Showing papers on "Attribute-based encryption published in 1997"

All-or-Nothing Encryption and the Package Transform

Abstract: We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption This mode has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext We give a specific way of implementing all-or-nothing encryption using a “package transform≓ as a pre-processing step to an ordinary encryption mode A package transform followed by ordinary codebook encryption also has the interesting property that it is very efficiently implemented in parallel All-or-nothing encryption can also provide protection against chosen-plaintext and related-message attacks

Encryption-based selection system for steganography

Abstract: A data security system which produces a steganographic selection key by using an encryption key as both the key and as the data to be encrypted. First an encryption key is copied multiple times to form a data block which is then encrypted using the same key. The resulting ciphertext is then used as a selection key to select locations in a secondary data stream. These selected locations are then modified with the original data to be encoded. Restoration of the original data is accomplished by using the selection key to locate the modified areas of the data stream, extracting the data found there, and then decrypting the extracted data with the cyphertext.

Method of public key cryptography that includes key escrow

Abstract: A key escrow encryption method, where two users each have secret encryption keys and corresponding public encryption keys. One user receives the public encryption keys of the other user and generates a first datum based on them, an identifier of the other user, the secret encryption keys and identifier of the user, and an access restriction. The user generates a second datum based on the first datum and another access restriction. The user generates a key based on the first and second datums. The user encrypts a message using the key and sends it to the other user. Key escrow is included by requiring each user to distribute its secret encryption keys among escrow agents. The escrow agents transform, sign, and transmit it to a certifying authority. The certifying authority signs and publishes it as user's public key certificate. To communicate, a user retrieves the certificate of the other user, forms a key, encrypts a message, and transmits it to the other user. The other user retrieves the certificate of the user, forms the key, and decrypts the message. A key encryption key scheme may be used. A third party may intercept the message, receive authorization, receive portions of the key from the escrow agents, recover the key, and recover the message. A data recovery scheme may be used.

Physical property based cryptographics

Abstract: According to the present invention, piracy of secret data is prevented without an attack detecting circuit or data deleting circuit. In a secret data processing unit, a cell contains fluid in a sealed space. Code generators arranged in the sealed space receive a code generation request to generate codes specified by the pressure value of the fluid. A key generator disposed in the sealed space generates encryption keys/decryption keys specified by the generated codes. An encryptor/decryptor also disposed in the sealed space receives requests for secret data encryption/requests for encrypted secret data decryption, and outputs code generation requests to the code generator to encrypt the secret data/decrypt the encrypted secret data by using the generated encryption key/decryption key. Both codes and encryption keys/decryption keys generated and used, are not statically stored in the cryptographic processing unit.

Computer implemented secret object key block cipher encryption and digital signature device and method

Abstract: A computer implemented method and device for creating object keys to be used with a 4096-bit secret key block cipher data encryption process and a 2048-bit secret key digital signature process. The object keys are dynamic keys, i.e., changing throughout the encryption process. The dynamic object keys are composed of a static initial state that is created by the user and a method that modifies the keys based on seeding from a random session key object. The object key modification is performed for each plaintext data block so that each data block is encrypted using a different key. The initial state of the object key is also used in a block cipher encryption process to encrypt a 512-bit random session key. Data blocks of 64 bytes each are encrypted utilizing a different key, provided by the object key, for each block. The ciphertext (encrypted file) is transmitted into a keyed hashed function that utilizes a 2048-bit object key to produce a unique 2048-bit digital signature that is appended to the ciphertext. The digital signature object key is seeded with the input data. Decryption is accomplished by reversing the encryption process.

Device and method for dynamic encryption

Abstract: An apparatus and method for dynamic encryption of information including data, voice, and graphics, consisting of a random access memory containing encryption and decryption programs and the information to be encrypted and decrypted, an encryption processor executing the encryption and decryption programs, the encryption and decryption programs being a code set whose members are distinct encryption/decryption codes executed serially by the encryption processor to encrypt and decrypt the information, and also being optionally repetitively executed, and a data set in the random access memory specifying the order and execution and number of repetitions of each member of the code set.

Method for secure communications in a telecommunications system

Abstract: A method for sending a secure message in a telecommunications system utilizing public encryption keys. All authentication parameters of each of the users, including each user's decryption key that is known only to the user, are used to verify, by public key methods, the identity of a user sending a communication to another user of the system. During the authentication process, an encryption key for use in communications between the two users may also be generated. The generated encryption key may be a private session key. Once the initial authentication is completed, the private session key can be used to perform encryption that is less computationally demanding than public key methods. In an embodiment of the invention, two communicating users may use the method to authenticate each other and generate an encryption key that is used to encrypt subsequent communications between the users. During the process of this embodiment, two encryption keys are generated. A first encryption key is used only in the authentication process, and, a second encryption key is used in both the authentication process and as the key for encrypting subsequent communications. Use of two encryption keys requires that each of the two users apply its decryption key to complete the authentication and encryption key agreement process successfully.

Sliding Encryption: A Cryptographic Tool for Mobile Agents

Abstract: The technology of mobile agents, where software pieces of active control and storage (called mobile agents) travel the network and perform tasks distributively, is of growing interest as an Internet technology. Similarly, smartcard holders can be considered mobile users as they access the network at various points. Such mobile processing can be employed in large scale census applications in statistics gathering, in surveys and tallying, in reading and collecting local control information, etc.

Method and apparatus for secure communications with encryption key scheduling

Abstract: A communication device (122) supports secure communications using automated encryption key scheduling. The communication device (122) is provided with access to one or more schedules having entries of specific time periods, such as date and time of day information, that govern selection of encryption keys. A schedule is selected and accessed using current time information to obtain an encryption key (310, 320, 330). Subsequent communications are conducted using the obtained encryption key (340).

Cryptographic system with masking

Abstract: A system for cryptographically transforming a sequence of input blocks of plaintext or ciphertext data into corresponding sequence of output blocks of data while providing enhanced protection against cryptographic attacks. Each input block is enciphered using a first key to generate a first encryption product, which is combined with a first secret masking value generated independently of the input blocks to generate a masked first encryption product. Each masked first encryption product is then enciphered using a second key to generate a second encryption product, which is combined with a second secret masking value generated independently of the input blocks to generate a masked second encryption product. Finally, each masked second encryption result is enciphered using a third key to generate an output block corresponding to the input block.

Conditional access system using messages with multiple encryption keys

Abstract: The invention relates to a conditional access system making it possible for a service provider to supply his services solely to users having acquired entitlements to these services. The services supplied by a service provider consist of an item scrambled by control words. To keep these control words secret, they are supplied in messages (MEC) after having been encrypted with an encryption algorithm with key K. According to the invention, one and the same message (MEC) contains the same control word (Cwi) encrypted several times, each encryption (E(Cwi)Kj) of the control word depending on a different encryption key (Kj). The invention applies to any type of conditional access system, be this system either of "off-line" or "on-line" type.

Method of setting up secure communications and associated encryption/decryption system

Abstract: A method of establishing secure communication between users by means of a public key encryption/decryption system comprises the following steps: a center generates a pair of keys comprising a secret key and a public key, the center's public key is supplied to a user, this user generates a pair of keys specific to this user comprising a secret key and a public key but the public key of this user is encrypted with the center's public key, this user transmits to the center their own public key encrypted with the public key of the center, and the center decrypts the public key of this user and if this user is approved by the center, the center retransmits to this user the public key of this user encrypted with itself. This method provides centralized control of users' public keys.

Method of establishing secure, digitally signed communications using an encryption key based on a blocking set cryptosystem

Abstract: The encryption key based on a blocking set cryptosystem includes knowledge of the blocking set, and ciphers (usually independent) on the blocking set and its complement. In order to decipher, a legitimate receiver needs to know only the blocking set and the cipher used on it. Thus it is not necessary for the sender to transmit to anyone the cipher on the complement of the blocking set. The fact that part of the encryption key need not be transmitted is the fundamental difference between the proposed cryptosystem and the so-called private key system, where both the sender and receiver know, but keep secret, the encryption and decryption keys. Particularly useful applications of this scheme are two situations where a central person, institution or computer send out confidential information to several parties, but where none of the parties has the authority to transmit information to the group. This might apply to the main branch of a company, or to a certification authority in a cryptographic protocol. It can also be used to establish an access hierarchy in a computer or security network.

Encryption communication system and encryption communication repeater

Abstract: PROBLEM TO BE SOLVED: To provide the encryption communication system and encryption communication repeater where troublesome processing of keys for a transmitter computer conducting encryption communication is not required, consumption of a memory capacity for storing the keys is avoided, and key management required for encryption communication among lots of computers is conducted efficiently. SOLUTION: A repeater 7 is introduced between computers 1, 14 that conduct mutual encryption communication, the repeater 7 stores a common key between the transmitter computer 1 and the receiver computer 4, an encrypted message from the transmitter computer 1 is decoded and encrypted with a common key to the receiver computer 4 and the encrypted message is sent to the receiver computer 4. Thus, the transmitter computer 1 manages only the common key to the repeater 7 to make the encryption communication with lots of destination computers 4-7 thereby facilitating the key management. COPYRIGHT: (C)1998,JPO

Establishing a key hierarchy for conditional access without encryption

Abstract: Conditional Access systems use special key management schemes which ensure that encrypted broadcast services can only be accessed by those who are entitled to receive them. In many cases, a key hierarchy is used for this purpose. In this article, solutions are presented to improve existing Conditional Access systems by using deeper key hierarchies, and by establishing these hierarchies without the use of encryption techniques.

On Characterization of Escrow Encryption Schemes

Abstract: Designing escrow encryption schemes is an area of much recent interest. However, the basic design issues, characterizations and difficulties of escrow systems are not fully understood or specified yet. This paper demonstrates that in public-key based escrow, the combination of (1) two different receivers (intended receiver and potentially law enforcement); and (2) on-line verified compliance assurance by the sender which ensures that law enforcement can decrypt ciphertext upon court order, is equivalent to a “chosen ciphertext secure public-key system” (i.e., one secure against an adversary who uses the decryption oracle before trying to decipher a target ciphertext). If we further add measures to ensure that law enforcement is given access to messages only within an authorized context and law enforcement is assured to comply as well (i.e., it cannot frame users), then the escrow system is equivalent to “non-malleable encryption schemes”. The characterizations provide a theoretical under-pinning for escrow encryption and also lead us to new designs.

Improved generation of encryption key

Abstract: A set of Diffie-Hellman data encryption values is generated prior to receiving a request for the data encryption values. The data encryption values are then stored in a database. The generating and storing steps are performed repeatedly thus creating a stored table of data encryption values in the database. When a new user calls to activate a mobile station, a cellular network can select from among precalculated Diffie-Hellman data encryption values immediately transmit the values to the mobile station.

Computer-implemented data encryption and decryption development environment

Abstract: A computer-implemented apparatus, method, and article of manufacture for data encryption and decryption. A Subjective Encryption Environment (SEE) is performed by the computer, wherein the Subjective Encryption Environment comprises a Subjective Encryption Shell (SES) performed by the computer, that ties together and regulates all related processes of the Subjective Encryption Environment. The Subjective Encryption Shell comprises an Encryption Procedure Editor (EPE) performed by the computer and an Encryption Command Processor (ECP) performed by the computer. The Encryption Procedure Editor comprises a computer program performed by the computer for defining encryption and decryption procedures in the computer, and the Encryption Command Processor comprises a computer program performed by the computer for executing the defined encryption and decryption procedures in the computer.

Open Encryption Key Systems

Abstract: The polyalphabetic encryption methods discussed so far use a key for encryption and a key for decryption. Crypto systems with self-reciprocal encryption steps use the same key for both, of course. In general, there are two possibilities: (1) There is only one key. The same key character has its particular meaning for encryption and for decryption. This is the case for DES (Sect. 9.6.1). (2) There are two keys, the encryption key and the decryption key.

Method of concealing a secret code in a computer authentication device

Abstract: The access code (s) is encrypted using an encryption function (g) to form an image of the secret codes. This image of the secret code is stored in an authentication device. Initially an encryption function (g) is chosen. The encryption function is such that for each stored image of the secret code it corresponds to multiple antecedent codes (s1, ...,sn) all different to the secret code, but which, once encrypted, have an image identical to that of the secret code. The secret code has n characters (c1, ...,cn) and the encryption function associates these n characters with a code image of k characters.