Abstract: A method for transmitting message frames, comprising: generating, by an end device comprising a processor, a first message frame portion comprising a first plain header; obtaining a device identifier (DevEUI) and a header blinding key (HdrBKey); generating a first header mask using the DevEUI and the HdrBKey; obtaining a first blinded header by applying the first header mask to the first plain header; obtaining a first updated message frame portion by updating the first message portion using the first blinded header; generating a first blinded message frame comprising the first updated message frame portion; and transmitting the first blinded message frame to a network gateway.

Abstract: A method for transmitting message frames, comprising: generating, by an end device comprising a processor, a first message frame portion comprising a first plain header; obtaining a device identifier (DevEUI) and a header blinding key (HdrBKey); generating a first header mask using the DevEUI and the HdrBKey; obtaining a first blinded header by applying the first header mask to the first plain header; obtaining a first updated message frame portion by updating the first message portion using the first blinded header; generating a first blinded message frame comprising the first updated message frame portion; and transmitting the first blinded message frame to a network gateway.

Abstract: A software-defined radio system has a plurality of fixed radio receivers each operable to receive radio signals in a receiving band, to sample a received radio signal to produce a sample stream, and to send the sample stream over a network. The radio system includes at least one fixed sync signal transmitter operable to transmit predetermined sync signals in said receiving band to receivers of the aforementioned plurality. The radio system further comprises a data processing system which is connected to the network for receiving sample streams from the receivers. The data processing system is operable to align samples of a data signal contained in sample streams from different receivers by: detecting a sync signal in those sample streams; determining a timing offset between samples of the sync signal in those sample streams in dependence on predetermined locations of the different receivers and the transmitter of that sync signal; and aligning the samples of the data signal in dependence on the timing offset.

Abstract: A software-defined radio system has a plurality of fixed radio receivers each operable to receive radio signals in a receiving band, to sample a received radio signal to produce a sample stream, and to send the sample stream over a network. The radio system includes at least one fixed sync signal transmitter operable to transmit predetermined sync signals in said receiving band to receivers of the aforementioned plurality. The radio system further comprises a data processing system which is connected to the network for receiving sample streams from the receivers. The data processing system is operable to align samples of a data signal contained in sample streams from different receivers by: detecting a sync signal in those sample streams; determining a timing offset between samples of the sync signal in those sample streams in dependence on predetermined locations of the different receivers and the transmitter of that sync signal; and aligning the samples of the data signal in dependence on the timing offset.

Abstract: A software-defined radio system has a plurality of fixed radio receivers each operable to receive radio signals in a receiving band, to sample a received radio signal to produce a sample stream, and to send the sample stream over a network. The radio system includes at least one fixed sync signal transmitter operable to transmit predetermined sync signals in said receiving band to receivers of the aforementioned plurality. The radio system further comprises a data processing system which is connected to the network for receiving sample streams from the receivers. The data processing system is operable to align samples of a data signal contained in sample streams from different receivers by: detecting a sync signal in those sample streams; determining a timing offset between samples of the sync signal in those sample streams in dependence on predetermined locations of the different receivers and the transmitter of that sync signal; and aligning the samples of the data signal in dependence on the timing offset.

Abstract: A software-defined radio system has a plurality of fixed radio receivers each operable to receive radio signals in a receiving band, to sample a received radio signal to produce a sample stream, and to send the sample stream over a network. The radio system includes at least one fixed sync signal transmitter operable to transmit predetermined sync signals in said receiving band to receivers of the aforementioned plurality. The radio system further comprises a data processing system which is connected to the network for receiving sample streams from the receivers. The data processing system is operable to align samples of a data signal contained in sample streams from different receivers by: detecting a sync signal in those sample streams; determining a timing offset between samples of the sync signal in those sample streams in dependence on predetermined locations of the different receivers and the transmitter of that sync signal; and aligning the samples of the data signal in dependence on the timing offset.

Abstract: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.

Abstract: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.

Abstract: Methods and apparatus are provided for authenticating communications between a user computer and a server via a data communications network. A security device has memory containing security data, and security logic to use the security data to generate an authentication response to an authentication message received from the server in use. An interface device communicates with the security device. The interface device has a receiver for receiving from the user computer an authentication output containing the authentication message sent by the server to the user computer in use, and interface logic adapted to extract the authentication message from the authentication output and to send the authentication message to the security device. Includes a communications interface for connecting to the server via a communications channel bypassing the user computer. Either the security device or interface device sends the authentication response to the server via the communications channel bypassing the user computer.

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

Abstract: A secure online banking transaction apparatus to communicate with a server over a non-secure connection is provided and includes a selector configured to allow for a selection of a mode of the apparatus, a processing unit coupled to the selector and including a secure communication unit, which is configured to set up a secure connection, along which a secure transaction occurs, with the server via the non-secure connection in accordance with the mode, an input unit coupled to the processing unit and configured to allow for a input of data into the apparatus, which is at least partly related to the secure transaction, and an interface coupled to the processing unit and configured to convey at least a status of the secure transaction and the contents off the inputted data.

Abstract: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

Abstract: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.

Abstract: A mechanism is provided for secure PIN management of a user trusted device. A user trusted device detects a memory card coupled to the user trusted device. The user trusted device receives user input of an external PIN (ext_PIN). The user trusted device identifies a key (K) associated with the external PIN, wherein the key is stored in the persistent memory. The user trusted device computes a card PIN (card_PIN) using a function (f) and the key as stored on the persistent memory, wherein the card PIN is computed using the following equation: card_PIN=f(K, ext_PIN). The user trusted device unlocks the memory card using the card PIN, thereby forming an unlocked memory card.

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

Abstract: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.