Настройки

Укажите год
-

Небесная энциклопедия

Космические корабли и станции, автоматические КА и методы их проектирования, бортовые комплексы управления, системы и средства жизнеобеспечения, особенности технологии производства ракетно-космических систем

Подробнее
-

Мониторинг СМИ

Мониторинг СМИ и социальных сетей. Сканирование интернета, новостных сайтов, специализированных контентных площадок на базе мессенджеров. Гибкие настройки фильтров и первоначальных источников.

Подробнее

Форма поиска

Поддерживает ввод нескольких поисковых фраз (по одной на строку). При поиске обеспечивает поддержку морфологии русского и английского языка
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Укажите год
Укажите год
Применить Всего найдено 5311. Отображено 100.
14-06-2012 дата публикации

Random-id function for smartcards

Номер: US20120146773A1
Автор: Francesco Gallo, Hauke Meyn
Принадлежит: NXP BV

A method for low-level security based on the UID. In particular it enhances an RFID system by adding the ability to dynamically modify the UID of the smartcard or to randomly generate a new UID for the smartcard.

Подробнее
Номер записи: 1
21-06-2012 дата публикации

System and method for hardware strengthened passwords

Номер: US20120155637A1
Автор: Christopher Lyle Bender, Robert John Lambert
Принадлежит: Certicom Corp, Research in Motion Ltd

A cryptographic module and a computing device implemented method for securing data using a cryptographic module is provided. The cryptographic module may include an input component for receiving a password, an output component for outputting data to the computing device, a random number generator for generating a random number and a module processor operative to generate at least one cryptographic key using the generated random number, and to record an association between the received password linking the received password with the at least one cryptographic key in a data store accessible to the cryptographic module.

Подробнее
Номер записи: 2
09-08-2012 дата публикации

Method and apparatus for protecting security parameters used by a security module

Номер: US20120201379A1
Автор: Kenneth C. Fuchs, Tomasz Palarz
Принадлежит: Motorola Solutions Inc

A security module includes non-volatile memory, a key protection key generator, and volatile memory. The security module performs a method for protecting security parameters that includes: storing a secret key in the non-volatile memory, wherein the secret key is unique to the security module; applying a key split algorithm to a plurality of key split components to generate a key protection key, wherein the plurality of key split components includes the secret key; decrypting an encrypted first key using the key protection key; performing at least one of media encryption or media decryption using the decrypted first key; storing the key protection key and the decrypted first key in volatile memory.

Подробнее
Номер записи: 3
09-08-2012 дата публикации

Cryptographic security functions based on anticipated changes in dynamic minutiae

Номер: US20120201381A1
Автор: George Allen Tuvell, Paul Timothy Miller
Принадлежит: mSignia Inc

Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Подробнее
Номер записи: 4
16-08-2012 дата публикации

Authentication device using true random number generating element or pseudo-random number generating element, authentication apparatus, and authentication method

Номер: US20120210127A1
Автор: Masakazu Sato, Osamu Kameda
Принадлежит: Individual

Provided are an authentication device using a true random number generating element or a pseudo-random number generating element, for example, a USB token, an authentication apparatus using the same, an authentication method, an authentication system and the like. In the authentication system, the authentication device is prepared on a user side, and one code generated in the authentication device is used to encrypt another code. The authentication apparatus registers the codes and decrypts the encrypted code sent from the authentication device by using the registered codes to perform an authentication.

Подробнее
Номер записи: 5
01-11-2012 дата публикации

Method and apparatus for providing service provider-controlled communication security

Номер: US20120275598A1
Автор: Jukka Sakari Alakontiola, Markku Kalevi Vimpari
Принадлежит: Nokia Oyj

An approach is provided for service provider controlled communication security. A security platform receives a connection request from a client device. The security platform determines context information associated with the device, access network, a user of the device, or a combination thereof, and then processes and/or facilitates a processing of the context information to determine one or more encryption ciphers to offer for the session. Next, the security platform causes, at least in part, establishment of the connection request using, at least in part, the one of the offered encryption ciphers.

Подробнее
Номер записи: 6
08-11-2012 дата публикации

Method and System for Enhancing Crytographic Capabilities of a Wireless Device Using Broadcasted Random Noise

Номер: US20120281831A1
Автор: Alain C. Briancon, Alexander Reznik, Chunxuan Ye, Inhyok Cha, Robert A. DiFazio, Yevgeniy Dodis, Yogendra C. Shah
Принадлежит: Individual

A secret stream of bits begins by receiving a public random stream contained in a wireless communication signal at a transmit/receive unit. The public random stream is sampled and specific bits are extracted according to a shared common secret. These extracted bits are used to create a longer secret stream. The shared common secret may be generated using JRNSO techniques, or provided to the transmit/receive units prior to the communication session. Alternatively, one of the transmit/receive unit is assumed to be more powerful than any potential eavesdropper. In this situation, the powerful transmit/receive unit may broadcast and store a public random stream. The weaker transmit/receive unit selects select random bits of the broadcast for creating a key. The weaker transmit/receive unit sends the powerful transmit/receive unit the selected bit numbers, and powerful transmit/receive unit uses the random numbers to produce the key created by the weaker transmit/receive unit.

Подробнее
Номер записи: 7
13-12-2012 дата публикации

NFC Communications Device for Setting Up Encrypted Email Communication

Номер: US20120314865A1
Автор: Robert Kitchen
Принадлежит: Broadcom Corp

NFC communication is utilized to provide methods, apparatus and systems for increasing the security of cryptographic keys and cryptographic processes. For the encryption and decryption of a message, public key cryptography requires the use of a pair of keys, i.e., the public key and the private key. Various embodiments of the present invention provide storage of information needed for one or more aspects of encrypting and/or decrypting messages, wherein that information is made available through an NFC communications interface. An NFC-enabled device is brought into physical proximity with a computational platform that is executing, or otherwise providing access to, an email client. Once the NFC-enabled device and the computational platform are within NFC communication range of each other, transfer of information needed to set up an encryption and/or decryption process takes place. Since the encryption/decryption keys and/or related cryptographic process parameters are not stored on the computational platform the security of this information is improved. In some embodiments the encrypted communication is encrypted email, or PUP encrypted email.

Подробнее
Номер записи: 8
21-03-2013 дата публикации

Enabling users to select between secure service providers using a key escrow service

Номер: US20130073848A1
Автор: Jeffrey William Hamilton, Nicholas Julian Pelly
Принадлежит: Google LLC

Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element.

Подробнее
Номер записи: 9
18-04-2013 дата публикации

Electronic apparatus and encryption method thereof

Номер: US20130097428A1
Автор: Hyun-sook RHEE
Принадлежит: SAMSUNG ELECTRONICS CO LTD

An electronic apparatus includes a secure unit to store public key information, an input unit to receive user authentication information and a data searching word, a user authenticating unit to perform user authentication with the inputted user authentication information, an encryption generating unit to generate a searching word encryption to use in data search, and a control unit to control generating the searching word encryption using the previously-stored public key information, the inputted user authentication information, and the data searching word.

Подробнее
Номер записи: 10
16-05-2013 дата публикации

Method for the Cryptographic Protection of an Application

Номер: US20130124860A1
Автор: Monika Maidl, Stefan Seltzsam
Принадлежит: SIEMENS AG

A method is provided for cryptographic protection of an application associated with an application owner and executed in an external data processing center having a security module that stores private cryptographic material of the application owner. A first secure channel between the security module and application owner and a second secure channel between the application owner and the application are used for transmitting a cryptographic key. The cryptographic key is automatically made available to the secure module and the application via the secure channels, without the data processing center service operator being able to access said key. The application can authenticate itself using the key so that the cryptographic material can be transmitted to the application via a channel protected by the cryptographic key. The application data can be encrypted using the cryptographic material such that the application data cannot be accessed by the data processing center service operator.

Подробнее
Номер записи: 11
14-11-2013 дата публикации

Context Aware Network Security Monitoring for Threat Detection

Номер: US20130305357A1
Автор: Arun Ayyagari, David A. Whelan, David E. Corman, Gregory M. Gutt, Timothy M. Aldrich
Принадлежит: Boeing Co

The disclosed method involves monitoring behavior of at least one node, associated with at least one user, in a network to generate a behavior profile for the user(s). The method further involves comparing the behavior profile for at least one user with a baseline behavior profile for the user(s). Also, the method involves determining when there is a difference between the behavior profile for at least one user and the baseline behavior profile for the user(s). Further, the method involves flagging an event associated with the difference: when the difference exceeds a baseline threshold level, does not exceed a baseline threshold level, meets at least one criterion, and/or does not meet at least one criterion. Additionally, the method involves classifying the event to an event classification. Further, the method involves transmitting the event to at least one other node in the network and/or a network operations center.

Подробнее
Номер записи: 12
19-12-2013 дата публикации

Device authentication using restriced memory

Номер: US20130339730A1
Автор: Taku Kato, Tatsuyuki Matsushita, Yuji Nagai
Принадлежит: Toshiba Corp

A device includes a first memory area being used to store a first key and unique secret identification information, the first memory area being restricted from being read and written from outside; a second memory area being used to store encrypted secret identification information generated by encrypting the secret identification information, the second memory area being allowed to be read-only from outside; a third memory area being readable and writable from outside; a first data generator configured to generate a second key by using the first key; a second data generator configured to generate a session key by using the second key; and a one-way function processor configured to generate an authentication information by processing the secret identification information with the session key in one-way function operation, wherein the encrypted secret identification information and the authentication information are output to outside.

Подробнее
Номер записи: 13
19-12-2013 дата публикации

Authentication method

Номер: US20130339741A1
Автор: Taku Kato, Tatsuyuki Matsushita, Yuji Nagai
Принадлежит: Toshiba Corp

According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.

Подробнее
Номер записи: 14
07-01-2021 дата публикации

Cryptographic memory attestation

Номер: US20210004496A1
Автор: Gabriela LIMONTA, Ian Justin Oliver, Jan Kok
Принадлежит: NOKIA TECHNOLOGIES OY

According to an example aspect of the present invention, there is provided an apparatus comprising a random access memory device, at least one processing core coupled via a first interface with the random access memory device, and a secure hardware element, comprising hash function circuitry, and coupled directly via a second interface with the random access memory device, the secure hardware element configured to obtain as input data from a memory space of the random access memory device, to produce as output a hash value of the input, and to cryptographically sign the hash value using a physically unclonable function value of the apparatus.

Подробнее
Номер записи: 15
13-01-2022 дата публикации

Security hierarchy on a digital transaction processing unit (dtpu)

Номер: US20220012720A1
Автор: Robert Wilson
Принадлежит: XARD GROUP PTY LTD

A Digital Transaction Processing Unit (DTPU) operable to host one or more transaction applications for digitally transacting with a Digital Transaction Device (DTD), the DTPU including a security hierarchy for hosting the one or more transaction applications, wherein the security hierarchy is configured to host at least one transaction application for transacting in contact digital transactions.

Подробнее
Номер записи: 16
07-01-2021 дата публикации

SYSTEMS AND METHODS FOR PROVIDING ONLINE AND HYBRIDCARD INTERACTIONS

Номер: US20210004786A1
Автор: LERNER Evan, MANIVANNAN Aravindhan, MOSSLER Lara
Принадлежит: Capital One Services, LLC

Various embodiments are generally directed to authenticating a user for non-payment purposes utilizing a payment protocol, a computer device and a contactless card. The payment protocol may be consistent with an EMV standard. An application may determine that authorization or verification of a user may be required to access non-payment features of another application associated with the user and the computer device. The application may then receive and/or facilitate transmission of encrypted data from a communications interface of a contactless card associated with an account and utilizing either an offline or online technique to do so. The offline or online technique may involve one or more operations that can verify the identity of the user and/or otherwise authorize the user to have access to various aspects of the other application. 1. A method comprising:initiating, by a mobile device, a wireless communication to verify a contactless card using near field communication (NFC);receiving, at the mobile device and as part of the wireless communication, a plurality of inputs, including an application transaction counter (ATC);generating, with the mobile device, a cryptogram based on the ATC, the remaining plurality of inputs of the wireless communication, and a symmetric key associated with the card;transmitting, by the mobile device, a message comprising the cryptogram to an authentication server, wherein the message conforms to a payment format;receiving, at the mobile device, a response from the authentication server verifying an identity of the contactless card based on the cryptogram, wherein the generation of the cryptogram and the received response from the authentication server is based on a payment protocol, and wherein the wireless communication and the card verification is distinct from completing a payment in relation to the payment protocol, wherein the response conforms to the payment format;updating, by the mobile device, the ATC based on the card ...

Подробнее
Номер записи: 17
03-01-2019 дата публикации

EXECUTING ENCRYPTED BOOT LOADERS

Номер: US20190005244A1
Автор: BRASHER Michael Eugene, MEIER Nicholas Harvey
Принадлежит:

A secure boot mechanism is described. The secure boot mechanism can operate in environments not originally designed to support such a mechanism. Downstream boot components can be executed from an encrypted boot partition. A first stage boot loader (FSBL) can load a second stage boot loader (SSBL) from an encrypted disk partition. The FSBL can decrypt and load the SSBL. The FSBL can intercept all I/O initiated by the SSBL so that the SSBL can transparently operate on an encrypted disk partition as though the encrypted disk were unencrypted. 1. A computing device comprising:at least one processor:a memory connected to the at least one processor; and intercept an I/O request to an unencrypted partition from a boot loader residing on an encrypted partition; and', 'redirect the intercepted I/O request to an encrypted partition., 'the at least one processor configured to2. The computing device of claim 1 , wherein a primary boot loader decrypts a key using a cryptographic security device claim 1 , the key used to decrypt an encrypted partition.3. The computing device of claim 2 , the at least one processor further configured to:inject the decrypted key into a block of cache memory.4. The computing device of claim 2 , the at least one processor further configured to:unseal the key using a TPM chip.5. The computing device of claim 1 , the at least one processor further configured to:decrypt a downstream boot loader residing on an encrypted partition.6. The computing device of claim 2 , wherein the decrypted key is not persisted to non-memory storage.7. The computing device of claim 1 , wherein a new primary boot loader is inserted before existing boot chain software without modifying the existing boot chain software.8. A method of executing a boot chain comprising:loading a first stage boot loader (FSBL) from an unencrypted partition;checking a certificate associated with the FSBL;in response to determining that the certificate is from a trusted source, executing the FSBL; ...

Подробнее
Номер записи: 18
05-01-2017 дата публикации

KEY AGREEMENT DEVICE AND METHOD

Номер: US20170005792A1
Автор: Garcia Morchon Oscar, MERINO DEL POZO SANTOS, Rietman Ronald, Tolhuizen Ludovicus Marinus Gerardus M
Принадлежит:

An initiating key-agreement device () and a responding key-agreement device () are provided, configured to generate a symmetric key shared between them. The devices are configured for generating in electronic form a private random value (), obtaining in electronic form a public set of bivariate polynomials () and computing a univariate polynomial () by summing the univariate polynomials obtained by substituting the private random value () into the polynomials of the public set (). The devices are configured to send their computed univariate polynomial to the other device, and to compute or reconstruct the shared symmetric key () by substituting its generated private random value () in the received univariate polynomial. 1. An initiating key-agreement device configured to generate a symmetric key shared with a responding key-agreement device , the shared symmetric key being for symmetric encryption and/or decryption of electronic messages , the initiating key-agreement device comprising [{'b': '112', 'generating in electronic form a first private random value (, s),'}, {'b': '122', 'sub': 'i', 'obtaining in electronic form a public set of bivariate polynomials (, f(,)), wherein a different commutative ring is associated with each polynomial of the public set of bivariate polynomials'}, {'b': 112', '122, 'sub': i', 'i, 'computing an initiating univariate polynomial by summing the univariate polynomials obtained by substituting the first private random value (, s) into the polynomials of the public set (, f(s,)), the initiating univariate polynomial univariate polynomial obtained by substituting the first private random value (s) into a particular polynomial of the public set (f(s,)) is reduced to a canonical form in the commutative ring associated with the particular univariate polynomial,'}], 'an initiating key data generator configured for'} sending the initiating univariate polynomial to the responding key-agreement device, and for', 'receiving from the responding ...

Подробнее
Номер записи: 19
05-01-2017 дата публикации

APPARATUS AND METHOD FOR ESTABLISHING SECURE COMMUNICATION CHANNELS IN AN INTERNET OF THINGS (IOT) SYSTEM

Номер: US20170006003A1
Автор: BRITT JOE, FOROOD HOUMAN, Zakaria Omar
Принадлежит:

An apparatus and method are described for secure communication between IoT devices and an IoT service. For example, one embodiment of a system comprises: an Internet of Things (IoT) service to establish communication with an IoT device through an IoT hub or a mobile user device; a first encryption engine on the IoT service comprising key generation logic to generate a service public key and a service private key; a second encryption engine on the IoT device comprising key generation logic to generate a device public key and a device private key; the first encryption engine to transmit the service public key to the second encryption engine and the second encryption engine to transmit the device public key to the first encryption engine; the first encryption engine to use the device public key and the service private key to generate a secret; the second encryption engine to use the service public key and the device private key to generate the same secret; and wherein once the secret is generated, the first encryption engine and the second encryption engine encrypt and decrypt data packets transmitted between the first encryption engine and the second encryption engine using the secret or using a data structure derived from the secret. 1. A system comprising:an Internet of Things (IoT) service to establish communication with an IoT device through an IoT hub or a mobile user device;a first encryption engine on the IoT service comprising key generation logic to generate a service public key and a service private key;a second encryption engine on the IoT device comprising key generation logic to generate a device public key and a device private key;the first encryption engine to transmit the service public key to the second encryption engine and the second encryption engine to transmit the device public key to the first encryption engine;the first encryption engine to use the device public key and the service private key to generate a secret;the second encryption engine ...

Подробнее
Номер записи: 20
04-01-2018 дата публикации

Client-side security key generation

Номер: US20180006814A1
Автор: Ariya Hidayat, Carl Schroeder, Chandrasekhar Rentachintala, Ricky Y. Chiu
Принадлежит: Shape Security Inc

Techniques are provided for client-side security key generation. An initial request is received from an application executing on a client device. The application includes a security component includes security code. In response to the initial request, a key component is generated. The key component includes one or more parameters from which a valid security key can be generated at the client device by executing the security code. The key component is provided to the client device. A security key associated with a request from the client device to an application server is received. The security key is checked for validity. In response to determining that the security key is valid, processing of the request by the application server is caused.

Подробнее
Номер записи: 21
04-01-2018 дата публикации

Arbitrary base value for epid calculation

Номер: US20180006822A1
Автор: Ernie Brickell
Принадлежит: Intel Corp

Systems and methods for using an arbitrary base value for EPID calculations are provided herein. A system to use arbitrary base values in enhanced privacy ID (EPID) calculation, where the system includes a microcontroller; and a memory coupled to the microcontroller; wherein the microcontroller is to: obtain an arbitrary value at a member device, the member device being a member of a group of member devices, each member device in the group of member devices having a unique private EPID key assigned from a pool of private keys, where any of the pool of private keys is able to sign content that is verifiable by a single group public key, and the arbitrary value being one of a time-based value or a usage-based value; construct an EPID base using the arbitrary value; and transmit content signed with the private key using the EPID base to a verifier.

Подробнее
Номер записи: 22
07-01-2021 дата публикации

MULTI-ADDRESS POPULATION BASED ON SINGLE ADDRESS

Номер: US20210006397A1
Автор: Lee Bobby Christopher
Принадлежит:

A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. The physical card may include disposed thereon a single address operable to receive digital bearer assets in one or more transactions on a decentralized computing platform, like a blockchain-based decentralized computing platform. Other decentralized computing platforms utilize different address generation protocols, thus preventing use of a single address on those other platforms. A set of addresses is generated, each address corresponding to a given decentralized computing platform. Each address is based on a same underlying key-pair, and a primary address is selected from the set for a given card. The remaining addresses in the set are stored, without storage of the public key or private key, and returned in a response to a request for additional addresses of the currency card. 1. A system configured to verify authenticity of an article of manufacture , the system comprising: a first unique identifier and a code,', 'a second unique identifier and private access information,', 'a third unique identifier and public access information, and', 'the private access information is concealed with a tamper-evident feature; and, 'a first computer system that comprises one or more processors programmed with computer program instructions that, when executed, cause the first computer system to generate deterministic data for the article of manufacture, wherein the article of manufacture comprises obtain a subset of information corresponding to the article of manufacture, the subset of information not providing access to a private key corresponding to the private access information;', 'store, within a database, a record of the article of manufacture based on the subset of information;', 'receive a verification request including a record identifier, the record identifier based on a value of the code of the article ...

Подробнее
Номер записи: 23
07-01-2021 дата публикации

Multi-address population based on single address

Номер: US20210006398A1
Автор: Bobby Christopher Lee
Принадлежит: Ballet Global Inc, Crypto Mint Inc

A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. The physical card may include disposed thereon a single address operable to receive digital bearer assets in one or more transactions on a decentralized computing platform, like a blockchain-based decentralized computing platform. Other decentralized computing platforms utilize different address generation protocols, thus preventing use of a single address on those other platforms. A set of addresses is generated, each address corresponding to a given decentralized computing platform. Each address is based on a same underlying key-pair, and a primary address is selected from the set for a given card. The remaining addresses in the set are stored, without storage of the public key or private key, and returned in a response to a request for additional addresses of the currency card.

Подробнее
Номер записи: 24
07-01-2021 дата публикации

MULTI-ADDRESS POPULATION BASED ON SINGLE ADDRESS

Номер: US20210006399A1
Автор: Lee Bobby Christopher
Принадлежит:

A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. The physical card may include disposed thereon a single address operable to receive digital bearer assets in one or more transactions on a decentralized computing platform, like a blockchain-based decentralized computing platform. Other decentralized computing platforms utilize different address generation protocols, thus preventing use of a single address on those other platforms. A set of addresses is generated, each address corresponding to a given decentralized computing platform. Each address is based on a same underlying key-pair, and a primary address is selected from the set for a given card. The remaining addresses in the set are stored, without storage of the public key or private key, and returned in a response to a request for additional addresses of the currency card. 1. A method , comprising:obtaining, with a computer system at a first geolocation, a passphrase; the intermediate code does not reveal the passphrase, and', 'the intermediate code is configured to be used to encrypt plaintexts to form ciphertexts that are decryptable with the passphrase;, 'generating, with the computer system at the first geolocation, an intermediate code based on the passphrase, wherein the second geolocation is different from the first geolocation,', 'the computer system at the second geolocation does not have access to the passphrase, and', 'the public-private cryptographic key pair comprises a public cryptographic key that corresponds to a wallet address of a decentralized computing platform;, 'obtaining, with a computer system at a second geolocation, the intermediate code and a private cryptographic key of a public-private cryptographic key pair, whereinforming, with the computer system at the second geolocation, an encrypted-private-key ciphertext by encrypting the private cryptographic key with the ...

Подробнее
Номер записи: 25
07-01-2021 дата публикации

CRYPTOGRAPHIC KEY MANAGEMENT

Номер: US20210006401A1
Автор: Bansal Rinkesh I., Panchal Sanjay B., Thaker Chintan, Valecha Vinod A.
Принадлежит:

Cryptographic key provisioning by determining future cryptographic key demand according to historic key demand and key access requirements, determining cryptographic key provisioning resources for the future cryptographic key demand, and providing cryptographic keys, prior to the determined future cryptographic key demand using the cryptographic key provisioning resources. 1. A computer implemented method for cryptographic key provisioning , the method comprising:determining future cryptographic key demand according to historic key demand and key access requirements;determining cryptographic key provisioning resources for the future cryptographic key demand; andproviding cryptographic keys prior to the future cryptographic key demand using the cryptographic key provisioning resources.2. The computer implemented method according to claim 1 , further comprising:identifying non-compliant system activity associated with cryptographic key demand, wherein the non-compliant system activity is not associated with the future cryptographic key demand; andrefusing to provide a cryptographic key in response to the non-compliant system activity.3. The computer implemented method according to claim 1 , further comprising:provisioning cryptographic keys having a defined life-cycle, according to a user location.4. The computer implemented method according to claim 1 , further comprising:provisioning cryptographic keys according to a ranking function.5. The computer implemented method according to claim 4 , wherein the ranking function is selected from the group consisting of: active time of a requesting entity claim 4 , number of requests by the entity claim 4 , average key usage time claim 4 , and compliance level of the entity.6. The computer implemented method according to claim 1 , further comprising provisioning cryptographic keys according to a threshold limit.7. The computer implemented method according to claim 6 , wherein the threshold limit is based at least in part on a ...

Подробнее
Номер записи: 26
04-01-2018 дата публикации

SECURE TRANSFER AND USE OF SECRET MATERIAL IN A SHARED ENVIRONMENT

Номер: US20180007020A1
Автор: Canavor Darren Ernest, Hitchcock Daniel Wade, Sethi Tushaar
Принадлежит:

Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret key or revocation data of a customer, as the secret key and revocation data are decrypted and stored within the trusted execution environment but not accessed in an unencrypted form. In turn, the provider can receive various instructions to perform cryptographic operations on behalf of the customer. Based on the outcome of a revocation check using the revocation data, the instructions can be performed by the trusted execution environment. 1. A non-transitory computer-readable medium having computer-readable instructions stored thereon that , when executed by at least one of one or more computing devices , directs at least one of the one or more computing devices to:receive double encrypted revocation data from a customer client device;extract vendor encrypted revocation data from the double encrypted revocation data by decrypting the double encrypted revocation data with a private provider key;extract revocation data from the vendor encrypted revocation data by decrypting the vendor encrypted revocation data with a private vendor key;store the revocation data within a trusted execution environment;receive an instruction from the customer client device to perform a cryptographic operation using a secret key; andin response to the instruction, perform a revocation check to determine whether the secret key has been revoked.2. The non-transitory computer-readable medium of claim 1 , wherein at least one of the one or more computing devices is further directed to perform claim 1 , by the trusted execution environment claim 1 , the cryptographic operation using the secret key based in part on an outcome of the revocation check.3. The non- ...

Подробнее
Номер записи: 27
03-01-2019 дата публикации

ONBOARD COMPUTER SYSTEM, VEHICLE, MANAGEMENT METHOD, AND COMPUTER PROGRAM

Номер: US20190007217A1
Автор: KAWABATA Hideaki, TAKEMORI Keisuke
Принадлежит: KDDI CORPORATION

An onboard computer system includes a first onboard computer configured to store a first public key certificate of a data delivering apparatus, a second onboard computer, and a secure element configured to store a second public key certificate relative to a second secret key used to generate the first public key certificate. The secure element verifies the first public key certificate by use of the second public key certificate. The first onboard computer includes an encryption processor configured to verify a first electronic signature attached to data delivered from the data delivering apparatus by use of the first public key certificate which is successfully verified by the secure element. The data attached with the first electronic signature, which is successfully verified by the encryption processor, is applied to the first onboard computer or the second onboard computer. 2. The onboard computer system according to claim 1 , wherein the first secure element stores a third secret key and thereby generates a third electronic signature for application result information representing an applied result of the data by use of the third secret key claim 1 , whereby the onboard computer system transmits the application result information attached with the third electronic signature to the data delivering apparatus.3. The onboard computer system according to claim 2 , wherein the first secure element stores a second secret key and thereby generates a third public key certificate relative to the third secret key by use of the second secret key claim 2 , whereby the onboard computer system transmits the third public key certificate to the data delivering apparatus.4. The onboard computer system according to claim 1 , further comprising a second secure element configured to store a third secret key claim 1 , wherein the second secure element generates a third electronic signature attached to application result information representing an applied result of the data by use of ...

Подробнее
Номер записи: 28
02-01-2020 дата публикации

AUTHENTICATION THROUGH SECURE SHARING OF DIGITAL SECRETS PREVIOUSLY ESTABLISHED BETWEEN DEVICES

Номер: US20200007325A1
Автор: Jain Vikal Kumar
Принадлежит: DISH Technologies L.L.C.

Applications executing on phones, tablets and other client devices can be designed to authenticate with network services, but reliably identifying a client device that is not previously known to the service can be difficult. A television receiver or other trusted device that is previously known to the service, however, can act as an intermediary for initially delivering the client's identifying data to the authentication service. After the authentication service has received reliable identifying information about the client from another trusted device, the service is able to directly authenticate the client device in subsequent transactions by requesting and verifying receipt of the same secret identifier. 1. An automated digital authentication process executed by a client device to authenticate the client device with a security server via a network , the automated process comprising:generating, by the client device, a digital secret;transmitting the digital secret from the client device to a trusted home device that is in secure communication with the security server and that has previously established a trusted relationship with the security server to thereby permit the trusted home device to securely forward the digital secret created by the client device to the security server via the network for storage of the digital secret by the security server;subsequently providing the digital secret from the client device to the security server in a request to authenticate the computer system; andin response to the security server successfully comparing the digital secret subsequently provided from the client device to the digital secret previously received from the trusted home device, the client device receiving an authentication message that provides access to a network service.2. The automated digital authentication process of further comprising:the client device additionally transmitting the digital secret for remote storage via the network; andthe client device ...

Подробнее
Номер записи: 29
02-01-2020 дата публикации

LOCATION AWARE CRYPTOGRAPHY

Номер: US20200007328A1
Автор: Beitel Daniel Robert, Kumar Ambuj, Marson Mark Evan
Принадлежит:

A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity. 120-. (canceled)21. A method comprising:transmitting a request to transmit data from a first device to a second device;receiving an encrypted session key from the second device in response to the request, wherein the encrypted session key is encrypted by a second device key that is based on a combination of a public key and a time value associated with the second device;identifying another time value associated with the first device; andgenerating, by a processing device, a first device key based on a combination of the time value associated with the first device and a private key that corresponds to the public key, wherein the first device key decrypts the encrypted session key responsive to the time value associated with the first device corresponding to the time value associated with the second device.22. The method of claim 21 , wherein the second device key is further based on a location of the second device claim 21 , and wherein the first device key is further based on another location of the first device.23. The method of claim 21 , further comprising:in response to decrypting the encrypted session key, encrypting data based on the session key; andtransmitting the encrypted data from the first device to the second device.24. The ...

Подробнее
Номер записи: 30
20-01-2022 дата публикации

LOCATION AWARE CRYPTOGRAPHY

Номер: US20220021534A1
Автор: Beitel Daniel Robert, Kumar Ambuj, Marson Mark Evan
Принадлежит:

A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity. 1. (canceled)2. A method of operating a first device , the method comprising:initiating a communication session with a second device;generating first location information associated with the first device;retrieving a public key and a private key associated with the first device;generating a location-based private key based on the first location information and the private key;transmitting a public key and a certificate to the second device;receiving, from the second device, a session key encrypted based on the public key and second location information associated with the second device; andcommunicating encrypted data with the second device in the communication session, wherein the encrypted data is encrypted with the session key.3. The method of claim 2 , wherein communicating encrypted data further comprises:receiving the encrypted data from the second device; anddecrypting, using the location-based private key, the encrypted data to obtain unencrypted data.4. The method of claim 2 , wherein communicating encrypted data further comprises:encrypting data to obtain the encrypted data using the session key; andtransmitting the encrypted data to the second device.5. The method of claim 2 , further comprising:receiving, from the second device ...

Подробнее
Номер записи: 31
08-01-2015 дата публикации

Method and device for processing SRVCC switching, and terminal

Номер: US20150010154A1
Автор: Chen Yang
Принадлежит: ZTE CORPORATION

A method and device for processing Single Radio Voice Call Continuity (SRVCC) switching, and a related terminal are disclosed. In a technical solution of the disclosure, two sets of authentication parameters can be stored during the process of SRVCC switching, one set of which is stored into a card and the other set is stored into a temporary data area, and specific access to the authentication parameters is controlled by a switch variable so that a user does not need to consider using which data area. It is determined, after the SRVCC switching succeeds or fails, whether authentication parameters in the temporary data area need to be written into the card. Calculated authentication parameters are directly written into the card after the SRVCC switching is started, so that update of the authentication parameters is more flexible and signalling interaction with a network can be reduced. 1. A method for processing Single Radio Voice Call Continuity (SRVCC) switching , comprising:after a terminal receives an SRVCC switching command sent by a network side, determining, by the terminal, whether a Packet Switching (PS) domain voice service under a current system of the terminal is subjected to encryption and integrity protection;when the PS domain voice service under the current system of the terminal is subjected to encryption and integrity protection, converting PS domain authentication parameters in the current system into Circuit Switching (CS) domain authentication parameters and PS domain authentication parameters in a target system;storing, the CS domain authentication parameters and the PS domain authentication parameters in the target system into a temporary data area which can be accessed by a Non-Access Stratus (NAS) and an Access Stratus (AS), and setting a switch variable for the temporary data area; andwhen the terminal determines that the SRVCC switching succeeds, writing, into a card, the CS domain authentication parameters and the PS domain authentication ...

Подробнее
Номер записи: 32
12-01-2017 дата публикации

Method and device for generating a secret key

Номер: US20170012771A1
Автор: Mueller Andreas
Принадлежит:

In a method for generating a secret key, a first node which is connected via a transmission channel to a second node estimates a variability of the transmission channel with regard to at least one physical channel parameter of the transmission channel, selects a sampling rate for the channel parameter as a function of the variability, generates a bit sequence by sampling the channel parameter at the selected sampling rate, and adjusts the bit sequence with the second node. 1. A method for generating a secret key , comprising:estimating, by a first node which is connected via a transmission channel to a second node, a variability of the transmission channel with regard to at least one physical channel parameter of the transmission channel;selecting, by the first node, a sampling rate for the channel parameter as a function of the estimated variability;generating, by the first node, a bit sequence by sampling the channel parameter at the selected sampling rate; andadjusting, by the first node, the bit sequence between the first and second nodes.2. The method as recited in claim 1 , wherein:the first node estimates the variability with regard to multiple physical channel parameters;the first node selects channel parameters to be sampled from the multiple physical channel parameters as a function of the variability; andthe first node selects the sampling rate for each of the channel parameters to be sampled.3. The method as recited in claim 2 , further comprising:estimating, by the second node, the variability with regard to the channel parameters; andcoordinating, by the first node and the second node, the channel parameters to be sampled and corresponding respective sampling rates with one another via the transmission channel.4. The method as recited in claim 3 , wherein:the channel parameters to be sampled are channel parameters which were selected by both the first node and the second node; andthe respective sampling rate is the smaller one of the sampling rates ...

Подробнее
Номер записи: 33
12-01-2017 дата публикации

Method and device for generating a secret key

Номер: US20170012772A1
Автор: Mueller Andreas
Принадлежит:

In a method for generating a secret key, a first node which is connected via a transmission channel to a second node measures a sequence of physical channel parameters of the transmission channel within a predefined time window, determines for multiple predefined code words a distance of each code word from the sequence, selects a particular code word from the multiple code words which has the shortest distance from the sequence, and adjusts a bit sequence which is assigned to the selected code word with the second node via the transmission channel. 1. A method for generating a secret key , comprising:measuring, by a first node which is connected via a transmission channel to a second node, a sequence of physical channel parameters of the transmission channel within a predefined time window;determining, by the first node, for multiple predefined code words a distance of each code word from the sequence;selecting, by the first node, from the multiple predefined code words, a code word which has the shortest distance from the sequence; andadjusting, by at least the first node, a bit sequence which is assigned to the selected code word with the second node via the transmission channel.2. The method as recited in claim 1 , further comprising:measuring, by the second node, the sequence of the physical channel parameters within the time window;determining, by the second node, for the multiple predefined code words the distance of each code word from the sequence; andselecting, by the second node, from the multiple predefined code words, the code word which has the shortest distance from the sequence;wherein the first node and the second node jointly adjust the bit sequence.3. The method as recited in claim 2 , wherein:the first node and the second node each store at least one matching code book which includes the multiple predefined code words and assigns the bit sequence to each code word.4. The method as recited in claim 3 , wherein the first node and the second node ...

Подробнее
Номер записи: 34
10-01-2019 дата публикации

SYSTEMS AND METHODS OF PER-DOCUMENT ENCRYPTION OF ENTERPRISE INFORMATION STORED ON A CLOUD COMPUTING SERVICE (CCS)

Номер: US20190012478A1
Автор: MALMSKOG Steve, NARAYANASWAMY Krishna, SAMBAMOORTHY Arjun
Принадлежит: Netskope, Inc.

The technology disclosed relates to securely encrypting a document. In particular, it relates to accessing a key-manager with a triplet of organization identifier, application identifier and region identifier and in response receiving a triplet-key and a triplet-key identifier that uniquely identifies the triplet-key. Also, for a document that has a document identifier (ID), the technology disclosed relates to deriving a per-document key from a combination of the triplet-key, the document ID and a salt. Further, the per-document key is used to encrypt the document. 1. A computer-implemented method of monitoring and controlling exfiltration of documents stored on a cloud computing service (CCS) , the method including: a cloud computing service (CCS) application programming interface (API) in use; and', 'a function or an activity being performed via the CCS API on a document;, 'using a cross-application monitor to detect'}determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content in the document being transmitted to the CCS;applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control; andencrypting the document responsive to finding the strings and interrelated strings subject to content control in the parsed stream.2. The computer-implemented method of claim 1 , further including:encrypting the document using a per-document key derived by applying a key derivation function (KDF) to a triplet-key, a document identifier (ID), and a salt.3. The computer-implemented method of claim 2 , further including:providing a triplet of an organization ID of an organization that uses the CCS, a CCS ID, and a region ID as input to a first key-manager; andin response to the input, the first key-manager generating the triplet-key.4. The computer-implemented method of claim 2 , further including:transmitting the encrypted document, ...

Подробнее
Номер записи: 35
09-01-2020 дата публикации

ENCRYPTION MACHINE UPGRADE, DATA IMPORT AND REQUEST MIGRATION METHOD, APPARATUS AND DEVICE

Номер: US20200012491A1
Автор: Jiang Haitao, Lin Long, LIN Xianwei, Su Jiandong, Yang Libei
Принадлежит:

A method of upgrading encryption machine, including: a controller for managing upgrading of encryption machine determines a first encryption machine to be upgraded; the controller transfers the data of the first encryption machine to a second encryption machine; and the controller sends an upgrade command for instructing the first encryption machine to conduct the upgrade to the first encryption machine. The above method solves the problem that in the process of upgrading the encryption machine in the conventional techniques, the operation is extremely complicated, which is easy to cause an operation error and interruption of user service. 1. A method , comprising:determining, by a controller for managing upgrading of encryption machine, a first encryption machine to be upgraded;transferring, by the controller, data of the first encryption machine to a second encryption machine; andsending, by the controller, an upgrade command for instructing the first encryption machine to conduct upgrade, to the first encryption machine.2. The method of further comprising:receiving, by the controller, a result of upgrade operation returned by the first encryption machine.3. The method of claim 1 , wherein transferring by the controller the data of the first encryption machine to the second encryption machine comprises:sending, by the controller, a first data backup command for instructing the first encryption machine to conduct data backup, to the first encryption machine;receiving, by the controller, first data returned by the first encryption machine, the first data being backup data obtained by backing up the data of the first encryption machine;sending, by the controller, a first data import command for instructing the second encryption machine to import the first data, to the second encryption machine; andreceiving, by the controller, an import result regarding the first data returned by the second encryption machine.4. The method of claim 3 , further comprising:storing, by ...

Подробнее
Номер записи: 36
14-01-2021 дата публикации

Method and system for secure and verifiable offline blockchain transactions

Номер: US20210012331A1
Автор: Stephen Higgins
Принадлежит: Mastercard International Inc

A method for performing secure, verifiable, offline blockchain transactions through a trusted execution environment and time-limited credentials includes: storing, in a trusted execution environment of a computing device, a cryptographic key pair comprised of a public key and a private key; transmitting, by a transmitter of the computing device, the public key to a gateway device in a blockchain network; receiving, by a receiver of the computing device, a time-limited credential from the gateway device; generating, by a processing device of the computing device, a blockchain data value, wherein the blockchain data value includes at least the time-limited credential, a transaction amount, and a destination address; digitally signing, by the trusted execution environment of the computing device, the generated blockchain data value using the private key; and transmitting, by the transmitter of the computing device, the signed blockchain data value to an external device.

Подробнее
Номер записи: 37
11-01-2018 дата публикации

CRYPTOGRAPHY METHOD

Номер: US20180013558A1
Автор: Hassan Amer
Принадлежит: Microsoft Technology Licensing, LLC

The embodiments provide cryptography that is performed in each of two communicating devices and is based on information known only to the devices. The information is determined in each of the devices at the time of communications. Each of the devices determines the information without communicating key information related to the encryption key with each other. Channel characteristic reciprocity between the two devices allows creation of identical keys in each device. Each of the devices sends a first setup signal to the other device, receives a second setup signal from the other device, where the second setup signal may be a looped back version of the first setup signal, samples the second setup generates sampling results, creates a key based on the sampling results, and utilizes the key to exchange one or more secure data signals with the other device. 1. A first device comprising;one or more processors; and, receive a setup signal from a second device;', 'sample the setup signal and generate sampling results;', 'create a key based on the sampling results; and,', 'utilize the key to exchange at least one data signal with the second device., 'memory in communication with the one or more processors, the memory comprising code that, when executed, causes the one or more processors to control the first device to2. The first device of claim 1 , wherein the setup signal comprises a second setup signal and the code causes the one or more processors to control the first device to:send a first setup signal to the second device; and,receive the second setup signal from the second device, wherein the second setup signal comprises a looped back version of the first setup signal.3. The first device of claim 2 , wherein the code further causes the one or more processors to control the first device to:receive a third setup signal from the second device; and,send a fourth setup signal to the second device, the fourth setup signal comprising a looped back version of the third setup ...

Подробнее
Номер записи: 38
11-01-2018 дата публикации

MULTIPLE CRYPTOGRAPHIC KEY GENERATION FOR TWO-WAY COMMUNICATION

Номер: US20180013559A1
Автор: Hassan Amer
Принадлежит: Microsoft Technology Licensing, LLC

The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. Each of the communicating devices determines the information without communicating key information related to the encryption key with the other. Each device receives a setup signal sent by the other device. Each device samples the received signal, generates sampling results, creates a plurality of keys based on the sampling results, selects a key of the plurality of keys based on criteria, and utilizes the selected key. The sets of plurality of keys may be created by creating each of the keys based on a different power threshold applied to the sampling results. The sets of plurality of keys may also be created by inputting the sampling results into each of a plurality of decoders to generate a key at each decoder that comprises a key of the plurality of keys. 1. A first device comprising:one or more processors; and, receive a setup signal from a second device;', 'sample the setup signal and generate sampling results;', 'create a plurality of keys using the sampling results;', 'select a key from the plurality of keys; and,', 'utilize the selected key to exchange at least one data signal with the second device., 'memory in communication with the one or more processors, the memory comprising code that, when executed, causes the one or more processors to control the first device to2. The first device of claim 1 , wherein sampling the setup signal and creating the plurality of keys comprises:generating the sampling results as a plurality of sets of bits, wherein each of the sets of bits indicates a magnitude of a sampled level;creating a first key of the plurality of keys from selected bits of each of the plurality of sets of bits indicating a magnitude above a first threshold; and,creating a second key of the plurality of keys by creating the second key from selected bits of each of the plurality of sets of bits indicating a magnitude above a ...

Подробнее
Номер записи: 39
14-01-2016 дата публикации

ENCRYPTION CODE GENERATION USING SPIN-TORQUE NANO-OSCILLATORS

Номер: US20160013940A1
Автор: Augustine Charles, Tokunaga Carlos, Tschanz James W.
Принадлежит:

Embodiments include apparatuses, methods, and systems for generation of an encryption key. In various embodiments, an authentication circuit may include a first bank of spin-torque nano-oscillators (STNOs) including a plurality of STNOs to generate respective oscillation signals and a second bank of STNOs including a plurality of STNOs to generate respective oscillation signals. The authentication circuit may further include a key generation circuit to select a first oscillation signal from the plurality of oscillation signals associated with the first bank of STNOs and a second oscillation signal from the plurality of oscillation signals associated with the second bank of STNOs. The key generation circuit may generate an encryption key based on a frequency of the first oscillation signal and a frequency of the second oscillation signal. 1. An apparatus , comprising:a first bank of spin-torque nano-oscillators (STNOs) including a plurality of STNOs to generate respective oscillation signals;a second bank of STNOs including a plurality of STNOs to generate respective oscillation signals; and select a first oscillation signal from the plurality of oscillation signals associated with the first bank of STNOs;', 'select a second oscillation signal from the plurality of oscillation signals associated with the second bank of STNOs; and', 'generate an encryption key based on a first frequency of the first oscillation signal and a second frequency of the second oscillation signal., 'a key generation circuit coupled to the first and second banks of STNOs, the key generation circuit to2. The apparatus of claim 1 , wherein the key generation circuit includes:a first multiplexer coupled to the first bank of STNOs to select the first oscillation signal based on a first select signal; anda second multiplexer coupled to the second bank of STNOs to select the second oscilation signal based on a second select signal.3. The apparatus of claim 2 , wherein the key generation circuit ...

Подробнее
Номер записи: 40
14-01-2016 дата публикации

Generation of encryption keys based on location

Номер: US20160013941A1
Автор: Can Emre Koksal, Onur Gungor
Принадлежит: Ohio State Innovation Foundation

A method of generating an encryption key including determining, by a processor, a distance between a first node and a second node, and generating, by the processor, a first encryption key based on the distance between the first node and the second node. The method also includes compressing, by the processor, the first encryption key to generate a compressed encryption key; and applying, by the processor, a universal hash function to the compressed encryption key to generate a second encryption key. The second encryption key is smaller than the first encryption key.

Подробнее
Номер записи: 41
10-01-2019 дата публикации

SECURE CIRCUIT FOR ENCRYPTION KEY GENERATION

Номер: US20190013939A1
Автор: BENSON Wade, Brouwer Michael, Finkelstein David, Hauck Jerrold V., Kuzela Vratislav, MENSCH Thomas, Sykora Libor, Whalley Andrew R.
Принадлежит:

Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit. 1. An integrated circuit , comprising:at least one processor; and receive, via the mailbox mechanism, a first request from an application executing on the processor, wherein the first request is a request to issue a certificate to the application;', generate a key pair having a public key and a private key; and', 'issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair., 'in response to the first request], 'a secure circuit isolated from access by the processor except through a mailbox mechanism, wherein the secure circuit is configured to2. (canceled)3. The integrated circuit of claim 1 , wherein the secure circuit is configured to:receive, from the application via the mailbox mechanism, a second request to perform a cryptographic operation with the private key on a set of data from the application; andin response to the second request, perform the cryptographic operation using a public key included in the secure circuit.4. The integrated circuit of claim 3 , wherein the cryptographic operation is generating a signature from the set of data ...

Подробнее
Номер записи: 42
14-01-2021 дата публикации

Methods, systems, apparatus, and articles of manufacture to manage access to decentralized data lakes

Номер: US20210014047A1
Автор: Francesc Guim Bernat, Kshitij Arun Doshi, Ned M. Smith, Timothy Verrall, Uzair Qureshi
Принадлежит: Intel Corp

An apparatus to manage a data lake is disclosed. A disclosed example apparatus includes a location selector to select an edge device to store the data lake, a key generator to, in response to an indication that a service is authorized to access the data lake, generate an encryption key corresponding to the data lake and generate a key wrapping key corresponding to the edge device, and a key distributor to wrap the encryption key using the key wrapping key, and distribute the encryption key and the key wrapping key to the edge device, the encryption key to enable the service on the edge device to access the data lake.

Подробнее
Номер записи: 43
21-01-2016 дата публикации

Encryption device with configurable security functionality using network authorization code

Номер: US20160021068A1
Автор: Burton George Tregub, Duane J. LINSENBARDT, John N. Young, Robert R. Jueneman, William Reid Carlisle
Принадлежит: Spyrus Inc

A device and method for file encryption and decryption with a cryptographic processor reconstituting a file encryption key from a version of the key which has been shrouded with a network authorization code. This meets a need for restricted communication and data containment by limiting access to a pre-defined community-of-interest, so that no one outside of that community can decrypt encrypted content.

Подробнее
Номер записи: 44
17-01-2019 дата публикации

Counterparty physical proximity verification for digital asset transfers

Номер: US20190019144A1
Автор: Robert J. Gillen
Принадлежит: United Parcel Service of America Inc

Embodiments are provided for verifying physical proximity of counterparties in digital asset transfers. A sender device receives a recipient hash and a recipient address are received, where recipient hash is generated by the recipient device based on each of the associated recipient address and a first set of location parameters. The sender device obtains a second set of location parameters that corresponds to a detected physical location thereof. The sender device employs the obtained second set of location parameters to decipher the recipient hash, and generates a request to transfer a digital token from a sender address associated with the sender device to the recipient address based on a determination that the deciphered recipient hash corresponds to the received recipient address.

Подробнее
Номер записи: 45
03-02-2022 дата публикации

Method, User Device, Management Device, Storage Medium and Computer Program Product For Key Management

Номер: US20220038263A1
Автор: Bangya MA, Jianliang Gu, Lei Zhang
Принадлежит: Vechain Global Technology Sarl

The present disclosure provides methods and devices for key management. In one example, a method of key management comprises: obtaining, at a user device, a number of users in a group of users and a minimum number of users for restoring a transaction key; randomly generating the transaction key; splitting the transaction key into a plurality of sub-keys, the number of sub-keys being the same as the number of users; and sending the plurality of sub-keys to a management device, each of the plurality of sub-keys being encrypted with a public key of a user corresponding to a sub-key.

Подробнее
Номер записи: 46
03-02-2022 дата публикации

Secure Token Transfer between Untrusted Entities

Номер: US20220038282A1
Автор: Gujarathi Ashish, Nambiar Vikas, Teramoto Harold
Принадлежит:

Methods and systems for providing a token to a protected portion of a computing device are described herein. A computing device may comprise a first portion and a second portion, and the second portion may be prevented by a security policy from interacting with the first portion. A server may receive, from a first application executing on a first portion of the computing device, a token. The server may generate a key based on the token. The server may send the key to a second portion of the computing device. The second portion of the computing device may send a request for the token, and the request may comprise the key. The server may send the token to the second portion of the computing device. The token may be encrypted such that the unencrypted token is not available to the server. 1. A method comprising:receiving, by a server and from a first application executing on a first portion of a computing device, a token;generating a key corresponding to the token;storing, in a database, the token and the key;sending, by the server and to a second portion of the computing device, the key, wherein the second portion of the computing device is prevented by a security policy from interacting with the first portion of the computing device;receiving, from the second portion of the computing device, a request for the token, wherein the request comprises the key;retrieving, from the database and using the key, the token; andsending, to the second portion of the computing device, the token.2. The method of claim 1 , wherein sending the key comprises:compiling a second application, wherein the compiled application comprises the key; andsending, to the second portion of the computing device, the second application.3. The method of claim 2 , wherein compiling the second application comprises signing the second application with the key.4. The method of claim 1 , wherein sending the key comprises:sending, to a mobile device management application configured to manage the second ...

Подробнее
Номер записи: 47
17-01-2019 дата публикации

PROCESS FOR MONOVALENT ONE-TO-ONE EXTRACTION OF KEYS FROM THE PROPAGATION CHANNEL

Номер: US20190020473A1
Автор: DELAVEAU François, KAMENI NGASSA Christiane, LEMÉNAGER Claude, MAZLOUM Taghrid, MOLIÈRE Renaud, SHAPIRA Nir, SIBILLE Alain
Принадлежит:

A method for generating an encryption key is provided to encrypt data exchanged between a first user and a second user, wherein the key is determined from measurements of the transmission channel. 1. A method for univalent and unequivocal extraction of keys from a propagation channel , said keys being intended to protect data exchanged between a first user A and a second user B , a user including one or more emitters and one or more receivers , the data being transmitted via the propagation channel , wherein it comprises at least the following steps:a) Measuring, by way of the receiver(s) of the first and of the second user A, B, signals S coming from each emitter of the other user, measuring the parameters of the corresponding propagation channel, and then estimating the corresponding complex impulse responses of the propagation channel or corresponding complex frequency responses of the propagation channel,b) Selecting, in a univalent manner, for each user A, B, a set of complex channel coefficients resulting from the estimations of the complex impulse responses of the propagation channel or of the complex frequency responses of the propagation channel, and retaining the coefficients that exhibit a cross-correlation lower than an adjustable predetermined threshold value,c) Quantifying and formatting, for each user, the selected complex channel coefficients by applying a geometrical mesh of the complex plane in which the channel coefficients take their value, numbering the complex coefficients according to the mesh to which they belong, and error correction techniques to said numbering,d) Using, in a univalent and unequivocal manner, for each user, digital data resulting from said quantification and from said formatting in the form of secret keys so as to encrypt the string of transmitted data.2. The method as claimed in claim 1 , wherein it uses a communication mode between users claim 1 , a temporal duplex mode employing one and the same carrier frequency for the ...

Подробнее
Номер записи: 48
17-01-2019 дата публикации

Method for Using Cryptography and Authentication Methods and Systems for Carrying Out Said Method

Номер: US20190020484A1
Автор: Boeckeler Gregor, Cölle Niels, Maier Thomas, Schäffner Johannes, Stoll Michael, Wehr Stephan
Принадлежит:

The invention relates to a method to initiate the use of cryptography and authentication methods and to perform these methods. The method comprises the steps of: generating a URI (), calling () a communication component () using the generated URI and a proprietory URI scheme; performing () the cryptography and authentication method by the local communication component (); generating () at least one result () by the communication component (). 1. A method of using cryptography and authentication methods comprising:generating a URI;calling a communication component using the generated URI and a proprietory URI scheme;performing one of the cryptography or the authentication method by the communications component; andgenerating at least one result by the communication component.2. The method according to claim 1 , further comprising:registering the proprietory URI scheme for calling the communication component.3. The method according to claim 1 , further comprising:access to a security device by the communication component.4. The method according to claim 1 , further comprising:polling an identifier by the communication component prior to performing the cryptography and authentication method.5. The method according to claim 1 , further comprising:generating the URI on the external computer and transferring the URI from the external computer to the local application prior to calling the communications component.6. The method according to claim 1 , further comprising:forwarding the generated result to the local application or to an external computer.7. The method according to claim 1 , further comprising:processing the generated result by the management application on the external computer.8. The method according claim 1 , wherein the result of the communication component is a signature over data or is encrypted or decrypted data.9. A local unit comprising:a processor having a local application and a local communication component which registers a URI scheme;a network ...

Подробнее
Номер записи: 49
17-01-2019 дата публикации

SYNTHETIC GENOMIC VARIANT-BASED SECURE TRANSACTION DEVICES, SYSTEMS AND METHODS

Номер: US20190020651A1
Автор: Benz Stephen, Chaturvedi Rahul, Soon-Shiong Patrick
Принадлежит:

Various devices, systems, structures and methods are disclosed related to securely authorizing a transaction by synchronizing digital genomic data with associated synthetic genomic variants. An embodiment of the present invention utilizes digital genomic data associated with an entity, such as a person, who may utilize a genome-based security device to complete a transaction. In one embodiment, a person may use a genome-based security device to communicate with an external device over a wireless or other communication interface, synchronize digital genomic data and an associated synthetic variant received from the external device with digital genomic data and associated synthetic variant stored on the genome-based security device. 1. A genome-based security device comprising:a memory storing digital genomic data associated with at least one entity, wherein the digital genomic data comprises at least one synthetic variant and actual genomic data unique to the at least one entity wherein the synthetic variant is different from the actual genomic data and at least a portion of the synthetic variant includes one or more base pairs that do not match a corresponding portion of the actual genomic data; synchronizes the digital genomic data comprising the at least one synthetic variant and the actual genomic data with external digital genomic data comprising at least one external synthetic variant and external actual genomic data unique to the at least one entity and received from an external device wherein at least a portion of the external synthetic variant includes one or more base pairs that do not match a corresponding portion of the external actual genomic data; and', 'authorizes a transaction upon synchronization of the at least one synthetic variant with respect to the external synthetic variant; and, 'a processing unit configurable to execute instructions which upon executiona communication interface coupled with the processing unit configured to communicatively ...

Подробнее
Номер записи: 50
16-01-2020 дата публикации

METHODS AND SYSTEMS FOR ENCRYPTING DATA FOR A WEB APPLICATION

Номер: US20200021567A1
Автор: Kurde Rahul Prakash, Paliwal Amit, Patil Abhinandan, Salgaonkar Rupesh, Yedalawar Anup
Принадлежит: MasterCard International Incorporated

Embodiments provide methods, and systems for encrypting data for web aplication. A method includes receiving, by a server system, a cryptographic certificate including asymmetric key pair. The method includes generating a random value key that forms at least a part of a Content Encryption Key (CEK) to be generated by a web application. The method includes sending the random value key to a client device running the web application over a secure network communication channel for generating the CEK. The CEK is to be utilized for encrypting a content entered by a user of the web application on the client device and the CEK is encrypted using a public key of the asymmetric key pair for transmission over the secure network communication channel. Furthermore, the method includes translating, the CEK encrypted under public key to CEK encrypted under LMK using a private key being part of the asymmetric key pair. 1. A computer-implemented method , comprising:generating, by a server system, a cryptographic certificate, the cryptographic certificate comprising an asymmetric key pair;generating, by the server system, a random value key, the random value key forming at least a part of a Content Encryption Key (CEK) to be generated by a web application;sending, by the server system, the random value key to a client device running the web application over a secure network communication channel for generating the CEK, wherein the CEK is to be utilized for encrypting a content entered by a user of the web application on the client device and wherein the CEK is encrypted using a public key being part of the asymmetric key pair for transmission over the secure network communication channel; andtranslating, by the server system, the CEK encrypted under the public key to CEK encrypted under a Local Master Key (LMK) using a private key, the private key being part of the asymmetric key pair.2. The method as claimed in claim 1 , wherein the private key is encrypted under the LMK of a ...

Подробнее
Номер записи: 51
21-01-2021 дата публикации

COMMUNICATION SYSTEM USING A RANDOM CODE AS AN ENCRYPTION CODE

Номер: US20210021415A1
Автор: Fung Shing Kwong
Принадлежит:

A communication system using a random code as an encryption code is disclosed. A first terminal transfers a request to the second terminal for providing a random code (rKey). The random code is used to encrypt commands in the proceeding communication process instead of using a master key (mKey) so as to avoid that the master key (mKey) is captured. The safety in data transmission is promoted greatly. In practical use, the encryption way can be used to a door access system which includes a mobile phone, a card reader, a door access controller, and a server program (such as ACX server program). The communication system using a random code as an encryption code assures that the communications between these devices are highly safe. 1. A communication system using a random code as an encryption code , comprising:a first terminal for transferring data to a far end terminal; the first terminal being stored with a master key (mKey);a second terminal signally connected to the first terminal for receiving the data from the first terminal; the second terminal being stored with the master key (mKey); the second terminal including a random signal generator for generating a random (rKey);wherein the first terminal serves to transfer a command (CMD) for requesting a random code; before transferring, the command (CMD) is encrypted to become an encrypted command (eCMD) by using the master key (mKey) which is then transferred to the second terminal;when the second terminal receives the encrypted command (eCMD) from the first terminal, the encrypted command (eCMD) is decrypted by the same master key (mKey) to get the command (CMD); then the second terminal instructs the random signal generator to generate a random code (rKey); then the random code (rKey) is encrypted by the master key (mKey) to generate an encrypted random code (erKey) which is transferred back to the first terminal;next, the first terminal receives the encrypted random code (erKey) from the second terminal, the first ...

Подробнее
Номер записи: 52
21-01-2021 дата публикации

CENTRALIZED VOLUME ENCRYPTION KEY MANAGEMENT FOR EDGE DEVICES WITH TRUSTED PLATFORM MODULES

Номер: US20210021418A1
Автор: Chamarajnagar Ravishankar, Gan Bo, George Sharath, Krishnamurthy Raghunath, Makhalov Alexey, Nambakam Sriram, Potapova Maria
Принадлежит:

The present disclosure relates to centralized volume encryption key management for edge devices with trusted platform modules (TPM)s. In some aspects a volume encryption key is generated for a gateway device. A sealing authorization policy is also generated for the gateway device. The sealing authorization policy is generated based on a predetermined platform configuration register (PCR) mask and expected PCR values. The volume encryption key and the sealing authorization policy are transmitted from the management service to the gateway device to provision the gateway device with the volume encryption key. 1. A system , comprising:at least one computing device; and generate, by a management service, a volume encryption key for a gateway device;', 'generate, by the management service, a sealing authorization policy based on a predetermined platform configuration register (PCR) mask and expected PCR values; and', 'transmit, from the management service to the gateway device, a command to seal the volume encryption key in a non-volatile memory of a trusted platform module (TPM) of the gateway device based on the predetermined PCR mask and the expected PCR values., 'at least one data store comprising instructions executable in the at least one computing device, wherein the instructions, when executed by at least one processor, cause the at least one computing device to at least2. The system of claim 1 , wherein the instructions claim 1 , when executed by the at least one processor claim 1 , cause the at least one computing device to at least:unseal, by extractor code of the gateway device, the volume encryption key, the volume encryption key being unsealed based on the predetermined PCR mask and measured PCR values that are measured during a boot process of the gateway device.3. The system of claim 2 , wherein the instructions claim 2 , when executed by the at least one processor claim 2 , cause the at least one computing device to at least:load, by the extractor code of ...

Подробнее
Номер записи: 53
21-01-2021 дата публикации

Access delegation using offline token

Номер: US20210021601A1
Автор: Nishant Singhai, Sanjay B. Panchal, Vikram Subhash Khopade, Vinod A. Valecha
Принадлежит: International Business Machines Corp

Described herein are techniques for delegating access using an offline token. The techniques including a method comprising receiving, at a server and from a delegate user device, a delegate login package comprising an offline token and delegate credentials. The offline token is generated at an offline user device and transmitted to the delegate user device for enabling the delegate user device to access access-controlled content associated with the offline user device. The techniques further include validating, by the server, the delegate login package by comparing the delegate credentials with delegate information stored in the offline token. The techniques further including establishing a delegated session between the delegate user device and the access-controlled content stored on the server in response to validating the delegate login package. Furthermore, the delegated session is established according to an access policy, delegation rights, and an expiration parameter stored in the offline token.

Подробнее
Номер записи: 54
28-01-2016 дата публикации

METHOD FOR PROTECTING DATA STORED WITHIN A DISK DRIVE OF A PORTABLE COMPUTER

Номер: US20160026810A1
Автор: Hagiwara Mikio, Kasamatsu Eitaroh
Принадлежит:

A portable computer capable of protecting an encryption key that is sent out to a disk drive after a preboot process has ended is disclosed. The portable computer includes a disk drive for encrypting a volume as a whole, and for decoding data at the volume in response to a receipt of an encryption key from a system. The portable computer also includes a key transfer mechanism, a tamper detection mechanism and a protecting mechanism. In response to a boot process starting from a power-off state, the key transfer mechanism automatically sends the encryption key to the disk drive. The tamper detection mechanism detects a physical tampering of the disk drive. In response to a detection of a physical tampering by the tamper detection mechanism, the protecting mechanism prevents an operation of automatically sending the encryption key to the disk drive by the key transfer mechanism. 1. A portable computer comprising:a disk drive for encrypting a volume as a whole, and for decoding data at said volume in response to a receipt of an encryption key from a system;a key transfer mechanism for automatically sending said encryption key to said disk drive in response to a boot process starting from a power-off state;a tamper detection mechanism for detecting a physical tampering of said disk drive; anda protecting mechanism for preventing an operation by said key transfer mechanism to automatically send said encryption key to said disk drive in response to a detection of a physical tampering by said tamper detection mechanism.2. The portable computer of claim 1 , wherein said protecting mechanism includes a Trusted Platform Module (TPM) that seals said encryption key using a Platform Configuration Register (PCR).3. The portable computer of claim 2 , wherein said key transfer mechanism makes an unseal request of said encryption key to said TPM before transferring said encryption key.4. The portable computer of claim 2 , wherein after a system firmware has written a hash value at a ...

Подробнее
Номер записи: 55
23-01-2020 дата публикации

Electronic anti-tamper device

Номер: US20200026888A1
Автор: Christopher Mobley
Принадлежит: Blueskytec Ltd

This invention relates to an anti-tamper assembly for a circuit board comprising one or more electronic components, the assembly comprising: a container having side walls, a first, closed end and a second, opposing, open end, the container being configured to be mounted on said circuit board at said open end, over at least one of said electrical components, to form, in use, a sealed cavity around said at least one of said electrical components; a source of radioactive particles mounted within said container; an image sensor for capturing image frames within said sealed cavity, in use, wherein said image sensor comprises a detector region defining an array of pixels; and a processor for receiving said captured image frames, monitoring said image frames for changes in the statistical distribution of active pixels and, in the event that statistical distribution of active pixels indicates the presence of a feature in an image frame, generating a tamper alert.

Подробнее
Номер записи: 56
10-02-2022 дата публикации

Systems and Methods for Privacy-Reserving Data Hiding

Номер: US20220045858A1
Автор: Gotsman Craig, Hormann Kai
Принадлежит:

Described in detail herein is a method for encrypting or encoding time-stamped location data associated with a computing device. The method converts time and location information associated with the computing device into a vector format. The method generates a code vector based on the converted time and location vector. The method sorts entries in the code vector based at least in part on a predetermined ordering scheme. The method executes a random modification to each of the sorted entries. The method compares the code vector to at least one other code vector associated with another computing device. The method identifies other code vectors within a specified distance of the given code vector. The method concludes that the computing device and the at least one other computing device were in proximity to each other during a time period corresponding to the time information. 1. A method for encrypting location data associated with a computing device into a code vector to hide the location data , the method comprising:converting time and location information associated with the location data of the computing device into a vector format;generating the code vector based on the converted time and location vector using a linear or non-linear transformation;sorting entries in the code vector based at least in part on a predetermined ordering scheme;executing a random modification to each of the sorted entries;comparing the code vector to at least one other code vector associated with at least one other computing device;determining a distance between the code vector and at least one other code vector; anddetermining, based on the determined distance, whether the computing device and the at least one second computing device were in proximity to each other during a time period corresponding to the time information.2. The method of claim 1 , wherein the computational complexity associated with decoding the code vector renders recovery of the time and location information from ...

Подробнее
Номер записи: 57
24-01-2019 дата публикации

Remote attestation of a security module's assurance level

Номер: US20190028281A1
Автор: Burton George Tregub, Daniel Elvio Turissini, William Reid Carlisle
Принадлежит: Spyrus Inc

A method by which a hardware security module can attest remotely to its measure of trust as determined by its security certifications and the Level of Assurance it can be relied on to support without the human witnessing elements that are currently used to validate this trust. In a further embodiment the Level of Assurance can be transported to a second hardware security module.

Подробнее
Номер записи: 58
24-01-2019 дата публикации

ELECTRONIC DEVICE AND METHOD FOR PROCESSING DATA IN ELECTRONIC DEVICE

Номер: US20190028890A1
Автор: PARK Hye-Won
Принадлежит:

Provided are an electronic device and a method for processing data in the electronic device. The electronic device may receive server registration time-related information—that is, information related to a time when at least one beacon device becomes registered in a server, and decrypt at least one beacon signal received from the at least one beacon device based on the received server registration time-related information. 1. A method for processing data in a beacon device , the method comprising:registering the beacon device in a server;determining an elapsed time from a registration time that indicates information related to a time when the beacon device becomes registered in the server;generating a secret key using the elapsed time;encrypting at least part of data in a beacon signal using the secret key; and receive the registration time from the server,', 'in response to receiving the beacon signal from the beacon device, decrypt the beacon signal using the secret key calculated based on the received registration time; and', 'transmit a message to request a service related to the decrypted beacon signal to the server, in response to determining that the decrypted beacon signal is valid based on a determination of time information included in the decrypted beacon signal., 'broadcasting the beacon signal to an electronic device, wherein the electronic device is configured to2. The method of claim 1 , wherein the time information included in the decrypted beacon signal corresponds to the elapsed time.3. A method for processing data in a server claim 1 , the method comprising:determining server registration time-related information that indicates information related to a time when at least one beacon device becomes registered in the server;transmitting the server registration time-related information to an electronic device;receiving a request for a service related to a beacon signal from the electronic device; andtransmitting the requested beacon signal-related ...

Подробнее
Номер записи: 59
23-01-2020 дата публикации

Anonymous eCommerce Behavior Tracking

Номер: US20200028926A1
Автор: Durg Sameet U., Fortuna George Mario, Frank William Fielding, Sprague Michael
Принадлежит:

A system and corresponding method gather information about browsing and purchasing behavior of web users to avoid tracking information associated with individual web browser instances. The system enables collection of historical and statistical information by legitimate interested parties to be severed from information about the behavior of a browser instance, and so too from information about the user of the browser instance. The system is configured to perform at least one of: (i) masking a web browser cookie to prevent use of the cookie to access browsing information related to a user and (ii) replace stories about sequences of browser behaviors with statistics about abstracted “story types.” A story type is a sequence of behavior types common to all web browser instances which have performed that sequence. An example embodiment uses masking and aggregation techniques, frequently, and includes a variety of industry standard security measures specially adapted to these purposes. 1. A computer-implemented method of anonymous browser tracking , the method comprising:accessing a web site through an instance of a web browser executing on a computing device, the website being accessed from a web server of an online service provider; andpreventing use of a cookie associated with the web browser instance to access web browsing information related to a user of the web browser instance.2. The method of claim 1 , wherein preventing use of the cookie to access the web browsing information includes:encrypting the cookie at the web server using an encryption key;storing the encrypted cookie and encryption key only at the web server;storing the generated cookie only at the computing device; andeach time the cookie is delivered to the web server with an associated web browser event, (i) encrypting the delivered cookie using the encryption key and (ii) validating the encrypted delivered cookie against the stored encrypted cookie prior to recording the web browser event.3. The ...

Подробнее
Номер записи: 60
28-01-2021 дата публикации

SECURE DISTRIBUTED KEY MANAGEMENT SYSTEM

Номер: US20210028931A1
Автор: CHAN Matthew David, KUNG Siu Kei Thomas, LAU Wai King Jason, NG Ming Sum Sam
Принадлежит:

A distributed key management system, which contains a server, a plurality of key-holding devices adapted to communicate with the server; and a key-requesting device adapted to communicate with the server. Each one of the plurality of key-holding devices is adapted to hold a different fragment of a private key. The server is adapted to reconstruct the private key based on the fragments received from the plurality of key-holding devices. The key-requesting device is adapted to obtain the private key from the server. The systems according to the invention provide a zero-trust model key management scheme and would eliminate the risk of key leakage to unauthorized person while providing flexibility of authorizing devices. 1. A distributed key management system , comprisinga) a server;b) a plurality of key-holding devices adapted to communicate with the server; andc) a key-requesting device adapted to communicate with the server;wherein each one of the plurality of key-holding devices is adapted to hold a different fragment of a private key; the server adapted to reconstruct the private key based on the fragments received from the plurality of key-holding devices; and the key-requesting device adapted to obtain the private key from the server.2. The system of claim 1 , wherein the server is further adapted to reconstruct the private key based on the fragments received from at least a part of the plurality of key-holding devices.3. The system of claim 2 , wherein the server is adapted to reconstruct the private key using Shamir's Secret Sharing algorithm over Galois Field 256.4. The system of claim 3 , wherein the private key is a random number or is constructed using a random number claim 3 , and the private key is a byte array with byte value in 0-255 range.5. The system of claim 1 , wherein the key-requesting device is adapted to produce a final key based on the private key received from the server such that the server has no access to the final key.6. The system of ...

Подробнее
Номер записи: 61
28-01-2021 дата публикации

SYSTEMS AND METHODS OF SECURING DIGITAL CONVERSATIONS FOR ITS LIFE CYCLE AT SOURCE, DURING TRANSIT AND AT DESTINATION

Номер: US20210028940A1
Автор: MOON Billy Gayle
Принадлежит: Whitestar Communications, Inc.

The systems and methods of securing digital conversations for its life cycle, comprising: establishing a secure channel on a private network to receive communication on a first profile from another profile on a whitelist using alias and digital keys; establishing a cryptographic key that is of a length that is supported by the computing device of the first profile; sending an encrypted conversation with digital signature using a first temporal key of detected cryptographic key length to a second profile; storing the sent conversation in a digital vault with the first temporal key; receiving an encrypted response with digital signature using a second temporal key from the second profile; decrypting the response after validating the digital signature; re-encrypting the response with a third temporal key; storing the re-encrypted response in the digital vault with the third temporal key. 1. A method of securing digital conversations for its life cycle , comprising:establishing a secure channel on a private network to receive communication on a first profile from another profile on a whitelist using alias and digital keys;establishing a cryptographic key that is of a length that is supported by the computing device of the first profile;sending an encrypted conversation with digital signature using a first temporal key of detected cryptographic key length to a second profile;storing the sent conversation in a digital vault with the first temporal key;receiving an encrypted response with digital signature using a second temporal key from the second profile;decrypting the response after validating the digital signature;re-encrypting the response with a third temporal key;storing the re-encrypted response in the digital vault with the third temporal key.2. The method of claim 1 , further comprising:rekeying the digital keys of one or more profiles is triggered using one or more of the following: at discretion, automatic based on time or geographic location, manual, on ...

Подробнее
Номер записи: 62
02-02-2017 дата публикации

Sharing Resources Between Wireless Networks

Номер: US20170034835A1
Автор: Steve J. Shattil
Принадлежит: Genghiscomm Holdings LLC

A radio transceiver comprises a first baseband processor, a second baseband processor, and a radio transmitter coupled to the first and second baseband processors. The first baseband processor receives a radio channel allocation from a first network comprising a radio frequency reserved for communicating in the first network. The second baseband processor is configured to process baseband data for communicating in a second network. The radio transmitter is configured to employ the radio frequency for communication in the second network while the radio frequency is reserved in the first network.

Подробнее
Номер записи: 63
01-02-2018 дата публикации

Authentication tag, device, system and method

Номер: US20180034631A1
Автор: François-Xavier MARMET, Lionel Ries
Принадлежит: Centre National dEtudes Spatiales CNES

The invention discloses an authentication system of objects, physical or virtual, comprising an authentication mark and, as an option, an authentication message, generated by an authentication device and controlled by a verification/decoding device in combination with an authentication server managed by an authenticating authority. The authentication mark in the tag/message may comprise GNSS RF raw signals and/or GNSS raw data. The authentication mark comprises data and may be formatted, for example, in a bitstream, a data stream, a QRCode, an RFID tag or an NFC tag. The authentication server is configured to cause a GNSS signals simulator to reproduce the GNSS RF raw signals and/or GNSS raw data at the location and time interval of production of the object and to compare the results of the simulation to the authentication mark comprising data received directly from the authentication device or received from a verification device and issue a validation, a denial or a doubt from the comparison.

Подробнее
Номер записи: 64
04-02-2016 дата публикации

Shared secret for wireless devices

Номер: US20160037336A1
Автор: Michael John Roberts
Принадлежит: EMPIRE TECHNOLOGY DEVELOPMENT LLC

In some examples, a device may include a communication interface configured to exchange signals with another device, and a computing component configured to autonomously calculate a centroid of a plurality of devices of which the device is a part, based at least in part on relative distances between the device and others of the plurality of devices and relative distances among the others of the plurality of devices, and autonomously establish the centroid as a shared secret.

Подробнее
Номер записи: 65
31-01-2019 дата публикации

DATA DISTRIBUTION OVER NODAL ELEMENTS

Номер: US20190036895A1
Автор: Irvine David
Принадлежит:

A data communication system to provide secure data communication. The data communication system comprises an arrangement of elements coupled via communication links, wherein the elements comprise one or more user devices, one or more nodal elements or one or more servers, and/or one or more routers. The data communication system is operable to communicate data therein in a format which comprises data chunks which have been encrypted and obfuscated and are defined by one or more data maps, wherein the data communication system is configured to categorize the elements into one or more trusted elements and one or more untrusted elements, to receive votes from the one or more trusted elements to compute a consensus for verifying one or more transaction events. Optionally, the data communication system uses the received votes from the one or more trusted elements to compute a consensus for verifying a reliability of one or more elements of the public/non-permissioned network of the data communication system, wherein the consensus from the one or more trusted elements is used to disconnect selectively one or more unreliable elements from the data communication system. 1. A data communication system comprising an arrangement of one or more user devices , one or more nodal elements or one or more servers , and/or one or more routers coupled via communication links , the data communication system being configured to:communicate data in a format having encrypted and obfuscated data chunks defined by one or more data maps;categorize the one or more user devices, one or more nodal elements or one or more servers, and/or one or more routers into one or more trusted elements and one or more untrusted elements with a trust verification arrangement configured to determine whether a given element is a trusted element or an untrusted element; andwith votes received from the one or more trusted elements, verify one or more transaction events from a consensus computed from asynchronous ...

Подробнее
Номер записи: 66
30-01-2020 дата публикации

Encryption key block generation with barrier descriptors

Номер: US20200036513A1
Автор: Dulce B. Ponceleon, John B. Geagan
Принадлежит: International Business Machines Corp

Encryption key block generation with barrier descriptors is provided. In some embodiments, a descriptor is read. The descriptor includes a list of revoked devices and a list of boundaries between devices. A plurality of subset differences is generated. The plurality of subset-differences covers a plurality of devices. None of the plurality of devices appears in the list of revoked devices. None of the plurality of subset differences spans any of the boundaries. Encrypted information is generated based on the subset differences.

Подробнее
Номер записи: 67
04-02-2021 дата публикации

APPARATUS AND METHOD FOR PROCESSING AUTHENTICATION INFORMATION

Номер: US20210036875A1
Автор: CHOI Byong Deok, Jee Kwang Hyun, Kim Dong Hyun, KIM Dong Kyue
Принадлежит:

Provided is an information processing apparatus including a physical unclonable function (PUF) to generate a unique key using a process variation in a semiconductor manufacturing process, and an encryption unit to encrypt a password and/or bio-information received from a user using the unique key. 1. An information processing apparatus comprising:a physical unclonable function (PUF) to generate a first unique key as an unpredictable digital value based on electrical characteristics between nodes generated on a semiconductor element by a process variation in a semiconductor manufacturing process;a memory to store a second unique key; andan encryption processor to encrypt received data using one of the first unique key and the second unique key and store the data encrypted.2. The information processing apparatus of claim 1 , wherein the PUF generates the first unique key using whether a short or open occurs between nodes generated on a semiconductor element by a process variation in a semiconductor manufacturing process.3. The information processing apparatus of claim 2 , wherein the PUF generates the first unique key using whether an interlayer contact formed between conductive layers of a semiconductor short-circuits the conductive layers.4. The information processing apparatus of claim 3 , wherein the interlayer contact formed between the conductive layers of the semiconductor is formed to have a smaller size than that according to the design rule provided in the semiconductor manufacturing process.5. The information processing apparatus of claim 3 , wherein the PUF is configured to set the size of the interlayer contact formed between the conductive layers of the semiconductor such that a difference between a probability of the interlayer contact short-circuiting the conductive layers and a probability of the interlayer contact not short-circuiting the conductive layers is within a preset error range.6. The information processing apparatus of claim 2 , wherein the ...

Подробнее
Номер записи: 68
09-02-2017 дата публикации

CONFIGURING CRYPTOGRAPHIC SYSTEMS

Номер: US20170041140A1
Автор: ANTHONY Deven J., CREECH John Jared, PIERCE David Barnard, PRUIETT Jay Robert, STEFFLER Joseph Bernard
Принадлежит:

Systems and methods for configuring a cryptographic system, such as an avionic data transfer system associated with an aircraft, are provided. More particularly, systems and methods can be used to assemble a cryptographic key configuration (CKC) for use in a cryptographic system. A CKC can include various components for configuration of a cryptographic system. An administrator can generate CKCs for multiple host systems via a user interface (e.g., a graphical user interface) at a terminal and can deliver the CKCs to the host systems via an automated process by way of, for instance, a removable data cartridge. 1. A method for configuring a cryptographic system associated with an aircraft , comprising:receiving, by one or more processors, data indicative of a user specifying a cryptographic key configuration action;accessing, by the one or more processors, one or more databases storing cryptographic information;generating, by the one or more processors, a cryptographic key configuration based at least in part on the cryptographic information and the cryptographic key configuration action; andtransferring, by the one or more processors, the cryptographic key configuration for storage on a removable data storage device.2. The method of claim 1 , wherein the method comprises:engaging the removable storage device with an avionic data transfer system associated with the aircraft; andconfiguring the avionic data transfer system based at least in part on the cryptographic key configuration stored on the removable data storage device.3. The method of claim 1 , wherein the cryptographic key configuration comprises one or more of user account data claim 1 , data mapping authorized users to cryptographic ignition keys claim 1 , data indicative of one or more cryptographic keys claim 1 , data mapping one or more cryptographic keys to one or more cryptographic units claim 1 , or a load script for loading the one or more cryptographic keys to the cryptographic system.4. The method ...

Подробнее
Номер записи: 69
09-02-2017 дата публикации

Multi-use long string authentication keys

Номер: US20170041146A1
Автор: Terry L. Davis
Принадлежит: Terry L. Davis

An authentication system that uses a multi-use long string authentication key to authenticate client device access to protected resources, is presented. The authentication system is based on a shared knowledge of long string authentication key. The authentication key is used as a platform to derive digital signatures for access to protected resources. One or more authentication parameters can be used in combination with the authentication key to derive or validate digital signatures. The one or more authentication parameters can include a key index parameter, a key offset parameter, and a key length parameter. The digital signatures derived from authentication keys can be used to control access to various types of protected resources such as, digital house, a vehicle fob key, a remote garage door opener, a hotel room card key, credit or debit cards magnetic strip or chip, online financial accounts, computer or control systems, or website authentication.

Подробнее
Номер записи: 70
08-02-2018 дата публикации

SYSTEMS AND METHODS FOR DELEGATED CRYPTOGRAPHY

Номер: US20180041484A1
Автор: GIFFORD David, GRINMAN Alex, KING Kevin Churan
Принадлежит: KryptCo, Inc.

In some embodiments, an authentication method comprises receiving a request for a digital signature of data from a delegate computer over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link; displaying information derived from the data; prompting a user for approval of the request with information derived from the data; in response to receiving approval from the user, creating the digital signature of the data using one or more private keys stored in a key enclave; and sending the digital signature to the delegate computer over the secure channel. 1. An authentication method comprising:receiving a request for a digital signature of data from a delegate computer over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link;displaying information derived from the data;prompting a user for approval of the request with information derived from the data;in response to receiving approval from the user, creating the digital signature of the data using one or more private keys stored in a key enclave; andsending the digital signature to the delegate computer over the secure channel.2. The authentication method of claim 1 , further comprising:reading a first key displayed on the delegate computer with a camera, wherein the first key is a public key;sending a second key to the delegate computer; andsecuring communication with the delegate computer using at least one of the first and second keys or one or more keys derived from the first and second keys.3. The authentication method of claim 2 , further comprising:receiving during a confirmation stage a message from the delegate computer secured using at least one of the first and second keys or one or more keys derived from the first and second keys; andconfirming the secure channel in response to receiving the message from the delegate computer.4. The ...

Подробнее
Номер записи: 71
12-02-2015 дата публикации

DETERMINING AN IDENTIFIER

Номер: US20150046718A1
Автор: Meyer Bernd
Принадлежит:

A method for determining an identifier on the basis of a multiplicity of cells is proposed, wherein the cells are subdivided into subsets, wherein the fact of whether a reconstructable information item is determinable is ascertained for each of the subsets, wherein, if a reconstructable information item is determinable for a subset, the reconstructable information item is determined and stored, wherein, if a reconstructable information item is not determinable for a subset, an error information item is determined and stored for this subset. 1. A method for determining an identifier based on a plurality of cells , the method comprising:subdividing the cells into subsets; and wherein, if a reconstructable information item is determinable for a subset, determining and storing the reconstructable information item, and', 'wherein, if a reconstructable information item is not determinable for a subset, determining and storing an error information item for this subset., 'ascertaining whether a reconstructable information item is determinable for each of the subsets,'}2. The method as claimed in claim 1 , wherein the error information item is determined according to a predefined scheme.3. The method as claimed in claim 1 , wherein the error information item is fixedly predefined or randomly determined for the subset.4. The method as claimed in claim 1 , further comprising:providing an error set comprising at least one cell,wherein the error information item is determined based on a reconstructable information item of the error set and is stored.5. The method as claimed in claim 4 , further comprising:recursively applying the subdividivision of the error error set into subsets.6. The method as claimed in claim 1 , wherein the identifier comprises at least one reconstructable information item.7. The method as claimed in claim 1 , wherein the identifier is determined by means of an error correction based on at least one of the at least one reconstructable information item and ...

Подробнее
Номер записи: 72
24-02-2022 дата публикации

ATTESTED END-TO-END ENCRYPTION FOR TRANSPORTING SENSITIVE DATA

Номер: US20220060323A1
Автор: CHAKRABARTI Saikat, Dohare Pratibha Anjali, Iftikhar Rehan Loring, Payne Brian Spencer
Принадлежит: ORACLE INTERNATIONAL CORPORATION

Techniques are disclosed for enabling attested end-to-end encryption for transporting sensitive data between devices. In one example, an origination device receives and verifies, in a secure environment, a policy profile that includes an origination key of the origination device and a destination key of a destination device. The origination device generates and seals a data encryption key based on a characteristic of the secure environment. The origination device then encrypts the data encryption key with a public key of the destination device to form an encrypted data encryption key. The origination device then signs the encrypted data encryption key with a private attestation identity key of the origination device. The origination device encrypts the sensitive data with the sealed data encryption key to form encrypted data, and then transmits the signed encrypted data encryption key and the encrypted data to the destination device for subsequent decryption of the encrypted data. 1. A computer-implemented method , comprising:receiving, in a secure environment of a data transfer application, a policy profile from a data transfer service, including: (1) an origination key and (2) a destination key, the destination key corresponding to a public transfer key of a storage server that is associated with a transfer of particular sensitive data from the data transfer application to the storage server;verifying, by the data transfer application in the secure environment, the policy profile based at least in part on determining that the origination key corresponds to a public transfer key of the data transfer application;generating, by the data transfer application in the secure environment, a data encryption key;sealing, by the data transfer application in the secure environment, the data encryption key based at least in part on a characteristic of the secure environment;encrypting, by the data transfer application in the secure environment, the sealed data encryption key ...

Подробнее
Номер записи: 73
06-02-2020 дата публикации

UTILIZING A TRANSACTION CARD TO PROVIDE SECONDARY AUTHENTICATION FOR ACCESSING A SECURE APPLICATION WITH A USER DEVICE

Номер: US20200042993A1
Автор: JOHNSON Molly, Koeppel Adam, Locke Tyler, Perry Robert, ZARAKAS James
Принадлежит:

A transaction card includes a near-field communication (NFC) component, a security component, a wireless component, one or more memories, and one or more processors communicatively coupled to the one or more memories. The device receives a signal from a user device attempting to access a secure application, and energizes the NFC component based on the signal received from the user device. The device causes the security component to generate an encrypted code based on the NFC component being energized, and provides, via the security component, the encrypted code to the wireless component. The device provides, via the wireless component, the encrypted code to the user device to permit the user device to utilize the encrypted code as authentication for accessing the secure application. 1. A method , comprising:providing, by a user device and for display, a first request for user credentials for accessing an application;providing, by the user device, for display via the application, and based on an input associated with an application capability, a second request to perform a gesture with a transaction card;receiving, by the user device and based on the gesture being sensed at the transaction card, an encrypted code from the transaction card;providing, by the user device, the encrypted code to an application platform; andproviding, by the user device, for display, and based on the encrypted code being verified by the application platform, information associated with the application capability.2. The method of claim 1 , wherein the gesture includes at least one of:a tapping of the transaction card on at least one of the user device or a surface,a movement of the transaction card in a particular pattern,a flipping of the transaction card,a movement of a figure or hand in a particular pattern on the transaction card,a movement of a figure or hand in a particular pattern over the transaction card in a particular manner, ora tapping of the transaction card with a finger.3. ...

Подробнее
Номер записи: 74
24-02-2022 дата публикации

DISTRIBUTED NETWORK CONNECTIVITY MONITORING OF PROVIDER NETWORK EDGE LOCATION RESOURCES FROM CELLULAR NETWORKS

Номер: US20220061059A1
Автор: AGARWAL Pragya, Ballantyne Dougal Stuart, CHAYAPATHY Aditya, CHUNDI Sairam Sasank, DUNSMORE Devlin Roarke, Gupta Diwakar, WALTERS Mark
Принадлежит:

Techniques for distributed network connectivity monitoring of provider network edge location resources from cellular networks are described. A central service transmits test suites of commands to agents executed by test devices, which can execute the commands to test network characteristics between the test devices and target locations via one or multiple cellular communications networks. Results of the testing are sent back to the central service for processing, and the resultant metrics can be used for intelligent latency-based routing of clients, latency-based placement of resources, and/or performance monitoring of deployed resources. 1. A device comprising:a first network interface comprising a physical cellular network interface;a second network interface comprising at least a wireless local area network (WLAN) interface or an Ethernet interface;a processor; and{'claim-text': ['send a heartbeat message, via the second network interface, to a controller in a service provider network, the heartbeat message identifying a first version of a test configuration used by the agent;', 'receive, via the second network interface, a heartbeat response originated by the controller, the heartbeat response including a second version of the test configuration, the test configuration identifying a command to be performed by the device via use of a cellular communications network;', 'execute, multiple times according to a schedule, the command of the second version of the test configuration using the cellular communications network, each execution including transmitting one or more messages via the first network interface to a resource identified by the second version of the test configuration, wherein the resource is located within an edge location of the service provider network that is deployed within physical infrastructure of the cellular communications network; and', 'cause a result of the multiple executions of the command to be transmitted to the service provider ...

Подробнее
Номер записи: 75
07-02-2019 дата публикации

INCORPORATING SOFTWARE DATE INFORMATION INTO A KEY EXCHANGE PROTOCOL TO REDUCE SOFTWARE TAMPERING

Номер: US20190044709A1
Автор: Cronce Paul Allen, Fontana Joseph
Принадлежит:

Exemplary embodiments prevent tampering of a software date associated with a software application by incorporating the software date into a key exchange with a security domain. If the software date is tampered with, then the key exchange results in the wrong key exchange key. Without the correct key exchange key, the software application will fail its check of the license, and the software application will no longer continue to run. 1. A computer-implemented method for incorporating software date information into a key exchange protocol , comprising:during a software application protection phase, using a license key assigned to the software application and the software date of the software application to generate a first encryption key and a second encryption key;using the first encryption key to encrypt the software application, and bundling the second encryption key with the software application;storing the license associated with the software application, including the license key, in a security domain to protect the licensing key from discovery;when the software application is invoked on the computer, passing a license ID and the software date from the software application to the security domain;responsive to both the security domain containing the license identified by the license ID, and the software date being within a licensing date range of the license, using the license key stored in the security domain and the software date to generate the first encryption key and the second encryption key;encrypting first encryption key with the second encryption key to create a protected first encryption key, and passing the protected first encryption key to the computer; andusing the second encryption key bundled with the protected software application to decrypt the protected first encryption key resulting in a decrypted first encryption key, and using the first encryption key to decrypt the protected software application for execution.2. The method of claim 1 , ...

Подробнее
Номер записи: 76
07-02-2019 дата публикации

CRYPTOGRAPHIC KEY CREATION USING OPTICAL PARAMETERS

Номер: US20190044712A1
Автор: Hassan Amer A., Kuntz Roy
Принадлежит:

A cryptographic key generator for a first optical transceiver includes a photodetector that receives a continuous wave light beam received via an optical channel from a second optical transceiver. The generator samples and quantizes signals from the photodetector during a plurality of intervals to generate respective samples representing respective numbers of photons incident on the photod.etector during each of the plurality of intervals. The generator creates a first cryptographic key from the plurality of digital values. The second optical transceiver receives a continuous wave light beam from the first transceiver and performs the same functions to create a second cryptographic key. Due to the reciprocal nature of the channels, the first and second cryptographic keys match. 1. A cryptographic key generator for a first optical transceiver comprising:a photodetector configured to receive a first light beam from an optical channel;a memory including program instructions; receive signals from the photodetector in response to the light beam;', 'sample the signals from the photodetector during a first plurality of intervals to generate respective samples representing respective numbers of photons incident on the photodetector during each interval of the first plurality of intervals;', 'quantize the samples to generate a plurality of digital values; and', 'create the cryptographic key from the plurality of digital values., 'a processor coupled to the memory and the photodetector, the processor being configured by the program instructions to2. The cryptographic key generator of claim 1 , wherein the program instructions configure the processor to select ones of the plurality of digital values having magnitudes greater than a threshold value for creation of the cryptographic key.3. The cryptographic key generator of claim 1 , wherein the digital values are I-bit digital values claim 1 , where I is an integer claim 1 , and program instructions configure the processor to: ...

Подробнее
Номер записи: 77
07-02-2019 дата публикации

SECURE PROGRAMMING OF SECRET DATA

Номер: US20190044715A1
Автор: HUNACEK Didier
Принадлежит:

Secure Programming of Secret data A method is provided. The method comprises providing a device comprising a secure element coupled to a non-volatile memory, the non-volatile memory comprising a first cryptographic key stored therein; the secure element decrypting and authenticating first secret data using the first cryptographic key to form second secret data; and then rendering the true value of the first cryptographic key unreadable. 1. A method comprising:providing a device comprising a secure element coupled to a non-volatile memory, the non-volatile memory comprising a first cryptographic key stored therein;the secure element decrypting and authenticating first secret data using the first cryptographic key to form second secret data; and then rendering the true value of the first cryptographic key unreadable.2. The method of further comprising the secure element encrypting and signing the second secret data using a second cryptographic key known only to the secure element to form third secret data; andstoring the third secret data in the non-volatile memory.3. The method of further comprising the secure element deriving the first cryptographic key by decrypting and authenticating cryptographic key data with a key that is hardwired into the secure element.4. The method of further comprising the secure element writing the first cryptographic key into the non-volatile memory.5. The method of further comprising storing the first secret data in the non-volatile memory prior to decryption and authentication.6. The method of further comprising the secure element rendering the true value of the first secret data unreadable by irreversibly changing at least a portion of the first data stored in the non-volatile memory.7. The method of further comprising the secure element providing the second cryptographic key from a physically unclonable function contained therein.8. The method of further comprising the secure element rendering the true value of the first ...

Подробнее
Номер записи: 78
18-02-2021 дата публикации

MOBILE VOTING AND VOTING VERIFICATION SYSTEM AND METHOD

Номер: US20210051017A1
Автор: Durham, Hughes Scott, III Lee Ballinger
Принадлежит: Global Mobile, LLC

A mobile voting system and method are provided. The mobile voting system may include a mobile messaging aggregator configured to receive voter verification requests from one or more mobile carriers, and a mobile voter verification server configured to verify a voter's identity in response to a voter verification request and generate a link to a mobile ballot once the voter's identity has been verified. The mobile messaging aggregator may cause the link to the mobile ballot to be transmitted to a mobile device of the voter, which when selected by the voter, allows the voter to cast a vote. 1. A mobile voting system comprising:one or more processors configured to execute instructions stored in a memory, which when executed by said one or more processors perform steps comprising:receiving a voter verification request, said voter verification request including a first mobile device number from which the voter verification request was received;transmitting a first request containing said first mobile device number to a first server containing voter registration information, and receiving a first response containing information stored in the first server that corresponds to the first mobile device number;transmitting a second request containing said first mobile device number to a second server containing mobile carrier information, and receiving a second response containing information stored in the second server, which information corresponds to the first mobile device number;determining that an identity of the voter is verified based on information received in the first response corresponding to information received in the second response; andin response to determining that the identity of the voter is verified, transmitting, directly or indirectly, a link to a mobile device of the voter;wherein the link is configured to provide a mobile ballot corresponding to the voter's identity.2. The mobile voting system of claim 1 , wherein determining that the identity of the ...

Подробнее
Номер записи: 79
06-02-2020 дата публикации

APPARATUS AND METHOD FOR GENERATING SECURITY KEY IN WIRELESS COMMUNICATION SYSTEM

Номер: US20200044840A1
Автор: CHANG Sanghyun
Принадлежит:

The present disclosure relates to a fifth generation (5G) or a pre-5G communication system for supporting higher data transmission rate compared to fourth generation (4G) communication systems such as Long Term Evolution (LTE). The present disclosure relates to generating a security key in a wireless communication system, and a method for operating a transmission end comprises the steps of: generating an encryption key using information related to channel estimation; and transmitting encrypted data to a receiving end using the encryption key. 13-. (canceled)4. A method for operating a receiving node in a wireless communication system , the method comprising:generating a decryption key using channel measurement related information; andreceiving, from a transmitting node, data encrypted using an encryption key corresponding to the decryption key.5. The method of claim 4 , further comprising:receiving reference signals transmitted from the transmitting node through a plurality of transmit beams through a plurality of receive beams; andgenerating the channel measurement related information using measurement results of the reference signals.6. The method of claim 5 , wherein receiving the reference signals through the plurality of the receive beams comprises:sweeping the receive beams in a different order from an order used in a previous beam measurement interval.7. An apparatus for a transmitting node in a wireless communication system claim 5 , the apparatus comprising:a controller for generating an encryption key using channel measurement related information; anda communication unit for transmitting, to a receiving node, data encrypted using the encryption key.8. The apparatus of claim 7 , wherein the controller controls to:receive reference signals transmitted via a plurality of transmit beams at the receiving node via a plurality of receive beams, andgenerate the channel measurement related information using measurement results of the reference signals.9. The ...

Подробнее
Номер записи: 80
06-02-2020 дата публикации

MEASUREMENT PROCESSING OF HIGH-SPEED CRYPTOGRAPHIC OPERATION

Номер: US20200044841A1
Автор: Fu Yingfang, XIAO Peng
Принадлежит:

A method including a security chip receiving a cryptographic operation request; the security chip acquiring a measurement result, wherein the measurement result is a result of measuring a dynamic measurement module in a cryptographic operation module by using a platform measurement root; and the security chip starting a cryptographic operation when determining that the measurement result is identical to a pre-stored standard value. The present disclosure solves a technical problem of failure to guarantee a dynamic trust for measurement code when starting dynamic measurement of a cryptographic operation. 1. A method comprising:receiving, by a security chip, a cryptographic operation request;acquiring, by the security chip, a measurement result, wherein the measurement result is a result of measuring a dynamic measurement module in a cryptographic operation module by using a platform measurement root; andstarting, by the security chip, a cryptographic operation in response to determining that the measurement result is identical to a pre-stored standard value.2. The method of claim 1 , wherein the acquiring the measurement result comprises:loading, by the security chip, the platform measurement root and the dynamic measurement module to a host processor; andreceiving, by the security chip, the measurement result of measuring the dynamic measurement module by the host processor using the platform measurement root.3. The method of claim 2 , wherein the loading claim 2 , by the security chip claim 2 , the platform measurement root and the dynamic measurement module to the host processor comprises:encrypting, by the security chip, the platform measurement root and the dynamic measurement module by using a private key of a measurement root secret key to obtain encrypted data; andloading, by the security chip, the encrypted data to the host processor.4. The method of claim 3 , wherein the receiving claim 3 , by the security chip claim 3 , the measurement result of measuring ...

Подробнее
Номер записи: 81
15-02-2018 дата публикации

SECURE MULTI-PARTY DEVICE PAIRING USING SENSOR DATA

Номер: US20180047306A1
Автор: Hiltunen Matti A., Miluzzo Emiliano, Srivastava Abhinav
Принадлежит:

Content is securely shared between communication devices in an ad-hoc manner by employing common sensing context to establish pairing between the communication devices. In one aspect, the communication devices are within a specified distance from each other and sense common signals from their environment over a specified time period. The common signals are analyzed to determine an initialization or session key, which is utilized to secure content transfer between the communication devices. Additionally or alternatively, the key is utilized to provide access to virtual (e.g., digital content) and/or physical (e.g., buildings) resources. 1. A first device , comprising:a processor; and determining first cryptographic key data based on first context data associated with an environment of the first device;', 'receiving test data from a second device, wherein the test data is encrypted based on second cryptographic key data determined by the second device based on second context data associated with the environment; and', 'verifying that the first cryptographic key data corresponds to the second cryptographic key data based on the test data being able to be decrypted using the first cryptographic key data., 'a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising2. The first device of claim 1 , wherein the operations further comprise:capturing context signals from the environment using a sensor; anddetermining the first context data based on the context signals, wherein the second context data is determined by the second device based on a group of the context signals.3. The first device of claim 2 , wherein the group of the context signals is concurrently captured by the first device and the second device.4. The first device of claim 2 , wherein the context signals are selected from a group comprising: a vibration signal applied by an external force to a surface shared by the first device and the ...

Подробнее
Номер записи: 82
06-02-2020 дата публикации

HARDWARE-BASED DEVICE AUTHENTICATION

Номер: US20200045039A1
Автор: Goel Purushottam, Schrecker Sven, Smith Ned McArthur, Von Bokern Vincent Edward
Принадлежит: McAfee, LLC

An opportunity for a computing device to participate in a secure session with a particular domain is identified. A secured microcontroller of the computing device is used to identify a secured, persistent seed corresponding to the particular domain and stored in secured memory of the computing device. A secure identifier is derived based on the seed and sent for use by the particular domain in authenticating the computing device to the particular domain for the secure session. The particular domain can further apply security policies to transactions involving the computing device and particular domain based at least in part on the secure identifier. 131-. (canceled)32. At least one non-transitory machine accessible storage medium having instructions stored thereon , the instructions when executed on a machine , cause the machine to:identify an opportunity for a secure session between a particular domain and a client device;receive a secure identifier from the client device, wherein the secure identifier is generated from a hash of a seed of the particular domain provisioned on secured memory of the client device and a value;process the secure identifier to derive the seed;determine whether the client device is authentic based at least in part on the seed;establish the secure session; andapply, based on a determination that the client device is authentic, a first security policy for transactions involving the client device and the particular domain; orapply, based on a determination that the client device is not authentic, a second security policy for transactions involving the client device and the particular domain.33. The storage medium of claim 32 , wherein the second security policy is more restrictive than the first security policy.34. The storage medium of claim 32 , wherein the particular domain corresponds to a website.35. The storage medium of claim 32 , wherein the particular domain corresponds to a web service.36. The storage medium of claim 32 , wherein ...

Подробнее
Номер записи: 83
16-02-2017 дата публикации

METHOD FOR GENERATING A SECRET BETWEEN USERS OF A NETWORK, AND USERS OF THE NETWORK WHICH ARE CONFIGURED FOR THIS PURPOSE

Номер: US20170048064A1
Автор: Ludwig Stephan
Принадлежит:

A method for generating a shared secret between a first user and a second user of a network is provided. The first user receives from the second user a first training sequence via a communication link between the first user and the second user. The first user ascertains at least one first value for at least one physical property of the communication link, and determines a portion of the shared secret as a function of the first value. A comparison of the first value to at least one threshold takes place for determining the portion of the shared secret. The first user transmits the first training sequence to the second user via the communication link, and adapts the transmission parameters of the first training sequence as a function of the position of the first value relative to the threshold. 1. A method for generating a shared secret between a first user and a second user of a network , the method comprising:receiving, at the first user, from the second user a first training sequence via a communication link between the first user and the second user;ascertaining, by the first user, at least one first value for at least one physical property of the communication link;determining, by the first user, a portion of the shared secret as a function of the first value;comparing the first value to at least one threshold for determining the portion of the shared secret; andtransmitting, from the first user, the first training sequence to the second user via the communication link;wherein the first user adapts transmission parameters of the first training sequence as a function of the position of the first value relative to the threshold.2. The method of claim 1 , wherein the first user adapts the transmission parameters of the first training sequence as a function of a distance of the first value from the threshold.3. The method of claim 1 , wherein the adapted transmission parameters are adapted in such a way that an ascertained value for the physical property of the ...

Подробнее
Номер записи: 84
16-02-2017 дата публикации

METHOD FOR GENERATING A GROUP SECRET KEY BASED ON THE RADIO PHYSICAL LAYER AND WIRELESS TERMINAL ASSOCIATED THEREWITH

Номер: US20170048065A1
Автор: DENIS Benoît, Perrier Regis, TUNARU Iulia
Принадлежит: Commissariat A L'Energie Atomique Et Aux Energies Alternatives

A method for generating a secret key shared by a group of at least three terminals from characteristics of wireless communication channels connecting the terminals in twos, including, at each of the terminals of the group, the implementation of the following steps of: acquiring signals from wireless communication channels, known as adjacent channels, connected to the terminal and generating a representation of each adjacent channel; for at least one wireless communication channel, known as a non-adjacent channel, not connected to the terminal, acquiring at least one image signal of the non-adjacent channel and generating a representation of the non-adjacent channel, determining the secret key from a combination of the representations of the adjacent channels and at least one representation of non-adjacent channel. 1. A method for generating a secret key shared by a group of at least three terminals from characteristics of wireless communication channels connecting said terminals by pairs , comprising , at each of said terminals of the group , the steps of:acquiring signals from the wireless communication channels, called adjacent channels, connected to the terminal and generating a representation of each adjacent channel;for the at least one wireless communication channel, called non-adjacent channel, not connected to the terminal, acquiring at least one image of the non-adjacent channel and generating a representation of the non-adjacent channel,determining the secret key by combining the representations of the adjacent channels and the at least one representation of the non-adjacent channel.2. The method according to claim 1 , further comprising at a terminal called transmitting terminal the steps of:estimating an adjacent channel connecting the transmitting terminal to a destination terminal from the signals acquired from the adjacent channel;generating a signal carrying an image of a non-adjacent channel of the destination terminal from the signals acquired by ...

Подробнее
Номер записи: 85
14-02-2019 дата публикации

SECURE DATA STORAGE

Номер: US20190050598A1
Автор: GROSS Roger Alan, HARWOOD William Thomas
Принадлежит:

A method and apparatus for storing data and performing logical comparisons and other operations on said data, the results of said comparisons and operations reveal only limited information about the stored data. Stored data may include, but is not limited to, confidential information such as passwords, biometric data, credit card data, personal identifiers that uniquely identify an individual, authorisation levels where an entity may make a claim to have a certain level of access right or authorisation, votes cast in an election, and encryption keys. Control logic within the apparatus prevents direct access to the data store other than via a restricted command interface which prevents data from being revealed. For example, operations such as checking a putative password against a password in the data store is performed by the apparatus which returns a pass or fail, but does not reveal the stored password. 1. A comparator store apparatus , including a processor , a non-transitory memory and a first interface ,the memory configured to store information, wherein the information stored in the memory comprises indices and data associated with each index,the processor configured to receive data and an associated index via the first interface, and to store the data in association with the index in the memory as part of the stored information,the processor configured to receive comparison data, and an associated comparison index, via the first interface; to verify the comparison data in relation to the associated comparison index using the stored information, and to return via the first interface an indication of success or failure of the comparison data in relation to the associated comparison index,and wherein the information stored in the memory is not extractable from the memory via the first interface of the apparatus.2. The comparator store apparatus of claim 1 , wherein the indication of success or failure of the comparison data in relation to the associated ...

Подробнее
Номер записи: 86
14-02-2019 дата публикации

CRYPTOGRAPHIC CIRCUIT AND DATA PROCESSING

Номер: US20190050601A1
Автор: Reiger Viola, Scheibert Klaus, Zeh Alexander
Принадлежит:

A method for cryptographic data processing by means of a circuit comprises using a first circuit section to perform a first cryptographic operation in order to obtain first cryptographic data. The method further includes transmitting the first cryptographic data to a second circuit section via a transmission area of the circuit that physically separates the second circuit section from the first circuit section and whose resistance to attacks is at most as high as the resistance of the first circuit section. The method includes using the second circuit section to perform a second cryptographic operation using the first cryptographic data in order to obtain second cryptographic data. 1. A method for cryptographic data processing using a circuit , comprising:using a first circuit section to perform a first cryptographic operation in order to obtain first cryptographic data;transmitting the first cryptographic data to a second circuit section via a transmission area of the circuit that physically separates the second circuit section from the first circuit section, and wherein a resistance to attacks associated with the transmission area is at most as high as the resistance of the first circuit section, andusing the second circuit section to perform a second cryptographic operation using the first cryptographic data in order to obtain second cryptographic data.2. The method as claimed in claim 1 , wherein both the first cryptographic operation and the second cryptographic operation are performed using a long term key that is configured to encrypt and/or decrypt data.3. The method as claimed in claim 2 ,wherein the first cryptographic data comprise a short term key, andwherein the first cryptographic operation comprises encrypting the short term key using the long term key.4. The method as claimed in claim 1 , wherein that circuit section from the first circuit section and the second circuit section whose resistance to attacks is higher controls that circuit section whose ...

Подробнее
Номер записи: 87
25-02-2021 дата публикации

RISK MITIGATION FOR A CRYPTOASSET CUSTODIAL SYSTEM USING A HARDWARE SECURITY KEY

Номер: US20210056545A1
Автор: Avital Boaz, Faizullabhoy Riyaz D., McCauley Nathan P., Monica Diogo
Принадлежит:

An approval request is transmitted for a cryptoasset transaction in accordance with a policy stored in a hardware security module (“HSM”). The policy specifies at least one specific approver required for approval of the cryptoasset transaction. The approval request is transmitted to a computer device associated with the specific approver and is configured to cause the computer device to prompt the specific approver to approve the cryptoasset transaction. A security key is received from a hardware security token associated with the specific approver. The security key indicates an approval of the cryptoasset transaction. A risk analysis module authenticates an identity of the specific approver based on the security key. Responsive to the authenticating of the identity of the specific approver, the HSM signs the cryptoasset transaction using a cryptographic key stored in the HSM. 1. A method comprising:receiving, by a hardware security module, a requested operation description including data describing a cryptoasset transaction and an organization;determining at least one specific human approver of a cryptoasset custodial system required for approval of the cryptoasset transaction based at least in part on a policy map for the organization stored on the hardware security module;transmitting, by a server computer of a cryptoasset custodial system, an approval request for a cryptoasset transaction associated with a cryptoasset in accordance with the policy map stored in a hardware security module of the cryptoasset custodial system, the hardware security module communicably coupled to the server computer wherein the approval request is configured to cause a computer device of the at least one specific human approver to prompt the at least one specific human approver to approve the cryptoasset transaction, wherein the transmitting of the approval request is performed responsive to determining, by the hardware security module, that an endorsement of the cryptoasset ...

Подробнее
Номер записи: 88
13-02-2020 дата публикации

MUTUAL AUTHENTICATION OF SOFTWARE LAYERS

Номер: US20200050775A1
Автор: Bhattacharya Soumendra, Mansour Rasta, Youdale Robert
Принадлежит:

Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets shared during initialization with dynamic time information to generate a data encryption key. The software layers can then securely transfer data with each other by encrypting and decrypting data exchanged between the software layers using the dynamically generated data encryption key. 1. A computing device comprising:a processor; anda memory coupled to the processor and storing computer readable code for implementing a first software layer associated with a first nonce that interacts with a second software layer associated with a second nonce, retrieving binding information stored by the first software layer;', 'decrypting the binding information to obtain the second nonce and initialization time information;', 'receiving an encrypted first nonce from the second software layer;', 'decrypting the encrypted first nonce to obtain the first nonce;', 'determining dynamic time information based on the initialization time information;', 'deriving a data encryption key based on the first nonce, the second nonce, and the dynamic time information determined based on the initialization time information; and', 'encrypting data being sent from the first software layer to the second software layer using the data encryption key., 'wherein the computer readable code, when executed by the processor, causes the first software layer to perform operations including2. The computing device of claim 1 , wherein the data encryption key is derived by:combining the first nonce and the second nonce to generate a combined nonce;concatenating the combined nonce with the dynamic time information; ...

Подробнее
Номер записи: 89
25-02-2021 дата публикации

PROOF-OF-WORK KEY WRAPPING WITH INDIVIDUAL KEY FRAGMENTS

Номер: US20210058248A1
Автор: BURSELL Michael Hingston McLaughlin, Jones Peter M., McCallum Nathaniel Philip, Strunk John David
Принадлежит:

The technology disclosed herein provides a proof-of-work key wrapping system that uses key fragments to cryptographically control access to data. An example method may include: encrypting a first cryptographic key to produce a wrapped key, wherein the first cryptographic key enables a computing device to access content; splitting a second cryptographic key into a plurality of key fragments, wherein the second cryptographic key is for decrypting the wrapped key; selecting a set of cryptographic attributes for deriving at least one of the plurality of key fragments, wherein the set of cryptographic attributes are selected in view of a characteristic of the computing device; and providing the wrapped key and the set of cryptographic attributes to the computing device, the set of cryptographic attributes facilitating determination of the second cryptographic key. 1. A method comprising:encrypting a first cryptographic key to produce a wrapped key, wherein the first cryptographic key enables a computing device to access content;splitting a second cryptographic key into a plurality of key fragments, wherein the second cryptographic key is for decrypting the wrapped key;selecting a set of cryptographic attributes for deriving at least one of the plurality of key fragments, wherein the set of cryptographic attributes are selected in view of a characteristic of the computing device; andproviding the wrapped key and the set of cryptographic attributes to the computing device, the set of cryptographic attributes facilitating determination of the second cryptographic key.2. The method of claim 1 , wherein the first cryptographic key is a symmetric key to encrypt and decrypt the content claim 1 , and wherein the second cryptographic key is a symmetric key for wrapping and unwrapping the first cryptographic key.3. The method of claim 1 , wherein the characteristic of the computing device comprises data describing computing resources of the computing device and wherein the ...

Подробнее
Номер записи: 90
25-02-2021 дата публикации

HARDWARE SECURITY MODULE FOR VERIFYING EXECUTABLE CODE, DEVICE HAVING HARDWARE SECURITY MODULE, AND METHOD OF OPERATING DEVICE

Номер: US20210058249A1
Автор: CHOI Doo-Ho, JEON Yong-Sung, KANG You-Sung, Kim Byoung-Koo, Lee Sang-Jae, LEE Seung-Kwang
Принадлежит:

Disclosed herein are a hardware security module, a device having the hardware security module, and a method for operating the device. The method for verifying integrity of executable code in a device includes dividing, by a Micro-Control Unit (MCU), executable code into multiple blocks, generating, by the MCU, hash values corresponding to the blocks resulting from the division, storing, by a Hardware Security Module (HSM), the generated hash values, calculating, by the MCU, at least one hash value, among hash values of the multiple blocks when the executable code boots, and comparing, by the HSM, the calculated hash value with a hash value corresponding to the calculated hash value, among the hash values stored in the HSM. 1. A method for verifying integrity of executable code in a device , comprising:dividing, by a Micro-Control Unit (MCU), executable code into multiple blocks;generating, by the MCU, hash values corresponding to the blocks resulting from the division;storing, by a Hardware Security Module (HSM), the generated hash values;calculating, by the MCU, at least one hash value, among hash values of the multiple blocks when the executable code boots; andcomparing, by the hardware security module, the calculated hash value with a hash value corresponding to the calculated hash value, among the hash values stored in the HSM.2. The method of claim 1 , wherein the blocks resulting from the division have respectively different sizes.3. The method of claim 1 , wherein generating the hash values comprises setting start points or end points claim 1 , at which hash values are to be calculated claim 1 , for the blocks resulting from the division to different points.4. The method of claim 3 , wherein generating the hash values further comprises adding a first offset value corresponding to each start point or a second offset value corresponding to each end point to a corresponding block of the blocks resulting from the division.5. The method of claim 4 , further ...

Подробнее
Номер записи: 91
23-02-2017 дата публикации

APPARATUS AND METHOD FOR SHARING WIFI SECURITY DATA IN AN INTERNET OF THINGS (IOT) SYSTEM

Номер: US20170055148A1
Автор: Aiuto Chris, Holland Shannon, JENG Evan, Liu Clif, ZIMMERMAN SCOTT
Принадлежит:

An apparatus and method are described for connecting an Internet of Things (IoT) hub to a wireless network. For example, one embodiment of a method comprises establishing a secure communication channel between an Internet of Things (IoT) hub and an IoT service using a first secret, the secure communication channel being established through a client device; generating a second secret on the client device and transmitting the second secret to the IoT hub; encrypting a wireless key using the second secret on the client device to generate a first-encrypted key, the wireless key usable to establish a secure communication channel over a local wireless network; transmitting the first-encrypted key to the IoT service; encrypting the first-encrypted key at the IoT service using the first secret to generate a twice-encrypted key; transmitting the twice-encrypted key to the IoT hub over the secure communication channel; decrypting the twice-encrypted key at the IoT hub using the first secret to generate the first-encrypted key and decrypting the first-encrypted key at the IoT hub using the second secret to generate the wireless key; and using the wireless key to establish a secure wireless connection between the IoT hub and the local wireless network. 1. A method comprising:establishing a secure communication channel between an Internet of Things (IoT) hub and an IoT service using a first secret, the secure communication channel being established through a client device;generating a second secret on the client device and transmitting the second secret to the IoT hub;encrypting a wireless key using the second secret on the client device to generate a first-encrypted key, the wireless key usable to establish a secure communication channel over a local wireless network;transmitting the first-encrypted key to the IoT service;encrypting the first-encrypted key at the IoT service using the first secret to generate a twice-encrypted key;transmitting the twice-encrypted key to the IoT ...

Подробнее
Номер записи: 92
13-02-2020 дата публикации

KEY ENCRYPTION KEY ROTATION

Номер: US20200053065A1
Автор: FU Xiongjian, Krishnamurthy Harish, MURRAY David, Wisniewski Scott
Принадлежит:

A set of hardware security modules (HSMs) in a database system may implement a key management system with a database storing encryption keys or other secrets. The set of HSMs may identify a first key encryption key (KEK) and a second KEK stored in the set of HSMs. The set of HSMs may retrieve, from the database, a set of encryption keys encrypted by the first KEK and decrypt each encryption key of the set of encryption keys using the first KEK. The set of HSMs may re-encrypt each encryption key of the set of encryption keys with the second KEK and transmit, to the database, the set of encrypted encryption keys encrypted by the second KEK for storage. Then, the set of HSMs may delete the first KEK from the set of HSMs. 1. A method of encryption key handling at a set of hardware security modules (HSMs) , comprising:identifying a first key encryption key (KEK) and a second KEK stored in the set of HSMs;retrieving, from a database, a set of encryption keys encrypted by the first KEK;decrypting each encryption key of the set of encryption keys using the first KEK;re-encrypting each encryption key of the set of encryption keys with the second KEK;transmitting, to the database, the set of encrypted encryption keys encrypted by the second KEK for storage; anddeleting the first KEK from the set of HSMs.2. The method of claim 1 , further comprising:generating the second KEK at a first HSM of the set of HSMs; andtransmitting the second KEK from the first HSM to the other HSMs of the set of HSMs.3. The method of claim 1 , further comprising:determining each encryption key of the set of encryption keys is encrypted by the second KEK, wherein deleting the first KEK is based at least in part on the determining.4. The method of claim 1 , further comprising:receiving an encryption key encrypted by the first KEK after deleting the first KEK from the set of HSMs; anddetermining the encryption key encrypted by the first KEK cannot be decrypted by the second KEK.5. The method of claim 1 ...

Подробнее
Номер записи: 93
21-02-2019 дата публикации

INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING SYSTEM

Номер: US20190057220A1
Автор: MURASE Masamitsu
Принадлежит:

An information processing device includes: a medium connection unit that reads first key information from a detachable first recording medium; and a second recording medium storing firmware. The firmware is a program to be executed at a time of start-up of the information processing device and contains second key information. The information processing device includes: a third recording medium storing encrypted data; and a control unit that reads the encrypted data from the third recording medium and decrypts the encrypted data. At the time of start-up of the information processing device, the control unit operates in accordance with the firmware to generate a decryption key for decrypting the encrypted data, from the first key information and the second key information. 1. An information processing device comprising:a medium connection unit that reads first key information from a first recording medium that is detachable from the information processing device;a second recording medium storing firmware, the firmware being a program to be executed at a time of start-up of the information processing device and containing second key information;a third recording medium storing encrypted data; anda control unit that reads the encrypted data from the third recording medium and decrypts the encrypted data,wherein at the time of start-up of the information processing device, the control unit operates in accordance with the firmware to generate a decryption key for decrypting the encrypted data, from the first key information and the second key information.2. The information processing device according to claim 1 , wherein in a case that the control unit receives a request for key information from an operating system (OS) at the time of start-up of the information processing device claim 1 , when the OS is an authenticated OS claim 1 , the control unit passes the decryption key to the OS claim 1 , and when the OS is not an authenticated OS claim 1 , the control unit passes ...

Подробнее
Номер записи: 94
10-03-2022 дата публикации

COMPUTER-IMPLEMENTED METHODS FOR EVIDENCING THE EXISTENCE OF A DIGITAL DOCUMENT, ANONYMOUSLY EVIDENCING THE EXISTENCE OF A DIGITAL DOCUMENT, AND VERIFYING THE DATA INTEGRITY OF A DIGITAL DOCUMENT

Номер: US20220078008A1
Автор: KONG Johnson Zone An, LIN Michael Ming-Jae, YANG Wei Hsiung Nicolas
Принадлежит:

Improved computer-implemented methods for evidencing the existence of a digital document, anonymously evidencing the existence of a digital document, database management for systems for evidencing the existence of a digital document, and verifying the data integrity of a digital document provide increased reliability, security and enhance trust from users and third parties. 1. A computer-implemented method for evidencing the existence of a digital document comprising the steps of:A. obtaining metadata of a digital document in a user's system;B. obtaining a cryptographic hash of the digital document via the user's system;C. sending the metadata and the cryptographic hash from the user's system to a remote device; or sending the metadata and the cryptographic hash to the remote device over the internet;D. receiving the metadata and the cryptographic hash at the remote device;E. requesting a time stamp from a time source;F. receiving the time stamp at the remote device from the time source, wherein the remote device does not comprise the time source, and wherein the time stamp is based upon the time that the remote device receives the metadata and the cryptographic hash;E. combining the metadata, the cryptographic hash, and the time stamp in an evidence key generator to generate an evidence key;F storing the evidence key to provide a stored evidence key;G. generating a further cryptographic hash of the evidence key in a further evidence key generator to form a further evidence key; andH. storing the further evidence key to form a stored further evidence key, wherein during the method the digital document remains within the user's system.2. The method according to claim 1 , further comprising the step of:obtaining further metadata from a source selected from the group consisting of the user, the user's system, and a combination thereof.3. The method according to claim 2 , wherein the further cryptographic hash is generated in the further evidence key generator from the ...

Подробнее
Номер записи: 95
10-03-2022 дата публикации

Key Security Management System and Method, Medium, and Computer Program

Номер: US20220078009A1
Автор: Bangya MA, Jianliang Gu
Принадлежит: Shanghai Weilian Information Technology Co Ltd

The present application discloses a key security management system and a key security management method, a computer-readable storage medium, and a computer program. The key security management system includes a security host and a hardware security device. The security host is configured to receive a first operation request, verify the first operation request, and generate a second operation request based on the first operation request when the verification is passed, wherein the first operation request and the second operation request both include an identification. The hardware security device is configured to receive the second operation request from the security host, verify the second operation request, parse the second operation request to obtain a type of the second operation request when the verification is passed, and perform an operation related to a key pair associated with the identification based on the type of the second operation request, wherein the key pair includes a public key and a private key specific to the identification.

Подробнее
Номер записи: 96
21-02-2019 дата публикации

Key distribution and authentication method and system, and apparatus

Номер: US20190058701A1
Автор: Bo Zhang, Haiguang Wang, LU Gan, Rong Wu
Принадлежит: Huawei Technologies Co Ltd

This application provides a key distribution and authentication method, system, and an apparatus. The method includes: a service center server distributes different keys to terminal devices, and then the terminal devices perform mutual authentication with the network authentication server based on respective keys and finally obtain communication keys for communication between the terminal devices and a functional network element. This provides a method for establishing a secure communication channel for the terminal device, having a broad application range.

Подробнее
Номер записи: 97
10-03-2022 дата публикации

METHOD FOR CONNECTING A COMPUTER APPLICATION TO A SECURE COMPUTER RESOURCE

Номер: US20220078176A1
Автор: ADDA Serge
Принадлежит:

A method for connecting an application to a resource by a command, the application being provided for configuring the resource by connecting to the resource by means of a program and configuration parameters, the program implementing a client side of a communication protocol, the method comprising the steps of executing the command when the program is called by the application, the command being interposed between the application and the program; receiving authentication data for accessing the resource, by querying a vault, on the basis of configuration parameters; establishing a connection between the command and the resource by executing the program, into which the authentication data for accessing the resource are input and the configuration parameters retrieved; and establishing a direct connection between the application and the resource. 1. A method for connecting a computer application to a secure computer resource by means of a facade command , wherein the computer application is configured to configure the secure computer resource without human-machine interaction , wherein the computer application is initially configured to establish a connection to the secure computer resource by means of a client program and configuration parameters , and wherein the client program implements a client part of a communication protocol and is configured to receive authentication data as input , the method comprising the following steps:a step of executing the facade command during a call of the client program by the computer application, the facade command being interposed between the computer application and the client program;a step of retrieval, by the facade command, of the configuration parameters;a step of reception by the facade command of authentication data for accessing the computer resource through querying of a vault, on a basis of the retrieved configuration parameters;a step for establishing a connection between the facade command and the secure resource by ...

Подробнее
Номер записи: 98
03-03-2016 дата публикации

ADDRESS-DEPENDENT KEY GENERATOR BY XOR TREE

Номер: US20160065368A1
Автор: Hars Laszlo
Принадлежит:

A method of providing security in a computer system includes producing a plurality of sub-keys from key material and a respective address of a memory location in a memory and possibly other information. The method may include mixing the sub-keys together using a binary tree of exclusive-or operations, and to produce an intermediate result. The method may include performing a scrambling operation on the intermediate result to produce a key with which a block of ciphertext may be produced. And the method may include performing a write operation to write the block of ciphertext at the memory location having the respective address. In this regard, the memory may include a window of memory locations each of which stores a respective block of ciphertext produced with a respective key that changes from memory location to memory location. 1. A system for providing security in a computer system , the system comprising one or more logic circuits configured to at least:produce a plurality of sub-keys from key material and a respective address of a memory location in a memory;mix the plurality of sub-keys together to produce an intermediate result, the plurality of sub-keys being mixed using a binary tree of exclusive-or operations;perform a scrambling operation on the intermediate result to produce a key;produce a block of ciphertext with the key; andperform a write operation to write the block of ciphertext at the memory location having the respective address,wherein the memory includes a window of memory locations each of which stores a respective block of ciphertext produced with a respective key that changes from memory location to memory location.2. The system of claim 1 , wherein the respective address is represented as a sequence of bits at respective positions claim 1 , and the key material is represented as a sequence of blocks at respective positions claim 1 , andwherein the one or more logic circuits being configured to produce the plurality of sub-keys includes ...

Подробнее
Номер записи: 99
01-03-2018 дата публикации

SYMMETRIC ENCRYPTION KEY GENERATION USING WIRELESS PHYSICAL LAYER INFORMATION WITHOUT SHARING ANY INFORMATION PERTINENT TO THE KEY

Номер: US20180062841A1
Автор: Dandekar Kapil R., Sahin Cem
Принадлежит:

Symmetric keys are generated by an algorithm that uses the randomness from the wireless PHY layer to extract the keys. When used with reconfigurable antennas, the algorithm yields longer keys. By using the randomness from the wireless PHY layer, the algorithm solves the issue of secure information leakage to the wireless channel during key establishment phase. The algorithm also omits transmitting anything secure during this phase and prevents any intruder from obtaining information related to the key. This approach can automatically secure the communications over open wireless networks (those without authentication or encryption) or closed wireless networks using other methods of authentication. 1. A method of generating symmetric encryption keys , comprising:sending data wirelessly between a transmitter and a receiver to generate channel trend information representative of channel state information collected from forward and backward channels between the transmitter and receiver;repeating the process of sending data between the transmitter and receiver to generate channel trend information for each data subcarrier; andusing the channel trend information for each data subcarrier to generate symmetric encryption keys or as the symmetric encryption keys themselves.2. The method of claim 1 , further comprising the steps of determining claim 1 , for each data subcarrier claim 1 , for successive channel state information data collected from forward and backward channels claim 1 , whether an increase or decrease in magnitude from the previous measurement is observed for each data point and claim 1 , if so claim 1 , assigning a first value for an increase in magnitude and a second value for a decrease in amplitude.3. The method of claim 2 , further comprising collecting 2N measurements of channel state information to form the channel trend information claim 2 , where N is an integer greater than 0 and repeating the steps of determining claim 2 , for each data subcarrier ...

Подробнее
Номер записи: 100