218 results about "Initialization vector" patented technology

The manufacture and control of payment cards used in consumer financial transactions circulates a population of payments cards with user identification and account access codes. Each use of an individual card produces a variation of its user access code according to an encryption program seeded with encryption keys or initialization vectors. A portion of the magnetic stripe is made dynamic with a Q-Chip magnetic MEMS device. The job of personalizing payment cards with the user identification and account access codes is outsourced to a personalization company. The encryption keys and initialization vectors are kept private from the personalization company by using the encryption program to generate tables of computed results. Respective ones of the tables of computed results are sent for loading by the personalization company into new members of the population of payments cards. New payment cards are manufactured and distributed that include and operate with the tables of computed results.

The present invention discloses a construction for key management module functionality which provides for secure encoding and decoding of messages which are up to two blocks long. A method for generating an encoded value having a first encoded value part and a second encoded value part from an unencoded value having a first unencoded value part and a second unencoded value part, comprising the steps of: obtaining an initialization vector; and generating the first and second encoded value parts. The first encoded value part is generated by: generating a first result by encrypting the first unencoded value part; generating a second result by performing an exclusive or operation on the first result and the second unencoded value part; generating a third result by performing an exclusive or operation on the second result and the initialization vector; generating a fourth result by encrypting the third result; generating a fifth result by performing an exclusive or operation on the fourth result and the first unencoded value part; and encrypting the fifth result. The second encoded value part is generated by encrypting the second result.

Protection of digital content using a specific application of block cipher cryptography is described. The digital content is encrypted using an encryption key and a calculated initialization vector. The digital content includes a plurality of strides of data and each stride includes a string of data to be encrypted and a block of data to be encrypted. The calculated initialization vector to be used to encrypt the block of data is derived from the string of data in the stride to be encrypted. Furthermore, the initialization vector is calculated by performing an exclusive disjunction function on a seed value and the string of data for each stride.

A business model for the manufacture and control of payment cards used in consumer financial transactions circulates a population of payments cards with user identification and account access codes. Each use of an individual card produces a variation of its user access code according to an encryption program seeded with encryption keys or initialization vectors. A portion of the magnetic stripe is made dynamic with a Q-Chip magnetic MEMS device. The job of personalizing payment cards with the user identification and account access codes is outsourced to a personalization company. The encryption keys and initialization vectors are kept private from the personalization company by using the encryption program to generate tables of computed results. Respective ones of the tables of computed results are sent for loading by the personalization company into new members of the population of payments cards. New payment cards are manufactured and distributed that include and operate with the tables of computed results.

A method and apparatus of configuring the byte structure of a memory storage device, including a flash memory device, to enhance the security and error correction capability is described. In one embodiment, the method includes increasing the security of data stored in the storage device by encrypting data with a unique initialization vector and storing the initialization vector in the storage device. The method also includes using a unique initialization vector for encrypting data, to be stored in each datablock, each time data are encrypted. In one embodiment, the apparatus includes an AES controller that includes encryption and decryption modules to encrypt and decrypt data prior to writing data to or reading from the storage device. The apparatus also includes an encoder module and decoder circuits to encode and decode data prior to writing or reading from memory storage devices. The apparatus optionally includes a state machine that generates and provides the initialization vector and also activates different components of AES controller and ECC module depending on the operation of the device.

A file format for a secure file for use with a block cipher or a stream cipher, the secure file having a secure client header and a data block appended to the secure client header. The client header has a client information block comprised of a public information block, a private information block and an initialization vector. At least a portion of the private information block is encrypted, and a client information block integrity check value is appended to the client information block, the client information block integrity check value being obtained by performing an integrity check on the client information block. The data block is preferably encrypted and is comprised of a plurality of encrypted data blocks each appended with its own respective integrity check result value. Each of the plurality of data blocks and their respective integrity check result values are obtained by dividing the encrypted data block into n encrypted data blocks, performing an integrity check on a first one of the n encrypted data blocks and the client information integrity check result value appended to the client information block, so as to obtain a first encrypted data block integrity check result value, appending the first encrypted data block integrity check result value to the first encrypted data block, and repeatedly performing, for each of the subsequent n encrypted data blocks, an integrity check on the subsequent encrypted data block and an integrity check result value appended to a previous one of the n encrypted data blocks, so as to obtain an integrity check result value for the subsequent encrypted data block, and appending the subsequent integrity check result value to the subsequent encrypted data block.

For data protection in a wireless network system, a frame, including its Medium Address Control (MAC) header and payload, is encrypted with an initialization vector modified at each set state in a wireless network system, such that wirelessly transmitted data is prevented from being exposed to unauthorized users.

A 4-byte LBA (logical block address) specified in a read command is supplied to first and second IV (initialization vector) generation units. The initialization-vector generation units each extend the LBA to data with a size of 16 bytes by applying typically a hash function to the LBA. The first initialization-vector generation unit outputs the data with a size of 16 bytes to an encryption unit as an initialization vector IV. On the other hand, the second initialization-vector generation unit outputs the data with a size of 16 bytes to a decryption unit as an initialization vector IV. The encryption unit encrypts input data by using the initialization vector IV and a session key Ks received from a first authentication-processing unit. On the other hand, the decryption unit decrypts input data by using the initialization vector IV and the session key Ks received from a second authentication-processing unit. In this way, data can be encrypted and decrypted by using the initialization vector IV. The present invention can be applied to a personal computer and a drive, which exchange data with each other by way of a predetermined interface.

An encryption chaining mode takes plaintext block N, generates encryption key N by combining, preferably by XOR, encryption key N−1 and plaintext block N−1 and encrypts plaintext block N using an encryption algorithm with encryption key N to output ciphertext block N. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and a random initialization key K. In a preferred embodiment, initialization key K is subkeys resulting from a key schedule algorithm and encryption key N−1 is only one of the subkeys. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and one subkey resulting from a key schedule algorithm. Also provided is a corresponding decryption method, an encryption device, a decryption device.

The invention discloses an access control method base on an attribute encryption algorithm. The method includes an initialization step; a data document access step and an access authority limit changing step. Advantages which are possessed based on the attribute encryption algorithm in a distributed environment are utilized to effectively solve the problem such as that a deciphering party is not fixed under a cloud computing environment, and the problem exists in a data file sharing aspect. Safe access to a data file in the cloud computing environment is supported, and meanwhile problems in aspects such as revocation of user permission and data misreading of a user are fully considered.

A method including receiving energy usage data representative of energy usage of a customer during a particular time period. The energy usage data is sign with a digital signature of a utility. The method includes receiving input of a customer effective to select a data block of the energy usage data. The method includes redacting the selected data block from the energy usage data in response to the input. The method includes calculating a hash value for the redacted data block using a per-customer key that is unique to the customer, an initialization vector, and a counter. The method includes replacing in the energy usage data the redacted data block with the calculated hash value corresponding to the redacted data block.

In one embodiment, method that can be performed on a system, is provided to security implementations for storage devices. In one embodiment, the method comprises providing a separate encryption seed for each of a plurality of separate addressable blocks of a non-volatile storage device, wherein a common encryption method is to encrypt data to be stored on the plurality of separate addressable blocks. In one embodiment, the storage device is a portable storage device. In one embodiment, encryption seed is an Initialization Vector (IV). In one embodiment, the encryption seeds comprise at least one of a media serial number and a logical block address corresponding to the respective block of the non-volatile storage device. In an alternative embodiment, the method further comprises storing at least a part of the separate encryption seed of the separate blocks of the non-volatile storage device within the respective blocks of the storage device.

A re-encryptor compares hashed digests of updated segments and original segments to located changed segments that must be re-encrypted. A new initialization vector is input to a block cipher engine for each changed segment. Since only changed segments need to be re-encrypted, transmission bandwidth to remote encrypted storage may be reduced. The amount of cipher text that is changed by a single update is reduced to a segment. Segments have a variable length and are bound by bits matching a segment delimiter. Each segment may have many fixed-length blocks that are encrypted by the block cipher engine with the same initialization vector for that segment. The segment delimiter is a randomly-generated word that is included with the initialization vectors in the metadata. Variable-length segments limit update disruption of the cipher text while fixed-length blocks are more efficiently encrypted. Combining segments and blocks provides for better re-encryption of updates.

A secure wireless local or metropolitan area network and data communications device therefor are provided, where the device transmits plain text in an encrypted message including cipher text and an initialization vector. The device may include a seed generator for performing a one-way algorithm using a secret key, a device address, and a changing reference value for generating a seed. Further, a random initialization vector (IV) generator may be included for generating a random IV, and a key encryptor may generate a key sequence based upon the seed and the random IV. Additionally, a logic circuit may be included for generating cipher text based upon the key sequence and plain text, and a wireless communications device may be connected to the logic circuit and the random IV generator for wirelessly transmitting the encrypted message.

The present disclosure relates to a system and method of encrypting and decrypting Optical Transport Network (OTN) payload content. A transmitter of the system includes a series of ordered encryption keys and a counter for generating an initialization vector to be combined with one of the encryption keys for encrypting the OTN payload content. A receiver of the system includes a series of ordered decryption keys and a counter for generating an initialization vector to be combined with one of the decryption keys for decrypting the encrypted OTN payload content. The system synchronizes switching, at the transmitter and the receiver, the encryption and decryption keys to the next keys in each series. The system also synchronizes the counters for generating the same initialization vector at the transmitter and the receiver.

The invention discloses a method for increasing the calculation speed of an SMP cluster system through an MPI and an OpenMP in a hybrid parallel mode. The method comprises the steps that the number of MPI processes which can be called and the number of OpenMP threads are determined according to the number of calculation nodes and the number of usable CPU kernels in the nodes; an existing sub sparse matrix, a sub initial vector, a block vector and the maximum calculation tolerance are read in each process; a multi-thread compiling instruction is started for each process; circulation calculation of a precondition conjugate gradient method is conducted on all the processes, and the number of OpenMP barriers in circulation calculation is only three; if calculation errors are smaller than an allowable value, circulation is over, and otherwise circulation continues; calculation results of all the processes are reduced, and solutions of questions are output; when parallel calculation is conducted, firstly, MPI processes are started, multi-process decomposition is conducted on the questions, parallel among the nodes is started, each MPI process is allocated to one calculation node, and information is exchanged between the processes trough message transmission; then, in each MPI process, OpenMP guidance instructions are used for establishing one set of threads, and the threads are allocated to different processors of the calculation nodes to conduct parallel execution.

This invention discloses an encryption and decryption method for data in hardware. It consists of several steps: obtain the key by reading data from the ROM; obtain the original key by the expending mechanism; operate the logic address and the sequence number and shift the result to get the address key; encryption on the address key by the original key to form a key flow; encryption and decryption on transmitting data. This invention could enhance data security on storage device and protect them from missing.