Abstract: A method and system for generating a secret key from joint randomness shared by wireless transmit/receive units (WTRUs) are disclosed. A first WTRU and a second WTRU perform channel estimation to generate a sampled channel impulse response (CIR) on a channel between the first WTRU and the second WTRU. The first WTRU generates a set of bits from the sampled CIR and generates a secret key and a syndrome, (or parity bits), from the set of bits. The first WTRU sends the syndrome, (or parity bits), to the second WTRU. The second WTRU reconstructs the set of bits from the syndrome, (or parity bits), and its own sampled CIR, and generates the secret key from the reconstructed set of bits.

Abstract: A method encrypting data including selecting a pair of sequences based on a seed, performing a transposition of the data utilizing elements of a first one of the pair of sequences to produce a first transposition result, and performing a transposition of the first transposition result utilizing elements of a second one of the pair of sequences to produce the encrypted data. The pair of sequences may be selected from a pool of constrained sequences. The pool of constrained sequences may be generated utilizing a Knights Tour sequence generating system. The pool of constrained sequences may be transferred to a decrypting device for decryption of the encrypted data. The pair of sequences may be randomly generated utilizing a random integer sequence generator and the seed. The constrained indication may be constrained to a number of sequences present in the pool of sequences.

Abstract: A technique for secure delegation of calculation of a value f(X,Y) of a bilinear application in a computational server. The technique comprises selection of two secret parameters a and b; calculation of the numbers Xa and Yb; supply of the two numbers Xa and Yb to the computational server; calculation of f(Xa, Yb) by said server; receipt of the value of f(Xa,Yb) from the server; extraction of the abth root of f(Xa,Yb).

Abstract: When a PC transmits a content request to a device registration apparatus in which a permitted number of devices have already been registered, an expiration time management unit judges whether any registration information registered in a registration list management unit has an exceeded registration expiration time. If registration information with an exceeded registration expiration time is registered in the registration list management unit, the registration list management unit deletes this registration information, and newly registers registration information of the PC.

Abstract: A time stamp updating apparatus includes: a time stamp obtaining unit configured to transmit hash value calculated from certification target data to an apparatus for time stamp authority when certification target data is input, to receive time stamp data from the apparatus for time stamp authority, to relate the received time stamp data to certification target data, and stored them in an evidence data storage unit; and a time stamp verification unit configured to calculate logical OR of a validity period of the time stamp data related to certification target data, and to output a period that can go back from time of verification as a period when the certification target data can be certified.

Abstract: It is made possible to appropriately execute packet filtering and unauthorized access detection in a situation in which mobile network communications are operated. A home agent 404A acquires IP address, port number, and media type obtained by call control of a call control proxy server 403A and sends them to a firewall 700. A packet filtering unit 400 of the firewall 700 performs packet filtering so as to allow the IP packet determined according to the IP address and port number pair to pass through. An unauthorized access monitor 701 takes out information of the corresponding media type out of the normal access determination condition previously defined for each media type, monitors a packet based on the normal access determination condition, and detects that access deviating from normal access is unauthorized access.

Abstract: Methods and systems for processing multiple levels of data in system security approaches are disclosed. In one embodiment, a first set and a second set of resources are selected to iteratively and independently reverse multiple levels of format conversions on the payload portions of a data unit from a first file and a data unit from a second file, respectively. The first file and the second file are associated with a first transport connection and a second transport connection, respectively. Upon completion of the aforementioned reversal operations, the payload portions of a first reversed data unit and a second reversed data unit, which correspond to the data unit of the first file and the data unit of the second file, respectively, are inspected for suspicious patterns prior to any aggregation of the data units of the first file or the second file.

Abstract: A messaging system includes a first mailbox storage assigned to receive a message for the first processor and a first lock indicator having a first state to indicate that the first mailbox storage can receive a message and a second state to indicate that the first mailbox storage cannot receive a message. The system also includes a second mailbox storage assigned to receive a message for the second processor and a second lock indicator having a first state to indicate that the second mailbox storage can receive a message and a second state to indicate that the second mailbox storage cannot receive a message. The lock indicators are changed to their second state when a message is placed in their respective mailbox storage and are changes to their first state in response to its contents being read by the respective processor.

Abstract: A web application security frame (e.g., schema) that can incorporate expertise into an engineering activity, for example, a threat modeling activity, is provided. The novel web application security frame component can be applied to a threat modeling component to converge knowledge into the activity by identifying categories, vulnerabilities, threats, attacks and countermeasures. The novel schema can create a common framework that converges knowledge with respect to any application engineering activity (e.g., threat modeling, performance modeling). Additionally, a context precision mechanism can be employed to automatically and/or dynamically determine a context of a web application environment. This context can be used to automatically generate an appropriate web application security frame component.

Abstract: A wireless sensor network may be designed by modeling the network as a function of at least one design parameter and/or at least one threat parameter ?, by assessing the model by varying the at least one design parameter to determine an effect on the at least one threat parameter ?, and by choosing a value for the at least one design parameter based on the assessment that produces an acceptably low value for the at least one threat parameter ?.

Abstract: A method and an apparatus is provided that is efficient in detecting network virus and worms while using only the layer-4 information that is easily extracted from core routers and also be scalable when layer-7 information is available. Entropy analysis is used to identify anomalous activity at the flow level. Thereafter, only the contents of suspicious flows are analyzed with fingerprinting extraction. By doing so, the present invention brings together the characteristics of being deployable for real-time high data to rate links and the efficiency and reliability of content fingerprinting techniques.

Abstract: A processor is provided that includes inputs to receive headers and payloads of messages in block form, a cipher key, a counter block, and an indication that a data block is ready to be received at the processor's first input, and that outputs a data block processes according to a CCM protocol and a signal requesting the provision of a data block at the processor input. The processor also includes first and second cipher circuits generating ciphered results that are a function of a input data block and an input cipher key. Furthermore, the processor includes a controller that processes a first sequence of data blocks through the first cipher circuit to generate a message integrity code and a second sequence of data blocks through the second cipher circuit to generate a set of ciphered data blocks.