Abstract: A wireless simulcast system, such as an OFDM network, includes the ability to determine the location of a mobile user. Location-based services can be provided to the mobile user.

Abstract: A wireless simulcast system, such as an OFDM network, includes the ability to determine the location of a mobile user. Location-based services can be provided to the mobile user.

Abstract: A security system controlling access to a resource is arranged to operate such that when an attempt to access a resource using a password or PIN fails, the time interval "t" that must elapse before a subsequent attempt at access can be successful, is incremented. By making the increments increasingly large (illustratively, an exponential function of the number "n" of unsuccessful attempts), repeated access attempts by hackers or other unauthorized users is discouraged, because they simply cannot wait the time needed to make a large number of trial and error attempts. On the other hand, valid users, while experiencing a delay prior to access, are nevertheless able to gain access, rather than being completely "lockedout". This approach is a better compromise between access control and denial.

Abstract: Methods and apparatus are disclosed for providing increased security in a telecommunications network by using quasi-time domain reflectometry techniques to identify those telephone calls which comprise multiple legs. Echo data are collected for the telephone call from a predetermined point in the network to a point where the call originated. The data are processed to generate an indication of whether the telephone call comprises multiple legs, thus identifying those calls most susceptible to unauthorized use. The indication that a telephone call comprises multiple legs is advantageously used together with call attribute information, such as whether the call is placed to an international destination, to determine whether a given multiple-leg call is most likely a valid access to the communication system or most likely fraudulent.

Abstract: An authenticator card includes a liquid crystal display arranged to exhibit a dynamically changeable bar code pattern that represents an account number and, optionally, a PIN and/or expiration date. The card includes circuitry for periodically changing the bar code in accordance with a predetermined algorithm. When the card is presented by a user to a merchant to authenticate the identity of the user in connection with a business transaction, the bar code is scanned by a conventional bar code reader. The code is convened to electronic form and transmitted to a verification processor to be authenticated. During authentication, a corresponding algorithm is used to validate information from the received signal, enabling a database query to determine validity of the card. Advantageously, the card can be mass produced at low cost, and a readily available bar code scanner provides a simple interface when the card is presented for authentication.

Abstract: A security node disposed in the telecommunications network connecting calling and called parties transforms information (which can be voice, data, facsimile, video and other types of calls or messages) encrypted in a first format to (a) encrypted information in a different format or to (b) non-encrypted information, and vice-versa. The node is accessible from any location connected to the network. By routing calls or messages originated by the calling party and destined for the called party via the security node, and providing appropriate control signals to the node, the information may be encrypted only over a portion of the transmission path between the parties, and clear over the remainder of the transmission path. Alternatively, the information may be encrypted in different portions of the path using different encryption algorithms.

Abstract: A facility is provided which implements a "hold-for-pickup" function in the delivery of a data message, e.g., a facsimile. Particularly, the facility associates a data message that it receives from a sender with a respective confirmation number and sends the confirmation number to the sender. Thereafter, the facility transmits the message only to a receiver who enters the confirmation number when requested to do so. The facility also provides a number of other features, such as allowing the sender to specify the number of receivers that will receive the data message. Another feature associates a received data message with a plurality of confirmation numbers. In this way, a user may associate the confirmation numbers with respective receivers. The receivers may then obtain a copy of the sender's data message from the facility by entering their respective confirmation numbers when requested to do so.

Abstract: An access control system is implemented with a maximum-likelihood "soft" decision process that determines whether a user's actions are most like those of a valid user or most like those of a hacker. Data obtained from transactions involving both valid users and hackers is clustered in a multidimensional attribute space, with each of the clusters representing an attribute profile of similar user behaviors. The similarity between the attributes of an access attempt and the attribute profiles represented by the clusters is evaluated, to identify profiles of valid and fraudulent users that most closely resemble the attributes of the access attempt. An access decision can then be made simply based upon which type of user (valid or fraudulent) the access attempt most closely resembles.

Abstract: Secure teleconferencing between three or more parties is achieved by receiving encrypted information streams from each of the parties to the conference. The encrypted information streams are received in decryption/re-encryption units co-located with a conference bridge established in a telecommunication switching system in a public switched telephone network central office. The decryption/re-encryption units decrypt the information streams and then re-encrypt those information streams in accordance with a common conference encryption algorithm. The re-encryption processes for the information streams are synchronized so that the re-encryption circuitry for all information streams are in the same cryprostate at all times during the re-encryption procedure. The decryption/re-encryption units are located in secure surroundings to protect the unencrypted information streams present in those units.

Abstract: The penalties and drawbacks associated with encrypting information in a portable device having a microprocessor are avoided by, in advance of the time for encryption to begin, having the microprocessor develop portions of a key sequence during periods of time that the microprocessor is not engaged in performing any function necessary for the operation of the portable device and storing each developed portion of the key sequence for later use in encrypting information. In one embodiment, at least one entire key sequence of sufficient length to encrypt a string of information that has a predetermined maximum possible length is developed and stored in advance of the beginning of any encrypting.

Abstract: A central security control system (security system) interfaces between a plurality of requesters and a plurality of destinations such that it receives from the requesters requests for access to the destinations and communicates to the destinations a level of access that should be granted to a requester by that destination on a per request basis. In a preferred embodiment the security system also a) authenticates the requester to a predetermined level from which the level of access that is to be granted is derived and b) causes a direct connection to be established between the requester and the destination.

Abstract: A voice-based security system requires that a series of utterances to be uttered by the requester contain at least one repeated utterance. The system compares a representation of each instance of the repeated utterance as uttered by the requester to both a prestored template for the utterance and to each representation of the other instances of the utterance as uttered by said requester. The requester is authenticated only if each representation of the repeated utterance as uttered by said requester matches the prestored template and the representations of the repeated utterance as uttered by said requester do not match each other to such a high degree that they are deemed to have been mechanically generated.

Abstract: At least one new video signal is created by using portions taken from each signal of a plurality of original video signals to create at least one new video signal, with the sequencing of the assignments of the particular portions from any of the original video signals to any particular ones of the new video signals, or the positions therein, being the output of a cryptographic function. A cryptographic function is a function that employs a cryptographic algorithm to supply as an output an enciphered version of the values of at least one of its inputs. Because the portion assignment sequence is the output of a cryptographic function, the resulting arrangements of the portions from the original video signals within the new video signals appear random to a viewer of the new video signals. Thus, the information content of the original video signals is not intelligible when viewing the new video signals, either individually or in any combination.

Abstract: In a cryptographic communication system, a first encryptor transmits to a first decryptor and a second encryptor, co-located with the first decryptor, transmits to a second decryptor, which is co-located with the first encryptor. Each encryptor/decryptor pair is adapted to communicate using a selected non-self-synchronizing cryptographic mode. Whenever it is determined that synchronization between, say, the first encryptor and the first decryptor has been lost, both the first decryptor and the co-located, second encryptor are switched from the non-self-synchronizing mode to the self-synchronizing mode. This causes a loss of synchronization between the second encryptor and second decryptor since the latter is still operating in the non-self-synchronizing mode. Upon detection of this loss of synchronization, the second decryptor and the co-located, first encryptor are also switched from the non-self-synchronizing mode to the self-synchronizing mode.

Abstract: The occurrence of a transmission error which produces a multibit error burst in the decrypted version of a composite speech and synchronization encrypted signal using a one-bit cipher feedback or similar encryption scheme is detected by monitoring the decrypted signal to detect synchronization errors. Upon detection of an error, the decrypted speech output is muted or disabled to avoid the annoying audible click otherwise produced.

Abstract: Tap coefficient drift in a fractionally spaced equalizer is minimized by causing the sampled signal to have energy in its "no-energy" bands, i.e., at frequencies at which the sampled channel transfer function has substantially zero gain. This is achieved by adding an out-of-band signal to the received data signal prior to sampling. The out-of-band signal is derived from the received data signal.