Abstract: Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed.

Abstract: Aspects describe compressing the concatenation of IP headers, UDP headers, ESP headers, and potentially other headers inside the ESP header. The multiple headers are regarded as one header chain and compressed as a single header chain. The compression can utilize a robust header compression (ROHC) framework. The ROHC ESP profile can be utilized as a basis for compression of ESP/UDP/IP headers with the addition of static chains and dynamic chains for multiple layer transport and application layer headers. Static chains include UDP static header fields either between static IP header fields and static IP header fields or between static IP header fields and static ESP header fields. Dynamic chains include UDP dynamic header fields either between dynamic IP header fields and dynamic ESP header fields or between static IP header fields and static IP header fields.

Abstract: The described apparatus and methods may include a local network formation module configured to join an overlay network via an available connection, retrieve from the overlay network at least one ad associated with forming a local network, determine if there is at least one matching ad to form the local network, and if no matching ads are determined, then publish an ad with a first local network configuration, or if one or more matching ads are determined, then join a local network according to a second local network configuration corresponding to one of the one or more matching ads.

Abstract: Methods and apparatus for enhanced overlay state maintenance in a peer-to-peer overlay network. A first method includes inferring that a first node is leaving the overlay network, and transmitting a decrement message to decrement a size counter value. A second method includes identifying a set of nodes associated with a first node of an overlay network, obtaining a segment length associated with each node of the set of nodes, and determining a size of the overlay network by dividing the total number of nodes in the set of nodes by the sum of the segment lengths. A third method includes identifying a set of nodes associated with a first node of an overlay network, obtaining a size estimate associated with the first node and with each node of the set of nodes, and determining a size of the overlay network by averaging the size estimates.

Abstract: Methods and apparatus for merging peer-to-peer overlay networks. A method includes receiving an advertisement from a second overlay network, determining a size of the second overlay network, performing a self search on the second overlay network based on a persistent node identifier, if the size of the second overlay network is greater than the size of a first overlay network, and joining the second overlay network if the persistent node identifier is not part of the second overlay network. An apparatus includes a transceiver to receive an advertisement from a second overlay network, and a processor coupled to the transceiver to determine a size of the second overlay network, perform a self search on the second overlay network based on a persistent node identifier, and join the second overlay network if the persistent node identifier is not part of the second overlay network.

Abstract: Methods and apparatus for creation, advertisement, and discovery of peer-to-peer overlay networks. A method includes detecting one or more communication links that allow a node to communicate with other nodes, determining that a universal overlay network is accessible using at least one communication link, selecting a selected communication link from the at least one communication link, and joining the universal overlay network using the selected communication link. An apparatus includes a transceiver configured to detect one or more communication links that allow a node to communicate with other nodes, and a processor configured to determine that a universal overlay network is accessible using at least one communication link, select a selected communication link from the at least one communication link, and join the universal overlay network using the selected communication link.

Abstract: Disclosed are apparatus and methods operable to distribute targeted content. Additionally, disclosed are corresponding apparatus and methods operable to selectively choose and cache selected ones from among the distributed targeted content, and to further choose ones from among the cached content to present on a device. In some aspects, selective caching of content may be based upon a match between predetermined content attribute information and predetermined profile information. Further, in some aspects, an indicator is operable to trigger the selective inclusion of one or more of the cached content in a presentation of other content, which may be based on a match between a desired content attribute associated with the indicator and the respective predetermined content attribute information of the cached content.

Abstract: A multi-party commitment method is provided whereby a joining node uses contributions provided by contributor nodes in a peer-to-peer overlay network to generate a node identifier. The joining node generates a first contribution and sends a join request to an introducer node (or a plurality of contributor nodes), where the join request seeks to obtain one or more contributions for generating the node identifier within an identifier space of the overlay network. A hash of the first contribution may be included as part of the join request. In response, the joining node may receive a plurality of contributions, wherein the contributions are bound to each other and the first contribution by a prior external multi-node commitment operation. The joining node can then generate its node identifier as a function of the first contribution and the received contributions. Consequently, collusion between nodes and malicious manipulation during ID generation can be frustrated.

Abstract: A system and method are provided that allow an application on a first terminal to inquire about available network communication associations that it can use to send data to another terminal, thereby avoiding the establishment of a new network communication association with the other terminal. A security information module may serve to collect and/or store information about available network communication associations between the first terminal and another terminal across different layers. The security information module may also assess a trust level for the network communication associations based on security mechanisms used to establish each association and/or past experience information reported for these network communication associations. Upon receiving a request for available network communication associations, the security information module provides this to the requesting application which can use it to establish communications with a corresponding application on the other terminal.

Abstract: Disclosed are apparatus and methods operable to distribute targeted content. Additionally, disclosed are corresponding apparatus and methods operable to selectively choose and cache selected ones from among the distributed targeted content, and to further choose ones from among the cached content to present on a device. In some aspects, selective caching of content may be based upon a match between predetermined content attribute information and predetermined profile information. Further, in some aspects, an indicator is operable to trigger the selective inclusion of one or more of the cached content in a presentation of other content, which may be based on a match between a desired content attribute associated with the indicator and the respective predetermined content attribute information of the cached content.

Abstract: Disclosed is a method for security management in a station. In the method, a pre-registered credential is received. The pre-registered credential has been associated with a network group by a registration entity. The station is established as a member of the network group based on the received pre-registered credential thereby effecting access rights with other member stations participating in the network group.

Abstract: Methods and systems enable receiving on mobile devices credits, tokens or coupons from mobile TV broadcast service providers. Credits may be delivered via direct unicast messages such as SMS or e-mail, or via broadcast provisioning messages. Subscription response messages may be used to deliver credits to mobile devises which transmit a request for service. Broadcast service providers may push credits to mobile devices by transmitting a solicited pull message or a credit grant push message. Credits may be sent to mobile devices within a credit response message or a long term decryption key message. Credits may be used a purchase transaction, with the broadcast service provider controlling redemption of credits by sending an a long term decryption key message via a unicast network or a short term decryption key message via the broadcast network to cause mobile devices to decrement their stored credits.

Abstract: A method is provided for securing a PMIP tunnel between a serving gateway and a new access node through which an access terminal communicates. A PMIP key hierarchy unique to each access terminal is maintained by the gateway. The gateway uses a first node key to secure PMIP tunnels when authentication of the access terminal has been performed. A PMIP key is generated based on the first node key and the PMIP key is sent to the new access node to assist in establishing and securing a PMIP tunnel between the gateway and the new access node. Otherwise, when authentication of the access terminal has not been performed, the gateway generates a second node key and sends it to an intermediary network node which then generates and sends a PMIP key to the new access node. This second key is then used to secure the PMIP tunnel.

Abstract: Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed.

Abstract: Methods and apparatus for efficient routing in communication networks. In an aspect, a method is provided for traffic routing between first and second nodes in a communication network. The method includes detecting traffic transmitted between the first and second nodes, transmitting a request to a mobility agent associated with the first node to request authorization for a route optimization between the first and second nodes, receiving a response that authorizes the route optimization, and establishing an optimized route. In an aspect, an apparatus includes detector logic for detecting traffic transmitted between the first and second nodes, transmitting logic for transmitting a request to a mobility agent associated with the first node to request authorization for a route optimization between the first and second nodes, receiving logic for receiving a response that authorizes the route optimization, and connection logic for establishing an optimized route.

Abstract: Disclosed is a method for mutual authentication between a station, having a digital rights agent, and a secure removable media device. The digital rights agent initiates mutual authentication by sending a message to the secure removable media device. The secure removable media device encrypts a first random number using a public key associated with the digital rights agent. The digital rights agent decrypts the encrypted first random number, and encrypts a second random number and a first hash based on at least the first random number. The secure removable media device decrypts the encrypted second random number and the first hash, verifies the first hash to authenticate the digital rights agent, and generates a second hash based on at least the second random number. The digital rights agent verifies the second hash to authenticate the secure removable media device.

Abstract: The disclosure is directed to an access terminal. The access terminal includes a display configured to enable a user to view a presentation having content, and a processing component configured to receive the presentation and select an advertisement to insert into the content of the presentation before the presentation is provided to the display for viewing by the user.