Abstract: An IC chip for preventing an authentication key from leaking, and an authentication key setting and authentication key verifying method are provided. A part performing connection or disconnection between an external terminal and a smartcard chip may be configured by a separate chip or may be incorporated into the smartcard chip to configure a single chip. When the part is configured by the separate chip, the disconnection between the external terminal and the smart card chip can be performed according to whether an authentication key is verified. When the part is configured by the one chip, the disconnection between the external terminal and the smart card chip can be performed under a control of the smartcard chip according to whether the authentication key is verified.

Abstract: A system is described for controlling access to resources using an object model. Users can specify use cases for accessing resources. The user may be granted access if the user satisfies qualifications required for accessing the resource, selected a use case permissible for accessing the resource, and satisfies qualifications required for the use case. Use cases, qualifications, resources, and/or links between them can be implemented using an object model. The system can be used in addition to authentication and authorization.

Abstract: The present invention relates to a mobile terminal and a method capable of performing authentication using a smart watch, including: detecting a request for authentication for executing an application; measuring a user's heartbeat rhythm through a sensor mounted in a bottom of the smart watch when detecting the request for the authentication; and comparing the measured heartbeat rhythm with an already-stored heartbeat rhythm and thus performing the authentication on the application.

Abstract: The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.

Abstract: An apparatus and method for performing procedures (protocols) of a PDCP (Packet Data Convergence Protocol) layer and an RLC (radio layer in an E-UMTS (Evolved Universal Mobile Telecommunications System) which has evolved from UMTS, among radio protocols of a mobile communication system. The PDCP layer performs ciphering on data (i.e., PDCP SDU) received from an upper layer, generates an indicator discriminating ciphered data and non-ciphered data (i.e., an ROHC feedback packet directly generated by the PDCP layer), and transmits the same to a lower layer (i.e., MAC layer). A PDCP SN (Sequence Number) is defined as an algorithm for ciphering the data in the PDCP layer to perform ciphering in the PDCP layer.

Abstract: The invention concerns a method for managing content on a secure element connected to an equipment, this content being managed on the secure element from a distant administrative platform. According to the invention, the method consists in: establishing, at the level of the administrative platform a secure channel between the equipment and the administrative platform, thanks to session keys generated by the secure element and transmitted to the equipment; transmitting to the administrative platform a request to manage content of the secure element; and verifying at the level of the administrative platform that this request originates from the same secure element that has generated the session keys and, if positive, authorizing the management and, if negative, forbid this management.

Abstract: A network access device may obtain user fingerprint information of a terminal. The network access device may transmit the user fingerprint information of the terminal to a portal server, before the terminal is authenticated, so that the portal server may push to the terminal an authentication page corresponding to the user fingerprint information of the terminal.

Abstract: A system, method, and computer readable medium enhance authentication procedures in an anti-fraud environment when an access control server (ACS) is unavailable to generate a full authentication for unique identifying information received in a current communication from a website. An availability detector verifies that the access control server remains unavailable. A successful authentication identifier requests previous authentication information for a previous communication occurring during a predefined authentication period and corresponding to the unique identifying information. A full authentication generator upgrades the unique identifying information to the full authentication based upon the previous authentication information when the access control server is verified as remaining unavailable. The upgrade to full authentication prevents the current communication from being flagged as fraudulent.

Abstract: Disclosed are systems and methods for selecting a data entry mechanism during application creation. An example method comprises: determining a plurality of activity states of an application during creation of the application, determining whether a data entry mechanism of the application is dependent on an activity state, determining security requirements corresponding to each of the plurality of activity states, selecting a data entry mechanism for each of the determined security requirements and activating a corresponding data entry mechanism during activation of each corresponding activity of the plurality of activity states.

Abstract: Disclosed are systems and methods for activating a data entry mechanism. An example method comprises detecting, by a hardware processor, an activity state of the application during execution on a user device, determining, by the hardware processor, security requirements, associated with the activity state, wherein the security requirements comprise properties for a data entry mechanism, activating, by the hardware processor, a data entry mechanism for receiving user input for the program, wherein the data entry mechanism is governed according to the properties of the security requirements, receiving user input from the user device from the data entry mechanism and displaying, by the hardware processor, a modified version of the user input, according to the properties of the security requirement.

Abstract: Wireless network specific (WN-specific) key can be used to provide access protection over the radio access link. A WN-specific key may be associated with (or assigned to) a wireless network, and distributed to access points of the wireless network, as well as to user equipments (UEs) following UE authentication. The WN-specific key is then used to encrypt/decrypt data transported over the radio access link. The WN-specific key can be used in conjunction with the UE-specific keys to provide multi-level access protection. In some embodiments, WN-specific keys are shared between neighboring wireless networks to reduce the frequency of key exchanges during handovers. Service-specific keys may be used to provide access protection to machine to machine (M2M) services. Group-specific keys may be used to provide access protection to traffic communicated between members of a private social network.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: The invention relates to a method for pairing a mobile telephone with a motor vehicle, said paired mobile telephone being used to lock/unlock and/or start said motor vehicle by means of at least part of an authentication code. Said method is characterized in that the mobile telephone (5) is loaded with said at least part of the authentication code required to be able to lock/unlock and/or start said motor vehicle.

Abstract: It is provided a method, comprising supervising if an information in a registration request is received from a registrar of a network domain, wherein the information comprises an application identity of a user of a terminal device and a network identity; storing, based on the received information, a binding between the application identity and the network identity; determining the network identity based on the binding and a received first request for establishing a communication to the terminal device; providing, based on the received first request, to the network domain, a second request for establishing the communication towards the terminal device, wherein the second request is based on the determined network identity.

Abstract: A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.

Abstract: Systems and methods can comprise receiving an authentication request according to a first security protocol from a user device. Responsive to a determination that the authentication request is trustworthy according to the first security protocol, a device identifier and information related to a shared key are transmitted to the user device. A content request to access content secured according to a second security protocol is received from the user device. The content request can comprise the device identifier and can be encrypted using a shared key derived from the information related to the shared key. The content request can be decrypted using the shared key, and authenticated based on the device identifier.

Abstract: A method and apparatus operate a user client wireless communication device on a wireless wide area network. A communication link can be established at the user client wireless communication device with a user wireless wide area network communication device. A random challenge and an authentication token can be received from a wireless wide area network. The random challenge and the authentication token can be sent to the user wireless wide area network communication device. The at least one temporary wireless wide area network communication security key can be received from the user wireless wide area network communication device, where the at least one temporary wireless wide area network communication security key is for the wireless wide area network.

Abstract: A method and apparatus operate a user client wireless communication device on a wireless wide area network. A communication link can be established at the user client wireless communication device with a user wireless wide area network communication device. At least one temporary wireless wide area network communication security key for a wireless wide area network can be requested from the user wireless wide area network communication device. The at least one temporary wireless wide area network communication security key can be received from the user wireless wide area network communication device. At least one count of a number of uplink non access stratum messages transmitted by the user wireless wide area network communication device can be received.

Abstract: A computing system for redacting and/or tokenizing non-public information of electronic documents stored in a database may include a data redaction computing device and/or a data tokenization computing device, a first database storing a plurality of electronic documents, and a second database storing computer executable instructions for analyzing information associated with the plurality of electronic documents stored in the first database. The computer executable instructions may cause the data redaction/tokenization computing device to identify non-public information in one or more of the plurality of electronic documents and/or at least one of a document type, a source of the electronic document, and a destination to which the electronic document is to be communicated.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for automating the collection of user information for account aggregation. In one aspect, a method includes receiving, at a server computer system from a mobile device of a user, a first user request to access account information; receiving, at the server computer system from a provider computer system, a plury of mobile device applications; for each respective establishment of the plurality of establishments: storing, at the server computer system, establishment login credentials of the user to access account information of the user at a computer system of the respective establishment, and obtaining account information of the user at the respective establishment; aggregating, on the computer system, all the account information of the user from the respective mobile device application of each establishment; and providing to the mobile device the aggregated account information of the user.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, and including a method for managing privacy rights of a user related to the delivery of content. The method comprises providing a global privacy management interface that presents a selection tool for enabling a user to review privacy options and interests. The privacy options and interests include controls for presenting a list of identifiers that are associated with the user and interests associated with those identifiers. Each identifier is associated with a requesting source having been used by the user to access content. The interface enables de-selection of individual interests on a per-identifier or global basis. The method further comprises determining, in a server system, content to deliver to the user in view of the privacy selections.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: Techniques for network-based security for mobile devices based on device state are disclosed. In some embodiments, automatically configuring mobile devices and applying policies based on a Host Information Profile (HIP) report includes receiving a Host Information Profile (HIP) report for a mobile device; performing a policy match based on the HIP report for the mobile device; and performing an action based on the policy match based on the HIP report for the mobile device.

Abstract: A method, an apparatus, and a computer program product for wireless communication are provided. The apparatus receives first information from a base station, determines, based on the first information, a position of resources for receiving a signal transmitted from a connection point, detects the signal via at least one beam receiving direction based on the resources, determines a beam transmitting direction of the connection point and a beam receiving direction of the UE based on the signal, identifies a beam receiving direction of the connection point based on the beam transmitting direction of the connection point, and provides the connection point with second information based on the beam receiving direction of the connection point, wherein the second information may comprise an intent to establish a millimeter-wave (mmW) link with the connection point, the beam receiving direction of the UE, and/or the beam transmitting direction of the connection point.

Abstract: Disclosed are a security verification method, apparatus, and terminal. The method includes: acquiring a first verification code and prompting the first verification code, the content of the first verification code describing scenario information that is simple for a user to understand, and triggering the user to send a second verification code over a user terminal; receiving the second verification code, and acquiring an ID of the user terminal sending the second verification code; and obtaining a security verification result according to two verification results of the second verification code and the corresponding ID. A first verification code describing scenario information that is simple for a user to understand is displayed such that the user understands the scenario information corresponding to the first verification code and unauthorized users are prevented from stealing the verification codes using similar websites.

Abstract: Authentication of a device through a constructed authentication token. Components of an authentication key are distributed across at least a device and a server, diminishing a likelihood that an individual account is compromised by an attack.

Abstract: A control apparatus (151) selects a target core network entity for providing a mobility management service or a data transfer service to a radio terminal (111), from among a plurality of candidate core network entities (121, 141, 142) having different route costs to the radio terminal (111) or having different sizes of a management range, based on at least one of: a delay tolerance level of the radio terminal (111); a frequency of occurrence of control signaling of the radio terminal (111); and a communication interval of the radio terminal (111). This contributes, for example, to determining which of a plurality of core network entities is used for a radio terminal by using one or more criteria (indices or parameters) other than the mobility of the radio terminal.

Abstract: A method and an apparatus for non-access stratum (NAS) message processing during handover in an evolved network are provided. The method includes the following steps. An evolved packet core (EPC) receives a message which indicates that a UE is being handed over sent by a source evolved NodeB (S-eNB), and stops sending an NAS message to the UE temporarily. The EPC receives a message which indicates that the UE returns to an S-eNB service area sent by the S-eNB. The EPC sends the NAS message to the UE through the S-eNB, if needed. With the method and the apparatus, the EPC can acquire a location of the UE in time in the case of a handover failure of the UE, a time limit of a retransmission timer is set precisely, and a specific implementation for forwarding an NAS message through an X2 interface is provided.

Abstract: The teachings relates to method (40) in a target network (node16) of a target core network in a first domain during handover, in the first and in a second domain, of a communication device (20) from a source radio access network to a target radio access network. The source radio access network comprises a source access node (11) and the target radio access network comprises a target access (node12). The method (40) comprises determining (41) whether the communication device (20) has access admission to the target core network; when a hand over fails generating (42) a hand over failure message comprising an information element “Independent domain HandOver”, where in the information element is set to a predefined value indicating whether the hand over failed due to lack of access rights or for other reasons than lack of access rights. The teachings also relates to devices and further to methods in source nodes.

Abstract: Methods and apparatus provide resource authorization based on a computer's presence information. Presence information may include information relating to a computer's operating environment. In some implementations, a presence detector on a computer determines presence information and provides the information to a resource manager. The computer may then generate a resource access request. A resource manager may then determine whether the resource request is authorized based, at least in part, on the presence information. The resource manager then responds to the resource access request, either granting or denying the request for resources.

Abstract: A method for attachment and authentication of a user terminal of a home type radiocommunication network with a visited type radiocommunication network, the home network including home means for attachment to a packet network and the visited network including: at least one visited base station able to ensure radio transmission and reception with user terminals located in at least one visited cell attached to the visited base station; visited authentication and control means of user terminals able to authenticate the user terminals attached to the network; and at least one visited distribution gateway ensuring radio reception and transmission with the at least one visited base station.

Abstract: A beacon device establishes a network connection with a user computing device. The beacon device determines the received signal strength indicator of the user computing device (the “reverse RSSI”) and transmits it to the user computing device, which determines the received signal strength indicator (the “RSSI”) of the beacon device, and saves the RSSI with the reverse RSSI as a data pair. At a later time, the beacon device determines a subsequent reverse RSSI and transmits it to the user computing device, which determines a subsequent RSSI, and saves the subsequent RSSI with the subsequent reverse RSSI as a data pair. If the user computing device determines a correspondence in the changes of the RSSI values and reverse RSSI values in the two data pairs, a transaction between the two devices is allowed. If correspondence does not exist, then the user computing device terminates the network connection.

Abstract: The present invention relates to a system for protecting sensitive data including at least one enclosing layer, a cryptography module, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

Abstract: An information processing system includes a processor and a memory that stores a plurality of instructions which cause the processors to control executing a first application executed on an operation unit including a display, acquire identification information for identifying the first application in accordance with execution of the first application, register the identification information being acquired in the memory, control executing a second application executed on a main unit controlling the information processing system to perform multiple functions according to an instruction input to the operation unit, output, in response to receiving a request to log out while the second application is executing, rejection information indicating that the request to log out is rejected, and control, in response to outputting the rejection information, the display of the operation unit to display first name information indicating a name of the first application corresponding to the identification information register

Abstract: Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device.

Abstract: A bearer reconfiguration method performed by a User Equipment (UE) in a wireless communication system supporting a multi-bearer is provided. The bearer reconfiguration method includes, if the UE performs a bearer reconfiguration from a single bearer to the multi-bearer, reordering Packet Data Convergence Protocol (PDCP) Protocol Data Units (PDUs) received through the multi-bearer, using a timer after a completion of the bearer reconfiguration, and processing the reordered PDCP PDUs into at least one PDCP Service Data Unit (SDU). The method may also include, if the UE performs bearer reconfiguration from the multi-bearer to the single bearer, reordering PDCP PDUs received through the multi-bearer, using a timer until a predetermined condition is satisfied, and processing the reordered PDCP PDUs into at least one PDCP SDU.

Abstract: A WiFi access management system and methods of operation are disclosed. In one embodiment, a method comprises receiving, at a server, a wireless access profile and a wireless access list from a securing client device; transmitting an invitation message to an accessing client device associated with the wireless access list; receiving, at the server, a request from the accessing client device to connect to a wireless network associated with the wireless access profile in response to the invitation message; determining, using a processing unit of the server, an operating system of the accessing client device; creating, using the processing unit, a customized configuration file associated with the wireless network based on the operating system of the accessing client device, the wireless access profile, and the wireless access list; and transmitting the customized configuration file using a second encryption protocol to the accessing client device through the server communication unit.

Abstract: A system, apparatus, method, and machine readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A radio communication system provided with a communication device and a radio communication network system is characterized by comprising a transmission delay estimate information transmitting means for transmitting transmission delay estimate information to the radio communication network system when the transmission condition of the transmission delay estimate information is met.

Abstract: A method and system for auto-configuration of a DSL modem in a wireline broadband network is disclosed. The method includes initiating, at a Subscriber Identification Module (SIM) card, a configuration request for configuring the DSL modem, wherein the SIM card is located within the DSL modem. After initiating, the configuration request is transferred from the SIM card to a configuration server over a mobile communication network. Thereafter, a configuration data corresponding to the configuration request is transferred to the SIM card over the mobile communication network from the configuration server, wherein the configuration data is determined based on at least one parameter associated with the configuration request. The SIM card receives the configuration data sent by the configuration server and automatically configures the DSL modem in response to receiving the configuration data from the configuration server.

Abstract: A method of operation of an automatic back-up system includes: providing a mobile device; coupling a removable media device to the mobile device; automatically launching an application on the mobile device; and backing-up user data selected by the application from the mobile device to the removable media device.

Abstract: Disclosed are various examples of securely distributing certificates to client devices. A uniform resource locator (URL) is sent to a client device, wherein the URL represents an address from which the client device can request a user certificate. A certificate for a registration authority is sent to the client device, wherein the certificate comprises a first public key and a first private key. A certificate signing request (CSR) received from the client device at the URL is decrypted, wherein the CSR is encrypted with the first public key. The CSR is validated based at least in part on the URL sent to the client device. The user certificate is then sent to the client device.

Abstract: A distributed system and method to improve collaborative service across multiple sensors on various devices. According to one embodiment, multiple devices may be used to train and then utilize a common algorithm for purposes including but not limited to recognizing a source to perform some action, control, command, calculation, storage, retrieval, encryption, decryption, alerting, alarming, notifying or as in some embodiments, to authenticate. In one embodiment of the invention, devices with one or more sensors such as but not limited to microphones, acoustic arrays or audio sensors may contribute to one or more models by sending samples, features, recognition scores, and/or risk scores to each other to improve collaborative training, signal quality, recognition, synchronization, inter-device proximity location and/or fusion of recognition scores and/or risk scores.

Abstract: Disclosed are systems and methods for selecting secure data entry mechanism for software applications. An example method comprises: detecting, by a hardware processor, a data entry activity during execution of the program on a user device; determining, by the hardware processor, security requirements associated with the detected data entry activity; selecting a data entry mechanism for the program based on the security requirements, wherein selection of the data entry mechanism includes: selecting a data entry device, selecting an interface for transmission of data from the data entry device, selecting a method of storing the entered data, and selecting a method of displaying the entered data; and activating the selected data entry mechanism for receiving user input for the program.

Abstract: A device that incorporates the subject disclosure may perform, for example, generating a security domain root structure for a universal integrated circuit card of an end user device, where the security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, where the link provider operator security domain enables transport management by a link provider operator, and where the mobile network operator trusted security domain enables card content management and subscription eligibility verification by a mobile network operator trusted service manager. Other embodiments are disclosed.

Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.

Abstract: Input received into a first component of a user interface is mirrored in another component of the user interface. The first component of the user interface is monitored and changes to the first component are caused to occur in the second component. The first component may be configured to receive user input for an authentication claim.

Abstract: The invention relates to a system for managing multiple subscriptions in a UICC, this system comprising a central server able to manage subscriptions stored on a UICC comprised in a mobile terminal in the field, at the request of a subscriber of one of these subscriptions.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, and including a method for managing privacy rights of a user related to the delivery of content. The method comprises providing a global privacy management interface that presents a selection tool for enabling a user to review privacy options and interests. The privacy options and interests include controls for presenting a list of identifiers that are associated with the user and interests associated with those identifiers. Each identifier is associated with a requesting source having been used by the user to access content. The interface enables de-selection of individual interests on a per-identifier or global basis. The method further comprises determining, in a server system, content to deliver to the user in view of the privacy selections.

Abstract: Method for authenticating and automatic transmission of user information between a mobile device and a wireless router, establishing communication to the mobile device for authentication, transmitting the device identifier and pre-stored user information of an application to the wireless router, determining the match between the received information and an encrypted database of the wireless router, establishing a link between the user's information and the mobile device's information, logging in the application with received user information, and triggering the service provided by the application.