Showing papers on "On-the-fly encryption published in 1994"

Method and apparatus for efficient real-time authentication and encryption in a communication system

Abstract: Radio frequency based cellular telecommunication systems often require both subscriber units (100) and communication units (130) of a fixed network communication system to maintain secret data which may be used to verify authenticity as well as provide encrypting variables for message encryption processes. An efficient real-time authentication method and apparatus are provided which use a single message (210) to provide authentication and communication link setup information. Further, an authentication method and apparatus are provided which uses instant-specific information such as a time of day, radio frequency carrier frequency, a time slot number, a radio port number, access manager identifier, a radio port control unit identifier, or a base site controller identifier to enhance the reliability of the authentication process. Furthermore, a method and apparatus are provided for maintaining secure packet data communications through an encryption process by utilizing a packetized message encryption key (502) and a unique packet number (504) as encryption variables.

Computer network encryption/decryption device

Abstract: A computer network encryption/decryption device includes at least one microprocessor, microprocessor support hardware, at least two network ports for connecting to upstream and downstream networks, memory hardware for storing program, configuration, and keylist data, and data encryption/decryption hardware. Both network ports have the same network address, making the device transparent to the local area network in which it is spliced. The device operates by selectively encrypting or decrypting only the data portion of a data packet, leaving the routing information contained in the header and trailer portions of the data packet unchanged.

Authenticated encryption schemes with low communication costs

Abstract: A possible application of the Nyberg-Rueppel digital signature scheme is for authenticated encryption. The authors present schemes in which the communication costs are low in comparison to the basic scheme and which can be constructed from the Nyberg-Rueppel digital signature scheme.

Space requirements for broadcast encryption

Abstract: Fiat and Naor [5] presented at Crypto '93 a new encryption scheme designed for broadcast transmissions. The feature of this scheme is to allow a central broadcast site to broadcast secure transmissions to an arbitrary set of recipients. In this paper we model the problem of unconditionally secure broadcast encryption schemes with an information theoretic framework. We obtain tight limitations both on the number of private keys associated with each user and on the number of keys generated by the center. Finally, we consider the model where interaction is allowed in the common key computation phase proving that the interaction cannot help in decreasing the size of the pieces of information given to the users in the broadcast encryption schemes.

Systems and methods for protecting software from unlicensed copying and use

Abstract: Disclosed are systems and methods for protecting a software program from unauthorized use and copying through the removal at least one of a plurality of instructions comprising a software program, and encrypting the removed instruction utilizing an encryption algorithm to produce an encrypted instruction, the encryption algorithm responsive to a randomly generated key.

Key management in an encrypting file system

Abstract: As distributed computing systems grow in size, complexity and variety of application, the problem of protecting sensitive data from unauthorized disclosure and tampering becomes increasingly important. Cryptographic techniques can play an important role in protecting communication links and file data, since access to data can be limited to those who hold the proper key. In the case of file data, however, the routine use of encryption facilities often places the organizational requirements of information security in opposition to those of information management. Since strong encryption implies that only the holders of the cryptographic key have access to the cleartext data, an organization may be denied the use of its own critical business records if the key used to encrypt these records becomes unavailable (e.g., through the accidental death of the key holder). This paper describes a system, based on cryptographic "smartcards," for the temporary "escrow" of file encryption keys for critical files in a cryptographic file system. Unlike conventional escrow schemes, this system is bilaterally auditable, in that the holder of an escrowed key can verify that, in fact, he or she holds the key to a particular directory and the owner of the key can verify, when the escrow period is ended, that the escrow agent has neither used the key nor can use it in the future. We describe a new algorithm, based on the DES cipher, for the on-line encryption of file data in a secure and efficient manner that is suitable for use in a smartcard.

Dual key reflexive encryption security system

Abstract: A security system is disclosed, which system is for granting access to a host computer in response to a demand from a remote computer. The security system has a permanent encryption key mounted on the remote computer. The software portion of the system provides for the identification number associated with the permanent encryption key to be sent unencrypted to the host computer. Using the identification number the host computer selects an encryption device and encrypts a transitory encryption key generated by the host computer and transmits the transitory encryption key to the remote for emplacement on a write-only receptor in the permanent encryption key. Thereafter a comparator in the host computer, in response to encrypted identifying data transmitted from the remote computer and encrypted with said the transitory encryption key, authenticates the access demand. Access is granted by the host computer to the remote computer upon the favorable comparison of an encrypted identifier provided by the remote computer.

Method and apparatus for transmitting and receiving encrypted signals

Abstract: An encrypted signal compatible with first and second encryption systems is generated by producing encryption data signals relating to each encryption system. A difference signal is derived from the two encryption data signals and the signal to be encrypted is encrypted in accordance with one of the encryption systems. At an output the encrypted signal, the two encryption signals, and the difference signal are made available. At a decoder compatible with, for example, the first encryption system, the encrypted data, the second encryption data signal, and the different signal are received. The decoder can then derive the first encryption data signal from the second encryption data signal and the difference signal and can then decode the encrypted signal.

Common cryptographic key verification in a transaction network

Abstract: A stored value transaction system has a plurality of value storing transfer devices, including at least one local device, collection device, consolidation device and settlement device. First and second transfer devices are provided for performing a value information transfer transaction between each other. First and second cryptographic verifiers within the first and second transfer devices, respectively, provide individual first and second secure transaction determinations and permit the value information transfer transaction in accordance with the first and second individual secure transaction determinations. The first and second cryptographic verifiers include respective first and second pluralities of encryption keys. The first and second pluralities of encryption keys have at least one common encryption key whereby both the first secure transaction determination and the second secure transaction determination are made in accordance with the common encryption key. The common encryption key may be a network authority key.

Method and apparatus for protecting cordless telephone account authentication information

Abstract: The present invention provides an apparatus for use in a telecommunication system which includes a local unit such as a cordless telephone handset and a remote unit. The apparatus generates an encrypted confirmation in the local unit in response to an inquiry received from the remote unit. The apparatus comprises receiving means for receiving the inquiry; memory means for storing a scrambled encryption key; descrambling means operatively coupled with the memory means for receiving the scrambled encryption key and for descrambling the scrambled encryption key responsive to a first predetermined digital code to produce a descrambled encryption key; and encryption means for generating an encrypted confirmation in response to the inquiry, the encrypted confirmation being encrypted using the descrambled encryption key. The invention further includes a code means such as a fuse bank for establishing the first predetermined digital code.

Graphical manipulation of encryption

Abstract: A method and apparatus for graphical manipulation of encryption. In one embodiment, the invention provides an encryption work area window within a graphical user interface. A user may encrypt an unencrypted object by dropping an icon associated with the unencrypted object on the encryption work area. An encrypted object located within the encryption work area is decrypted when opened and encrypted when closed. An encrypted object located within the encryption work area is decrypted if it is dragged and dropped outside the encryption work area and decryption is selected; alternatively, the encryption of the encrypted object is maintained if it is dragged and dropped outside the work area and maintain encryption is selected.

Local area network encryption/decryption system

Abstract: The present invention relates to a data encryption and/or decryption system comprised of apparatus for storing encryption and/or decryption keys, an encryption (11) and/or decryption processor for receiving data signals, for receiving the key or keys from storing apparatus, and for encrypting or decrypting the data signals, in accordance with the key or keys, an output data bus (1) for receiving the encrypted or decrypted signals from the processor, apparatus for plugging the system into a read-only memory (ROM) socket (9) of a computer for access to a source of the data signals and to the output data bus, whereby the data signals are received, and encrypted data signals are passed through the ROM socket (9).

On the security of the CAST encryption algorithm

Abstract: We examine a new private key encryption algorithm referred to as CAST. Specifically, we investigate the security of the cipher with respect to linear cryptanalysis. From our analysis we conclude that it is easy to select S-boxes so that an efficient implementation or the CAST algorithm is demonstrably resistant to linear cryptanalysis. >

A Method for Loading Encryption Keys Into Secure Transmission Devices

Abstract: An encryption code and at least one key are provided to a secure transmission device, via an external keying device (100) and stored in a first volatile memory (102). An encrypted representation of the at least one key, based on the encryption code and the at least one key, is generated and stored in a non-volatile memory (103). Upon power down of the secure transmission device, the encryption code is stored in a second volatile memory (106) and the at least one key and encryption code stored in the first volatile memory (102) are erased.

Encryption key control system for mail processing system having data center verification

Abstract: A key control system comprises the generation of a first set of keys (44) which are then used for a plurality of respective postage meters (12). The keys are then related to a respective meter in accordance with a map or algorithm. The keys may be changed by entering the second key via an encryption (DES) using the first key.

Method for identifying corrupt encryption keys within a secure communication system

Abstract: A resource allocator (108) receives, from a first communication unit, a request to establish secure communications with at least a second communication unit. A key identifier is retrieved by the resource allocator and transmitted to at least the second communication unit. Based upon the transmitted key identifier, the second communication unit retrieves an identified encryption key and, at least when the identified encryption key is corrupt, transmits a corrupt key indication to the resource allocator. In response, the resource allocator can assign a default key identifier for use in the secure communication. In this manner, missed communications due to encryption key failures are reduced.

A method for loading and utilizing a key in a secure transmission device

Abstract: An encryption code and at least one key are provided to a secure transmission device, via an external keying device, and stored in a volatile memory. A user code, entered via a keypad by a user, is received by the secure transmission device. An encrypted representation of the at least one key, based on the encryption code and the at least one key, is generated and stored in a non-volatile memory. Also, an encrypted representation of the encryption code and the user code, based on the user code, are generated and stored in the non-volatile memory. Upon power down of the secure transmission device, the at least one key and encryption code stored in the volatile memory are erased.

Pseudorandom composition-based cryptographic authentication process

Abstract: The pseudorandom process iteratively applies a selected CRC encryption process on the information to be encrypted. The encryption process is selected by testing one of the digits comprising the number to be encrypted. A first encryption process is used if the tested digit is a 1; a second encryption process is used if the tested digit is a 0. The process is repeated a plurality of times, e.g. once for each digit in the number to be encrypted, resulting in a highly encrypted value that is not easily reverse engineered by chosen or known plaintext attack.

Encryption communication method and terminal device for encryption communication

Abstract: In a calling facsimile, if an operator sets an encryption communication mode, a random number sequence is generated by a random number generating section 15. A control section 11 produces an encryption key from the random number sequence, and transmits the random number sequence used for producing the encryption key to a telephone line 3 with the random number sequence included in NSS which is an option signal. At the same time, an encryption/decryption processing section 16 subjects information to be transmitted to encryption processing on the basis of the encryption key. The encrypted information is transmitted to the telephone line 3. On the other hand, in a called facsimile, the encryption key is reproduced on the basis of the random number sequence included in the NSS, and the received information is decrypted on the basis of the reproduced encryption key. Accordingly, the encryption key need not be determined in advance between a transmitter and a receiver. Further, the encryption key does not leak during transmission, thereby protecting the security of communication.

A key distribution method for object-based protection

Abstract: In any scheme for protecting the confidentiality of data, selecting a key and encrypting the data is the easy part. The difficult part is controlling access to decryption keys. This becomes particularly significant with object-based protection, that is protection of an object, such as a file or a message, regardless of where the object is currently being stored or transferred within a distributed environment. An example of object-based protection is traditional electronic mail encryption, where access control amounts to selecting a list of individuals permitted to decrypt a message and attaching copies of the symmetric encryption key, encrypted using their public keys, to the encrypted message content. We present a different means of controlling access to decryption keys which can support more flexible access control rules and can better reflect security policy. It is particularly suitable for use in such data distribution environments as public file servers, bulletin boards, commercial information dissemination services, and groupware applications. Because all participants need to trust central servers, the method is less suitable for loosely-connected groups than for medium to large commercial or government organizations.

Combining data compression and encryption

Abstract: As data communication becomes more pervasive and complex and the use of digital data evermore wide spread, data security becomes a wider, more complex and more important problem. Encryption can be an important tool to help improve data security. At first thought, data compression and data encryption are incompatible because encrypted data cannot be compressed by any known compression algorithms. Encryption can be applied after compression, but this requires additional processing or hardware. However, fixed library autosophy tree network data compression can combine encryption by using the library as the code key. Under appropriate conditions the compression ratio can be high, the encryption strong, and no additional processing is required for encryption. >

Effective software-oriented cryptosystem in complex PC security software.

Abstract: To ensure high encryption rate and good data security, an organization of an encipherement program in the form of two modules was proposed. The first module is used for customizing the second one, the latter being the resident of the program, wich maintains all application calls about encryption procedures. This approach is shown to be perspective for the elaboration of the cryptosystems with indefinite cryptalgorithm. Several typical software‐oriented cryptoschemes are considered. The developed cryptomodules have high encipherement rate (2‐10 Mbps for Intel 386) and secure high information protection level. Organization of a new computer security software complex COBRA is considered. High enciphering rate and good data protection are provided by the resident cryptomodule using less than 1 kbyte of the main memory and working in dynamic encryption mode.