Abstract: A method involving a communication device, which comprises sending a request to a communication device; receiving a response from the communication device over a local communication path; deriving a received data set from said response; determining at least one data set that had been previously transmitted to the communication device over a wireless portion of a second communication path different from the local communication path; and validating the response based on the received data set and the at least one previously transmitted data set.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded.

Abstract: A system and method for access control is provided. In one embodiment, a system includes a computing device connected to an access server that controls the ability of the computing device to access to a computing resource, such as the Internet. The access server connects to an activation server via a network. The activation server is operable to receive a request for to generate a certificate for the computing device from the activation server. The activation server is operable to generate the certificate and embed a unique identifier of the computing device and/or the access server and/or the like inside the certificate. Once generated, the certificate is installed in the computing device. When the computing device initiates a request to access the computing resource, the computing device initially sends the certificate to the access server.

Abstract: A security system and method is provided. In an embodiment, a personal integrated circuit (“PIC”), is provided that can be presented to a laptop computer. The PIC includes a digital certificate personal to an authorized user and is operable to automatically install the certificate on the laptop computer once presented into the computer and once the user enters a valid password respective to the PIC. At this point, the laptop presents the certificate to a server via a network, and the certificate is checked for validity. If valid, the user is then permitted to log into the server. Having logged into the server, the user can remain logged in even as the PIC is removed and presented to different computing devices that are also able to connect to the server via the network. Typically, the user is only able to access the server through the computing device to which the PIC is attached.

Abstract: A method, comprising: obtaining a signature from a contactlessly readable tag; decrypting the signature with a key to obtain (i) a candidate identifier and (ii) a scrambling code associated with the signature; and validating the candidate identifier based on at least one of the scrambling code and the signature. Also, a system, comprising: at least one tag reader configured to receive a plurality of signatures released by a respective plurality of tags, including a particular signature released by a particular one of the tags, and to cause decryption of the particular signature with a key to obtain (i) a candidate identifier, and (ii) a scrambling code associated with the signature; and a processing entity configured to effect validation of the candidate identifier based on at least one of the scrambling code and the signature.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

Abstract: A method, comprising: obtaining a signature from a contactlessly readable tag; decrypting the signature with a key to obtain (i) a candidate identifier and (ii) a scrambling code associated with the signature; and validating the candidate identifier based on at least one of the scrambling code and the signature. Also, a system, comprising: at least one tag reader configured to receive a plurality of signatures released by a respective plurality of tags, including a particular signature released by a particular one of the tags, and to cause decryption of the particular signature with a key to obtain (i) a candidate identifier, and (ii) a scrambling code associated with the signature; and a processing entity configured to effect validation of the candidate identifier based on at least one of the scrambling code and the signature.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

Abstract: A method for execution in a communication device, which comprises accessing an identifier stored in a memory; receiving a first data set and a second data set over a first communication path; generating a first signature from the identifier and the first data set; generating a second signature from the identifier and the second data set; responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and responding to a subsequent request by releasing a second response including the second signature over the local communication path.

Abstract: Method and adapter apparatus for securing information exchanged between a calling party and a called party. A first signal is generated, which is representative of an analog probe signal. The first signal is released towards the called party. Responsive to receipt from the called party of a second signal responsive to the analog probe signal and indicative of an ability of the called party to participate in a secure information exchange, negotiations are performed with the called party to securely exchange subsequent information with the called party. In this way, the adapter apparatus can securely exchange information without prior knowledge of whether the called party is secure-capable or secure-incapable and without prior knowledge of whether the called party is a POTS phone or a packet-switched device.

Abstract: A method for execution by a device, which comprises: generating a first signature by encrypting an identifier of the device together with first additional data; generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data; releasing the first signature to identify the device on a first occasion; and releasing the second signature to identify the device on a second occasion. Also, a device, which comprises: a memory storing an identifier of the device; a processing entity configured to generate a plurality of different signatures encoding the identifier and to store the signatures in the memory; and a transmit/receive entity configured to identify the device on respective occasions by releasing individual ones of the signatures.

Abstract: A method that comprises obtaining a currently received signature from a device; obtaining a candidate identifier associated with the device; consulting a database to obtain a set of previously received signatures associated with the candidate identifier; and validating the currently received signature based on a comparison of the currently received signature to the set of previously received signatures associated with the candidate identifier. Also, a method that comprises obtaining a currently received signature from a device; decrypting the currently received signature to obtain a candidate identifier; and a candidate scrambling code; consulting a database to obtain a set of previously received scrambling codes associated with the candidate identifier; and validating the currently received signature based on a comparison of the candidate scrambling code to the set of previously received scrambling codes associated with the candidate identifier.

Abstract: A method which comprises generating a first signature by encoding an identifier with a first additional data set at a first time instant; responding to a first read request from a tag reader by releasing the first signature; generating a second signature by encoding the identifier with a second additional data set at a second time instant, the second additional data set being different from the first additional data set; and responding to a second read request by releasing the second signature. Also, a method which comprises obtaining a signature from a contactlessly readable tag; decrypting the signature with a key to obtain a candidate identifier and a scrambling code associated with the signature; and validating the candidate identifier based on at least one of the scrambling code and the signature.

Abstract: A method, comprising: receiving an encrypted signature from a tag associated with an item; determining a dynamic parameter; obtaining a key based at least in part on the dynamic parameter; decrypting the signature with the key to obtain an identifier; and performing an action related to identification of the item, based on the identifier. Also, a system, comprising: a tag reader configured to receive an encrypted signature from a tag associated with an item; and a processing entity configured to (i) determine a dynamic parameter; (ii) obtain a key based at least in part on the dynamic parameter; (iii) decrypt the signature with the key to obtain an identifier; and (iv) perform an action related to identification of the item, based on the identifier.

Abstract: A method, comprising: obtaining a signature from a contactlessly readable tag; decrypting the signature with a key to obtain (i) a candidate identifier and (ii) a scrambling code associated with the signature; and validating the candidate identifier based on at least one of the scrambling code and the signature. Also, a system, comprising: at least one tag reader configured to receive a plurality of signatures released by a respective plurality of tags, including a particular signature released by a particular one of the tags, and to cause decryption of the particular signature with a key to obtain (i) a candidate identifier, and (ii) a scrambling code associated with the signature; and a processing entity configured to effect validation of the candidate identifier based on at least one of the scrambling code and the signature.

Abstract: An arrangement of goods, comprising: a plurality of units of an article, the units equipped with respective contactlessly readable tags; each of said tags comprising a respective memory configured to store a respective signature; the signatures stored in the memories of said tags appearing scrambled relative to one another when read by a reader. Also, a method, comprising: contactlessly reading a first signature from a first tag affixed to a first unit of an article; contactlessly reading a second signature from a second tag affixed to a second unit of the same article, the second signature appearing scrambled relative to the first signature; decrypting the first signature with a key to reveal (I) an identifier associated with the article and (II) a first scrambling code; and decrypting the second signature with the same key to reveal the same identifier and a second scrambling code different from the first scrambling code.

Abstract: A method, comprising: acquiring candidate data in association with a request for accessing a resource, said candidate data comprising first data and second data; processing said first data with a first key in an attempt to effect decryption of said first data, thereby to obtain first processed data; processing the second data with a second key in an attempt to effect decryption of said second data, thereby to obtain second processed data; and granting said request if a pre-determined portion of said first processed data is derivable from said second processed data. The method may further comprise extracting from said first processed data a group identifier and said pre-determined portion of said first processed data, and effecting a comparison of said group identifier to a reference group identifier in order to conclude whether said first data has been successfully decrypted based on an outcome of said comparison.

Abstract: A method and system for providing secure access to a device initiating communications using a peer-to-peer signaling protocol, such as a SIP or H.323. In a device registration phase, the device contacts a secure access server, and authenticates to the secure access server by providing an identification, such as its factory ID. The secure access server then issues a device ID and private key to the authenticated device. A client can then initiate a further communication session and be authenticated by the secure access server. The secure access server returns the device identification and the device's public key to the client. The client and device can then perform a symmetrical key exchange for their current communication session, and can communicate with appropriate encryption. The device's private key can be set to expire after one or more uses.

Abstract: A validation phase is performed at an RFID reader, in order to ascertain which of a plurality of potential candidates for authentication, are actual candidates for authentication. Once a candidate has been successfully validated, an authentication phase is initiated with a host computer, to determine whether the information presented by the candidate matches expected information about the candidate. If the authentication is considered successful, a final authorization procedure may be performed, or the authenticated candidate may be granted certain predetermined permissions. By performing the validation phase locally at the reader, the need for accessing a host computer is reduced and unnecessary queries to the host computer are avoided.