scispace - formally typeset
Search or ask a question
Patent

Encryption apparatus, decryption apparatus, expanded key generating apparatus and method therefor, and recording medium

11 Jul 2001-
TL;DR: Expanded key schedule circuit for common key encryption system in which expanded keys are used in a predetermined order in data randomizing process for encryption and in a reversed order for decryption, comprises round processing circuits connected in series as discussed by the authors.
Abstract: Expanded key schedule circuit for common key encryption system in which expanded keys are used in a predetermined order in data randomizing process for encryption and in a reversed order in data randomizing process for decryption, comprises round processing circuits connected in series. The round processing circuits subject the common key or sub key of a previous stage to a round function to output a sub key. The sub key of the last stage is equal to the common key. The expanded keys are generated from the sub keys.
Citations
More filters
Patent
21 May 2004
TL;DR: In this paper, a data storage and retrieval device and method is described, which includes at least one magnetic storage medium configured to store target data and at least a re-configurable logic device comprising an FPGA coupled to the at least 1 magnetic medium and configured to read a continuous stream of target data therefrom, having been configured with a template or as desired to fit the type of search and data being searched.
Abstract: A data storage and retrieval device and method is disclosed. The device includes at least one magnetic storage medium configured to store target data and at least one re-configurable logic device comprising an FPGA coupled to the at least one magnetic storage medium and configured to read a continuous stream of target data therefrom, having been configured with a template or as otherwise desired to fit the type of search and data being searched. The re-configurable logic device is configured to receive at least one search inquiry in the form of a data key and to determine a match between the data key and the target data as it is being read from the at least one magnetic storage medium. This device and method can perform a variety of searches on the target data including without limitation exact and approximate match searches, sequence match searches, image match searches and data reduction searches. This device and method may be provided as part of a stand-alone computer system, embodied in a network attached storage device, or can otherwise be provided as part of a computer LAN or WAN. In addition to performing search and data reduction operations, this device may also be used to perform a variety of other processing operations including encryption, decryption, compression, decompression, and combinations thereof.

255 citations

Patent
29 Aug 2008
TL;DR: An integrated circuit for data encryption/decryption and secure key management is described in this paper, which is used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems.
Abstract: An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers. Internal data and key buffers enable the device to re-key encrypted data without exposing data. The key management functions allow the device to function as a cryptographic domain bridge in a federated security architecture.

128 citations

Patent
22 Mar 2007
TL;DR: An encryption technique for encrypting a plurality of data blocks of a data segment where the encryption selectively switches between a blockwise independent randomized encryption mode and a cipher block chaining (CBC) encryption mode based on a configurable feedback stride was disclosed in this article.
Abstract: An encryption technique is disclosed for encrypting a plurality of data blocks of a data segment where the encryption selectively switches between a blockwise independent randomized (BIR) encryption mode and a cipher block chaining (CBC) encryption mode based on a configurable feedback stride. A corresponding decryption technique is also disclosed.

124 citations

Patent
Yosef Stein1, Haim Primo1
18 Dec 2002
TL;DR: In this article, a programmable data encryption engine for performing the cipher function of an AES algorithm includes a parallel look-up table system responsive in a first mode to a first data block for implementing an AES selection function and executing the multiplicative inverse in GF -1 ( 2 8 ) and applying an affine over GF( 2 ) transformation to obtain a sub-byte transformation and in a second mode to the subbyte transformation to transform the sub-transformer to get a shift row transformation.
Abstract: A programmable data encryption engine for performing the cipher function of an advanced encryption standard ( AES ) algorithm includes a parallel look-up table system responsive in a first mode to a first data block for implementing an AES selection function and executing the multiplicative inverse in GF -1 ( 2 8 ) and applying an affine over GF( 2 ) transformation to obtain a subbyte transformation and in a second mode to the subbyte transformation to transform the subbyte transformation to obtain a shift row transformation, and a Galois field multiplier for transforming the shift row transformation to obtain a mix column transformation and add a round key resulting in an advanced encryption standard cipher function of the first data block.

100 citations

Patent
29 Jun 2001
TL;DR: In this paper, an encryption scheme for block data is proposed, which consists of a first processing unit randomizing the block data in units of first portions obtained by dividing the block datasets, and a second processing unit diffusing the output from the first unit with respect to a second portion of the block dataset which is wider than the first portion.
Abstract: An encryption apparatus for block data, comprises a first processing unit randomizing the block data in units of first portions obtained by dividing the block data, and a second processing unit diffusing the block data output from the first processing unit with respect to a second portion of the block data which is wider than the first portion. The first processing unit comprises first nonlinear processing units nonlinearly transforming the block data in units of the first portions. The second processing unit comprises a first linear diffusion processing unit linearly diffusing the second portion of the block data. At least one of the first nonlinear processing units comprises second nonlinear processing units nonlinearly transforming the block data in units of the first portions, and a second linear diffusion processing unit linearly diffusing the second portion of the block data.

75 citations

References
More filters
Journal ArticleDOI
01 Nov 1997
TL;DR: The CAST design procedure for constructing a family of DES-like Substitution-Permutation Network (SPN) cryptosystems is described in this paper, which appears to have good resistance to differential cryptanalysis, linear cryptanalysis and related-key cryptanalysis.
Abstract: This paper describes the CAST design procedure for constructing a family of DES-like Substitution-Permutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (s-boxes), the overall framework, the key schedule, and the round function. An example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.

141 citations

Patent
15 Oct 1999
TL;DR: In this article, a method and an apparatus ensuring protection of digital data are provided, in addition to reencrypting the data using an unchangeable key, the data is double re-encrypted using a changeable key.
Abstract: A method and an apparatus ensuring protection of digital data are provided. In addition to re-encrypting the data using an unchangeable key, the data is double re-encrypted using a changeable key. The changeable key is used first and the unchangeable key is then used, or in another case, the unchangeable key is used first, and the changeable key is then used. In the aspect of embodiments, there is a case adopting a software, a case adopting a hardware, or a case adopting the software and the hardware in combination. The hardware using the unchangeable key developed for digital video is available. In adopting the software, encryption/decryption is performed in a region below the kernel which cannot be handled by the user to ensure the security for the program and for the key used. More concretely, encryption/decryption is performed with RTOS using a HAL and a device driver, i.e., a filter driver, a disk driver and a network driver, in an I/O manager. Either one of two filter drivers, with a file system driver between them, may be used. Further, both filter drivers may be used.

113 citations

Patent
12 Feb 1993
TL;DR: In this paper, the authors proposed to improve the secrecy by changing hourly the password, and renewing freely a data converting table in the storing media of a host computer only by a terminal user.
Abstract: PURPOSE:To improve to hold the secrecy by changing hourly the password, and renewing freely a data converting table in the storing media of a host computer only by a terminal user CONSTITUTION:To password data, time data messages are added and the password is converted by the converting character data corresponding to the time data for at least one hour In this case, a means to renew freely the renewal of the converting character data stored in the data base of a host computer 2 by a terminal 3 side user is provided Then, the decoding for the password is not fixed as conventionally, but changed as the time passes, and the user of the terminal 3 can re-write the converting character used as the time passes Thus, the secrecy of the information for the unfair user can be held

63 citations

Patent
15 Apr 1994
TL;DR: In this paper, an improved DES unit internally checks whether the DES algorithm is being performed without error, and checks for accuracy in processing an input key by permuted choicing, key shifting, and checking a result of the key shifting against key check bits which correspond to the input key.
Abstract: An improved DES unit internally checks whether the DES algorithm is being performed without error. A standard DES algorithm performs an initial permutation of input data and then multiple rounds or iterations of the following: expanding part of a result of the initial permutation for the first iteration and a result of the previous iteration for the subsequent iterations, exclusive ORing a result of the expansion with key bits, performing a selection function on a result of the exclusive ORing, permuting a result of the selection function, and exclusive ORing a result of the permuting. In the improved DES unit, data check bits that correspond to the input data which has been expanded are exclusive NORed with key check bits that correspond to the key, and a result of the exclusive NORing is checked against a result of the exclusive ORing to identify any errors in the operation of the basic DES unit. Also, a check selection function is performed on the result of the exclusive ORing. A result of the check selection function is exclusive NORed with data check bits for another part of the input data to yield input data for input to the expanding function for a next iteration. Also, the improved DES unit checks for accuracy in processing an input key by permuted choicing the input key, key shifting a result of the permuted choicing, and checking a result of the key shifting against key check bits which correspond to the input key and bypass the permuted choicing and key shifting functions.

63 citations

Patent
James Leppek1
05 Apr 2001
TL;DR: In this article, a virtual encryption scheme combines selected ones of plurality of different encryption operators stored in an encryption operator database into a compound sequence of encryption operators, such that even if a skilled data communications usurper possesses a decryption key for each encryption operator, there is a very low likelihood that he would be able to recognize the characteristics of any individual encryption operator.
Abstract: A ‘virtual’ encryption scheme combines selected ones of plurality of different encryption operators stored in an encryption operator database into a compound sequence of encryption operators. Data to be transported from a data source site, such as a user workstation, to a data recipient site, such as another workstation, is sequentially encrypted by performing a compound sequential data flow through this sequence prior to transmission. Because of the use of successively different encryption operators, the final output of the sequence will be a compound-encrypted data stream that has no readily discernible encryption footprint. Therefore, even if a skilled data communications usurper possesses a decryption key for each encryption operators, there is a very low likelihood that he would be able to recognize the characteristics of any individual encryption operator. Moreover, without knowledge of the sequence of encryption operators a potential usurper will be forced to operate under a severe resource penalty that makes decryption of such a compound sequence a practical impossibility. At the recipient end of the data communications path, the recovery process involves the use of a complementary virtual decryption scheme that is the exact reverse of that used at the data source site.

48 citations