Showing papers on "On-the-fly encryption published in 1999"

Multi-level encryption access point for wireless network

Abstract: A multi-level encryption scheme is provided for a wireless network. A first level of encryption is provided primarily for wireless communications taking place between a mobile terminal and an access point. In addition, a second, higher level of encryption is provided which is distributed beyond the wireless communications onto the system backbone itself. Through a key distribution server/access point arrangement, the second level of encryption provides a secure means for distributing the encryption scheme of the first level without compromising the integrity of the network.

Methods, systems and computer program products for multi-level encryption

Abstract: Methods, systems and computer program products are provided which encrypt a document by dividing the document into at least a first portion having a first security level and a second portion having a second security level. The document is then encrypted utilizing at least two encryption keys so as to encrypt the first portion of the document with a first of the at least two encryption keys and so as to encrypt the second portion of the document with a second of the at least two encryption keys. Preferably, the document is sequentially encrypted utilizing at least two encryption keys so as to encrypt the first portion of the document with a first of the at least two encryption keys and so as to encrypt the first and the second portion of the document with a second of the at least two encryption keys. An encrypted document utilizing the encryption techniques of the present invention is also provided as are methods, systems and computer program products for decrypting such documents.

A method and a device for encryption of images

Abstract: In a method and a device for partial encryption and progressive transmission of images, a first section of the image file is compressed at reduced quality without decryption, and a second section of the image file is encrypted. Users having access to appropriate decryption keywords can decrypt this second section. The first section together with the decrypted second section can then be viewed as a full quality image. The storage space required for storing the first and section together is essentially the same as the storage space required for storing the unencrypted full quality image. By using the method and device as described herein storage and bandwidth requirements for partially encrypted images is reduced. Furthermore, object based composition and processing of encrypted objects are facilitated, and ROIs can be encrypted. Also, the shape of a ROI can be encrypted and the original object can be decrypted and restored in the compressed domain.

Control and coordination of encryption and compression between network entities

Abstract: Two network entities allocate the performance of encryption and compression algorithms amongst each other in a controlled and coordinated manner so as to avoid unnecessary duplication of encryption and compression at different protocol layers and an associated waste of CPU power. For example, a first network entity performs both encryption and compression at the IP layer, and instructs the second network entity to disable PPP-layer encryption and compression. In a wireless networking example of the invention, the first network entity is a home agent (e.g., a router) for a wireless communications device and the second network entity is a foreign agent (e.g., a network access server) providing network access for the communications device. The foreign agent terminates a Point-to-Point Protocol (PPP) session with the communications device, but implements (or does not implement) PPP-layer compression and encryption algorithms under the supervision and control of the home agent.

Method and apparatus for recording of encrypted digital data

Abstract: A method of recording transmitted digital data in which transmitted digital information CW (96) is encrypted (97) using a recording encryption key E(NE) (98) and the resulting encrypted ECM message (99) stored on recording support medium. An equivalent of the recording encryption key E(NE) (100) is further encrypted by a recording transport key RT(A) (102) to form an EMM message (103) stored on the support medium together with the encrypted ECM message (99). In one embodiment, the recording transport key may be generated and managed by a central authorising unit. Alternatively, the recording transport key may be generated and managed within the decoder and recorder configuration of the user, for example, by generating the key at the recorder and communicating a version to the decoder for safekeeping.

Protected IP telephony calls using encryption

Abstract: Communication information transmitted in the broadband communication system may be in a packet format and secured using encryption techniques, for example encryption software, including a means for providing an initial security key and updated security keys to the various pieces of communication equipment located throughout the broadband communication system. When communication equipment, for example a gateway, is first registered with, for example, an IP central station, the IP central station assigns an initial encryption key to the gateway that is assigned and retained by a server, for example a call manager server, and the gateway (e.g., broadband residential gateway. This initial encryption key may be used to establish a secure two way communication between two pieces of communication equipment as an originating point communication equipment and a terminating point communication equipment.

Evaluation of selective encryption techniques for secure transmission of MPEG-compressed bit-streams

Abstract: "Total" encryption of MPEG-I compressed bit-streams requires a large processing time. To reduce this processing time, Spanos and Maples (1996) propose encrypting only the data in the Intracoded frames. In this paper, experimental results are presented which indicate that Spanos and Maples' method does not provide an adequate level of security. A better method that calls for encrypting all the Intra-coded macroblocks (I-MB's) in all frames is then presented. Although this method achieves a 69% reduction in the processing time over "total" encryption, the motion content of the video sequence is apparent. Therefore, another method that calls for encrypting the headers of all predicted, macroblocks (MBs) in addition to encrypting the data in all I-MB's is presented. Simulation results for this method show that the decoded video is fully disguised, but at the expense of decreasing the savings in the processing time to 21-60% of the processing time of "total" encryption.

Production protection system dealing with contents that are digital production

Abstract: A production protection system dealing with digital contents that are digital production includes obtaining means, first content decryption means, and second content decryption means. The obtaining means obtains data including a first content, on which first encryption has been performed, and a second content, on which second encryption has been performed. The second encryption is more difficult to decrypt than the first encryption. The first content decryption means decrypts the first content in the obtained data using a first decryption method. The second content decryption means decrypts the second content in the obtained data using a second decryption method, which is more complicated than the first decryption method.

Encryption key management system and method

Abstract: The invention relates to an encryption key management system and method of securely communicating data. First (122) and second (124) communicating devices are provided with a first and second identical sequences or databases of encryption keys. A pointer is set in both the first and second sequences at the same encryption key. Data from the first communicating device is encrypted (130) using an encryption key adjacent the pointer in the first sequence of encryption keys. The encrypted data is then transmitted from the first communicating device and received by the second communicating device. The second communicating device decrypts (144) the encrypted data received using an encryption key adjacent the pointer in the second sequence of encryption keys. After encrypting and/or decrypting data segments, the pointers in both the first (136) and second (148) sequences of encryption keys are incremented or moved in preparation for the next data segment or communication.

Dynamic encryption and decryption of a stream of data

Abstract: Dynamic varying of encrypting of a stream of data at an encryption unit based on data content is disclosed. The dynamic varying of the encrypting, which can be responsive to passage of a predefined number of units of physical data or passage of a predefined number of conceptual units of data, is accomplished by changing at least one encryption parameter over different portions of the data. The at least one encryption parameter can comprise one or more of an encryption key, an encryption granularity, an encryption density scale, an encryption density, an encryption delay, an encryption key update variable, and an encryption key update data trigger. The change in encryption parameter is signaled to a receiver's decryption unit and used by the decryption unit in decrypting the dynamically varied encrypted stream of data. The stream of data may comprise, e.g., MPEG compressed video or audio.

Key encryption using a client-unique additional key for fraud prevention

Abstract: Encryption of a key using another key that is unique and particular to a given client is disclosed. In one embodiment, a computer-implemented method determines a first key that is unique and particular to the client, without user intervention. In varying embodiments, this key can be one or more of: a processor identifier, a network card address, an IP address, a checksum of a component, a serial number of a hard disk drive, a number of cylinders of a hard disk drive, and a user name in a registry file. At least a second key that provides access to information, such as multimedia information, is encrypted with this first key. The second key as encrypted with the first key may be stored on a storage.

The CAST-256 Encryption Algorithm

Abstract: There is always a desire in the Internet community for unencumbered encryption algorithms with a range of key sizes that can provide security for a variety of cryptographic applications and protocols.

A cipher core in a content protection system

Abstract: A cipher system having a cipher core to encrypt plaintext data into ciphertext data, and a bus interface coupled to the cipher core to transfer the ciphertext data to a bus. In one embodiment, the cipher core comprises a block assembler to receive words of data and to assemble the words into a block, an encryption function to encrypt the block based on an encryption function key, a block transmitter to receive the encrypted block and to disassemble the encrypted block into encrypted data words, and a controller to control multiple rounds of encryption by the encryption function for the block. In another embodiment, the encryption function is duplicated and the controller is replaced by two controllers, the first controller controlling the first five rounds of encryption of the block and the second controller controlling the second five rounds of encryption of the block.

Electronic watermarking method, electronic information distribution system, image filing apparatus and storage medium therefor

Abstract: An electronic information distribution system that exchanges data across a network at the least comprises a first entity, including first encryption means, for performing a first encryption process for the original data, a second entity, including management distribution means for, at the least, either managing or distributing the data that are provided by the first encryption process, and including electronic watermark embedding means for embedding an electronic watermark in the data, and a third entity, including second encryption means for performing a second encryption of the data in which an electronic watermark is embedded.

System and method for enabling encryption/authentication of a telephony network

Abstract: A system and method for enabling encryption and/or authentication services on a telephony network. A portable information device, such as a personal digital assistant is used to exchange encryption and/or authentication data with a second portable information device. The portable information devices may be linked to the telephony network to enable encryption and/or authentication services using the encryption and/or authentication data exchanged by the portable information devices.

Security improvement method and security system

Abstract: A security system prevents a commonly shared encryption key from being deciphered by an unwelcome party, while providing easier administration of encryption keys. The security system includes a memorizer 2, an encrypter/decrypter 8, a user administrator 3, a key obtainer 4, and a key distributor 5. Once the chat client joins a channel, the user administrator 3 obtains and stores user information from the chat server. The user information includes a nickname list. The key obtainer 4 selects one from other user terminals to request an encryption key therefrom. Once the key obtainer 4 receives the encryption key sent by the selected user terminal, the key obtainer 4 stores the encryption key in the memorizer 2. When the user terminal receives a request for an encryption key from another user, the key distributor retrieves and sends the encryption key from the memorizer 2 of the requesting user terminal. The security system 1 should have a key updater 6, which updates an encryption key whenever a predetermined trigger occurs. Thus, the encryption key is less likely to be deciphered. Only user terminals with the key distribution and/or update properties can distribute and/or update an encryption key. The key distribution and update properties can be granted as part of the user information.

Apparatus and method for performing and controlling encryption/decryption for data to be transmitted on local area network

Abstract: A technique for performing compression, encryption and transmission, and reception, decryption and decompression, respectively, of data communication packages on an area network.

Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files

Abstract: An encryption method that is largely transparent to a user is accomplished by intercepting a change document or open document command, carrying out an encryption or decryption process, and then completing the command on an encrypted or decrypted file. The encryption method can be used in a wide variety of environments, such as an individual computer program, a database or electronic messaging over the Internet. The encryption method can select from a plurality of encryption algorithms. The encryption method can also allow just a portion of a document to be encrypted, placed in a container, and then be represented by an object linking and embedding (“OLE”) container object or other representation supported by the file.

Electronic watermarking method, digital information distribution system using such method, and storage medium storing program of such method

Abstract: An electronic watermarking method includes the steps of generating a plurality piece of information with different electronic watermark information, generating a plurality piece of encrypted information through encryption of the plurality piece of information with each independent encryption key, generating a plurality of encrypted encryption keys through encryption of each independent encryption key with each different encryption key, transmitting the plurality piece of encrypted information and the plurality of encrypted encryption keys to a user, the first to fourth steps being executed by a server, and selecting each pair of a piece of the plurality of encrypted information and a corresponding encrypted encryption key, the fifth step being executed by the user, wherein only some of the encryption keys are multiplied by random numbers.

Apparatus and method for depositing encryption keys

Abstract: An encryption key depositing apparatus comprising a unit that generates an encryption key for a user; and a unit that starts a process in response to the generation of the encryption key, the process allowing a depositary deposited with the generated encryption key to store the key in question in a subsequently recoverable manner.

Asymmetric encrypted pin

Abstract: Secure protection and distribution of a personal identification number (PIN) is achieved by using a first encryption process only for PIN data and a second encryption process for non-PIN data. The first encryption process uses asymmetric encryption, where a public key is used for encryption of PIN data and a private key, held only by an authorizing agent, is used to decrypt the PIN data. The second encryption process uses a key which is available to an authentication requestor, such as merchants. A party seeking authentication of PIN data must forward the encrypted PIN data to an authorizing agent along with account data necessary to validate the PIN data. The authentication requestor is provided with a signal which is indicative of the verification status of the PIN data without being privy to the contents of the PIN data.

Data encryption integrated circuit with on-board dual-use memory

Abstract: An interface chip for a peripheral module connectable to and for use with a host computer is provided which utilizes an static Random access memory (SRAM) within the interface chip for both encryption of data packets and temporary storage of Card Information Structure (CIS) information. The CIS information is stored in the SRAM only during the power-up phase of operation, when encryption of data packets is not necessary and thus the memory is not being utilized for that purpose. This precludes the need for a separate SRAM IC, thus saving space on the card.

System and method for encrypting data messages

Abstract: Data messages transmitted between computers are encrypted to provide a high level of security, yet the throughput of the encrypted data is minimally affected. In this regard, a first computer encrypts a data portion of a message via a first encryption technique before transmitting the message to a second computer. The first computer also includes information associated with the first encryption technique in a header of the message and encrypts the header via a second encryption technique, which preferably is a highly secure encryption technique. The second computer receives the data message and decrypts the header. The second computer then utilizes the information in the header that is associated with the first encryption technique to decrypt the data portion.

Encryption with Statistical Self-Synchronization in Synchronous Broadband Networks

Abstract: Most of the data transmission networks used today are based on the technology of the Synchronous Digital Hierarchy (SDH) or Synchronous Optical Networks (SONET) respectively. However rarely, they support any security services for conffidentiality, data integrity, authentication or any protection against unauthorized access to the transmitted information. It is the subscriber's responsibility to apply security measures to the data before the information is passed on to the network. The use of encryption provides data confidentiality. This, however, requires consideration of the underlying network technology. The method described in this paper allows the use of encryption in broadband networks. The advantages of this method are the transparency of the encryption applied to the signal structure and signal format, and the automatic resynchronization after transmission errors. The used mode of operation, is called "statistical self-synchronization", because the synchronization between encryption and decryption is initiated by the presence of a certain bit pattern in the ciphertext, which occurs statistically. An encryption device, designed for SDH/SONET-networks with transmission rates of 622 Mbit/s, is to be presented.

Cryptographic device with encryption blocks connected in parallel

Abstract: A cryptographic device includes a de-multiplexer, a plurality of encryption blocks, a plurality of permutation blocks, and a multiplexer. The encryption blocks encrypt data to produce encrypted data. The de-multiplexer receives data portion from a plaintext message and directs the data portions to one of the encryption blocks, based on a value within a path control session key. Each permutation block is associated with an encryption block. Each permutation block permutes encrypted data from the encryption block associated therewith. The multiplexer receives data portions from each of the plurality of permutation blocks to produce an encrypted output data stream.

Method for dynamically updating cellular-phone-unique-encryption keys

Abstract: In a method for dynamically updating an encryption key (1000) previously stored in, and common to, each of a cellular phone (1) and an associated home location register (HLR) (2) for providing security in a cellular phone network operation, a random number (101) and shared secret random data (102) generated at least partly based on the random number (101) are transmitted and verified between the cellular phone (1) and the associated HLR (2). A previously stored version of the encryption key is then dynamically updated in both the cellular phone (1) and in the HLR (2) by independent calculations based on an algorithm using the shared secret random data (102) and the previously stored version of the encryption key (101). In this manner, the encryption key (101) is dynamically updated as desired, e.g., each time a user initiates a call, and the latest version of the encryption key (1000) independently calculated by the cellular phone (1) and the HLR (2) is not transmitted during the updating process, thereby substantially eliminating the possibility of the latest version of the encryption key being intercepted during transmission by unauthorized parties.

Method for secure communication in a telecommunications system

Abstract: A method for sending a secure message in a telecommunications system utilizing public encryption keys. All authentication parameters of each of the users, including each user's decryption key that is known only to the user, are used to verify, by public key methods, the identity of a user sending a communication to another user of the system. During the authentication process, an encryption key for use in communications between the two users may also be generated. The generated encryption key may be a private session key. Once the initial authentication is completed, the private session key can be used to perform encryption that is less computationally demanding than public key methods. In an embodiment of the invention, two communicating users may use the method to authenticate each other and generate an encryption key that is used to encrypt subsequent communications between the users. During the process of this embodiment, two encryption keys are generated. A first encryption key is used only in the authentication process, and a second encryption key is used in both the authentication process and as the key for encrypting subsequent communications. Use of two encryption keys requires that each of the two users apply its decryption key to complete the authentication and encryption key agreement process successfully.

Method and system for key management and recording medium

Abstract: PROBLEM TO BE SOLVED: To provide a key management method that is stiff against attack by a 3rd party. SOLUTION: A number of available times is respectively set to a plurality of encryption keys. An A terminal 10 uses any encryption key to generate encryption data, counts number of times of using the encryption key, selects other encryption key when the accumulated count reaches the available number of times and informs a B terminal 20 of switching information of the encryption key. The B terminal 20 uses any of a plurality of decoding keys corresponding to each of a plurality of the encryption keys to decode the encryption data, and replaces the decoding key having been used with other decoding key corresponding to the new encryption key on the opportunity of reception of the key switching information from the A terminal 10.

Reproduction apparatus and decoding apparatus

Abstract: Information or contents cannot be reproduced even from a regular storage medium which is encrypted in accordance with a predetermined encryption system, due to erroneous detection of watermarks. Detection of the watermarks and restriction over reproduction depending thereon is conducted only in a case where the medium is not encrypted. In case of detecting that the data is not encrypted in accordance with a predetermined encryption system by an encryption detection circuit and when the watermarks are detected by a watermark detection circuit, reproduction of the data is stopped by a reproduction restricting circuit. In a case that it is detected to be encrypted in the predetermined encryption system by the encryption detection circuit, the reproduction restricting circuit will not stop the reproduction thereof.

Digital data recording device and method for protecting copyright and easily reproducing encrypted digital data and computer readable recording medium recording program

Abstract: A data transmitting/receiving unit receives electronically allotted encrypted digital data for recording on a primary recording medium. Digital data use provider-dependent different encryption systems and contain attribute information describing encryption systems. Digital data retrieved at a data retrieving unit is judge for an encryption system at a judging unit and is decoded at one proper decoding unit. An inherent information acquiring unit acquires identification information of a secondary recording medium or a reproducing device depending on whether or not the second recording medium is mountable/demountable to/from the reproducing device. An encryption system instructing unit selects one encrypting unit out of a plurality of encrypting units based on the acquired identification information. The one encrypting unit creates an encryption key based on the identification information and encrypts digital data. A recording unit records digital data on the secondary recording medium, and an accounting unit charges costs according to accounting information described in the attribute information.