Abstract: A method is provided for remotely configuring a modem securely using an authentication token for use with a service provider. The method includes receiving an encrypted authentication token from the modem, the authentication token having at least one password and being encrypted according to a public key, transmitting the encrypted authentication token to an authentication server, receiving a decrypted authentication token from the authentication server, and configuring at least one modem interface at least in part using the authentication token.

Abstract: Computer-implemented systems and methods are disclosed herein for use in cryptographic operations over a cloud-based service. The cloud-based service securely stores and transmits parts of encryption/decryption keys. Split key processing can include splitting the key in two and storing one of them on a remote secure server.

Abstract: A pointing device (200) for controlling a computer user interface is presented. The pointing device has a housing (210) with a base part (212). It also has an elongate support member (12) and an elongate cursor navigation member (14), the cursor navigation member being movably arranged for rotation about the support member and translation along the support member, the cursor navigation member further being depressible with respect to the base part. A plurality of sensors (602, 604, 610) for detecting rotation, translation and depression of the cursor navigation member is provided, as is computer interface circuitry (608) for connection to a computer. A controller (606) is connected to the plurality of sensors, the controller being configured to cause transmission of data regarding rotation, translation and depression of the cursor navigation member to the computer through the computer interface circuitry.

Abstract: A method of encrypting unencrypted digital content includes measuring an analog value associated with a physical property of interested cells of a memory array; digitizing the measured analog value to generate a response key; generating an encryption key based at least on the response key; encrypting the unencrypted digital content to generated encrypted digital content based on the encryption key; and storing the encrypted digital content.

Abstract: A method and system for secure and scalable key management for cryptographic processing of data is described herein. A method of secure key handling and cryptographic processing of data, comprising receiving a request from an entity to cryptographically process a block of data, the request including a key handle, wherein the key handle includes an authentication tag and an index; authenticating the requesting entity using the authentication tag; and referencing a plaintext key from a plurality of plaintext keys using the index if the requesting entity is authenticated successfully.

Abstract: A computerized security peripheral device has a central processing unit (CPU), a power supply, a digital memory; a microphone; a speaker apparatus; first circuitry enabling wireless data transfer to and from a communication device having compatible wireless communication capability; and second circuitry executing coded instructions enabling encryption of audio input at the microphone and decryption of incoming encrypted voice data using one or more keys stored in the digital memory. The audio input at the microphone is converted to an audio data stream that is encrypted using the one or more keys, and then is provided as an encrypted stream through the first circuitry to the network-connected communication device, and wherein encrypted voice data received at the first circuitry is decrypted using the one or more keys, and the decrypted data is provided as voice date to the speaker apparatus.

Abstract: A method for secure communications between a transmitting computer (24) and a receiving computer (22) includes transmitting data from the transmitting computer over a first one-way link (28) to a data security engine (26), receiving and validating the data within the data security engine, and, after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link (30).

Abstract: A system and method for fraud prevention is provided. This system and method may comprise a web browser having form filing capabilities. This system may interact with a financial institution to request and receive a dynamic security code to be used in merchant checkout page to complete a transaction.

Abstract: A management station which manages the encryption devices in a SAN to set up encrypted LUNs. In setting up the encryption, the source and target ports are identified, along with the target LUN. LUN serial numbers used to identify unique LUNs. As paths to a given LUN are defined, the management station compares the path to existing paths and provides an indication if there is a mismatch in the encryption policies or keys being applied to the LUN over the various paths. This allows the administrator to readily identify when there is a problem with the paths to an encrypted LUN and then take steps to cure the problem. By determining the paths and then comparing them, the management station greatly simplifies setting up multipath I/O to an encrypted LUN or access by multiple hosts to an encrypted LUN.

Abstract: A method for relaying messages in a PLC network including a relay node and at least two end nodes attached to the relay node, the method including at the relay node receiving respective first probing messages from the at least two end nodes; processing the respective first probing messages to generate respective first feedback messages; broadcasting the respective first feedback messages to the at least two end nodes; wherein the first probing messages are formed as orthogonal signals and received substantially simultaneously in a first time slot, and wherein the first feedback messages are formed as orthogonal signals and broadcast substantially simultaneously in a second time slot.

Abstract: A system, comprising a primary communication path, a first communication device interfaced with the primary communication path, a second communication device interfaced with the primary communication path for communicating over the primary communication path to the first communication device, a controller for controlling the communication path between the first and second communication devices to allow or inhibit communication there over, a validation communication path, a first validation node interfaced with the validation communication path, a second validation node interfaced with the validation communication path for communicating with the first validation node over the validation communication path where in the presence of a transmission between the first and second validation nodes over the validation communication path constitutes a validation condition to control the mode of operation of the communication to be at least one of inhibiting communication over the primary communication path or allowing c

Abstract: A mobile communication device is equipped with hardware and/or software components to enable the device to output a data in a form of a radio frequency signal, emulating outputting of the data by either an active or a passive RFID transponder. The data may be a security key or an identifier. Emulation of an active RFID transponder includes facilitating selection of the data and instruction to output by a user. Emulation of a passive RFID transponder includes detecting for proximal presence of a RFID reader. Either case, provision of the data to the mobile communication device may include provision of associated signal attribute(s).

Abstract: A content filtering mechanism is enhanced to resolve conflicts in filtering rules (e.g., those created by a whitelist, on the one hand, and a blacklist, on the other hand). Preferably, a conflict between or among content filtering rules is resolved by selecting among conflicting rules based on a notion of “risk” associated with the rules. According to this risk-based approach, when two or more rules conflict with one another, the particular rule whose risk value has a predetermined relationship (e.g., aligns most closely) with a risk level associated with the application (applying the rules) then takes precedence. By selecting among conflicting rules based on risk, the potential or actual conflicts are disambiguated, with the result being that the content is filtered appropriately.

Abstract: The present disclosure relates to a repeater for power line communication, capable of preventing a ping-pong phenomenon and a loss of data packet and improving communication reliability and communication speed by allowing a power line communication terminal to add its repeater number in a received data packet for transmission, and a repeating method thereof.

Abstract: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.

Abstract: A method and apparatus for client authentication using a pseudo-random number generation system. The pseudo-random number generation utilizes a secret key as well as state information as input into the hash function to generate a pseudo-random number. The state information that is part of the input can be any number of prior generated pseudo-random numbers. The authentication allows for synchronization of the client and server by exchanging state information. The authentication is not dependent on any absolute time and consequently the client and servers are not required to maintain a reliable shared time base.

Abstract: A modem or associated computing or testing device is configured to detect the presence of one or more faults that affect DSL communications, and upon their detection, generate, for example, an indication, communication or message that recommends corrective action. In this context, a fault is generally caused by one or more unfiltered devices, impulsive noises, malfunctioning modems, or other factor that does not affect measured attenuation or measured noise, but does affect the signal-to-noise ratio (SNR) of the link. In addition to being able to generate a message guiding a user through corrective action, the system can estimate the rate impact of the detected fault.

Abstract: Nodes of a network are each provided with a seed value and a seed identifier. Each seed value has a corresponding unique seed identifier which is maintained within the system. Within each authorized node, the seed value is combined with a local node identifier, such as a serial number or other unique identifier, to form a cryptographic key that is then used by the node to encrypt and/or decrypt data transmitted and received by that node. The cryptographic key is never transmitted over the network, and each node is able to create a different cryptographic key for use in communicating with other nodes.

Abstract: A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key through calculation. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key.

Abstract: In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained by that compromise to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is resistant to collusion when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association (SA) message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data.

Abstract: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers.

Abstract: A telephone system comprising switching circuitry configured for coupling a call to a telephone extension coupled to the system, voice processing circuitry configured for automatically interacting with the call, a microprocessor, a first data bus connected between the microprocessor and the switching circuitry, and a second data bus connected between the microprocessor and the voice processing circuitry.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: There is provided a program for making a computer perform a first procedure for verifying whether an platform guaranteeing that device identification data for identifying a communication device cannot be rewritten by the user is provided in the communication device, a second procedure for verifying whether the device identification data included in a registration request received from the communication device is not yet registered, and a third procedure for registering the device identification data included in the registration request and issuing user identification data to the user when the program determines in the first procedure that the platform is provided and determines in the second procedure that the device identification data is not yet registered.

Abstract: A controlling device provides conditional access to secured content renderable by an appliance. The controlling device transmits a data frame to the appliance and encrypts at least a part of the data frame that includes data to be used by the appliance to provide access to the secured content. At the appliance a decryption key complimentary to the encryption key is used to decrypt the received the data frame. The appliance allows the secured content to be rendered only after the appliance determines that the data in the received, decrypted data frame includes the data the appliance requires to provide access to the secured content.

Abstract: A method of operating a digital program playback device, including: receiving, via a first communications network, a data stream including an encrypted data portion representative of a program; identifying, from the received data stream, an identifier associated with the program; transmitting the program identifier and a device identifier associated with the digital program playback device to an authorization device via a second communications network; receiving, via the second communications network, a decryption key in response to the transmission; and, decrypting the data stream using the decryption key and generating an output signal for playback of the program.

Abstract: Disclosed are a method and bi-directional communication device, such as a cable modem, router, bridge, or other communication device adapted to communicate via a network and having a firewall, for identifying those packets associated with inappropriate activity. The communication device includes at least one user discernable indicator associated with the firewall. The at least one user discernable indicator contemporaneously indicates that a number of packets associated with the inappropriate activity has exceeded a threshold level.

Abstract: A method for re-encrypting encrypted data in a secure storage file system, including obtaining selected data to re-encrypt from the secure storage file system using a user data access record and the encrypted data, decrypting the selected data using a symmetric key, re-encrypting the selected data using a new symmetric key to obtain new encrypted data, encrypting the new symmetric key using a public key to obtain a new encrypted symmetric key, storing the new encrypted data and the new encrypted symmetric key if the public key is associated with a file system user having read permission, and storing an encrypted hash data if the file system user has write permission.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

Abstract: Systems and methods provide for embedding white noise signals representing DTMF digits into a voice data stream.

Abstract: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: An encryption circuit for simultaneously processing various encryption algorithms, the circuit being capable of being coupled with a host system hosted by a computing machine. The circuit comprises an input/output module responsible for the data exchanges between the host system and the circuit via a dedicated bus. An encryption module coupled with the input/output module is in charge of the encryption and decryption operations. Isolation means between the input/output module and the encryption module makes the sensitive information stored in the encryption module inaccessible to the host system and ensures the parallelism of the operations performed by the input/output module and the encryption module. The circuit is supported on a peripheral component interconnect card. The circuit is specifically adapted to provide “hardware” protection of computer servers or stations.

Abstract: A method and apparatus for preventing radio communication system access by an unauthorized modem. The apparatus comprises a signal detector that determines if an authorization signal has been received from the base station within a specified period of time. The authorization signal authorizes the apparatus to communicate with the base station. A transmitter transmits information to the base station, and a controller disables the transmitter of the apparatus providing that the authorization signal has not been received within the specified period of time.

Abstract: The repeater of the present invention communicates data signals over power lines. The repeater of one embodiment includes at least one modem that receives a data packet and attempts to decrypt the data packet with a first and/or second encryption key. If the packet is successfully decrypted using the first encryption key, the packet is encrypted using the second encryption and transmitted over the power line. If the packet is successfully decrypted using the second encryption key, the packet is encrypted using the first encryption and transmitted over the power line.

Abstract: A modem and secure communications method for the modem is disclosed in which the modem is capable of storing identifying indicia unique to the modem. The identifying indicia may include graphics data such as an image of a credit card, a signature, and/or an account holder to assist in user authentication. Software stored in the modem enables transmission of the identifying indicia to a communication line. Additional embodiments and variations are also disclosed.

Abstract: An interface for facilitating facsimile transmission via a wireless communications device operatively connected to a wireless communications network, including: a modem suitable for being communicatively coupled to a facsimile machine; a controller coupled to the modem; and, a memory operatively coupled to the controller. The interface includes code to cause the modem to transmit a retrain request to the facsimile machine upon expiration of a given temporal period. The interface includes a circuit for selectively generating a ring signal corresponding to a plain old telephone service ring signal. The interface includes a circuit for selectively generating a hold signal corresponding to a plain old telephone service hold signal. And, the circuit includes code to cause the modem to transmit data indicative of white lines to the facsimile machine upon expiration of a given temporal period.

Abstract: A computer system includes a peripheral device and a processing unit. The processing unit is adapted to execute a driver for interfacing with the peripheral device in a standard mode of operation and an authentication agent in a privileged mode of operation, wherein the authentication agent includes program instructions adapted to authenticate the driver. The peripheral device may comprise a communications device, such as a software modem. A method for identifying security violations in a computer system includes executing a driver in a standard processing mode of a processing unit; transitioning the processing unit into a privileged processing mode; and authenticating the driver in the privileged processing mode. The driver may be adapted for interfacing with a communications peripheral device, such as a software modem.

Abstract: A communications system includes a physical layer hardware unit and a processing unit. The physical layer hardware unit is adapted to communicate data over a communications channel. The physical layer hardware unit is adapted to receive unencrypted control codes and encrypted user data over the communications channel and transmit an upstream data signal over the communications channel based on the control codes. The processing unit is adapted to execute a software driver for interfacing with the physical layer hardware unit. The software driver includes program instructions for implementing a protocol layer to decrypt the user data and provide the upstream data to the physical layer hardware unit. A method for configuring a transceiver includes receiving unencrypted control codes over a communications channel; receiving encrypted user data over the communications channel; and transmitting an upstream signal over the communications channel based on transmission assignments defined by the control codes.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: A communications system includes a physical layer hardware unit and a processing unit. The physical layer hardware unit is adapted to communicate data over a communications channel in accordance with assigned transmission parameters and receive an incoming signal over the communications channel and sample the incoming signal to generate a digital received signal. The processing unit is adapted to execute a standard mode driver in a standard mode of operation and a privileged mode driver in a privileged mode of operation. The standard mode driver includes program instructions adapted to extract encrypted data from the digital received signal and pass the encrypted data to the privileged mode driver. The privileged mode driver includes program instructions adapted to decrypt the encrypted data to generate decrypted data including control codes and transfer the control codes to the physical layer hardware unit.

Abstract: A modulation/demodulation device capable of operating with several types of modulation using different carrier frequencies may include a modulator which modulates at least one signal by a signal of a predetermined duration and representative of a binary information supplied by a microprocessor. The device may also include a demodulator which demodulates the modulated signals arriving from a remote site. This may be done by determining the type of modulation of the received signals and their carrier frequency (or frequencies), supplying signals from an analysis of the signals received according to the determined type of modulation, and detecting the signals of determined duration representative of binary information to make them accessible to the microprocessor.

Abstract: A system and method for maintaining privacy in transmission of a high bandwidth analog signal. A preferred system and method breaks an input signal into bands and then uses Walsh codes to overlay many signals on top of each other with a set of phase modulators to establish scrambling of the input signal. The scrambled signal is then transmitted. The received scrambled signal has the phase modulation removed and an inverse Walsh transform recovers the original bands. The recovered bands are added together to recover the original signal. The system and method use techniques that establish synchronization and phase coherency complete the process.

Abstract: Provided is a communication apparatus capable of affording an equivalent level of security for both facsimile transmission and electronic mail without the user needing to be aware of the difference between facsimile transmission and electronic mail. When document information is designated as being confidential (“YES” at S104 in FIG. 2) and transmission by E-mail is specified (S108, S109) at the time of a transmission, the document is encrypted and transmitted (S109-S111). When transmission by facsimile communication is specified (S108-S112), on the other hand, the document is transmitted utilizing a private security function (S114).

Abstract: A mobile apparatus includes a removable SIM chip card having data-processing means intended among other things for storing identification data of a subscriber in a GSM mobile radio network. The mobile apparatus has additionally at least one wireless interface integrated in the housing. The interface may be infrared or inductive. By means of this interface, the SIM card can communicate directly, without making use of the mobile radio network, with an outside device in both directions. The chip card contains additionally a communication controller to encrypt data and transmit them via the interface. The contactless interface may preferably be fed independently of the mobile apparatus.

Abstract: A portable security device for providing secure communications over a plurality of networks is presented. In one embodiment, the device comprises, at least one communication port for transfer of audio data, at least one communication port for transfer of digital data, a keypad, an encoding/decoding device, a conversion device operable to covert between audio and digital data and a processor, in communication with a memory, the keypad, the said encoding/decoding device, operable to execute code for selecting a configuration of a transmission and a reception port from among said communication ports dependent upon the presence of a network communication device and an input/output device in communication with said selected ports, providing data received from said selected reception port to said encryption/decryption device for encrypting; and providing said encrypted data to said selected transmission port.

Abstract: In accordance with a first aspect, a method for operating an electronic device adapted to be electronically coupled to at least one microprocessor based device and prevent unauthorized access to data exchanged between the at least one microprocessor based device and other microprocessor based devices, the method including: in a first mode, establishing a secure point-to-point communications session with another like device and receiving security data from the other like device, the security data being associated with an intended recipient microprocessor based device; and, in a second mode, receiving the data from an originating one of the at least one microprocessor based devices, encrypting the data using at least the received security data and sending the encrypted data to the originating microprocessor based device.

Abstract: The repeater of the present invention communicates data signals over power lines. The repeater of one embodiment includes at least one modem that receives a data packet and attempts to decrypt the data packet with a first and/or second encryption key. If the packet is successfully decrypted using the first encryption key, the packet is encrypted using the second encryption and transmitted over the power line. If the packet is successfully decrypted using the second encryption key, the packet is encrypted using the first encryption and transmitted over the power line.

Abstract: A facsimile apparatus is provided with changeover means that makes it possible to pass signals through or to bypass a coder, which encrypts transmission information, and a decoder, which decodes encrypted information that has been received. Whether or not a facsimile apparatus belonging to another party has an encrypting/decoding processing function is verified by a pre-procedure signal. If the other party's apparatus possesses an encrypting/decoding processing function, control is performed in such a manner that encrypting/decoding processing is applied solely to an image signal and a training-check signal transmitted before transmission/reception of the image signal, and encrypting/decoding processing is not applied to a procedure signal which accompanies transmission reception transmission/reception of the image signal.