Abstract: Embodiments of a system and method for interactive barcode communication are described. In one embodiment, a mobile device presents a barcode to an information or transaction receptacle associated with the point of entry device. One embodiment provides for a method of transmitting data from an unconnected point of access device using an interactive barcode communication system on a mobile device, where the method comprises accessing a set of data on a point of access device, wherein the point of access device is unconnected from a data network with access to a central system database; dividing the set of data into multiple sections; incorporating the multiple sections into scan images for display during per-user transactions at the point of access device; and displaying the point of access data along with per-user transaction data during an interactive barcode communication transaction.

Abstract: A method for the personalization of an integrated circuit card, includes: simulating a downloading of a single image corresponding to a fixed part of personalization data of the integrated circuit card; simulating an execution of a sequence of personalization commands for the integrated circuit card to generate a set of personalization data; combining the set of personalization data with the single image to obtain a card image comprising the fixed part of personalization data and the set of personalization data; encrypting the card image to obtain an encrypted single image; and downloading the encrypted single image in a memory of the integrated circuit card.

Abstract: A method of personalizing a security document, which includes a processing method performed by a processing device in order to prepare personalization of a security document. The method includes obtaining personalization data, encrypting the personalization data by using diversification data associated with the security document so as to produce encrypted data, and transmitting the encrypted data to a personalization device. The encrypted data enables the device to personalize the security document by using the encrypted data and the diversification data. Also described is a method of personalizing a security document by means of such a personalization device, as well as devices that employ the methods.

Abstract: Systems and methods for obtaining authentication vectors issued, for use by a mobile communication terminal, by a Home Location Register (HLR) that serves a cellular communication network independently of any cooperation with the cellular network. Further to obtaining the authentication vectors, a terminal is caused to communicate over a WiFi WLAN using an encryption key derived from the obtained authentication vectors, e.g., per the EAP-SIM or EAP-AKA protocol. Since the encryption key is known, communication from the terminal is decrypted. The authentication vectors may be obtained by (i) an “impersonating” Visitor Location Register (VLR) server that does not serve the cellular network; (ii) an interrogation device which, by imitating a legitimate base station serving the cellular network, solicits the mobile communication terminal to associate with the interrogation device; or (iii) an SS7 probe, which obtains authentication vectors communicated from the HLR server to other entities on the SS7 network.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Embodiments herein achieve a method for authenticating access in a mobile wireless network system. The method includes receiving by an Extensible Authentication Protocol (EAP) authenticator an EAP packet encapsulated from an access terminal over a high rate packet data radio link and a signaling interface through a radio access network. The EAP packet is encapsulated over at least one of a Non-Access Stratum (NAS) interface, a Radio Resource Control (RRC) interface and a N1 interface.

Abstract: Example implementations relate to application access based on a network. For example, a computing device may include a processor. The processor may detect that the computing device is connected to a particular network and may identify an identifier associated with the particular network. The processor may access settings indicating a subset of applications associated with the identifier of the particular network, where the subset of applications is part of a set of applications available on the computing device. The processor may restrict access to the subset of applications based on the settings.

Abstract: In a method for parameterizing an electrical device, a communication link is set up between a user unit and a computation apparatus. The latter provides a parameterization program for parameterizing the electrical device. The user unit is used to record settings made at the user end that affect the electrical device, and the recorded settings are used to form setting values for parameterizing the electrical device. A parameterization file containing the setting values is produced for the electrical device. In order to be able to perform parameterization of electrical devices, in particular electrical devices that are used in automation installations in a safety-critical environment, in a comparatively simple and inexpensive manner, the parameterization program for parameterizing the electrical device is executed by the computation apparatus and a user interface for the parameterization program is displayed by the user unit.

Abstract: A method and an apparatus of verifying a terminal are provided in the field of computer technology. In the method, the terminal establishes a secure channel with a server through a secure element in the terminal. The terminal sends original terminal hardware parameters in the secure element to the server through the secure channel by using the secure element, where the server is configured to feed back identification information according to the terminal hardware parameters. The terminal then determines a verification result of an authenticity of the terminal according to the identification information fed back by the server. The apparatus includes: a channel establishing module, a parameter sending module and a result determining module.

Abstract: A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed.

Abstract: A wireless communication device may include a Subscriber Identity Module (SIM) card configured to store a subscriber profile. The wireless communication device may further include logic configured to detect attachment to a wireless access network; detect a non-activated Subscriber Identity Module (SIM) card; receive a Protocol Configuration Options (PCO) message from the wireless access network; retrieve subscription status information for the SIM card from the received PCO message; determine whether the SIM card has a valid subscription based on the retrieved subscription status information; and instruct the SIM card not to initiate an activation process with a SIM Over-the-air (OTA) system, in response to determining that the SIM card does not have a valid subscription.

Abstract: Embodiments of the invention generally relate to apparatus, systems and methods for authentication, in particular, apparatus, systems and methods for authenticating an entity for computer and/or network security, secure authorization of a payment or for funds transfer and for selectively granting privileges and providing other services in response to such authentications. In addition, embodiments of the invention relate generally to apparatus, systems and methods for the communication of information between a mobile user-device and a point-of-sale device to securely provide authorization for a financial transaction.

Abstract: The “first” portable electronic entity (100) includes elements (105) for connection to a host station and a memory (120) storing instructions of an application (121) adapted to be at least partially loaded into the host station, to be executed by the host station and to collaborate with a server connected to the host station to effect the personalization of a “second” portable electronic entity (100). In embodiments, the second electronic entity is the first electronic entity. In embodiments, the application is at least partially executed by the first portable electronic entity.

Abstract: The described examples are usable in an authorized shared access system to provide a front end sub-band filter system and method that securely allows the selection of a front end sub-band filter for receiving signals in a shared radio frequency spectrum (SRFS). A controller manages allocation of communication channels in the SRFS using an encrypted signal. The encrypted signal is only decrypted by a filter controller of a filter selection system. Based on the decrypted signal, the filter controller instructs a filter switch which band pass filters are to be incorporated into a front end communication path. The encrypted signal prevents unauthorized users from accessing a communication channel, and the selection of a specific sub-band filter prevents transmitter interference into other communications channels in other sub-bands, and prevents the reception of signals or interference from other communications channels in other sub-bands.

Abstract: There is described a method of accessing a resource requiring identity authentication, the method comprising: receiving at a communications device an encrypted token in response to an identity of the communications device being authenticated over a first radio access technology; decrypting the encrypted token using the identity of the communications device; and using the decrypted token over a second radio access technology to authenticate the identity of the communications device so as to allow access to the resource via the second radio access technology.

Abstract: A mobile station can be authenticated by, for example, sending a challenge to a mobile station, and receiving a first authentication response from the mobile station through a wireless link, the first authentication response being generated based on the challenge and an authentication key stored at the mobile station. A second authentication response is generated based on the first authentication response. The second authentication response is provided to an IMS network for authenticating the mobile station to enable the mobile station to access the IMS network. In some examples, an authentication response of the mobile station is carried in an SIP message sent from the femtocell to a server that can authenticate the mobile station or forward the authentication response to another server that can authenticate the mobile station. Authentication of the mobile station can be performed as an integrated part of or separate from a registration process.

Abstract: An apparatus manages universal subscriber identity module (USIM) data in a terminal using a mobile trusted module (MTM). The apparatus includes a mobile information storage unit configured to store at least one key and the USIM data in a protection region, an information security unit configured to protect information stored in a USIM and the terminal using at least one of the USIM data and the key stored in the mobile information storage unit, and a USIM data manager configured to restore at least one of the USIM data and the key stored in the mobile information storage unit to the USIM, and store at least one of USIM data and the key provided from the USIM in the mobile information storage unit.

Abstract: A method for updating a key includes: assigning, by a network, a stipulated specific value to an authentication management field AMF and generating a corresponding authentication tuple, and sending corresponding parameters in the authentication tuple to the terminal when an authentication request is initiated to the terminal, and generating a new authentication key for use in the next authentication; generating, by the terminal, a new authentication key corresponding to the network for use in the next authentication, when the corresponding parameters are received and it is determined that the authentication for the network is passed and the authentication management field in the corresponding parameters is with the predetermined value. According to the method for updating the key according to the invention, the key may be updated conveniently without adding to or modifying the existing signaling resources or the authentication parameters, so that network security may be improved.

Abstract: A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.

Abstract: A method for registering a Smartphone when accessing security authentication device and a method for access authentication of a registered Smartphone are provided. When a Smartphone based application searches for a device and attempts an access to the found device, the search and access for the device is limited according to a result of authentication using an activation code.

Abstract: A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: Enhanced cryptographically generated addresses (ECGAs) for MIPv6 incorporate a built-in backward key chain and offer support to bind multiple logically-linked CGAs together. Enhanced CGAs may be used to implement a secure and efficient route optimization (RO) for MIPv6.

Abstract: A method, system, and medium are provided for operating a computing device and a mobile device to access computer software with a secure access and to access a packet network, and for operating a computer software on a mobile device with different computing devices. A mobile device is used to authenticate a user's access to computer software. The computer software may reside on the mobile device, the user's computing device, or another computing device. A unique identifier is stored in the mobile device associated with the computer software to enable the authentication.

Abstract: Obfuscating a message, in one aspect, may include detecting sensitive information in a message to be broadcast into public or quasi-public computer network environment; replacing the sensitive information in the message with a representation that preserves general aspects of the sensitive information and a user interface element, the user interface element for enabling a viewer of the message to request access to details of the sensitive information; and transmitting the replaced message for broadcasting into the public or quasi-public computer network environment. De-obfuscating the message, in one aspect, may include authenticating one or more viewers or receivers of the message and based on the authentication, presenting details associated with the sensitive information.

Abstract: A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorized users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium.

Abstract: A mobile telecommunications network and method of operation that includes establishing a first user plane connection between a telecommunications device registered with the network and a network gateway device of the network via a first access point; providing the telecommunications device with a token using the first user plane connection; establishing a second user plane connection between the telecommunications device and the network gateway device via a second access point by using the token information to validate the telecommunications device; and, subsequent to establishment of and corresponding to the second user plane connection, establishing a control plane connection between the telecommunications device and the network gateway device via the second access point.

Abstract: A terminal identification method is provided which enables two-way communications between terminals and a network while identifying terminal IDs and protecting privacy. Also, authentication method and system are provided which require no complicated calculating process, less steps and smaller amount for wireless communications, and less power consumption. A server and terminal share a hash function and an initial value determined for each terminal, calculate the same temporary ID by hashing the initial value the same number of times with the hash function, and identify the terminal using the calculated temporary ID. The server and the terminal also hold a common hash function and authentication information, acquire an authenticating communication parameter from communication parameters temporarily common during communication, and generate an authentication key using the authentication information, the authenticating communication parameter, and the hash function.

Abstract: Disclosed is a data processing apparatus providing a predetermined function by executing a program for the data processing apparatus, including a first storage unit that stores encoded execution starting data for starting execution of the program; a first decode key storage unit that stores a first decode key capable of decoding the encoded execution starting data; a start up unit that obtains the first decode key from the first decode key storage unit when turning on the power is accepted and decodes the encoded execution starting data by the first decode key to start executing the program; and an authentication confirmation unit that sends a request for authentication to an external apparatus after the start up unit starts executing the program and starts providing the predetermined function when obtaining an authentication result indicating the apparatus is authenticated from the external apparatus.

Abstract: The successful authenticating of a Network Access Identifier (NAI) process is enabled by an authenticating method and a mobile terminal for a Code Division Multiple Access (CDMA) EVolution to packet Data Optimized (EVDO) network.

Abstract: A method of and system for digital rights management, in which access to a piece of content is granted in accordance with a license owned by a license owner to a client who is a member of a domain. This requires successfully verifying that a membership relation exists between the client and the domain as reflected in a first state variable, and that an association relation exists between the license owner and the domain as reflected in a second state variable. Both relationships are revoked by executing an online protocol between the parties in the relationship after which both remove the corresponding state variable. The domain controller propagates the state administration relating to the domain is propagated to the client so that the client can update its state administration.

Abstract: A technique that enables a portable device to be automatically associated with a plurality of computers. Information that a computer can use to authenticate a portable device and establish a trusted relationship prior to creating an association with the portable device is created and stored in a data store that is accessible by a plurality of computers and is associated with a user of the portable device. When a computer discovers such a portable device with which it is not yet associated, the computer can identify a user logged into the computer and use information identifying the user to retrieve authentication information that is device independent and is expected to be presented by the portable device to authenticate it and allow automatic association.

Abstract: Methods and apparatus facilitate secure user subscription or registration to a service at least partly enabled in a network. The network comprises user equipment adapted to perform generic bootstrapping. A network application function provides the service. A bootstrapping server function generates a bootstrapping transaction identifier. A home subscriber system stores a user profile, comprising information relating to the user and at least one service provided by the network application function.

Abstract: A networked computer device can be customized to contain provisioning and/or authorization logic in its firmware or the firmware of one of its subcomponents. The computer device is thus configured to provision itself from a provisioning server that is identified within the firmware, and to periodically query an operations authority for continued authorization to operate with the received provisioning. Upon failure to receive authorization, the firmware may implement various security measures, such as storage protection, boot protection, communications protection, and so forth. The firmware may also implement remote reporting, to assist an investigator when a device has been lost or stolen.

Abstract: The present invention relates to communications, and in particular though not exclusively to forming a secure connection between two untrusted devices. The present invention provides a method of securely connecting a first device (A) to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb).

Abstract: Facilitation of secure over-the-air programming is provided herein. A device can store a key, which can be based on a key algorithm (K-algorithm) and an identifier associated with the device. The device can receive information such as parameter(s) and a verification number from a communications system. The verification number can be generated by using an authorization algorithm (A-algorithm) based on the parameter(s) and a K-algorithm input. The device can generate a trial verification number by using the A-algorithm with the parameter(s) and the key as trial inputs. The device can compare the verification number to the trial verification number, and in response to the verification number being at least similar to the trial verification number, the device can use the parameter(s) for programming of the device.

Abstract: An information processing terminal includes first sealed data respectively having usability conditions of matching with predetermined terminal environment information during a secure boot and second sealed data respectively having usability conditions of matching with terminal environment information upon completion of the secure boot. Upon completion of the secure boot, the second sealed data is unsealed and the first sealed data is resealed using the unsealed data. It is possible to update and re-seal sealed data having a usability condition of matching with predetermined terminal environment information during a secure boot without rebooting a terminal when a program using the sealed data is updated.

Abstract: Examples of embodiments provide systems and methods for varying the functions of an electronic device according to a physical relationship (e.g. the distance) between the electronic device and the primary user (e.g., owner) of the electronic device. The device may measure the distance using a wireless signal from a secondary device carried by or associated with the primary user. In some embodiments, the electronic device may change its functions based on its environment, in combination with the distance between the electronic device and the primary user. Environmental factors may include the device's location, the device's velocity, and the date and time of day.

Abstract: Secure access to a wireless network access can be provided in a system where wireless devices access a wireless network through a wireless access point (WAP). For example, a plurality of pre-shared keys (PSKs) may be generated and distributed to the WAP and the wireless device. The wireless device may automatically rotate an active one of the plurality of PSKs, while the WAP receives one or more rotation signals identifying the active one of the plurality of PSKs. The wireless device and the WAP may encrypt information relating to the active one of the PSKs within communications between them, thus securing the communications.

Abstract: One embodiment of the present invention provides a system that associates a digital certificate with an enterprise profile. During operation, an identity store receives a digital certificate from a client. Next, the identity store searches for a mapping rule which determines if an enterprise profile is associated with the digital certificate, wherein the enterprise profile facilitates in identifying user capabilities. If a mapping rule is found, the identity store executes the mapping rule to determine if an enterprise profile is associated with the digital certificate. If so, the enterprise profile, which is associated with the digital certificate, is returned to the client.

Abstract: An authentication apparatus includes: a database section that stores a password; an entry section through which a password is entered; a storage section that stores an entered password which is entered through the entry section; an authentication section that authenticates whether the password and the entered password match with each other; and a determining section that determines whether or not a re-entered password is to be subjected to an authentication processing performed by the authentication section when the re-entered password is entered through the entry section after the authentication section determines that the password and the entered password do not match with each other.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection.

Abstract: An image forming apparatus includes: an authentication unit that can execute a login process and a logout process; an operation unit that receives an instruction for the logout process from the user; a user attribute storage unit that stores the identification information of a non-logged-out user; a determination unit that determines whether a logged-in user, who is a user for whom the login process is executed by the authentication unit, is the non-logged-out user, based on the identification information stored in the user attribute storage unit; and a forced logout processing unit that, in a case in which the logged-in user is determined to be the non-logged-out user by the determination unit, instructs the authentication unit to execute the logout process when a predefined particular process among the plurality of processes is executed and completed by the processing unit.

Abstract: Techniques for identity-based Peer-to-Peer (P2P) Virtual Private Networks (VPN's) are provided. First and second principals authenticate to a trusted third party. The first principal subsequently requests a P2P VPN with the second principal. The second principal is contacted on behalf of the first principal and permission is acquired. The first and second principals are then sent commands to directly establish a P2P VPN communication session with one another.

Abstract: A method of supporting location privacy of a mobile station includes receiving, from a base station, a message including a temporary station identifier (TSTID) during an initial ranging procedure, wherein the TSTID is temporarily used to protect the location privacy of the mobile station; performing, with the base station, a basic capabilities negotiation procedure after the initial ranging procedure; performing, with the base station, an authentication procedure after the basic capabilities negotiation procedure; performing, with the base station, a registration procedure after the authentication procedure; and releasing the TSTID after receiving a station identifier (STID) which is assigned during the registration procedure, wherein the STID uniquely identifies the mobile station in the base station.

Abstract: A method and system is provided to analyse receiver indicia of location for a set of at least one receivers to determine whether a receiver has an erroneous indicator of location. The embodiment may take further steps to confirm whether or not inappropriate usage has occurred. The method and system includes identifying a first indicia of location for a set of one or more receivers, identifying a second indicia of location for one or more receivers from the set, and determining if the first and second indicia of location are mutually inconsistent. Indicia of location include indicators of receiver location, inventory state, communication path and definition on systems. The method and system may optionally include action to report or correct the location error.

Abstract: A method of supporting location privacy of a mobile station includes receiving, from a base station, a temporary station identifier (TSTID) during an initial ranging procedure; transmitting a registration request (REG-REQ) message requesting a registration to the base station, the REG-REQ message including a real medium access control (MAC) address of the mobile station; and receiving, from the base station, a registration response (REG-RSP) message including a station identifier (STID) assigned to the mobile station. The TSTID is temporarily used to protect a mapping between the real MAC address of the mobile station and the STID, and the TSTID is used until the STID is assigned to the mobile station.

Abstract: The present invention relates to a subscriber station security-related parameter negotiation method in a wireless portable Internet system. The subscriber station security-related parameter negotiation method includes security-related parameters in transmitting/receiving basic capability negotiation request messages and basic capability negotiation response messages such that the subscriber station and the base station negotiate the subscriber station security-related parameters. The security-related parameters include an authorization policy support subfield used to negotiate an authorization policy between the subscriber station and the base station, and message authentication code mode subfields used to negotiate a message authentication code mode.

Abstract: In order to solve the problem in that information relating to a specific purpose can be saved in the internal memory of a mobile apparatus on which a permanent memory is mounted while information relating to other purpose cannot be saved in the internal memory of the apparatus, the purpose of each telephone call is distinguished by sending a non-telephone type notice before transferring the call and thus the user can determine whether the call should be saved or not.

Abstract: Location based security rules are provided for preventing unauthorized access to a device, application, system, content, and/or network, etc. The location-based security rules enable a user, computing device, system, etc. to access the requested item or information when the user provides proper identification information. The proper identification information is based in part on the location of the user and/or the user's access request.

Abstract: The contemplated embodiments of the invention provide a method for implementing a mandatory integrity control (MIC) system that provides access control for each and every object and subject that need access control, but in a way that allows legacy operating systems to continue with little modification. The invention provides a novel method that selects an integrity level designator for a subject, when the subject logs onto the computer system. The selected integrity level designator is then added to an existing data structure in the computer system. The existing data structure may be a part of a security descriptor stored in a system access control list of an object. The existing data structure may be a part of a list of security permissions that constitute an access token for a process executing as a subject.