Abstract: Caller name is authenticated using authentication certificates issued by a registration authority that registers callers who wish to terminate calls to callers subscribed to the registration authority. In one embodiment, the authentication certificates are sent to a called device or a proxy for the called device via a path that is separate from the call setup path. An indication is conveyed to the called party to indicate whether the caller name was successfully authenticated.

Abstract: Malicious clients within a wireless access network are identified using bait traffic transmitted between a collaborating wireless access point and a collaborating client. The bait traffic entices a malicious client to transmit malicious traffic towards the collaborating wireless access point. Upon receiving the malicious traffic, the collaborating wireless access point is able to identify the malicious client and report the presence of the malicious client within the wireless access network.

Abstract: Malicious clients within a wireless access network are identified using bait traffic transmitted between a collaborating wireless access point and a collaborating client. The bait traffic entices a malicious client to transmit malicious traffic towards the collaborating wireless access point. Upon receiving the malicious traffic, the collaborating wireless access point is able to identify the malicious client and report the presence of the malicious client within the wireless access network.

Abstract: Malicious sources within networks are identified using bait traffic, including mobile IP messages, transmitted between a collaborating network device and a collaborating mobile client that has a fixed connection to the network. The bait traffic entices a malicious source to transmit malicious packets towards the collaborating mobile client and/or the network device. Upon receiving a malicious packet, the collaborating mobile client or the network device is able to identify the source of the packet as a malicious source and report the presence of the malicious source within the network.

Abstract: A method is provided in a telecommunications network for authenticating a sender (10) of a message to a recipient of the message.

Abstract: Methods and systems for secure communications are provided. Secure end-to-end connections are established as separate multiple secure connections, illustratively between a first system and an intermediate system and between a second system and an intermediate system. The multiple secure connections may be bound, by binding Internet Protocol Security Protocol (IPSec) Security Associations (SAs) for the multiple connections, for example, to establish the end-to-end connection. In the event of a change in operating conditions which would normally require the entire secure connection to be re-established, only one of the multiple secure connections which form the end-to-end connection is re-established. Separation of end-to-end connections in this manner may reduce processing resource requirements and latency normally associated with re-establishing secure connections.

Abstract: A method comprising a plurality of operations. An operation is provided for receiving an authentication certificate of a called party. Telephony apparatus of a party calling the called party performs receiving the authentication certificate. An operation is provided for facilitating authentication of the authentication certificate and called party identification information thereof in response to receiving the authentication certificate. An operation is provided for providing an authentication notification in response to facilitating the authentication of the authentication certificate and the called party identification information. The authentication notification indicates successful authentication in response to the authentication being successful and wherein the authentication notification indicates non-successful authentication in response to the authentication not being successful.

Abstract: A method comprises a plurality of operations. An operation is performed for requesting authentication of a target call session party during a call session between the target party and a call session party requesting said authentication. An operation is performed for receiving authentication information of the target call session party during the call session in response to requesting said authentication. An operation is performed for facilitating authentication of said authentication information during the call session in response to receiving said authentication information.

Abstract: A system, device and method for providing data availability for a portable communication device, including various combinations of the following steps: notifying an operator that the portable communication device is missing; triggering encryption of data on the portable communication device; sending a data retrieval command to the portable communication device; authenticating the data retrieval command; retrieving data from the portable communication device; identifying a portion of the data retrieved from the portable communication device that is confidential; encrypting the identified confidential data on the portable communication device; and erasing the identified confidential data from the portable communication device or recovering the portable communication device and decrypting the confidential data on the portable communication device.

Abstract: Caller name is authenticated using authentication certificates issued by a registration authority that registers callers who wish to terminate calls to callers subscribed to the registration authority. In one embodiment, the authentication certificates are sent to a called device or a proxy for the called device via a path that is separate from the call setup path. An indication is conveyed to the called party to indicate whether the caller name was successfully authenticated.

Abstract: Collaborative communication traffic control systems and methods are disclosed. In a communication traffic control apparatus, a communication traffic control module controls transfer of communication traffic in accordance with one or more communication traffic control rules. A communication traffic control rule exchange module is operatively coupled to the communication traffic control module, and may exchange communication traffic control rules with an exchange module of another communication traffic control apparatus. This enables control of communication traffic transfer at both the communication traffic control apparatus and the other communication traffic control apparatus in accordance with the exchanged communication traffic control rules. A traffic control rule exchange module may receive traffic control rules from, transmit traffic control rules to, or both receive traffic control rules from and transmit traffic control rules to other exchange modules.

Abstract: A method for enabling a mobile node to transmit encrypted data over a path including a wireless link and an untrusted link, while avoiding double encryption on any link. The data on the end-to-end path is encrypted using an application specific security mechanism, or an L2 mechanism is used for encrypting the data on the wireless link as mandated by the wireless standards, and an application specific security mechanism is used for encrypting the data on the untrusted link. By avoiding redundant double encryption, the method of the invention results in optimizing the use of network resources in bandwidth-limited wireless networks and increases the life of the mobile node battery.

Abstract: Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.

Abstract: In accordance with at least one embodiment of the present invention, IP application traffic can be provided confidentiality to and from one or more mobile nodes (MNs) belonging to the same domain even when such MNs are remotely located. It is possible to provide, preferably at all times, a similar level of confidentiality and integrity in communications between MNs as is typically provided within a corporate environment (e.g., within a secured intranet). Secure and efficient communication is provided when one or more MNs is communicating via a connection that cannot be presumed to be inherently secure, for example, a connection to a public network such as the internet or a network outside of a secured intranet.

Abstract: In accordance with at least one embodiment of the present invention, IP application traffic can be provided confidentiality to and from one or more mobile nodes (MNs) belonging to the same domain even when such MNs are remotely located. It is possible to provide, preferably at all times, a similar level of confidentiality and integrity in communications between MNs as is typically provided within a corporate environment (e.g., within a secured intranet). Secure and efficient communication is provided when one or more MNs is communicating via a connection that cannot be presumed to be inherently secure, for example, a connection to a public network such as the internet or a network outside of a secured intranet.

Abstract: Methods for authenticating peer mobile network nodes for establishing a secure peer-to-peer communications context in an ad-hoc network are presented. The methods include accessing wireless infrastructure network entities at low bandwidth and for a short time duration to obtain cryptographic information regarding a peer mobile network node for the purpose of establishing secure peer-to-peer communications therewith ad-hoc network. Having received cryptographic information regarding a peer mobile network node, the method further includes challenging the peer network node with a challenge phrase derived from the cryptographic information received, receiving a response, and establishing a secure communications context to the peer mobile network node based on the validity of the received response.

Abstract: Communication traffic control techniques are disclosed. Targeted communication traffic control may be established in accordance with traffic control rules generated at a mobile communication device which is operating within a service area of a traffic control system. Communication traffic destined for or originating at the mobile communication device is then permitted or blocked by the traffic control system based on the traffic control rules. When a mobile communication device moves from a communication system service area served by one traffic control system to a service area served by a new traffic control system, any traffic control rules currently in effect at the traffic control system are preferably transferred to the new traffic control system. In some embodiments, multiple traffic control rules are aggregated before being transferred to a traffic control system.

Abstract: Methods and systems for secure communications are provided. Secure end-to-end connections are established as separate multiple secure connections, illustratively between a first system and an intermediate system and between a second system and an intermediate system. The multiple secure connections may be bound, by binding Internet Protocol Security Protocol (IPSec) Security Associations (SAs) for the multiple connections, for example, to establish the end-to-end connection. In the event of a change in operating conditions which would normally require the entire secure connection to be re-established, only one of the multiple secure connections which form the end-to-end connection is re-established. Separation of end-to-end connections in this manner may reduce processing resource requirements and latency normally associated with re-establishing secure connections.

Abstract: A micro-mobility network routing system and method implementing a protocol that extends the macro mobility support of Mobile IP to support micro mobility is disclosed which permits a more efficient and easily implemented Internet routing protocol for network devices to be affected. The macro mobility feature herein refers to the notion in which the mobile node gains access to the Internet, while retaining the same IP address. This concept is used only once when the mobile node enters the coverage area of a foreign domain (eventually its home domain). The concept of micro mobility within this context eases routing packets to the mobile node while its moves within the foreign network. The present invention implements these new features via the use of message compositions and protocol extensions that extend the prior art Mobile IP protocols.

Abstract: An impersonation detection system for a wireless node of a wireless communication network is described. The system comprises an intrusion detection module for correlating the original data frames transmitted by the wireless node with incoming data frames received over the air interface. The wireless node is connected to the intrusion detection module over a secure link, for receiving a copy of the original data frames. A method for detecting impersonation based attacks at a wireless node is also disclosed.