Abstract: To perform a restricted action, such as access a restricted content item, a subordinate user account can transmit a permission request to an authorizing user account. The permission request can request authorization from the authorizing user account to perform the restricted action. The permission request can be transmitted to one or more client devices of the authorizing user account, and enable to the authorizing user account to remotely select to approve or deny the permission request, thereby either granting or denying the subordinate user account from performing the restricted action. In addition to approving or denying a permission request, an authorizing user account can also be enabled to ignore a permission request, thereby allowing the authorizing user account to respond to the permission request at a later time. Further, in some embodiments, an authorizing user account can select to deny all further permission requests to perform the restricted action.

Abstract: Systems and methods are provided for sending and receiving encrypted submessages. Messages could be partitioned into a plurality of submessages based on the content of a message, and such submessages could be individually encrypted and sent over a network. The partitioning could be based on various standards and/or heuristics. In the sending process, submessages could be designated to travel over different networks and networks of different types. Such submessages could then be received and reassembled in spite containing overlapping content with respect to each other, having to contend with copies of submessages, and having accompanying related content (e.g., advertisements) and non-related content (e.g., random bits). Moreover, the sending process could also be performed in real time or in a batched manner, depending on the implementation.

Abstract: A radio communication apparatus includes a control unit that, if a radio access bearer (RAB) for a circuit switching domain is reconfigured between a dedicated channel (DCH) and enhanced uplink dedicated channel/High Speed Downlink Packet Access (E-DCH/HSDPA) and an RAB corresponded to RAB information exists as an established RAB and there exists no transparent mode (TM) radio bearer for a core network (CN) domain included in an information element of CN domain identity (ID), and at least one TM radio bearer is included in an information element of radio bearer (RB) information to setup, calculates a start value that is used on a new RAB.

Abstract: A method is provided for installing a security-relevant portion of an application made available by an application provider in a security element of a terminal. The terminal requests the application from the application provider and receives the application. Subsequently, the received security-relevant portion of the application is transmitted to a trustworthy instance administrating the security element. The trustworthy instance subsequently installs the security-relevant portion of the application in the security element.

Abstract: Anonymity and confidentiality of information published from a microblogging platform, are preserved using randomly chosen relays (not related to the publisher account) in order to hide content in the cloud of published messages. The information can be relayed in clear text or in encrypted format. Additional linked relays may be used to overcome character number limitations imposed by the microblogging platform, with the longer full text of the original message reconstructed at the conclusion of the process. Depending upon the desired degree of confidentiality, complexity of the relay combination can be adjusted, and the path secretly shared among sender and authorized recipient. Only authorized recipient(s) can obtain (through another platform) the path combination to reach the message. A trusted third party stores the path relays and authorizations to access the path. The confidential information that is to be shared, may remain on the microblogging platform spread randomly over anonymous accounts.

Abstract: A system and method for maintaining privacy of a user's telephone number is disclosed. The method provides a means by which a user A may prefer to exchange her contact number with another user B. The contact number is encrypted by user A and passed on to the mobile phone of user B. In the phonebook of user B, the contact number of user A is stored in encrypted format. Further, when user B initiates a call to user A, the encrypted number is sent to the network. At the MSC of user B, the number is decrypted and a call is established with user A. When user A calls user B, user A's number is encrypted at user B's MSC. This is transmitted to user B, where it is compared with the already encrypted number in the phonebook. The matching name of user A is then displayed.

Abstract: Disclosed herein is a commodity infrastructure operating system that manages and implements the resources and services found in the heterogeneous components of the common infrastructure. The infrastructure operating system managing one or more services residing within an operating system image of a partition. The infrastructure operating system capable of providing a service of a first partition's operating system to a second partition's operating system when the second partition is in need of the service.

Abstract: The present disclosure is directed to an end-to-end secure communication system wherein, in addition to encrypting transmissions between clients, communication-related operations occurring within each client may also be secured. Each client may comprise a secure processing environment to process encrypted communication information received from other clients and locally-captured media information for transmission to other clients. The secure processing environment may include resources to decrypt received encrypted communication information and to process the communication information into media information for presentation by the client. The secure processing environment may also operate in reverse to provide locally recorded audio, image, video, etc. to other clients. Encryption protocols may be employed at various stages of information processing in the client to help ensure that information being transferred between the processing resources cannot be read, copied, altered, etc.

Abstract: A radio communication apparatus includes a control unit that, if a radio access bearer (RAB) for a circuit switching domain is reconfigured between a dedicated channel (DCH) and enhanced uplink dedicated channel/High Speed Downlink Packet Access (E-DCH/HSDPA) and an RAB corresponded to RAB information exists as an established RAB and there exists no transparent mode (TM) radio bearer for a core network (CN) domain included in an information element of CN domain identity (ID), and at least one TM radio bearer is included in an information element of radio bearer (RB) information to setup, calculates a start value that is used on a new RAB.

Abstract: Systems and methods for call forwarding in a telecommunications network are described herein. A request to update a call forwarding number associated with a subscriber in the telecommunications network is provided. The request includes a phone number of an active mobile device, which is located within geographic proximity to a subscriber mobile device. The active mobile device is associated with a priority level.

Abstract: Aspects of the present invention provide a mechanism to utilize IMS media security mechanisms in a CS network and, thereby, provide end-to-end media security in the case where the media traffic travels across both a CS network and a PS network.

Abstract: An apparatus and method for establishing a communication connection between a first party and a second party using a secured communication connection object are provided. With the apparatus and method, a first party generates the secured communication connection object by setting parameters identifying and limiting the use of the secured communication connection object for establishing communication connections with the first party. These parameters are encapsulated with contact information for the first party such that the contact information is encrypted. The resulting secured communication connection object is then transmitted to a second party's communication device.

Abstract: Provided are methods and systems of using division-free duplexing (DFD) in a cable communication network. Techniques for applying DFD in a cable communication network may enable data to be transmitted and received over a coaxial cable without using division duplexing techniques. For example, the cable communication network may include DFD enabled network nodes and each subscriber to the cable network may be equipped with a DFD system configured to operate in a DFD mode. In some embodiments, oppositely propagating signals may be transmitted over one frequency channel, and DFD techniques may be used to recover originally transmitted signals. Further, in some embodiments, DFD techniques may be used with encryption methods to increase the security of data transmitted in the cable communication network.

Abstract: A Trusted Routing Point (TROP) generates a signaling message that includes an authorization token used to authorize a firewall to open a pinhole. The signaling message contains a first indicator that indicates whether a data field in the signaling message represents a source address of a media flow. The signaling message also includes a second indicator that indicates whether the firewall should derive the source address of the media flow from the data field. The authorization token is generated using a one-way hash function over information that may be included in the signaling message, including the first indicator and the second indicator.

Abstract: In one embodiment, a method, system and apparatus for recording audio is provided so that the recording can be authenticated. The system may be implemented as a central server that is accessed via one or more lines for audio communication, or as a stand-alone unit. The system operates by encrypting communicated data (e.g., audio signals), storing the encrypted information, and providing at least one user with a key that can be used to decrypt the stored information.

Abstract: Systems and methods for secure recording in a customer center environment are provided. The system receives data related to a communication at a media distribution device. A key is provided by a key server to the media distribution device to encrypt the received data. In addition, an identifier may be associated with the received data. The key and the identifier are stored in a database associated with the key server. The encrypted data is recorded the a recorder, where it is accessible to authorized users within the customer center. Upon request, the key is provided to the authorized user to decrypt the encrypted data for play back. The customer center environment may include a user interface for viewing customer contacts. The contact may be organized into folders and annotations associated with the customer contacts may be received.

Abstract: Secure telephone devices, systems and methods are provided for carrying out secure communications utilizing a telephone device that includes cryptographic storage and processing components, the cryptographic processing components including intercepting and injecting capabilities for intercepting an incoming signal, cryptographically processing the signal and injecting the system for delivery to the output of the telephone device, wherein the system and method may utilize the telephone operating system, and wherein embodiments are provided where an exchange component regulates the cryptographic information so that users engaging in secure cryptographic communications do not need to provide encryption key information to each other.

Abstract: Systems and methods for secure recording in a customer center environment are provided. The system receives data related to a communication at a media distribution device. A key is provided by a key server to the media distribution device to encrypt the received data. In addition, an identifier may be associated with the received data. The key and the identifier are stored in a database associated with the key server. The encrypted data is recorded the a recorder, where it is accessible to authorized users within the customer center. Upon request, the key is provided to the authorized user to decrypt the encrypted data for play back. The customer center environment may include a user interface for viewing customer contacts. The contact may be organized into folders and annotations associated with the customer contacts may be received.

Abstract: There is provided an encryption apparatus including an idle data inserting unit that takes input of a frame including a fixed-length header and a variable-length payload and an encrypting unit that receives an output of the idle data inserting unit. If the length of a block to be processed, included in the payload, is less than a predetermined value, the idle data inserting unit appends idle data following the block and transmits the frame including the block padded with the idle data to the encrypting unit.

Abstract: Systems and methods for secure recording in a customer center environment are provided. The system receives data related to a communication at a media distribution device. A key is provided by a key server to the media distribution device to encrypt the received data. In addition, an identifier may be associated with the received data. The key and the identifier are stored in a database associated with the key server. The encrypted data is recorded the a recorder, where it is accessible to authorized users within the customer center. Upon request, the key is provided to the authorized user to decrypt the encrypted data for play back. The customer center environment may include a user interface for viewing customer contacts. The contact may be organized into folders and annotations associated with the customer contacts may be received.

Abstract: Systems and methods of preventing an Internet service provider from identifying a stream of data packets as carrying a voice over Internet protocol telephony communication can make use of encryption techniques to prevent the Internet service provider from examining the content of the data packets. Also, multiple communications channels may be established between a telephony device and elements of an IP telephony system. A stream of data packets bearing the media of an IP telephony communication is then separated into sub-streams, and each sub-stream is sent through a different one of the communications channels. This prevents an Internet service provider from identifying a stream of data packets as bearing the media of an IP telephony communication based on a pattern in the data traffic.

Abstract: A small form-factor security device is provided that may be inserted in series with a telephone line to encrypt dual tone multi-frequency (DTMF) tones from a telephone to prevent unauthorized disclosure of sensitive information. A receiving device decrypts the encrypted DTMF tones to receive the original information sent by the telephone. The security device acts as a second factor in a two-factor authentication scheme with a tele-services security server that authenticates the security device.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: The radio communication system of the present invention includes a radio access network (10) and a radio communication apparatus (60). The radio communication apparatus (60) includes a control unit (61) that, when reconfiguring a radio access bearer between a DCH and an uplink line E-DCH and downlink line HSDPA, sets a start value that is to be used after the reconfiguration in ciphering the radio access bearer, and a transceiver (62) that transmits to the radio access network (10) the start value that was set in the control unit (61) and that is to be used after the reconfiguration.

Abstract: A communication device receives secure communication frames on which a security transform has been performed to permit authentication. The communication device maintains an authentication history and a local time varying parameter. In multi-hop communication, the communication device provisionally verifies the freshness of a received secure communication frame by verifying that identifying information extracted from the frame is not already present in the authentication history and that a received time varying parameter extracted from the frame is not older than the local time varying parameter by more than a certain margin. If these freshness tests both pass, the frame is authenticated. If authentication succeeds, the frame is transmitted on the next hop without performance of a new security transform.

Abstract: A reach back secure communications terminal includes a digital PBX adapter that offers immediate and secure voice, data and video connectivity over any of various commercially available PBX systems. In addition to use with a PBX system, integrated components simplify access to varied networks allowing deployed users to select and connect quickly to a network that best supports their present mission. Commercial or optional NSA Type 1 encryption may be implemented. Networking options include any of PSTN, PBX, GSM (or CDMA or other cell telephone standard), SAT, IP and WiFi. The digital PBX adapter includes an audio mixer that converts a 4-wire input from a handset jack of a PBX handset base, into a 2-wire output destined for an encryption unit (FNBDT). The user determines a necessary gain of the audio mixer for the particular PBX system by trial and error using a multi-position switch.

Abstract: A method for pre-accessing a conference telephone is disclosed in the present invention. The method includes that: a network side detects a received call whose target is a main control party after the main control party initiates an encryption conference telephone; the call is not accessed if the call is a non-encryption conversation; the call is allowed to be accessed if the call is an encryption conversation. A system for pre-accessing a conference telephone is also disclosed in the present invention, wherein, the system includes a pre-accessing processing unit and a call type detection unit of the network side. A network side device is also disclosed in the present invention. The present invention realizes the pre-accessing of the encryption conference telephone, thereby improving security of the encryption conversation as well as avoiding the problem that a user is frequently affected when performing the encryption conference telephone.

Abstract: A communication system providing point to point data encryption including one or more mobile end points, each mobile end point includes mobile equipment and an encryption module. The communication system also includes a network, a first gateway coupled to a Private Branch Exchange (PBX) telephone system, and a second gateway coupled to a Public Switch Networking System (PSTN). The PBX telephone system is connected to a telephone, a conference service and a voicemail service, and the PSTN is connected to a telephone. The network interconnects the one or more mobile end points, first gateway and the second gateway. The first gateway and second gateway each include an encryption module to provide seamless data encryption.

Abstract: A method includes receiving, via a network, a request to provision and provide a private key, the private key being for use with a public and private key system. The method further includes identifying a requester that has made the request via the network and initiating a secure session with the requester. The method also includes providing the private key using the secure session, and provisioning the private key. A system is provided including a distribution location providing access to a network, a terminal selectively connected to the network via the distribution location. The system further includes a network authority selectively connected to the network and the terminal, and a certificate authority selectively connected to the network. The certificate authority is configured to provide and provision a private key, and the network authority is configured to selectively provide a secure session between the terminal and the certificate authority.

Abstract: Sensitive, Standard Telephone Equipment (STE) data is encapsulated into IP packets in a remotely deployed, secure communication system. The IP packets are addressed to a matching IP encapsulator/decapsulator device over the public Internet or other IP protocol network, that then passes it to a similar STE device over an ISDN link for decryption. The present invention is embodied in a system that provides secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, to a remote user. Most importantly, the embodiment allows for the routing of bulk encrypted (i.e., secure) data over a public network, e.g., the Internet.

Abstract: Techniques are described for the use of a cryptographic token to authorize a firewall to open a pinhole which permits certain network traffic to traverse firewalls. An initiating endpoint requests a token from a call controller, which authorizes a pinhole though the firewall. In response, the call controller may generate a cryptographic authorization token (CAT) sent towards the destination endpoint. The call controller may generate the token based on an authorization ID associated with the call controller, a shared secret known to both the call controller and the firewall, and data specific to the media flow for which authorization is requested.

Abstract: A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.

Abstract: A cryptographic system (500) that includes a data stream receiving device (502) configured for receiving a modified data stream representing data entries encrypted using a chaotic sequence of digits. The system also includes user processing device (503, 505) configured for receiving user access information specifying an initial value for the chaotic sequence of digits and data field location information associated with selected ones of the data entries. The system further includes a synchronized pair of chaotic sequence generators (300) coupled to the user processing devices configured for generating encryption and decryption sequences based on the initial value and the data field location information. The system additionally includes an encryption device (504) and a decryption device (506) coupled to the chaotic sequence generators and the data stream receiving device, the decrypter configured for generating an output data stream from the modified data stream by applying the decryption sequences.

Abstract: Another feature provides an efficient encryption method that safeguards the security of encrypted symbols. Each plaintext symbol is encrypted by using a separate pseudorandomly selected translation table. Rather than pre-storing every possible permutation of symbols as translation tables, the translation tables may be efficiently generated on-the-fly based on a pseudorandom number and a symbol shuffling algorithm. A receiving device may similarly generate reverse translation tables on-the-fly to decrypt received encrypted symbols.

Abstract: A system and method for real-time network communications provides a session identifier as a public key for group communication between clients, and provides a channel identifier representing a private key for each of a plurality of clients. The channel identifier includes client-specific attributes, which function to indicate grouping criteria for the group communication. A dynamic communication link is created over a network between a client and a service based upon the public and private key combination such that group communication is enabled based upon the attributes of the private key and the public key. Communications are translated using a translation service which employs the attributes associated with the private key and the public key combination to provide response information in a designated language to enable multi-lingual real-time communications.

Abstract: A controlling device provides conditional access to secured content renderable by an appliance. The controlling device transmits a data frame to the appliance and encrypts at least a part of the data frame that includes data to be used by the appliance to provide access to the secured content. At the appliance a decryption key complimentary to the encryption key is used to decrypt the received the data frame. The appliance allows the secured content to be rendered only after the appliance determines that the data in the received, decrypted data frame includes the data the appliance requires to provide access to the secured content.

Abstract: In some embodiments, a call forking dynamic key exchange system may include one or more of the following features: (a) a memory comprising, (i) a dynamic key exchange program that allows a caller to initiate a call having a security request to multiple subscribers and selecting at least one subscriber who answers the call, and (b) a processor coupled to the memory that executes the dynamic key exchange program.

Abstract: A system of Quality of Service signaling in an IP cable telephony system includes encrypting Quality of Service signals and sending them, instead of directly from an Internet Protocol Digital Terminal to a Cable Modem Termination System, indirectly via Broadband Telephony Interface serving a telephony device. The Broadband Telephony Interface, which lacks the encryption and decryption keys, includes the encrypted Quality of Service signaling message in a signaling message it transmits to the Cable Modem Termination System when requesting a change in access to network resources. The Cable Modem Termination System attempts to decrypt the Quality of Service signaling message; and it controls access to network resources in accordance with the contents of the Quality of Service signaling message if it is able to decrypt it. This system reduces the number of signaling messages and network resources needed for call processing while providing security against denial-of-service attacks.

Abstract: Disclosed are a cellular phone terminal having built-in wireless LAN, a cellular phone system and a privacy protection method therefore that enable to prevent leakage of private information (or privacy) of the user of the cellular phone terminal from the communication data when conducting a search for wireless LAN base stations. The cellular phone terminal 10 comprises, in addition to the cellular phone function section 11, a cellular phone network transmitter/receiver section 14, a wireless LAN transmitter/receiver section 13 and a wireless LAN connection control section 12, an SSID•MAC address management section 15 connected to the wireless LAN connection control section 12 and the cellular phone network transmitter receiver section 14.

Abstract: A secure communications system has at least one processor and a control bus. A number of ports, each having a different fixed address, are coupled to the control bus. The processor assigns each port the address of another port whose data the port is permitted to receive when placed on a system data bus by the other port. A time slot generator outputs each fixed port address sequentially during corresponding time slots in a recurring manner, and a time slot bus is coupled to the time slot generator and to each of the ports. The ports are configured so that (a) when a given port detects its fixed address on the time slot bus, it writes desired outbound data on the data bus, and (b) when the given port detects its assigned port address on the time slot bus, the given port reads data off the data bus.

Abstract: A multi-user e-mail messaging system is described that is interfaced through the Internet and includes a first user group sharing a first server, which first server is interfaced to the Internet. In this system, after an e-mail message has been originated by an originating user of the first user group, the e-mail message is directed onto an e-mail enhancement path, and additional content is added to the e-mail message using the e-mail enhancement path to produce an enhanced e-mail message. Thereafter, the enhanced e-mail message from the e-mail enhancement path to the intended recipient. In one feature, the path taken by an incoming e-mail message is different from an outgoing path taken by an e-mail message sent from the first user group. The outgoing path defined to the intended recipient includes the enhancement path.

Abstract: A method for establishing a communication session between two endpoints that do not both support secure media includes receiving a registration from a first endpoint. The registration indicating the first endpoint supports secure media and non-secure media. The method also includes receiving a registration from a second endpoint. The registration indicating the second endpoint supports non-secure media. The method also includes receiving a request to establish a communication session between the first endpoint and the second endpoint using secure media. The method further includes establishing the communication session between the first endpoint and the second endpoint via the communications platform using non-secure media.

Abstract: Authentication information (125) obtained by a device (100) at one level of a transformation sequence is securely communicated to another device (200) at another level of the transformation sequence. To assure that the communicated authentication information (125) is not merely a copy of previously communicated authentication information, each communication (145) includes an item (255) that the receiving device (200) can verify as having been recently generated.

Abstract: Provided is a method for setting a security channel between an OLT and at least one ONU in an EPON. In detail, a channel is generated by which the OLT makes a reciprocal security capability agreement with the ONU that wants to set a security channel in a discovery interval and then automatically registers the ONU with the security capability agreement. The security channel is set by which the OLT distributes an encryption key for the security with the ONU completed with the security capability agreement. A renewal point of the encryption key is shared by transmitting a message indicative of a time to change the encryption key between the OLT and the ONU both completed with the encryption key distribution.

Abstract: The specification discloses a method of doing business over the public Internet, particularly, a method which enables access to legacy management tools used by a telecommunications enterprise in the management of the enterprise business to the enterprise customer, to enable the customer to more effectively manage the business conducted by the customer through the enterprise, this access being provided over the public Internet. This method of doing business is accomplished with one or more secure web servers which manage one or more secure client sessions over the Internet, each web server supporting secure communications with the client workstation; a web page backplane application capable of launching one or more management tool applications used by the enterprise.

Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticated data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.

Abstract: A system and method for a terminal adapter including a telephony station interface, a data communications interface, and a processing unit. The processing unit is configured to establish a first connection over the data communications interface and a second connection over the telephony station interface. The processing unit is configured to communicate secure information between the first connection and the second connection. The processing unit includes a V.150 internetworking function, an Assured Services Session Initiation Protocol (AS-SIP) stack and/or a Datagram Transport Layer Security (DTLS)/Secure Real-time Transport Protocol (SRTP) stack.

Abstract: Secure telephone devices, systems and methods are provided for carrying out secure communications utilizing a telephone device that includes cryptographic storage and processing components, the cryptographic processing components including intercepting and injecting capabilities for intercepting an incoming signal, cryptographically processing the signal and injecting the system for delivery to the output of the telephone device, wherein the system and method may utilize the telephone operating system, and wherein embodiments are provided where an exchange component regulates the cryptographic information so that users engaging in secure cryptographic communications do not need to provide encryption key information to each other.

Abstract: A method and an apparatus for implementing a card call service are disclosed in embodiments of the present invention. The method includes: obtaining card information of a user terminal when determining that a call initiated by the user terminal is a card call; providing a card call service for the user terminal when determining, according to the card information, that the card call is supported. It can be seen that NGN may provide a user terminal with a card call service when the user terminal initiating a card call has the card information which may support a card call, so that the satisfaction of users is remarkably improved.

Abstract: A method and apparatus are disclosed for efficiently scrambling one or more bytes of data according to DSL standards on a processor. This is achieved by providing an instruction for scrambling one or more bytes of data according to the DSL standards. Accordingly, the invention advantageously provides a processor with the ability to scramble data with a single instruction thus allowing for more efficient and faster scrambling operations for subsequent modulation and transmission.