150 results about "End-to-end encryption" patented technology

A communication system (10) supports the provision of a plurality of dedicated communication resources (50–64), such as copper drops, RF links and optical fibers, to dedicated home-gateway devices (44–48) or distribution points (124). The communication resources (50–64) support broadband interconnection (104) between the dedicated home-gateway devices (44–48) or distribution points (124) and an access multiplexor (30) in a network (12). Each gateway device (44–48) or distribution point (124) generally includes a local RF transceiver (84) and associated control logic (80–82) that allows local communication (86) between gateway devices (44–48) and hence statistically multiplexed access (60–64, 89) to multiple communication resources, thereby providing increased bandwidth in uplink and/or downlink directions. With the control logic (80) operable to provide a routing and prioritisation/arbitration function, each gateway (44–48) is able to selectively engage use of supplemental, non-reserved communication resources usually associated with a dedicated ono-to-one connection between the access network (12) and at least one secondary gateway. Physical layer access to information routed via a secondary gateway within a virtual neighborhood network (90–92) comprising several gateways is restricted through an end-to-end encryption algorithm between an originating gateway and, at least, the access multilpexor (30).

Techniques are disclosed for lawfully intercepting information in communication environments with end-to-end encryption. For example, a method for intercepting encrypted communications exchanged between a first computing device and a second computing device in a communication network, wherein the interception is performed by a third computing device in the communication network, comprises the following steps. The third computing device obtains one or more packets having a packet address associated with one of the first computing device and the second computing device. The one or more packets are obtained by the third computing device, in response to at least one interception routing policy being implemented in at least one element in the communication network, such that the one or more obtained packets may be decrypted so as to obtain data contained therein. The third computing device preserves the packet address of the one or more obtained packets. The third computing device forwards the one or more packets toward a packet-destination one of the first computing device and the second computing device such that the packet-destination one of the first computing device and the second computing device is unable to detect from the one or more packets that the one or more packets were intercepted by the third computing device.

Systems and methods for call authentication are provided. A method can include an enrollment protocol that ensures users control the number they claim to own, a handshake protocol that mutually authenticates the calling parties, and a call integrity protocol that ensures the security of the voice channel and the content it carries. A server can act as either an endpoint or intermediary between user clients and client-server architecture can be employed. All protocols can include end-to-end cryptography and the enrollment protocol can issue a certificate that binds the identity of the client to a phone number.

End-to-end encryption method for emails sent from a sender (1) to a recipient (6), comprising the following steps:

• [0001]
  • the sender requests from an encryption system (16) a certificate corresponding to said recipient (6),
  [0002]
  • the encryption system (16) returns to said sender (11) a first, proforma certificate corresponding to said recipient (6),
  [0003]
  • the sender (1) sends with his email client (11) an outgoing email to said recipient encrypted with said proforma certificate,
  [0004]
  • said email is forwarded through said encryption system (16),
  [0005]
  • said encryption system (16) decrypts said email using a private key corresponding to said certificate,
  [0006]
  • said encryption system makes the content of said email available to said recipient (6).

Techniques described herein relate to systems and methods of data storage, and more particularly to providing layering of file system functionality on an object interface. In certain embodiments, file system functionality may be layered on cloud object interfaces to provide cloud-based storage while allowing for functionality expected from a legacy applications. For instance, POSIX interfaces and semantics may be layered on cloud-based storage, while providing access to data in a manner consistent with file-based access with data organization in name hierarchies. Various embodiments also may provide for memory mapping of data so that memory map changes are reflected in persistent storage while ensuring consistency between memory map changes and writes. For example, by transforming a ZFS file system disk-based storage into ZFS cloud-based storage, the ZFS file system gains the elastic nature of cloud storage.

Systems and methods to provide and maintain secure financial transaction conducted with a credit card or other cashless payment mechanism at a vending machine or other potentially unattended vending or point of sale device. Encapsulated card readers providing end-to-end encryption capabilities encrypt transaction data for secure transmission to a transaction host or server. Pre-authorization transaction data checking maintains account numbers in a secure encrypted format further enhancing security. Protection mechanisms that guard against, and provide warnings of equipment tampering, while also providing a visual indication to customers regarding the security of the system.

A system and method for employing a key exchange key to facilitate secure communication is provided. The key exchange key can be employed, for example, to encrypt and/or decrypt dialog session key(s) that are used to encrypt and/or decrypt message(s) that form a dialog between an initiator system and target system. In one example, a key exchange key is unique to a service pair, while a dialog session key is unique to a particular dialog between the service pair. The system can facilitate end-to-end encryption of message data in a dialog—the message data is encrypted at one dialog endpoint and not decrypted until it reaches the other dialog endpoint. The system can be employed to facilitate secure dialog with minimal performance overhead when compared with conventional system(s). Optionally, the system can facilitate load balancing (e.g., among deployed instances of a service). In this example, secured dialogs to a service can be location transparent so that a dialog targeted to a service can be able to talk to any instance of the same service transparently without any additional security setup. The system employs both public key/private key asymmetric encryption technique(s) and symmetric encryption technique(s) to authenticate and secure information exchanged between an initiator system and a target system.

A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device. In this way, a single existing end-to-end encrypted connection can be used to serve content from more than one server device.

An system for and method of providing end-to-end encrypted real-time phone calls using a commodity mobile phone and without requiring service provider cooperation is presented. The system and method improve upon prior art techniques by omitting any requirement for mobile phones that are specially manufactured to include end-to-end encryption functionality.

This invention relates to end to end coding method and system based on mobile communication network, which comprises the following steps: adopting codes end to end coding and adopting key management center for whole codes system and adopting keys intelligent cards as terminal end to coded safety module; according to center generating codes flow and decodes flow through or formula on messages and codes to realize end to end coding communication; the said system comprises key management center and terminal interact through center to terminal end with intelligent card.

A method (500) performed by at least one server for processing a data packet from a first computing device to be transmitted to a second computing device is disclosed, in which the data packet includes a message encrypted using a first encryption key to form an encrypted message, identification data of the second computing device encrypted using a second encryption key to form encrypted identification data, and encrypted first and second encryption keys. The method comprises decrypting (504) the encrypted second encryption key; encryption key; decrypting (506) the encrypted identification data using the decrypted second encryption key; and transmitting (508) the data packet based on the decrypted identification data, wherein the encrypted message and first encryption key are arranged to be undecryptable by the server to permit end-to-end encryption communication between the first and recipient info encryption key end-to-end encryption communication between the first and second computing devices. A related system is also disclosed.

A database management system implements a role-oriented authorization scheme that facilitates operating system (OS) supported encrypted field access for a table in the database. A security model provides for various roles that have varying responsibilities and rights with respect to the database tables and the data supported therein. In this approach, data that is considered sensitive is encrypted. A system administrator role is authorized to create, update, and maintain a table but is not authorized to view sensitive field data, i.e., data stored in encrypted columns of the table. A security administrator role is authorized to define column masks with OS-enforced security access control to the sensitive field data. By separating (fencing) these responsibilities, the security model enforces end-to-end encryption across the entire database management system.

A security platform or network for transmitting end-to-end encrypted voice or data communications between at least a first digital device and a second device is disclosed. The network includes a network portal for registering the first digital device and the second device. The portal provides the first digital device and second device with at least first and second keys and receives requests from each device to communicate with each other. The portal searches for and receives authorization from the called device to set up a secure session with the calling device. The portal receives encrypted messages from the devices, decrypts the encrypted messages with the keys provided to the devices, and re-encrypts the received messages. The portal sends the re-encrypted messages to the other device. Accordingly, the devices are capable of securely communicating with each other by encrypting and decrypting the messages sent to and received from the portal. The intent is to provide a commercially feasible approach to protect sensitive information that is not government classified, with potential users including (a) Individuals—for protecting private information and conversations; (b) Companies—for protecting proprietary/sensitive information; and (c) Government—for protecting SBU conversations and information.

The method includes steps: after receiving request for building encrypted call from calling terminal, switchboard sends request for applying encryption key to key distribution center (KDC); receiving the request, and passing through authentication of encrypting qualification, KDC generates calling and called encryption keys, which are returned back to switchboard; switchboard sends the calling and called encryption keys to calling party and called party respectively, and switchboard the mobile terminal locates on informs converter TC in bypass speech encoding format of base station controller; using the received encryption keys, the calling terminal and called terminal carry out encrypted speech communication. Based on network control being as center, the invention realizes point-to-point encrypted speech communication. Powerful function on network side provides advantages are: safety, reliable, flexible and enhanced extensibility.

This invention discloses an end-to-end ciphering method for GSM network voice and data when mobile stations carry out voice/data communication between them, voice/data information sent by the delivery end are coded and ciphered by an outboard terminal security device to be delivered to the blue tooth mobile station of the delivery end by its channel, the out board device is connected with GSM mobile station supporting the blue tooth data communication function to realize the end-to-end ciphering of GSM network voice and data service.

A telephone conversation between one or several first telecommunication terminals in a packet oriented data network and telecommunication terminals in an analog and/or digital network is encrypted by a module which enables the use of protocols from a LAN network to a TDM network to carry out end-to-end encryption.

A system used in a retail environment for providing end-to-end encryption of payment cardholder data. An input device configured to receive cardholder data is operative to encrypt the cardholder data according to a first encryption method to produce first encrypted cardholder data. A cardholder data handling device is in electronic communication with the input device. A secure evaluation assembly (SEA) is operatively connected to the cardholder data handling device and comprises antitampering control electronics adapted to decrypt the first encrypted cardholder data to produce unencrypted cardholder data. The antitampering control electronics evaluate the unencrypted cardholder data to determine whether the unencrypted cardholder data is payment cardholder data or nonsensitive cardholder data. Finally, if the unencrypted cardholder data is payment cardholder data, the antitampering control electronics of the SEA are adapted to encrypt the unencrypted cardholder data according to a second encryption method to produce second encrypted cardholder data.