175 results about "One-time pad" patented technology

A method for securely transmitting data involves generating keys depending on previous keys and additional information, such as a password, in order to create a pseudo one-time pad. The data is encrypted using the pseudo one-time pad prior to transmission. Only the initial key and minimal additional data are transferred between the sender and receiver in order to synchronize the keys.

Some of these problems with digital information protection systems may be overcome by providing a mechanism which allows a content provider to encrypt digital information without requiring either a hardware or platform manufacturer or a content consumer to provide support for the specific form of corresponding decryption. This mechanism can be provided in a manner which allows the digital information to be copied easily for back-up purposes and to be transferred easily for distribution, but which should not permit copying of the digital information in decrypted form. In particular, the encrypted digital information is stored as an executable computer program which includes a decryption program that decrypts the encrypted information to provide the desired digital information, upon successful completion of an authorization procedure by the user. In combination with other mechanisms that track distribution, enforce royalty payments and control access to decryption keys, the present invention provides an improved method for identifying and detecting sources of unauthorized copies. Suitable authorization procedures also enable the digital information to be distributed for a limited number of uses and/or users, thus enabling per-use fees to be charged for the digital information.

A method and apparatus is provided for secure terminals that facilitate secure data transmission and are compliant with the payment card industry (PCI) data security requirements. A security processor is combined with an application processor and a display into a secure display control unit (SDCU) that provides tamper resistance and other security measures. Modular secure I/O devices are interfaced to the SDCU via a wired, or wireless, medium so as to facilitate secure data transfer to the SDCU during a point-of-sale (POS) transaction or other transaction that requires secure data entry. The secure I/O devices implement one-time-pad (OTP) encryption, where the random keys, or pads, are generated by a derived unique key per transaction (DUKPT) generator. Other embodiments facilitate interconnection of the secure I/O devices to a hardware security module (HSM) or a personal computer (PC) while maintaining a high level of data security.

Pure random numbers from a sheet within a one-time pad are employed to encrypt the bytes of a source data packet and to order the encrypted bytes in a random order within the encrypted data packet. Pure random numbers fill remaining positions within the encrypted data packet. The resulting encrypted data packet is unconditionally secure (i.e., unbreakable). Sheets within the one-time pad are utilized only once, and the one-time pad is replaced when exhausted. For electronic checking applications, the one-time pad is distributed to the user stored in an electronic checkbook, with a copy retained by the bank. For cellular telephone applications, the one-time pad is stored in a replaceable memory chip within the mobile unit with a copy retained at a single, secured central computer. For client-server applications or applications involving sales over the Internet, the one-time pad may be provided to the user on a floppy disk or CD-ROM, with a copy retained by the vendor.

A client device authenticated a one-time pad table stored in the client device, and a matching table maintained by a service provider. When a request for service is posted from the client to the service provider, the next unused pad is exchanged and verified with the current state of the service provider's copy of the table. If the OTP is the next unused code, service is granted, else the user is challenged to identify himself, which when successfully completed results in the client device being downloaded with a new OTP table, replacing the compromised table. Use of service by a cloned device causes the OTP table at the service provider to become out of synchronization with the authentic device's copy of the table, thereby setting up the ability to detect the fraud, stop the service consumption by the clone, and reprogram the authentic device to allow for uninterrupted service.

A device, including one or more Communication Physical Unclonable Function (CPUF) and key storage devices, the CPUF devices each comprising: a coherent Electromagnetic (EM) radiation source; a spatial light modulator (SLM) connected to the coherent EM radiation source; a volumetric scattering medium connected to the SLM; a detector connected to the volumetric scattering medium; and one or more processors or circuits connected to the detector and one or more processors or circuits connected to the SLM. A communication protocol is also provided.

This invention report describes the architecture of a system, which undertakes in a new way the dynamic generation of symmetrical keys and the confidential synchronization of encryption components which use these keys. The basis is formed by the principle of the one-time-pad, with which absolute confidentiality can be ensured in theory. The difficulties with practical implementation of a pure one-time-pad can be avoided by expansions.

In carrying out a task that consumes data from a one-time pad, task inputs comprising at least first data and second data from the pad, are combined together to form an output from which the data used from the pad cannot be recovered without knowledge of at least one of the first and second data. The task concerned can be, for example, the encrypting of a message or the creating of an attribute verifier.

The invention provides a reliable encryption transmission system of a quantum cryptography network. The reliable encryption transmission system comprises an encryption processing module and a decryption processing module, the encryption processing module is composed of an encryption strategy unit, a service data buffering shunt unit, a classic encryption unit and a quantum encryption unit, and the decryption processing module is composed of a cryptograph classification unit, a cryptograph data buffering unit, a classic decryption unit and a quantum decryption unit. Meanwhile, the invention further provides a reliable encryption transmission method of the quantum cryptography network. The classic encryption mode and the quantum one-time pad encryption mode are adopted for transmitting service data in a shunt mode, the shunt proportion of the service data can be timely and correspondingly changed according to changes of the quantum secret key supply-demand relationship, on the basis that the safety is guaranteed, the continuity of service data encryption transmission is improved, and the reliability of service data encryption transmission is improved. Meanwhile, the consumption of quantum secret key data is reduced, quantum secret key generation loads of the quantum cryptography network are reduced, and the cost of service data encryption transmission of the quantum cryptography network is reduced.

An approach for securely transmitting and storing data is described. A sending host generates a random sequence of characters as a keystream as a one-time pad. The keystream is bitwise combined with plaintext using an exclusive-OR operation to create ciphertext. The keystream and ciphertext are routed over physically separate communication paths to a receiving host, which decrypts by applying the keystream to the ciphertext using exclusive-OR, The separately routed paths may be established using MPLS labeling or strict route options.

The invention discloses an implementation method for an integrated security protection subsystem of a mobile office system. The implementation method includes the steps of triple mobile phone client identity authentication, triple background management system login security defense and tight service logic data security protection. The step of triple mobile phone client identity authentication includes password authentication, face recognition authentication and pattern password authentication. The step of triple background management system login security defense includes keyboard record prevention based on the simulative transmission keyboard information technology, a transparent one-time pad administrator login identity information encryption transmission mode based on RSA, and a double-factor authentication mode based on cloud pushing and combining dynamic passwords with static user names/passwords. Various kinds of security technology is transparently adopted, the data security is improved, multi-identity-authentication security defense is achieved, the access control capacity is enhanced, and notice announcement and news browsing of enterprises are safe and efficient through the integrated information security protection subsystem.

A hybrid one time pad encryption and decryption apparatus with methods for encrypting and decrypting data wherein a one time random number pad provides high security encryption. The random number sequence is encrypted using DES, RSA or other technique and embedded in the message as a function of the random pad itself. This generates an encryption message that is impervious to attempts to directly decode the message text as the message is randomly dispersed throughout a message and the message contains as much quasi-random data as text. The message is also relatively impervious to attempts to decode the cipher, as the cipher is randomly interrupted by the encrypted data.

A method and system are provided for evidencing to a first entity, such as a visa-checking authority, that a second entity, such as a traveller, possesses a particular attribute, such as right of entry to a specific country. The method involves a preliminary phase of verifying that the second entity has the attribute of interest; associating that attribute with a first one-time pad held by the first entity; and arranging for the second entity to possess a second one-time pad that is at least a subset of the first one-time pad. Thereafter, when the second entity wishes to prove to the first entity that it has the attribute of interest, it passes evidence data derived from the second one-time pad to the first entity. The first entity can then check for the presence, in the first one-time pad, of data matching, or usable to produce, the evidence data.

The invention discloses an instant communication system, which comprises a sender and a receiver. Instant communication modules of the sender and the receiver carry out parameter setting on a controlcircuit, generate encrypted data for transmission, and decrypt the received data; a control circuit modulates a quantum key module, acquires an original key and controls a synchronous timing sequence;the quantum key module generates the original key synchronously according to a trigger signal, modulation voltage and a timing sequence signal of the control circuit; a clock synchronous module generates a synchronous clock signal according to the trigger signal of the corresponding control circuit, and sends the synchronous clock signal to the clock synchronous module of the receiver; the clocksynchronous module of the receiver returns the clock synchronous signal and completes the synchronization of the sender and the receiver; and the sender and the receiver encrypt and decrypt information by a real-time security key generated by a quantum key generation system according to an one-time pad memo-type encryption scheme; therefore, the instant communication system has high security, andcan realize the off-site absolutely-secure instant communication.

Using a password (π), a client (C) computes part (H₁(<C,π_C>) of the password verification information of a server (S), and together they use this information to authenticate each other and establish a cryptographic key (K′), possibly using a method resilient to offline dictionary attacks. Then over a secure channel based on that cryptographic key, the server sends an encryption (EE_<C,π>(sk)) of a signing key (sk) to a signature scheme for which the server know a verification key (pk). The encryption is possibly non-malleable and/or includes a decryptable portion (E<_C,π>(sk)) and a verification portion (H₈(sk)) used to verify the decrypted value obtained by decrypting the decryptable portion. The signing key is based on the password and unknown to the server. The client obtains the signing key using the password, signs a message, and returns the signature to the server. The server verifies this signature using the verification key, hence getting additional proof that the client has knowledge of the password. The client and the server generate a shared secret key (K″), more secure than the password, for subsequent communication.

A method of verifying a password and methods of encryption and decryption using a key generated from a one-time pad. In one embodiment, the method of verifying includes: (1) receiving a password attempt, (2) retrieving a pointer from memory, (3) searching a one-time pad based on the pointer to retrieve a password, (4) comparing the password attempt with the password and (5) generating a new pointer if the password attempt matches the password.

Devices for securing data and method of managing a one-time pad stored in nonvolatile memory of a device. In one embodiment, the device for securing data includes: (1) a nonvolatile memory, (2) a nonvolatile memory controller coupled to the nonvolatile memory and configured to cooperate with the nonvolatile memory to make a key available when a password provided to the device is valid and (3) a self-destruct circuit coupled to the nonvolatile memory and configured to corrupt at least part of the nonvolatile memory when the password is invalid.

The invention relates to information security technology, in particular to a virtual genome-based cryptosystem (VGC). The cryptosystem is provided with two matched keys, of which one is a virtual genome database (VGDB) consisting of random deoxyribonucleic acid (DNA) sequences and the other one is a position table that virtual genes of the VGDB are randomly distributed in a two-dimensional microarray, namely a virtual DNA microarray chip (VDMC). Any plaintext information can be freely written on the VDMC, namely points for forming the plaintext information are selected from the VDMC microarray. The selected points correspond to the virtual genes in the VGDB; small segments of DNA sequences are randomly selected from the virtual genes; and the uniqueness of the small segments of DNA sequences in the VGDB is determined by using a common tool of the bioinformatics, namely a basic local alignment search tool (BLAST), or other character string search algorithms such as a Knuth-Morris-Pratt (KMP) algorithm and the like. A cipher text is combined by the small segments of DNA sequences. The small segments of DNA sequences need only to perform BLAST on the VGDB during decryption, namely the points for forming the plaintext information can be discovered, and the plaintext information can be restored according to the VDMC. Any non-VGDB sequence can be randomly inserted into the cipher text and does not have any influence on the encryption. Thus, the VGC is an excellent information hiding system. In addition, the VGC key can be updated automatically so as to realize an indecipherable one-time-pad system. The cryptosystem is used for real-time quick secret information communication, digital signature and identity authentication.

The invention discloses an IPSec VPN method used for realizing quantum safety. The method is characterized by adding a safe interface of QKD in an IPSec VPN gateway; adding a quantum key access and application mechanism in an IPSec VPN safety strategy; adding a one-time pad encryption option based on a quantum key in an IPSec encryption component and adding a strategy which preferentially adopts the quantum key as a pre-shared key, and adopts a session key of a data encryption algorithm and a shared key of an HMAC algorithm; and realizing fusion application of the QKD, quantum encryption and an IPSec protocol, and increasing quantum safety of identity authentication, message authentication and data encryption of an IPSec VPN system. The safety of the system is high, application access is flexible, and a good application prospect is possessed in fields of party, government, industrial control, finance, military and the like.

A variant on the "One Time Pad' cipher is used to provide an encrypted link between two or more stations. The main feature of this variant is the use of a unique and easily created Pseudo-Random Number Sequence segment not having any internal repeats. At one station, a mixing function is used to combine a locally created stream of truly random bytes with a portion of this unique PRNS segment, yielding a fresh stream of truly random data. This freshly created stream of truly random data is operated on in such a way as to create a new and unique PRNS element set which is used to control the functioning of a PRNS generator. The PRNS generator is used to create a new and unique PRNS segment which has a repeat period much longer than the length of the PRNS element set used to create it. It is then useful to treat the PRNS element set as a message and transfer it across the encrypted link to other stations. In this fashion, this OTP cipher variant can be re-keyed and used for as long as there is a continuing source of truly random data available at one of the stations on the network. This technique of using unique and freshly created PRNS segments rather than the classic One Time Pad allows encrypted networks to function independently of any central key distribution regimens or Public Key Infrastructures, making such an encrypted network proof against security breaches perpetrated upon, or key escrow schemes propagated through, such external key distribution infrastructures. This technique also provides certain securities against willful betrayals by tempted users or coerced revelations by users under duress.

The invention is used for providing a security authentication between the content provider, network service supplier and users in digital TV system. The method comprises: based on the active authentication of client side, a bidirectional authentication is adopted in order to realize the one-time-pad in the authentication process; said authentication information is encrypted with public key in the smart card of set-top box, and the encrypted authentication information is decrypted with private key in the front end authentication server.

The invention provides a semi-quantum dialogue method without a classical correspondent with the measurement capability based on single photons. Bidirectional communication between one quantum correspondent and one classical correspondent is achieved. The active-attack security of external Eve is guaranteed through scrambling operation of the classical correspondent, the complete robustness of an existing semi-quantum key distribution method and classical one-time-padding encryption. Through classical base measurement of every two adjacent information single photons of the quantum correspondent, the initial states of the quantum correspondent and the classical correspondent are shared by the quantum correspondent and the classical correspondent, and therefore the information leakage problem can be solved with the semi-quantum dialogue method. Compared with a traditional information-leakage-free quantum dialogue method, the semi-quantum dialogue method has the advantage that only one correspondent has the quantum capacity. Compared with an existing semi-quantum dialogue method, the semi-quantum dialogue method has the advantages that the single-photon entangled state but not two-photon entangled states is used as a quantum carrier, and has the good practical performability.