Abstract: The present invention discloses a method for transmitting a reception acknowledgement response in a wireless communication system. The method includes receiving an enhanced physical downlink control channel (EPDCCH), determining a physical uplink control channel (PUCCH) resource based on a lowest one of enhanced control channel element (ECCE) indexes configuring the EPDCCH and a HARQ-ACK resource offset (ARO), and transmitting a reception acknowledgement response through the PUCCH resource. When a reception acknowledgement response related to two or more subframes is transmitted in a subframe for transmission of the reception acknowledgement response, a set of possible values for the ARO includes a first ARO value to shift a PUCCH resource of a specific subframe to a PUCCH resource region for at least one subframe prior to the specific subframe. The first ARO value provides a different shift amount depending on a group having the specific subframe among groups related to the two or more subframes.

Abstract: A method and an apparatus for transmitting Hybrid Automatic Repeat reQuest (HARQ) Acknowledgement/Negative Acknowledgement (ACK/NACK) are provided. The HARQ ACK/NACK transmission method includes receiving a Physical Downlink Shared Channel (PDSCH) in a subframe of a first cell, identifying an ACK subframe for transmitting HARQ ACK/NACK corresponding to the PDSCH, and transmitting the HARQ ACK/NACK in the identified ACK subframe of a second cell.

Abstract: Disclosed are an adaptive frequency domain resource configuration method, an apparatus, and a communications system. The method includes receiving, by a receiving apparatus, a pilot signal transmitted by a transmitting apparatus and feeding back channel information of a channel for transmitting the pilot signal to the transmitting apparatus by measuring the pilot signal, so that the transmitting apparatus divides a bandwidth frequency of the transmitting apparatus according to the channel information. The receiving apparatus can feed back the channel information to the transmitting apparatus according to the received pilot signal, so that the transmitting apparatus can divide the bandwidth frequency according to channel quality, and adaptive adjustment can be performed on a frequency domain resource of each subcarrier according to the channel information fed back by the receiving apparatus.

Abstract: Method and system for providing an integrated long range, high capacity communication system between several entities involved in maritime Simultaneous Operations (SIMOPS). The method and system makes use of narrow lobe phase steerable antenna being controllable in both azimuth and elevation by software control.

Abstract: Systems and methods are described for scheduling transmissions between an access node and wireless devices. A location may be determined for a plurality of small cells within an access node signal area. Based on the determined locations, a frame structure may be selected for the access node used to communicate with a plurality of wireless devices. Data may then be communicated between the access node and a plurality of wireless devices based on the selected frame structure.

Abstract: When a wireless communications device intends to communicate with another device over a wide channel consisting of multiple narrow channels, but detects interference on one or more of those narrow channels, it may restrict subsequent communications with that other device to those narrow channels that don't suffer from the interference. In one embodiment the device may simply refuse to monitor the interfering channel(s) for signals for a particular period of time. In another embodiment the device may use a CTS to signal the other device not to use the interfering narrow channel(s). That may result in using a wide channel with a reduced bandwidth for communications.

Abstract: Systems, methods, and devices for high-efficiency wireless frequency division multiplexing are provided. A method includes receiving, at a first wireless device, a reference signal from an associated access point, the reference signal indicative of a time of joint transmission with at least a second wireless device. The method further includes transmitting a first communication to the access point based on the reference signal, the communication utilizing a first subset of wireless frequencies available for use. The first communication is concurrent with a second communication, from the second wireless device, utilizing a second subset of wireless frequencies, the second subset excluding the first subset.

Abstract: An envelope extracting apparatus includes: a clock extracting device arranged to extract a clock signal of a receiving modulation signal according to a first biasing voltage; and an edge detecting device arranged to generate a detecting signal to indicate an envelope edge of the receiving modulation signal according to a delayed clock signal of the clock signal and a second biasing voltage; wherein the second biasing voltage or a delay time of the clock signal is adjustable.

Abstract: A method for performing phase shift control for timing recovery in an electronic device and an associated apparatus are provided, where the method includes: generating an output signal of an oscillator, wherein a phase shift of the output signal of the oscillator is controlled by selectively combining a set of clock signals into the oscillator according to a set of digital control signals, and the set of clock signals is obtained from a clock generator, wherein the phase shift corresponds to the set of digital control signals, and the set of digital control signals carries a set of digital weightings for selectively mixing the set of clock signals; and performing timing recovery and sampling on a receiver input signal of a receiver in the electronic device according to the output signal of the oscillator to reproduce data from the receiver input signal.

Abstract: The present invention is directed to data communication. More specifically, embodiments of the present invention provide a method for acquiring sampling frequency by sweeping through a predetermined frequency range, performing data sampling at different frequencies within the predetermined frequency range, and determining a target frequency for sampling data based on a maximum early peak frequency and a maximum late peak frequency. There are other embodiments as well.

Abstract: A method and apparatus of clock recovery is disclosed. A communications device matches the frequency of a local clock signal with the frequency of a transmit clock signal of a transmitting device based on a first set of signals received from the transmitting device during a low-speed information exchange. The low-speed information exchange may correspond to an autonegotiation operation, wherein each of the transmitting device and the communications device declares its communication capabilities to the other device. The communications device then determines a frequency offset to be applied to the local clock signal during a high-speed data communication with the transmitting device. During the high-speed communication, the communications device may apply the frequency offset to the local clock signal and match the phase of the receive clock signal with the phase of the transmit clock signal based on a second set of signals received from the transmitting device.

Abstract: A divider circuit determines whether an input factor (N) is an even number or an odd number. If N is an even number then the input clock is divided by N/2 to generate an intermediate clock. The intermediate clock is further divided by two to generate a div-by-2 clock, which is provided as the output clock with fifty percent duty cycle. If N is an odd number, the input clock is divided by (N/2?0.5) in a first duration and by (N/2+0.5) in a second duration to generate the intermediate clock, which is then divided by two to generate the div-by-2 clock. A delayed clock is generated from the div-by-2 clock, wherein the delayed clock lags the div-by-2 clock by half cycle duration of the input clock. The div-by-2 clock and the delayed clock are combined to generate the output clock with fifty percent duty cycle.

Abstract: A new cryptographic technique is disclosed, called decoy bits method, which can be used to obtain near ideal information theoretic security in both quantum and classical key generation and data encryption, not only for raw security but also under known-plaintext attacks. The technique relates to a method of data encryption by insertion of random bits, called decoy bits, into a data sequence whereby the decoy bits are discarded upon decryption. The positions of the decoy bits are determined by a decoy position determining mechanism. This method can be used in conjunction with other standards of encryption to increase security.

Abstract: A method for defense against primary user emulation attacks in cognitive radio networks includes the steps of generating an advanced encryption standard (AES)-encrypted reference signal with a transmitter for transmitting to at least one receiver. The method also includes the steps of allowing a shared secret between the transmitter and the at least one receiver and regenerating the reference signal at the at least one receiver and using the regenerated reference signal to achieve accurate identification of authorized primary users as well as malicious users.

Abstract: Method and system for secure key authentication and key ladder are provided herein. Aspects of the method for secure key authentication may include generating a digital signature of a secure key in order to obtain a digitally signed secure key and transmitting the digitally signed secure key from a first location to a second location. The digital signature may be generated by utilizing an asymmetric encryption algorithm and/or a symmetric encryption algorithm. The digitally signed secure key may be encrypted prior to transmission. The secure key may be a master key, a work key and/or a scrambling key. The digitally signed secure key may be received at the second location and the digitally signed secure key may be decrypted to obtain a decrypted digitally signed secure key.

Abstract: A method of generating an encryption key. The method comprises collecting a plurality of user defined variables defined by input from a user and collecting a plurality of environmental variables associated with varying environmental conditions. The method further comprises defining parameters of a plurality of scrambling functions using the user defined variables and calculating a plurality of scramble values. Each scramble value comprises a combination of environmental variables combined in accordance with one of the plurality of scrambling functions. The method further comprises combining the scramble values to produce a scramble code and generating the encryption key from the scramble code.

Abstract: In a content protection scheme, and in response to a request for a content segment received by a server, the server generates and associates with the segment a message that confers entitlement to a session-specific key from which one or more decryption keys may be derived. The decryption keys are useful to decrypt the segment at runtime as it is about to be rendered by a player. Before delivery, the server encrypts the segment to generate an encrypted fragment, and it then serves the encrypted fragment (and the message) in response to the request. At the client, information in the message is used to obtain the session-specific key. Using that key, the decryption keys are derived, and those keys are then used to decrypt the received encrypted fragment. The decryption occurs at runtime. The approach protects content while in transit to and at rest in the client browser environment.

Abstract: A hearing device includes: a processing unit configured to compensate for hearing loss of a user of the hearing device; and an interface; wherein the processing unit is configured to: receive a session request for a session via the interface, obtain and store a session key, encrypt the session key based on a hearing device key, send a session response comprising the encrypted session key, and receive session data in the session via the interface.

Abstract: There is provided a mobile terminal for use in a system which includes a backend server having a first encryption key and an onboard unit (OBU). A first receiving unit receives, from the backend server, a base shared key encrypted with a second encryption key, the base shared key encrypted with the first encryption key, and a digital signature. A deriving unit decrypts the base shared key with the second encryption key and derives first authentication information based on the base shared key and a first temporary parameter. A second sending unit sends, to the OBU, the base shared key encrypted with the first encryption key, the digital signature, the first authentication information, identification information of the base shared key, and the first temporary parameter.

Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

Abstract: In a method for managing access to a secure digital document by workflow participants, in which a respective public key is associated with each of the workflow participants, an entry table is populated with a participant entry for each of the workflow participants. Each of the participant entries includes a map entry identifier that corresponds to a map entry tag in a map file, and a first label associated with the map entry identifier. In addition, symmetric keys for the workflow participants are accessed and each of the first labels is encrypted using a respective symmetric key to generate a plurality of second labels, the entry table is populated with the plurality of second labels, each of the plurality of symmetric keys is encrypted with the public key of a respective workflow participant, and the entry table is incorporated into the digital document.

Abstract: Public data including a prime number p, a natural number d, a matrix Q, and a matrix S are acquired by a public data acquisition section, and secret key including natural numbers nA, kA is generated by a shared secret key generation section. A matrix MA (MA=S?kAQnASkA) is calculated by a non-commutative matrix generation section and transmitted to a communication party, and a matrix MB (MB=S?kBQnBSkB) is acquired from the communication party. A matrix MAB (MAB=S?kAMBnASkA) is computed as a common secret key by a shared secret key computation section. An encryption/decryption device is thereby capable of rapid generation of the secure common secret key.

Abstract: A plurality of devices have common access to a cryptographic key. The cryptographic key is rotated by providing the devices simultaneous access to both the cryptographic key and a new cryptographic key and then revoking access to the cryptographic key. Keys stored externally and encrypted under the cryptographic key can be reencrypted under the new cryptographic key. Keys intended for electronic shredding can be left encrypted under the old cryptographic key.

Abstract: A system and method for distributing key pair credentials that includes receiving a public key message at a key master service, wherein the public key message originates from a first client application; associating a key identifier with the public key; storing the public key at the key master service indexed at least by a key identifier; receiving a request for a public key from an outside service, wherein the request specifies a key identifier; and responding to the request with a public key according to the key identifier.

Abstract: Systems, methods, and apparatuses are provided for ciphering error detection and recovery. A method may include using a first set of one or more cipher input parameters to decipher ciphered data ciphered using a second set of one or more cipher input parameters. The method may further include comparing a value of at least a portion of the deciphered data to an expected value. The method may additionally include determining an occurrence of a ciphering error when the value of the at least a portion of the deciphered data is not equal to the expected value. The method may also include initiating a ciphering resynchronization procedure in response to the determination that a ciphering error occurred so as to resynchronize at least one of the first set of cipher input parameters with at least one of the second set of cipher input parameters. Corresponding systems and apparatuses are also provided.

Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, and is stored as metadata for the encryption unit to limit data access to the owning entity.

Abstract: Homomorphic evaluation of a function is performed on input ciphertext(s), which were encrypted using a public key of an encryption scheme that also includes multiple secret keys. Each input ciphertext includes multiple real numbers that are kept with finite precision. Performing the homomorphic evaluation of the function includes performing operation(s). Performing each of one or more operations includes the following. A key-switching transformation is performed on selected ciphertext(s), including converting a first version of a selected ciphertext with respect to a first of the secret keys and with some number r bits of precision to a second version of the selected ciphertext with respect to a second of the secret keys and with some other number r? bits of precision, r?>r. Each key switching transformation is performed prior to or after the operation(s) are evaluated. Results of the operation(s) are output.

Abstract: Provided is a cryptographic communication system including a first semiconductor device and a second semiconductor device. The first semiconductor device includes a common key generation unit that generates a common key CK(a) by using a unique code UC(a) and correction data CD(a), and an encryption unit that encrypts the common key CK(a) generated in the common key generation unit by using a public key PK(b) of the second semiconductor device. The second semiconductor device includes a secret key generation unit that generates a secret key SK(b) by using a unique code UC(b) and correction data CD(b), and a decryption unit that decrypts the common key CK(a) encrypted in the encryption unit by using the secret key SK(b).

Abstract: A method includes receiving a first and a second linearity ciphertexts representative of a first and second biometric templates, respectively that are encrypted using a relational linearity encryption scheme (linearity scheme). The linearity scheme is based on learning parity with noise. The method includes discovering a linearity relationship between the first and the second linearity ciphertexts. The method includes receiving a first and a second proximity hash value representative of the first and second biometric templates, respectively encrypted using a relational proximity hash scheme (proximity scheme). The proximity scheme is based on the linearity scheme and an error correcting code. The method includes detecting a proximity between the first and the second proximity hash value in terms of a Hamming distance. The method includes authenticating an identity of a user based on the proximity and the linearity relationship.

Abstract: The exemplary embodiment relates to a system and method for restricting the disclosure of information employing a mobile terminal, which restricts the disclosure of information using a mobile terminal. In an aspect, the exemplary embodiment provides a mobile terminal, including a short-range communication module performing the short-range communication channel, memory storing authorization information for allowing access to unaccessible information stored in the information device, and a controller transmitting the authorization information through the short-range communication module.

Abstract: A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. The virtualization platform including Virtual Machine Monitor (VMM) managed components coupled to the VMM. One of the VMM managed components is a TPM (Trusted Platform Module). The virtualization platform also includes a plurality of Virtual Machines (VMs). Each of the virtual machines includes a guest Operating System (OS), a TPM device driver (TDD), and at least one security application. The VMM creates an intra-partition in memory for each TDD such that other code and information at a same or higher privilege level in the VM cannot access the memory contents of the TDD. The VMM also maps access only from the TDD to a TPM register space specifically designated for the VM requesting access. Contents of the TPM requested by the TDD are stored in an exclusively VMM-managed protected page table that provides hardware-based memory isolation for the TDD.

Abstract: A computer implemented method for encrypting one or more files and wrapping them in an HTML document. The HTML document contains the encrypted files, the necessary code to decrypt the files, as well as user interface code to receive a passphrase input from a user. The HTML document can be opened using any modern web browser, to obtain the original files using the same passphrase with which the encryption was performed. This offers a convenient way of sharing encrypted files via email or cloud file sharing services using a platform independent file format (without having to install any additional software).

Abstract: Implementations for a secure remote kernel module signing are disclosed. In one example, the method includes receiving an indicator of a public key associated with a client computing device, determining that the public key associated with the client computing device is in common with a public key associated with a first server computing device, compiling the script, signing the compiled script with a private key that is associated with the public key that is in common with the client computing device and the first server computing device without generating a new private key, and sending the signed compiled script to the client computing device.

Abstract: A computing device, during sampling or playback of a work, receives a command to associate data with the work at a particular point in the work. The computing device generates a digital fingerprint of a segment of the work, wherein the segment corresponds to the particular point in the work. The computing device then associates the data with the digital fingerprint.

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Abstract: A system and method for implementing an interoperable credential management protocol for processing online transactions. The protocol, referred to as the Partner Key Management (PKM) protocol provides an improved alternative to traditional public key infrastructure (PKI), particularly for use in high-value commercial transactions which require additional controls on the use of credentials for authentication and authorization. According to the PKM protocol, a user may take advantage of credential interoperability by using the same credential at a plurality of different financial institutions for authentication or digital signatures. Additionally, the credential interoperability achieved according to the PKM protocol allows the user to employ the same credential at a plurality of financial institutions for the purpose of digital or electronic signatures.

Abstract: Circuits and approaches for de-initializing memory circuits. In one implementation, a memory circuit includes a plurality of memory cells. Each memory cell includes a pair of cross-coupled inverters and first and second access transistors coupled to the pair of cross-coupled inverters. A first bit line is coupled to the first access transistor, and a second bit line is coupled to the second access transistor. A de-initialization circuit is coupled to the first and second bit lines. The de-initialization circuit is configured and arranged to equalize signal states on the first and second bit lines in response to a de-initialization signal.

Abstract: An elongate physical unclonable function (PUF) is disclosed. The PUF has a longitudinal axis and contains a plurality of small magnetic particles. A much larger magnet is positioned on the longitudinal axis to indicate a home position. A low-cost linear translation mechanism may be used to read the PUF by referencing position information to the home position. Other devices are disclosed.

Abstract: The present invention generally relates to blockchain technology. Specifically, this invention relates to creating a blockchain called a slidechain that allows for multiple valid branches or forks to propagate simultaneously with a customized set of protocol rules embedded in and applied to each fork chain that branches from another chain. The invention generally provides a computer-implemented method for accessing, developing and maintaining a decentralized database through a peer-to-peer network, to preserve the original state of data inputs while adapting to changing circumstances, user preferences, and emerging technological capabilities.

Abstract: A policy and charging control method enables a privileged user of a multiple-user subscription of a telecommunication network to cause a change to a policy or charging applicable to a non-privileged user of the subscription. The method comprises: (i) accessing (s10), by a communication terminal of the non-privileged user, an authorization control manager (ACM) function, to request a change of policy or charging applicable to the non-privileged user; (ii) transmitting (s20), by the ACM function to a PCRF, the requested change; (iii) notifying (s30) a communication terminal of the privileged user, by the PCRF, of the requested change; and (iv) indicating (s40), by the communication terminal of the privileged user, to the ACM function, at least one of: (a) whether the requested change is approved, and (b) to which extent the requested change is approved. The invention also relates to network nodes, computer programs, and computer program products.

Abstract: Migrating a chat messaging service provided for a chat user is disclosed. At a second chat server from a first chat server, static information associated with a chat user is received. The static information is received before the chat user is indicated as being associated with a migration state. At the second chat server from the first chat server, dynamic information associated with the chat user is received. At least a portion of the dynamic information is received after the chat user is indicated as being associated with the migration state. After the chat user is no longer indicated as being associated with the migration state, a chat message for the chat user is received at the second chat server.

Abstract: A method for scheduling a meeting using an email client that is part of an email system includes receiving a request at the email client to schedule the meeting. The request may include an indication of the resources that are to be provided by a conferencing system for the meeting. The method also includes communicating the request to a conference bridge that is part of the conferencing system and receiving from the conference bridge an access code associated with the meeting. The method also includes appending the access code to a meeting invitation associated with the meeting and providing the meeting invitation to an email server that is part of the email system. The method also includes sending the meeting invitation to users invited to participate in the meeting.

Abstract: Systems and techniques for supporting multiple multicast trees are described. Some embodiments provide a system that determines an internal multicast group identifier based on a source address, a multicast address, and a multicast tree identifier field associated with a multicast packet. The system can then forward the multicast packet based on the internal multicast group identifier. Specifically, the system can determine a first set of bits based on the source address and the multicast address of the multicast packet. The system can determine a second set of bits based on the multicast tree identifier field of the multicast packet. Next, the system can combine the first set of bits and the second set of bits to obtain the internal multicast group identifier. In some embodiments, the scope of an internal virtual network identifier does not extend beyond a switch or a forwarding module within a switch.

Abstract: A secure remote actuation system may comprise a remote input receptor and a network. The remote input receptor may comprise a user interface for receiving user inputs from a user. The network may store acceptable inputs. The network may further comprise a network device for obtaining the user inputs from the remote input receptor. In the present invention, the network device obtains the user inputs from the remote input receptor while the user is using the user interface. The network then compares the user inputs to the acceptable inputs.

Abstract: A method and apparatus for creating a smart network of control devices includes a master control device and a plurality of programmable control devices; the master control device having a wireless transmission unit and each of the plurality of programmable control devices having a wireless communication unit being configured for wireless communication between the master control device and the programmable control devices. The master control device is positioned within close proximity to one or more of the plurality of programmable control devices in order to send a configuration signal that is used to add the one or more programmable control devices to the network of control devices; a unique identifier being allocated to each of the programmable control devices added to the network of control devices. In the same way, one or more of the programmable control devices can be removed from network of control devices.

Abstract: Provided are control device and a method of controlling a server. The method includes requesting an aggregated device list to the aggregate server; receiving the aggregated device list from the aggregate server; selecting at least one aggregated device from the received aggregated device list; requesting, to the aggregate server, content information collected from the selected aggregated device; and receiving, from the aggregate server, the content information of the selected aggregated device transmitted.

Abstract: Disclosed is a method for using a portable controlling device for a home network, the method including: deactivating the portable controlling device including a first near communications module and a micro-processor in which firmware for a gateway is programmed, by disconnecting electric power supplied from a central unit that is connected to a communications network; activating the portable controlling device by electric power supplied from a first mobile terminal by connecting the portable controlling device to the first mobile terminal; and pairing the portable controlling device with a device for the home network by wireless near communications when the first mobile terminal and the device for the home network are located within a predetermined distance range for performing a pairing process by the wireless near communications.

Abstract: Apparatus and methods relating to bonded interconnection of local communication networks are disclosed. Bonded communication links, including multiple constituent links that have been bonded together, are terminated to enable communications over the bonded links using bandwidth available on the constituent links. A cross-connect function determines whether received communication traffic is to be forwarded to one or more of a local communication network and the terminated bonded links. The received communication traffic is forwarded in accordance with the determination. The local communication networks may include ring networks, linear networks, or both. The bonded links and links between nodes in a local communication network are bonded DSL (Digital Subscriber Line) links in some embodiments. Bonding of DSL links in this manner can be used, for instance, to extend the reach of DSL service without sacrificing bandwidth.

Abstract: A system, comprising: a first local controller (LC) having a first position in a ring network and comprising a first LC cycle counter; a second LC having a second position in the ring network and comprising a second LC cycle counter; and a central controller (CC) connected to the ring network and comprising: a data structure linking the first LC to the first position and linking the second LC to the second position; and a CC cycle counter.