Abstract: Systems, methods, and programs for generating an authorized profile for a text communication device or account, may sample a text communication generated by the text communication device or account during communication and may store the text sample. The systems, methods, and programs may extract a language pattern from the stored text sample and may create an authorized profile based on the language pattern. Systems, methods, and programs for detecting unauthorized use of a text communication device or account may sample a text communication generated by the device or account during communication, may extract a language pattern from the audio sample, and may compare extracted language pattern of the sample with an authorized user profile.

Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.

Abstract: Systems, methods, and apparatus for facilitating secure over-the-air (OTA) programming are presented herein. A device can store a key, which can be based on a key algorithm (K-algorithm) and an identifier associated with the device. The device can receive information such as parameter(s) and a verification number from a communications system. The verification number can be generated by using an authorization algorithm (A-algorithm) based on the parameter(s) and a K-algorithm input. The device can generate a trial verification number by using the A-algorithm with the parameter(s) and the key as trial inputs. The device can compare the verification number to the trial verification number, and in response to the verification number being at least similar to the trial verification number, the device can use the parameter(s) for programming of the device.

Abstract: A method including generating a plurality of convergence layer protocol data units in a packet-switched telecommunications system protocol stack; ciphering the plurality of convergence layer protocol data units using a ciphering sequence number; transferring the plurality of ciphered convergence layer protocol data units to a link layer of the packet-switched telecommunications system; discarding at least one ciphered convergence layer protocol data unit at the link layer and generating a link layer protocol data unit from at least one of the ciphered convergence layer protocol data units that has not been discarded; and transmitting the link layer protocol data unit and information relating to the discarding for a peer link layer.

Abstract: Techniques for communicating information over management channels are described. An apparatus may comprise a classifier module operative to classify management information for a wireless communications network as media access control security management information or media access control management information. The apparatus may further comprise a wireless transceiver to couple to the classifier module, the wireless transceiver operative to communicate the media access control security management information over an insecure management connection and the media access control management information over a secure management connection. Other embodiments are described and claimed.

Abstract: A method is provided for controlling a mobile device capable of accessing an AP card of a DTV located in one independent space among a plurality of independent spaces physically separated from one another. The method includes accessing a management server using the AP card, downloading an in-room control application from the management server, requesting a unique access code from the management server using the AP card if the downloaded in-room control application is executed, wherein the unique access code is mapped to both an ID of the AP card and an available term assigned to a current guest staying in the independent space, receiving the unique access code from the management server, and transmitting a command signal for changing a status of a controllable device contained in the independent space and the received unique access code to the AP card of the DTV.

Abstract: Method, program, network system and client device each has a structure of being given encryption information different from given present encryption information by use of the given present encryption information and being given different encryption information in incremental steps, to one or a plurality of the connection destinations (client device CLm), for security setting of wireless communication network (wireless LAN device 2) to one or a plurality of connection destinations.

Abstract: Password aging based on the strength of the password provides an incentive for users to generate and/or memorize more complex passwords. The strength of the password is computed from a formula that relates the length of the password and the types of characters contained in the password to a strength value, which can be performed using a lookup table having values for different characteristics of the password, determining partial strength values corresponding to the ranges in which the characteristics fall, and then adding the partial strength values. Alternatively, a separate password strength application may be used to provide the strength value, which is entered by the user or administrator generating a new password. Alternatively, the password may be generated based on a specified desired expiration period, with the strength computation performed to ensure that the strength is sufficient to merit the desired expiration period.

Abstract: A portable wireless device includes a processor portion, which is adapted to process audio information in two different ways, for two different purposes. One is to help generate a signal that drives a speaker of the device, so that a user can listen thereto. Another is to process audio information to derive plural-bit data therefrom. The device can then take an action based on the derived plural-bit data. In one particular arrangement, the processor is configured as a steganographic decoder. A variety of other features and arrangements are also detailed, including image-based methods, and arrangements employing various types of fingerprinting.

Abstract: The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database, for each record, extracting the data from the fields, concatenating the extracted data into an input message, running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps, and outputting a surrogate key.

Abstract: A transaction processing service operates as an intermediary between acquirers of financial transaction requests and issuing institutions that process the financial transaction requests. The intermediary service enables a customer to selectively change the status of an account's associated with a payment instrument by activating or deactivating the account. The intermediary service may manage account status locally using a rules module. Alternatively, the issuing institution may manage account status, while the intermediary service provides an interface for customers. A customer communicates with the intermediary service to direct the service to change the account status. The intermediary service determines the account's issuing institution and provides an indication to the issuing institution of the current status of the account (or of the change in status).

Abstract: A service request is received and associated with a subscriber id. Profile information is accessed for the source of the service request. A copy of the profile information is stored in a network element employed by the source of the service request to access the network.

Abstract: A system and method for authenticating a peer device onto a network using Extensible Authentication Protocol (EAP). The key lifetime associated with the keying material generated in the peer device and the authentication server is communicated from the authenticator to the peer device within the EAP Success message. The peer device, having been provided with the key lifetime, can anticipate the termination of its authenticated session and initiate re-authentication prior to expiry of the key lifetime.

Abstract: An apparatus and methods for securely forwarding data packets at a data switching node in a data transport network is provided. The data switching node maintains a switching database of switching entries. Each switching entry has a modification protection feature preventing its modification when activated. Dynamic topology discovery of data network nodes can be disabled via topology discovery control flags associated with individual physical communications ports of the data switching node. Unknown destination flood data traffic is not replicated to physical communications ports having topology discovery disabled or specifying the suppression of replication of such unknown destination data traffic thereto. The advantages are derived from a data switching node being enabled to operate concurrently in friendly and hostile environments while detecting, preventing and reporting incidences of hostile MAC ADDR attacks.

Abstract: A two-factor authenticated key exchange method. A subscriber station transmits a value generated by using an identifier and an authentication server's public key to the authentication server through an access point. The authentication server uses the value to detect the subscriber's password, a key stored in a token, and the authentication server's secret key, generate a random number. The subscriber station uses the random number, password, and the key to transmit an encrypted value and the subscriber's authenticator to the authentication server. The authentication server establishes a second value generated by using the password, key, and random number to be a decrypted key to decrypt the encrypted value, authenticate the subscriber's authenticator, and transmits the authentication server's authenticator to the subscriber station. The subscriber station authenticates the authentication server's authenticator by using the key and password.

Abstract: A mobile communication device is capable of communicating with a battery authorization server. Determining an authorization status of a smart battery currently powering the mobile communication device involves an initial authorization process and a subsequent authorization process. The initial authorization process is conducted between the mobile communication device and the smart battery. If the initial authorization process is successful, it is followed by a subsequent authorization process between the mobile communication device and the battery authorization server.

Abstract: A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.

Abstract: A mobile phone anti-theft system includes a mobile phone, a SIM card and a real-name card-issuing system. The real-name card-issuing system includes a central processing unit, a first user information storage area, transmission equipment, and a card reader. The SIM card communicates with the central processing unit through the card reader and the transmission equipment. The real-name card-issuing system sends user information stored in the first user information storage area to the SIM card. If the SIM card needs to change the user information, it should verify first cryptographic keys with the real-name card-issuing system. The mobile phone includes a micro control unit, a second user information storage area and a transmission unit. The SIM card communicates with the micro control unit through the transmission unit. After each startup of the mobile phone, the mobile phone verifies second cryptographic keys with the SIM card.

Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.

Abstract: The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Abstract: A system for broadcasting multiple public identities corresponding to the same apparatus. For example, each public identity may correspond to different operational environments, while none of the public identities disclose a private identity that uniquely and permanently identifies the apparatus. This allows apparatuses to keep their unique identity a secret while still being able to communicate with other apparatuses in various environments.

Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.

Abstract: The disclosure discloses a method for communication based on pseudo-contact information, which including: when a call is received, acquiring contact information of a calling party, and encrypting the contact information by using a preset encryption algorithm to acquire pseudo-contact information; when the pseudo-contact information does not match locally stored pseudo-contact information, displaying real contact information of the calling party, wherein the locally stored pseudo-contact information represents the pseudo-contact information generated by encrypting the contact information to be stored according to the preset encryption algorithm and locally stored; and when the pseudo-contact information matches the locally stored pseudo-contact information, displaying a substituted contact information generated by substituting a plurality of bits of the real contact information of the calling party with an identifier.

Abstract: Embodiments relate to suppressing Short Message Service (SMS) communications from a Short Message peer-to-peer (SMPP) client. A selected response algorithm is provided to the SMPP client from a server. A threshold of undesired SMS communications are detected from a SPAM originator that is communicated to the server by way of the SMPP client. A challenge is communicated to the SMPP client from the server. When a challenge response is not received at the server, communications received from the SMPP client are throttled. When the challenge response is received at the server and the challenge response is incorrect, communications received from the SMPP client are also throttled. When the received challenge response is correct, a SPAM originator source identifier is communicated to the SMPP client in order for the SMPP client to throttle communications received from the SPAM originator.

Abstract: A mobile telecommunications network and method of operation that includes establishing a first user plane connection between a telecommunications device registered with the network and a network gateway device of the network via a first access point; providing the telecommunications device with a token using the first user plane connection; establishing a second user plane connection between the telecommunications device and the network gateway device via a second access point by using the token information to validate the telecommunications device; and, subsequent to establishment of and corresponding to the second user plane connection, establishing a control plane connection between the telecommunications device and the network gateway device via the second access point.

Abstract: The authentication method is based on the exchange of text messages between an User electronic equipment, in the form of a mobile phone terminal, and an Intermediary electronic equipment, and between a Manager electronic equipment and an Intermediary electronic equipment; upon a request of authentication of a User by a Manager to an Intermediary, the Intermediary electronic equipment sends to the mobile phone terminal an authentication key by means of an encrypted text message; the mobile phone terminal decrypts the encrypted text message via a cryptography key, the cryptography key has been previously encrypted via a PIN and stored inside the mobile phone terminal; if the mobile phone terminal correctly replies to the encrypted text message by sending to the Intermediary electronic equipment an appropriate encrypted text message, authentication is successful; typically, SMS or MMS and asymmetric encryption are used for implementing this method.

Abstract: A mobile system, a service system, and a key authentication method to manage a key in a local wireless communication are provided. The mobile system and the service system may generate a hash value with respect to a public key of the service system using an identical hash function, and output a result corresponding to the hash value.

Abstract: A method for registering a Smartphone when accessing security authentication device and a method for access authentication of a registered Smartphone are provided. When a Smartphone based application searches for a device and attempts an access to the found device, the search and access for the device is limited according to a result of authentication using an activation code.

Abstract: Apparatus, methods, computer readable media and processors may provide a secure architecture within which a client application on a wireless device may, in some aspects, exchange information securely with resident device resources, and in other aspects, with a remote server over a wireless network.

Abstract: A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator. The present invention describes a method and apparatus for use in a home network to manage the generation, storage and use of the unique identifiers.

Abstract: The present invention relates to a method of generating a downlink frame. The method of generating the downlink frame includes: generating a first short sequence and a second short sequence indicating cell group information; generating a first scrambling sequence and a second scrambling sequence determined by the primary synchronization signal; generating a third scrambling sequence determined by the first short sequence; scrambling the first short sequence with the first scrambling sequence and scrambling the second short sequence with the second scrambling sequence and the third scrambling sequence; and mapping the secondary synchronization signal that includes the scrambled first short sequence and the scrambled second short sequence to a frequency domain.

Abstract: A method of providing certificate issuance and revocation checks involving mobile devices in a mobile ad-hoc network (MANET). The wireless devices communicate with each other via Bluetooth wireless technology in the MANET, with an access point (AP) to provide connectivity to the Internet. A Certificate authority (CA) distributes certificates and certification revocation lists (CRLs) to the devices via the access point (AP). Each group of devices has the name of the group associated with the certificate and signed by the CA. A device that is out of the radio range of the access point may still connect to the CA to validate a certificate or download the appropriate CRL by having all the devices participate in the MANET.

Abstract: A system and method is provided to determine location information of a portable computing device and, in particular, to a secure and scalable system and method of decoupling and exposing handset originated location information to third parties. The system includes a location platform to determine location information of a remote user, and an encryption service configured to secure the location information of the remote user and send the secure location information to a content provider.

Abstract: A reproducing apparatus (2) of the present invention receives information of a WEB site from a service-providing server (3) that administrates the WEB site, and reproduces the information. The service-providing server (3) holds identification information (40) of a user of a portable communication apparatus (1) that is permitted to access the WEB site. The reproducing apparatus (2) includes: a data receiving section for receiving, from the portable communication apparatus (1), invitation information (51), identification information (40), and transmission time point information (50); a reproducing apparatus infrared communication section; a destination determination section that establishes a connection to the service-providing server (3) based on the received invitation information (51), and transmits the invitation information (51), the identification information (40), and transmission-instruction time (50); and a reproducing apparatus communication control section.

Abstract: A secure authentication image file is generated for use in authenticating a device. The device performs a secure authentication algorithm on the secure authentication image file and a received plaintext challenge, and outputs a cyphertext response. If the cyphertext response matches a pre-stored cyphertext string associated with the plaintext challenge, then the device is authenticated. The secure authentication image file is pre-generated in a secure environment. A plurality of key address locations are reserved in a raw memory image file. A key merger application merges the secure key data into the raw memory image file to generate a secure authentication image file. A test set of plaintext/cyphertext pairs are generated using the newly created secure authentication image file. To maintain security of the secure authentication image file, the secure key data and the raw memory image file are erased from a working memory.

Abstract: A mobile terminal device, a wireless communication unit, a wireless communication system, and a wireless communication method by which 1:N communication can be realized at low power consumption and a CH occupation time can be shortened. After each terminal transmits an authorization request, it performs a carrier sense with the pattern corresponding to the transmission timing and waits for authorization response from a key unit (200). The key unit (200) transmits the authorization response at the timing when the carrier sense timings of a plurality of terminals which are authenticated in response to the authorization request from the terminal are coincident with each other. Accordingly, the key unit (200) performs transmission only to the authenticated terminals at one time, and 1:N communication can be realized at low power consumption.

Abstract: A communication protocol between a master device, such as a mobile phone, and a peripheral device facilitates authentication of the peripheral device. When a peripheral device is detected, the master device initiates a wake-up command to the peripheral device, transmits an authentication request command followed by challenge data to the peripheral device, and awaits responses from the peripheral device. The accessory receives the challenge data, performs a hash function on the challenge data, and generates response data. An authentication response type byte is sent to the handset followed by the response data. The handset compares the response data to pre-stored data that is associated with the challenge data. A match indicates that the accessory is authentic. The challenge/response data, also referred to as a plaintext/cyphertext pair, is pre-generated external to the handset using the hash function, then pre-stored in the handset.

Abstract: A globally unique identification system for a communications protocol and database is disclosed. A method for generating the globally unique identification code and for generating a compressed globally unique identification code is also described. The communications protocol permits multiple communications sessions to be sent through a single open port of a firewall.

Abstract: When an authentication identifier is contained in a first message required for receiving authentication with respect to IEEE 802.1x from a terminal device, the authentication is assumed to be successful and then a data link is established with the terminal device, and a filtering unit is set so as to pass a first packet which should be passed for receiving authentication with respect to a higher layer protocol from among packets sent from the terminal device through the data link and to block a second packet different from the first packet. If a second message required for receiving authentication with respect to the higher layer protocol from the terminal device is received through the filtering unit, the authentication with respect to the higher layer protocol is performed. When the authentication is successful, the filtering unit is set so as to pass the second packet.

Abstract: A method for secure and reliable authentication in a communication system. In an embodiment, the authentication method includes performing authentication of a user utilizing Extensible Authentication Protocol (EAP), and transmitting a result indication message to the user. The result indication message can include additional information for security and reliability. The method also includes receiving an acknowledgement message from the user. The acknowledgement message is sent by the user for confirming the reception of the result indication. In an embodiment, the method also includes retransmitting the result indication message if the acknowledgement message is not received within a predetermined time. The additional information for security and reliability can include Message Authentication Code (MAC) and time interval information. The additional information for security and reliability can also include a security/reliability flag.

Abstract: A method which improves the security of the authentication between two entities in a telecommunication network, and particularly between a mobile terminal and the fixed network, notably visitor location and nominal recorders and an authentication center, in a cellular radiotelephony network. Prior to a first authentication of the terminal, and more precisely of the SIM card therein, by the fixed network, a second authentication is based on an algorithm in which there are entered a random number produced and transmitted by the fixed network and a key different from the key for the first authentication. A transmitted signature and a signature result are produced by the fixed network and the terminal, and compared in the terminal in order to enable the first authentication in the event of equality.

Abstract: A network apparatus which is connected to a network is disclosed. The network apparatus includes a managing unit which manages an address range in which addresses to be allocated to a destination network apparatus are registered and encryption parameters for encrypting data to be transmitted to the destination network apparatus so that the address range and the encryption parameters are related to each other, an address generating unit which generates an address for the destination network apparatus by selecting an address in the address range, and an encryption unit which encrypts the data to be transmitted to the address generated by the address generating unit based on the encryption parameters.

Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: Various embodiments are described herein for a mobile communication device that authenticates a smart battery prior to use. The mobile device includes a main processor and a device memory. The device memory stores first and second portions of security information used for authentication. The smart battery includes a battery processor and a battery memory. The battery memory stores a third portion of security information used for authentication. The main processor sends an authentication request including the first portion of security information to the battery processor, and the battery processor generates a response based on the first and third portions of security information and sends the generated response to the main processor. The smart battery is authenticated if the generated response matches the second portion of security information.

Abstract: Disclosed procedures automatically identify a carrier-authorized mobile station and verify an account related identifier (e.g. mobile number) associated with the device, in response to start-up of an application in the device. In an example, application start-up causes the device to send a request to an application server, with the device's current IP address, MTN and a device identifier such as MEID or ESN. The server queries a AAA system of the network to retrieve the MTN that has been assigned the IP address. If the retrieved MTN matches the MTN passed to the server in the request, the server queries a network database such as DMD for the device identifier associated with the MTN. A match of the device identifier retrieved from the network database with that passed to the server via the request indicates perfect authenticity of the requesting device and its MTN.

Abstract: The invention comprises methods and arrangements for Policy Decision Point discovery in a roaming or handover scenario in an IP network (IN) comprising a plurality of network elements. The authentication function, e.g. an AAA-server, receives the address (ASPDP1) of the serving Policy Decision Point (SPDP1) associated to the user equipment, and stores the address of the serving policy decision point together with the local address of the user equipment. The authentication function sends the address of the serving policy Decision Point to the Home Agent so that the Home Agent can forward the address of the serving policy decision point to the anchor Policy Decision Point and so that the anchor Policy Decision Point can contact the serving policy decision point by using said address of the serving Policy Decision Point.

Abstract: A method for receiving/sending multimedia message uses a wireless LAN, and communicates with a gateway via the wireless LAN so as to send and receive multimedia messages. Furthermore, the gateway of the invention detects whether the user device is located within the wireless LAN. If yes, then multimedia messages are sent and received via the wireless LAN; and if not, then via conventional telecom network. The invention also discloses a corresponding gateway and a corresponding user device.

Abstract: The present invention provides a method for a roaming user to establish security association with the application server in the visited network. When receiving the service request from the roaming user, the application server in the visited network establishes security association with the roaming user by making use of the authentication results of the generic authentication architecture in the home network via the BSF in the local network, or the generic authentication architecture proxy in the local network, or the AAA server in the local network and the AAA server in the roaming user's home network, so as to achieve the object that the roaming user is able to use the services of the visited network after authentication of the generic authentication architecture in his home network.

Abstract: Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a computer-readable storage medium in a communication device having computer instructions to establish communications with a cellular base station, generate a message request, and transmit to an authentication device by way of the cellular base station the message request. The computer-readable storage medium can also have computer instructions to receive from the authentication device by way of the cellular base station a message response, authenticate the message response, and determine from the authenticated message response whether the cellular base station is an approved network element of a cellular communication system. Other embodiments are disclosed.