Abstract: Embodiments of the invention provide systems and methods for providing service level, policy-based QoS enforcement on a network or networks. According to one embodiment, a system can comprise at least one communications network, a first endpoint communicatively coupled with the communications network, and a second endpoint communicatively coupled with the communications network and can monitor traffic on the communications network between the first endpoint and the second endpoint. A policy enforcer can be communicatively coupled with the network monitor. The policy enforcer can apply one or more policies based the traffic between the first endpoint and the second endpoint. The one or more policies can define a Quality of Service (QoS) for the traffic between the first endpoint and the second endpoint and can apply the policies to affect the traffic between the endpoints to maintain the QoS defined by the one or more policies.

Abstract: In the context of facilitating a circuit switched to packet switched handover of a call in a cellular communication system, a first node (e.g., packet switched target node) generates a security context for a client whose call is being handed over. This involves the first node receiving at least one cryptographic key from a second node (e.g., a circuit switched node supporting the existing connection) and receiving identities of security algorithms supported by the client from a third node (e.g., a packet switched node supporting the existing connection); The first node uses the at least one cryptographic key and the identities to generate the security context for the client.

Abstract: Methods and systems for slow associated control channel signaling are disclosed. An example method for securing communications in a mobile network disclosed herein comprises transmitting a first variant of a message of a first type on a first slow associated control channel (SACCH) before ciphering is started on the first SACCH, and after ciphering is started on the first SACCH, transmitting a second variant of the message of the first type on the first SACCH, and subsequently transmitting the second variant of the message of the first type on the first SACCH, wherein the subsequently transmitted second variant of the message of the first type is the next transmitted message of the first type on the first SACCH.

Abstract: A trusted domain name server is introduced to provide a secure route optimization procedure for MIPv6. A trusted authority registers network addresses of a mobile node with corresponding fully qualified domain names. The trusted domain name server can later be queried to compare the domain of a network address for a mobile node with the domain of a network address for another network node.

Abstract: A mobile device can save time by validating a stored message, which was previously unreadable, by utilizing a related message, which can be received at a much quicker rate. In accordance with some aspects, the mobile device can save time by validating the stored message by reading a new related message and subsequently re-reading or descrambling the stored message or its CRC. The first attempt to read the message might not be successful due to a scrambling information change or due to other reasons. The reason for the failure of the first attempt to read the message may be determined based on whether a later attempt to read the message with the same or a different scrambling information is successful.

Abstract: The present invention is directed to security systems and methods for mobile network-based data environments. The present invention provides an integration of security, mobile computing, wireless and IT infrastructure management technology, to create a new level of automation and enforcement to enable the transparent application of mobile security across an enterprise, while embracing end user “transparency” and “ease of use” and empowering IT administration.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. A secret key holding section is provided for holding different secret keys for different apparatuses.

Abstract: Systems and methods for identifying, tracking, tracing and determining the authenticity of a good include an imaging system, a database, and an authentication center. The imaging system is configured to capture an image of a unique signature associated with a good. The unique signature can be, for example, a random structure or pattern unique to the particular good. The imaging system is configured to process the image to identify at least one metric that distinguishes the unique signature from unique signatures of other goods. The database is configured to receive information related to the good and its unique signature from the imaging system, and to store the information therein. The authentication center is configured to analyze the field image with respect to the information stored in the database to determine whether the unique signature in the field image is a match to the captured image stored in the database.

Abstract: A reach back secure communications terminal includes a digital PBX adapter that offers immediate and secure voice, data and video connectivity over any of various commercially available PBX systems. In addition to use with a PBX system, integrated components simplify access to varied networks allowing deployed users to select and connect quickly to a network that best supports their present mission. Commercial or optional NSA Type 1 encryption may be implemented. Networking options include any of PSTN, PBX, GSM (or CDMA or other cell telephone standard), SAT, IP and WiFi. The digital PBX adapter includes an audio mixer that converts a 4-wire input from a handset jack of a PBX handset base, into a 2-wire output destined for an encryption unit (FNBDT). The user determines a necessary gain of the audio mixer for the particular PBX system by trial and error using a multi-position switch.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. A secret key holding section is provided for holding different secret keys for different apparatuses.

Abstract: The present invention relates to a system (10) operable to control access to different physical spaces, each provided with an electrical locking device (121, . . . , 12n), with the aid of a programmable, mobile unit (14). The system (10) comprises an authority means (16) operable to issue access rights connected to the programmable, mobile unit (14) in the form of an authorizing data (AD), which authorizing data (AD) is sent to an authorization means (18) connected to the authority means (16), and operable to generate an alpha-numerical key for the mobile unit (14), and to send the alpha-numerical key and a unique identifier of the mobile unit (14) to an operator (20), which is connected to the authorization means (18). The operator (20) is operable to send the alpha-numerical key to the mobile unit (14) identified by the unique identifier.

Abstract: A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.

Abstract: A mobile communication terminal connected to the portable electronic device encodes a system serial number and an authentication key, generates an integration secrete key, and transmits the integration secrete key to an authentication center computer. The authentication center computer decodes the integration secrete key, performs authentication registration, encodes a temporary service approval key and a temporary integration authentication key, and transmits the temporary service approval key and the temporary integration authentication key to the mobile communication terminal. The mobile communication terminal decodes the temporary integration authentication key, obtains approval for the relay, and transmits the temporary service approval key to the portable electronic device. The portable electronic device decodes the temporary service approval key, performs authentication for utilizing a service, and applies the temporary service approval key to an application service.

Abstract: A key message can include a key-encryption-key (KEK) associated with a KeyDomainID and a KeyGroupID. A session description message can describe streaming media initialization parameters containing media stream information for one or more media streams. For each media stream, the media stream information can include an IP address and a data port. The session description message can further contain a linkage for binding the KEK to a corresponding one of the media streams. The linkage can include the KeyDomainID and KeyGroupID or can include an abstract representation of the KeyDomainID and KeyGroupID. During session initialization, the key-encryption-key (KEK) can be bound to the media streams using the linkage of the session description message. Each of the media streams can be secured using a traffic key conveyed to user equipment (UE) under protection of the key-encryption-key (KEK).

Abstract: A mobile terminal is provided with a network lock functionality for a network. The mobile terminal includes a subscriber identity module (SIM) slot configured to host a SIM card or an unlocking device, a control chip, an encryption chip, and a network locking module. The control chip is coupled to the SIM slot through a first interface, the encryption chip is coupled to the SIM slot through the first interface to communicate with a module inserted into the SIM slot, and the network locking module is coupled to the encryption chip through a second interface. Further, the network locking module is configured to perform the network lock functionality. The network locking module also has an “open” state supporting a network unlocking operational mode and a “close” state supporting a network locking operational mode.

Abstract: In a method for protecting data of a mobile phone, the mobile phone includes a storage system. The storage system stores a plaintext file to be encrypted and an international mobile equipment identification (IMEI) number of the mobile phone. The IMEI number of the mobile phone and the plaintext file are read from the storage system. A ciphertext is generated from the plaintext file according to the IMEI number of the mobile phone using an encryption algorithm. The IMEI number of the mobile phone and the ciphertext are read from the storage system when the ciphertext needs to be decrypted. The plaintext file is recovered from the ciphertext according to the IMEI number of the mobile phone using a decryption algorithm.

Abstract: Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

Abstract: A computer implemented method for accessing materials for a meeting may include receiving a call from a meeting participant by a system, wherein the meeting participant calls a prearranged teleconference number to participate in the meeting. The method may also include validating participation of the meeting participant in the meeting by the system. The method may further include providing access to an appropriate set of materials to the meeting participant based on a predetermined attribute associated with the meeting participant.

Abstract: A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.

Abstract: The present invention provides a method involving a femtocell in communication with an Internet Protocol Multimedia Subsystem (IMS) network. In one embodiment, the femtocell operates according to code division multiple access (CDMA) standards. The method includes receiving, from the femtocell and at a first secure entity in the IMS network, first authentication information generated by the mobile unit using a first random number broadcast by the femtocell in a global challenge. The method also includes receiving, from a second secure entity in the secure network, at least one security key formed based on the global challenge and second authentication information for uniquely challenging the mobile unit. In one embodiment, the second secure entity is a CDMA-based authentication server. The method further includes providing the security key(s) to the femtocell in response to authenticating the mobile unit based upon the second authentication information.

Abstract: A process for testing an integrated circuit includes collecting a set of points of a physical property while the integrated circuit is executing a multiplication, dividing the set of points into a plurality subsets of lateral points, calculating an estimation of the value of the physical property for each subset, and applying to the subset of lateral points a step of horizontal transversal statistical processing by using the estimations of the value of the physical property, to verify a hypothesis about the variables manipulated by the integrated circuit.

Abstract: A bit sequence, which is contained in a signalling message and which is known to a network unit and to a communications terminal which receives the signalling message from the network unit, informs the communications terminal that a test value is contained in a signalling message. The test value received by the communications terminal is compared with a test value computed by the communications terminal, and the communications terminal defines a signalling message as being unmodified only in the event that the bit sequence contained in a signalling message has been received and the comparison of both test values yields a positive result.

Abstract: A data communication method, a communication system, and related devices are configured to establish a transaction identifier (TI) in a user equipment (UE). The data communication method includes the following steps. A mobility management entity (MME) receives a request message and obtains ability information of the UE. If the UE has an ability to access a Universal Terrestrial Radio Access Network/GSM/EDGE Radio Access Network (UTRAN/GERAN), the MME generates the TI. A communication system and related devices are also provided. Thus, the TI is effectively established in the UE, so as to ensure normal processing of the UE.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory and a logic unit. The logic blocks are grouped into one or more partitions. The memory stores authentication and partition information uploaded to the programmable logic device prior to partition programming. The logic unit authenticates programming access to the one or more partitions based on the authentication information and controls programming of the one or more partitions based on the partition information.

Abstract: A method is provided for Authenticator Relocation in a communication system applying an Extensible Authentication Protocol, or the like, which provides replay protection and mitigates the rogue ASN-GW problem during relocation of the Anchor Authentication, and without conducting re-authentication of the MS. The method of the invention optionally allows secure refresh of the MSK.

Abstract: A computer-implemented method for diverting children from restricted computing activities. The method may include maintaining a list of safe computing activities, maintaining a list of restricted computing activities, and detecting a child's attempt to perform a restricted computing activity identified in the list of restricted computing activities. The method may also include selecting a safe computing activity from the list of safe computing activities. The method may further include, in response to the child's attempt to perform the restricted computing activity, blocking the restricted computing activity and initializing the safe computing activity selected from the list of safe computing activities. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: One embodiment includes a method for designating, at a first device, one of a first plurality of wireless channels as a bind channel, then transmitting a channel change request message using a second plurality of wireless channels, wherein the channel change request includes which one of the plurality of wireless channels is a designated bind channel, transmitting a bind request message using the designated bind channel, and then receiving a bind response message from a second wireless device using the designated bind channel.

Abstract: Systems and methods for implementing a location token service (LTS) to enhance the security of mobile device identity tokens by using the location of the mobile device to augment the tokens. The LTS enforces re-authentication (login) of the mobile device to one or more applications if the mobile device moves beyond a threshold distance from the location of the last use of the token within a time period defined in a temporal threshold. The LTS increases authentication strength and drastically reduces the potential for spoofing or otherwise permitting unauthorized access to one or more applications on the mobile device.

Abstract: Methods and devices for allowing a wireless communication device (1301) initially unauthorized for communication with a network to obtain persistent soft network subscription credential information (1303) from a wireless communication device (1401) initially authorized for communication with the network are disclosed. In performing the persistent transfer of the soft network subscription credential information (1303), one of a token management module (1312), a session initiation protocol communication module (1408), or a electronic rights manager (1406) may be used to ensure that only one communication device is capable of communicating with a network at any one time.

Abstract: The disclosure discloses a method for communication based on pseudo-contact information, which including: when a call is received, acquiring contact information of a calling party, and encrypting the contact information by using a preset encryption algorithm to acquire pseudo-contact information; when the pseudo-contact information does not match locally stored pseudo-contact information, displaying real contact information of the calling party, wherein the locally stored pseudo-contact information represents the pseudo-contact information generated by encrypting the contact information to be stored according to the preset encryption algorithm and locally stored; and when the pseudo-contact information matches the locally stored pseudo-contact information, displaying a substituted contact information generated by substituting a plurality of bits of the real contact information of the calling party with an identifier.

Abstract: A method and terminal for implementing hot-plug of a smart card are disclosed. The method includes: during the process of playing mobile multimedia, a descrambling library sending request information for obtaining a program key to a smart card driving module, which judges whether a smart card is in a plug-in state or a pull-out state after receiving the request information: if in the plug-in state, the smart card driving module forwarding the request information to the smart card, receiving response information returned by the smart card, forwarding the response information to the descrambling library, and meanwhile forwarding the response information to a virtual smart card module to save; if in the pull-out state, the smart card driving module forwarding the request information to the virtual smart card module, which returns the saved response information to the smart card driving module, which forwards the response information to the descrambling library.

Abstract: The present invention provides a method and apparatus for protecting a core network (102) by receiving (202) a message (302, 402) containing a mobile identity of a MS (104) and dropping (210) the message (302, 402) whenever the received mobile identity does not match a stored mobile identity associated with the MS (104). The message (302, 402) is processed (208) whenever the received mobile identity matches the stored mobile identity associated with the MS (104). The mobile identity can be an IMSI, a TMSI or a P-TMSI. The message (302, 402) can be an uplink message (302) or a downlink message (402), such as a Mobility Management (MM) message, a General Packet Radio Service (GPRS) Mobility Management (GMM) message, or a UMA or Unlicensed Radio Resources (URR) message. The present invention can be implemented as a computer program embodied on a computer readable medium wherein the various method steps are implemented by one or more code segments.

Abstract: The present invention provides a method involving a femtocell in communication with an Internet Protocol Multimedia Subsystem (IMS) network. In one embodiment, the femtocell operates according to code division multiple access (CDMA) standards. The method includes receiving, from the femtocell and at a first secure entity in the IMS network, first authentication information generated by the mobile unit using a first random number broadcast by the femtocell in a global challenge. The method also includes receiving, from a second secure entity in the secure network, at least one security key formed based on the global challenge and second authentication information for uniquely challenging the mobile unit. In one embodiment, the second secure entity is a CDMA-based authentication server. The method further includes providing the security key(s) to the femtocell in response to authenticating the mobile unit based upon the second authentication information.

Abstract: An authentication control apparatus is disclosed that includes plural authentication units that perform authentication for an operator with different authentication methods; a corresponding information management unit that manages corresponding information between the mode of an authentication request and the authentication unit to be used; and an authentication control unit that determines the authentication unit corresponding to the mode of the authentication request based on the corresponding information in response to the authentication request from the operator and causes the determined authentication unit to execute the authentication for the operator.

Abstract: A method and system is provided for assessing the cumulative set of access entitlements to which an entity, of an information system, may be implicitly or explicitly authorized, by virtue of the universe of authorization intent specifications that exist across that information system, or a specified subset thereof, that specify access for that entity or for any entity collectives with which that entity may be directly or transitively affiliated. The effective system-level access granted to the user based upon operating system rules or according to access check methodologies is determined and mapped to administrative tasks to arrive at the cumulative set of access entitlements authorized for the user.

Abstract: A multimedia messaging system for receiving/sending multimedia messages, includes: a wireless LAN; and a MMS gateway. The MMS gateway performs: receiving/sending the multimedia message to/from a MMS user device via the wireless LAN; and encrypting the multimedia message. The encryption is performed by: issuing a certificate to the MMS user device; sending a session ID and a master key encrypted by the MMS gateway's private key to the MMS user device in response to a request of the MMS user device having the certificate; generated a shared secret key using an algorithm combining the master key with the MMS user device's phone number and the session ID; and encrypting the multimedia message using the shared secret key.

Abstract: A roaming authentication method based on WAPI. The present invention includes the steps of adopting a terminal and a wireless access point to initiate a WAPI security mechanism, relating the terminal to the wireless access point, and initiating a WAPI authentication process and so on. And a highly safe and convenient roaming authentication method based on WAPI is provided, so as to solve the technical problem that how the specific method of certificate roaming authentication is realized, the certificate of external network authentication server can not be obtained to establish a trustful relationship, and the terminal perhaps can not realize roaming authentication.

Abstract: A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server.

Abstract: An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement.

Abstract: A method of authentication in a communications network, said communications network comprising a network authentication server, a local authentication entity and a user terminal, said local authentication entity comprising a subscriber application and an authentication application, said method comprising the steps of: sending a request from the local authentication entity to the network authentication server to authenticate the user terminal, said request comprising the identity of the user terminal; generating by the network authentication entity an authentication key in response to the request and generating by the subscriber application an identical authentication key; sending the authentication key generated by the network authentication server securely to the user terminal identified by said identity, then storing the authentication key at the user terminal; sending the authentication key generated by the subscriber application securely to the authentication application, then storing the authentication k

Abstract: A method, a device, and a system for network interception are provided. The method for network interception includes the following steps. A matching rule obtained by parsing an interception policy. Received data are selected by adopting a deep packet inspection (DPI) according to the matching rule so as to obtain an interception result, in which the received data are obtained by adopting data preprocessing to filter packet data according to a service customizing rule obtained by parsing the interception policy. The system for network interception includes a service probe server (SPS) and a service analyze server (SAS). Thus, various packet data services transmitted over an Internet protocol (IP) network can be intercepted.

Abstract: A base station of a wireless communication system includes: a base station side data generation portion generating a number of sets of scramble data which are different from each other while the number of sets of the scramble data is the same as or more than the number obtained by multiplying the number of the sub-channels used in said overall wireless communication system by the number of the subcarriers; a base station side storage portion which stores the scramble data; a base station side upper layer control portion which outputs both transmission data for a terminal at other end of a communication and information of sub-channels; a base station side lower layer control portion which, based on the information of the sub-channels, controls the base station side storage portion to output scramble data corresponding to the sub-channels; a base station side scramble portion which conducts a multiplication operation between the transmission data output from the base station side upper layer control portion and

Abstract: Using an identifier generation algorithm, a device coupled to a communication network generates an SSID and associated encryption key for a mobile device using its unique identifier. The encryption key and SSID are stored to a configuration database server coupled to the network. A wireless-capable device that provides access to the network receives the SSID and encryption key from the configuration database and sends a broadcast message that includes the SSID and unencrypted original information. The mobile user device receives the broadcast message when it enters the presence of the wireless access device. Using the identifier generation algorithm the mobile device generates an SSID and key from its unique identifier and encrypts the original information and sends a return message including the SSID and the encrypted original information. The mobile device is granted access if unencrypted original information from the return message matches that sent in the broadcast message.

Abstract: A method is provided for use in a Mobile IP network in which it is determined whether a Mobile Node (10) in a visited network is reachable on a new claimed Care-of Address for the Mobile Node (10) using information relating to a pre-established cryptographic relationship between the Mobile Node (10) and an Access Router (20) of the visited network. It may be determined, through communication between a Home Agent (30) for the Mobile Node (10) in the Mobile Node 10's home network and the Access Router (20), whether such a pre-established cryptographic relationship exists. The existence of such a pre-established relationship would indicate that the Mobile Node (10) is reachable on the claimed Care-of Address.

Abstract: The present invention relates to a system and method for routing a data from one or more mobile communication channel to one or more fixed communication channel in a resource efficient manner. The delinking router of the system communicates with the one or more mobile communication channel and with one or more fixed communication channel and transmits the request to a Base Transmitting Station (BTS) for routing the data from the mobile communication channel to the fixed communication channel. The delinking router also reduces energy and spectrum consumption of the mobile communication channel by turning off its radio frequency module after routing its data to the fixed communication channel.

Abstract: A method for managing UMA communications within a local area network and a network controller are disclosed. The method includes establishing a first connection between a first UMA device and a LAN-based UMA network controller (LAN-UNC) and establishing a second connection between a second UMA device and the LAN-UNC. The first and second connections are carried over the local area network. The first and second UMA devices are connected to the same local area network. The method provides establishing a third connection between the LAN-UNC and a UMA network controller (UNC). The UNC is connected to an external network and the third connection extends over the external network. The method includes transporting packets received using the first and second connections to the UNC using the third connection. Packets received using the third connection are transported to the first UMA device using the first connection and to the second UMA device using the second connection.

Abstract: A system and method for dynamically and automatically updating the appropriate fields on the message application screen of an electronic message to show which of the appropriate service book, security encoding or security properties are acceptable or allowed for the message being composed. This updating occurs automatically based on the contents of the fields that are modified during composition of the message, such as, for example, modifications to classification of the message, recipients, keywords, or the like. Thus, the properties in place for a given message is reflected in a dynamic options list provided to the user based on the contents of various fields of the electronic message and the system policies resident on the system. The dynamic updating may provide an updated list of options to the user, or may optionally automatically apply minimum level settings based on security policy and contents of the message.

Abstract: Methods, devices, and systems for creating and using a trusted host list for Transport Layer Security (TLS) sessions are provided. The proposed solutions described herein provide a mechanism of specifying authorization policy for TLS sessions where such authorization was traditionally implied by the possession of a certificate issued by a mutually trusted third party. The proposed solutions also provide for wildcard use and regular expression matching to simplify administration of the trusted host list.

Abstract: Systems, methods, and programs for generating an authorized profile for a text communication device or account, may sample a text communication generated by the text communication device or account during communication and may store the text sample. The systems, methods, and programs may extract a language pattern from the stored text sample and may create an authorized profile based on the language pattern. Systems, methods, and programs for detecting unauthorized use of a text communication device or account may sample a text communication generated by the device or account during communication, may extract a language pattern from the audio sample, and may compare extracted language pattern of the sample with an authorized user profile.

Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.