Abstract: A method for establishing consensus between a plurality of distributed nodes connected via a data communication network includes preparing a set of random numbers, wherein each of the random numbers is a share of an initial secret, wherein each share of the initial secret corresponds to one of a plurality of active nodes; encrypting, in order to generate encrypted shares of the initial secret, each respective share of the initial secret with a shared key corresponding to respective one of the plurality of active nodes to which the respective share corresponds; applying a bitwise xor function to the set of random numbers to provide the initial secret; and binding the initial secret to a last counter value to provide a commitment and a signature for the last counter. The method includes generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function.

Abstract: Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.

Abstract: An authentication method includes that an authentication apparatus of an unmanned aerial vehicle (UAV) generates a session key, the authentication apparatus receives a device identification (ID) of a device and a randomly generated random number from the device of the UAV, the authentication apparatus obtains a device key of the device according to the device ID of the device, the authentication apparatus encrypts the session key and the random number according to the device key of the device, and the authentication apparatus sends the encrypted session key and the encrypted random number to the device.

Abstract: The invention relates to a method for operating a central locking apparatus of a motor vehicle, which is locked by a central locking system of the central locking apparatus as a result of driving above a minimum speed threshold, and is then decelerated to below the minimum speed, wherein in order to subsequently unlock the central locking system, an instantaneous geoposition (GP) emitted from a portable mobile terminal, is first received by means of a detection device of the central locking apparatus. The emitted instantaneous geoposition (GP) of the portable mobile terminal is subsequently evaluated by means of a control device of the central locking apparatus, wherein when evaluating the instantaneous geoposition (GP), the control device checks whether the emitted instantaneous geoposition (GP) is within a delimited, predetermined region, which is stored in the control device.

Abstract: A network attack defense method is provided. An access request transmitted from a client to a target server is intercepted by at least one processor of a bypass check device. The client is redirected to a target verification server, to perform verification of a verification code on the client. A verification result of the verification of the verification code performed on the client by the target verification server is obtained. The access request sent by the client is forwarded to the target server based on the verification result indicating that client verification is successful.

Abstract: The present disclosure includes secure communication between a vehicle and a remote device. An embodiment includes a processing resource, memory, and a vehicular communication component configured to, in response to receiving a request from a remote communication component to switch a state of a lock, calculate a challenge count for the request, generate a vehicular private key and a vehicular public key, perform a number of verification iterations, each respective verification iteration including providing the public key to the remote communication component, receiving, from the remote communication component, code for switching the lock state, verifying the remote communication component's identity, and incrementing a counter in response to verifying the remote communication component's identity, and decrypt the code using the private key and switch the lock state in response to the counter being incremented to a value equal to or greater than the challenge count.

Abstract: In an approach, a hybrid security key comprises at least one physical face on a first side of a key comprising a key groove cut and a barcode coupled to a top surface of the physical face; and at least one logical face on a second side of the key comprising a surface insert overlaying a conductive film, wherein the conductive film includes at least one contact point, at least one conductive trace, and a smart chip.

Abstract: An encryption method to protect the identification and account constructs displayed on cards, like identification cards and credit cards, or on paper medium like hospital or bank statements, where these constructs are comprised of numbers, and/or characters, and/or symbols and where the encryption method works by replacing some of the elements comprising the account construct with a special symbol(s) to avoid revealing the entire construct to unauthorized people and where the numbers and/or characters replaced by the special symbol(s) represent the personal identification number (PIN) associated with the construct. The method is designed to be utilized by issuers of cards like hospitals, governments and banks, and used as a process to protect the cardholder account information or account statements on paper medium. To provide the entire construct, the user simply replaces the special symbol(s) with his PIN. Without the PIN, a person will not be able to complete the construct.

Abstract: Systems and methods for controlling a moving barrier responsive to a transmission by a barrier operator controller comprising a plurality of 4-bit output nibbles generated from a 32 bit rolling code. The bit positions of the rolling code are inverted, divided by 16, converted to four bit base 9 coefficients, each four bit base 9 coefficients is substituted with a corresponding 4-bit output nibble. Receipt of the plurality of 4-bit output nibbles causes a barrier operator to actuate a motor connected to the moving barrier.

Abstract: A method for securely communicating digital content includes steps of: (1) receiving data from a plurality of key sources; (2) retrieving a plurality of data sets from the data, each one of the plurality of data sets comprising a plurality of data units; (3) extracting a plurality of selected data units from the plurality of data units; (4) generating a custom key using the plurality of selected data units; (5) encrypting content using the custom key; and (6) transmitting encrypted content.

Abstract: An electronic device and network scan method thereof are provided. The electronic device includes a communication module connected to an antenna capable of transmitting signals to and receiving signals from a network, a memory configured to store a database including a plurality of items of network identification information and country information corresponding to each item of network identification information, and a processor configured to control the communication module to perform a first network scan with respect to a specified frequency band of a specified radio access technology (RAT), determine country information using network identification information obtained by the first network scan and the database, and perform a second network scan with respect to a RAT and a frequency band determined based at least an the determined country information.

Abstract: An authentication application receives an audio input, detects whether the audio input matches a known passphrase, and processes the audio input to determine whether the audio input is consistent with a known voice signature. Upon determining that the audio input is consistent with the known voice signature, the application will identify a user who is associated with the voice signature. The device will output an audio prompt, receive a spoken answer, and analyze the spoken answer to determine whether it corresponds to an expected response. Outputting the prompt may responsive to determining that the user was not authenticated to the device or the application within a threshold time period, or if a security threat was posted to the user's profile, When the system determines that the spoken answer corresponds to the expected response, it will authenticate the user and provide the user with access to the device or application.

Abstract: A passive keyless entry system for an electronic lock, comprises a lock installation including a lock controller, and an RF transmitter and receiver, and a fob with a controller, and an RF transmitter and receiver. The fob generates messages to unlock the lock in an unlock event. The controllers share a secret specifying parameters for a sequence of messages to be exchanged bidirectionally between the installation and the fob, the parameters changing between each unlock event and an immediately subsequent unlock event. For each unlock event one of the controllers generates and sends a first message of the message sequence, in accordance with the specified parameters. The other controller causes transmission of a second message of the sequence in accordance with the specified parameters, in response to receiving the first message. At least one message of the sequence comprises a plurality of frames, each frame including a particular sequence of bits, adjacent frames being separated by an inter-frame interval.

Abstract: Systems, methods, and devices configured to build and utilize an intelligent cipher transfer object are provided. The intelligent cipher transfer object includes a set of participants protected by cloaking patterns. A portable dynamic rule set, which includes executable code for managing access to the protected set of participants, is included within the intelligent cipher transfer object. For a given user, the intelligent cipher transfer object may provide access to some of the participants while preventing access to other participants, based on the portable dynamic rule set therein.

Abstract: A control unit device in one disclosed embodiment includes a receiver and a memory that stores one or more operation keys and program instructions. The control unit further includes a processor coupled to the receiver and the memory. The program instructions are executable by the processor to cause the control unit device to, in response to a revocation command received by the receiver, perform a revocation process by selecting which of the one or more operation keys to retain in the memory based on, for each of the one or more operation keys, whether the control unit receives a message encrypted by the operation key during the revocation process.

Abstract: A method and system for generating a secure random seed uses chemical processes in a battery of an information handling system as an entropy source for randomness. The secure random seed may be used by a pseudo-random number generator to create a secure pseudorandom bit stream usable to generate secure encryption keys.

Abstract: A data transmission method, a base station, and user equipment are presented. The method includes performing rotation processing on a preset precoding matrix; performing precoding processing on to-be-sent information according to a precoding matrix obtained after the rotation processing; and sending to-be-sent information obtained after the precoding processing. In the embodiments of the present disclosure, indication information shared by a transmit end and a receive end is used to indicate whether to rotate a precoding matrix, and to-be-sent information is precoded according to the indication information. The transmit end and the receive end in this method learn the indication information in advance, and system security is improved by instructing the precoding matrix to perform flexible transformation.

Abstract: A vehicle includes a communicator for performing a radio frequency communication and another radio frequency communication with a smart key, and a controller for setting a plurality of vehicle controlled regions each having a preset range from a vehicle, estimating a position of a driver by using the radio frequency communication and the other radio frequency communication with the smart key, and setting a detection period of a Radio Frequency (RF) signal to be transmitted to the smart key based on a vehicle controlled region in which the driver is positioned, among the plurality of vehicle controlled regions.

Abstract: A control unit for retrofit to electromechanical or magnetic door locks is provided. The control unit includes a casing with an electrical exit port that is connected to the electrical connectors of a standard electromechanical door lock in order to provide an additional way of controlling the lock. Especially, the external control unit receives lock commands from a mobile device, such as a telephone, for locking or unlocking the door lock.

Abstract: Systems and methods for access control management designed for multi-unit buildings are provided. The disclosed systems can use mobile devices, a local mesh network, access control devices, and wireless communication to facilitate multi-unit real estate management. Mobile devices can download and use credentials to access appropriate areas and units in a building through local wireless communications with access control devices.

Abstract: The invention relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The invention is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the invention suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

Abstract: Apparatus and method for communication are provided. The method includes storing a machine type communication channel access profile of user equipment configured to utilize machine type communication with a network when the equipment has not an active connection with the network. The access profile is based on active UE contexts including serving-cell contexts of the device on the last access occasion. The access profile is synchronized between the user equipment and the network.

Abstract: In certain embodiments, a data structure including first and second data structure portions may be obtained, where the first data structure portion is generated based on a first cryptographic scheme, and the second data structure portion is generated based on a second cryptographic scheme. The data structure may be processed to determine the first cryptographic scheme for extracting data from the first data structure portion and the second cryptographic scheme for extracting data from the second data structure portion. In some embodiments, a computer program may use the first cryptographic scheme to decrypt the first data structure portion to extract the first information from the first data structure portion, and the same computer program may use the second cryptographic scheme to decrypt the second data structure portion to extract the second information from the second data structure portion.

Abstract: In certain embodiments, first and second information to be represented in a data structure (accessible to a plurality of entities) may be obtained. First and second sets of permissions associated with the first and second information may be respectively obtained. A first cryptographic scheme may be determined for the first information based on the first set of permissions being associated with the first information. A second cryptographic scheme may be determined for the second information based on the second set of permission being associated with the second information. A first data structure portion may be generated based on the first cryptographic scheme, where the first data structure portion represents the first information in the data structure. A second data structure portion may be generated based on the second cryptographic scheme, where the second data structure portion represents the second information in the data structure.

Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.

Abstract: A method of operating a security server to securely transact business between a user and an enterprise via a network includes receiving, at the security server from an enterprise with which the user is currently connected via the network, a request of the enterprise to activate a secure communications channel over the network between the user and the security server. The request includes contact information for contacting the user via other than the network. The security server, in response, transmits an activation code for delivery to the user via other than the network and in a manner corresponding to the received contact information. The security server receives, from the user via the network, an activation code and compares the received activation code with the transmitted activation code to validate the received activation code. The secure communications channel is then activated based on the validation of the received activation code.

Abstract: In an aspect, a method can include generating a cyclic redundancy check code for a binary data item, using a generator polynomial; and masking, using polynomial addition, the binary data item with a binary mask. The method can also include at least one of: storing, by a microcircuit, the masked binary data item in a memory of an electronic device; or transferring, by the microcircuit, the masked data item to another device. The cyclic redundancy check code for the binary data item can be generated from the masked binary data item to prevent discovery of the binary data item by a side-channel attack during the generating the cyclic redundancy check. The binary mask can be a multiple of a random number and the generator polynomial, such that respective cyclic redundancy check code of the masked data item and the binary data item have a same result.

Abstract: Embodiments of a system and method are disclosed concerning the management of file usage. The method of controlling file access may manage a file with a target ID that has a sender and a recipient. The method may also establish a priority level key associated with the file. The priority level key may control file access. The method may provide the file access to the recipient if the recipient has access rights corresponding to the priority level key.

Abstract: The systems and methods of the invention provide a technique for authenticating a finance related transaction. The method may include providing a token which contains a token counter, the token counter periodically advancing to generate a changing token value, the token counter being synchronized to a base counter that generates an authenticating value; transforming the token value into a token output sequence using logic; and outputting at least part of the token output sequence to an authenticating authority, the authenticating authority having access to the authenticating value.

Abstract: A vehicle key fob is provided having a module for wirelessly communicating with an associated mobile device, a dedicated input device for initiating a mobile link mode, a plurality of input devices for commanding an associated vehicle to perform a user-selected function, and a processor configured to, upon receiving an input at the dedicated input device, send a command signal for performing the user-selected function to the mobile device.

Abstract: A method of controlling access at a vehicle to information communicated over a vehicle bus includes: storing one or more electronic control unit (ECU) identities in a central gateway module (CGM) that is communicatively linked with a vehicle bus; associating one or more message permissions for receiving messages via the vehicle bus with one of the ECU identities in the CGM that represents an ECU communicatively linked with the vehicle bus; wirelessly receiving a computer-readable instruction at the vehicle directing the CGM to change one or more message permissions associated with the ECU identity; and storing the changed message permissions in the CGM.

Abstract: Provided is an ultrasonic-wave communication system where the influence of ambient noise and the Doppler effect are suppressed and where a user of a portable terminal is prevented from hearing unwanted sound. After performing encryption processing of predetermined information such as store information, a beacon 5 sends out predetermined-information-containing beacon information of one channel as ultrasonic waves into the salesroom 3 by combining a control carrier, a first carrier, and a second carrier in such a way that a first carrier signal and a second carrier signal are output between control carrier signals a number of times according to the predetermined information and that a state where the first carrier signal and/or the second carrier signal is output is maintained.

Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.

Abstract: Embodiments of the invention provide methods for key fob to control unit verification, retention, and revocation. After an initial pairing between a key fob and a control unit, the devices share a secret operation key (OpKey). For verification, the key fob sends the 8 lowest-order bits of a 128-bit counter and some bits of an AES-128, OpKey encrypted value of the counter to the control unit. For key revocation and retention, the control unit is prompted to enter an OpKey retention and revocation mode. Subsequently, each of the remaining or new key fobs is prompted by the user to send a verification message to the control unit. When the control unit is prompted to exit the OpKey retention and revocation mode, it retains the OpKeys of only the key fobs that sent a valid verification message immediately before entering and exiting the OpKey retention and revocation mode.

Abstract: A multi-function identification system is described in the present invention. The system includes an appliance and a number of keys. Under a registration process, the system allows multiple appliances to be controlled by a single key or an appliance can be controlled by different keys. The system can also allow users to set specified actions to be conducted after identification processes are completed. That satisfies requirements of a multi-function identification. Meanwhile, the key is a plug-and play and on-the-go product. It is desired that the key is a host used for other purpose.

Abstract: A system and method of generating an encryption key in a self-encrypting mass storage device that includes using a manual input device as input for a micro-controller that contains a cyclic counter. An input device event triggers the micro-controller to read the current state of the cyclic counter. An accumulation of cyclic counter values is used as a source of entropy to seed a deterministic random number generator. The output of the deterministic random number generator is used as an encryption key for encryption/decryption processes within the mass storage device.

Abstract: Systems and methods for access control management designed for multi-unit buildings are provided. The disclosed systems can use mobile devices, a local mesh network, access control devices, and wireless communication to facilitate multi-unit real estate management. Mobile devices can download and use credentials to access appropriate areas and units in a building through local wireless communications with access control devices.

Abstract: A state matcher for a logic circuit may detect at least one of a buggy state of the logic circuit, a precursor to a buggy state of the logic circuit and a verified state of the logic circuit based on a plurality of signal values indicative of a state of the logic circuit. A recovery controller for a microprocessor may reconfigure the microprocessor to a trusted feature mode in response to receiving a signal indicating that the microprocessor is in a predefined state and operate the microprocessor in the trusted feature mode for a predetermined period of time.

Abstract: A method and system for use in generating authentication codes associated with devices is disclosed. In at least one embodiment, the method and system may generate a secret value that depends on event state data that specifies an operating condition of a device, and may generate a series of authentication codes that depends on the secret value and a series of dynamic values.

Abstract: A remote sensing device is utilized to activate boundary alert sensors in a vehicle to reduce current loading during a key-off condition. Communication between the remote sensing device and the vehicle is via a radio-frequency interface that is part of a remote keyless entry system. The remote sensing device transmits a signal to the vehicle when an object is detected within a predetermined range of the remote sensing device. In response to the signal, the vehicle activates one or more boundary alert sensors. The boundary alert sensors may include a camera, a radar, and an ultrasonic sensor. The remote sensing device can be configured to extend a range of the radio-frequency interface by repeating messages that it receives.

Abstract: Systems and methods for access control management designed for multi-unit buildings are provided. The disclosed systems can use mobile devices, a local mesh network, access control devices, and wireless communication to facilitate multi-unit real estate management. Mobile devices can download and use credentials to access appropriate areas and units in a building through local wireless communications with access control devices.

Abstract: In one embodiment, a first message is obtained and encrypted to produce a ciphertext. The first message is encrypted such that decryption of the ciphertext utilizing a first key yields the first message, and decryption of the ciphertext utilizing a second key different than the first key yields a second message that is distinct from the first message but shares one or more designated characteristics with the first message. Encrypting the first message may more particularly comprise mapping the first key to a first seed, mapping the first message to a second seed, determining an offset between the first and second seeds, and generating the ciphertext based on the determined offset. Such an arrangement prevents an attacker from determining solely from the second message if decryption of the ciphertext has been successful or unsuccessful. Other embodiments include decryption methods, apparatus for encryption and decryption, and associated articles of manufacture.

Abstract: A system generally for personalizing and synchronizing fob data in the context of a distributed transaction system is disclosed. A dynamic fob synchronization system may comprise point of service (POS) devices configured with transponder-readers to initiate a transaction in conjunction with a fob, an enterprise data collection unit, and a fob object database update system. In an exemplary embodiment, a dynamic synchronization system (DSS) may comprise a personalization system and an account maintenance system configured to communicate with a fob object database update system (FODUS). Personalization of multi-function fobs may be accomplished using a security server configured to generate and/or retrieve cryptographic key information from multiple enterprise key systems during the final phase of the fob issuance process.

Abstract: Methods and systems are described for authorizing an item with an RFID tag to leave a facility. In one embodiment, a mobile device receives or determines an exit code (EC) to write into the tag in response to providing authorizing information. The EC may be based on information stored in the tag such as the tag's item identifier or other tag information (collectively an item identifier or II), a ticket value, other information such as the OC, a mobile identity or location, or any other suitable information. Upon verification of the EC, the tagged item is allowed to leave the facility. In another embodiment, the mobile device stores an item identifier (II) associated with the tag and provides authorizing information. Upon verifying the authorizing information and confirming that the stored II corresponds to the tagged item's II, the tagged item is allowed to leave the facility.

Abstract: A motorcycle includes an ignition switch unit that allows at least starting operation of an engine and unlocking operation of a handlebar by operation of an ignition knob after restriction of turning of the ignition knob by a lock mechanism is canceled when electronic authentication is conducted. An emergency release mechanism is configured to directly or indirectly allow the starting operation of the engine by an emergency release key regardless of the electronic authentication. The emergency release key has a rod-like grip portion, and a magnet key provided to a lateral on a side of an end of the grip portion. A keyhole for the magnet key of the emergency release mechanism is arranged in a direction opposed to an insertion direction of the emergency release key.

Abstract: An embodiment of the invention includes a method of authenticating a second device connected to a first device. The method includes transmitting a first data string from the first device to the second device and receiving a second data string at the first device from the second device. The method also includes generating a third data string using an alteration key at the first device and comparing the third data string and either the first data string or the second data string. The method further includes authenticating the second device if the compared data strings match.

Abstract: According to one aspect, a method, system and technique for system security for network resource access using cross-firewall coded requests is disclosed. The system and technique includes a firewall, a first appliance device located behind the firewall, and a second appliance device located before the firewall. The second appliance device is configured to receive a data request, convert the data request into a coded request, and transmit the coded request to the first appliance device, and wherein the coded request corresponds to a specific type of data request. The first appliance device is configured to receive the coded request from the second appliance device and, if the coded request corresponds to one of a plurality of codes of a command list maintained by the first appliance device, process the data request.

Abstract: A transponder (140) for communicating with a reader device (120), the transponder (140) comprising a processing unit (142) adapted for generating an identifier (210) during an initialization phase of a communication session with the reader device (120), the identifier (210) being generated as a combination of a first part (214) being a random number and of a second part (212) being identical to a portion (202) of a previous identifier (200) used during a previous communication session preceding the present communication session with the reader device (120), and a transmission unit (136) adapted for transmitting the identifier (210) to the reader device (120).

Abstract: An automatic locking system for a medical treatment device helps to ensure that an assistant is present during treatment of a patient. Among the features disclosed biometric authentication to verify that a trained assistant is present, a presence detector to ensure the assistant is continuously present during treatment, and warning and recovery processes that allow intermittent lapses in the continuous presence of the assistant.

Abstract: An improved barrier door one way wireless communication system for operating a barrier, such as a garage door, includes the transmission and reception of multibit code hopping data packets in combination with automatic RF channel switching. Packet data is transmitted automatically on more than one RF channels in a switching style while sending two or more redundant multibit code hopping data packets on each of the RF channels. The system also provides for the learning of a transmitter to a receiver where two or more code hopping data packets must be received and decoded by the receiver on all RF channels before a transmitter can be learned to a receiver. Once the transmitter is learned, actuation of the transmitter during a learn mode can open a window for learning of a single channel transmitter.