Abstract: The invention provides a method for a web browser based remote administration system to maintain its security by utilizing an ActiveX control or a plug-in, without relying on HTTPS protection to transact management information. The invention does not burden the embedded system and thus is ideally suited for the remote administration of embedded systems. The invention provides a method to calculate a security code base upon identical algorithms in the administrative system having the browser and the embedded system. When the browser-based administrator submits the management information, an operator packages the control information as a string and invokes the security function in the plug-in with the string as a parameter. After the security function returns the result, the operator sends the form data together with a coded digest to the remote system. The digest may be embedded in the form data, for example, as a hidden field.

Abstract: The invention herein provides an apparatus and a method for automatically configuring an IEEE 802.1x client terminal to provide limited access in a WLAN environment, specifically utilizing the access point to filter traffic associated with the limited access so as to redirect the client terminal's HTTP request to a designated local web server. The web server responds to the client terminal by requesting information required to establish an authorized communication. Thereafter the client terminal provides information required to establish an authorized communication. In the course of the communication the web server sends information such as transmission rates, new user account creation information, authentication method selection, and access user terms and conditions of acceptance, all typically required to establish an authorized access. The client responds with information, required to establish an authorized communication.

Abstract: A method and apparatus for managing a session key for allowing a mobile terminal to access a wireless local area network (WLAN). The invention provides for establishing a first secure channel between an access point and a virtual operator, and suggesting a session key to the virtual operator from the access point. A second secure channel is established between the virtual operator and a user, and the session key is sent to the user via the second secure channel upon successful user authentication. The mobile terminal accesses the WLAN using the session key.

Abstract: A method of watermarking digital media data in a user device using a watermark that contains information derived from the digital media data content and the user device specific information to enable improved enforcement of the digital media data content copyright license.

Abstract: A method for downloading and displaying a video program using a mobile terminal that includes a first radio access network having a first data transfer rate and a second radio access network having a second data transfer rate faster than the first data transfer rate. The downloaded video program is displayed at a predetermined playback rate. Excess portions of the downloaded video program that result when a rate at which the video program is downloaded exceeds the predetermined playback rate are buffered. A third data transfer rate that is lower than the first transfer rate is calculated in response to the predetermined playback rate, the buffered excess portions and the time duration of the remainder of the video program. The third data transfer rate is negotiated with the first network for downloading the video program when the difference between the first and third data transfer rates exceeds a threshold level.

Abstract: There is provided a method for managing the downloading and display of a video program using a mobile device in an networking environment that includes a first radio access network and a second radio access network that has a faster transfer rate than the first network. A layer of video program that has been encoded into multiple layers is downloaded via the first or second network. The downloaded video program is displayed at a playback rate that corresponds to a display quality. Excess portion of the downloaded video program that result when a rate at which the video program is displayed are buffered. The number of layers being downloaded and the playback rate at which the video program is displayed are increased to increase the display quality, when the buffered excess portions exceeds a threshold level.

Abstract: A key synchronization mechanism for wireless LANs is provided where the access point (AP) does not start using a new encryption key until the first data frame correctly encrypted with the new key is received from the station (STA). The new key is used from this point on, until the expiration of a key refresh interval.

Abstract: A method and apparatus that inserts watermark signal into decoded video pictures where the watermark creation function is combined with the video decoder and makes use of compressed domain information to create a perceptually adaptive watermark signal.

Abstract: A mobile wireless terminal, upon transitioning from a wireless telephony network to a wireless Local Area Network (LAN), seeks identification by sending the same identity information used for identification in the wireless telephony network. Upon receipt of the identity information, a wireless LAN Access Server in the wireless telephony network identifies a Serving General Packet Radio Service Serving Node (SGSN) that had last served the wireless terminal in the wireless telephony network prior to transition. The wireless LAN Access Server forwards the identity information to the SGSN, which, in turn, provides an identification response for validating the terminal.

Abstract: Secure access by a mobile wireless terminal of a wireless telephony network is achieved by having a Home Location Register store the terminal's temporary and permanent identities. Upon accessing the network following initial registration, the terminal sends a temporary identity to a Serving GPRS Support Node (SGSN). If no serving node in the network knows the terminal, the terminal need not sent its permanent identity in clear as was previously required. Rather, the serving node need only query the HLR since the HLR can map the terminal's temporary identity to its permanent identity. In this way, the permanent identity of the mobile wireless terminal remains secure.

Abstract: A General Packet Radio Service (GPRS) network (141) includes at least one, and preferably, a plurality of radio access networks (161–16m), each providing radio access to one or more mobile terminal users (121–12n). Associated with one or more of the access networks is a corresponding one of a plurality of Serving GPRS Service Nodes (SGSNs) (241–24m), each node serving to identify and authenticate a mobile terminal user. Advantageously, each SGSN also serves to cache IP packets from a sending mobile terminal user and to examine each packet to determine if the destination IP address corresponds to another mobile terminal user in the network. If so, then that SGSN routes the packet to the destination mobile terminal user. Otherwise, if the packet destination lies outside the network, the SGSN routes the packet to a gateway (32) for routing beyond the network.

Abstract: There is provided a method for supporting a mobile host in a communication structure having a home agent. The mobile host is enabled to communicate with a Network Address Translation (NAT) server. A packet for the mobile host, incorporating data that includes at least an address and a port used on the mobile host, is translated by the home agent into a global address and a port used on the NAT server, respectively. The packet is sent from the home agent for modification so that the packet can be routed to the mobile host. The packet is compatible with the NAT server.

Abstract: A method for mapping from an MPEG-2 transport stream to an IP-based RTP/UDP/IP stack for broadcasting service in a WLAN. All the mapping functions may be performed in a receiver transcoder (FIG. 2). Mobile devices such as laptop computers, cell phones and PDAs have limited battery power, CPU processing and memory resources. To reduce CPU processing power and consumption battery power in these devices certain data processing functions are achieved in the communicating systems, such as the de-multiplexer function that typically prepares an MPEG-2 for retransmission at the local level. When a transcoder, capable of de-multiplexing and MPEG-2 transport stream receives a program it de-multiplexes the stream based on PIDs assigned to each transport packet. This de-multiplexing function extracts several components from a transport stream: video and audio PES/ES associated with programs and PSI (PAT and PMTs).

Abstract: A public wireless LAN permits receipt of non-authentication traffic, such as access information requests, from a mobile wireless communications device prior to device authentication by partially opening a controlled port within an access point. The wireless LAN re-directs such non-authentication traffic received at the AP from the mobile wireless communications to a local web server. The local web server provides reply to the mobile wireless communications device, enabling a determination by the device whether or not to request access. The device seeks access by way of an access request received at the AP. In response, the AP re-directs the access request through an uncontrolled port in the AP to an access server that authenticates device. Upon successful device authentication, the AP fully opens its controlled port to permit the exchange of traffic through that port with the mobile wireless communications device.

Abstract: A method for authentication authorization and accounting (AAA) in an interworking between at least two networks. The at least two networks are capable of communicating with a broker and include a first network and a second network to user certificate from a user device corresponding to a user of the first network. The first network to user certificate is signed by at a first network private key and includes a broker to first network certificate and a user public key. The broker to first network certificate is signed by a broker private key and includes a first network public key. A session key is sent from the second network to the user device when the broker to first network certificate and the first network to user certificate are determined to be authentic by the second network based upon the broker public key and the first network public key, respectively. The session key is encrypted with the user public key. The session key is permitting the user device to access the second network.

Abstract: A mobile wireless terminal, upon transitioning from a wireless telephony network to a wireless Local Area Network (LAN), seeks identification by sending the same identity information used for identification in the wireless telephony network. Upon receipt of the identity information, a wireless LAN Access Server in the wireless telephony network identifies a Serving General Packet Radio Service Serving Node (SGSN) that had last served the wireless terminal in the wireless telephony network prior to transition. The wireless LAN Access Server forwards the identity information to the SGSN, which, in turn, provides an identification response for validating the terminal.

Abstract: A method of Authentication Authorization and Accounting (AAA) in an interworking between first and second networks that do not belong in the same asministrative domain, using certificate based transactions. In the method according to the invention, the second network sends a public key to the first network, and a certificate to a mobile device. The certificate includes information regarding the subscription level of the mobile device and is signed with a private key of the second network. Upon detection of the first network the mobile device transmits the certificate and the first network authenticates the certificate using the public and private keys of the second network, and authorizes access to the network in response. The first network then sends a session key encrypted with a public key of the mobile device. The mobile device decrypts the session key with a private key and access the first network using the session key.

Abstract: A method and a system for allowing a user device that has already been authenticated by a first communications network to gain access to a second communications network without undergoing authentication by the second communications network. The first communications network and the second communications network have a pre-established trust relationship there between. A packet is received from the user device that includes a user device public key, by the second network via the first network. A session key is sent from the second network to the user device, via the first network, when a source Internet Protocol (IP) address associated with the packet falls into a range allocated to the first network. The session key is encrypted with the user device public key. The user device decrypts the session key using a private key and uses the session key thereafter to access the second network.

Abstract: In a communications system (10), activation of a user interface (e.g., a hyperlink) to select an application depends on one or more conditions that might impact the application. Monitoring of the condition(s) occurs to determine whether each condition falls outside a corresponding threshold. If so, the interface is constrained, either partially or completely.

Abstract: An access arrangement (11) provides secure access by at least one mobile communications device (121-123) by first authenticating the device itself, and thereafter authenticating the traffic therefrom. To authenticate the traffic from the mobile communications device, an authentication server (24) associated with the access arrangement (11) establishes a Wired Equivalent Privacy (WEP) encryption key for both the access arrangement and the mobile communications device. The authentication server provides the WEP encryption key to the device in connection with a command to cause the device to execute a resident ActiveX control to encrypt traffic with the WEP encryption key. Utilizing the Active X control within the mobile communications device to encrypt traffic with the WEP encryption key provides a simple, easy-to-implement method to achieve secure access.