Abstract: In an embodiment, a server determines to update at least one group session key (GSK) parameter for a given multicast group, the at least one GSK parameter configured to permit encryption, decryption and/or authentication of multicast messaging exchanged between members of the given multicast group during a multicast communication session. The server sends a notification to a plurality of multicast group members of the given multicast group that an update of the at least one GSK parameter for the given multicast group is available. At least one of the multicast group members receives the notification and sends a provisioning request to retrieve the updated at least one GSK parameter, the provisioning request including information specific to the given multicast group member. The server generates and encrypts the updated at least one GSK parameter and sends the encrypted at least one GSK parameter to the at least one multicast group member.

Abstract: A method, apparatus, and/or system for execution prevention is provided. A state indicator for a first subset of a plurality of memory pages of executable code in a memory device is set to a non-executable state. A state indicator for a second subset of the plurality of memory pages is set to an executable state, where the second subset of the plurality of memory pages includes indirection stubs to functions in the first subset of the plurality of memory pages. Upon execution of an application, a function call is directed to a corresponding indirection stub in the second subset of the plurality of memory pages which modifies the state indicator for a corresponding function in the first subset of the plurality of memory pages prior to directing execution of the called function from the first subset of the plurality of memory pages.

Abstract: To inhibit cross-site forgery attacks, different types/classes of cookies are used. A first cookie and a second cookie are generated by a web server and provided to a client browser during a web session. The first cookie defines a first set of use conditions for when the first cookie is to be used within the web session. The second cookie defines a second set of use conditions for when the second cookie is to be used within the web session. The client browser determines which (if any) of the first cookie or second cookie to send to the web server based on the use conditions defined within each cookie and the operation(s) sought by the client browser. The web server may grant different or the same privileges to operation(s) being sought by the client browser depending on whether the first or second cookie is sent by the client browser.

Abstract: Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated.

Abstract: Disclosed is a method for transitioning access rights, in a remote station with role-based access control, for an unknown role having access rights defined by a central access control management module. In the method, a role capability table is maintained in the remote station specifying centrally-defined access rights of roles that are interpretable in the remote station. An access request associated with an unknown role that is not interpretable in the remote station is received. The access request includes a role transition list that relates the unknown role to other centrally-defined roles. At least one of the other centrally-defined roles is interpretable in the remote station. A role is selected, from the role transition list, that is interpretable in the remote station for interpreting the unknown role of the access request. Access is granted based on the access request associated with the unknown role using the access rights of the interpretable role selected from the role transition table.

Abstract: Apparatus and method are disclosed for digital authentication and verification. In one embodiment, authentication involves storing a cryptographic key and a look up table (LUT), generating an access code using the cryptographic key; generating multiple parallel BPSK symbols based upon the access code; converting the BPSK symbols into multiple tones encoded with the access code using the LUT; and outputting the multiple tones encoded with the access code for authentication. In another embodiment, verification involves receiving multiple tones encoded with an access code; generating multiple parallel BPSK symbols from the multiple tones; converting the BPSK symbols into an encoded interleaved bit stream of the access code; de-interleaving the encoded interleaved bit stream; and recovering the access code from the encoded de-interleaved bit stream.

Abstract: Disclosed is a method for visual verification a Captcha's source. In the method, a Captcha is served to a user. The Captcha includes visual information related to a characteristic of a source of the Captcha and related to a puzzle question of the Captcha. The visual information is for visual verification by the user of the Captcha's source. A response is received from the user based on the served Captcha. A determination is made as to whether the received response is a solution of the puzzle question of the served Captcha.

Abstract: The mobile commerce authentication and authorization system allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the mobile wireless communications instrument user is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device.

Abstract: Systems and methods for protecting digital assets associated with a computing device are described herein. An example of a method according to the disclosure includes assigning at least one asset worth value to respective digital assets associated with a device, computing at least one device worth value using the at least one asset worth value assigned to the digital assets associated with the device, identifying at least one device worth value threshold, performing a comparison of the at least one device worth value to the at least one worth value threshold, and initiating at least one action with respect to the digital assets associated with the device based on the comparison.

Abstract: Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.

Abstract: Another feature provides an efficient encryption method that safeguards the security of encrypted symbols. Each plaintext symbol is encrypted by using a separate pseudorandomly selected translation table. Rather than pre-storing every possible permutation of symbols as translation tables, the translation tables may be efficiently generated on-the-fly based on a pseudorandom number and a symbol shuffling algorithm. A receiving device may similarly generate reverse translation tables on-the-fly to decrypt received encrypted symbols.

Abstract: Disclosed is an apparatus and method to perform a pairing process with a limited input wireless device. A host device includes a transceiver and a processor. The processor may be configured to execute instructions to: receive from the transceiver a pairing process request from the limited input wireless device, wherein the pairing process request includes a private code based upon a physical user action implemented with the limited input wireless device; and implement a pairing process to validate the limited input wireless device for a particular host device function associated with the private code.

Abstract: The mobile commerce authentication and authorization system allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the mobile wireless communications instrument user is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device.

Abstract: Embodiments describe a method and/or system whereby a secret key in a cryptographic system may be replaced without revealing the secret key. One embodiment comprises creating a first private key and corresponding first public key. A second private key associated with the first private key and a second public key corresponding to the second private key are also created. The second private key is output once such that it can be re-created and the second public key is output when outputting the first public key. The first private key is used for authentication. The method further comprises re-creating the second private key; and using the second private key for authentication. Another embodiment comprises creating a private key and corresponding public key with associated system parameter; outputting the system parameter when outputting the public key; and using the private key for authentication. The method may further comprise creating a new private key using the previous key and the system parameter.

Abstract: Disclosed is an apparatus and method to locate a mobile device in an emergency situation. The mobile device includes a display device, a user interface to receive an emergency mode request from a user, and a processor. The processor may be configured to execute instructions to implement an emergency mode process based upon the receipt of the emergency mode request from the user. The emergency mode process is implemented to: monitor received signals to locate a base station, wherein, once a base station is located, a short emergency message is transmitted to the base station including the location of the mobile device. The emergency mode process is further implemented to: monitor received signals to receive an acknowledgement signal from the base station; and reduce a plurality of first non-essential functions of the mobile device to reduce power consumption.

Abstract: Disclosed is an apparatus and method to detect vehicle theft. In one embodiment, a processor may be configured to execute instructions to: receive a vehicle detection signal from a vehicle detector; determine whether a vehicle is present or absent based upon the vehicle detection signal; establish an authentication credential after the vehicle is determined to present; and validate the authentication credential to indicate validated parking. If the vehicle is determined to be absent and an authentication credential to un-park the vehicle has not been validated, a notification action may be transmitted to appropriate personnel to indicate that the vehicle has been moved or un-parked without proper authentication.

Abstract: A system is provided for inside-to-outside or outside-to-inside cryptographic coding that facilitates product authentication along a distribution channel. An association of authenticated, secured codes is generated between inner items (e.g., pharmaceutical doses such as pills, capsules, tablets) and outer items (e.g., packaging containing inner items). For instance, an inner code associated with a first item is used to generate (at least partially) an outer code associated with a second item that contains one or more first items. This process may be repeated multiple times with codes for outer items being a function of codes for inner items. The sequence of items may be authenticated by the dependent relationship between their codes.

Abstract: Systems and methods for setting up and running a virtual video capture device are described herein. The virtual video capture device may receive image data and output the data in a format similar to a video capture device. The virtual video capture device may operate with an application configured to receive data from a physical video capture device.

Abstract: One feature provides a method for granting authenticated access to off-line, limited-resource mobile devices. A public-private key pair is generated by a service provider and the public key is used to digitally sign a username and (possibly) access privileges to obtain a password for technician. The public key is securely distributed to mobile devices. When off-line, a mobile device may authenticate access to restricted functions of the mobile device by a technician. The technician provides its username, access privileges and password to the mobile device. The mobile device then uses the public key, username and access privileges to verify the password. To invalidate an old username and password, the service provider replaces the public-private key pair with a new public-private key pair.

Abstract: A portable self-contained node computer is provided. The portable self-contained node computer connects to a host computer. The host computer allows the portable node computer to access its peripheral input/output devices.