Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.

Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticated data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A method for establishing a secondary communication channel between at least two computing devices over a network medium through use of a primary channel connects a first computing device with a first telephonic unit and a second computing device with a second telephonic unit. If the two telephonic units are in communication with each other over a primary channel, and communication channels are established between the computing devices and their respective telephonic units, then the first computing device transmits its location information to the second computing device over the primary channel. A connection is then established between the second computing device and the first computing device over a secondary communication channel.

Abstract: A method of accessing a data resource identifies the data resource, the data resource accessible through a first device and associated with a resource locator, the first device configured to provide access to the data resource responsive to possession of a whitelisted credential. The method includes receiving a second-device credential from a second device by a personal domain controller, the personal domain controller and the first device within a first trusted relationship and provides, by the personal domain controller, the second-device credential to the first device for whitelisting subject to the first trusted relationship. The method uses, by the second device, the second-device credential to access the data resource responsive to the resource locator.

Abstract: One embodiment of the present invention provides a system that facilitates access to encrypted data on a computing device based on a security-posture of the computing device. During operation, the system assesses the security-posture of the computing device upon which the encrypted data is stored. If the assessed security-posture meets specified criteria, the system provides the computing device with a key which enables the computing device to access the encrypted data.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including enabling secure communications to components of a vehicle, and enabling secure communications between the vehicle and associated infrastructure.

Abstract: One embodiment of the present invention provides a system for establishing temporary and permanent credentials for secure remote data access. The system includes a temporary smart card configured to provide a temporary credential for a first device, thereby providing the first device with temporary secure access to a remote data source when the temporary smart card is used with the first device. Additionally, the system includes an enrollment smart card configured to provide a permanent credential for a second device, thereby providing the second device with permanent secure access to the remote data source without presence of the enrollment smart card or the temporary smart card.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: One embodiment of the present invention provides a system that uses a portable security token to facilitate public key certification for a target device in a network. During system operation, the portable security token is located in close physical proximity to the target device to allow the portable security token to communicate with the target device through a location-limited communication channel. During this communication, the portable security token receives an authenticator for the target device, and forms a ticket by digitally signing the authenticator with a key previously agreed upon by the portable security token and a certification authority (CA). Next, the portable security token sends the ticket to the target device, whereby the target device can subsequently present the ticket to the CA to prove that the target device is authorized to receive a credential from the CA.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.

Abstract: A method for establishing a secondary communication channel between at least two computing devices over a network medium through use of a primary channel connects a first computing device with a first telephonic unit and a second computing device with a second telephonic unit. If the two telephonic units are in communication with each other over a primary channel, and communication channels are established between the computing devices and their respective telephonic units, then the first computing device transmits its location information to the second computing device over the primary channel. A connection is then established between the second computing device and the first computing device over a secondary communication channel.

Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticateed data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.

Abstract: One embodiment of the present invention provides a system that facilitates access to encrypted data on a computing device based on a security-posture of the computing device. During operation, the system assesses the security-posture of the computing device upon which the encrypted data is stored. If the assessed security-posture meets specified criteria, the system provides the computing device with a key which enables the computing device to access the encrypted data.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: One embodiment of the present invention provides a system that uses a portable security token (PST) to facilitate cross-certification between a first certification authority (CA) and a second CA, wherein the first CA and associated subscriber devices constitute a first public-key infrastructure (PKI) domain, and wherein the second CA and associated subscriber devices constitute a second PKI domain. During operation, the system uses the PST to transfer certification information between the first CA and the second CA, wherein the PST communicates with the first CA and the second CA through a location-limited communication channel. Next, the system uses the certification information to issue a cross-certificate to the first CA. Note that the cross-certificate is signed by the second CA.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.