Showing papers on "40-bit encryption published in 1999"

Secure Integration of Asymmetric and Symmetric Encryption Schemes

Abstract: This paper shows a generic and simple conversion from weak asymmetric and symmetric encryption schemes into an asymmetric encryption scheme which is secure in a very strong sense -- indistinguishability against adaptive chosen-ciphertext attacks in the random oracle model. In particular, this conversion can be applied effciently to an asymmetric encryption scheme that provides a large enough coin space and, for every message, many enough variants of the encryption, like the ElGamal encryption scheme.

Secure integration of asymmetric and symmetric encryption schemes

Abstract: This paper shows a generic and simple conversion from weak asymmetric and symmetric encryption schemes into an asymmetric encryption scheme which is secure in a very strong sense- indistinguishability against adaptive chosen-ciphertext attacks in the random oracle model. In particular, this conversion can be applied efficiently to an asymmetric encryption scheme that provides a large enough coin space and, for every message, many enough variants of the encryption, like the ElGamal encryption scheme.

How to Enhance the Security of Public-Key Encryption at Minimum Cost

Abstract: This paper presents a simple and efficient conversion from a semantically secure public-key encryption scheme against passive adversaries to a non-malleable (or semantically secure) public-key encryption scheme against adaptive chosen-ciphertext attacks (active adversaries) in the random oracle model. Since our conversion requires only one random (hash) function operation, the converted scheme is almost as efficient as the original one, when the random function is replaced by a practical hash function such as SHA-1 and MD5. We also give a concrete analysis of the reduction for proving its security, and show that our security reduction is (almost) optimally efficient. Finally this paper gives some practical examples of applying this conversion to some practical and semantically secure encryption schemes such as the ElGamal, Blum-Goldwasser and Okamoto-Uchiyama schemes[4, 7, 9].

Multi-level encryption access point for wireless network

Abstract: A multi-level encryption scheme is provided for a wireless network. A first level of encryption is provided primarily for wireless communications taking place between a mobile terminal and an access point. In addition, a second, higher level of encryption is provided which is distributed beyond the wireless communications onto the system backbone itself. Through a key distribution server/access point arrangement, the second level of encryption provides a secure means for distributing the encryption scheme of the first level without compromising the integrity of the network.

Methods, systems and computer program products for multi-level encryption

Abstract: Methods, systems and computer program products are provided which encrypt a document by dividing the document into at least a first portion having a first security level and a second portion having a second security level. The document is then encrypted utilizing at least two encryption keys so as to encrypt the first portion of the document with a first of the at least two encryption keys and so as to encrypt the second portion of the document with a second of the at least two encryption keys. Preferably, the document is sequentially encrypted utilizing at least two encryption keys so as to encrypt the first portion of the document with a first of the at least two encryption keys and so as to encrypt the first and the second portion of the document with a second of the at least two encryption keys. An encrypted document utilizing the encryption techniques of the present invention is also provided as are methods, systems and computer program products for decrypting such documents.

Control and coordination of encryption and compression between network entities

Abstract: Two network entities allocate the performance of encryption and compression algorithms amongst each other in a controlled and coordinated manner so as to avoid unnecessary duplication of encryption and compression at different protocol layers and an associated waste of CPU power. For example, a first network entity performs both encryption and compression at the IP layer, and instructs the second network entity to disable PPP-layer encryption and compression. In a wireless networking example of the invention, the first network entity is a home agent (e.g., a router) for a wireless communications device and the second network entity is a foreign agent (e.g., a network access server) providing network access for the communications device. The foreign agent terminates a Point-to-Point Protocol (PPP) session with the communications device, but implements (or does not implement) PPP-layer compression and encryption algorithms under the supervision and control of the home agent.

Improved selective encryption techniques for secure transmission of MPEG video bit-streams

Abstract: This paper presents three new selective encryption techniques for secure transmission of MPEG-I video bit-streams. These techniques maintain higher security levels than previously proposed selective encryption techniques while maintaining reasonable processing times. In the first of these methods, the encryption is applied to the data associated with every n/sup th/ I-macroblock. In the second method, the encryption is applied to the headers of all the predicted macroblocks as well as to the data associated with every n/sup th/ I-macroblock. In the third method, encryption is applied to every n/sup th/ I-macroblock as well as the header of every n/sup th/ predicted macroblock. The last method, with n=2, is found to be the most efficient of the three proposed methods. This method achieves a 60-82% reduction in the processing time over "total" encryption, and simulation results show that the encrypted/decoded video is fully disguised.

On applying molecular computation to the data encryption standard.

Abstract: Recently, Boneh, Dunworth, and Lipton (1996) described the potential use of molecular computation in attacking the United States Data Encryption Standard (DES). Here, we provide a description of such an attack using the sticker model of molecular computation. Our analysis suggests that such an attack might be mounted on a tabletop machine using approximately a gram of DNA and might succeed even in the presence of a large number of errors.

Protected IP telephony calls using encryption

Abstract: Communication information transmitted in the broadband communication system may be in a packet format and secured using encryption techniques, for example encryption software, including a means for providing an initial security key and updated security keys to the various pieces of communication equipment located throughout the broadband communication system. When communication equipment, for example a gateway, is first registered with, for example, an IP central station, the IP central station assigns an initial encryption key to the gateway that is assigned and retained by a server, for example a call manager server, and the gateway (e.g., broadband residential gateway. This initial encryption key may be used to establish a secure two way communication between two pieces of communication equipment as an originating point communication equipment and a terminating point communication equipment.

Multi-level encryption system for wireless network

Abstract: A multi-level encryption scheme is provided for a wireless network. A first level of encryption is provided primarily for wireless communications taking place between a mobile terminal and an access point. In addition, a second, higher level of encryption is provided which is distributed beyond the wireless communications onto the system backbone itself. Through a key distribution server/access point arrangement, the second level of encryption provides a secure means for distributing the encryption scheme of the first level without compromising the integrity of the network.

Production protection system dealing with contents that are digital production

Abstract: A production protection system dealing with digital contents that are digital production includes obtaining means, first content decryption means, and second content decryption means. The obtaining means obtains data including a first content, on which first encryption has been performed, and a second content, on which second encryption has been performed. The second encryption is more difficult to decrypt than the first encryption. The first content decryption means decrypts the first content in the obtained data using a first decryption method. The second content decryption means decrypts the second content in the obtained data using a second decryption method, which is more complicated than the first decryption method.

Encryption key management system and method

Abstract: The invention relates to an encryption key management system and method of securely communicating data. First (122) and second (124) communicating devices are provided with a first and second identical sequences or databases of encryption keys. A pointer is set in both the first and second sequences at the same encryption key. Data from the first communicating device is encrypted (130) using an encryption key adjacent the pointer in the first sequence of encryption keys. The encrypted data is then transmitted from the first communicating device and received by the second communicating device. The second communicating device decrypts (144) the encrypted data received using an encryption key adjacent the pointer in the second sequence of encryption keys. After encrypting and/or decrypting data segments, the pointers in both the first (136) and second (148) sequences of encryption keys are incremented or moved in preparation for the next data segment or communication.

Dynamic encryption and decryption of a stream of data

Abstract: Dynamic varying of encrypting of a stream of data at an encryption unit based on data content is disclosed. The dynamic varying of the encrypting, which can be responsive to passage of a predefined number of units of physical data or passage of a predefined number of conceptual units of data, is accomplished by changing at least one encryption parameter over different portions of the data. The at least one encryption parameter can comprise one or more of an encryption key, an encryption granularity, an encryption density scale, an encryption density, an encryption delay, an encryption key update variable, and an encryption key update data trigger. The change in encryption parameter is signaled to a receiver's decryption unit and used by the decryption unit in decrypting the dynamically varied encrypted stream of data. The stream of data may comprise, e.g., MPEG compressed video or audio.

Key encryption using a client-unique additional key for fraud prevention

Abstract: Encryption of a key using another key that is unique and particular to a given client is disclosed. In one embodiment, a computer-implemented method determines a first key that is unique and particular to the client, without user intervention. In varying embodiments, this key can be one or more of: a processor identifier, a network card address, an IP address, a checksum of a component, a serial number of a hard disk drive, a number of cylinders of a hard disk drive, and a user name in a registry file. At least a second key that provides access to information, such as multimedia information, is encrypted with this first key. The second key as encrypted with the first key may be stored on a storage.

The CAST-256 Encryption Algorithm

Abstract: There is always a desire in the Internet community for unencumbered encryption algorithms with a range of key sizes that can provide security for a variety of cryptographic applications and protocols.

Apparatus and method for performing and controlling encryption/decryption for data to be transmitted on local area network

Abstract: A technique for performing compression, encryption and transmission, and reception, decryption and decompression, respectively, of data communication packages on an area network.

Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files

Abstract: An encryption method that is largely transparent to a user is accomplished by intercepting a change document or open document command, carrying out an encryption or decryption process, and then completing the command on an encrypted or decrypted file. The encryption method can be used in a wide variety of environments, such as an individual computer program, a database or electronic messaging over the Internet. The encryption method can select from a plurality of encryption algorithms. The encryption method can also allow just a portion of a document to be encrypted, placed in a container, and then be represented by an object linking and embedding (“OLE”) container object or other representation supported by the file.

Electronic watermarking method, digital information distribution system using such method, and storage medium storing program of such method

Abstract: An electronic watermarking method includes the steps of generating a plurality piece of information with different electronic watermark information, generating a plurality piece of encrypted information through encryption of the plurality piece of information with each independent encryption key, generating a plurality of encrypted encryption keys through encryption of each independent encryption key with each different encryption key, transmitting the plurality piece of encrypted information and the plurality of encrypted encryption keys to a user, the first to fourth steps being executed by a server, and selecting each pair of a piece of the plurality of encrypted information and a corresponding encrypted encryption key, the fifth step being executed by the user, wherein only some of the encryption keys are multiplied by random numbers.

Asymmetric encrypted pin

Abstract: Secure protection and distribution of a personal identification number (PIN) is achieved by using a first encryption process only for PIN data and a second encryption process for non-PIN data. The first encryption process uses asymmetric encryption, where a public key is used for encryption of PIN data and a private key, held only by an authorizing agent, is used to decrypt the PIN data. The second encryption process uses a key which is available to an authentication requestor, such as merchants. A party seeking authentication of PIN data must forward the encrypted PIN data to an authorizing agent along with account data necessary to validate the PIN data. The authentication requestor is provided with a signal which is indicative of the verification status of the PIN data without being privy to the contents of the PIN data.

Status Report on the First Round of the Development of the Advanced Encryption Standard

Abstract: In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect sensitive (unclassified) Federal information in furtherance of NIST’s statutory responsibilities. In 1998, NIST announced the acceptance of 15 candidate algorithms and requested the assistance of the cryptographic research community in analyzing the candidates. This analysis included an initial examination of the security and efficiency characteristics for each algorithm. NIST has reviewed the results of this research and selected five algorithms (MARS, RC6™, Rijndael, Serpent and Twofish) as finalists. The research results and rationale for the selection of the finalists are documented in this report. The five finalists will be the subject of further study before the selection of one or more of these algorithms for inclusion in the Advanced Encryption Standard.

Context-agile encryption for high speed communication networks

Abstract: Different applications have different security requirements for data privacy, data integrity, and authentication. Encryption is one technique that addresses these requirements. Encryption hardware, designed for use in high-speed communications networks, can satisfy a wide variety of security requirements if the hardware implementation is key-agile, key length-agile, mode-agile, and algorithm-agile. Hence, context-agile encryption provides enhanced solutions to the secrecy, interoperability, and quality of service issues in high-speed networks. Moreover, having a single context-agile encryptor at an ATM aggregation point (such as a firewall) reduces hardware and administrative costs. While single-algorithm, key-agile encryptors exist, encryptors that are agile in a cryptographic robustness sense, are still research topics.

Encryption with Statistical Self-Synchronization in Synchronous Broadband Networks

Abstract: Most of the data transmission networks used today are based on the technology of the Synchronous Digital Hierarchy (SDH) or Synchronous Optical Networks (SONET) respectively. However rarely, they support any security services for conffidentiality, data integrity, authentication or any protection against unauthorized access to the transmitted information. It is the subscriber's responsibility to apply security measures to the data before the information is passed on to the network. The use of encryption provides data confidentiality. This, however, requires consideration of the underlying network technology. The method described in this paper allows the use of encryption in broadband networks. The advantages of this method are the transparency of the encryption applied to the signal structure and signal format, and the automatic resynchronization after transmission errors. The used mode of operation, is called "statistical self-synchronization", because the synchronization between encryption and decryption is initiated by the presence of a certain bit pattern in the ciphertext, which occurs statistically. An encryption device, designed for SDH/SONET-networks with transmission rates of 622 Mbit/s, is to be presented.

Cryptographic device with encryption blocks connected in parallel

Abstract: A cryptographic device includes a de-multiplexer, a plurality of encryption blocks, a plurality of permutation blocks, and a multiplexer. The encryption blocks encrypt data to produce encrypted data. The de-multiplexer receives data portion from a plaintext message and directs the data portions to one of the encryption blocks, based on a value within a path control session key. Each permutation block is associated with an encryption block. Each permutation block permutes encrypted data from the encryption block associated therewith. The multiplexer receives data portions from each of the plurality of permutation blocks to produce an encrypted output data stream.

Method for dynamically updating cellular-phone-unique-encryption keys

Abstract: In a method for dynamically updating an encryption key (1000) previously stored in, and common to, each of a cellular phone (1) and an associated home location register (HLR) (2) for providing security in a cellular phone network operation, a random number (101) and shared secret random data (102) generated at least partly based on the random number (101) are transmitted and verified between the cellular phone (1) and the associated HLR (2). A previously stored version of the encryption key is then dynamically updated in both the cellular phone (1) and in the HLR (2) by independent calculations based on an algorithm using the shared secret random data (102) and the previously stored version of the encryption key (101). In this manner, the encryption key (101) is dynamically updated as desired, e.g., each time a user initiates a call, and the latest version of the encryption key (1000) independently calculated by the cellular phone (1) and the HLR (2) is not transmitted during the updating process, thereby substantially eliminating the possibility of the latest version of the encryption key being intercepted during transmission by unauthorized parties.

Method for secure communication in a telecommunications system

Abstract: A method for sending a secure message in a telecommunications system utilizing public encryption keys. All authentication parameters of each of the users, including each user's decryption key that is known only to the user, are used to verify, by public key methods, the identity of a user sending a communication to another user of the system. During the authentication process, an encryption key for use in communications between the two users may also be generated. The generated encryption key may be a private session key. Once the initial authentication is completed, the private session key can be used to perform encryption that is less computationally demanding than public key methods. In an embodiment of the invention, two communicating users may use the method to authenticate each other and generate an encryption key that is used to encrypt subsequent communications between the users. During the process of this embodiment, two encryption keys are generated. A first encryption key is used only in the authentication process, and a second encryption key is used in both the authentication process and as the key for encrypting subsequent communications. Use of two encryption keys requires that each of the two users apply its decryption key to complete the authentication and encryption key agreement process successfully.

Method and system for key management and recording medium

Abstract: PROBLEM TO BE SOLVED: To provide a key management method that is stiff against attack by a 3rd party. SOLUTION: A number of available times is respectively set to a plurality of encryption keys. An A terminal 10 uses any encryption key to generate encryption data, counts number of times of using the encryption key, selects other encryption key when the accumulated count reaches the available number of times and informs a B terminal 20 of switching information of the encryption key. The B terminal 20 uses any of a plurality of decoding keys corresponding to each of a plurality of the encryption keys to decode the encryption data, and replaces the decoding key having been used with other decoding key corresponding to the new encryption key on the opportunity of reception of the key switching information from the A terminal 10.

Network encryption system

Abstract: The present invention relates to a network encryption system and method, and particularly, to a network encryption system and method involving the encryption and/or decryption of user data using random number generation. Even more particularly, the present invention relates to encryption and/or decryption of user data using random numbers that are generated using a portion of the user data discriminated from the data frame or the data packet.

Encryption communication terminal, encryption communication center equipment, encryption communication system and storage medium

Abstract: PROBLEM TO BE SOLVED: To provide an encryption communication system where an encryption algorithm is selected for encryption communication. SOLUTION: An encryption communication terminal 2 acting like either of an information transmitter and receiver in encryption communication is provided with an encryption algorithm storage section 13 that stores one kind of encryption algorithm or over used for the encryption communication and outputs a designated encryption algorithm, a key information storage section 12 that stores a key for the encryption communication corresponding to the encryption algorithm and outputs a designated key, a control means 11 that designates which encryption algorithm and which key are to be used for the encryption communication to the encryption algorithm storage section 13 and the key information storage section 12 respectively, and an encryption decoding means 14 that decodes received encrypted information on encrypts information to be sent by using the encryption algorithm designated for the encryption algorithm storage section 13 and the key designated for the key information storage section 12.

Packet communication system for encrypted information

Abstract: PROBLEM TO BE SOLVED: To provide a packet communication system for encrypted information that realizes revision of an encryption key without the need for synchronization of the revision of the encryption key. SOLUTION: A packet transmitter is provided with a packet generating means that generates a plurality of packets for information to be transmitted, a stream encryption means 12 that generates a pseudo random number stream by using one of a plurality of encryption keys revised each packet as an initial value and encrypts part of information stored in a plurality of the packets sequentially in the unit of bits by using the pseudo random number stream, a key storage means 14 that stores an encryption key used for the encryption into the packet storing the encrypted information part and a packet transmission means 15 that sequentially transmits the packets storing the encrypted information part and the encryption key. COPYRIGHT: (C)2001,JPO

Tamper resistant postal security device with long battery life

Abstract: In accordance with the invention, a postal security device (PSD) (10) contains a non-volatile memory (13) which does not depend on battery power such as an EEPROM (13), and contains a nonvolatile memory (14, 16) which does depend on battery power, such as a static RAM. The PSD (10) also contains an encryption engine (12, 14, 22). An encryption key is developed and is stored in the static RAM (14), which is sized to be only large enough to contain the encryption key. A large body of data, too large to fit in the static RAM, is encrypted by means of the encryption engine (12, 14, 22) and with reference to the encryption key, and is stored in the EEPROM (13). This body of data typically includes cryptographic keys and sensitive bit-images. When the PSD is powered, a large RAM (typically a dynamic RAM) (16) is available to receive the large body of data, decrypted using the encryption key. A tamper switch (17) cuts power to both RAMs (14, 16) in the event of tampering.