1244 results about "Key storage" patented technology

The invention is a cryptographic server providing interoperability over multiple algorithms, keys, standards, certificate types and issuers, protocols, and the like. Another aspect of the invention is to provide a secure server, or trust engine, having server-centric keys, or in other words, storing cryptographic keys on a server. The server-centric storage of keys provides for user-independent security, portability, availability, and straightforwardness, along with a wide variety of implementation possibilities.

An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers. Internal data and key buffers enable the device to re-key encrypted data without exposing data. The key management functions allow the device to function as a cryptographic domain bridge in a federated security architecture.

Some embodiments provide a method for a first data compute node (DCN) operating in a public datacenter. The method receives an encryption rule from a centralized network controller. The method determines that the network encryption rule requires encryption of packets between second and third DCNs operating in the public datacenter. The method requests a first key from a secure key storage. Upon receipt of the first key, the method uses the first key and additional parameters to generate second and third keys. The method distributes the second key to the second DCN and the third key to the third DCN in the public datacenter.

A process for automatically selecting sensitive information in documents being displayed and/or generated on a computer to select sensitive information for encryption using pattern recognition rules, dictionaries of sensitive terms and/or manual selection of text. The sensitive text is automatically encrypted on the fly in the same manner as a spell checker works so that the sensitive information immediately is removed and replaced with the encrypted version or a pointer to where the encrypted version is stored. The keys used to encrypt the sensitive information in each document are stored in a table or database, preferably on a secure key server so that they do not reside on the computer on which the partially encrypted document is stored. Several learning embodiments that determine overinclusion and underinclusion errors in various ways and make adjustments to the rules and/or dictionary entries used to select sensitive information to reduce the errors are disclosed. Public-private key pair encryption algorithms and data structures to keep all the encryption keys stored such that they can be located is disclosed.

A system, apparatus, method, and machine readable medium are described for secure authentication. For example, one embodiment of a system comprises: an authenticator on a client device to securely store one or more private keys, at least one of the private keys usable to authenticate a block of a blockchain; and an attestation module of the authenticator or coupled to the authenticator, the attestation module to generate a signature using the block and the private key, the signature usable to attest to the authenticity of the block by a device having a public key corresponding to the private key.

A method of and a system for securely distributing data files to a user. A first key is encrypted using a second key. The encrypted first key is stored on an integrated circuit card that is associated with the user. The integrated circuit card is provided to the user. Data files are encrypted using the first key to get an encrypted data file at a first party. The encryption parameters are exchanged between the first party and integrated circuit card.

[Objective] When installing software into an in-vehicle terminal from a server, it is required to prevent the software from being installed into an unsuitable terminal, and to reduce time and efforts for data input and download, thereby improving the convenience of the user.

[Solution] In an information distribution system, terminal identification information and a terminal unique key for an in-vehicle terminal are stored in a server as well as in itself. The in-vehicle terminal transmits the terminal identification information to the server for terminal authentication via a communication terminal after encrypting with the terminal unique key, and then the server transmits encrypted software to the communication terminal. The communication terminal transmits the encrypted software to the in-vehicle terminal, which in turn obtains a software unique key encrypted with the terminal unique key from the server and decrypts the encrypted software for installation using the software unique key.

A method and system for delegation of security procedures to a second domain. A first key is generated for a mobile node. The first key is stored at the mobile node and at a home domain of the mobile node. The mobile node is moved to the second domain. A request is sent from the second domain to the home domain to authenticate the mobile node. A second key is generated at the home domain using the first key and a random number. The random number and the second key are sent to the second domain. The random number is sent to the mobile node by the second domain. The mobile node generates the second key using the random number and the first key. The second key is used for authentication procedures and/or key derivation procedures between the mobile node and the second domain.

The present invention relates to a method and a system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled. The idea of the invention is that a storage area is allocated (301) within the secure environment (104, 204, 211) of a device (100, 200). The storage area is associated (302) with an identity of an application, the associated identity is stored (303) in the secure environment (104, 204, 211) and access to the storage area is controlled (304) by verifying correspondence between the associated identity and the identity of an accessing application. This is advantageous, since it is possible for the accessing application to read, write and modify objects, such as cryptographic keys, intermediate cryptographic calculation results and passwords, in the allocated storage area.

An efficient method and apparatus for storing and retrieving memory ranges is disclosed. A key range that is stored or to be stored is associated with a node in the tree hierarchy encompassing the entire memory address space. All previously stored ranges are listed or otherwise associated with each node, and all possible nodes that may contain ranges that overlap the key range, regardless of starting or ending locations or range length, are found. Partitions are developed in the tree structure of the available address space and the width of the key range (w), the widths of the partitions (d), and the range of offsets in the starting location of the key range with respect to a partition (o) are used to develop a formula that finds a partition suitable for storing the key range. Hashing and dynamic tree building may be used.

Key manager systems and methods for a QKD-based network are disclosed. The system includes a QKD layer that generates quantum encryption keys, a persistent storage layer that stores the quantum encryption keys, and a key management layer. The key management layer generates an application registration record that includes a list of multiple applications that use the quantum encryption keys. The key management layer also generates a corresponding key storage layer. The multiple applications reside in an applications layer. The applications in each node remove keys from the key storage layer so that each node can encrypt/decrypt data using quantum encryption keys. The methods also include secure QKD system boot-up and authentication that facilitate implementing a commercial QKD system in real-world environments.

The present invention defines a strong authentication token for generating different dynamic credentials for different application providers comprising an input interface providing an output representing an application provider indicator; a secret key storage for storing one or more secret keys; a variability source for providing a dynamic variable value; a key providing agent for providing an application provider specific key as a function of said application provider indicator using one or more keys stored in said secret key storage; a cryptographic agent for cryptographically combining said application provider specific key with said dynamic variable value using symmetric cryptography; a transformation agent coupled to said cryptographic agent for transforming an output of said cryptographic agent to produce a dynamic credential; and an output interface to output said dynamic credential.

The present invention defines furthermore a method to manage the secret keys of strong authentication tokens that can generate dynamic credentials for more than one supported application provider or application provider group using different secret keys for each supported application provider or application provider group comprising generating for each of a batch of strong authentication tokens a token specific master key; personalising each token of said batch with the token specific master key associated with said token; generating for each of a plurality of supported application providers or application provider groups a set of application provider specific token keys, one application provider specific token key for each token of said batch, whereby each application provider specific token key of each of said sets is derived from that token's token specific master key and a unique identifier or indicator of that application provider or application provider group; providing to each application provider or an entity that is responsible for the verification on behalf of said application provider of the dynamic credentials that are generated for said application provider, the corresponding set of application provider specific token keys.

A secure element with a user security domain thereon, the user security domain constituted of: a security domain control circuitry; an encoder/decoder functionality responsive to the security domain control circuitry; and a secured keys storage in communication with the security domain control circuitry, the encoder/decoder functionality arranged to: encode data responsive to at least one first key stored on the secured keys storage, and output an encoded data; and decode received data responsive to at least one second key stored on the secured keys storage, and output a decoded data.

A connection is established between a server and a web browser having access to a first, trusted public key. The server downloads a digitally signed archive to the browser, the archive including a second public key. The browser verifies the digitally signed archive using the first public key, and stores the second public key in response to the verification. The browser then uses the stored second public key to authenticate the server and establish a secure connection with the server. The second public key and its chain of trust need not be known by the browser beforehand, and the archive may include program fragments that store the key in an area where the browser (or an applet running under the browser) can access and use it. The archive may also include a program fragment that performs certificate validation for the client—enabling the client to handle certificate types it does not know about. Advantages include allowing the archive to be transmitted over any insecure connection since it is integrity protected and authenticated; and allowing the client to make a direct connection to the server without having to access certificate stores on the platform.

This invention discloses a CPK trustable certification system with a chip including special COS, CPK algorithm, ID certificates, signature protocol, a cryptographic key exchange protocol, a ciphering algorithm and HASH function and divided into intelligent card, USB Key, Flash card and cell phone SIM card. One chip can bear the functions of a cipher machine, signature verification, cryptographic key storage and management.

A key storage and organization unit includes a lockbox and a set of key file cards for retaining and storing keys in an organized manner. The lockbox includes a base and a cover that are secured by two closure latching members. When the two closure latching members are applied to the base and cover, a single locking mechanism can be applied to secure the lockbox. The lockbox is designed to receive multiple locking mechanisms, each capable of securing access to the lockbox.

A portable rolling massager is provided that includes a spindle, a roller rotatably mounted on the spindle, and a covering for the roller that features a comfortable surface when applied to the skin and pressure is applied to muscles underlying the skin. Heating and cooling of the cover provides other therapeutic benefits. Storage in the spindle accommodates weights, flashlights, key storage, music devices, and the like. Hand grips having distal ends are designed to provide the ability to massage trigger points that develop in the muscles.

It is aimed to provide an encryption key distribution system which can be easily operated, highly freely share the data therein, and achieve high reliability for authentication of one or more unlocking right owners who are assigned to each encrypted folder. An encryption key distribution system 500 stores a lock used to lock a folder on a PC 100, and stores an unlocking key corresponding to the lock on a key distribution server 200. To view a locked folder (hereinafter referred to as the encrypted folder), a mobile telephone 300 accesses the key distribution server 200, and is authenticated by using authentication data unique to the mobile telephone 300. Under the condition that the authentication is successful, the key distribution server 200 distributes the unlocking key to the PC 100. The PC 100 unlocks the encrypted folder by using the unlocking key distributed from the key distribution server 200, thereby displaying the contents of the folder.