Abstract: An apparatus comprising a processor, the processor configured to select a first cryptographic key, encrypt a message with the first cryptographic key to produce a first encrypted message, and further encrypt the first cryptographic key and an identifier of a second apparatus with a first encryption key to form a second encrypted message.

Abstract: An approach is provided for reducing communication traffic and cost by applying recipient criteria in identity-based encryption. A recipient criterion application selects one or more recipient criteria for data, and encrypts the data using the selected one or more recipient criteria as a public key of identity-based encryption.

Abstract: Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.

Abstract: An approach is provided for reducing communication traffic and cost by applying recipient criteria in identity-based encryption. A recipient criterion application selects one or more recipient criteria for data, and encrypts the data using the selected one or more recipient criteria as a public key of identity-based encryption.

Abstract: Systems and methods are provided for enchancing pseudo random number generation to thwart various security attacks to a system that relies on digital signature security measures. For example, a random number may be bound to a message that is to be signed using a digital signature. Alternatively, a random number may be bound to a secret seed value, which may be updated subsequent to each signing. Alternatively still, a random number may be bound to both the message to be signed using a digital signature and a secret seed value.

Abstract: An approach is provided for reducing communication traffic and cost by applying recipient criteria in identity-based encryption. A recipient criterion application selects one or more recipient criteria for data, and encrypts the data using the selected one or more recipient criteria as a public key of identity-based encryption.

Abstract: An apparatus and method for storing and maintaining in a smart space device connectivity information of devices of the smart space including a plurality of disparate radio access technologies. The connectivity information is propagated to at least one other device of the smart space and is used for selecting an optimal distribution route for information to be shared in the smart space. Technologies such as NoTA, BillBoard and Whiteboard can be used.

Abstract: A computer system, method, and computer program product for controlling data communication in an ad-hoc network that connects a wireless device and a nearby wireless device. The method stores an application directory, determines a priority for each entry in the application directory, identifies a selected entry based on the priority, and examines the attributes and security parameters associated with the selected entry. When the security parameters indicate to use a secure connection, the method establishes a security association to support the data communication by querying a database for an existing security association that will satisfy the security parameters. When the query is successful, the method reuses the existing security association. When the query is unsuccessful, the method creates a new security association by establishing a privileged side channel to the nearby wireless device, negotiating the new security association over the privileged side channel, and storing the new security association.

Abstract: An apparatus and method for storing and maintaining in a smart space device connectivity information of devices of the smart space including a plurality of disparate radio access technologies. The connectivity information is propagated to at least one other device of the smart space and is used for selecting an optimal distribution route for information to be shared in the smart space. Technologies such as NoTA, BillBoard and Whiteboard can be used.

Abstract: An apparatus comprising a processor, the processor configured to select a first cryptographic key, encrypt a message with the first cryptographic key to produce a first encrypted message, and further encrypt the first cryptographic key and an identifier of a second apparatus with a first encryption key to form a second encrypted message.

Abstract: The invention relates to a method for sharing the authorization to use specific resources among multiple devices, which resources are accessible via messages on which a secret key operation was applied with a predetermined secret master key d available at a master device 11. In order to provide an optimized sharing of authorization, it is proposed that the master device 11 splits the secret master key d into two parts d1, d2. A piece of information relating to the first part d1 of the secret master key d is forwarded to the slave device 13 for enabling this slave device to perform a partial secret key operation on a message m. The second part d2 of the secret master key d is forwarded to a server 12 for enabling the server 12 to perform partial secret key operations on a message m received from the slave device 13.

Abstract: A short-range transaction system enables a user to conduct transactions with a self-service terminal in a user-friendly environment without using currency. The user carries a portable smart card, which interacts with a mobile phone. After authentication via an RFID connection, the device MAC address and a security key (K) are imprinted in the card. In operation, the user waves the smart card past the self-service terminal and activates an RFID connection. The terminal sends the card a random number. The card returns the MAC address and a result (RES) computed using the hash value and the security key. The terminal using the MAC address and security key establishes a secure connection with the device. The terminal downloads the user's transaction interface from the device and displays the user interface at the self-service terminal. The user completes a transaction at the terminal via the user interface.

Abstract: Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.

Abstract: A system, method, electronic device, module, and computer code product for communicating service information between an electronic device and a remote control point using an out-of-band discovery mechanism. An electronic device includes a memory unit, a processor operatively connected to the memory unit, and a data communication link for enabling communication within a network. The memory unit includes computer code for using an out-of-band discovery mechanism to provide service information to a remote control point through the data communication link.

Abstract: A method and corresponding equipment, for enabling a subscriber device (14) to engage a service provided by a server (12) to give a friend device (15) access to the service, including a step (21) in which the subscriber device (14) engages the server (12) to provide the service and obtains a subscriber certificate corresponding to the service; and a step (24) in which the subscriber device (14) issues to the friend device (15) a friend certificate based on the subscriber certificate, the friend certificate being such that it is recognized by the server as entitling the friend device to the service.

Abstract: A short-range transaction system enables a user to conduct transactions with a self-service terminal in a user-friendly environment without using currency. The user carries a portable smart card, which interacts with a mobile phone. After authentication via an RFID connection, the device MAC address and a security key (K) are imprinted in the card. In operation, the user waves the smart card past the self-service terminal and activates an RFID connection. The terminal sends the card a random number. The card returns the MAC address and a result (RES) computed using the hash value and the security key. The terminal using the MAC address and security key establishes a secure connection with the device. The terminal downloads the user's transaction interface from the device and displays the user interface at the self-service terminal. The user completes a transaction at the terminal via the user interface.

Abstract: A computer system, method, and computer program product for controlling data communication in an ad-hoc network that connects a wireless device and a nearby wireless device. The method stores an application directory, determines a priority for each entry in the application directory, identifies a selected entry based on the priority, and examines the attributes and security parameters associated with the selected entry. When the security parameters indicate to use a secure connection, the method establishes a security association to support the data communication by querying a database for an existing security association that will satisfy the security parameters. When the query is successful, the method reuses the existing security association. When the query is unsuccessful, the method creates a new security association by establishing a privileged side channel to the nearby wireless device, negotiating the new security association over the privileged side channel, and storing the new security association.

Abstract: The invention relates to a method and arrangement for efficient distribution of Internet key exchange using Internet Key Exchange protocol (IKEv1 and IKEv2) securely in mobile terminal. The objects of the invention are fulfilled by distributing IKEv1 and/or IKEv2 protocol in secure way between mobile equipment and tamper resistant device (TRD), so, that most of the complex public key operations are done in mobile equipment and authentication is done by TRD. In addition there may be a counter for measuring the number of request from outside, which allows only a certain numbers of request and in that way provide security against, e.g. timing and DPA (Differential Power Analysis) attacks.

Abstract: The invention relates to a method for sharing the authorization to use specific resources among multiple devices, which resources are accessible via messages on which a secret key operation was applied with a predetermined secret master key d available at a master device 11. In order to provide an optimized sharing of authorization, it is proposed that the master device 11 splits the secret master key d into two parts d1, d2. A piece of information relating to the first part d1 of the secret master key d is forwarded to the slave device 13 for enabling this slave device to perform a partial secret key operation on a message m. The second part d2 of the secret master key d is forwarded to a server 12 for enabling the server 12 to perform partial secret key operations on a message m received from the slave device 13.