Abstract: A system and method is provided for communication of information in a mobile communication device (WMCD) configured to network connection may include discovering via a wireless mobile communication device, available communication resources based on acquired biometric data for a user of the WMCD, and communicating multimedia information between the WMCD and one or more of the discovered available resources. The acquired biometric data may include physical and behavioral biometric data to be authenticated and validated by a pattern recognition database. A connection between the WMCD and one or more discovered available resources may be established through linking the acquired biometric data to resources in available local or remote network. The established connection may enable the WMCD to consume or redirect media from the available resources and may be dynamically adjusted and updated based on dynamic sensing of the acquired biometric data in the available network or available resources.

Abstract: Dynamically splitting jobs in wireless system between agnostic processor may comprise evaluating a job that a wireless mobile communication device may be requested to perform. The wireless mobile communication (WMC) device may evaluate a requested job to determine if one or more tasks may be sent to a remote device. The WMC device may consider such factors as information pertaining to the WMC device itself, information relating to the connection between the devices, and/or information pertaining to the remote device. This information may comprise such data as power availability in the wireless mobile communication device, processing load in the WMC device, processing and/or storage capabilities of the remote device, and characteristics of the connectivity between the two devices.

Abstract: Systems and methods for securing a credential generated by or stored in an authentication token during an attempt to access a service, application, or resource are provided. A secure processor receives a credential from an authentication token and securely stores the credential. The secure processor then verifies the identity of the individual attempting to use the authentication token and cryptographically verifies the identity of the server being accessed. The credential is only released for transmission to the server if both the identity of the individual and the identity of the server are successfully verified. Alternatively, a secure connection is established between the secure processor and the server being accessed and a secure connection is established between the secure processor and a computing device. The establishment of the secure connections verifies the identity of the server. After the secure connections are established, the identity of the user is verified.

Abstract: Methods and systems are provided that authenticate an intended user of a mobile client in a roaming environment. One embodiment of the invention provides a mobile communication network architecture that includes a first base station (e.g., a first base station controller and/or a first transceiver station), a second base station (e.g., a second base station controller and/or a second transceiver station), a mobile client, and a server coupled to the mobile client via either the first base station controller or the second base station. The first base station is coupled to an authentication center that authenticates an intended user so that the user can communicate a message between the mobile client and the server via the first base station. A credential (or status) of the authentication made at the authentication center is then transmitted from the first base station to the second base station when the mobile client moves to utilize the second base station to communicate with the server.

Abstract: A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory.

Abstract: Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.

Abstract: Stateless hardware security modules facilitate securing data transfers between devices in a data communication system. The stateless hardware security module may communicate with other devices via a secure communication channel to securely transfer information between the client device and another device. As a result, sensitive information such as cryptographic keys and data may be securely routed between the client device and another device. The stateless hardware security module may support a limited set of key management operations to facilitate routing of information between the client device and another device. However, the stateless hardware security module does not need to maintain state information for the keys it maintains and/or uses. As a result, the stateless hardware security module may be advantageously integrated into a variety of client devices.

Abstract: A handheld wireless communication device (HWCD) establishes an ad hoc network comprising interconnected networks for a user. The HWCD gains access to content on a first device and controls communication of the content from the first device via the HWCD to a second device. The HWCD enables the second device to consume the content. The content may be streamed from the first device via the HWCD to the second device. The first device is a service provider network device or other network device. The access may be authenticated and/or secure. Secure access to the content is extended from the first device to the second device. The ad hoc network is configured and/or reconfigured until communication is complete. The HWCD comprises multiple wireless interfaces. The ad hoc network comprises a PAN, WLAN, WAN and/or cellular network. The HWCD may hand-off among base stations during communication of the content.

Abstract: A system and method is provided for handling data in wireless communication devices where data may be captured and linked to a personal journal via indexing and mapping of context data tags abstracted from captured data. The captured data may be retrieved by matching a query to one or more context data tags indexed and mapped to the personal journal. A user preference utilizing one or more of the context data tags linked to the personal journal may facilitate captured data retrieval. The captured data may include multimedia data of an event pre-tagged with indexed information such as user ID, time, date, location and environmental condition or optionally one or more user's biometric data in response to the event. The pre-tagged captured data may be stored in the local host device or transferred to a remote host or storage for later retrieval or post processing.

Abstract: Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction.

Abstract: Dynamically splitting jobs in wireless system between agnostic processor may comprise evaluating a job that a wireless mobile communication device may be requested to perform. The wireless mobile communication (WMC) device may evaluate a requested job to determine if one or more tasks may be sent to a remote device. The WMC device may consider such factors as information pertaining to the WMC device itself, information relating to the connection between the devices, and/or information pertaining to the remote device. This information may comprise such data as power availability in the wireless mobile communication device, processing load in the WMC device, processing and/or storage capabilities of the remote device, and characteristics of the connectivity between the two devices.

Abstract: Systems and methods for securing a credential generated by or stored in an authentication token during an attempt to access a service, application, or resource are provided. A secure processor receives a credential from an authentication token and securely stores the credential. The secure processor then verifies the identity of the individual attempting to use the authentication token and cryptographically verifies the identity of the server being accessed. The credential is only released for transmission to the server if both the identity of the individual and the identity of the server are successfully verified. Alternatively, a secure connection is established between the secure processor and the server being accessed and a secure connection is established between the secure processor and a computing device. The establishment of the secure connections verifies the identity of the server. After the secure connections are established, the identity of the user is verified.

Abstract: An online trusted platform module (TPM) in communication with a security module that can be located elsewhere in the network in a server machine. In an embodiment, the online TPM is connected directly to a network interface card (NIC) that is also resident at the client. This allows the online TPM to communicate directly to the network, and therefore to the security module (without having to deal with the TCP/IP stack at the client machine in some circumstances, e.g., the boot process). In an embodiment, the communications channel between the online TPM and the security module is implemented using the transport layer security (TLS) protocol. A secure boot process is performed in advance of security processing. Typical security processing includes receipt, by the online TPM, of one or more commands from an application. The online TPM then proxies out the commands to the security module.

Abstract: An ad hoc network enabled to handle secure data may be created for a specified user via a handheld wireless communication device (HWCD) such that rightful access to protected data stored on one or more networked devices may be extended to one or more distributed rendering devices. The HWCD and/or the user may be authenticated. The HWCD may enable configuration of one or more dynamic connections on the ad hoc network as needed until communication of data is complete. Bandwidth and throughput of one or more communication links may be adjusted according to bandwidth availability. The data may be buffered via the HWCD and/or one or more of the distributed rendering devices. Processing data tasks may be assigned to one or more networked resources on the ad hoc network. The data may undergo format conversion and be consumed on the one or more distributed rendering devices and/or the HWCD.

Abstract: Methods and associated systems provide secured data transmission over a data network. A security device provides security processing in the data path of a packet network. The device may include at least one network interface to send packets to and receive packets from a data network and at least one cryptographic engine for performing encryption, decryption and/or authentication operations. The device may be configured as an in-line security processor that processes packets that pass through the device as the packets are routed to/from the data network.

Abstract: Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

Abstract: A mobile device may be operable to determine, based on a known location of the mobile device, a location for a RF communication device that communicates with the mobile device, whenever the mobile device is within proximate range of the RF communication device. The determined location for the RF communication device may be stored in a location database in a location server and/or a memory in the RF communication device. The stored location of the RF communication device may then be used to determine a location for other mobile devices that may communicate with the RF communication device and are within proximate range of the RF communication device. The RF communication device may comprise a radio-frequency identification (RFID) device and/or a near field communication (NFC) device. The determined location for the RF communication device may comprise the known location of the mobile device.

Abstract: A system and method is provided for handling data in wireless communication devices where data may be captured and linked to a personal journal via indexing and mapping of context data tags abstracted from captured data. The captured data may be retrieved by matching a query to one or more context data tags indexed and mapped to the personal journal. A user preference utilizing one or more of the context data tags linked to the personal journal may facilitate captured data retrieval. The captured data may include multimedia data of an event pre-tagged with indexed information such as user ID, time, date, location and environmental condition or optionally one or more user's biometric data in response to the event. The pre-tagged captured data may be stored in the local host device or transferred to a remote host or storage for later retrieval or post processing.

Abstract: A mobile device may determine its initial absolute location; may track using a plurality of sensors, its movements relative to the initial absolute location; and may generate location related data for a location based on that tracking. Tracking movement of the mobile device may comprise generating data corresponding to three-dimensional (3D) linear and/or rotational changes in position and/or location of the mobile device. The initial absolute location may be determined directly by the mobile device, based on GNSS signals and/or assisted GNSS (A-GNSS) data received from one or more location servers; and/or it may be estimated based on a location of a communication device that is communicatively coupled to the mobile device. The generated location related data may propagated by the mobile device to other mobile and/or communication devices, and/or to the location servers, where a reference database for supporting location related services (LBS) may be updated accordingly.

Abstract: A transmitting communication device may iteratively adjust its transmit power, and may estimate, based on iterative transmit power adjustment, relative location of a receiving communication device. The transmit power may be initialized to a maximum value, and the transmit power may be iteratively reduced until connectivity with the receiving communication device is lost. The loss of connectivity may be determined based on reception of responses to ping messages transmitted by the transmitting communication device. The transmitting communication device may authenticate the receiving communication device and/or a user of the receiving communication device. The authentication may comprises utilizing transmit power adjustment and/or relative location estimation therefrom to ensure that a separation between the devices does not exceed a maximum value.