191 results about "Rekeying" patented technology

The present invention provides a technique which makes it possible to eliminate unauthorized playback of contents where unauthorized apparatuses are used and enable only authorized playback apparatuses to play back contents properly. The playback apparatus of the present invention obtains encrypted key information that has been encrypted by a first secret-key encrypting method, and decrypt the encrypted key information into key information using a secret key stored in a storing unit. When the key information is key-updating information, the playback apparatus updates the secret key according to the key-updating information. When the key information is a decryption key, the playback apparatus (i) obtains an encrypted content key that has been encrypted by a second secret-key encrypting method, (ii) decrypts the encrypted content key into a content key using the decryption key, (iii) obtains a scrambled content that has been scrambled by a scramble encrypting method, (iv) descramble the scrambled content using the decrypted content key, and (v) plays back the descrambled content.

An encryption method and apparatus that provides forward secrecy, by updating the key using a one-way function after each encryption. By providing forward secrecy within a cipher, rather than through a key management system, forward secrecy may be added to cryptographic systems and protocols by using the cipher within an existing framework. A random-access key updating method can efficiently generate one or more future keys in any order. Embodiments are applicable to forward secret ciphers that are used to protect protocols with unreliable transport, to ciphers that are used in multicast or other group settings, and to protection of packets using the IPSec protocols.

The invention relates to a system for securing access to resources or computer systems by means of a self modifying, single use password that limits access to a system and automatically changes each time it is used. Independent computer systems, or clients, are utilized by users to generate one time passcodes to prove their identity to one or more authentication servers. Servers are used to authenticate user inputted one time passcodes, to maintain and update the status of one time passcode clients, and perform rekeying and reset operations. Middleware, an optional component, allows for the interaction between one time passcode clients and servers. Middleware allows for client rekeying and resets as well as synchronisation between the client and server. The invention facilitates, inter alia, distribution of clients to users, maintaining and administering the status of clients on one or more servers, generation of a one time passcode (OTP), authentication of a one time passcode, rekeying of a one time passcode client, resetting of a one-time passcode client, Resetting of a one time passcode client, requesting for generation of a one time passcode on a communication enabled client through software or hardware interfaces, and authentication of one time passcodes by remote application servers.

A version number is associated with an encrypted key executable to allow real time updating of keys for a system which facilitates users signing on to multiple websites on different domains using an encrypted ticket. Two keys may be used at each site during updating of keys, each having an associated one digit Hex version tag. When a key is to be updated with a new key, the existing or old key is provided an expiration time. A second key is provided from the system in a secure manner with a new version number and made the current key which provides decryption of the encrypted ticket. The system tracks both keys while they are concurrent. After the existing key expires, only the second, or updated key is used to provide login services for users. The system periodically flushes old keys.

A key management apparatus which can be used to encrypt / decrypt content data in a content playback device includes a storing unit for storing a secret key, a key information decrypting unit for decrypting encrypted key information and an updating unit operable to update the secret key with an algorithm stored therein, when the decrypted key information is key-updating information. Seed information can be received for use with the algorithm to provide a new secret key, and preliminary trigger information can be used to poll a group of appliances to request key information to determine any duplication of appliances.

A version number is associated with an encrypted key executable to allow real time updating of keys for a system which facilitates users signing on to multiple websites on different domains using an encrypted ticket. Two keys may be used at each site during updating of keys, each having an associated one digit Hex version tag. When a key is to be updated with a new key, the existing or old key is provided an expiration time. A second key is provided from the system in a secure manner with a new version number and made the current key which provides decryption of the encrypted ticket. The system tracks both keys while they are concurrent. After the existing key expires, only the second, or updated key is used to provide login services for users. The system periodically flushes old keys.

The invention provides a method for improving the security of a mobile terminal in a WLAN environment by installing two shared secrets instead of one shared secret, the initial session key, on both the wireless user machine and the WLAN access point during the user authentication phase. One of the shared secrets is used as the initial session key and the other is used as a secure seed. Since the initial authentication is secure, these two keys are not known to a would be hacker. Although the initial session key may eventually be cracked by the would be hacker, the secure seed remains secure as it is not used in any insecure communication.

Apparatuses, systems, and methods for optimal group key (OGK) management that may achieve non-colluding and / or the storage-communication optimality are disclosed. In some embodiments, a group controller (GC) is responsible for key generation and distribution and the group data are encrypted by a group key. When joining the group, in some embodiments, each group member (GM) is assigned a unique n-bit ID and a set of secrets, in which each bit is one-to-one mapped to a unique secret. Whenever GMs are revoked from the group, in some embodiments, the GC will multicast an encrypted key-update message. Only the remaining GMs may be able to recover the message and update GK as well as their private keys. The disclosed OGK scheme can achieve storage-communication optimality with constant message size and immune to collusion attack and also may outperform existing group key management schemes in terms of communication and storage efficiency.

A rekeyable lock cylinder comprises a cylinder body, a plug, an adjusting block and a plurality of rack component assemblies. The plug disposed within the cylinder body has a trench and a plurality of rack component runners communicating with the trench. The adjusting block disposed at the trench has an arc sidewall, a plurality of leading slots corresponding to the rack component runners one by one and a position groove recessed from the arc sidewall. The position groove has a notch portion and a groove inner portion, wherein a depth of the groove inner portion is larger than a depth of the notch portion. Each of the rack component assemblies comprises a first rack component disposed at the rack component runner and a second rack component capable of engaging with the first rack component. Each of the first rack components has a rib portion located at the leading slot.

Security key distribution techniques using key rollover strategies for wireless networks are described. A number of keys are generated, usually by an access point. The present invention allows a standard mode and a mixed mode. In standard mode, each device on the network supports automatic key updates. In mixed mode, one or more devices on the wireless network require fixed keys. In both modes, a predetermined number of keys are determined and communicated to client devices that are accessing the wireless network. The predetermined number is determined so that a client device can miss a certain number of authentication periods without losing communication with the wireless network. Preferably, transmit keys used by an access point are different than the transmit keys used by the client devices that support automatic key updates.