Abstract: A method for securely transporting personalized service policies from a trusted home SIP server to an un-trusted host server, through a hostile environment, such as the Internet, using identity-based encryption. A user is able to define an instance-based encryption seed for a public key to be used in encryption of SIP, or other open signaling protocol, personalized services, including defining the time and the location at which the public key is to be valid. The method consists of encrypting, in accordance with instance-based parameters, personal profile information describing the personalized service policies; retrieving the encrypted personal profile information at the un-trusted host server; and decrypting the encrypted personal profile information if the instance-based parameters are satisfied.

Abstract: A security system and method for deterring theft of a product, especially an automotive vehicle, is provided. In an embodiment, a secure storage device is provided that can be presented to a vehicle computer. The secure storage device includes a digital certificate associated with the vehicle and is operable to automatically install the certificate on the vehicle's computer once presented to the computer. At this point the vehicle's computer checks whether the certificate is valid and is issued by the private enterprise certificate authority of the vehicle manufacturer. If it is valid, the vehicle's computer then presents the certificate to the software upgrade server of the vehicle manufacurer. The upgrade server checks its certificate revocation list to see if the certificate has been revoked, perhaps because the vehicle is in a list of reported stolen vehicles. If the vehicle is not in the list i.e.

Abstract: A distributed DSLAM, which comprises a head end subsystem located within a switching facility and a remote subsystem located outside of the switching facility. The head end subsystem is operative for routing streams of data from a data network to the remote subsystem over a communication link, while the remote subsystem is operative for transmitting over a set of local loops analog signals comprising digitally modulated versions of the data. Separating the routing and modem functionality between inside and outside plant facilities reduces heat dissipation in the outside plant, leading to increased reliability. Flow control can be performed in the upstream and downstream directions by transmitting portions of individual packets and withholding other portions of individual packets. This is done instead of withholding the transmission of entire packets. As a result, the perceived impact on video quality, for example, is lessened.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

Abstract: A validation phase is performed at an RFID reader, in order to ascertain which of a plurality of potential candidates for authentication, are actual candidates for authentication. Once a candidate has been successfully validated, an authentication phase is initiated with a host computer, to determine whether the information presented by the candidate matches expected information about the candidate. If the authentication is considered successful, a final authorization procedure may be performed, or the authenticated candidate may be granted certain predetermined permissions. By performing the validation phase locally at the reader, the need for accessing a host computer is reduced and unnecessary queries to the host computer are avoided.

Abstract: A security system and method is provided. An embodiment includes a security access device that includes a first transmitter for transmitting authentication to a computer and a second transmitter for transmitting verification information to a computer. The first transmitter is typically active and consumes power from the access device, while the second transmitter is typically passive, and consumes less or nil power from the access device. When the security access device is initially brought proximal to the computer and activated, the authentication information is sent to the computer and the user is logged in. Periodically, the computer will query the passive transmitter for verification information, to ensure that the security access device is still proximal to the computer.

Abstract: A system and method for access control is provided. In one embodiment, a system includes a computing device connected to an access server that controls the ability of the computing device to access to a computing resource, such as the Internet. The access server connects to an activation server via a network. The activation server is operable to receive a request for to generate a certificate for the computing device from the activation server. The activation server is operable to generate the certificate and embed a unique identifier of the computing device and/or the access server and/or the like inside the certificate. Once generated, the certificate is installed in the computing device. When the computing device initiates a request to access the computing resource, the computing device initially sends the certificate to the access server.

Abstract: A security system and method is provided. In an embodiment, a personal integrated circuit (“PIC”), is provided that can be presented to a laptop computer. The PIC includes a digital certificate personal to an authorized user and is operable to automatically install the certificate on the laptop computer once presented into the computer and once the user enters a valid password respective to the PIC. At this point, the laptop presents the certificate to a server via a network, and the certificate is checked for validity. If valid, the user is then permitted to log into the server. Having logged into the server, the user can remain logged in even as the PIC is removed and presented to different computing devices that are also able to connect to the server via the network. Typically, the user is only able to access the server through the computing device to which the PIC is attached.

Abstract: Method and adapter apparatus for securing information exchanged between a calling party and a called party. A first signal is generated, which is representative of an analog probe signal. The first signal is released towards the called party. Responsive to receipt from the called party of a second signal responsive to the analog probe signal and indicative of an ability of the called party to participate in a secure information exchange, negotiations are performed with the called party to securely exchange subsequent information with the called party. In this way, the adapter apparatus can securely exchange information without prior knowledge of whether the called party is secure-capable or secure-incapable and without prior knowledge of whether the called party is a POTS phone or a packet-switched device.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded.

Abstract: A novel system and method for secure communication is provided. In an embodiment, a satellite pay-tv system is provided that includes a head end office that broadcasts programming to one or more subscriber stations via satellite. The subscriber station includes a set top box operable to receive a smart card. The subscriber station is configured to only receive programming if the smart card contains a serial number that corresponds with the serial number of the subscriber station. Methods are provided for updating the smart card profile.