Abstract: A communication device associated with a wireless access point, namely, a WiFi access point or a Bluetooth access point for example, communicates its location information to the wireless access point. The wireless access point determines its own location utilizing the communicated location information. The communicated location information comprises a device location address and/or a GNSS position of the associated communication device. The device address comprises a network accessible address, a device identifier, a telephone number, an IP address, a url and/or ftp location, an e-mail address, and/or an account number that identifies a corresponding location of the communication device. The wireless access point retrieves corresponding device location addresses and/or GNSS positions from a plurality of associated communication devices. The retrieved device location addresses are converted to determine corresponding locations for self-locating the wireless access point.

Abstract: A multi-radio mobile device comprises a plurality of different radios. When a location update occurs, the multi-radio mobile device, at a specific location, acquires location-based radio information from a remote location server. The multi-radio mobile device selects a radio for use in the specific location based on the acquired location-based radio information comprising available radios in the specific location and radio weights. The radio is selected from the available radios based on the radio weights in the specific location. Transmissions of a desired service are received in the specific location utilizing the selected radio. Location-based radio measurements reports to the remote location server are generated utilizing signal strength measurements for the received signals. Radio quality information of the available radios is calculated by the location server utilizing location-based radio measurement reports from associated users.

Abstract: Methods and systems for updating altitude information for a location by using terrain model information to prime altitude sensors are disclosed and may include determining an altitude of a wireless device including one or more altimeters. The determination of altitude may include determining a location of the wireless device, receiving an altitude value for the location from an altitude database, and measuring a change in the altitude using the altimeters. The database may include a worldwide terrain database that may be stored on a remote device, such as a server. Part of the database may be stored on the wireless device and may be updated as the wireless device moves. The location may be determined utilizing a global navigation satellite system, which may include GPS, GLONASS, and GALILLEO. The location may be measured utilizing cellular service triangulation or by utilizing one or more access points with known locations.

Abstract: A multi-radio mobile device receives data transmission of a session from a serving access network in a heterogeneous network system comprising difference access networks. A handoff is performed based on the received data transmissions. User-level QoS for the wireless communication session is adjusted during the handoff based on connection QoS information in the current location of the multi-radio mobile device and/or a velocity of the multi-radio mobile device. Location-based network connection information, comprising call drop information and the connection QoS information, in the current location of the multi-radio mobile device is acquired from a location server. A target access network or a different base station in the serving access network associated with the highest connection QoS is selected. The user-level QoS is adjusted during the handoff for receiving the wireless communication session from the selected target access network or the different base station in the serving access network.

Abstract: A location server may be operable to refine a location for a RF node based on a weight applied to one or more location samples that are received from one or more mobile devices. The received location samples may be weighted based on a manufacturer and/or a model information of each of the mobile devices, properties and/or conditions of a RF environment associated with each of the mobile devices, a GNSS dilution of precision, motion sensors used by each of the mobile devices and/or a geometrical population condition associated with each of the mobile devices within range of the RF node. A valid location for the RF node may be generated utilizing the weighted location samples. The location server may update location information for the RF node, which may be stored in a location database, utilizing the valid location for the RF node.

Abstract: A RFID reader of a RFID enabled mobile device receives RFID information from a RFID tag attached to an object. In instances where the RFID enabled mobile device is GNSS enabled, a GNSS position of the RFID enabled mobile device is determined to associate, for example, by location stamping, with the received RFID information. The location-stamped RFID information is communicated to a remote location server, where location-based RFID information is received from a plurality of users. The RFID enabled mobile device may communicate at least a portion of the received RFID information to the remote location server. When GNSS is not enabled, the RFID enabled mobile device estimates its own location utilizing location information, if available, for the object in the received RFID information. Otherwise, the RFID enabled mobile device acquires location-based RFID information from the remote location server so as to determine its own location.

Abstract: A mobile device may be operable to collect location data for a RF node and cache the collected location data in the mobile device. Resources that may be utilized for improving the uploading of the cached location data to a location server may be determined by the mobile device. The cached location data may be communicated, to the location server for updating a location database, by the mobile device utilizing the determined resources. The mobile device may determine and utilize an opportunistic transport based on a data usage and/or an access. The mobile device may store a subset of the location database locally for comparing with the cached location data for redundancy. The compared location data may be transmitted by the mobile device to the location server for updating the location database if the compared location data are not redundant data.

Abstract: A GNSS enabled mobile device moves from a first area where GNSS signal quality and/or level is above a threshold to a second area where GNSS signal quality and/or level is below the threshold. The GNSS enabled mobile device in the second area determines its own location utilizing previous GNSS measurements in the first area. GNSS signals are received to calculate GNSS measurements whenever the GNSS enabled mobile device is in the first area. The calculated GNSS measurements are utilized to determine a location of the GNSS enabled mobile device within the first area. The GNSS enabled mobile device in the second area utilizes the most current GNSS measurements in the first area to determine its own location. Sensors such as an image sensor, a light sensor, an audio sensor and/or a location sensor are used to refine the location of the GNSS enabled mobile device in the second area.

Abstract: Whenever a mobile device in a building is within proximity of a RF communication device, the mobile device may be operable to receive location information transmitted, for example by broadcasting it, from a RF communication device. The transmitted location information comprises altitude information of the RF communication device. At least an altitude of the mobile device may be determined based on the received altitude information of the RF communication device. The RF communication device may be located in an elevator car and/or on a particular floor in the building. Whenever the RF communication device is located in the elevator car, the altitude information of the RF communication device may be received by the RF communication device from an elevator controller. In instances when the RF communication device also transmits its latitude/longitude (LAT/LON), the mobile device may be operable to determine a 3-dimentional (3D) location of the mobile device.

Abstract: A GNSS enabled mobile device concurrently receives GNSS signals from GNSS satellites and transmissions from a cellular base station. GNSS-based velocities and GNSS locations are determined for the GNSS enabled mobile device utilizing the received GNSS signals. A cellular Doppler is measured on the cellular base station. A location of the cellular base station is determined based on the determined GNSS-based velocity and corresponding cellular Doppler measurements. The cellular base station may be located by the GNSS enabled mobile device and/or by a remote location server. In this regard, the remote location server may determine the location for the cellular base station utilizing GNSS velocities and corresponding cellular Doppler measurements received from plural GNSS enabled mobile devices in a coverage area of the cellular base station. The determined location of the cellular base station is used to refine GNSS locations of the plurality of GNSS enabled mobile devices when needed.

Abstract: Provided is an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network. Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm in such a matter as to reduce the overall critical timing path (“hiding the ads”); and, for a multi-loop (e.g., HMAC) variant of a multi-round authentication algorithm, pipelining the inner and outer loops.

Abstract: Methods and apparatus are provided for using explicit initialization vectors in both encryption and decryption processing. In one example, a sender generates an initialization vector, identifies cryptographic keys, encrypts data using the initialization vectors and the cryptographic keys, and transmits the encrypted data in a packet along with the initialization vector. A receiver identifies cryptographic keys, extracts the initialization vector from the received packet, and decrypts the encrypted data using the cryptographic keys and the initialization vector extracted from the received packet.

Abstract: Methods and systems for environment configuration by a device based on auto-discovery of local resources and generating preference information for those resources are disclosed and may include discovering available networked resources utilizing a wireless mobile communication device (WMCD). Wireless communication may be established with one or more of the available networked resources utilizing the WMCD, which may then configure the resources according to user preferences. The user preferences may be stored internal or external to the WMCD, and may be modified based on subsequent changes to the configuring of the resources. The WMCD may communicate with the resources utilizing one or more of a plurality of wireless protocols, which may comprise cellular, WLAN, near-field communication, Bluetooth, and radio frequency identification. The WMCD may auto-discover as well as determine and authenticate access privileges for the resources, which may comprise devices for adjusting a user's local environment.

Abstract: Methods and apparatus are provided for performing authentication and decryption operations in a cryptography accelerator system. Input data passed to a cryptography accelerator from a host such a CPU includes information for a cryptography accelerator to determine where to write the processed data. In one example, processed data is formatted as packet payloads in a network buffer. Checksum information is precalculated and an offset for a header is maintained.

Abstract: In a computing management system authentication procedures are secured by protecting keys and/or processes used during the authentication procedures. In some embodiments the system cryptographically protects any keys used to mutually authenticate a management console and client. In some embodiments the system cryptographically protects execution of one or more of the algorithms used to mutually authenticate a management console and client.

Abstract: Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

Abstract: A system for revoking access to a mobile device comprises a mobile device providing a plurality of applications and an agent providing a plurality of revocation procedures for revoking access by the mobile device to the plurality of applications running on the mobile device. Access to a first application is revoked by the agent using a first revocation procedure, and access to a second application is revoked by the agent using a second revocation procedure.

Abstract: A sensor is implemented in an integrated circuit. The sensor includes one or more sensor pads that are provided at or near a surface of the integrated circuit. One or more integrated circuit components such as a sense amplifier are provided in the integrated circuit die adjacent the sensor pads. One or more other components are provided in the integrated circuit die adjacent the sensor pads.

Abstract: Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction.

Abstract: Aspects of a method and system for securing a network utilizing IPsec and MACsec protocols are provided. In one or more network nodes, aspects of the invention may enable conversion between Ethernet packets comprising payloads secured utilizing IPsec protocols and Ethernet packets secured utilizing MACsec protocols. For example, IPsec connections may be terminated at an ingress network node and IPsec connections may be regenerated at an egress network node. Packets secured utilizing MACsec protocols may be detected based on an Ethertype. Packets comprising payloads secured utilizing IPsec protocols may be detected based on a protocol field or a next header field. The conversion may be based on a data structure stored by and/or accessible to the network nodes. Aspects of the invention may enable securing data utilizing MACsec protocols when tunneling IPsec secured data through non-IPsec enabled nodes.