the ciphertext. In particular, the randomizing process includes performing an exclusive-or (xor) operation on the encrypted data with a cipher pad, whereby the cipher pad is generated based on an xor-homomorphic function of a first key using a second key generated based on the encrypted data. There is also provided a corresponding system for generating a ciphertext, a corresponding method and system for decrypting a ciphertext, and a corresponding method and system for searching ciphertexts in a database, such as at an untrusted server.
Thu, 09 Feb 2017 08:00:00 ESTSystems and methods for configuring a cryptographic system, such as an avionic data transfer system associated with an aircraft, are provided. More particularly, systems and methods can be used to assemble a cryptographic key configuration (CKC) for use in a cryptographic system. A CKC can include various components for configuration of a cryptographic system. An administrator can generate CKCs for multiple host systems via a user interface (e.g., a graphical user interface) at a terminal and can deliver the CKCs to the host systems via an automated process by way of, for instance, a removable data cartridge.
Thu, 09 Feb 2017 08:00:00 ESTThe present invention provides a method for burning device keys, wherein the method for burning comprises the steps of: step a: computing device keys to be sent at an operating device end to obtain a first verification code; step b: sending the device keys to be sent to a receiving device end, and controlling the receiving device end to store the received device keys into the receiving device end; step c: controlling the receiving device end to compute the received device keys to obtain a second verification code; step d: comparing the first verification code with the second verification code; step e: finishing the burning method when the first verification code matches the second verification code, and performing the steps b, c, d and e again when the first verification code does not match the second verification code. The present invention also provides a burning system. The burning method of the present invention can ensure that the device keys are successfully burnt at the receiving device end to guarantee the yield rate of the receiving device.
Thu, 09 Feb 2017 08:00:00 ESTSystems and methods for managing cryptographic keys in an avionic data transfer system are provided. A host device associated with the avionic data transfer system can receive one or cryptographic keys via a key fill interface. For instance, in one embodiment, the host device can receive one or more cryptographic keys from a removable data cartridge. The host device can act as a key server for other cryptographic units associated with the avionic data transfer system via a data bus. For instance, the host device can distribute one or more cryptographic keys to other cryptographic units associated with aircraft via an aircraft bus. The other cryptographic units can use the one or more cryptographic keys for cryptographic processing of data.
Thu, 09 Feb 2017 08:00:00 ESTSystems and methods using a cryptographic key loader embedded in a removable data storage device are provided. In one embodiment, the removable data storage device can include a dedicated key memory storing one or more cryptographic keys for cryptographic processing of data by a host system. The removable data storage device can further include a dedicated data memory storing data subject to cryptographic processing by the host system. When the removable data cartridge is interfaced with the host system, the cryptographic key(s) and the data subject to cryptographic processing can become accessible to host system.
Thu, 09 Feb 2017 08:00:00 ESTA machine instruction is provided that has associated therewith an opcode to identify a perform pseudorandom number operation, and an operand to be used by the machine instruction. The machine instruction is executed, and execution includes obtaining a modifier indicator. Based on the modifier indicator having a first value, performing a deterministic pseudorandom number seed operation, which includes obtaining seed material based on information stored in the second operand. A selected hash technique and the seed material are used to provide one or more seed values, and the one or more seed values are stored in a parameter block.
Thu, 09 Feb 2017 08:00:00 EST[Problem] To provide, combining a conventional encryption scheme, an encryption that is excellent in coding ratio, suitable for stream encryption and safe against known plain text attacks. [Solution] From a random number sequence array consisting of random number sequences having no mutual correlations and having different lengths, a random number sequence is selected by using, as an index, a random number that is independently generated by means of a physical random number or the like. A plain text to be encrypted is then obfuscated on the basis of the selected random number sequence, further concatenated to the random number and thereafter subjected to application of a conventional type of encryption algorithm.
Thu, 09 Feb 2017 08:00:00 ESTThe technology encompasses new uses of already-known cryptographic techniques. The technology entails computer-based methods of sharing information securely, in particular an asymmetric method of secure computation that relies on the private-key/public key paradigm with homomorphic encryption. The methods and programmed computing apparatuses herein apply mathematical concepts to services or tasks that are commercially useful and that have not hitherto been possible. Applications of the methods within cloud computing paradigms are presented. Applications of the methods and apparatus herein are far-ranging and include, but are not limited to: purchase-sale transactions such as real estate or automobiles, where some aspect of price negotiation is expected; stock markets; legal settlements; salary negotiation; auctions, and other types of complex financial transactions.
Thu, 02 Feb 2017 08:00:00 ESTA first module divides a string into a number of blocks. A second module associates the blocks with monoid elements in a list of first monoid elements to produce second monoid elements. A third module applies a first function to an initial monoid element and a first of the second monoid elements producing a first calculated monoid element and evaluates an action of the initial monoid element on the first function producing a second function. A fourth module applies the second function to the first calculated monoid element and to a second of the second monoid elements producing a second calculated monoid element and evaluates the action of the first calculated monoid element on the first function producing a third function. Further modules iteratively, corresponding to the number of blocks, apply the produced function to calculated monoid elements and the second monoid elements to produce a hash of the string
Thu, 02 Feb 2017 08:00:00 ESTInstructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.
Thu, 02 Feb 2017 08:00:00 ESTThe present invention discloses an authentication method for a QKD process, and further discloses two additional authentication methods and corresponding devices, as well as an authentication system. The method comprises the following steps: a sender selects a basis for preparing authentication information according to an algorithm in an algorithms library, and respectively applies different wavelengths to send quantum states of control information and data information according to a preset information format; a receiver filters the received quantum states, employs a basis of measurement corresponding to the same algorithm to measure the authentication information quantum state, and sends reverse authentication information when the measurement result is in line with the algorithm, and terminates the distribution process otherwise. In addition, the sender terminates the distribution process when its local authentication information is inconsistent with the reverse authentication information. With this embodiment, the validity of the identities of the communication participants can be confirmed in real time to effectively defend against man-in-the-middle attack and DDoS attack; furthermore, the authentication information is generated by an algorithm-based means to prevent the waste of quantum keys.
Thu, 02 Feb 2017 08:00:00 ESTCryptographic circuitry masks sensitive data values. The masking includes extracting unique combinations of random mask values from one or more sets of random mask values. Each sensitive data value is masked using a respective unique combination. The unique combinations have a combination class greater than or equal to a determined integer corresponding to a protection-level against side-channel attacks, and a number of unique combinations greater than or equal to a number of the sensitive data values. A number of random mask values in the one or more sets of random mask values is based on the number of unique combinations and the class of the plurality of unique combinations.
Thu, 26 Jan 2017 08:00:00 ESTAn advanced metering infrastructure (AMI) server, an AMI network node, an AMI network system and a message broadcasting method thereof are provided. The AMI server generates a broadcasting key from a broadcasting message through a hash function, encrypts the broadcasting message into an encrypted broadcasting message via the broadcasting key, encrypts the broadcasting key into an encrypted key via a symmetric key, and transmits the encrypted broadcasting message and the encrypted key to the AMI network node. The AMI network node decrypts the encrypted key into the broadcasting key via the symmetric key, decrypts the encrypted broadcasting message into the broadcasting message via the broadcasting key, and processes the broadcasting message after determining that the broadcasting message corresponds to the broadcasting key through the hash function.
Thu, 26 Jan 2017 08:00:00 ESTConsumable data objects are transferred from a source server to a vehicle server. The availability of a first data communications link from the source server to a vehicle server is detected and a count of consumable data objects stored on the vehicle server is generated. If the first data communications link is detected, the count is transmitted to the source server over the link. An identifier of the vehicle server is derived from the first data communications link, and this identifier is associated with the count. A consumable data object replenishment count is generated based upon an evaluation of the count in relation to historic use data derived from past counts.
Thu, 26 Jan 2017 08:00:00 ESTAn encoder for providing encrypted data for transmission via a transmission medium includes an encryption unit that is configured to encrypt data received at the encoder block by block and a processing unit. The processing unit is configured to randomly distribute an encrypted data block to a plurality of channels that are allocated to the transmission medium and to provide a sub-block, which includes part of the encrypted data block, to be transmitted via one of the channels, together with a channel identification allocated to the channel and a code value that is based on the encrypted data in the sub-block to be transmitted and the channel identification, for transmission via the allocated channel of the transmission medium.
Thu, 26 Jan 2017 08:00:00 ESTTechnologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes one or more trusted execution environments (TEEs). A TEE generates a request to program the cryptographic engine with respect to a DMA channel. The computing device may verify a signed manifest that indicates the TEEs permitted to program DMA channels and, if verified, determine whether the TEE is permitted to program the requested DMA channel. The computing device may record the TEE for a request to protect the DMA channel and may determine whether the programming TEE matches the recorded TEE for a request to unprotect a DMA channel. The computing device may allow the request to unprotect the DMA channel if the programming TEE matches the recorded TEE. Other embodiments are described and claimed.
Thu, 26 Jan 2017 08:00:00 ESTIn Elliptic Curve Cryptography (ECC), one performs a great number of modular multiplications. These are usually done by Montgomery Multiplication algorithm, which needs the operands to be preprocessed (namely, converted to the Montgomery Domain), which is normally done by an equivalent of a long division. We provide a method to perform this conversion by a single Montgomery multiplication on the raw data. The method is formulated for elliptic curve points represented in Jacobian coordinates but can be extended to other representations.
Thu, 26 Jan 2017 08:00:00 ESTA method for distributing a quantum digital key is described. The method comprises the use of an optical broadband source to generate an optical broadband signal. The optical broadband signal may be transmitted from a first party to a second party through an optical communication channel. The optical broadband signal may be transmitted with a low brightness, such as less than one photon/(sec-Hz), so as to be immune from passive attacks. Furthermore, a method for detecting the presence of active attackers is described. The method may comprise a coincidence measurement configured to measure the level of entanglement between an optical detection signal and an optical idler signal.
Thu, 26 Jan 2017 08:00:00 ESTTechnologies for cryptographic protection of I/O data include a computing device with one or more I/O controllers. Each I/O controller may be coupled to one or more I/O devices. Each I/O controller may generate a direct memory access (DMA) transaction that includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller. The computing device intercepts the DMA transaction and determines whether to protect the DMA transaction as a function of the channel identifier. If so, the computing device performs a cryptographic operation using an encryption key associated with the channel identifier. The computing device may include a cryptographic engine that intercepts the DMA transaction and determines whether to protect the DMA transaction by determining whether the channel identifier matches an entry in a channel identifier table of the cryptographic engine. Other embodiments are described and claimed.
Thu, 26 Jan 2017 08:00:00 ESTA data security method including creating a token-including plaintext by including a predefined token into a plaintext, generating a cyphertext by encrypting the token-including plaintext using format-preserving encryption, generating a decrypted cyphertext by decrypting an input text, determining whether the decrypted cyphertext includes a first predefined token, if the decrypted cyphertext includes the first predefined token, recreating the plaintext by removing the first predefined token from the decrypted cyphertext, and if the decrypted cyphertext does not include the first predefined token, using the input text as the plaintext.
Thu, 26 Jan 2017 08:00:00 ESTSystems and techniques for physical layer encryption (PLE) using beamforming. The techniques are based on the principles of Linear Amplification with Nonlinear Components (LINC) to produce a transmit signal with limited dynamic range. A masking signal is structured based upon a source data signal to produce a transmit signal with limited dynamic range, while providing a high degree of secrecy.
Thu, 19 Jan 2017 08:00:00 ESTA communication device of handling communication with a network including a cellular network and a wireless local area network (WLAN) comprises instructions of receiving a radio resource control (RRC) message configuring cellular-WLAN aggregation (CWA) to the communication device from a base station (BS) of the cellular network; deriving a first pairwise master key (PMK) according to the RRC message; deriving a first encryption key for encrypting first data transmitted to the WLAN or decrypting second data received from the WLAN from the first PMK; releasing the CWA during connecting to the WLAN; performing an extensible authentication protocol (EAP) authentication and key agreement (AKA) procedure with the WLAN to derive a second PMK, when releasing the CWA; and deriving a second encryption key for encrypting third data transmitted to the WLAN or decrypting fourth data received from the WLAN from the second PMK.
Thu, 19 Jan 2017 08:00:00 ESTA device, method or server having memory configured to store cryptographic material required to execute one or more device functions. A communications interface for communicating over a network. Logic configured to receive from the server over the communications interface the cryptographic material required to execute the one or more device functions. The device is configured to delete the cryptographic material from the memory.
Thu, 19 Jan 2017 08:00:00 ESTA method begins by a dispersed storage (DS) processing module receiving encoded data slices and decoding encoded data slices to reproduce a secure data segment, followed by de-combining the secure data segment to reproduce encrypted data and a masked key. The method continues by performing a deterministic function on the encrypted data to produce transformed data, de-masking the masked key based on the transformed data to produce a master key and de-aggregating the encrypted data to reproduce encrypted data sub-segments. A sub-key is generated based on the master key and a decode threshold number of sub-keys are output to a corresponding number of distributed storage and task execution units, followed by decrypting the encrypted data sub-segment utilizing a corresponding sub-key for each encrypted data sub-segment and de-partitioning the decode threshold number of data sub-segments to re-produce a data segment.
Thu, 19 Jan 2017 08:00:00 ESTMethods and apparatus for use in quantum cryptographic applications are disclosed. An optical signal having a first wavelength is encoded for quantum cryptography at a stage where the optical signal is on at least two signal paths. The wavelength of the encoded optical signal on the at least two signal paths is converted to a second wavelength before the optical signal is encoded for transmission. Encoding for transmission is applied to the optical signal on the second wavelength.
Thu, 19 Jan 2017 08:00:00 ESTA display driver integrated circuit includes a seed generation block configured to generate a seed, an encryption block configured to encrypt the seed and generate a first encryption text, and a comparison block configured to receive a second encryption text, in which the seed is encrypted, from an application processor, compare the first encryption text with the second encryption text, and output a control signal based on the comparison result.
Thu, 19 Jan 2017 08:00:00 ESTA DisplayPort (DP) High-bandwidth Digital Content Protection (HDCP) version converter that converts an HDCP content protection version from input to output includes a receiver and a transmitter. The receiver receives a serial bit stream transmitted from an upstream device, and decrypts link symbols of the received serial bit stream by use of a decryption unit. The transmitter encrypts, by use of an encryption unit, the link symbols decrypted by the receiver, and converts the encrypted link symbols into a serial bit stream and transmits the serial bit stream to a downstream device. The receiver and the transmitter have the same link configuration.
Thu, 12 Jan 2017 08:00:00 ESTA method, computer readable medium and apparatus for obtaining cellular network load information in a secure manner are disclosed. For example, the method receives the cellular network load information, where the cellular network load information is encrypted. The method then decrypts the cellular network load information using a decryption key and performs a task responsive to the network load information that is decrypted.
Thu, 12 Jan 2017 08:00:00 ESTEncryption methods and apparatus are described. According to one aspect, an encryption method includes accessing a sequence of an encryption base, the sequence comprising a plurality of sequence elements which correspond to different place values of the encryption base, accessing data to be encrypted, and using the sequence elements of the sequence, encrypting the data by converting the data from an initial base to the encryption base.
Thu, 12 Jan 2017 08:00:00 ESTIn a method for generating a secret key, a first node which is connected via a transmission channel to a second node measures a sequence of physical channel parameters of the transmission channel within a predefined time window, determines for multiple predefined code words a distance of each code word from the sequence, selects a particular code word from the multiple code words which has the shortest distance from the sequence, and adjusts a bit sequence which is assigned to the selected code word with the second node via the transmission channel.
Thu, 12 Jan 2017 08:00:00 ESTIn a method for generating a secret key, a first node which is connected via a transmission channel to a second node estimates a variability of the transmission channel with regard to at least one physical channel parameter of the transmission channel, selects a sampling rate for the channel parameter as a function of the variability, generates a bit sequence by sampling the channel parameter at the selected sampling rate, and adjusts the bit sequence with the second node.
Thu, 12 Jan 2017 08:00:00 ESTA system and method for providing security key exchange and management prior to the operating system of the server and also provides for executing various security functions to prevent a virus or malicious software from propagating through the server and the network. The system and method utilize the BIOS firmware and baseboard management controller (BMC), which are more secure since they do not rely on open source code for software plug-ins from the user layer. As a result, a secure code can be created for key management with a globally unique identifier (GUID). The system and method provides for a network manager to easily and flexibly manage multiple security keys for a rack server system.
Thu, 12 Jan 2017 08:00:00 ESTThe invention relates to a method for securing an electronic device (SC) against attacks via covert channels when the electronic device (SC) implements a Montgomery ladder for calculating the element A⊥A⊥. . . ⊥A where A appears k times. A designates an element of an Abelian group with a law ⊥, and k is a natural number. The method comprises a modified implementation of the Montgomery ladder. The invention also relates to a device (SC), a computer program and a storage medium arranged so as to implement such a method.
Thu, 12 Jan 2017 08:00:00 ESTRead-only (“RO”) data consisting of a physically unclonable function (“PUF”) pattern is written to a ferroelectric random-access memory (“FRAM”) memory array. The FRAM array is baked to imprint the PUF pattern with a selected average depth of imprint and a corresponding average read reliability. The average depth of imprint and corresponding average read reliability are determined during testing after baking The PUF pattern as read after baking is compared to the PUF pattern as written prior to baking Additional PUF pattern writing and baking cycles may be performed until the average depth of imprint and associated read reliability reach a first selected level. Integrated circuits determined to be over-imprinted by exceeding a second selected level may be rejected. The first and second levels of PUF pattern imprint are selected such as to produce FRAM arrays with a unique fingerprint for each individual FRAM array-containing integrated circuit.