Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A method for establishing a secondary communication channel between at least two computing devices over a network medium through use of a primary channel connects a first computing device with a first telephonic unit and a second computing device with a second telephonic unit. If the two telephonic units are in communication with each other over a primary channel, and communication channels are established between the computing devices and their respective telephonic units, then the first computing device transmits its location information to the second computing device over the primary channel. A connection is then established between the second computing device and the first computing device over a secondary communication channel.

Abstract: System and method for providing secure resource management. The system includes a first device that creates a secure, shared resource space and a corresponding root certificate for the shared space. The first device associates one or more resources that it can access with the shared space. The first device invites one or more other devices to join as members of the space, and establishes secure communication channels with the devices that accept this invitation. The first device generates a member certificate for each accepting device, and sends the root certificate and the generated member certificate to the device through the secure channel. These devices may then access resources associated with the shared space by presenting their member certificates. Further, members of the shared space may invite other device to join the space, and may create member certificates in the same manner as the first device.

Abstract: A method of accessing a data resource identifies the data resource, the data resource accessible through a first device and associated with a resource locator, the first device configured to provide access to the data resource responsive to possession of a whitelisted credential. The method includes receiving a second-device credential from a second device by a personal domain controller, the personal domain controller and the first device within a first trusted relationship and provides, by the personal domain controller, the second-device credential to the first device for whitelisting subject to the first trusted relationship. The method uses, by the second device, the second-device credential to access the data resource responsive to the resource locator.

Abstract: One embodiment of the present invention provides a system that facilitates access to encrypted data on a computing device based on a security-posture of the computing device. During operation, the system assesses the security-posture of the computing device upon which the encrypted data is stored. If the assessed security-posture meets specified criteria, the system provides the computing device with a key which enables the computing device to access the encrypted data.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including enabling secure communications to components of a vehicle, and enabling secure communications between the vehicle and associated infrastructure.

Abstract: One embodiment of the present invention provides a system for establishing temporary and permanent credentials for secure remote data access. The system includes a temporary smart card configured to provide a temporary credential for a first device, thereby providing the first device with temporary secure access to a remote data source when the temporary smart card is used with the first device. Additionally, the system includes an enrollment smart card configured to provide a permanent credential for a second device, thereby providing the second device with permanent secure access to the remote data source without presence of the enrollment smart card or the temporary smart card.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A system and method for sharing files securely includes server software on a first device configured to communicate with server software operating on one or more other preauthorized devices, such as a second device. The servers communicate with each other securely using cryptographic information exchanged during a preauthorization phase using a range-limited communication channel. The server on the first device obtains file information from the other preauthorized device(s) and combines the information with local file information from the first device. This combined file information is sent to client software operating on the machine, which presents the combined file information to users.

Abstract: One embodiment of the present invention provides a system that uses a portable security token to facilitate public key certification for a target device in a network. During system operation, the portable security token is located in close physical proximity to the target device to allow the portable security token to communicate with the target device through a location-limited communication channel. During this communication, the portable security token receives an authenticator for the target device, and forms a ticket by digitally signing the authenticator with a key previously agreed upon by the portable security token and a certification authority (CA). Next, the portable security token sends the ticket to the target device, whereby the target device can subsequently present the ticket to the CA to prove that the target device is authorized to receive a credential from the CA.

Abstract: A system and method for sharing files securely includes server software on a first device configured to communicate with server software operating on one or more other preauthorized devices, such as a second device. The servers communicate with each other securely using cryptographic information exchanged during a preauthorization phase using a range-limited communication channel. The server on the first device obtains file information from the other preauthorized device(s) and combines the information with local file information from the first device. This combined file information is sent to client software operating on the machine, which presents the combined file information to users.

Abstract: A method of receiving mobile code includes receiving, from a source node, a dependency descriptor describing at least one permitted configuration, each configuration comprising necessary conditions on a destination node to execute mobile code, executing, on the destination node, checker code associated with the conditions described in the dependency descriptor, and, if at least one configuration is compatible, receiving the mobile code at the destination node.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.

Abstract: A method for establishing a secondary communication channel between at least two computing devices over a network medium through use of a primary channel connects a first computing device with a first telephonic unit and a second computing device with a second telephonic unit. If the two telephonic units are in communication with each other over a primary channel, and communication channels are established between the computing devices and their respective telephonic units, then the first computing device transmits its location information to the second computing device over the primary channel. A connection is then established between the second computing device and the first computing device over a secondary communication channel.

Abstract: Systems and methods that allow the formation and distribution of session keys amongst a dynamic group of users communicating over an unreliable, or lossy, network.

Abstract: Techniques are provided for creating and sharing information about arbitrary documents. A primary document is selected and a document content identifier generated based on the content of the primary document. Additional information such as comments, additional documents, reviews and the like are created and/or selected from an information repository. The additional information is associated with the primary document based on the document content identifier of the primary document. A search for information associated with the primary document compares the document content identifier of the primary document to document content identifiers associated with the additional information. Additional information associated with the document content identifiers matching the primary document content identifier is retrieved and displayed to the user.

Abstract: Authentication information is generated for a group where members within a group are able to communicate with each other, but a non-members is not able to participate in that communication. The authentication information provides the determination of whether the member belongs to the group.

Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticateed data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.

Abstract: Techniques are provided for the lightweight authentication of a user to an application, a computer or other device. An interaction element such as a stylus, a pen or marker is uniquely identified. The interactive element is associated with a user. The interaction element provides a means for interacting with the application. The proximity of the identification element within the interaction element during data entry operations to the authentication sensor signals the controlled application that the user has been authenticated.