Abstract: A security management approach that combines network security management with application layer or software service security to address the threat of internal network security attacks. The invention is directed to a method for enhancing network security on a computer network. Data access privileges relating to users and services are interpreted, network access rules are determined based on the interpreted privileges, and network message traffic is monitored and filtered based on the determined network access rules. The interpreting, determining, monitoring, and filtering are performed at a network layer responsible for controlling how a network device gains access to the network, such as the Media Access Control (MAC) layer.

Abstract: A wireless computer network includes a backbone network including backbone network nodes authenticated to each other and in communication with each other. The wireless computer network also includes a master authenticator node and a proxy authenticator node among the backbone network nodes. When an unauthenticated new node requests authentication to the backbone network and the unauthenticated new node is in communication with at least one of the backbone network nodes, the at least one of the backbone network nodes becoming the proxy authenticator node for the unauthenticated new node and communicates with the master authenticator node to authenticate the unauthenticated new node to the backbone network.

Abstract: A wireless computer network includes a backbone network including backbone network nodes authenticated to each other and in communication with each other. The wireless computer network also includes a master authenticator node and a proxy authenticator node among the backbone network nodes. When an unauthenticated new node requests authentication to the backbone network and the unauthenticated new node is in communication with at least one of the backbone network nodes, the at least one of the backbone network nodes becoming the proxy authenticator node for the unauthenticated new node and communicates with the master authenticator node to authenticate the unauthenticated new node to the backbone network.

Abstract: A scheduler and a method schedule available power and bandwidth to users. Equations for a continuous bandwidth allocation of a total bandwidth, and/or a continuous power distribution of a total power, are set up using Lagrangian multipliers to include constraints in a function that is maximum when a fair capacity is maximum. The continuous bandwidth allocation and/or the continuous power distribution represent sets of values corresponding to users that maximize the function. The equations are solved using waterfilling methods, wherein the continuous power distribution is determined for a previously determined bandwidth allocation, and/or the continuous bandwidth allocation is calculated for a previously determined power distribution.

Abstract: A computer-based system securely transmitting and authenticating a transaction input by a user while retaining the anonymity of the user with respect to content of the transaction, including a device encoding the content of the transaction input by the user with a key known only to another device, encoding other portions of the transaction with another key known only to a secure transaction server, and sending the encoded content of the transaction and the encoded other portions of the transaction to the secure transaction server to authenticate an identity of the user of the device, wherein the secure transaction server decodes the other portions of the transaction and sends the encoded content of the transaction to the another device to be finally decoded.

Abstract: A mobile phone system and method of initializing, at a secure transaction server (STS), a mobile payment software with a software authentication parameter, as an authentic mobile payment software; providing an STS correlation between a personal identification entry (PIE) and the authentic mobile payment software; installing, in a mobile phone, the authentic mobile payment software; and inputting, by a user, the PIE to the installed authentic mobile payment software to generate according to the PIE and the software authentication parameter a transformed secure authenticable mobile phone cashless monetary transaction over the mobile phone network, as a mobile phone wireless wallet of the user of the mobile phone. The mobile phone authenticable cashless monetary transaction is performed according to an agreement view(s) protocol.

Abstract: A system for conducting an agreement between two parties relying on a trusted a third party includes a first party generating a first view of the agreement and transmitting the first view of the agreement to the third party, a second party independently generating a second view of the agreement and transmitting the second view of the agreement to the third party, a wireless network connecting the first party and the second party, and a wired or wireless network connecting the second party to the third party. The trusted third party, receives the first view of the agreement and the second view of the agreement, verifies conditions including that the identities of the parties that transmitted the agreements and that the independent views of the agreement are consistent with each other, and takes action to execute the agreement if the conditions are satisfied.

Abstract: Methods and systems provide a secure transaction server (STS); provide an authentic point of sale (POS) device, according to a first authentication parameter of the STS; provide an authentic mobile purchasing device, according to a second authentication parameter of the STS; provide a short-range communication method between the POS device and the mobile purchasing device; correlate by the STS a personal identification entry (PIE) and the authentic mobile purchasing device; transmit, by the POS device, a time dependent transformed secure POS authenticable POS purchase action to the STS; input the PIE to the mobile purchasing device to transmit a time dependent transformed secure user authenticable POS purchase action to the POS device via the short-range communication method; and approve, by the STS, the POS purchase action for the POS device and for the mobile purchasing device, according to the authentic POS device, and according to the authentic mobile purchasing device and the STS correlating of the PIE a

Abstract: Available bandwidth and power for users demanding real time and non-real time data traffic are scheduled, while maximizing proportional fairness for the users over a plurality of time slots, and meeting quality of service constraints for real time data traffic users. The Lagrangian multipliers are used to define a function which includes the proportional fair capacity over the plurality of time slots, and the total power, the total bandwidth, and rate of the real time users' constraints. A maximum of the function is determined for each time slot by binary searching two parameters while observing the total power and total bandwidth. An optimal allocation of the bandwidth and power for the time slot is calculated using the two parameters.

Abstract: A pay-per-connection system is coupled to a network service provider and to a client computer. The pay-per-connection system receives payment and a passcode from a user, determines duration of use based on the payment, and provides access by the client computer to the network service provider based on the payment and the passcode without advance sign-up by the user with the network service provider.

Abstract: Pervasive security is provided by a combination of physical interfaces and network interfaces to a service to a user includes establishing by the user's client device network connectivity to the service, transmitting by the service an identifier to the user's client device, determining by the service whether the user enters the identifier into the service in physical proximity to the service, and invoking the service once the user has entered the identifier into the service while in physical proximity to the service. The service can provide indication that the service has been granted by sending a control page to the user's client device.

Abstract: A method, and an apparatus performing the method, is provided by authenticating a mobile device communicably connectable to a wireless network by an authentication parameter from a secure transaction server (STS), as a mobile device authenticator; providing an STS correlation between a personal identification entry (PIE) and the mobile device authenticator; and inputting, by a user, the PIE and a provider action, to the mobile device authenticator to transmit a transformed secure user authenticable authorization request to the STS over the wireless network to authorize an action with a provider.

Abstract: A method of migrating across link technologies on an IP-based subnet while maintaining on-going communication comprises selecting a link, and notifying interested hosts of the address of the selected link. A mobile computing devices migrates across link technologies on a subnet while maintaining on-going communication and comprises a link migration module selecting a link, and notifying interested hosts of the address of the selected link, and a dynamic MAC to IP binding module binding a MAC address to an IP address based upon the selected link. A computer-readable medium storing a program which when executed by a computer causes the computer to execute the functions of migrating across link technologies on a subnet while maintaining on-going communication, comprising selecting a link, and notifying interested hosts of the address of the selected link. The migration is executed within the mobile computing device and does not entail modification to the other components of the network.

Abstract: A computer system, a method of a computer system and a computer-readable medium securely transmit and verify a multiparty agreement. The method, the computer system, and the computer readable medium include developing and transmitting views of the multi-party agreement by each party to a separate verification party. The verification party authenticates the participants and determines whether the views of the agreement are mutually consistent, and notifies the partys of the results of the comparison.

Abstract: A method for conducting a purchasing agreement for goods and services between a consumer and a merchant through a trusted a third party and using a wireless network includes generating, by the consumer, a first view of the agreement and transmitting the first view of the agreement to the third party, generating, independently by the merchant, a second view of the agreement and transmitting the second view of the agreement to the third party, and receiving, by the third party the consumer view of the agreement and the merchant view of the agreement, verifying identities of the merchant and the consumer and that the details of the independently generated views of the agreements are consistent and taking action to execute the purchasing agreement if the conditions are satisfied. The third party includes a Secure Transaction Server.

Abstract: A scheduler and a method schedule available power and bandwidth to users. Equations for a continuous bandwidth allocation of a total bandwidth, and/or a continuous power distribution of a total power, are set up using Lagrangian multipliers to include constraints in a function that is maximum when a fair capacity is maximum. The continuous bandwidth allocation and/or the continuous power distribution represent sets of values corresponding to users that maximize the function. The equations are solved using waterfilling methods, wherein the continuous power distribution is determined for a previously determined bandwidth allocation, and/or the continuous bandwidth allocation is calculated for a previously determined power distribution.

Abstract: Available bandwidth and power for users demanding real time and non-real time data traffic are scheduled, while maximizing proportional fairness for the users over a plurality of time slots, and meeting quality of service constraints for real time data traffic users. The Lagrangian multipliers are used to define a function which includes the proportional fair capacity over the plurality of time slots, and the total power, the total bandwidth, and rate of the real time users' constraints. A maximum of the function is determined for each time slot by binary searching two parameters while observing the total power and total bandwidth. An optimal allocation of the bandwidth and power for the time slot is calculated using the two parameters.

Abstract: Disclosed is a protocol used by wireless stations sharing a single wireless channel. When a local station senses a communication between remote stations using the channel, the local station estimates whether its local transmissions would disrupt this on-going remote communication. To estimate, the local station forms capture models of the remote stations. From the capture models, the local station determines if its local transmission would prevent each remote station from capturing the signal from the other remote station. If the local transmission would not disrupt the remote communications, the local station transmits its message over the channel at the same time the remote stations use the channel. The local station performs the estimation using parameters of the remote stations. The stations could share their parameters by including them in headers of frames. The protocol can be implemented as an enhancement to the IEEE 802.11 standard.

Abstract: A computer system for conducting purchase transactions using wireless communication between a consumer and a merchant includes a consumer operated mobile device, a merchant operated device, a trusted secure transaction server (STS) device, one or more payment service devices, a wireless communication network in communication with the consumer device and the merchant device, a communication network in communication with the merchant device and the STS device, and a communication network in communication with the STS device and the payment service devices. The consumer device, merchant device and secure transaction server device are capable of executing the Secure Transaction Protocol.

Abstract: A system for conducting an agreement between two parties relying on a trusted a third party includes a first party generating a first view of the agreement and transmitting the first view of the agreement to the third party, a second party independently generating a second view of the agreement and transmitting the second view of the agreement to the third party, a wireless network connecting the first party and the second party, and a wired or wireless network connecting the second party to the third party. The trusted third party, receives the first view of the agreement and the second view of the agreement, verifies conditions including that the identities of the parties that transmitted the agreements and that the independent views of the agreement are consistent with each other, and takes action to execute the agreement if the conditions are satisfied.