Abstract: A method for accessing a 3G network includes: a terminal accessing a wireless local area network by adopting a WAPI protocol, and notifying an AAA server of a 3G network through an AP of the wireless local area network that the terminal intends to access the 3G network; the AAA server obtaining identity information of the terminal through the AP, and performing an EAP-TLS negotiation process with the terminal through the AP after determining that the terminal is a subscription terminal of the 3G network according to the identity information; and the terminal accessing the 3G network after finishing the EAP-TLS negotiation process. A system for accessing a 3G network includes an AP of a wireless local area network and an AAA server of a 3G network. The present invention reduces unnecessary processes the message interacting, the certificate verification, the signature verification, and so on and improves the system efficiency.

Abstract: To aim to provide a monitoring system and a program execution apparatus that are capable of maintaining the security intensity even in the case where an unauthentic install module is invalidated. Install modules included in an apparatus each monitor an install module, which is a monitoring target indicated by a monitoring pattern included therein, as to whether the install module performs malicious operations. An install module that performs malicious operations is invalidated in accordance with an instruction from an update server. The monitoring patterns are restructured by the update server such that the install modules except the invalidated install module are each monitored by at least another one of the install modules. The restructured monitoring patterns are distributed to the install modules except the invalidated install module.

Abstract: A semiconductor memory device includes a controller module as well as a universal interface module and a semiconductor memory medium module, which are connected electrically with the controller module respectively. The device also includes a one-time programmable memory, which stores a unique serial number. This one-time programmable memory is provided within the controller module or the semiconductor memory medium module. The number sequence of the unique serial number contained in each of the semiconductor memory device is different from that of another semiconductor memory device. While providing a mobile data storage function, this invention adopts a security technology to prevent from illegal data reading/writing. This increases significantly the difficulty in decrypting the data of a legal user, subsequently improving the security of the stored data of the user greatly. This invention also provides a method for realizing secure data storage with this semiconductor memory device.

Abstract: Methods, systems, and products verify identity of a person identification verification. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified.

Abstract: An email security system is described that allows users within different organizations to securely send email to one another. The email security system provides a federation server on the Internet or other unsecured network accessible by each of the organizations. Each organization provides identity information to the federation server. When a sender in one organization sends a message to a recipient in another organization, the federation server provides the sender's email server with a secure token for encrypting the message to provide secure delivery over the unsecured network.

Abstract: An enterprise system includes a storage having stored thereon a private key and a processor that is configured to receive a data object including an encrypted datum; decrypt the encrypted data based on the private key to generate a first string of digits, each digit including N bits, wherein N is a positive integer; shuffle the N bits of the each digit according a pre-determined pattern of bit positions to generate a second string of digits; and substitute a subset of the N bits of the each digit with pre-determined bits to generate a third string of digits.

Abstract: A security management system, comprising: an authentication unit for authenticating an operator of an operating terminal in order to determine whether the operator is permitted to log in or release a lock; a current operator information inquiry unit for inquiring for login status information and current operator information; an authority information inquiry unit for inquiring for authority information regarding the operator and that regarding the current operator; a lock unit for detecting an event, where a predetermined lock condition is satisfied, in the login status to allow the operating terminal to change to a lock status, and for allowing the operating terminal to change to an operable status in response to a login instruction or an instruction for a release; and a lock control unit for transmitting the instruction for a release to the lock unit when a predetermined condition is satisfied.

Abstract: An authentication platform comprises an authentication unit configured to authenticate the user based on received input data, and a control unit configured to enable communication between a client device and an authentication host as a consequence of successful authentication of the user by the authentication unit.

Abstract: A system and method for detecting spoofing of signals by processing intermittent bursts of encrypted Global Navigation Satellite System (GNSS) signals in order to determine whether unencrypted signals are being spoofed. The system and method can allow a specially equipped GNSS receiver to detect sophisticated spoofing that cannot he detected using receiver antonomous integrity monitoring techniques. The system and method do not require changes to the signal structure of encrypted civilian GNSS signals, but instead use a short segment of an encrypted signal that is broadcast by the same GNSS spacecraft which broadcast the unencrypted signal of interest.

Abstract: Processing of masked data using multiple lookup tables (LUTs), or sub-tables, is described. For each input value, an appropriate sub-table provides an output value that is the result of a non-linear transformation (e.g., byte substitution) applied to the input value. An additive mask can be applied to the input data. A transformation can be applied to the masked input data to transform the additive mask into a multiplicative-additive mask. Selected bits of the masked input data and the bits in the additive component of the multiplicative-additive mask can be used in combination to select one of the sub-tables. An entry in the selected sub-table, corresponding to a transformed version of the input data, can then be identified.

Abstract: The present invention aims to perform tamper detection on a protection control module without having detection modules come to know the key data and functions thereof. The detection modules of the present invention perform tamper detection by verifying whether or not the correspondence between the input and output data of the application decryption process performed by the protection control module is correct. Furthermore, the present invention offers improved security against leaks of the application output data by the detection modules by having a plurality of detection modules verify different data blocks.

Abstract: A method for detecting unintentional information disclosure. The method may include: 1) identifying at least one data access Application Programming Interface (API) programmed to provide access to sensitive information located on a computing device, 2) monitoring attempts to use the data access API, 3) while monitoring attempts to use the data access API, detecting an attempt by an application to access the sensitive information through the data access API, 4) in response to detecting the attempt to access the sensitive information, tracking the sensitive information accessed by the application, 5) detecting an attempt to leak the sensitive information outside of the computing device, and 6) in response to detecting the attempt to leak the sensitive information outside of the computing device, performing a security action.

Abstract: Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage.

Abstract: A device for confirming compliance with usage of a breathing gas delivery system that includes at least one sensor for monitoring operating data disposed within the breathing gas delivery system and a device for encoding the monitored operating data and displaying the encoded operating data for reporting to another location.

Abstract: An authentication system is provided that includes a portable device and a decryption node. An individual uses the portable device, such as a portable device like a cell phone to compute a challenge and a response. The challenge and response is sent to a decryption node. In response, the decryption node computes a presumed response and compares the presumed response to the response of the portable device, in order to authenticate the individual associated with the portable device.

Abstract: A system and method for automating the creation, optimization and deployment of multimedia, interactive, mentoring communication modules (“MIPs”) is provided. Simplified interfaces allow superiors to generate MIPs and asynchronously deploy them to subordinates' mobile devices or personal computers. The completed MIP are automatically coded for optimal performance on specific mobile operating systems to which they are deployed. Automatic notifications are sent to registered subordinates upon deployment of a completed MIP. User configurable and system updatable management portals and subordinate portals are automatically generated to provide a user interface to enable mentoring interactions between the superior and subordinates. The MIPs allow custom tailoring of educational and developmental exercises. Performance of the exercises can be monitored by a superior for each of a plurality of subordinates.

Abstract: A method for facilitating electronic certification, and systems for use therewith, are presented in the context of public key encryption infrastructures. Some aspects of the invention provide methods for facilitating electronic certification using authority-neutral service requests sent by an application, which are then formatted by a server comprising a middleware that can convert the authority-neutral request into certification authority specific objects. The server and middleware then return a response from a selected certification authority back to the service requesting application. Thus, the server and/or middleware act as intermediaries that facilitate user transactions in an environment having multiple certification authorities without undue burden on the applications or the expense and reliability problems associated therewith.

Abstract: Methods and systems for handling on an electronic device a secure message to be sent to a recipient. Data is accessed about a security key associate with the recipient. The received data is used to perform a validity check related to sending a secure message to the recipient. The validity check may uncover an issue that exists with sending a secure message to the recipient. A reason is determined for the validity check issue and is provided to the mobile device's user.

Abstract: A method, system, and medium are provided for validating the identity or authority of a user of a wireless device to consent to providing geographic locations of their respective wireless device to a third-party application. Upon receiving a request to validate the authority of a user to consent to providing of geographic locations, the user is automatically redirected to a validation service portal. The validation service portal verifies the identity or authority of the user to consent by requiring the user to provide identification information. The identification information is compared to identification information in one or more databases to determine if the user has the authority to consent. An indication is provided by the validation service portal to the third-party application of whether the user has the authority to consent. The third-party application then initiates location-based services based on the indication.

Abstract: An system for and method of providing end-to-end encrypted real-time phone calls using a commodity mobile phone and without requiring service provider cooperation is presented. The system and method improve upon prior art techniques by omitting any requirement for mobile phones that are specially manufactured to include end-to-end encryption functionality.