Showing papers on "Client-side encryption published in 1999"

Multi-level encryption access point for wireless network

Abstract: A multi-level encryption scheme is provided for a wireless network. A first level of encryption is provided primarily for wireless communications taking place between a mobile terminal and an access point. In addition, a second, higher level of encryption is provided which is distributed beyond the wireless communications onto the system backbone itself. Through a key distribution server/access point arrangement, the second level of encryption provides a secure means for distributing the encryption scheme of the first level without compromising the integrity of the network.

Control and coordination of encryption and compression between network entities

Abstract: Two network entities allocate the performance of encryption and compression algorithms amongst each other in a controlled and coordinated manner so as to avoid unnecessary duplication of encryption and compression at different protocol layers and an associated waste of CPU power. For example, a first network entity performs both encryption and compression at the IP layer, and instructs the second network entity to disable PPP-layer encryption and compression. In a wireless networking example of the invention, the first network entity is a home agent (e.g., a router) for a wireless communications device and the second network entity is a foreign agent (e.g., a network access server) providing network access for the communications device. The foreign agent terminates a Point-to-Point Protocol (PPP) session with the communications device, but implements (or does not implement) PPP-layer compression and encryption algorithms under the supervision and control of the home agent.

Protected IP telephony calls using encryption

Abstract: Communication information transmitted in the broadband communication system may be in a packet format and secured using encryption techniques, for example encryption software, including a means for providing an initial security key and updated security keys to the various pieces of communication equipment located throughout the broadband communication system. When communication equipment, for example a gateway, is first registered with, for example, an IP central station, the IP central station assigns an initial encryption key to the gateway that is assigned and retained by a server, for example a call manager server, and the gateway (e.g., broadband residential gateway. This initial encryption key may be used to establish a secure two way communication between two pieces of communication equipment as an originating point communication equipment and a terminating point communication equipment.

Multi-level encryption system for wireless network

Abstract: A multi-level encryption scheme is provided for a wireless network. A first level of encryption is provided primarily for wireless communications taking place between a mobile terminal and an access point. In addition, a second, higher level of encryption is provided which is distributed beyond the wireless communications onto the system backbone itself. Through a key distribution server/access point arrangement, the second level of encryption provides a secure means for distributing the encryption scheme of the first level without compromising the integrity of the network.

Production protection system dealing with contents that are digital production

Abstract: A production protection system dealing with digital contents that are digital production includes obtaining means, first content decryption means, and second content decryption means. The obtaining means obtains data including a first content, on which first encryption has been performed, and a second content, on which second encryption has been performed. The second encryption is more difficult to decrypt than the first encryption. The first content decryption means decrypts the first content in the obtained data using a first decryption method. The second content decryption means decrypts the second content in the obtained data using a second decryption method, which is more complicated than the first decryption method.

Encryption key management system and method

Abstract: The invention relates to an encryption key management system and method of securely communicating data. First (122) and second (124) communicating devices are provided with a first and second identical sequences or databases of encryption keys. A pointer is set in both the first and second sequences at the same encryption key. Data from the first communicating device is encrypted (130) using an encryption key adjacent the pointer in the first sequence of encryption keys. The encrypted data is then transmitted from the first communicating device and received by the second communicating device. The second communicating device decrypts (144) the encrypted data received using an encryption key adjacent the pointer in the second sequence of encryption keys. After encrypting and/or decrypting data segments, the pointers in both the first (136) and second (148) sequences of encryption keys are incremented or moved in preparation for the next data segment or communication.

Dynamic encryption and decryption of a stream of data

Abstract: Dynamic varying of encrypting of a stream of data at an encryption unit based on data content is disclosed. The dynamic varying of the encrypting, which can be responsive to passage of a predefined number of units of physical data or passage of a predefined number of conceptual units of data, is accomplished by changing at least one encryption parameter over different portions of the data. The at least one encryption parameter can comprise one or more of an encryption key, an encryption granularity, an encryption density scale, an encryption density, an encryption delay, an encryption key update variable, and an encryption key update data trigger. The change in encryption parameter is signaled to a receiver's decryption unit and used by the decryption unit in decrypting the dynamically varied encrypted stream of data. The stream of data may comprise, e.g., MPEG compressed video or audio.

The CAST-256 Encryption Algorithm

Abstract: There is always a desire in the Internet community for unencumbered encryption algorithms with a range of key sizes that can provide security for a variety of cryptographic applications and protocols.

System and method for enabling encryption/authentication of a telephony network

Abstract: A system and method for enabling encryption and/or authentication services on a telephony network. A portable information device, such as a personal digital assistant is used to exchange encryption and/or authentication data with a second portable information device. The portable information devices may be linked to the telephony network to enable encryption and/or authentication services using the encryption and/or authentication data exchanged by the portable information devices.

Security improvement method and security system

Abstract: A security system prevents a commonly shared encryption key from being deciphered by an unwelcome party, while providing easier administration of encryption keys. The security system includes a memorizer 2, an encrypter/decrypter 8, a user administrator 3, a key obtainer 4, and a key distributor 5. Once the chat client joins a channel, the user administrator 3 obtains and stores user information from the chat server. The user information includes a nickname list. The key obtainer 4 selects one from other user terminals to request an encryption key therefrom. Once the key obtainer 4 receives the encryption key sent by the selected user terminal, the key obtainer 4 stores the encryption key in the memorizer 2. When the user terminal receives a request for an encryption key from another user, the key distributor retrieves and sends the encryption key from the memorizer 2 of the requesting user terminal. The security system 1 should have a key updater 6, which updates an encryption key whenever a predetermined trigger occurs. Thus, the encryption key is less likely to be deciphered. Only user terminals with the key distribution and/or update properties can distribute and/or update an encryption key. The key distribution and update properties can be granted as part of the user information.

Indirect public-key encryption

Abstract: A system and method for encrypting data communications between a client and server utilizes an untrusted proxy server to perform computationally expensive encryption calculations which would otherwise be performed by the client. Prior to transmitting the data message to the proxy server, the client masks the data message such that the data message is indecipherable to the untrusted proxy. The untrusted proxy performs the computationally expensive encryption calculations prior to transmitting the data message to the intended receiver.

Asymmetric encrypted pin

Abstract: Secure protection and distribution of a personal identification number (PIN) is achieved by using a first encryption process only for PIN data and a second encryption process for non-PIN data. The first encryption process uses asymmetric encryption, where a public key is used for encryption of PIN data and a private key, held only by an authorizing agent, is used to decrypt the PIN data. The second encryption process uses a key which is available to an authentication requestor, such as merchants. A party seeking authentication of PIN data must forward the encrypted PIN data to an authorizing agent along with account data necessary to validate the PIN data. The authentication requestor is provided with a signal which is indicative of the verification status of the PIN data without being privy to the contents of the PIN data.

Context-agile encryption for high speed communication networks

Abstract: Different applications have different security requirements for data privacy, data integrity, and authentication. Encryption is one technique that addresses these requirements. Encryption hardware, designed for use in high-speed communications networks, can satisfy a wide variety of security requirements if the hardware implementation is key-agile, key length-agile, mode-agile, and algorithm-agile. Hence, context-agile encryption provides enhanced solutions to the secrecy, interoperability, and quality of service issues in high-speed networks. Moreover, having a single context-agile encryptor at an ATM aggregation point (such as a firewall) reduces hardware and administrative costs. While single-algorithm, key-agile encryptors exist, encryptors that are agile in a cryptographic robustness sense, are still research topics.

System and method for encrypting data messages

Abstract: Data messages transmitted between computers are encrypted to provide a high level of security, yet the throughput of the encrypted data is minimally affected. In this regard, a first computer encrypts a data portion of a message via a first encryption technique before transmitting the message to a second computer. The first computer also includes information associated with the first encryption technique in a header of the message and encrypts the header via a second encryption technique, which preferably is a highly secure encryption technique. The second computer receives the data message and decrypts the header. The second computer then utilizes the information in the header that is associated with the first encryption technique to decrypt the data portion.

Encryption apparatus, cryptographic communication system, key recovery system, and storage medium

Abstract: In an encryption apparatus for encrypting a data body to contain an encrypted data body in transmission data and transmitting the transmission data to a receiver, the transmission data includes sender's key recovery data obtained by encrypting recovery information for recovering a key for decrypting the encrypted data body to allow a key recovery agent registered by a sender to decrypt the recovery information, and receiver's key recovery data obtained by encrypting the recovery information for recovering the key for decrypting the encrypted data body to allow a key recovery agent registered by a receiver to decrypt the recovery information.

Encryption with Statistical Self-Synchronization in Synchronous Broadband Networks

Abstract: Most of the data transmission networks used today are based on the technology of the Synchronous Digital Hierarchy (SDH) or Synchronous Optical Networks (SONET) respectively. However rarely, they support any security services for conffidentiality, data integrity, authentication or any protection against unauthorized access to the transmitted information. It is the subscriber's responsibility to apply security measures to the data before the information is passed on to the network. The use of encryption provides data confidentiality. This, however, requires consideration of the underlying network technology. The method described in this paper allows the use of encryption in broadband networks. The advantages of this method are the transparency of the encryption applied to the signal structure and signal format, and the automatic resynchronization after transmission errors. The used mode of operation, is called "statistical self-synchronization", because the synchronization between encryption and decryption is initiated by the presence of a certain bit pattern in the ciphertext, which occurs statistically. An encryption device, designed for SDH/SONET-networks with transmission rates of 622 Mbit/s, is to be presented.

Dynamically adjustable software encryption

Abstract: A method, system, and computer program product for dynamically adjusting the encryption level based on the geographic location of a software program are disclosed. The method includes an initial step of determining a geographic location associated with the software program. An encryption level is selected based upon the determined geographic location. The software program is then executed utilizing the selected encryption level. In one embodiment, determining the geographic location is achieved by determining the geographic location of a computer system on which the software program will be executed, preferably through the use of a Global Positioning System. The Global Positioning System may comprise an I/O device of the computer system on which the software executes. In one embodiment, the selected encryption level may be overridden by a Smart Card or other secure device connected to the computer system. In one embodiment, the available encryption levels include, at a minimum, a U.S. encryption level, a non-French European encryption level, and a French encryption level.

Packet communication system for encrypted information

Abstract: PROBLEM TO BE SOLVED: To provide a packet communication system for encrypted information that realizes revision of an encryption key without the need for synchronization of the revision of the encryption key. SOLUTION: A packet transmitter is provided with a packet generating means that generates a plurality of packets for information to be transmitted, a stream encryption means 12 that generates a pseudo random number stream by using one of a plurality of encryption keys revised each packet as an initial value and encrypts part of information stored in a plurality of the packets sequentially in the unit of bits by using the pseudo random number stream, a key storage means 14 that stores an encryption key used for the encryption into the packet storing the encrypted information part and a packet transmission means 15 that sequentially transmits the packets storing the encrypted information part and the encryption key. COPYRIGHT: (C)2001,JPO

Accelerated Remotely Keyed Encryption

Abstract: Remotely keyed encryption schemes (RKESs) support fast encryption and decryption using low-bandwidth devices, such as secure smartcards. The long-lived secret keys never leave the smartcard, but most of the encryption is done on a fast untrusted device, such as the smartcard’s host.

System and method for alternative encryption techniques

Abstract: A system and method for verifying the identification of a user and securely establishing an encryption key for a communication between the user and a verifying entity, such as a bank, which makes use of the numeric value of the user's personal identification number (PIN) known only to the user and the bank and resolves the man-in-the-middle problem. The system and method replaces a public parameter with the customer's PIN to provide an encryption mechanism that is less complex than existing protocols. Use of the protocol enables new products and improvement of existing products using a service access device and service access device interface, including, for example, self-service terminals.

Data recording/reproducing device using portable storage medium

Abstract: PROBLEM TO BE SOLVED: To secure the securecy and the genuineness of data by holding encryption secret information including an encryption key signal or an encryption key generating information for generating an encryption key signal and performing the cryptographic processing of data for system management while using the encryption secret information and recording the ciphered data for system management in the system management area of a storage medium. SOLUTION: When the data received from an external PC 110 via a communication part 102 are written on a portable storage medium 100, data for system management are read out in a memory part for work 103. The data received from the external PC 110 are written on the medium 103 by using decoded data for system management. Since the constitution of the data on the medium 100 is updated, the data for system management on the memory for work 103 are also updated. The data for system management on the memory for work 103 are ciphered by using a ciphering part 107 and the ciphered data for system management are written in the system management area of the medium 100 by using a portable storage medium driving part 108.

Packet encryption device and program recording medium

Abstract: PROBLEM TO BE SOLVED: To provide a packet encryption device that can prevent an MPEG 2 transport stream from being copied illegally and realize a special reproduction function, without the need for provision of an encryption decoding means to a recording device or a reproduction device of a recording medium. SOLUTION: This packet encryption device applies encryption to part of transport packets, configuring an MPEG 2 transport stream excepting at least a synchronizing code in the unit of the transport packets in a way of the encryption, such that the transport packets with the same packet ID are intermingled with encrypted packets and not encrypted packets and multiplexes an encryption flag, denoting whether the encryption is applied to each of the transport packets having the same packet IDs.

Secure data entry peripheral device

Abstract: A secure data entry peripheral device in a computer system featuring an encryption technique integrated within the device itself, and not by other means, so that each transmission of data from the peripheral device is already encrypted, giving it a high level of security with its initial transmission. Encryption on the proposed single chip microprocessor is completely secure because the 'Keyboard', 'Data entry' or 'Analog voice' encoding and encryption are on the same chip by storing encryption keys and secure data in EEPROM memory (31). There is no opportunity for external interference, which could compromise the integrity of the data enabling maintenance of a high security level. The device can be applied to a keyboard, computer mouse or voice recognition circuit used as data entry devices. Since each device utilizes a microcontroller (25) in its standard configuration, the encryption technique of the present invention can be applied easily and efficiently.

Remotely keyed encryption using non-encrypting smart cards

Abstract: Remotely keyed encryption supports fast encryption on a slow smart card. For the scheme described here, even a smart card without a builtin encryption function, would do the job, e.g., a signature card.

ssmail: Opportunistic Encryption in sendmail

Abstract: Much electronic mail is sent unencrypted, making it vulnerable to passive eavesdropping. We propose to protect email privacy by building encryption functionality into ESMTP mailers. Our solution, ssmail, provides fast, simple encryption for sendmail that does not require user intervention or reliance on public key infrastructure. We added a small number of steps to an ESMTP session, thereby allowing a client and server to create a secret, one-time session key used to encrypt the mail transfer session. ssmail relies on caching to reduce key generation overhead. The overhead imposed by our encryption scheme is minimal, allowing even busy mail servers to support privacy.We placed our encryption mechanism within the mail transfer agent itself, allowing people to use privacy protection software without having to know how to run an encryption program explicitly. Furthermore, we are able to encrypt the email transmission session, protecting such information as sender and recipient identities. The speed and simplicity of ssmail make it a very useful addition to widely deployed ESMTP mailers. Our solution can also be adopted easily by other mailers, and can be extended to use other encryption algorithms.

A Universal Encryption Standard

Abstract: DES and triple-DES are two well-known and popular encryption algorithms, but they both have the same drawback: their block size is limited to 64 bits. While the cryptographic community is working hard to select and evaluate candidates and finalists for the AES (Advanced Encryption Standard) contest launched by NIST in 1997, it might be of interest to propose a secure and simple double block-length encryption algorithm. More than in terms of key length and block size, our Universal Encryption Standard is a new construction that remains totally compliant with DES and triple-DES specifications as well as with AES requirements.

Satellite Encryption

Abstract: From the Publisher: A step above any other book on satellite encryption, John Vacca presents a secure encrypted wireless environment encompassing direct satellite communications and land based communications links. Satellite Encryption will leave little doubt that a new world infrastructure in satellite communications and encryption is about to be constructed. The implications of the coming boom in satellites are revolutionary for those who do not have access to secure data in remote locations around the world. This book discusses how the new satellites (SubLEOs, LEOs, MEOs and GEOs) will carry encrypted high-speed voice calls from hand-held phones, and depending on the system, low and high speed data. Satellite Encryption begins by identifying the role of satellite encryption technology trends. It examines the pace the national cryptography policy must keep up with, the political environment, and the significant changes in the post-Cold War environment that call attention to the need for and the impact that a cryptography policy would have domestically and internationally. The instruments and goals of the current U.S. satellite encryption policy and some of the issues raised by that policy are discussed, as well as development, implementation, and management of advanced satellite encryption options and strategies that will forever change the way organizations do business.

Two Important Data Encryption Structures Reported Broken in Record Times

Abstract: Paul Kocher, John Gilmore, and their associates in the San Franciscobased Cryptography Research reportedly decrypted two important data encryption structures in what was described in each instance as recordsetting times. One is the U.S. Data Encryption Standard, or DES, used widely in numerous unclassified U.S. government agency and banking industry funds storage and transfer and other highly sensitive information-processing applications. the other is the data encryption mechanism that is used in the latest generation of so-called smart cards.

Electronic watermarking method and electronic information distribution system

Abstract: of EP0932298An electronic information distribution system that exchanges data across a network at the least comprises a first entity, including first encryption means, for performing a first encryption process for the original data, a second entity, including management distribution means for, at the least, either managing or distributing the data that are provided by the first encryption process, and including electronic watermark embedding means for embedding an electronic watermark in the data, and a third entity, including second encryption means for performing a second encryption of the data in which an electronic watermark is embedded.

Electronic mail server system

Abstract: PROBLEM TO BE SOLVED: To provide an electronic mail server system, that is preconditioned to ensure the security by sending/receiving an encrypted electronic mail between a sender and a recipient and can make transmission reception of the encrypted electronic mail by different encryption methods and algorithm, without the need for unifying the encryption protocol of the electronic mails, according to each mailing list and without the need for preparation of a public key for each of encryption methods and algorithms. SOLUTION: The electronic mail server system is provided with an ML database D1 that stores encryption methods used by recipients, a public key database D2 that stores the public key by each recipient, and a multi-protocol compatible encryption ML server 20 that decodes an encrypted electronic mail sent from a TLS (SSL) compatible mail transmission tool 10, encrypts the electronic mail for each recipient, by using the public key stored in the public key database according to the encryption method stored in the ML database and transmits the encrypted electronic mail to the recipient. COPYRIGHT: (C)2001,JPO