Abstract: Provided are a method and a device for allocating a resource for an uplink control channel in a wireless communication system. The method for allocating a resource for an uplink control channel in a wireless communication system comprises: receiving at least one downlink subframe; and allocating a physical uplink control channel (PUCCH) resource for transmitting an acknowledgement/not-acknowledgement (ACK/NACK) for the at least one downlink subframe, wherein the PUCCH resource is allocated on the basis of a control channel element of a control channel for scheduling each of the at least one downlink subframe, and if a particular subframe that satisfies a particular condition is included in the at least one downlink subframe, a control channel element included in the special subframe is excluded from the control channel element used to allocate the PUCCH resource.

Abstract: A method and a communication apparatus for transmitting uplink control information in a wireless communication system; and a method and a communication apparatus for receiving uplink control information in a wireless communication system are discussed. The method according to an embodiment includes identifying a Hybrid Automatic Repeat reQuest-Acknowledgement (HARQ-ACK)(0), HARQ-ACK(1) and HARQ-ACK(2); and transmitting bits b(0)b(1) using a Physical Uplink Control Channel (PUCCH) resource based on the HARQ-ACK (0), the HARQ-ACK(1) and the HARQ-ACK(2), according to a relation including Table 1.

Abstract: This invention provides a method for a first communication device, such as a base station, to estimate a channel-quality profile of a channel when a second communication device, e.g., a user equipment, returns only channel-quality indicators (CQIs) of selected subbands and a wideband CQI. The profile is obtained by including, for any two neighboring frequencies of the selected subbands, an estimated CQI of a middle frequency between the two neighboring frequencies. After translating the CQIs of the two neighboring frequencies into corresponding linear CQI values, a linear estimated-CQI value for the middle frequency is determined by subtracting an offset from an average of said corresponding linear CQI values. The offset is determined according to a frequency separation between the two neighboring frequencies. Preferably, the offset is linearly proportional to the frequency separation. Interpolation, preferably linear interpolation, is used to obtain linear CQI values of other frequencies.

Abstract: A radio transceiver and corresponding method include a transmission unit configured to transmit an uplink signal to a base station. A receiving unit is configured to receive a relay signal, which comprises the uplink signal and a downlink signal received from the base station. An extraction unit is configured to extract the downlink signal from the relay signal based on the uplink signal.

Abstract: A method and apparatus for Time Division Duplex (TDD) operation in a wireless transmit/receive unit (WTRU) are disclosed. The method includes receiving a first TDD uplink (UL)/downlink (DL) configuration for a serving cell, receiving a second TDD UL/DL configuration for the serving cell, receiving an indication of directions to use for subframes with conflicting directions between the first TDD UL/DL configuration and the second TDD UL/DL configuration, using the first TDD UL/DL configuration for timing of UL scheduling and UL Hybrid Automatic Repeat Request (HARQ), using the second TDD UL/DL configuration for timing of DL scheduling and DL HARQ, and determining a direction for each subframe with conflicting directions based on the received indication, wherein on a condition that the determined direction for a subframe with conflicting directions is DL, receiving in the subframe in the DL.

Abstract: Systems and methods relating to configuring a Secondary Component Carrier (SCC) for a wireless device in a cellular communications network are disclosed. In some embodiments, the method comprises obtaining capabilities of the wireless device, where the capabilities indicate a frequency band combination supported by the wireless device. The frequency band combination supported by the wireless device includes a first frequency band supported by a base station and the wireless device used for a Primary Cell (PCell) of the wireless device and a second frequency band supported by the wireless device but not supported by the base station. The method further comprises identifying an overlap between the second frequency band supported by the wireless device but not supported by the base station and a third frequency band supported by the base station but not supported by the wireless device and configuring the SCC for the wireless device in the overlap.

Abstract: A method according to an embodiment of the invention includes receiving and transmitting signals over a time division duplex (TDD) communication path. Signals are received over the TDD communication path via a first portion of a first frequency band. The first frequency band is adjacent to a second frequency band and to a third frequency band. The first frequency band is different from the second frequency band and from the third frequency band. A first frequency division duplex (FDD) communication path can be operable in the second frequency band. A second FDD communication path can be operable in the third frequency band. Signals are transmitted over the TDD communication path via a second portion of the first frequency band that is different from the first portion of the first frequency band.

Abstract: A communication link comprising: a first transceiver configured to transmit a first set of packets at a predetermined rate with a first error resistance level, store the transmitted data in a buffer, receive a retransmission request, and retransmit the relevant data using one or more packets encoded with a second error resistance level that is higher than the first error resistance level. And a second transceiver configured to receive the first set of packets, detect an erroneous packet, request retransmission of the erroneous packet, and forward the data received in the packets according to its original order approximately after a fixed delay.

Abstract: Embodiments provide solutions to reduce power utilization (either at individual cable modems or in the overall network) in future cable modem networks. Particularly, embodiments seek to reduce power utilization at individual cable modems and in the overall network, by allocating upstream frequency bands and/or transmission modulation schemes among cable modems while accounting for cable loss experienced by individual upstream cable modem transmissions. According to embodiments, frequency spectrum and modulation scheme allocation techniques are provided to optimize power utilization and enable lower upstream transmission power by cable modems while maintaining similar signal strength of received signals or lower signal strength with reduced SNR requirements using lower capacity modulation at the headend.

Abstract: The present invention relates to methods and apparatuses for managing the time slots in time division duplex (TDD) frames in an xDSL system. According to certain aspects, power savings in a TDD system operating with vectoring may be achieved with sending of quiet symbols in time slots that do not have data and through the efficient configuration of time slots with data and/or idle symbols so as to limit the amount of processing by the vectoring engine within the DO portion of each TDD frame. In embodiments, a central controller in a DPU monitors the data buffers at the transmitter input on each line and computes an optimal configuration of the time slots in the DO portion of the TDD frame to achieve an optimal balance between performance and power dissipation.

Abstract: There are provided measures for reference configuration for flexible time division duplexing. Such measures exemplarily include obtaining a first configuration parameter and a second configuration parameter, determining an uplink reference configuration for a flexible uplink/downlink mode from said first configuration parameter, determining a downlink reference configuration for said flexible uplink/downlink mode from said second configuration parameter, and deriving an uplink/downlink configuration candidate set based on at least one of said first configuration parameter and said second configuration parameter.

Abstract: Examples for performing static timing analysis on clocked circuits are described. An example static timing analysis computing device includes a logic device, and a storage device holding instructions executable by the logic device, the instructions including instructions executable to receive an input representative of one or more delays within a signal path in a cross-domain circuit, the cross-domain circuit configured to transfer data between a first domain having a first clock and a second domain having a second clock asynchronous with the first clock, receive an input representative of a static timing analysis constraint to be met by a signal traveling the signal path in the cross-domain circuit, apply the constraint in a static timing analysis of the signal path in the cross-domain circuit, and output a result based upon applying the static timing analysis constraint.

Abstract: A carrier recovery unit is provided including: separation-and-output section that outputs separated symbol group formed into block; a priori state-estimation section that obtains a priori estimate acquired by estimating values processed this time from among values of intra-block frequency and central phase processed last time; provisional compensation section that provisionally compensates the phase of each separated symbol based on the a priori estimation phase; decision section that performs decision based on the reference signal for the symbol before decision, and obtains symbol after decision; error-estimation section that calculates the frequency and phase errors; a posteriori state-estimation section that obtains a posteriori estimate based on the frequency and phase errors; actual compensation section that actually compensates the phase based on the a posteriori estimation phase; and feedback processing section that feeds back the a posteriori estimate as the values processed last time to the a priori

Abstract: An equalizer includes a data sampler that samples input data and outputs a time-series data string according to the input data, an arithmetic circuit that multiplies a data string output before reference data in the data string output from the data sampler by a tap coefficient and forms the input data by an arithmetic operation of a multiplication result and an input signal, a tap coefficient calculation circuit that updates the tap coefficient based on a data string output before the reference data, and a determination circuit that receives the reference data and data output after the reference data in the data string and controls presence or absence of update of the tap coefficient performed by the tap coefficient calculation circuit.

Abstract: An envelope extracting apparatus includes: a clock extracting device arranged to extract a clock signal of a receiving modulation signal according to a first biasing voltage; and an edge detecting device arranged to generate a detecting signal to indicate an envelope edge of the receiving modulation signal according to a delayed clock signal of the clock signal and a second biasing voltage.

Abstract: A power amplifier module can include one or more switches, a coupler module, input signal pins, and a controller having first and second output terminals. The input signal pins can receive a voltage input/output signal, a clock input signal, and a data input signal. The controller can (i) set a mode of the one or more switches using a synchronous communication protocol in which the controller outputs a synchronous clock signal on the first output terminal and a data signal on the second output terminal, when the power amplifier module is in a first operating mode, or (ii) set a mode of the coupler module using an asynchronous communication protocol in which the controller outputs a first asynchronous control signal on the first output terminal and a second asynchronous control signal on the second output terminal, when the power amplifier module is in a second operating mode.

Abstract: An intermediate clock, either a boundary or a transparent clock, may have to adjust its local clock to match that of a grandmaster clock. If such adjustment is frequent or large, then the intermediate clock may not have much confidence in the reliability of the timing information it passes to a downstream clock in an IEEE 1588 Announce message even if the quality of its local clock is high. The intermediate clock determines a measure of the reliability of its timing information. The intermediate clock inserts an indication of the reliability of the timing information in a transmitted IEEE 1588 Announce message. The intermediate clock may consider an indication of reliability found in an Announce message it receives when inserting an indication of the reliability of timing information into an Announce message which it transmits.

Abstract: A method for determining a representation of a product of a first element and a second element is disclosed comprising, picking a random value for each pair of a first integer between 1 and d and a second integer greater than the first integer, adding the random value to the product of a first value and a second value, and adding the result of the first addition and the product of the first value and the second value. Then summing, for each integer between 1 and d, a product of the first and second values associated with the integer, the random values associated with the pairs of which the first integer is the integer concerned, and the values obtained for the pairs of which the second integer is the integer concerned.

Abstract: A method generating a cryptographic key and corresponding helper data includes measuring an analog value associated with a physical property of cells of a memory array; digitizing the measured analog value to generate the cryptographic key; quantizing the measured analog value to generate the corresponding non-leaky helper data.

Abstract: A device includes one or more communication interfaces that communicate via at least one link or a network; a device memory; a device processing unit; and a Trusted Execution Environment (TEE) that is secure from the device processing unit and the device memory. The TEE obtains a public encryption key and a private encryption key pair, stores the private encryption key in a secure memory in the Trusted Execution Environment (TEE), and executes a first trusted application, within the TEE, to perform a PKI function using the private encryption key.

Abstract: The subject disclosure is directed towards a technology by which data is securely distributed using a homomorphic signature scheme and homomorphic network coding signature schemes. A homomorphic signature scheme for signing the data is based upon binary pairing with standard prime order groups. Sets of data are signed based upon dividing a larger block of data into smaller blocks, and separately signing each smaller block. The smaller blocks may be distributed to nodes of a network topology that are configured for network coding. In one alternative, the homomorphic signature scheme protects against changes to the block identifier. Proof data may be provided independent of a random oracle, may be provided by providing parameters for verification in a Groth-Sahai proof system, or may be provided by providing parameters for verification independent of a Groth-Sahai proof system.

Abstract: The HOMOMORPHIC DATABASE OPERATIONS APPARATUSES, METHODS AND SYSTEMS (“HEDO”) transform transaction storage requests and homomorphic model queries using HEDO components into homomorphic model query results. In some implementations, the disclosure provides a processor-implemented method of securely querying a shared homomorphically encrypted data repository and performing cross-table homomorphic joins.

Abstract: Methods and systems are provided for securing an integrated circuit device against various security attacks, such as side-channel attacks. By limiting the number of different challenge vectors that can be combined with a critical variable of an encryption operation, it becomes more difficult to create enough side channel measurements to successfully perform statistical side-channel analysis.

Abstract: There is provided a computer program which, when executed by a processor of an information processing device, causes the processor to function as a secret splitting module and a control module. The secret splitting module is configured to recover secret data from at least two pieces of split data using secret splitting and the control module is configured to control reading out or writing each piece of the split data. Secret data is maintained within a virtual drive. The control module is further configured to read out first split meta-data from a first storage device, read out second split meta-data from a second storage device, cause the secret splitting module to recover virtual drive meta-data at least from the first and second split meta-data, and generate the virtual drive based on the recovered virtual drive meta-data. Corresponding method and system are also provided.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include defining multiple primitives, each of the primitives including ranking and unranking methods. Two or more of the multiple primitives are selected, and an operation is performed on the selected primitives, thereby defining a complex format. Upon an encryption processor receiving a data record including a plaintext, the complex format is applied to the plaintext, thereby generating a non-reversible token. In some embodiments, the generated token is transmitted a remote computer.

Abstract: A mobile device may be associated with a vehicle for verification of software updates. The mobile device may be configured to receive a message including an encryption key with which a software update for the vehicle is encrypted, provide a user interface requesting user verification of installation of the software update, and responsive to receipt of the user verification, provide the encryption key to the vehicle to allow the vehicle to decrypt the software update. An update server may be configured to send a software update encrypted using an encryption key to a vehicle, receive a request from the vehicle requesting that the encryption key used to encrypt the software update be provided to a mobile device associated with the vehicle for verification of software updates, and send the encryption key to the mobile device responsive to the request.

Abstract: An information processing method according to an embodiment causes a computer to execute a process of receiving an input of matching information encrypted with an encryption algorithm allowing a Hamming distance to be calculated with the matching information encrypted. The information processing method also causes the computer to execute a process of calculating a first Hamming distance between the received matching information and registered information that is different from encrypted registered information of a user, the registered information being encrypted with the encryption algorithm, using a processor. The information processing method also causes the computer to execute a process of determining legitimacy of the matching information based on whether the calculated first Hamming distance falls into a distance distribution representing matches with another person that is different from the user, using a processor.

Abstract: An inner-product predicate encryption scheme with improved flexibility without a restriction that the dimensions of an attribute vector x? and a predicate vector v? should be equivalent. A ciphertext having an element c0 and an element ct for each index t included in a set Ix? is decrypted with a decryption key having an element k0 and an element kt for each index t included in a set Iv? by computing a product of pairing operations between corresponding pairs of basis vectors on the element c0 and the element k0 and on the element ct and the element kt.

Abstract: A quantum cryptographic key distribution system, including: an optical source, which generates a plurality of optical pulses; an optical beam splitter, which generates, starting from each optical pulse, a first and a second optical sub-pulse; a first and a second peripheral device; and an optical path having a first and a second end connected to the optical beam splitter, the optical path extending through the first and second peripheral devices and being traversed in opposite directions by the first and second optical sub-pulses. The peripheral device randomly phase shifts the second optical sub-pulse by a first phase, and the second peripheral device randomly phase shifts the first optical sub-pulse by a second phase. Furthermore, the optical path is such as to cause interference in the first optical beam splitter between the first and second optical sub-pulses, as a function of first and second phases.

Abstract: An apparatus for quantum cryptographic communication includes a light source configured to generate an optical pulse which is transmitted to a plurality of quantum code sending devices, and a quantum entanglement measuring unit configured to receive the optical signal generated from each of the plurality of quantum code sending devices and measure a relation among quantum states of the optical signals received from the plurality of quantum code sending devices; the optical signal being generated by encoding a key to a quantum state of the optical pulse. The apparatus for quantum cryptographic communication may further include a signal direction determining unit, a reflector for reflecting the optical pulse or the optical signal, an arbitrary phase shifter, or a modulator for encoding a digital signal corresponding to the key to the optical pulse.

Abstract: Provided is an information processing apparatus including a physical unclonable function (PUF) to generate a unique key using a process variation in a semiconductor manufacturing process, and an encryption unit to encrypt a password and/or bio-information received from a user using the unique key.

Abstract: A method of configuring a network device for key sharing and a method for a first network device to determine a shared key are provided. The method of configuring uses a private modulus (p1) a public modulus (N), and a bivariate polynomial (f1) having integer coefficients, the binary representation of the public modulus and the binary representation of the private modulus are the same in at least key length (b) consecutive bits. Local key material for a network device is generated by substituting an identity number into the bivariate polynomial and reducing modulo the private modulus the result of the substitution to obtain a univariate polynomial. Security may be increased by adding (440) one or more obfuscating numbers to coefficients of the univariate polynomial to obtain an obfuscated univariate polynomial.

Abstract: A method, system, and computer program product comprising intercepting communication between a virtual machine and encrypted replication data stored on a storage medium and redirecting the communication to a remote replication appliance; and using a key stored on the remote replication appliance to enable the virtual machine to facilitate communication with the encrypted replication data stored on the storage medium; wherein facilitating communication enables the virtual machine to interact with the encrypted replication data as unencrypted data.

Abstract: An approach for improved security protocols in a mobile satellite system is provided. A remote terminal performs a key establishment function, including determination of a first encryption key for encrypting data for transmission over the satellite communications channels, and determination of an authentication key for authenticating entities communicating over the communications channels. The remote terminal receives a security mode command including a key indicator, and determines a second encryption key for enhanced session data security over communications channels. The second encryption key is determined based on the key indicator and a key generation algorithm. The remote terminal further determines a key indicator response and transmits a security mode complete command including the key indicator response to a satellite base station subsystem (SBSS).

Abstract: Logic on a first remote device receives a first transaction number and personal data transmitted from a second remote device. The first transaction number was received from a distributed public database in response to a transmission, from the second remote device, of a signed hash value and a first public key associated with a first private key on the second remote device. The signed hash value was created by signing a hash value with the first private key and the hash value was generated by hashing the personal data with a hashing algorithm on the second remote device. The logic uses the first transaction number to retrieve the signed hash value and the first public key from the distributed public database. The logic hashes the personal data using the hashing algorithm to create a generated hash value and verifies the signed hash value against the generated hash value.

Abstract: A computing system, method, and computer program product provide cryptographic isolation between a client device and a server computer for providing a network service to the client device. The computing system stores encrypted user authentication data of the client device and its user, and encrypted service authorization data of the server computer in such a way that neither the client device nor the server computer can obtain information about the other. Upon subsequent receipt in the computing system of purported user authentication data and a request to access the network service, the computing system encrypts the purported authentication data and compares it against the stored, encrypted data. Only when these encrypted data match is the computing system able to decrypt the service authorization data and provide it to the server computer to gain access to the network service.

Abstract: The disclosure relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, said method comprising: determining, by a terminal, of whether a contact-based interface of the ID token is present and can be used for data exchange with the terminal. If the ID token does not have the contact-based interface or this cannot be used, implementing a zero-knowledge authentication protocol via a contactless interface of the terminal and ID token; and deriving an ID token identifier by the terminal.

Abstract: An optical sensing device can receive a speckle pattern generated by a laser's interaction with acoustically stimulated tissue. A computing device can identify one or more characteristics within the received speckle pattern. The computing device can then identify a match of the one or more characteristics to a user biometric signature stored within a storage device. Based upon the identified match, the system can authenticate a user within a computer system.

Abstract: System and method to digitally validate a document, the method including: receiving, by a secure development platform (SDP), a security information from an end user, the SDP comprising an SDP processor coupled to a secure SDP memory; exchanging a security token with a user device based upon the security information; receiving, from the user device, a request for a digital certificate; managing and storing public/private key pairs; transmitting, to the PKI service processor, the request for a digital certificate; if information in the request for a digital certificate is correct: creating the digital certificate; and receiving the digital certificate from the PKI service processor; and storing the digital certificate in the secure SDP memory, the secure SDP memory not directly accessible by the user device, the SDP processor configured to request a signature generation by use of the private key associated with the digital certificate, the SDP processor configured to request a validation by use of the digital c

Abstract: Systems and techniques are described for digitally signing JavaScript Object Notation (JSON) messages. One of the techniques includes receiving a JavaScript Object Notation (JSON) message; and digitally signing the JSON message, wherein digitally signing the JSON message comprises: generating a digital signature information JSON object; inserting the digital signature information JSON object into the JSON message; generating a canonical representation of the JSON message with the inserted digital signature information JSON object; generating a digital signature of the canonical representation of the JSON message; and inserting the digital signature into the digital signature information JSON object.

Abstract: An apparatus for increasing security in inter-chip communication includes a sending control module, a communication bus, and a receiving control module. The communication bus is coupled between the sending control module and the receiving control module. The sending control module operates to send data on the communication bus, disable the communication bus when threats are detected, or both.

Abstract: A method for generating a digital signature includes grouping, with a processing device, a first record with a second record, and generating a first digital signature based at least in part on the first record and the second record.

Abstract: A method for signing and subsequently verifying a digital message, including the following steps implemented using at least one processor-based subsystem: selecting parameters including an integer q and a relatively smaller integer p that is coprime with q; generating random polynomial f relating to p and random polynomial g relating to q; producing a public key that includes h, where h is equal to a product that can be derived using g and the inverse of f mod q; producing a private key from which f and g can be derived; storing the private key and publishing the public key; producing a message digest by applying a hash function to the digital message; producing a digital signature using the message digest and the private key; and performing a verification procedure utilizing the digital signature and the public key to determine whether the signature is valid.

Abstract: A distributed multi-function secure system for verifiable signer authentication having a personal private key stored in a secure storage of a mobile device where the mobile device connects to a fragmented distributed signing engine by a secure protocol and is issued a signer certificate from a circle of trust certificate server to securely electronically sign documents.

Abstract: There is provided a method for creating an authentication entity derived from an original data carrier, wherein the original data carrier has a key pair that is individual to the original data carrier and comprises a public key and a secret key of the original data carrier, and a certificate for the public key of the original data carrier. The method comprises the following steps: deriving a secret key for the derived authentication entity from the secret key of the original data carrier by the original data carrier; forming derivation data for the derived authentication entity; transferring authentication data to the derived authentication entity, wherein the authentication data have the derivation data, the certificate of the public key of the original data carrier as well as a derived key pair which comprises the derived secret key and the public key of the original data carrier.

Abstract: A client device may provide, to a host device, a request to access a website associated with a host domain. The client device may receive, based on the request, verification code that identifies a verification domain and a resource, associated with the verification domain, to be requested to verify a public key certificate. The verification domain may be different from the host domain. The client device may execute the verification code, and may request the resource from the verification domain based on executing the verification code. The client device may determine whether the requested resource was received, and may selectively perform a first action or a second action based on determining whether the requested resource was received. The first action may indicate that the public key certificate is not valid, and the second action may indicate that the public key certificate is valid.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.

Abstract: Embodiments include methods, and systems and computing devices configured to implement the methods of authenticating a computing device. A processor of a first computing device may obtain a transitory identity and may send the transitory identity to a second computing device and a third computing device. A processor of the second computing device may send the transitory identity to the third computing device with a request to authenticate the first computing device. The processor of the third computing device may authenticate the identity of the first computing device in response to determining that the transitory identity received from the first computing device matches the transitory identity received from the second computing device.

Abstract: Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Abstract: An integrated security device, including: an encryption/decoding processing unit for executing processing necessary for authentication by using a logic circuit that forms an encryption/decoding function; a selector for selecting signals whose number corresponds to a specific number of lines from among signals from a plurality of intermediate nodes of the logic circuit in accordance with a selection signal; and a signal processing unit having a function of detecting a glitch caused by the signals corresponding to the specific number of lines, for implementing both a function of generating a physical random number and a function of generating a device identifier by a physical characteristic based on the glitch detected by switch-selecting the signals corresponding to the specific number of lines.