e

Percutaneous nephrostomy plug delivery device

A device for delivering a percutaneous nephrostomy plug is provided. The device comprises a tubular member configured for insertion into a biological body. The device further comprises a handle coupled to a proximal end of the tubular member. The handle comprises a pusher element, an actuation element, and a transmission. The pusher element is disposed within the tubular member, and is configured to deliver a plug through a distal end of the tubular member. The transmission is coupled to the tubular member and the actuation element, and the transmission is configured to cause a retraction of the tubular member relative to the pusher element in response to a depression of the actuation element. A first depression of the actuation element toward the tubular member urges a partial exposure of the plug. A second depression of the actuation element urges a further exposure of the plug.




e

Suture anchor inserter

The present disclosure relates to a suture anchor inserter. The suture anchor inserter includes a handle having a proximal component, a central component coupled to the proximal component, and a distal component coupled to the proximal component and the central component, the central component capable of rotating relative to the proximal component; and a shaft comprising a proximal end and a distal end, the proximal end coupled to the handle. A method of inserting a suture anchor into bone is also disclosed.




e

Apparatus and method of user interface with alternate tool mode for robotic surgical tools

In one implementation, a method is disclosed in which a lock sensing mode is entered for a robotic surgical instrument. In the lock sensing mode, the degrees of freedom of movement in the robotic surgical instrument are switchably reduced. Further in the lock sensing mode, one or more end effectors of the robotic surgical instrument are switchably clamped together in the robotic surgical instrument. An increased level of torque may also be applied to the end effectors to increase a gripping force applied by the one or more end effectors in response to the reduced degrees of freedom of movement in the robotic surgical instrument.




e

Medical device

An attachment for a surgical instrument including a drive input hub for connection to a power source; a drive output hub for connection to a surgical instrument; and a body connecting the drive input hub to the drive output hub, the body including a mechanism for transferring drive from the input hub to the output hub, and wherein the body, the drive input hub and the drive output hub are at least in part not coaxial. A method for surgically preparing a bone using the attachment is also provided.




e

Cutting or scoring balloon and apparatus therefor

A cutting or scoring balloon (26) is provided with a plurality of cutting or scoring elements (34) and is wrapped onto a balloon catheter (12) such that the cutting or scoring elements (34) overlie the balloon wall (36) with the balloon wall (36) pleated underneath the cutting or scoring elements (34). The cutting or scoring elements (34) remain exposed when the balloon (26) is pleated and wrapped onto the balloon catheter (12) and in a tightly wrapped configuration.




e

Method and apparatus for a radiolucent and MRI compatible cranial stabilization pin

A substantially radiolucent cranial stabilization pin is adapted for use with a fixture for immobilizing a patient's head during a medical procedure. The pin includes a tip and a body, which are secured together to form the pin. The tip and body are constructed from non-ferrous, non-magnetic materials that are biocompatible. The tip and body are safe for use with, and compatible with, imaging techniques including MR imaging and CT imaging. In some examples the tip is a titanium insert and the body is molded within and around at least a portion of the tip. In some versions, the tip includes a hollow portion and one or more openings providing access to the hollow portion. The molded body flows into and around portions of the tip creating a secure pin suitable to withstand torque and axial forces observed in use.




e

Tissue ablation system with energy distribution

A microwave ablation system includes an energy source adapted to generate microwave energy and a power splitting device having an input adapted to connect to the energy source and a plurality of outputs. The plurality of outputs are configured to be coupled to a corresponding plurality of energy delivery devices. The power splitting device is configured to selectively divide energy provided from the energy source between the plurality of energy devices.




e

Flexible harmonic waveguides/blades for surgical instruments

In one embodiment, a surgical instrument comprises an articulable harmonic waveguide. The articulable harmonic waveguide comprises a first drive section comprising a proximal end and a distal end. The proximal end of the first drive section may be configured to connect to an ultrasonic transducer. The articulable harmonic waveguide further comprises a first flexible waveguide coupled to the distal end of the first drive section. An end effector extends distally from the first flexible waveguide. The surgical instrument further comprises an articulation actuator to flex the first flexible waveguide.




e

Anterior cervical plate

An anterior cervical plate system is provided. The cervical plate includes a retention ring with a deflectable flange that is upwardly spaced from the top surface of the ring and configured to prevent an inserted bone fastener from backing out of the plate. The plate includes a locking pin having a camming surface and a blocking surface. When the camming surface is moved into position adjacent to the flange, the flange is free to flex out of the way of a bone screw being inserted into or removed from the plate. When the blocking surface is positioned adjacent to the flange, outward deflection of the flange is prevented to retain the bone screw inside the plate. The locking pin is rotated through a camming surface to bring a blocking surface against the flange deflecting the flange onto the head of the bone screw.




e

Heart occlusion devices

The present invention is specifically directed to a heart occlusion device with a self-centering mechanism. The heart occlusion device includes two separate uniquely shaped wires 12, 14, each forming shapes that mirror the respective wire's shapes. Each wire forms half-discs or quarter-discs that together form a distal disc and a proximal disc. In other versions, the device includes four separate wires, each mirroring its neighboring wire and forming a proximal and a distal quarter-disc. In the versions with four wires, the quarter-discs of each wire together form proximal and distal discs. The distal disc and proximal disc are separated by a self-centering waist. The proximal disc is attached to a hub comprising a screw mechanism. A similar hub is optional on the distal disc. The discs further include coverings which form a sealant to occlude an aperture in a tissue. The wires forming the discs have a shape-memory capability such that they can be collapsed and distorted in a catheter during delivery but resume and maintain their intended shape after delivery.




e

Joint arthroplasty devices and surgical tools

Disclosed herein are methods, compositions and tools for repairing articular surfaces repair materials and for repairing an articular surface. The articular surface repairs are customizable or highly selectable by patient and geared toward providing optimal fit and function. The surgical tools are designed to be customizable or highly selectable by patient to increase the speed, accuracy and simplicity of performing total or partial arthroplasty.




e

Joint arthroplasty devices and surgical tools

Disclosed herein are methods, compositions and tools for repairing articular surfaces repair materials and for repairing an articular surface. The articular surface repairs are customizable or highly selectable by patient and geared toward providing optimal fit and function. The surgical tools are designed to be customizable or highly selectable by patient to increase the speed, accuracy and simplicity of performing total or partial arthroplasty.




e

Medical device inserters and processes of inserting and using medical devices

An apparatus for insertion of a medical device in the skin of a subject is provided, as well as methods of inserting medical devices.




e

Data distributing and accessing method and system

A data distributing and accessing method for sharing a file via a network system includes steps of: dividing the file into a plurality of blocks; distributing the blocks in a plurality of data hosts interconnected via the network system; one of the data hosts receiving a file-reading request from a user host and issuing collecting requests to other data hosts to collect the blocks from the data hosts; and transferring the collected blocks from the data hosts to the user host to be combined into the file.




e

Receiving device and method

A receiving device receives messages, detects the priority levels set in the headers of the messages, and reads the first and second messages. When the receiving device receives the header of the second message during reading of the first message, it controls, in accordance with the priority levels of the first and second messages, the reading rates at which the first and second messages are read.




e

Method and system for processing digital content according to a workflow

A method of processing content according to a workflow, where a digital content is processed on one of a plurality of processing devices according to process definition associated to the content, includes the steps, iterated at the processing device, of: a) receiving from a server a signed workflow information, a workflow information comprising a status of the content processing, a signature of the process definition and a hash of the content;b) verifying the workflow information;c) when the workflow information is verified, processing the content according to the process definition and according to status of the content processing;d) updating and signing the workflow information;e) sending to the server the signed workflow information;and the steps iterated at the server of:f) receiving from a processing device a signed workflow information;g) publishing the signed workflow information received from the processing device. A system for performing the method is also provided.




e

Communication terminal, communication system, communication method and communication program

A communication terminal that can adjust which section of a one-time pad cipher key is used and achieve cipher communication when there is a possibility that the one-time pad cipher keys are not completely matched between communication terminals. A cipher key transfer device acquires a one-time pad cipher key from a key sharing system, divides the acquired one-time pad cipher key with a predetermined number of bits, and transfers the same to a mobile communication terminal after converting the same into one-time pad cipher key cartridges. Along with the partner's terminal, the mobile communication terminal negotiates which one-time pad cipher key cartridge will be used to perform cipher communication, decides the one-time pad cipher key cartridge to be used, and begins cipher communication.




e

Mobile electronic device configured to establish secure wireless communication

The invention relates to a method for configuring a mobile device capable of reproducing, for a user, multimedia content previously provided by a remote content server. The invention relates to using a client installed on said electronic device to relay authentication requests between a card, preferably complying with the provisions of the Mobile Commerce Extension standard, and an authentication server that is accessible via an access point.




e

System and method for remote reset of password and encryption key

Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created.




e

Apparatus for logging a configuration of a microprocessor system and method for logging a configuration of a microprocessor system

An apparatus includes a logging apparatus and a configuration apparatus. The logging apparatus has a security module operable to create a manipulation-proof log. The configuration apparatus is operable to configure a configurable microprocessor system. The configuration apparatus is further operable to be coupled to the logging apparatus in order to log a configuration of the microprocessor system using the logging apparatus.




e

Network-based revocation, compliance and keying of copy protection systems

A method of authenticating a device involves establishing a local connection between a local target device and a local source device; at the source device, obtaining credentials of the target device via the local connection; at the source device, sending the credentials to a cloud authentication server via a secure communication channel; at the cloud authentication server, checking the credentials of the target device against a database of known good devices; at the source device, receiving a message from the cloud authentication server via the secure communication channel, said message indicating that the target device is authenticated; and delivering content from the source device to the target device on the condition that the target device is authenticated. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.




e

Setting in wireless communication device for encrypted communication

A system administrator of a wireless LAN 100 manipulates a personal computer PC1 to change a WEP key. The personal computer PC1 authenticates a memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, changed setting information, as well as a previous WEP key before the change of the setting information, is written into the memory card MC. The system administrator then inserts this memory card MC into a memory card slot of a printer PRT1. The printer PRT1 authenticates the memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, the setting information is updated. This arrangement effectively relieves the user's workload in setting wireless communication devices, while ensuring the sufficiently high security.




e

Relay apparatus, program of relay apparatus and transmitting apparatus

A relay apparatus of a video and audio transmitting/receiving system delays a time before transmitting an authentication start instruction after an authentication start video signal being transmitted to a receiving apparatus. Accordingly, a problem that the receiving apparatus receives the authentication start instruction from the relay apparatus before locking the authentication start video signal and cannot perform authentication processing normally, leading to a failure in authentication. A correction time is decided based on a resolution of the authentication start video signal transmitted from the receiving apparatus and a combination of receiving apparatuses and transmitting apparatuses connected to the relay apparatus.




e

Device and method for obfuscating visual information

A device is described for the hiding and subsequent recovery of visual information. The device comprises two or more tokens (1), each containing a mask (2,3) of coloured pixels (4), are overlaid (5), so that when the pixels are aligned, hidden information, invisible in the individual tokens. The hidden information consists of one or more recognisable alphabetic, numerical or pictorial characters (6). During token overlay and alignment, the information becomes recognisable because it is made up of pixels whose colour is differentiated from the other pixels in the overlay. The information is hidden by adding pixels of certain colours. When the tokens are overlaid and the pixels aligned, the added pixels are effectively subtracted, revealing the hidden information. The tokens may be printed on various media, or may be displayed on an electronic device.




e

Network communications using quantum key distribution

A method and apparatus for forming and distributing quantum encryption keys. A first quantum signal generated by a number generator in a communicator is transmitted through an aperture in the communicator to a receiving communicator. A second quantum signal is received through the aperture at the communicator from a transmitting communicator. The first quantum signal is isolated from the second quantum signal such that the first quantum signal is transmitted from the communicator in response to the first quantum signal passing through the aperture and such that the second quantum signal is received at a number detector in the communicator in response to the second quantum signal passing through the aperture.




e

Private key generation apparatus and method, and storage media storing programs for executing the methods

Disclosed herein are a private key generation apparatus and method, and storage media storing programs for executing the methods on a computer. The private key generation apparatus includes a root private key generation unit and a sub-private key generation unit. The root private key generation unit sets a root master key and predetermined parameters capable of generating private keys, and generates a first sub-master key set capable of generating a number of private keys equal to or smaller than a preset limited number. The sub-private key generation unit generates private keys with the root private key generation unit by receiving the first sub-master key set from the root private key generation unit, to generate a private key corresponding to a user ID using the first sub-master key set, and issues the private key to a user.




e

Broadcast receiving apparatus and control method thereof

The present invention provides a broadcast receiving apparatus that receives a broadcast wave containing multiple channels. The apparatus comprises, among other things, a selecting unit that selects a channel from the broadcast wave; a determination unit that determines, for all channels that can be selected by the selecting unit, whether or not the obtaining unit can obtain an encrypted second-type encryption key that can be decrypted by the decrypting unit using the updated first-type encryption key; and an updating unit that updates the computer program stored in the memory to the updated program in the case where the determination unit has determined that the obtainment is possible for all the channels.




e

System and methods for UICC-based secure communication

A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.




e

Method and system for enhancing cryptographic capabilities of a wireless device using broadcasted random noise

A secret stream of bits begins by receiving a public random stream contained in a wireless communication signal at a transmit/receive unit. The public random stream is sampled and specific bits are extracted according to a shared common secret. These extracted bits are used to create a longer secret stream. The shared common secret may be generated using JRNSO techniques, or provided to the transmit/receive units prior to the communication session. Alternatively, one of the transmit/receive unit is assumed to be more powerful than any potential eavesdropper. In this situation, the powerful transmit/receive unit may broadcast and store a public random stream. The weaker transmit/receive unit selects select random bits of the broadcast for creating a key. The weaker transmit/receive unit sends the powerful transmit/receive unit the selected bit numbers, and powerful transmit/receive unit uses the random numbers to produce the key created by the weaker transmit/receive unit.




e

Methods for managing user information and devices thereof

A method, non-transitory computer readable medium and application manager computing device comprises obtaining at least one cryptographic key from a request by a client computing device for a user session. User information corresponding to a user is encrypted or decrypted using the cryptographic key. The request is authenticated based on encryption or decryption of the user information. The cryptographic key is deleted after the completion or termination of the user session.




e

Method and system for secured remote provisioning of a universal integrated circuit card of a user equipment

The present invention provides a method and system for secured remote provisioning of a universal integrated circuit card of a user equipment. A system includes a user equipment for initiating a request for remote provisioning of an universal integrated circuit card (UICC) in the user equipment, where the request for remote provisioning includes a machine identifier (MID) associated with the user equipment and a public land mobile network (PLMN) identifier (ID) associated with an network operator. The system also includes at least one shared key management server for dynamically generating security keys and an operator shared key using the security keys, the MID. Moreover, the system includes an operator network for generating a subscription key using the operator shared key and an international mobile subscriber identity (IMSI), and provisioning the IMSI in a secured manner to the UICC of the user equipment using the security keys.




e

Apparatus and methods for managing messages sent between services

Disclosed are methods and apparatus for managing services within a computer network. In one embodiment, a message interchange network for exchanging application-level messages between services, which are located outside the message interchange network, is provided. At the message interchange network, a plurality of application-level messages, which each specify which one or more receiving services are to receive the each application-level message, are received. Each received application-level message is forward towards the one or more receiving services. Correlation information regarding each application-level message that is received into message interchange network is retained. The application-level messages are sent between pairs of the services, and the retained correlation information for each application-level message pertains to each application-level message and any other application-level messages related to the each application-level message. A query can then be received, at the message interchange network from a first service, to search the retained correlation information for specific one or more portions of the retained correlation information. A response to the query, which includes the specific one or more portions of the retained correlation information, is sent to the first service.




e

System and method for securely communicating with electronic meters

An infrastructure for securely communicating with electronic meters is described, which enables secure communication between a utility and a meter located at a customer, over a communication link or connection such as via a network. This enables messages to be sent from the utility to the meter and vice versa in a secure manner. The network provides a communication medium for communicating via the C12.22 protocol for secure metering. A cryptographic backend is used to cryptographically process messages to be sent to the meter and to similarly cryptographically process messages sent from the meter. By providing appropriate cryptographic measures such as key management, confidentiality and authentication, the meter can only interpret and process messages from a legitimate utility and the utility can ensure that the messages it receives are from a legitimate meter and contain legitimate information.




e

System and method for obtaining certificate status of subkeys

Systems and methods for updating status of digital certificate subkeys. A request is made to a key server to verify if a given key is revoked. If it is not, then the key with its subkeys is acquired from the key server. If one or more subkeys or signatures of the subkeys are different in the acquired key, then the key is replaced.




e

Method for reproducing content data and method for generating thumbnail image

A content data reproducing method includes: decrypting encrypted data to generate plain-text data; dividing the plain-text data into decrypted content data and reproduction management information; sending the reproduction management information to a user space; storing the decrypted content data in a secret buffer; obtaining the decrypted content data as reproduction target data from the secret buffer and transmitting the reproduction target data to a decoder; and decoding the reproduction target data by the decoder.




e

Enhancing data security using re-encryption

A data source may be configured to provide usage data including subscriber identifiers and associated information indicative of subscriber device locations and usage. A data warehouse server may be configured to perform operations including: decrypting subscriber identifiers included in usage data received from the data source using a two-way rolling key groups algorithm; re-encrypting the subscriber identifiers decrypted from the usage data to create secure encrypted identifiers using a one-way secured encryption algorithm; and correlating the subscriber identifiers in the decrypted usage data with the corresponding re-encrypted identifiers.




e

System and method for protecting information and related encryption keys

A system apparatus and method for protecting information are provided. Embodiments of the invention may detect inactivity related to a computing device. Information and encryption key may be removed from a memory. Subsequent activity may be detected. An authentication procedure may be performed, and, contingent on authenticating a relevant entity, a master key may be generated and installed in a memory.




e

Method and system for providing a rotating key encrypted file system

A file system data is divided into two or more data blocks. A unique encryption key is assigned to each data block with the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks and each of the data blocks is encrypted using its assigned encryption key. One of the data blocks within the file system is then selected and decrypted using the distinct encryption key assigned to the selected data block and a new encryption key, distinct for the previously assigned encryption key, is assigned to the selected data block and the selected data block is re-encrypted using the new encryption key. This process is then repeated for each data block on a sequential/cyclic and continually rotating basis.




e

Key generation techniques

In one or more embodiments, an integrated circuit includes a programmable memory, a key generation module and a module. The programmable memory is to maintain a first key portion. The key generation module is to generate a key using the first key portion from the programmable memory and a second key portion received via a memory interface. The module is to encrypt or decrypt data using the key.




e

Controlling resource access based on resource properties

Described is a technology by which access to a resource is determined by evaluating a resource label of the resource against a user claim of an access request, according to policy decoupled from the resource. The resource may be a file, and the resource label may be obtained by classifying the file into classification properties, such that a change to the file may change its resource label, thereby changing which users have access to the file. The resource label-based access evaluation may be logically combined with a conventional ACL-based access evaluation to determine whether to grant or deny access to the resource.




e

Cryptanalysis method and system

A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and(B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output;The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.




e

Method for arbitrary-precision division or modular reduction

A method in a portable data carrier for executing a cryptographic operation on security-relevant data comprises a step of determining a remainder (r) of a dividend (a) modulo a divisor (b). In so doing, the remainder (r) is determined iteratively by means of a division device of the data carrier. In each iteration there is carried out a Montgomery multiplication with the divisor (b) as the modulus and an additive linkage of an output value of the Montgomery multiplication with a coefficient (ai) derived from the dividend (a) and associated with the respective iteration. The Montgomery multiplication is carried out here by means of a multiplication device of the data carrier, preferably a corresponding coprocessor. The Montgomery multiplication of a subsequent iteration receives a result of a preceding iteration as an input value.




e

Apparatus and method for generating secret key using change in wireless channel on wireless communication network

A secret key generation apparatus and method are provided. The secret key generation apparatus includes at least one antenna, amplification/phase controllers, a transceiver, and a random signal controller. The antenna receives a wireless signal from a counterpart terminal that performs wireless communication. The amplification/phase controllers control the amplification gain and phase of the wireless signal that is received via at least one antenna. The transceiver measures the status of a wireless channel using the wireless signal having the controlled amplification gain and phase, determines parameters based on results of the measurement, and generates a secret key based on results of the determination. The random signal controller controls the amplification/phase controllers so that the amplification gain and phase are adjusted whenever the transceiver generates a secret key.




e

Apparatus and method for converting random binary sequence into random integer

An apparatus and method for converting a random binary sequence into a random integer is provided. The present invention converts a random binary sequence into a random integer, and determines whether the corresponding random integer falls within a preset integer interval. Further, if it is determined that the random integer generated from the random binary sequence does not fall within the preset integer interval, the present invention repeatedly updates a random binary sequence until a random integer falling within the corresponding integer interval is obtained, thus outputting uniformly distributed random integers which fall within the preset integer interval.




e

Level-two encryption associated with individual privacy and public safety protection via double encrypted lock box

Computationally implemented methods and systems are described herein that are designed to, among other things, receiving a level-one encrypted output of a surveillance device; encrypting at least a part of the level-one encrypted output of the surveillance device with a level-two encryption key whose decryption key is inaccessible by a level-two encryption entity; and transmitting a level-two encrypted output of the surveillance device.




e

Image forming apparatus

An image forming apparatus includes a memory unit configured to store image data, a mode detecting unit configured to detect a transition from a first operating mode to a second operating mode, and an encryption unit configured to encrypt the image data in the memory unit based on the transition.




e

SPS authentication

Method and apparatus for SPS authentication, for example for use with GPS, are disclosed. The method may include receiving a first set of Y codes from a plurality of satellites, generating authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites, and generating an authentication response according to authentication decisions generated for the satellite channels.




e

Apparatus and method for address privacy protection in receiver oriented channels

Disclosed is a method for address privacy protection for a first wireless device sharing a privacy key with a second wireless device. In the method, a first resolution tag is generated at the first wireless device using a pseudo-random function with the seed value and the privacy key as input arguments. The privacy key is only known to the first and second wireless devices. A privacy address is generated for the first wireless device based on the seed value and the first resolution tag. A packet is transmitted from the first wireless device to the second wireless device. The packet includes the privacy address and the first resolution tag.




e

Methods and apparatus for base station assisted peer discovery through aggregation of expressions

A method, an apparatus, and a computer program product for wireless communication are provided in which a UE is equipped to generate an expression associated with a wireless device for use in a peer discovery signal, generate an expression set from the expression, a first temporal frequency, and a first time duration, and transmit the generated expression set to a base station to allow the base station to broadcast each of the expressions included in the expression set at the first temporal frequency over the first time duration. Another method, apparatus, and computer program product for wireless communication are provided in which a base station is equipped to receive an expression set from a wireless device, process the received expression set to determine each of one or more instances of an expression, and transmit each of the one or more instances of the expression.




e

Managing encryption keys in a computer system

A method and apparatus is disclosed for managing encryption keys in a computer system in which in response to the change of a system key the old key and new key are both maintained for subsequent use.