Abstract: Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.

Abstract: Another feature provides an efficient encryption method that safeguards the security of encrypted symbols. Each plaintext symbol is encrypted by using a separate pseudorandomly selected translation table. Rather than pre-storing every possible permutation of symbols as translation tables, the translation tables may be efficiently generated on-the-fly based on a pseudorandom number and a symbol shuffling algorithm. A receiving device may similarly generate reverse translation tables on-the-fly to decrypt received encrypted symbols.

Abstract: Disclosed is an apparatus, system, and method to communicate emergency messages utilizing road markers. The road marker may include: a light emitter to emit different light colors; a transmitter; and a receiver to receive an emergency message from an emergency vehicle, a road marker gateway, or another road marker. Further, the road marker may include a processor to: to command the light emitter to emit a light color based upon the emergency message received by the receiver; and command the transmitter to transmit the received emergency message to at least one other road marker.

Abstract: Methods and devices for instructing a subscriber identity module in a cellular communications network to process non-standard authentication information in a standard manner are disclosed. One embodiment of a method comprises receiving a first message authentication code (MAC) and an authentication management field (AMF) at a subscriber identity module as part of an authentication protocol, calculating a second MAC and determining whether the second MAC is equivalent to the first MAC. If the first and second MAC are not equivalent, the SIM calculates a third MAC and determines whether the first MAC is equivalent to the third MAC, and if so, the subscriber identity module processes the AMF in a predefined or standard manner.

Abstract: In a communications system, a method of transforming a set of message signals representing a message comprising the steps of first encoding one of the set of message signals in accordance with a first keyed transformation, a second encoding of the one of the set of message signals in accordance with at least one additional keyed transformation, a third encoding of the one of the set of message signals in accordance with a self inverting transformation in which at least one of the set of message signals is altered, a fourth encoding of the one of the set of message signals in accordance with at least one additional inverse keyed transformation wherein each of the at least one additional inverse keyed transformation is a corresponding inverse of at least one additional keyed transformation, and fifth encoding the one of the set of message signals in accordance with first inverse keyed transformation wherein the first inverse keyed transformation is the inverse of the first keyed transformation.

Abstract: Systems and methods of securing wireless communications between a network and a subscriber station include inserting a marker denoting an encryption type within a random value used for authentication, calculating a first session key and a first response value as a function of the random value, then calculating a second session key and a second response value as a function of the random value, first session key and first response value. The two levels of session keys and response values may be used by upgraded subscriber stations and network access points to prevent attackers from intercepting authentication triplets.

Abstract: A stream stretcher is provided for securely expanding a key stream to match the length of a data block to be encrypted and/or decrypted. A key stream is obtained having a length of LZ bits. A length LD corresponding to a data block to be encrypted/decrypted is obtained, where LD>LZ. LD?LZ new bits are recursively generated by combining at least two bits of the key stream. The LD?LZ new bits are appended to the key stream to generate a stretched key stream. The data block may then be encrypted/decrypted with the stretched key stream. The at least two bits are selected to have offsets that form a full positive difference set.

Abstract: A system is provided for inside-to-outside or outside-to-inside cryptographic coding that facilitates product authentication along a distribution channel. An association of authenticated, secured codes is generated between inner items (e.g., pharmaceutical doses such as pills, capsules, tablets) and outer items (e.g., packaging containing inner items). For instance, an inner code associated with a first item is used to generate (at least partially) an outer code associated with a second item that contains one or more first items. This process may be repeated multiple times with codes for outer items being a function of codes for inner items. The sequence of items may be authenticated by the dependent relationship between their codes.

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key.

Abstract: Systems and methods of securing wireless communications between a network and a subscriber station are disclosed. One embodiment creates authentication triplets due to expire after a certain amount of time such that they may not be used indefinitely by an attacker who intercepts them.

Abstract: One feature provides a method for granting authenticated access to off-line, limited-resource mobile devices. A public-private key pair is generated by a service provider and the public key is used to digitally sign a username and (possibly) access privileges to obtain a password for technician. The public key is securely distributed to mobile devices. When off-line, a mobile device may authenticate access to restricted functions of the mobile device by a technician. The technician provides its username, access privileges and password to the mobile device. The mobile device then uses the public key, username and access privileges to verify the password. To invalidate an old username and password, the service provider replaces the public-private key pair with a new public-private key pair.

Abstract: A process and device for uniquely identifying an Internet enabled device with a unique identification. The process can include receiving an identification when an Internet user accesses an Internet resource, and determining position-based information for at least one of an Internet user and an Internet enabled device based on the identification. The identification may be authenticated, to reduce fraud. The identification may further be used to determine whether or not the device is in a particular geographic area of interest.

Abstract: A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT.

Abstract: In a communications system, a method of transforming a set of message signals representing a message comprising the steps of first encoding one of the set of message signals in accordance with a first keyed transformation, a second encoding of the one of the set of message signals in accordance with at least one additional keyed transformation, a third encoding of the one of the set of message signals in accordance with a self inverting transformation in which at least one of the set of message signals is altered, a fourth encoding of the one of the set of message signals in accordance with at least one additional inverse keyed transformation wherein each of the at least one additional inverse keyed transformation is a corresponding inverse of at least one additional keyed transformation, and fifth encoding the one of the set of message signals in accordance with first inverse keyed transformation wherein the first inverse keyed transformation is the inverse of the first keyed transformation.

Abstract: A hand-held token can be operated to generate an acoustic or other wireless signal representing a digital signature produced from the private key of a public key/private key pair, with the public key being confidential in that it is known only to authorized entities, such as bank computers. The signal from the token can be received by, e.g., a receiver at a bank ATM that also requires a PIN for account access. The user enters the PIN into the ATM, and the ATM encrypts the signal from the token with the PIN and sends it on to the bank computer over a link that need not be secure, since even if the PIN is guessed there is no way to verify that it is the correct PIN without also knowing the confidential public key held by the bank computer.

Abstract: Systems and methods of securing wireless communications between a network and a subscriber station include inserting a marker denoting an encryption type within a random value used for authentication, calculating a first session key and a first response value as a function of the random value, then calculating a second session key and a second response value as a function of the random value, first session key and first response value. The two levels of session keys and response values may be used by upgraded subscriber stations and network access points to prevent attackers from intercepting authentication triplets.

Abstract: Methods and systems enable thermal treating a portion of a subject using microwave or other electromagnetic radiation without harming other portions of the subject. In an embodiment, a plurality of electromagnetic radiation transmitters are positioned within a thermal treatment system and coupled to a control processor. The electromagnetic radiation may be transmitted as a pseudorandom waveform and maybe microwave radiation. The control processor coordinates the transmitters so that emitted electromagnetic radiation constructively interferes within a treatment volume while radiation passing through the rest of the subject randomly interferes or appears as noise. As a result, in a volume in which the electromagnetic radiation waveforms arrive in phase the power of all the transmitters add constructively resulting in a significant temperature rise, while the rest of the subject is exposed to a much lower average power level and thus a lower temperature rise.

Abstract: Apparatus and method for authentication is disclosed. In one embodiment, an apparatus for performing authentication using removeably coupled external authentication module comprises a module configured to receive the authentication module. The authentication module is configured to generate authentication information. The module may comprises an input unit configured to receive and couple the authentication module, and an output unit configured to receive the authentication information from the authentication module and to transmit the authentication information.

Abstract: The method and apparatus updates a binary number that will be used in cellular telephone system authentication procedures by applying a first algorithm to a plurality of most significant bits of a first binary number to obtain a second binary number; operates on a plurality of least significant bits of the first binary number with a second algorithm to obtain a third binary number, and applies a block cipher to the concatenation of the second and third numbers to obtain the updated binary number. When the most significant bits of the updated binary number comprise an all-zeroes number they are replaced with the most significant bits of the concatenation of the second and third numbers.

Abstract: Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.