Abstract: A procedure for the control of applications stored in a user's subscriber identity module (SIM) in a data communication system that includes a data communication network, a terminal device connected to the data communication network and to which the subscriber identity module is connected, and an application control server that is connected to the data communication network. The subscriber identity module contains a stored application that makes use of the data communication network and that is used by way of the terminal device. A key list comprising one or more application-specific keys is stored in the user's subscriber identity module, and a corresponding key list is also stored in the application control server which is operable to control applications stored in the subscriber identity modules of multiple users of the network.

Abstract: A method of access control to a protected remote access server. The method includes receiving signals transmitted on a modem connection, determining in the physical layer whether the received signals include predetermined identification signals, and allowing the modem connection to be established with the protected remote access server only if the received signals include the predetermined identification signals.

Abstract: An information processor is installed onboard a seagoing vessel that has at least one onboard system, e.g., a weapon system, to carry out a mission that is defined by instructions originating at a remote location, e.g., mission data updates (MDU) data. The information processor is programmed to receive unencrypted data related to the mission. A secure communications terminal has a first hardwire connection to a public switched telephone network (PSTN) and a second hardwire connection to the information processor. The secure communications terminal receives encrypted data related to the mission over the first hardwire connection, converts the encrypted data to unencrypted data and supplies the unencrypted data over the second hardwire connection.

Abstract: Disclosed is a computer-readable medium containing program instructions for configuring a first computer so that a first telephony client on the first computer may securely communicate with a second telephony client on a second computer via a communication path. The computer-readable medium includes computer code for inserting a security algorithm within the communication path. The security algorithm facilitates secure communication between the first and second telephony clients such that more than a single type of telephony client may be implemented. In a specific embodiment, the security algorithm is inserted within the first computer's operating system kernel.

Abstract: The securing of a telephone link between the two subscriber sets is established on the basis of encryption keys transmitted over the service channel (D) of the ISDN network whether the link be established on the switched telephone network (PSTN) or on the Internet network (NSTN). A server verifies the identifiers of the subscriber taps (PA1, PA2) and stores the encryption keys.

Abstract: An authentication system of a terminal on a public switched telephone network provides a security node associated with a local exchange and a network terminal. For one-way authentication, the terminal responds to a call initiation by sending a unique authentication code comprising a number and a secret key encrypted according to a first algorithm, the secret key being specific to the terminal. The security node constructs the expected authentication code from the number, using the first algorithm and a second key which is a function of a terminal identification number, and compares the expected code with the received code. In two-way authentication, the security node responds to the call initiation by sending a transaction number to the terminal encrypted according to a second algorithm. The terminal generates the authentication code as a function of the first algorithm, the secret key and the transaction number. The authentication code is sent back to the security node.

Abstract: A plurality of Integrated Devices are provided with an Internet connection and a telephone number. The telephone number has associated telephone connectivity via a telephone line, such that the Integrated Devices can be connected to by dialing the associated telephone number via telephones on the Public Switched Telephone Network (PSTN). The Internet connection has an associated Internet protocol (IP) address which is dynamically assigned when one device calls the telephone number of a called device via the PSTN. The dynamically assigned IP address for a first one of the calling or called device is provided to the other device, which initiates an Internet connection between them by sending an Internet message to the dynamically assigned IP address of the first device. Local and intermediate proxy servers perform dynamic IP address management, providing privacy and security for user IP addresses and data transmissions.

Abstract: In a network, a media coordination system provides secure multimedia communication channels in a collaborative network environment. The media coordination system provides automatic encryption, dynamic interconnection of streams of data, and user interface elements that provide users with control over the ultimate destination of their audio and video data. The infrastructure of the system includes a plurality of client workstations that are connected to a central server using point-to-point network connections. The central server maintains a persistent virtual world of network places with objects located therein. Streams of audio and video data are coordinated between client workstations operating in the persistent virtual world by a key manager object using channels, transmitters, and receivers. The client workstations multicast their audio and video data over the network to defined recipients after receiving a multicast address and an encryption key for a specific multicast channel.

Abstract: In accordance with a first aspect, a method for operating an electronic device adapted to be electronically coupled to at least one microprocessor based device and prevent unauthorized access to data exchanged between the at least one microprocessor based device and other microprocessor based devices, the method including: in a first mode, establishing a secure point-to-point communications session with another like device and receiving security data from the other like device, the security data being associated with an intended recipient microprocessor based device; and, in a second mode, receiving the data from an originating one of the at least one microprocessor based devices, encrypting the data using at least the received security data and sending the encrypted data to the originating microprocessor based device.

Abstract: The preferred embodiments described herein provide a method and system for calling line authenticated key distribution. In one preferred embodiment, an authentication key is provided to a calling party if the calling party is phoning from a calling line associated with an authorized user. This preferred embodiment provides a more secure authentication key distribution method as compared to the prior art since preventing an unauthorized user from gaining access to an authorized user's calling line is more feasible and reliable than attempting to prevent an unauthorized user from obtaining an authorized user's password. Other preferred embodiments are provided, and each of the preferred embodiments described herein can be used alone or in combination with one another.

Abstract: A telephone disconnect system having a current-sensitive relay which automatically operates to electrically connect the telephone lines to the telephone network when the cradle switch of the telephone is closed, and which automatically operates to electrically disconnect the telephone lines from the telephone network when the cradle switch is open thus providing protection against the use of a cradled telephone as a clandestine listening device.

Abstract: Method and system for updating an encryption key used for the encryption of a password in a telephone exchange system comprising a telephone exchange (LE), a maintenance center (SC), a first database (DB1) containing user-specific information, and a second database (DB2) containing the encryption methods used and the associated encryption keys. The user information contains data indicating the encryption key used last and the password encrypted using this encryption key. When the user is logging on in the system, the encryption key last used data is compared with the current encryption key data. If these differ, the user is identified by the password encrypted with the encryption key used last, and the encryption key last used data is updated with the current encryption key of the telephone exchange system, and the encrypted password is updated to make it consistent with the current encryption key.

Abstract: An object-based security framework provides automatic caller chain building to track the identity of upstream callers. An application developer can define impersonation settings declaratively using a graphical interface. At runtime, logic outside the application objects handles the caller chain and impersonation, relieving the developer from having to incorporate impersonation logic into the application. A group of special identities are permitted to provide identities of others without themselves being recorded in the chain when the chain traverses a method invocation queue. The framework supports a copy style for the chain to support various caller scenarios. Additionally, a minimum authentication level can be enforced throughout the chain. The caller chain can be used in conjunction with roles, and objects may consult the chain programmatically to enforce a custom security scheme.

Abstract: A method for initiating a security and billing feature request at the beginning or during an active telephone call. The telephone subscriber can select one of a plurality of security levels that may be required to ensure privacy during a call. Since each level of security is based on a different encryption and authentication algorithm, the levels of security can be incrementally priced. Thus, selecting an algorithm which is deemed to be very secure can be billed to the subscriber at a higher rate than an algorithm that is deemed to be less secure.

Abstract: Systems, methods, and computer-readable medium for securely transmitting data (400) between at least two access systems (300, 320) via a switch system (310). Through the use encryption keys and the switch system (310) acting a central switch, any two access systems are able to securely transmit data (400) between them. The present invention can be implemented by means of an application proxy (1000), a secure connection enabled application, or application program interfaces.

Abstract: A technique for performing compression, encryption and transmission, and reception, decryption and decompression, respectively, of data communication packages on an area network.

Abstract: Secured connections are provided over a telephone access network using encryption/decryption equipment installed at a customer's premises and at a network facility. For outbound calls, the access network is secured before the destination number or any other critical information is sent over the access network. Inbound calls are routed through a secure center to prevent the identification of the calling party and to secure these communications over the access network. By providing encryption/decryption equipment at the network facility, the system provides secured connections over the access network regardless of whether the remote party is secured. The system also may be configured to provide end-to-end secured connections.

Abstract: An encryption device for a telephone having a handset and a base unit is disclosed. The device includes a handset interface, a first converter, an encryption processor, a second converter, and a host interface. The handset interface receives analog output signals from the handset. The first converter converts the analog output signals into digital output signals. The encryption processor includes a compressor, a key manager, an encryptor, and a modulator. The key manager generates key material for encrypting the digital output signals. The compressor compresses the digital output signals, the encryptor encrypts the digital output signals based on the key material, and the modulator modulates the encrypted digital output signals. The second converter converts the encrypted digital output signals into encrypted analog output signals. The host interface receives the encrypted analog output signals from the encryption processor, and forwards the encrypted analog output signals to the base unit.

Abstract: The circuit uses a current sensing device that is controlled by the telephone line current. The telephone lines are connected to the contacts of a push-button switch, and a diode bridge is connected across contacts of the switch. Further, the circuit has a DC slow-release relay that is located across the output of the diode bridge. The telephone lines are also connected to the relay contacts of the DC slow release relay. A capacitor is placed across the telephone lines, and another capacitor is placed between the diode bridge and one of the relay contacts of the DC slow-release relay. The two capacitors act to shunt any radio frequencies that occur in the circuit as a result of an attempt to obtain information by RF saturation techniques.

Abstract: A method and system for secure cable modem initialization in a data-over-cable system is provided. The method includes sending a unique identifier, such an Internet Protocol (“IP”) address and a selected time-value, such as an approximate message send time-value, in a registration request message. A message integrity check value is calculated using the unique identifier, the selected time-value and one or more configuration parameters in a pre-determined order. The message integrity check value is added to the registration request message. A cable modem termination system receives the registration request message and uses the message integrity check value to authenticate the message and determine if the registration request message was sent within a pre-determined period of time (e.g., 1 second) from a recognized cable modem. If not, the registration request message is discarded and a log file entry is added to a log file with information from the registration request message (e.g.

Abstract: An interactive bi-directional telecommunication method using a handheld low power user device to access a host computer server along a telecommunication path, and to command the host computer server to transmit audio and/or visual reports to the user device. A system for host computer ordering of consumer products and services using the telecommunications method and handheld low power user device.

Abstract: Objects such as master keys or object protection keys that are kept in a protected environment of a crypto module are securely transferred between modules by means of transport keys. The transport keys are generated by public key procedures and are inaccessible outside the modules. Master keys are encrypted under the transport key within the protected environment of the source module, transmitted in encrypted form to the target module, and decrypted with the transport key within the protected environment of the target module. Object protection keys that are encrypted under a first master key kept in the protected environment of the source module are decrypted with the first master within the protected environment of the source module before being encrypted under the transport key. The object protection keys are encrypted under a second master key within the protected environment of the target module after being decrypted with the transport key.

Abstract: A method of loading commands (C1, C2, . . . ) in a security module (2) of a terminal (1) is disclosed. The method comprises the steps of: a station (4) transferring the commands (C1-Cn) to the terminal (1), the terminal (1) transferring the commands (C1-Cn) to the security module (2), the security module (2) executing the commands (C1-Cn), the terminal (1) selectively recording actual results (R1'-Rm') of the executed commands (C1-Cn), and the transfer means (3) transferring the results (R1'-Rm') back to the station (4). The commands may have associated expected results (e.g. R1), which the terminal (1) may compare with the actual results (e.g. R1' ). This allows both a flexible loading of data in the security module (2) by means of commands and a remote check of the functioning of the security module.

Abstract: A communication apparatus (100) provides an interface between a cellular encryption and decryption apparatus (150) and a telephone line (91) allowing for communication of secure data of the telephone line using a regular telephone (70). The communication apparatus (100) provides for the receipt of incoming secure data in an unattended data mode, and also allows the telephone to be used in either a secure mode or clear mode. The communication apparatus monitors the telephone line (91) for secure tones while operating in the clear mode. When a secure tone is detected, the communication apparatus (100) breaks the path between the PSTN (90) and the telephone (70) and routes the signals to the cellular encryption and decryption apparatus (150) to establish a secure call.