Abstract: Master and slave Bluetooth-enabled devices communicate with other by sending messages using a carrier frequency that is constantly hopping from one frequency to another. In the prior art, each frequency in the sequence of frequencies, known as a hopping sequence, is determined as a known function of the master's Bluetooth address (BD_ADDR) and a universal time parameter. A computer-strong eavesdropper who is listening to one or more frequency bands over a period of time and within range of a user's piconet could determine the BD_ADDR of the user's device by comparing a detected hopping sequence with the hopping sequence associated with each possible BD_ADDR. Once the BD_ADDR of a user's device is determined, the user's location can thereafter be tracked as he moves from location to location using that device.

Abstract: An exponentiation operation or other computational task associated with a cryptographic protocol is performed in a secure distributed manner using multiple machines, e.g., a client device and multiple servers of a computer network. The computational task is transformed by an originator machine before being sent to one or more external servers for execution. The transformation may include replication and dependency operations to provide robustness to errors in the computations performed by the external servers, and blinding and permutation operations to provide privacy for secret information associated with the computational task. The transformed computational task is executed by the one or more external servers, and the results of the transformed computational task are transmitted back to the originator machine. The originator machine transforms the results of the transformed computational task in a manner which permits verification that the one or more results are appropriate results for a given input.

Abstract: A repeatable cryptographic key is generated based on varying parameters which represent physical measurements. Locations within a share table, which locations store valid and invalid cryptographic shares, are identified as a function of received varying parameters. The share table is configured such that locations which are expected to be identified by legitimate access attempts contain valid cryptographic shares, and locations which are not expected to be identified by legitimate access attempts contain invalid cryptographic shares. The share table configuration may be modified based on prior history of legitimate access attempts. In various embodiments, the stored shares may be encrypted or compressed. A keystroke feature authentication embodiment uses the inventive techniques to implement an authentication system which authenticates based on an entered password and the manner in which (e.g. keystroke dynamics) the keystroke is entered.

Abstract: Rather than including a static network descriptor in messages transmitted between master and slave Bluetooth-enabled devices communicating on a piconet, which network descriptor is computed as a known function of the master's Bluetooth address (BD_ADDR), the network descriptor is changed each time a new session beings on one of the devices. This prevents an intentional eavesdropper, who may be in proximity to the piconet and who may be listening for and detecting the network descriptor included within these messages, from associating a detected network descriptor with a particular device of a user and thereafter using that network descriptor to track the location of the user who is carrying and using that device. The network descriptor, the channel access code (CAC), is changed each time a new session begins by computing it as a known function of a seed and the master's BD_ADDR, wherein the seed is a random number chosen at the beginning of each new session by the master.

Abstract: An exponentiation operation or other computational task associated with a cryptographic protocol is performed in a secure distributed manner using multiple machines, e.g., a client device and multiple servers of a computer network. The computational task is transformed by an originator machine before being sent to one or more external servers for execution. The transformation may include replication and dependency operations to provide robustness to errors in the computations performed by the external servers, and blinding and permutation operations to provide privacy for secret information associated with the computational task. The transformed computational task is executed by the one or more external servers, and the results of the transformed computational task are transmitted back to the originator machine. The originator machine transforms the results of the transformed computational task in a manner which permits verification that the one or more results are appropriate results for a given input.

Abstract: Rather than including a static network descriptor in messages transmitted between master and slave Bluetooth-enabled devices communicating on a piconet, which network descriptor is computed as a known function of the master's Bluetooth address (BD_ADDR), the network descriptor is changed each time a new session beings on one of the devices. This prevents an intentional eavesdropper, who may be in proximity to the piconet and who may be listening for and detecting the network descriptor included within these messages, from associating a detected network descriptor with a particular device of a user and thereafter using that network descriptor to track the location of the user who is carrying and using that device. The network descriptor, the channel access code (CAC), is changed each time a new session begins by computing it as a known function of a seed and the master—s BD_ADDR, wherein the seed is a random number chosen at the beginning of each new session by the master.

Abstract: Rather than including a static network descriptor in messages transmitted between master and slave Bluetooth-enabled devices communicating on a piconet, which network descriptor is computed as a known function of the master's Bluetooth address (BD_ADDR), the network descriptor is changed each time a new session beings on one of the devices. This prevents an intentional eavesdropper, who may be in proximity to the piconet and who may be listening for and detecting the network descriptor included within these messages, from associating a detected network descriptor with a particular device of a user and thereafter using that network descriptor to track the location of the user who is carrying and using that device. The network descriptor, the channel access code (CAC), is changed each time a new session begins by computing it as a known function of a seed and the master's BD_ADDR, wherein the seed is a random number chosen at the beginning of each new session by the master.