40results about How to "Secure Encryption" patented technology

Dynamic varying of encrypting of a stream of data at an encryption unit based on data content is disclosed. The dynamic varying of the encrypting, which can be responsive to passage of a predefined number of units of physical data or passage of a predefined number of conceptual units of data, is accomplished by changing at least one encryption parameter over different portions of the data. The at least one encryption parameter can comprise one or more of an encryption key, an encryption granularity, an encryption density scale, an encryption density, an encryption delay, an encryption key update variable, and an encryption key update data trigger. The change in encryption parameter is signaled to a receiver's decryption unit and used by the decryption unit in decrypting the dynamically varied encrypted stream of data. The stream of data may comprise, e.g., MPEG compressed video or audio.

A method for securely transmitting data involves generating keys depending on previous keys and additional information, such as a password, in order to create a pseudo one-time pad. The data is encrypted using the pseudo one-time pad prior to transmission. Only the initial key and minimal additional data are transferred between the sender and receiver in order to synchronize the keys.

Biometric data, which may be suitably transformed are obtained from a biometric input device contained within a stand-alone computer or a mobile device, which may contain an ASIC chip connected to or incorporated within the stand-alone computer or mobile device and which includes the capability for capturing one or more biometric samples and for biometric feature extraction, matching and encryption. For extra security, the biometric matching is used in conjunction with a PIN to authenticate the user to the stand-alone computer or mobile device. The biometric template and other sensitive data residing on the mobile device are encrypted using hardware elements of the mobile device (or the ASIC) together with the PIN hash and/or the Password hash. An obfuscated version of the Password, stored on the ASIC or the mobile device is de-obfuscated and released to the mobile device authentication mechanism, including a Trusted Platform Module if present, in response to a successfully decrypted template and matching biometric sample and PIN. A de-obfuscated password is used to authenticate the user to the mobile device and the same or a different de-obfuscated password may be used to authenticate the user to a remote computer using the SSL/TLS or a process based upon a symmetric encryption algorithm. The locally generated password may be used to encrypt data at rest on the mobile device or ASIC and the remote authentication password may be used to encrypt data in transit to and from a remote computer. This creates a trusted relationship between the stand-alone computer or mobile device and the remote computer. The system also eliminates the need for the user to remember and enter complex passwords on the mobile device or for secure transmission of data. A similar method may be used, with the signature/sign biometric modality to determine whether the holder of an IC chip card is, in fact the card owner.

An authentication system enabling a customer to verify the authenticity of a product in a foolproof, secure and simple manner. plurality of secret sets of numbers is generated, each set comprising a challenge portion and a response portion. These sets are stored on a remote server. Each set is associated with a different product. The customer sends a challenge portion to the server, and prompts the server to provide a response. If the response matches that of the product in hand, the product is known to be authentic. In another embodiment of the system, cellular transmission is used to power an electronic tag attached to the product and carrying authentication data. In a third embodiment, the full manufacturer database is divided into separate databases, possibly related to product vendor, such that an authentication process can be performed without the need to access the manufacturer's entire database of products.

An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol. The server provides ephemeral encryption keys in response to a request during a Session Random Key (SRK) initiation interval. SRK is provided for all sessions initiated in the SRK initiation interval. A set of ephemeral intermediate Data Random Keys (DRK) is associated with each request. A message carrying the SRK is sent to the requestor. A response from the requester includes a shared parameter encrypted using the SRK verifying receipt of the SRK. After verifying receipt of the SRK at the requester, at least one message is sent by the server carrying an encrypted version of one of said set of ephemeral intermediate DRK to be accepted as an encryption key for the session.

Systems and methods are provided for manual and/or automatic initiation of simultaneous multi-encrypted rotating key communication. Specifically, decryption of data between a first user and one more other users during a communication session may occur using a plurality of keys that rotate or change after an event has occurred, such as an amount of time has elapsed during the communication session or an amount of data has been transmitted during the communication session. The first user and the one or more other users may have a repository for the storage of the plurality of keys to use during the communication session.

Methods and systems are provided for venue-based device control and user/position/venue context determinations. Venue corresponds to a geographic region. Venue relevant information is information associated with a venue. A controlled quasi-transient signal comprises a signal, emitted by an entity intrinsic to the venue and not intended to be utilized for operation of the device, coupled with a quasi-transient signal that is coded with the venue relevant information. When a device located in a venue receives a controlled quasi-transient signal, venue-relevant information associated with the venue can be extracted from the controlled quasi-transient signal. Based on the extracted venue relevant information, the device can be controlled in accordance with a control signal generated based on the venue relevant information.

Methods, devices and systems for providing content providers with a secure way to multicast their data flows only to legitimate end users. By making a specific decision for each potentially legitimate end user requesting a specific data flow, differing subscriber profiles may be taken into account. Furthermore, end to end encryption is avoided by having a switch and/or router control the specific data flow to a specific end user. Each end user sends a request DTU to the switch and/or router asking for permission to join a multicast group. The switch and/or router extracts identification data from the request data transmission unit (DTU) and determines whether the requesting end user is cleared for the requested specific data flow. This determination may be made by sending a query DTU containing the identification data to a policy server which checks the identification data against preprogrammed criteria in its databases. The policy server then sends a response DTU to the switch and/or router confirming or denying the authenticity or legitimacy of the request based on the identification data. In the meantime, after the switch and/or router sends the query DTU to the policy server, the switch and/or router allows the specific requested data flow to proceed to the requesting end user. If, based on the response from the policy server, the request is determined to not be legitimate or authentic, the specific data flow is terminated. If the request is legitimate or authentic, then the data flow is allowed to flow uninterrupted by the switch and/or router.

An access control system including a remote station that is in communication with both a base station and an access control device, whereby a user located at the remote station can effect the actuation of an access control device directly if the user possesses the proper authorization, or, indirectly, by requesting and receiving an authorization signal from the base station which then allows the user to directly effect actuation of the access control device.

Methods and a systems are described for processing recordable content in a broadcast stream sent to a receiver, wherein said broadcast stream is protected in accordance with a conditional access system and wherein said receiver is configured for storing and consuming content in said broadcast stream in accordance with a digital rights management system. In this methods and systems recording information is sent in one or more entitlement control messages over a broadcast network to a receiver. Using the recording information in the entitlement control messages the receiver is able to store recordable events in a broadcast stream on a storage medium and to consume said recorded events in accordance with a digital rights management system.

Methods and apparatus for provisioning electronic Subscriber Identity Module (eSIM) data by a mobile device are disclosed. Processing circuitry of the mobile device transfers encrypted eSIM data to an embedded Universal Integrated Circuit Card (eUICC) of the mobile device as a series of data messages and receives corresponding response messages for each data message from the eUICC. The response messages from the eUICC are formatted with a tag field that indicates encryption and signature verification properties for the response message. Different values in the tag field indicate whether the response message is (i) encrypted and verifiably signed, (ii) verifiably signed only, or (iii) includes plain text information. Response messages without encryption are readable by the processing circuitry, and processing of the response messages, including forwarding to network elements, such as to a provisioning server are based at least in part on values in the tag field.

The present disclosure generally relates to an interface system and method of interfacing to generate data compatible with an external system in an oil and gas asset supply chain, and in particular to an interface and interface method for generating secure and verifiable data to prevent tampering, injection of unwanted data resulting from an unauthorized access along a supply chain. An interface generates and transforms data in an oil and gas supply chain for compatibility with external systems. Collected data is captured by an industrial control system sensor or data collector, and transferred to a secure intermediary hardware platform to interface with a software component. The collected data is then modified using a business rules engine to create enhanced data and events created from the enhanced data.

A system for accessing a service comprises two contact-less readers and one portable device. A first contact-less reader is configured to send to the portable device, through a first range radiofrequency link, a first message comprising first data. The first data includes an identifier allocated to the portable device and an associated key for encrypting data. The portable device is configured to send to a second contact-less reader, through a second range radiofrequency link, a second message comprising second data. The second data includes the identifier received from the first message. The second data is encrypted by using the data encryption key received from the first message. The second range radio frequency is higher than the first range radio frequency.

An authentication system enabling a customer to verify the authenticity of a product in a foolproof, secure and simple manner plurality of secret sets of numbers is generated, each set comprising a challenge portion and a response portion. These sets are stored on a remote server. Each set is associated with a different product. The customer sends a challenge portion to the server, and prompts the server to provide a response. If the response matches that of the product in hand, the product is known to be authentic. In another embodiment of the system, cellular transmission is used to power an electronic tag attached to the product and carrying authentication data. In a third embodiment, the full manufacturer database is divided into separate databases, possibly related to product vendor, such that an authentication process can be performed without the need to access the manufacturer's entire database of products.

Embodiments of the invention provide a file encryption method and device. The method comprises the steps of obtaining an encrypted and compressed first encrypted file; selecting an interception position of a binary file of the first encrypted file; intercepting a binary file of the first encrypted file according to the interception position, and storing interception position information and intercepted binary content into a database; and splicing the remaining binary files after the first encrypted file is intercepted to generate a second encrypted file. According to the embodiment of the invention, the binary file of the first encrypted file is subjected to position interception and storage, so that the problem of relatively low file encryption security in related technologies can be solved, and the effect of improving the security of the encrypted file is achieved.

A method and a telecommunication network for establishing a telecommunication link between a first and a second subscriber (A, BK) in a telecommunication network, in particular between two devices that are suitable for communicating, with addresses being assignable to the subscribers (A, BK). To provide a reliable telecommunication link between subscribers (A, BK) in the telecommunication network, a switching unit (TR) assigns to the second subscriber (BK) a predetermined number of addresses before establishing the link. The switching unit (TR) then establishes link, and the second subscriber (BK) uses at least one of the assigned addresses when the link is established.

The invention discloses a multi-protocol conversion encryption industrial intelligent gateway and an operation method thereof. The intelligent gateway comprises a protocol communication module, a communication encryption module and a core controller, the protocol communication module consists of a plurality of sub-communication modules and is used for connecting various communication interface devices; the communication encryption module is used for data transmission encryption including wired encryption and wireless encryption; and the core controller is based on an ARM+Linux+embedded configuration architecture and is used for communication configuration, protocol analysis, data processing and protocol conversion. According to the invention, different communication protocol devices can be connected, a multi-protocol mutual conversion function is realized, encryption transmission is carried out on data, and information exchange between heterogeneous networks is intelligently completed.