Abstract: A robust header compression (ROHC) controller provides for service flow processing of a ROHC channel in a WiMAX wireless communication system. The ROHC controller controls the negotiations of the MS ROHC capabilities during its registration and the negotiations of the ROHC channel parameters during ROHC enabled service flow setup; the MS ROHC capabilities including ROHC compression and decompression capabilities and ROHC channel and feedback strategies; the channel parameter negotiation covers the ROHC profile set and feedback channel information in addition to the 16e/12D standard. The ROHC controller receives a service flow request for a ROHC enabled service flow, wherein the request includes a QoS profile.

Abstract: Methods for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location are provided. A security device is registered by installing private security software on the security device that generates an asymmetrical encryption key pair including an encryption key and a decryption key. The encryption key is stored only on the security device and the decryption key is stored only on a remote server. Embodiments of the present invention provide increased security by not storing the encryption key on the remote server so that attackers stealing data from the server cannot pretend to a user having the registered security device. A corresponding system for authenticating a security device is also provided.

Abstract: A method and system for automatically generating a new password from user selected characters via key press which are different from the user selected characters. Each key of a keypad can be entered within one or more contexts, manually selected by the user or automatically selected by the described system, such that the same key press within one context provides a unique code different than the same key press within another context. The code corresponding to the proper combination of a key press, the contexts of the selected key press, and the sequence of entry must match the previously stored code set by the user. Context selection is not based on any of the possible key presses selectable on the keypad. Therefore if the password characters are discovered without the context for each character, then it becomes difficult to access the content. The newly generated password can be the same length as the originally entered password, or can be longer or shorter in length than the originally entered password.

Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.

Abstract: System and method for providing access to remote computing services in an application server are described, where the authentication and authorization processes are separated, excluding service access privileges from the authenticating process and transferring the privileges to the authorization process. A client device and a user are authenticated, and upon successful authentication, the authorization process is performed, including establishing an authorization connection between the client device and the server computer; at the server computer, detecting and verifying the authorization connection; and upon successful verification, allowing access of the client device to the service on the server computer.

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract: Within an access services network (ASN) operable for providing wireless access services to an access terminal and including a base station communicatively coupled to an ASN gateway, a new management protocol is provided for managing the R6 communications. The protocol includes a common set of message types that may be used for data plane, control plane, and individual peer applications communicating over the control plane. In one embodiment, a keepalive procedure or process is used to manage the R6 interface between the ASN gateway and the base station by sending keepalive messages through an established data path tunnel and maintaining one or more keepalive timers.

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract: This invention provides a method, system and apparatus for providing service flow identifier (“SFID”) mobility in a wireless network, which includes generating a structured service flow identifier, the structured service flow identifier having a service flow identifier field and a service flow granularity field, and establishing a level of service flow identifier mobility for the mobile station based on the structured service flow identifier. The structured service flow identifier can further include a multicast field.

Abstract: Within an access services network (ASN) operable for providing wireless access services to an access terminal and including a base station communicatively coupled to an ASN gateway, a new management protocol is provided for managing the R6 communications. The protocol includes a common set of message types that may be used for data plane, control plane, and individual peer applications communicating over the control plane. In one embodiment, a keepalive procedure or process is used to manage the R6 interface between the ASN gateway and the base station by sending keepalive messages through an established data path tunnel and maintaining one or more keepalive timers.

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.

Abstract: A two-level authentication system is described supporting two-factor authentication that offers efficient protection for secure on-line web transactions. It includes a global unique identity (UID) provided either by an institute-issued/personal trusted device, or based on client computing platform hardware attributes, and generated using institution authorized private software, institution-authorized authentication proxy software, and an institution-generated credential code which is pre-stored in the token and only accessible by the institute-authorized authentication proxy software. The institution-authorized authentication proxy software uses the user's PIN and the trusted device's UID as input and verifies the user and device identities through institution-generated credential code which was pre-stored in the trusted device.

Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.

Abstract: A robust header compression (ROHC) controller provides for service flow processing of a ROHC channel in a WiMAX wireless communication system. The ROHC controller controls the negotiations of the MS ROHC capabilities during its registration and the negotiations of the ROHC channel parameters during ROHC enabled service flow setup; the MS ROHC capabilities including ROHC compression and decompression capabilities and ROHC channel and feedback strategies; the channel parameter negotiation covers the ROHC profile set and feedback channel information in addition to the 16e/12D standard. The ROHC controller receives a service flow request for a ROHC enabled service flow, wherein the request includes a QoS profile.

Abstract: Within an access services network (ASN) operable for providing wireless access services to an access terminal and including a base station communicatively coupled to an ASN gateway, a new management protocol is provided for managing the R6 communications. The protocol includes a common set of message types that may be used for data plane, control plane, and individual peer applications communicating over the control plane. In one embodiment, a keepalive procedure or process is used to manage the R6 interface between the ASN gateway and the base station by sending keepalive messages through an established data path tunnel and maintaining one or more keepalive timers.

Abstract: Within an access services network (ASN) operable for providing wireless access services to an access terminal and including a base station communicatively coupled to an ASN gateway, a new management protocol is provided for managing the R6 communications. The protocol includes a common set of message types that may be used for data plane, control plane, and individual peer applications communicating over the control plane. In one embodiment, a keepalive procedure or process is used to manage the R6 interface between the ASN gateway and the base station by sending keepalive messages through an established data path tunnel and maintaining one or more keepalive timers.

Abstract: Alice generates a sequence of key bits forming an initial cryptographic key. Alice then uses the sequence of key bits and a sequence of cipher bits to control respective control parameters of a quantum encoding process applied to a sequence of quantum pulses, where the sequence of cipher bits used is known to Bob. Alice then releases the encoded pulses towards Bob over a quantum channel. Bob uses the previously agreed-upon sequence of cipher bits to control a control parameter, such as the quantum basis, of a quantum detection process applied to the pulses received from Alice, thus producing a detection outcome for each received pulse. Bob then derives a final cryptographic key from the detection outcomes. Because the cipher bits used to select the quantum bases used by both Alice and Bob are known by both parties, the method allows the final cryptographic key to be distributed with full basis alignment compared to 50% for BB84, thus allowing efficient quantum key distribution over multiple hops.

Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.

Abstract: A transmitter classifies quantum pulses into supervisory pulses and message pulses, and assigns each message pulse to a message bit. Each message pulse is then encoded using a coding base randomly selected from a set of coding bases, and with a polarity relative to the coding base that depends on the value of the corresponding message bit. Supervisory pulses are encoded using a coding base different from the coding bases in the aforementioned set. The encoded pulses are sent to a recipient over a quantum channel. The transmitter also informs the recipient of the positions of the supervisory pulses. The recipient detects the pulses relative to a locally selected coding base, producing a zero-click, a one-click or a two-click.