Abstract: A method for robust indoor positioning systems includes receiving, from each of a plurality of anchors, a signal based on which a tag distance corresponding to a distance of a tag from the respective anchor is identified, and determining a plurality of anchor sets from the plurality of anchors. The method further includes, for each of the anchor sets, determining, based on the tag distances corresponding to anchors in the anchor set, a preliminary tag location corresponding to the respective anchor set; and determining a final tag location based on the preliminary tag locations.

Abstract: Location of a communication network subscriber is determined employing confidence metrics such as remote vs. local computer usage, primary user in a multi-user computing environment, likelihood of forgery, and comparable ones. A fine-grained location determination is then made based on the metric results and directory information for the particular subscriber such that services like emergency services can be provided with accurate location information.

Abstract: Location of a communication network subscriber is determined employing confidence metrics such as remote vs. local computer usage, primary user in a multi-user computing environment, likelihood of forgery, and comparable ones. A fine-grained location determination is then made based on the metric results and directory information for the particular subscriber such that services like emergency services can be provided with accurate location information.

Abstract: One embodiment of the present invention provides a system that facilitates confirmation of data communicated to a first device belonging to a first user from a second device belonging to a second user. During operation, the first device receives a message containing data from the second device. The first device then translates the data into a string of words (such as a human-friendly representation using a well-known function such as the One Time Password (OTP) dictionary defined in IETF RFC 1938) that can be recognized by a human. Next, the first device displays the string of words to the first user. The second device also translates the original data using the same well-known function. The first user and the second user then confirm that both strings of words match. The confirmation process is performed through a separate communication channel. This confirmation process ensures that the data sent by the second device is successfully received by the first device, and that it was sent by the second device.

Abstract: A fingerprint table or other type of data structure including a plurality of entries may be provided, each entry including a transmitter fingerprint set of a respective network location. Determining whether a current network location is a network location known to a user device may include comparing a determined transmitter fingerprint set of the entity with the transmitter fingerprint set of one or more fingerprint table entries. A user interface may be provided that enables a user to control when a transmitter fingerprint set is determined, compared with fingerprint table entries and/or recorded.

Abstract: Reliably identifying an AP through which a user device is accessing one or more networks, and reliably determining the current network location of the user device. An AP and network location may be reliably identified using a set of transmitter fingerprints unique to the AP or network location, respectively. In response to a user device receiving at least one signal from at least one unknown entity, a transmitter fingerprint set of the at least one entity may be determined from the at least one signal. It then may be determined whether the at least one entity is an AP having an ID known to the user device, and/or whether the current network location is known by the user device. The user device may determine information that may be divulged with the at least one entity based on this determination.

Abstract: A patch or set of patches may be deployed, often to a subset of potentially vulnerable systems, to address a particular vulnerability while providing a facility to monitor and, in some cases, characterize post-patch exploit attempts. Often, such a patch will check for an exploit signature and, if an exploit attempt is detected or suspected, take an appropriate action. For example, the patch may include code to log indicative data or trigger such logging. In some exploitations, the patch may generate or contribute to a warning or advisory regarding an additional target (or targets) of the exploit and, if appropriate, initiate a patch or protective measure for the additional target(s). In some exploitations, the patch may simulate responses or behaviors suggestive (to an attacker) of unpatched code.

Abstract: A method for sending data from a second node to a first node, including generating a hashed message authentication code using a key and data, sending the hashed message authentication code to the first node, generating a nonce in response to receiving the hashed message authentication code by the first node, sending the nonce to the second node, sending the nonce, the key and data to the first node in response to the second node receiving the nonce, verifying the hashed message authentication code by the first node using the key and data, if the hashed message authentication code is verified: generating a first representation on the first node and a second representation on the second node, wherein the first representation and the second representation are associated with the key, and verifying that the first representation matches the second representation using an authentic channel.

Abstract: One embodiment of the present invention provides a system that communicates cryptographic data through multiple network layers. During operation, the system receives the cryptographic data and divides the cryptographic data into multiple pieces. The system then encapsulates different pieces of the cryptographic data into fields associated with different network layers in a data packet, whereby an item of cryptographic data that is too large to be communicated in a single field can be communicated through multiple fields associated with different network layers.

Abstract: The invention provides a generic naming scheme for remote access and firewall traversal in the form of a uniform resource locator (RAFT URL). The RAFT URL may be provided to any client, regardless of compatibility with the remote access/firewall traversal method, which then launches an operating environment code module. The operating environment code module performs the remote access/firewall traversal method and interacts with the operating environment to obtain data transport mechanisms. These mechanisms permit the client application to transact with private resources beyond the firewall. The remote access/firewall traversal procedure is made transparent to the client application, and thus, a wider array of client applications may be chosen for the data session with the resources beyond the firewall.