Abstract: This document describes a proactive mechanism to provide fast-handover involving PMIPv6. In particular, it describes how one can achieve fast handoff for PMIPv6 using Media-independent Pre-Authentication (MPA) technique. It discusses the need for a fast-handoff for PMIPv6 environment. It then describes how MPA techniques could be used during different steps involving both intra-domain and inter-domain handoff for PMIPv6. MPA-based fast-handover takes advantage of the pre-authentication mechanism so that the mobile can perform the access authentication while in the previous local mobility (PMA) domain and thus would be able to complete many of the handoff related operations while still in the previous network.

Abstract: According to an embodiment, a communication apparatus establishes communication with an external apparatus through a higher-level device. The communication apparatus includes a main processor and a key generator. The main processor receives a data authentication request including data to be authenticated, a first key specification, and a message authentication algorithm identifier from the higher-level device. The key generator retains a key hierarchy used by an authentication protocol that is used between the higher-level device and the external apparatus, and to generate a first key by use of the key hierarchy and the first key specification. The main processor generates a message authentication code for the data to be authenticated by use of the message authentication algorithm, which is identified by the message authentication algorithm identifier, and the first key, and transmits a data authentication response including the message authentication code to the higher-level device.

Abstract: A moisture sensor for detecting moisture content of an object includes a light source to emit light having an infrared wavelength that is absorbed by water; an optical system to receive the light from the light source and output linearly polarized light having a first polarization direction in a direction toward the object, and to receive light scattered from the object and output linearly polarized light having a second polarization direction perpendicular to the first polarization direction in another direction other than the direction toward the object; and a photodetector to receive the linearly polarized light having the second polarization direction output from the optical system.

Abstract: An optical sensor includes a first illuminating system, a second illuminating system, a first regular reflected light detection system, a second regular reflected light detection system and so forth. The first illuminating system is disposed at the ?X side of the opening in the dark box, and the second illuminating system is disposed at the +X side of the opening in the dark box. The first and second illuminating systems emit light to the opening. The incidence angles of irradiation light from the first and second illuminating systems relative to the surface of the stage are set equal to each other. The first regular reflected light detection system detects the light emitted from the first illuminating system and regularly reflected by the recording paper, and the second regular reflected light detection system detects the light emitted from the second illuminating system and regularly reflected by the recording paper.

Abstract: An apparatus for providing security to media independent handover service includes a point of service for providing the media independent handover services including an independent authenticator. The independent authenticator authenticates candidate access networks prior to the handover of the mobile devices from serving access networks to the candidate access networks, where each of the serving access networks and the candidate access networks belong to a plurality of heterogeneous access networks having the specific serving media. An access controller applies an access control through an access authentication with the point of service providing the media independent handover services through an authentication server, in which when the access authentication is established between the point of service and the authentication server, the mobile devices are authorized to access the media independent handover services through the point of service for the mobile devices attached between heterogeneous media.

Abstract: A media-independent handover key management architecture is disclosed that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. In the preferred embodiments, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the mobile node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover. By separating re-key operation from re-authentication, the proposed architecture is more optimized for a proactive mode of operation. It can also be optimized for reactive mode of operation by reversing the key distribution roles between the mobile node and the target access node.

Abstract: According to one embodiment, an information processing apparatus, which is connected to an external apparatus, includes a device key storage unit, a creating unit, a calculating unit, a communication unit, and a key calculating unit. The device key storage unit stores therein a device key. The creating unit creates a media key from the device key and a media key block. The calculating unit calculates first output information on the basis of first inherent information inherent to the information processing apparatus and public information. The communication unit transmits the first output information to the external apparatus and receives second output information calculated by the external apparatus from the external apparatus. The key calculating unit calculates a shared key shared between the information processing apparatus and the external apparatus on the basis of the media key, the first inherent information, and the second output information.

Abstract: An energy management apparatus includes: a communicator capable of communicating with at least a meter apparatus among the meter apparatus and a server apparatus that collects measurement information from the meter apparatus; a device registration processor configured to determine whether the direct communicator to the server apparatus can communicate with the server apparatus; if the direct communication is possible, transmit to the server apparatus a device registration message that requests to register a device identifier of the meter apparatus and a device identifier of the energy management apparatus; and, if the direct communication to the server apparatus is not possible, transmit the device registration message for the server apparatus to the meter apparatus; a communication processor configured to obtain energy control information of the device transmitted from the server apparatus; and a control executor configured to control the used energy amount of the device based on the energy control informati

Abstract: According to one exemplary embodiment, a charging/discharging determination apparatus includes: a receiving module which receives information of a rated capacity of a battery; and a determination module which determines that charging or a discharge of the battery is permitted if an absolute value of a difference between the rated capacity and a measured capacity which is an actual capacity of the battery is within a threshold value.

Abstract: According to one embodiment, a node that is a root node of a network forming a directed acyclic graph topology, which is composed of plural nodes including the node serving as the root node and having a parent-child relationship among nodes of adjacent hierarchies, includes a generating unit, an encrypting unit, and a transmitting unit. The generating unit generates a group key, and a list indicating a first node to which a distribution of the group key is inhibited. The encrypting unit encrypts the group key so as to be capable of being decrypted by a first child node other than the first node out of the child nodes of the root node. The transmitting unit transmits a first message, including an encrypted group key, which is the group key that is encrypted with respect to the first child node, and the list.

Abstract: A wireless mesh network includes a plurality of nodes to which a device key is assigned. The device key belongs to one of a plurality of groups. In a root node, a correspondence relationship between the nodes and the device key thereof, and a correspondence relationship between past join nodes and a device key thereof, are stored. When a new node in the wireless mesh network is detected as a past join node, the device key assigned to the past join node is assigned to the new node again. When the new node is not the past join node, a new device key is assigned to the new node. A cipher text is generated by encrypting a message using device keys assigned to the nodes and the new node. If the number of groups to which the device keys belong is fewer, a size of the cipher text is smaller.

Abstract: The communication unit transmits and receives a communication message. The authentication processor performs an authentication process for establishing the network connection by transmitting and receiving an authentication message to and from an authentication server through the communication unit. The encryption information generator generates an encryption key shared with the authentication server when the authentication process is successfully completed. The first message generator generates a first communication message instructing the destination device to acquire the encryption key from the authentication server. The second message generator generates a second communication message including data to be transmitted to the destination device. The communication unit transmits the first communication message to the destination device, encrypts the second communication message with the encryption key, and transmits an encrypted second communication message to the destination device.

Abstract: According to one embodiment, a wireless mesh network includes a plurality of nodes of which one is a root node and two nodes hierarchically adjacent have a parent-child relationship. In a node in the wireless mesh network, an authentication processing unit executes an authentication for network access with the root node when the node joins in the wireless mesh network. A root key setting unit generates a root key as a common key between the root node and the node. A parent-child key setting unit generates a parent-child key as a common key between a parent node and the node, encrypts the parent-child key using the root key, and sends the parent-child key encrypted to the root node. A group key acquisition unit receives a group key encrypted using the parent-child key from the parent node, and decrypts the group key using the parent-child key.

Abstract: A method for avoiding loss of data or consumption of resources between a mobile node and an new access network in which an authentication agent performs authentication with an authentication client of the mobile node to effect access to an enforcement point of said access network, said method comprising informing an authentication client of said mobile node that an authentication agent has completed an installation process with the enforcement point.

Abstract: This application describes, among other things, a framework of Media-independent Pre-Authentication (MPA), a new handover optimization mechanism that has a potential to address issues on existing mobility management protocols and mobility optimization mechanisms. MPA is a mobile-assisted, secure handover optimization scheme that works over any link-layer and with any mobility management protocol. This application also shows, among other things, an initial implementation of MPA in our testbed and some performance results to show how existing protocols could be leveraged to realize the functionalities of MPA.

Abstract: According to one embodiment, a communication device, which is connected to an external device, includes a key storage unit, an acquiring unit, a key selecting unit, and a calculating unit. The key storage unit stores therein a plurality of first information items obtained by twisting a plurality of device keys with first identification information for identifying the communication device. The acquiring unit acquires second identification information for identifying the external device. The key selecting unit selects one of the plurality of first information items using a media key block process. The calculating unit calculates a shared key, which is shared with the external device, using second information item obtained by twisting the selected first information item with the second identification information.

Abstract: This document describes a channel binding mechanism based on parameter binding in the key derivation procedure. The method cryptographically binds access network parameters to a key without need to carry those parameters in EAP methods.

Abstract: A solution framework is employed that includes defining of a mechanism to run multiple queries in a single message exchange, along with a priority on a per-query basis. In some embodiments, a system for facilitating handover of a mobile device across heterogeneous access networks by ensuring response to queries transmitted by the mobile device includes: a) a mobile device having a plurality of wireless network interfaces for communicating over a plurality of heterogeneous access networks, having a media independent handover (MIH) entity to facilitate handovers between the heterogeneous networks, and configured to transmit queries related to handover operation between the heterogeneous access networks to MIH entities within said heterogeneous access networks; and b) said media independent handover entity of said mobile device being configured to transmit multiple queries in a single message exchange to an MIH entity in an access network with prioritization among said multiple queries.

Abstract: According to an embodiment, a control device includes a detecting unit, a communication unit, and a control unit. The detecting unit detects that a power-supplied device is connected to a power supply line relaying supply of power. The communication unit receives consumer authentication information including consumer identification information for identifying a consumer from a communication device when it is detected that the power-supplied device is connected to the power supply line, transmits the consumer authentication information to a first server, receives power-supply-availability determination information representing whether supply of power to the power-supplied device is possible or not, from the first server, and transmits power measurement information representing power supplied to the power-supplied device through the power supply line and the consumer identification information to a second server.

Abstract: A terminal device includes multiple interfaces having links to various networks. When a trigger event occurs, the terminal device selects a target link to a network to transition from its current link. A candidate link selection function determines candidate links that are filtered to remove links not meeting connectivity criteria. A target link selection function is then executed to select a target link from the filtered candidate links. Thus, the target link selection function is not run for every possible link, but only those meeting the criteria.