National Institute of Standards and Technology における超伝導研究及び生活

The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

[서평]「Applied Cryptography」

A method of maintaining digital medical records, comprising a step of receiving a medical transaction record (102), encrypted with a key in accordance with a patient-file association. Also comprising a step of accessing the encrypted medical transaction record according to a patient association with the record (111). And further comprising a step of re-encryption of the encrypted accessed medical transaction record with a key associated with an intended recipient of the medical record. The system and method according to the present invention presents a new business model for creation, maintenance, transmission, and use of medical records. The invention also allows financial burdens to be reallocated optimally and equitably, resulting in decreased overall societal cost and providing a successful business model for a database proprietor. Secure entrusted medical records are held in trust by an independent third party on behalf of the patient (113), and serve the medical community at large. Separately encrypted record elements may be aggregated as an information polymer.

Information record infrastructure, system and method

A system and method for communicating information between a first party and a second party, comprising the steps of receiving, by an intermediary, an identifier of desired information and accounting information for a transaction involving the information from the first party, transmitting an identifier of the first party to the second party, and negotiating, by the intermediary, a comprehension function for obscuring at least a portion of the information communicated between the first party and the second party. The data transmission may be made secure with respect to the intermediary by providing an asymmetric key or direct key exchange for encryption of the communication between the first and second party. The data transmission may be made secure with respect to the second party by maintaining the information in encrypted format at the second party, with the decryption key held only by the intermediary, and transmitting a secure composite of the decryption key and a new encryption key to the second party for transcoding of the data record, and providing the new decryption key to the first party, so that the information transmitted to the first party can be comprehended by it.

System and method for secure three-party communications

The present invention describes a system and method for communicating voice and data over a packet-switched network that is adapted to coexist and communicate with a legacy PSTN. The system permits packet switching of voice calls and data calls through a data network from and to any of a LEC, a customer facility or a direct IP connection on the data network. The system includes soft switch sites, gateway sites, a data network, a provisioning component, a network event component and a network management component. The system interfaces with customer facilities (e.g., a PBX), carrier facilities (e.g., a LEC) and legacy signaling networks (e.g., SS7) to handle calls between any combination of on-network and off-network callers. The soft switch sites provide the core call processing for the voice network architecture. The soft switch sites manage the gateway sites in a preferred embodiment, using a protocol such as the Internet Protocol Device Control (IPDC) protocol to request the set-up and tear-down of calls. The gateway sites originate and terminate calls between calling parties and called parties through the data network. The gateway sites include network access devices to provide access to network resources. The data network connects one or more of the soft switch sites to one or more of the gateway sites. The provisioning and network event component collects call events recorded at the soft switch sites. The network management component includes a network operations center (NOC) for centralized network management.

Voice over data telecommunications network architecture

Special feature: Two-phase cryptographic key recovery system

We describe MARS, a shared-key (symmetric) block cipher supporting 128-bit blocks and variable key size. MARS is designed to take advantage of the powerful operations supported in today’s computers, resulting in a much improved security/performance tradeoff over existing ciphers. As a result, MARS offers better security than triple DES while running significantly faster than single DES. The current C implementation runs at rates of about 65 Mbit/sec. on a 200 MHz Pentium-Pro, and 85 Mbit/sec. on a 200 MHz PowerPC. In hardware, MARS can achieve a 10 speedup factor. Still, both hardware and software implementations of MARS are remarkably compact, and easily fit on a smartcard and in other limited-resource environments. The combination of high security, high speed, and flexibility, makes MARS an excellent choice for the encryption needs of the information world well into the next century. MARS IBM submission to AES 1

/pdf/mars-a-candidate-cipher-for-aes-3cpjywilob.pdf

MARS - a candidate cipher for AES

Methods, systems and computer program products are provided which provide for controlling access to digital data in a file by encrypting the data with a first key, encrypting the first key with a second personal key generated from a password/passphrase associated with the file and further encrypting the encrypted first key with a control key which is managed by the system. In certain embodiments, user authentication may also be provided by issuing a ticket which is utilized to create, access and administer the files in the system.

Secure data storage and retrieval with key management and user authentication

A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When a truncated secure session attack is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the attack is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the attack. If the attack is detected, the blocking measure is re-applied, and its duration is adapted. If the attack is no longer detected, the method returns to the state of readiness.

Method of responding to a truncated secure session attack

Methods, systems and computer program products are provided which allow for multi-party authentication by receiving a plurality of biometric authentication messages from a corresponding plurality of users. The biometric authentication messages include biometric data corresponding to the user. It is determined if each of the plurality of received biometric authentication messages is a valid message based on the biometric data contained in the biometric authentication messages so as to determine a quantity of valid biometric authentication messages. An indication of authentication is then provided if the quantity of the valid messages of the received plurality of messages is at least an authentication threshold value.

Mohammad Peyravian

Papers

Special feature: Two-phase cryptographic key recovery system

MARS - a candidate cipher for AES

Secure data storage and retrieval with key management and user authentication

Method of responding to a truncated secure session attack

Biometric based multi-party authentication