Abstract: The present invention provides a secure voice solution for the BlackBerry 9000 (BlackBerry Bold™) Rather than make encrypted voice calls through traditional GSM cellular phone calls, the present invention instead receives voice data from the user using the device microphone and built-in media player software in the device. This data is then encrypted and then sent as an IP packet. The device then receives, as IP packets, encrypted voice communication from the other party in the encrypted call, which in turn are decrypted in the device and then played back on a second media player running on the device. The present invention takes advantage of the device's ability to run two media players simultaneously to in effect, simulate a cellular telephone call.

Abstract: A method, apparatus, and system for using Bluetooth devices to secure sensitive data on other Bluetooth devices is described. A Bluetooth device is paired with a “trusted” Bluetooth device. When contact with the trusted device is lost, designated sensitive data on the secured Bluetooth device is automatically encrypted. When contact is restored, the data is automatically decrypted. In an alternate embodiment, a secured device can be associated with multiple trusted devices, and the secured device designate different sensitive data for each trusted device. In this way, multiple users can share a common, “public” Bluetooth device without concern that the other users will access their sensitive data on the device when the device is not being used by that user.

Abstract: There is disclosed a security device for use in a wireless network comprising a group of base stations that communicate with numerous mobile stations. The security device prevents an unprovisioned one of the mobile stations from accessing an Internet protocol (IP) data network through the wireless network. The security device comprises a first controller for receiving from the unprovisioned mobile station an IP data packet comprising an IP packet header and an IP packet payload. The first controller replaces the IP packet header with a replacement IP packet header containing an IP address of a selected provisioning server of the wireless network. The first controller selects the provisioning server by selecting the IP address in the replacement IP packet header according to a load spreading algorithm.

Abstract: Apparatus, and associated method, for facilitating transition, or other communication hand-off, between access points of a wireless local area network. When an old access point is notified of selection to transition communications, the old access point generates a transition request message that is communicated by way of a network to the new access point. The transition request includes a temporary key. And, the old access point notifies the mobile station of the temporary key. The mobile station re-associates with the new access point, and the temporary key is used pursuant to initial communications between the mobile station and the new access point.

Abstract: A security management method in a mobile communication system supporting Proxy Mobile Internet Protocol (IP). In the security management method, a Mobile Node (MN), a Serving Packet Data Service Node (S-PDSN), and an Authentication, Authorization and Accounting (AAA) server generate a security key of the Proxy Mobile IP. Upon receipt of information for authentication of a security key from the MN, the S-PDSN sends an access request message to the AAA server and receives information for verification of the security key. The S-PDSN sends a first message for requesting verification of the security-related key to a Home Agent (HA). The HA verifies the security-related key through the AAA server and sends a second message to the S-PDSN when the security-related key is verified. The S-PDSN sends a message indicating initiation of the Proxy Mobile IP, to the MN.

Abstract: Techniques to reduce the amount of registration required by a mobile station in a wireless communication system, especially if the registration zones are defined to be small areas. In one scheme, a mobile station registers (e.g., at RR-level) with a network entity (e.g., a base station) each time it enters a new registration zone, which can correspond to an R-TMSI zone defined by GSM MC-MAP. The mobile station maintains a timer for each zone with which it has already registered but has since left. If the mobile station leaves a particular zone for a period longer than a time-out period, the registration with that zone times out, and the mobile station re-registers with that zone whenever it re-enters the zone. The mobile station may implement zone-based, timer-based, implicit, traffic channel RR, and some other registrations, or a combination thereof. Parameters to facilitate registration may be defined by a base station.

Abstract: A device and method for accelerating functioning of a software application having multi-layer, high overhead protocols, wherein the device has a first processor operating a software application having a multi-layer protocol; a second processor configured to operate at least one layer of the multi-layer protocol; and a memory accessible to each of the processor and the second processor.

Abstract: In a state in which a fingerprint authentication mode is set, a fingerprint authentication unit authenticates a fingerprint input in accordance with an input instruction, performs unlocking if the authentication is successful, instructs another fingerprint input if the authentication fails, and determines unauthorized use and switches the mode to a PIN code authentication mode if the fingerprint authentication sequentially fails for a predetermined number of times. In a state of the PIN code authentication mode, a PIN code authentication unit authenticates a PIN code input in accordance with an input instruction, performs unlocking if the authentication is successful, instructs another PIN code input if the authentication fails, and determines unauthorized use and turns off the power source if the authentication sequentially fails for a predetermined number of times.

Abstract: A system and method for providing roaming access on a network are disclosed. The network includes a plurality of wireless and/or wired access points. A user may access the network by using client software on a client computer (e.g., a portable computing device) to initiate an access procedure. In response, a network management device operated by a network provider may return an activation response message to the client. The client may send the user's username and password to the network provider. The network provider may rely on a roaming partner, another network provider with whom the user subscribes for internet access, for authentication of the user. Industry-standard methods such as RADIUS, CHAP, or EAP may be used for authentication. The providers may exchange pricing and service information and account information for the authentication session. A customer may select a pricing and service option from a list of available options.

Abstract: Methods, systems, devices and computer programs for configuring nodes on a wireless network can include generating a security key for the network, setting the security settings on the access point based on the security key, and saving the security key in a profile data file on a removable memory device along with a portable configuration utility for using the profile data file for configuring other nodes on the network. The removable memory device can then be inserted into other nodes and the portable configuration utility can be run to match the same key on the other network nodes based on the information stored in the profile data file on the removable memory device.

Abstract: A device and method for detecting and preventing sensitive information leakage from a portable terminal is provided. A device for detecting and preventing leakage of sensitive information from a portable terminal includes a data storage unit that stores data containing sensitive information, an external interface that interfaces the portable terminal with the external, a sensitive information manager that detects and prevents leakage of the sensitive information stored in the data storage unit through the external interface, and a sensitive information leakage detecting and preventing unit that is disposed between the data storage unit and the external interface to detect and prevent the leakage of the sensitive information.

Abstract: A method for managing the security of applications with a security module associated to an equipment connected to a network managed by a control server of an operator. The applications use resources as data or functions stored in the security module locally connected to the equipment. The method may include steps of receiving, analyzing and verifying, by the control server, identification data from the equipment and the security module, generating a cryptogram from the result of the verification of the identification data, transmitting the cryptogram to the security module of the equipment, and selectively activating or selectively deactivating by the security module at least one resource as data or functions of the security module by executing instructions included in the cryptogram and conditioning the functioning of an application according to criteria established by a supplier of the application or the operator or a user of the equipment.

Abstract: A system for encrypting and decrypting messages using a browser in either a web or wireless device or secure message client software for transmission to or from a web server on the Internet connected to an email server or message server for the situation where the sender does not possess the credentials and public key of the recipients. The encryption and decryption is conducted using a standard web browser on a personal computer or a mini browser on a wireless device, or message client software on either a personal computer or wireless devices such that messages transmitted to the web or wireless browser or message client software can be completed and encrypted and signed by the user such that encrypted and signed data does not require credentials and public key of the recipients. A method for delivering and using private keys to ensure that such keys are destroyed after use is also provided.

Abstract: Mobile device playback and control of media content stored on a personal media host device is provided. The mobile device may communicate a request for media content to a network server, which may determine whether the mobile device is authorized to access the requested media content. If it is determined that the mobile device is authorized, the network server may access the media content from the host device. The network server may then initiate a media session with the mobile device, wherein the media content is streamed to the mobile device.

Abstract: A device, such as a cell phone, uses an image sensor to capture image data. The phone can respond to detection of particular imagery feature (e.g., watermarked imagery, barcodes, image fingerprints, etc.) by presenting distinctive graphics on a display screen. Such graphics may be positioned within the display, and affine-warped, in registered relationship with the position of the detected feature, and its affine distortion, as depicted in the image data. Related approaches can be implemented without use of an image sensor, e.g., relying on data sensed from an RFID device. A variety of other features and arrangements are also detailed.

Abstract: An automatic wireless network linking method with a security configuration includes: providing an access point with a floating service set identifier and a shared key. The floating service set identifier has a prefix name. Next, a host system is provided to execute a setting and linking application to automatically scan the access point with the prefix name and obtain the floating service set identifier of the access point. Both the access point and the setting and linking application perform an operation process to generate a dynamic key. The dynamic key is converted into a wireless network encryption algorithm. Finally, the host system links to the access point to perform wireless communication, and uses the wireless network encryption algorithm to encrypt and decrypt data. Thereby, the time required for setting up the wireless network platform is reduced.

Abstract: In the conventional network using the PPP stipulated by RFC1661, the LCP phase to establish an LCP link, the authentication phase, and the NCP phase such as address assignment processing of the NCP are sequentially conducted each time the line connection is performed, and hence the connection takes a certain period of time. Particular, in the case of the mobile communication, there is often performed operation in which connection and disconnection are frequently conducted in a short period of time, and hence when the operation up to the connection takes a long period of time, the usability is deteriorated. Therefore, a need exists for a configuration of an apparatus and a communication method to reduce the connection time.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a server having a controller to implement an Elliptic Curve Diffie-Hellman (ECDH) cryptosystem and manage a key exchange, authentication, and certificate exchange with a communication device also implementing the ECDH cryptosystem, wherein the server communicates over a network that provides an encrypted communication link for the communication device. Other embodiments are disclosed.

Abstract: A terminal may include a memory to store first encryption information applied to the handheld terminal and second encryption information corresponding to a phone number of another party's terminal, and a control unit to encrypt a message using the first encryption information and the second encryption information stored in the memory, when transmitting the message to the other party's terminal.

Abstract: A system and method for providing secure authentication for website access or other secure transaction. In one embodiment, when a user accesses a website, the web server identifies the user, and sends an authentication request to the user's mobile device. The mobile device receives the authentication requests and sends back authentication key to the web server. Upon verifying the authentication key, the web server grants the access to the user.

Abstract: Methods and apparatus for automatically grouping user-specific information items (400) in a mobile station (102) are disclosed. In one illustrative example, a method includes the steps of reading a first user-specific information item (404, 406, 408, or 410) associated with a first file or application of the mobile station (102); storing the first user-specific information item (404, 406, 408, or 410) in a user information file or message (402) of the mobile station (102); and repeating the acts of reading and storing for at least a second user-specific information item (404, 406, 408, or 410) associated with a second file or application of the mobile station (102), so that the first and the second user-specific information items are grouped together as user information in the user information file or message (402). Examples of user-specific information items (400) include a user name (404) associated with an end user of the mobile station (102), a telephone number (406) (e.g.

Abstract: A method in a communication network wherein users are authenticated based on network originated user identities is disclosed. The authentication method comprising the steps of receiving a network originated identity from a user and associating the network originated identity with at least one non-network originated identity stored in a data storage. When a non-network originated identity is received from the user, the non-network originated identity from the user is compared with the at least one non-network originated identity from the data storage. The user is authenticated if the comparison is valid.

Abstract: A system including a handheld mobile computing device and an external storage medium in communication with the mobile computing device, the storage medium having stored thereon preconfigured user information and security information.

Abstract: An authentication system is disclosed. The authentication system includes a content provider configured to distribute encrypted content, wherein the encrypted content is generated using a content key, and a client having a symmetric key and configured to store the encrypted content received from the content provider and issue a request to the content provider, wherein the request includes a cryptographic function configured to have the symmetric key and the encrypted content as input, wherein the content provider is further configured to verify the client via the request to ensure that the client has received the encrypted content.

Abstract: Unauthorized wireless access points are detected by configuring authorized access points and mobile units to listen to all wireless traffic in its cell and report all detected wireless devices to a monitor. The monitor checks the reported devices against a list of authorized network devices. If the reported wireless device is not an authorized device, the monitor determines if the reported device is connected to the network. If the reported device is connected to the network and is not an authorized device, the monitor alerts the network operator or network manager of a rogue device connected to the network and attempts to locate and isolate the rogue device.

Abstract: The invention described here provides a fully-distributed solution to the problem of confirming the identity of the presenter of a payment card or other credentials, using multiple factors to authenticate the presenter. The invention leverages the wide penetration of mobile phones in modern economies as the basis for the distributed multi-factor authentication. For additional confidence levels biometric data can be incrementally included as part of the multi-factor authentication. The loss of any one of the multiple authentication factors does not compromise the integrity of the system or the individual, and there is no single point of vulnerability for attack or theft. The invention is fully backwards compatible with current payment cards systems and can be extended to almost any situation where the identity of the presenter of credentials needs to be authenticated prior to allowing the individual access to the protected services, systems, or locations.

Abstract: A telecommunication system includes a processor, interfaces in communication with the public telephone network and a data network, respectively, and a memory. The memory comprises executable instructions that when executed by the processor direct the system to controllably permit access to a teleconference bridge in response to a communication from a mobile-communication device that includes information responsive to a previously communicated license key. Generally, the communication is in the form of a call from the user of the mobile-communication device. Upon receipt of the call, the telecommunication system confirms that the mobile-communication device communicates a pass code that was included in an encrypted form in the license key.

Abstract: A method of securely initializing subscriber and security data in a mobile routing system when the subscribers are also subscribers of a radio communication network. The method comprises, within the mobile routing system, authenticating subscribers to the mobile routing system using an authentication procedure defined for the radio communication network, collecting subscriber information from relevant nodes of the radio network, and agreeing upon keys by which further communications between the subscribers and the mobile routing system can take place, and using the subscriber information and keys in the provision of mobility services to subscriber mobile nodes and correspondent nodes.

Abstract: Secure telephone devices, systems and methods are provided for carrying out secure communications utilizing a telephone device that includes cryptographic storage and processing components, the cryptographic processing components including intercepting and injecting capabilities for intercepting an incoming signal, cryptographically processing the signal and injecting the system for delivery to the output of the telephone device, wherein the system and method may utilize the telephone operating system, and wherein embodiments are provided where an exchange component regulates the cryptographic information so that users engaging in secure cryptographic communications do not need to provide encryption key information to each other.

Abstract: Disclosed are a method and a system for mutual inclusive authentication between a service provider, a terminal and a user identity module. The authentication system is configured in a structure that can interact with a public key infrastructure of the current network security environment and can be independently used in a specific network system. The inclusive authentication method is divided into public key authentication and symmetric key authentication. Mutual authentication can be made between a service provider, a terminal and a user identity module using any of the two authentication schemes. Then a user can access content on any terminal device using the content license based on the user's identity.

Abstract: A method for securing text messages ads an encryption-decryption module to a pair of cellular phones. A text message is entered on a first of the pair of cellular phones. The text message is encrypted on the first of the pair of cellular phones. The encrypted text message is transmitted to a second of the pair of cellular phones.

Abstract: An authentication system for performing authentication of a wireless terminal is a system that issues an authentication request to an authentication server connected to a communication network and includes a wireless base station and an authentication server. The wireless base station includes: an authentication information acquisition means for acquiring authentication information from a wireless connection request packet; and an authentication request transmission means for transmitting the authentication information acquired by the authentication information acquisition means and RAS unique information registered in the wireless base station to the authentication server.

Abstract: An electronic circuit 120 includes a more-secure processor (600) having hardware based security (138) for storing data. A less-secure processor (200) eventually utilizes the data. By a data transfer request-response arrangement (2010, 2050, 2070, 2090) between the more-secure processor (600) and the less-secure processor (200), the more-secure processor (600) confers greater security of the data on the less-secure processor (200). A manufacturing process makes a handheld device (110) having a storage space (222), a less-secure processor (200) for executing modem software and a more-secure processor (600) having a protected application (2090) and a secure storage (2210).

Abstract: A system is provided that includes at least one processor and instructions that when executed by the processor promote exchanging extensible authentication protocol (EAP) messages for authentication by sending a plurality of data packets formatted in accordance with an IEEE 802.15.4 standard. The EAP messages are encapsulated within a data field of the IEEE 802.15.4 standard data packet and wherein the encapsulated EAP message comprises an EAP header and a data portion.

Abstract: The invention disclose a method for verifying the validity of a user, making full use of a TID as the bridge for establishing confidence between a NAF and a user equipment, and the BSF assigning a term of validity for the TID, thereby extending the function of the TID, enabling the NAF to verify the term of validity for using the TID, and accordingly, achieving a further verification of the validity to the user. By using the method of the invention, it is possible to avoid the situation in which one TID is permanently valid for one or more NAFs, enhance the system security, decrease the risks caused by the theft of users' TID and corresponding secret keys, and at the same time, implement TID management by the NAF. In addition, a combination of the method with billing system makes it easy to implement the function of charging a user.

Abstract: An embodiment of an apparatus that facilitates network security and traffic monitoring for input network traffic includes a plurality of microcode controlled state machines, each of which includes a computation kernel. A plurality of rules applied to a network traffic segment are distributed across the computation kernels. Each of the computation kernels includes condition logic configured by microcode stored in an associated control store to evaluate a unique configured rule in the microcode to produce an associated output. A distribution circuit routes the network traffic segment to each of the plurality of microcode controlled state machines. An aggregation circuit generates a decision on which forwarding of the network traffic segment is based, where the decision is a logical combination of the associated output of each of the computation kernels.

Abstract: The method and network ensure secure forwarding of a message in a telecommunication network that has at least one first terminal and another terminal. The first terminal moves from a first address to a second address. A secure connection between the first address of the first terminal and the other terminal defining at least the addresses of the two terminals is established. When the first terminal moves from the first address to a second address, the connection is changed to be between the second address and to the other terminal by means of a request from the first terminal and preferably a reply back to the first terminal.

Abstract: A system and method in a wireless network for discovering which resources (e.g., other wireless computing devices) are proximate a user's wireless computing device. Wireless signal strengths with respect to various base stations are compared with the signal strengths of other network devices or resources, to determine which devices are experiencing similar signal strengths. Devices with similar signal strengths are deemed proximate. Each participating computing device may send its signal strength reports to a proximity server, which distributes proximity data to network clients. Each client may receive and process the signal strength data for determining which other clients/resources are proximate, or the server can perform proximity computations and return a list of proximate clients. Once computed, the identities of the proximate clients can be used to query for additional data about the clients, such as the names and other details of their owners, or information about the resource.

Abstract: Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

Abstract: A method and apparatus for providing a mobile terminal with at least one feature setting. The method comprises steps of storing at least a first check-up data in the mobile terminal; linking at least the first check-up data via a feature lock with at least one feature setting, the feature lock protecting the at least one feature setting of the mobile terminal; in response to receiving a configuration message in the mobile terminal, authenticating a sender of the configuration message with the first check-up data; and in response to the sender of the configuration message being authorized to modify the feature setting of the mobile terminal, supplying a configuration data included in the configuration message via the feature lock to be used by the mobile terminal.

Abstract: Systems and methods of securing wireless communications between a network and a subscriber station include inserting a marker denoting an encryption type within a random value used for authentication, calculating a first session key and a first response value as a function of the random value, then calculating a second session key and a second response value as a function of the random value, first session key and first response value. The two levels of session keys and response values may be used by upgraded subscriber stations and network access points to prevent attackers from intercepting authentication triplets.

Abstract: A system may include and/or involve a first device, a second device, and logic to effect pairing of the first and second devices upon detection of physical contact between the devices.

Abstract: Even if a portable information terminal is lost or stolen, a third party is prevented from illegally browsing data stored in the portable information terminal. When a control signal is received through wireless communication part and when the received control signal is an instruction signal to execute an encryption process on plaintext data stored in data memory, the plaintext data is encrypted and encrypted data is stored in the data memory. Thereafter, erasing part erases the plaintext data stored in the data memory.

Abstract: A key management of cryptographic keys has a data package including one or more cryptographic keys that are transferred to a personal device 100 from a secure processing point 150 of a device assembly line in order to store device specific cryptographic keys in the personal device 100. In response to the transferred data package, a backup data package is received by the secure processing point 150 from the personal device 100, which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage 125 of a chip 110 included in the personal device 100. The secure processing point 150 is arranged to store the backup data package, together with an associated unique chip identifier read from the personal device 100, in a permanent, public database 170.

Abstract: A system and method for providing security for an Internet server. The system comprises: a logical security system for processing login and password data received from a client device during a server session in order to authenticate a user; and a physical security system for processing Internet protocol (IP) address information of the client device in order to authenticate the client device for the duration of the server session.

Abstract: A solution for a remote service provider outside a customer's controlled network to reference an object of service (OOS) that is part of the customer's controlled network using a globally unique identifier (GUID) which is derived independently of network information associated with the OOS. A GUID generator module within the customer's controlled network generates a GUID for each device in the customer's controlled network and stores each GUID with a reference to its network information (e.g., IP addresshost name) in a lookup datastore accessible by an object of service management system (OOS) within the customer's controlled network. For service instances (e.g., data harvesting, software upgrades), the OOS management module sends the GUID in lieu of network information for the OOS. Thus the remote service provider can uniquely identify a device and reference it in a customer's network without the security implications of transferring customer network information outside the customer's network.

Abstract: In response to reception of a first piece of security code generating information from a wireless terminal by directional wireless communication, a wireless station sends wireless station ID information and a second piece of security code generating information to the wireless terminal by the directional wireless communication. The wireless station encrypts one of the first and the second pieces of security code generating information with the other of the first and the second pieces of security code generating information as an encryption key to generate a security code. The wireless terminal receives both the wireless station ID information and the second piece of security code generating information sent by directional wireless communication, and encrypts one of the first and the second pieces of security code generating information with the other of the first and the second pieces of security code generating information as the encryption key to generate the security code.

Abstract: This invention enhances the security strength of wireless communications in the ad-hoc mode. To this end, it is checked if the communication apparatus and a terminal of a communication partner can concurrently use different encryption keys in correspondence with a plurality of communication destinations. When at least one of the communication apparatus and the terminal of the communication partner cannot concurrently use different encryption keys in correspondence with the plurality of communication destinations, an encryption key uniquely set in the wireless network is set as an encryption key for a communication with the terminal of the communication partner.

Abstract: A wireless-communication device performing mutual authentication between the wireless-communication device and a different wireless-communication device by using an authentication server includes a communication-setting-data-retention unit retaining communication-setting data including a first metric corresponding to the path to the authentication server, as a self-authentication-server metric, a signal-reception unit receiving a predetermined signal transmitted from the different wireless-communication device, the predetermined signal including a second metric corresponding to the path from the different wireless-communication device to the authentication server, as a nonself-authentication-server metric, and a control unit determining the wireless-communication device to be a supplicant when the self-authentication-server metric is better than the nonself-authentication-server metric, and determining the wireless-communication device to be an authenticator when the self-authentication-server metric is worse

Abstract: A cryptographic processing device 100 includes an interruption timing judgment circuit 101. The interruption timing judgment circuit 101 includes an interruption timing judgment register 101a, a transfer state reference unit 101b, and an interruption timing judgment unit 101c. The interruption timing judgment register 101a stores a table 200 used by the interruption timing judgment unit 101c to judge whether to interrupt transfer performed by a DMAC 102. The transfer state reference unit 101b monitors how many bytes among blocks read from a memory 14 the DMAC 102 has input into a cryptographic computing circuit 103. The interruption timing judgment unit 101c judges whether to switch a transfer target during transfer of image data by the DMAC 102, based on the table 200 stored in the interruption timing judgment register 101a and a result of the monitoring by the transfer state reference unit 101b (i.e. the number of transferred bytes).