Abstract: Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.

Abstract: Methods and apparatus for dynamically generating authentication keys are disclosed. Specifically, a Mobile-Foreign authentication key is separately generated by both the Mobile Node and Foreign Agent. Similarly, a Foreign-Home authentication key is separately generated by the Foreign Agent and the Home Agent. In accordance with one embodiment, generation of the Mobile-Foreign authentication key and Foreign-Home authentication key are accomplished via the Diffie-Hellman key generation scheme.

Abstract: A method of authentication via a secure wireless communication system; the method comprising sensing that a mobile device has come within range of a secure network; initiating a program within the mobile device offering the user a plurality of authentication options; processing the chosen authentication option and providing requested user data to a service provider for the secure network, only if the chosen authentication option within the mobile device permits provision of the requested user data.

Abstract: Various embodiments of methods and apparatuses for managing authentication key contexts are described herein. In various embodiments, the methods and apparatuses include purging an authentication key context of a supplicant after handing off the supplicant, even the authentication key has not expired.

Abstract: A user network station transmits a cookie that includes a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. An authenticating entity network station recovers the augmenting factor from the transformed augmenting factor included in the transmitted cookie, with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor and the recovered augmenting factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, to thereby authenticate the user.

Abstract: A user network station transmits a cookie including a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. A authenticating entity network station recovers the augmenting factor from the transformed augmenting factor with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier included in the received cookie. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, and the recovered augmenting factor, to thereby authenticate the user.

Abstract: The invention relates to a method for transmitting data between a GRPS/EDGE radio access network and user equipment of a mobile system, and to user equipment using the method, and to GERAN. In the method, the data to be transmitted is encrypted using an encryption algorithm at the transmitting end, the encrypted data is transmitted from the transmitting end to the receiving end, and the transmitted data is decrypted using an encryption algorithm at the receiving end. The used encryption algorithm is an encryption algorithm of the radio access network UTRAN employing the wideband code division multiple access method of the universal mobile telecommunications system, in which case the input parameters of agreed format required by the encryption algorithm are created on the basis of the operating parameters of the GPRS/EDGE radio access network GERAN.

Abstract: A method and apparatus for authentication in a wireless communication network is disclosed. A secret is shared between a mobile device and a home device. When a mobile device requests a connection to a remote device and the remote device does not have knowledge of the shared secret, the remote device determines whether the mobile device can connect to the remote device by concurrently sending a challenge to the mobile device and the home device. The remote device then compares the responses from the mobile device and the home device.

Abstract: A mobile phone anti-theft system includes a mobile phone, a SIM card and a real-name card-issuing system. The real-name card-issuing system includes a central processing unit, a first user information storage area, transmission equipment, and a card reader. The SIM card communicates with the central processing unit through the card reader and the transmission equipment. The real-name card-issuing system sends user information stored in the first user information storage area to the SIM card. If the SIM card needs to change the user information, it should verify first cryptographic keys with the real-name card-issuing system. The mobile phone includes a micro control unit, a second user information storage area and a transmission unit. The SIM card communicates with the micro control unit through the transmission unit. After each startup of the mobile phone, the mobile phone verifies second cryptographic keys with the SIM card.

Abstract: A method of providing authentication of a mobile device in a telecommunications network comprising the steps of: providing a user defined first password to an authentication server in the communications network; generating a set of security parameters by an authentication server and provisioning the security parameters to a mobile device, wherein the security parameters are stored at the mobile device and wherein the security parameters comprises an encryption key; authenticating the mobile device by challenging the integrity of the encryption key stored at the mobile device and verifying a first response generated by the mobile device in response to the challenge, wherein verifying comprises comparing by the network whether the first response matches a second response, wherein the first response is based on the encryption key stored at the mobile device and a second password input by the user, and the second response is generated by the network and is based on the encryption key generated by the authenticati

Abstract: Mobile device user interface techniques are disclosed that can run across multiple platforms. These techniques allow for unobtrusive and intuitive communication with the user of the mobile device. For instance, one particular embodiment of the present invention allows a security product executing on a mobile device to use SMS-like messages to alert the user of the security status of the device, and more generally that security products (e.g., anti-virus, anti-spyware, email scanning, and/or intrusion detection) are actively protecting his/her device. A non-platform-user-interface dependent means of providing such alerts is also provided.

Abstract: Wireless devices and methods employ steganography for a variety of purposes. An exemplary application is a battery-powered cell phone, having, e.g., a microphone, a speaker, a modulator, an antenna, and an RF amplifier. In such application, steganographic techniques can be employed to encode, or decode, signals processed by the phone. Some embodiments use an image sensor to capture watermarked image data. The phone can respond to detection of such marked imagery by overlaying distinctive graphics on a cell phone display screen. Such graphics may be positioned within the display, and affine-warped, in registered relationship with the position of the watermarked object, and its affine distortion, as depicted in the image data.

Abstract: A method of guaranteeing users' anonymity and a wireless LAN system therefor are provided. In a wireless LAN system, the method of guaranteeing user' anonymity includes (a) creating a plurality of temporary address sets, each of which corresponds to a unique Media Access Control (MAC) address of a wireless terminal and transmitting the temporary address set to the corresponding wireless terminal, and (b) performing data packet transmission between the wireless terminal and the wireless access node using a temporary address selected from the temporary address set as a source address or a destination address. Therefore, it is possible to guarantee users' anonymity and improve security of a system by not exposing a MAC address during data packet transmission between a wireless terminal and a wireless access node.

Abstract: The invention relates to a method and system for authenticating software. One embodiment of the invention provides a system for authenticating software in a mobile terminal, wherein the system is configured to: receive an execution instruction for software installed in the mobile terminal through an inputting means, generate a first error code for the software, extract a mobile terminal identifier of the mobile terminal, generate a first authentication key by combining the mobile terminal identifier and the first error code, and execute the software when the first authentication key corresponds to a second authentication key stored in the mobile terminal. By authenticating the software for a wireless mobile terminal, one embodiment of the invention can prevent unauthorized duplication and execution of the software at the mobile terminal.

Abstract: The present invention relates to a method and a system for the local or remote authentication of an item, in particular a security document, with the help of a authenticating device, comprised in, connected to, or linked to mobile communication equipment. Said item carries a marking exhibiting a characteristic physical behavior in response to interrogating energy, such as electromagnetic radiation and/or electric or magnetic fields. Said marking may comprise physical and logical security elements, e.g. a barcode, or a characteristic particle or flake pattern, exhibiting a characteristic physical response.

Abstract: A method for operating a first computational device to facilitate the secure transfer of a message between the first computation device and a second computational device is described. The method comprises operating the first computational device according to the following steps: forming an encrypted message from the message on the basis of a key derived from one or more codes associated with the second computational device; transmitting the encrypted message to the second computational device; purging the message and the encrypted message from the first computational device; receiving the encrypted message and said one or more codes from the second computational device; upon decrypting the message on the basis of the one or more codes transmitting the decrypted message to the second computational device.

Abstract: A wireless LAN control device includes a wireless LAN control unit having a transmitting/receiving unit performing communications with a plurality of wireless LAN access points belonging to different user groups and a wireless LAN connection control unit. The wireless connection control unit executes control of transferring a user authentication request received by the transmitting/receiving unit via one of the plurality of wireless LAN access points and given from a wireless LAN terminal belonging to one of the user groups toward an authentication server that should execute an authentication process in response to the user authentication request, and transmitting an authentication result given from the authentication server in response to the user authentication request to the wireless LAN terminal via one of the plurality of wireless LAN access points.

Abstract: A wireless communication device is implemented with a smart card module to secure the transmission of sensitive or confidential information. The user of the device must request permission to activate an application on the smart card module from a remote source. After this first level of security is satisfied, the application on the smart card module enables the user to scan data via a machine-readable medium in order to make a data request to the remote source. If a second level authorization is met in regard to the data request, the remote source will transmit the requested sensitive or confidential information to the user to view and/or update.

Abstract: A method of establishing a call to or from a mobile station (MS) operating in a Long Term Evolution (LTE) access network. An interface is established between the MS and a Packet Mobile Switching Center (PMSC), and the call is initiated after the network accepts a service request from the MS for an originating call, or after the MS is notified of a terminating call. The PMSC requests packet-switched domain resources from a Policy and Charging Rules Function (PCRF) and establishes a voice bearer channel with an endpoint in the network when the requested resources are available. The PMSC facilitates bidirectional voice traffic between the MS and the endpoint. The PMSC may also use the PCRF to modify the bearer. The PMSC then signals the MS to modify parameters for the established call.

Abstract: A mobile communication terminal moves and backs up a content, which was downloaded from a content server, to a personal computer. When the mobile communication terminal receives an encryption key generation request from the personal computer via a cable, the mobile communication terminal extracts information to be used for generating the encryption key and generates the encryption key by using the extracted information and own telephone number. And the generated encryption key is transmitted to the personal computer via the cable. Accordingly, the backed up and moved content can be reproduced with the personal computer.

Abstract: A device authentication module and an encryption module can be connected via a dynamic link in a CE device. A random number is generated in an authentication server (5). The device authentication module (7) combines a pass-phrase and this random number to generate a digest, and transmits this and a device ID to the encryption module (8). The encryption module encrypts a communication pathway and transmits these items of information to the authentication server (5). The authentication server (5) searches for the pass-phrase based on the device ID and combines this and the generated random number to generate a digest. This digest is compared with the digest received from the encryption module (8) for device authentication. The encryption module (8) receives from the device authentication module (7) not the pass-phrase but a digest, and therefore can be connected via a dynamic link instead of a static link.

Abstract: A communication system and method for protecting messages between two mobile phones are provided. The method sets protective parameters in a first mobile phone, generates an encryption key and a decryption key according to the protective parameters, stores the decryption key into a storage device of the first mobile phone, and registers the encryption key to a second mobile phone through a wireless network. The method further encrypts a short message into an encrypted message in the second mobile phone according to the encryption key, and sends the encrypted message to the first mobile phone through the wireless network. In addition, the method decrypts the encrypted message to a readable message when the first mobile phone receives the encrypted message, and displays the readable message on a display screen of the first mobile phone.

Abstract: Various embodiments are described herein for a mobile communication device that authenticates a smart battery prior to use. The mobile device includes a main processor and a device memory. The device memory stores first and second portions of security information used for authentication. The smart battery includes a battery processor and a battery memory. The battery memory stores a third portion of security information used for authentication. The main processor sends an authentication request including the first portion of security information to the battery processor, and the battery processor generates a response based on the first and third portions of security information and sends the generated response to the main processor. The smart battery is authenticated if the generated response matches the second portion of security information.

Abstract: Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.

Abstract: The present invention relates to relocation of the control of communication between a first station and a second station from a first communication system controller to a second communication system controller. The communication is ciphered by means of a first ciphering key. In the method, after the initiation of the relocation of control of the communication from the first controller to the second controller a request for relocation is transmitted to the second controller. The request contains the first ciphering key and at least one other ciphering key.

Abstract: A basic idea according to the invention is to enhance or update the basic cryptographic security algorithms by an algorithm-specific modification of the security key information generated in the normal key agreement procedure of the mobile communication system. For communication with the mobile terminal, the network side normally selects an enhanced version of one of the basic cryptographic security algorithms supported by the mobile, and transmits information representative of the selected algorithm to the mobile terminal. The basic security key resulting from the key agreement procedure (AKA, 10) between the mobile terminal and the network is then modified (22) in dependence on the selected algorithm to generate an algorithm-specific security key. The basic security algorithm (24) is then applied with this algorithm-specific security key as key input to enhance security for protected communication in the mobile communications network.

Abstract: A method by authorizing the access of a client by performing an anonymous Diffie-Hellman exchange that can produce authentication material (secret key) between the client and the server, and binding the key to the service-oriented state information asserted by the client. The secret key can be used in the future to prove the ownership of resources as outlined in the state information. This method enables resource ownership-dependent service authorization without requiring initial identity authentication.

Abstract: A method for ensuring the security of subscriber cards, includes the following steps: setting a security key in the subscriber card, and setting a verification equipment and storing the security key in the verification equipment; the subscriber card authenticating the verification equipment according to the security key before responding to relevant access request; if the authentication succeeds, the relevant access is permitted; otherwise, the relevant access is refused. With the present invention, the security of the subscriber card is guaranteed without using a PIN code, which is very convenient for the subscriber.

Abstract: Method and device for setting basic means of access for operation of electronically operated devices (12), with the aid of a possibly transferable personal authentication system (16), essentially based on three components used in the course of the method in accordance with the invention; namely additional device hardware functions permitting means of access, namely in particular for custom configuration and shutdown of the devices; a hardware-oriented interface to a reader device (18) for the authentication system (16) such as a SmartCard reader permitting access to the functions by a SmartCard (16); and the authentication system (16) itself, capable of directly accessing the configuration and/or shutdown/startup/restart functions of the device hardware by way of the defined interface. Legitimization for configuration/shutdown and startup/restart of the devices is provided by matching of keys stored on the SmartCard (16) and in a ROM (14) in the device (12).

Abstract: A method and device for authenticating a MS has an R-UIM by using CAVE Algorithm are provided. The hardware structure of the device includes a cdma2000/HRPD dual-mode chip, a User Identity Module supporting the CAVE algorithm. The dual-mode terminal forms the NAI value with the domain name stored in a memory of the dual-mode terminal in advance by the IMSI. The dual-mode terminal extracts a RAND that is necessary for the calculation of an authentication parameter1 from the Random values included in a Chap Challenge message, instructs the R-UIM card to use the CAVE algorithm to calculate the authentication parameter1 with the RAND and an existing SSD_A in the R-UIM card, and bears the authentication parameter1 by the Result domain of a Chap Response message. With the present invention, the wastes caused by the replacement of R-UIM cards can be avoided.

Abstract: A method for secure communication. The method includes receiving a request at a first device to communicate with a second device. The method also includes determining if an encryption key exists between the first device and the second device. Creation of the encryption key is initiated in response to a determination that that encryption key does not exist. The initiation of the creation of the encryption key occurs without user input. The method further includes communicating with the second device using the encryption key and performing user authentication of the communication.

Abstract: An interactive client-server authentication system and method are based on Random Partial Pattern Recognition algorithm (RPPR). In RPPR, an ordered set of data fields is stored for a client to be authenticated in secure memory. An authentication server presents a clue to the client via a communication medium, such positions in the ordered set of a random subset of data fields from the ordered set. The client enters input data in multiple fields according to the clue, and the server accepts the input data from the client via a data communication medium. The input data corresponds to the field contents for the data fields at the identified positions of the random subset of data fields. The server then determines whether the input data matches the field contents of corresponding data fields in a random subset.

Abstract: Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

Abstract: A wireless communications device (110) has a digital section (800) and a radio frequency section (840). The digital section (800) does setup and execution on a set of data in at least first and second threads concurrently in a series of overlapping iterations by dividing the set of data into at least two different subsets and concurrently reading and writing in both subsets. A state machine (1010, 1100) is shared by the setup and execution iterations. Two or more memory units (930, 940) segregate the set of data, the predetermined size of the set of data in the memories (930, 940) combined comprehending the total number of addresses occupied by the set of data utilized in operation of circuitry (910). Dirty bits (1430) are accessible at addresses corresponding to addresses in the memory. A selector circuit (1412) has a selector output selectively coupled to an address line, and to a data line.

Abstract: A security platform or network for transmitting end-to-end encrypted voice or data communications between at least a first digital device and a second device is disclosed. The network includes a network portal for registering the first digital device and the second device. The portal provides the first digital device and second device with at least first and second keys and receives requests from each device to communicate with each other. The portal searches for and receives authorization from the called device to set up a secure session with the calling device. The portal receives encrypted messages from the devices, decrypts the encrypted messages with the keys provided to the devices, and re-encrypts the received messages. The portal sends the re-encrypted messages to the other device. Accordingly, the devices are capable of securely communicating with each other by encrypting and decrypting the messages sent to and received from the portal.

Abstract: Methods and apparatus or systems for providing security based on innate characteristics of devices are disclosed. A method of providing security associated with communications from a digital device includes observing an analog signal associated with communications from the digital device, characterizing the digital device at least partially based on the analog signal, and providing a security feature at least partially based on the step of characterizing.

Abstract: Methods and apparatus for dynamically generating authentication keys are disclosed. Specifically, a Mobile-Foreign authentication key is separately generated by both the Mobile Node and Foreign Agent. Similarly, a Foreign-Home authentication key is separately generated by the Foreign Agent and the Home Agent. In accordance with one embodiment, generation of the Mobile-Foreign authentication key and Foreign-Home authentication key are accomplished via the Diffie-Hellman key generation scheme.

Abstract: A mobile communication terminal connected to the portable electronic device encodes a system serial number and an authentication key, generates an integration secrete key, and transmits the integration secrete key to an authentication center computer. The authentication center computer decodes the integration secrete key, performs authentication registration, encodes a temporary service approval key and a temporary integration authentication key, and transmits the temporary service approval key and the temporary integration authentication key to the mobile communication terminal. The mobile communication terminal decodes the temporary integration authentication key, obtains approval for the relay, and transmits the temporary service approval key to the portable electronic device. The portable electronic device decodes the temporary service approval key, performs authentication for utilizing a service, and applies the temporary service approval key to an application service.

Abstract: Systems and methods for tracking and managing mobile devices in a wireless network are provided. For example, the method can include discovering wireless devices connected to the wireless network, collecting association information from access points, with the association information from an access point including information identifying a current association between the access point and an associated wireless device, and providing a visualization of current associations between the access points and corresponding associated wireless devices. A conflict resolution engine may be provided for resolving conflicting access point associations.

Abstract: A mobile terminal transmits an N-th authentication key to an authentication server when the mobile terminal has moved from a coverage area under a certain radio access point to a coverage area under another radio access point. The N-th authentication key is generated by applying a hash function to a random number a number of times one smaller than an (N?1)th authentication key which was transmitted when the mobile terminal moved to the coverage area under the certain radio access point. Upon receipt of the N-th authentication key from the mobile terminal, the authentication server applies the hash function once to the N-th authentication key, and compares the result with the (N?1)th authentication key. Then, the authentication server determines that the authentication is successful when there is a match between both keys.

Abstract: A remote controller device 2 sends its own ID code when specifying an access destination to a main device 1. Upon receipt of an access command from the remote controller device 2, the main device 1 appends the ID code of the remote controller device 2 to information obtained by accessing the access destination and outputs the same. The remote controller device 2 takes in the output only when it is appended with its own ID code and displays the same on a display unit 25. Thus, the user can confirm the information the main device 1 has obtained from the network 7 on the display unit 25 of the remote controller device 2. Consequently, the risk that the information is seen by anyone around can be reduced, thereby making it possible to improve the security on the private information.

Abstract: Methods of creating a secure channel over which credit card personalization data can be transmitted over the air (OTA) are provided. In particular, Generic Authentication Architecture (GAA) may be used to establish a secure communication channel between the user equipment (UE) and a personalization application server or bureau acting as a network application function (NAF) server. An user equipment, personalization application service (e.g., a NAF server), a system embodying a personalization application server and an user equipment, and a computer program product are also provided for creating a secure channel, such as via GAA, over which credit card personalization data can be transmitted OTA.

Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.

Abstract: Techniques to manage digital telephones are described. An apparatus may comprise a digital telephone management component having a telephone interface module operative to receive security information in the form of a personal identification number (PIN) for an operator or device. The digital telephone management component may also comprise a telephone security module communicatively coupled to the telephone interface module, the telephone security module operative to receive encrypted security credentials from a computing device, and decrypt the encrypted security credentials with the PIN. The digital telephone management component may further comprise a telephone authentication module communicatively coupled to the telephone security module, the telephone authentication module operative to authenticate the digital telephone using the security credentials. Other embodiments are described and claimed.

Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: The present invention communication network system and method facilitates authentication and registration in a communication network as mobile nodes move from one geographical region to another. Multiple wireless domain services (WDSs) share client authentication information permitting relatively seamless roaming between subnets with minimal interruptions and delays. In one embodiment, a wireless domain service network communication method is performed utilizing partial authentication processes. A mobile node engages in an authentication protocol with a first wireless domain service (WDS) access point in a first subnet. The authentication credentials are forwarded to a second wireless domain service in a second subnet if the authentication protocol is successfully completed. The forwarded authentication credentials are utilized to authenticate the client entering the service area of the second wireless domain service in the second subnet.

Abstract: A communication network system has a plurality of interconnected sub-networks, at least one mobile node having a care-of address dependent on a sub-network currently connected thereto and a home address independent of the connected sub-network, and a home agent. Upon detection of a sub-network connected to the mobile node, the latter determines a security method corresponding to the sub-network held in a node-side security application management table as a security method for ensuring the security for user data communicated between the mobile node and a home agent associated therewith. Then, the sub-network is notified to the home agent through a mobile node network signal. The home agent determines a security method corresponding to the sub-network from among security methods held in an agent-side security application management table as a security method used for ensuring the security for user data communicated between the home agent and the mobile node managed thereby.

Abstract: The method and network ensure secure forwarding of a message in a telecommunication network that has at least one first terminal and another terminal. The first terminal moves from a first address to a second address. A secure connection between the first address of the first terminal and the other terminal defining at least the addresses of the two terminals is established. When the first terminal moves from the first address to a second address, the connection is changed to be between the second address and to the other terminal by means of a request from the first terminal and preferably a reply back to the first terminal.

Abstract: Method and apparatus for obtaining a cryptographic key by dispatching a key request to a communications channel, receiving a response from one or more key sources, selecting a key source according to the received responses, preparing a requester credential, communicating the requester credential to the selected key source, receiving a source credential from the selected key source, receiving an encrypted key from the key source and decrypting the encrypted key source according to the received source credential, the requester credential and a pre-placed certificate.

Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.