Method for iterative cryptographic transformation of data. RU patent 2504911.

FIELD: radio engineering, communication.

SUBSTANCE: method involves generating a sequence of round keys K₁, K₂,…, K_R, where R is the number of transformation rounds, from a private key using a key turning procedure; executing R transformation rounds; each round key used at the i-th round (K_i) is used to generate N round sub-keys K_i1. K_i2,…, K_in, where N is the number of paths of round transformations in each round; when executing each i-th round, N copies C_i1, C_i2,…, C_in of an input unit C are created, each copy C_ij subjected to stochastic transformation E_ij, which is recorded in the form C_ij:=F_ij(C_ij, K_ij); the transformed values C_ij are transmitted to inputs of a combinational circuit F, the function of which is a parallel composition of different paths of round transformations; the result of actions of the combinational circuit C:=F(C_i1, C_i2, …, C_in) is declared the round result, which is transmitted to the input of the next round for i<R, and the result of the actions of the last round is the transformation result.

EFFECT: high cryptographic robustness and faster cryptographic transformation of data.

3 cl, 3 dwg

IPC classes for russian patent Method for iterative cryptographic transformation of data. RU patent 2504911. (RU 2504911):

H04L9/00 - Arrangements for secret or secure communication (spread spectrum techniques H04B0001690000)

G06F21/72 - ELECTRIC DIGITAL DATA PROCESSING (computers in which a part of the computation is effected hydraulically or pneumatically G06D, optically G06E; computer systems based on specific computational models G06N; impedance networks using digital techniques H03H)

Another patents in same IPC classes:

Method for cryptographic transformation of information and apparatus for realising said method / 2503135
Method is based on breaking down an initial 32-bit input vector into eight serial 4-bit input vectors. Conversion tables are placed in each replacement unit, each table having sixteen rows, each row having four padding bits corresponding to 4-bit output vectors. Four replacement units are used, one for each pair of 4-bit input vectors, wherein each replacement unit employs a 16-byte or more central processing unit register in which two conversion tables are placed, and conversion of pairs of 4-bit input vectors to pairs of 4-bit output vectors in accordance with the conversion unit is carried out by switching the rows of the conversion tables to the central processing unit register of the corresponding replacement unit using pairs of 4-bit input vectors in form of switching addresses, after which the 4-bit output vectors are combined in series into a 32-bit output vector.

Method of detecting radio-electronic equipment / 2497285
Method involves further multiplication and low-pass filtering of the output voltage of each antenna element with reference signal voltages corresponding to all antenna elements and presenting the multiplication and filtration results in form of a cross-correlation matrix of signals; performing corresponding multiplication, summation and subtraction operations with signals of corresponding elements of the cross-correlation matrix of signals to obtain the determinant of the cross-correlation matrix of signals; finding the maximum value of the determinant of the cross-correlation matrix of signals and, for the maximum value of the determinant of the cross-correlation matrix of signals, based on reference signal parameters, determining the frequency value and direction of arrival of the signal of continuously emitting radio-electronic equipment.

Information protection method / 2494553
Disclosed is a method of protecting information based on identification data, which involves encrypting a source message and subsequent decryption using a secret key generator and by applying a computational technique, characterised by that the following procedures are performed: at the initial initialisation step, calculating a secret master key and a system public key; at the second step, sending the secret master key to the input of an algorithm which executes the secret key computation step and generates, at the request of the decryption algorithm, a secret key for the new system user; at the encryption step, encrypting the source message using the identifier of the new user and the system public key obtained at the initial initialisation step; at the decryption step, transmitting to the input of the decryption algorithm the secret key for the new user and decrypting the message obtained at the encryption step.

Method of encrypting messages presented in form of multibit binary number / 2485600
In the method for block encryption of a message M, which is presented in form of a multibit binary number, a private key and a cryptogram, which depends on the message M and the private key, are generated, wherein the private key is generated in form of a set of subkeys K1, K2,…, Kh, where h≥1, and auxiliary multibit binary numbers p1, p2,…, pu, pu+1, where u≥1; auxiliary multibit binary numbers R1, R2,…, Ru, D are generated and a cryptogram is generated in form of a multibit binary number C, which satisfies the comparison system C≡R1 mod p1, C≡R2 mod p2,…, C≡Ru mod pu, C=D mod pu+1, where at least one of the numbers R1, R2,…,Ru depends on the message M and one of the subkeys K1, K2,…, Kh.

Method for block encryption of messages and transmission of encrypted data with closed key / 2481715
Before transmitting a message (for i=0), the same closed key value is initiated in the transmitter and the receiver. When transmitting each data unit, the closed key value is synchronously varied in the transmitter and the receiver. The transmitter 1 sends the receiver 2 data units over an open communication channel 3. The transmitter 1 performs encryption and the receiver 2 performs decryption of the data units. In the transmitter 1, the message is divided into separate data subunits 10 whose number N≥2. According to the invention, each i-th data subunit 10 is joined to the i-th service information subunit 11, where the (i+1)-th key modifier is recorded. Each unit is encrypted by its own closed subkey. The subkey for the (i+1)-th unit functionally depends on the subkey of the previous i-th unit 12 and the (i+1)-th key modifier, which is generated at the output of a random number generator 13.

Method to generate coding/decoding key / 2480923
Method of K generation provides for simultaneous generation of a source sequence at the side of the 1st correspondent of the communication network and preliminary sequences at the sides of the 2nd and 3rd correspondents, at the same time a code word generated by the 1st correspondent of the communication network is simultaneously sent along communication channels with independent errors to the 2nd and 3rd correspondents of the communication network, accordingly, a binary symbol of acknowledgment generated by the 2nd correspondent of the communication network is sent along the communication channels without errors accordingly to the 1st and 3rd correspondents of the communication network, similarly a binary acknowledgement symbol generated by the 3rd correspondent of the communication network is sent. Then the source sequence is coded, a unit of testing symbols is identified from it and simultaneously transferred along direct communication channels without errors to the 2nd and 3rd correspondents, simultaneously decoded sequences are generated by the 2nd and 3rd correspondents, and the K is simultaneously generated by all correspondents of the communication network.

Authentication of operations using network / 2480922
Method of authentication includes authentication of a portable user device using dynamic data generated by the portable user device or an access device being connected to the portable user device, besides, dynamic data differs for each operation and are generated from at least one of data of a certain operation and data of a certain user, and authentication of a user, including sending a message with a request to the user, and receipt of the response to the request from the user.

Device for cryptographic information protection / 2475838
Disclosed is a device for cryptographic information protection, having three AND elements, read-only memory, four shift registers and two counters with overflow triggers, characterised by that the device is built-in with an additional flip-flop, second ROM, a unit of group AND circuits, a decoder, a unit of OR circuits, a counter with an overflow trigger, an arithmetic logic unit and a self-controlled synchronisation unit, wherein the device for cryptographic information protection consists of series circuits of components and units in form of a first terminal, the self-controlled synchronisation unit having two input "Start" and "Stop" external terminals, and a second series circuit of units is formed from the output of the first ROM through a unit of AND circuits.

System for secure telephone communication / 2474064
System for secure telephone communication has telephone receivers, subscriber lines (SL), a line input unit, a first switching unit, a signal analysis unit, an automatic telephone exchange (ATE), as well as a program control unit, an automatic vocoder unit (AVU), an interfacing unit, a second switching unit, an interaction and control signal unit (ICS), first and second cryptographic units, a channel input unit connected to long distance channels (LDC), a subscriber telephone terminal (STT) and a digital subscriber line. The system also includes a line input unit, a program control unit, an AVU, an interfacing unit, an ICS unit, a second cryptographic unit, a channel input unit connected to LDC, STT and a digital SL; the ATE consists of a subscriber line unit, a jack field unit, a server unit, a workstation unit, a channel set unit and a station control unit, which includes a first, a second and a third peripheral control unit, a random access memory unit, a central control unit, a program storage unit and a program replacement unit; connections between existing units have also been changed and they have additional functions.

Method of coding by adaptive method of multialphabetical replacement / 2469484
In the proposed method a multialphabetical replacement table (MRT) is generated, during coding each symbol of an open text in accordance with a random law is replaced with a permissible real number from the MRT, produced as a result of replacement with the help of the MRT, the number is represented by the value of the determined integral, and values of upper and lower integration limits (IL) are sent to a communication line. A type of a subintegral function and a form of the MRT are considered secret, in process of cryptogram transfer the produced distribution of real numbers of the cryptogram is analysed and corrected so that it is approximated to even distribution. For this purpose prior to coding of another open text symbol, an output distribution histogram is analysed, and an area of global minimum is found on the histogram, one of IL is selected so that it is within the global minimum area, and the second IL is calculated with account of the found first IL and the number produced with the help of the MRT, so that it is within the area of global or local minimum of the histogram.

System for protecting information containing state secrets from unauthorised access / 2504835
System for protecting information containing state secrets from unauthorised access comprises a plurality of user information security systems, a plurality of automated user workstations and functional severs, a backbone network, a domain controller server, a security server, a security server database, at least one automated administrator workstation and one administrator information security system. Each user information security system comprises a security agent, a user access partitioning system and a database of enhanced user authentication means; the administrator information security system comprises a security administrator agent, a security administrator access partitioning system and a database of enhanced administrator authentication means, wherein the automated user workstations further include trusted download hardware-software module; furthermore, the automated workstations include enhanced authentication means.

System for protecting information containing state secrets from unauthorised access / 2504834
System for protecting information containing state secrets from unauthorised access comprises a plurality of user information security systems, a plurality of automated workstations and functional severs, a backbone network, a domain controller server, a security server, a security server database, at least one automated workstation for an information security administrator and at least one administrator information security system. Each user information security system comprises a security agent, a user access partitioning system and a database of enhanced user authentication means, and the administrator information security system comprises a security administrator agent, a security administrator access partitioning system and a database of enhanced security administrator authentication means.

Digital rights management apparatus and method / 2504005
Method comprises steps of: encoding a digital program to link said digital program with an authentication agent by packing the digital program and authentication agent into single digital content. Said authentication agent includes a program code executed by a device, wherein the device can reproduce said digital program and execute the program code. The program code is configured to authenticate the device when executed in the device; and provide said device with digital content which includes said digital program and said authentication agent. Said digital program is encrypted via a first encryption algorithm, and the decryption key of the fist encryption algorithm is encrypted via a second encryption algorithm and is stored in the authentication agent.

Method and apparatus for performing user video authentication / 2504004
Disclosed is a method of performing video authentication of a user, which comprises steps of: receiving a user-provided authentication photograph; capturing a continuous video image of the user in real time over a certain period of time using a video capturing device at a user client; performing real-time decomposition of the video image and obtaining a series of video data frames; selecting from the series of video data frames a specific number of video data frames and generating at least one contrast image for video authentication of the user based on the specific number of video data frames; comparing the authentication photograph with the contrast image and making a decision on the user video authentication result according to the comparison result.

Method for remote monitoring and control of networking information security based on use of domain name system / 2503059
Method involves modifying DNS response to resolution of a domain name of a target information service such that, an "Additional" field specified by configuration information and security policy rules is added to the DNS response, said field initiating the beginning of the process of monitoring and controlling communication security, after which the modified DNS response is sent from a controlled DNS server to the DNS server of an internet provider; a request is sent on behalf of a client to the target information service; the request from the client is received at the monitoring point; the necessary control actions are determined based on the network security policy and information in the request to the target information service; control actions are carried out for network traffic.

Hardware interface for enabling direct access and security assessment sharing / 2502200
IPv4 to IPv6 translation component provides IPv4 to IPv6 translation for data traffic that is incoming to the network interface card. An IPsec component is configured to terminate an IPsec connection. An enterprise security assessment sharing component is configured to implement a security assessment publish and subscribe model in hardware for sharing security assessments among network endpoints, a security assessment being arranged to provide contextual meaning to a security incident that occurs within an enterprise network environment.

Systems, methods and apparatus for detecting and correcting encryption errors / 2501173
Method involves using a first set from one or more input encryption parameters for decrypting data in a received protocol data unit, wherein encrypted data were encrypted using a second set from one or more input encryption parameters; comparing the value of at least part of the decrypted data with an expected value; detecting, using a decryption control scheme, an encryption error if the value of at least part of the decrypted data does not match the expected value; and initiating an encryption resynchronisation procedure in response to the determination that there has been an encryption error, in order to resynchronise at least one input encryption parameter from the first set with at least one input encryption parameter from the second set.

Verification of portable consumer devices / 2501084
Method of providing a verification value for a portable consumer device includes: receiving, at a server, a verification value request for a portable consumer device associated with a user; obtaining, from the received request, a unique identification code assigned to the user; obtaining an account record containing the obtained unique identification code, wherein the account record links the consumer account of the portable consumer device with the obtained unique identification code, wherein the consumer account has an account number associated with it, which identifies the consumer account within a payment handling network, wherein the obtained unique identification code differs from the consumer account number of the obtained account record; obtaining a data entity indicating the verification value for the consumer account of the obtained account record; and sending the obtained data entity to at least one of: a telephone number or network address of a personal communication device associated with the consumer account of the obtained account record.

Cell-based security representation for data access / 2501083
Computer-implemented data security system, having a memory device storing computer-executed components which include: a definition component for defining cell level security attributes for cells of a data table, having rows and columns, wherein cell level security attributes for a cell located in a row, having one or more other cells, and in a column, having one or more other cells, may be defined to block access to data of that cell, but grant access to data of other cells in that row and data of other cells in that column; a storage component for storing cell level security attributes as security metadata, and a security component for applying the security metadata to results of a query from a user to return filtered results based on said user, and a processor for executing said computer-executed components stored in memory.

Method for using a server, device for controlling reservation of server and means for storing a program / 2276400
For this in accordance to method reservation is requested, reservation is confirmed, authentication information included in reservation information is stored, service is requested on basis of authentication information, server utilization is authenticated and server is utilized on basis of authentication result, while on stage of reservation confirmation device for controlling reservation transfers reservation setting information, and on stage of authentication server utilization is only confirmed when authentication information matches authentication information transferred from user terminal. Device contains receiving means, information generation device and transmitting means.