Abstract: An apparatus and method for performing procedures (protocols) of a PDCP (Packet Data Convergence Protocol) layer and an RLC (radio layer in an E-UMTS (Evolved Universal Mobile Telecommunications System) which has evolved from UMTS, among radio protocols of a mobile communication system. The PDCP layer performs ciphering on data (i.e., PDCP SDU) received from an upper layer, generates an indicator discriminating ciphered data and non-ciphered data (i.e., an ROHC feedback packet directly generated by the PDCP layer), and transmits the same to a lower layer (i.e., MAC layer). A PDCP SN (Sequence Number) is defined as an algorithm for ciphering the data in the PDCP layer to perform ciphering in the PDCP layer.

Abstract: The present disclosure discloses a method and a system for determining whether to use a local authentication server. Specifically, a first network device executing a first authentication server receives a request for authentication from a client device. The first network device determines whether the client device was previously successfully authenticated by a second authentication server executing on a second network device within a particular period of time. If so, the first network device attempts to authenticate the client device using the first authentication server. Otherwise, the first network device declines the request for authentication from the client device.

Abstract: Disclosed are a method and apparatus for a data storage library comprising a first and second drive, a first and second mobile medium, a first and second partition wherein the first partition comprises the first drive and the first mobile medium and the second partition comprises the second drive and the second mobile medium, and a combination bridge controller device. The combination bridge controller device is configurable to control first communication traffic between at least a first client and the first partition wherein the first communication traffic can comprise a first data package. The combination bridge controller device is further configurable to optionally encrypt the first data package for storage on the first mobile medium when the first mobile medium is in cooperation with the first drive.

Abstract: A method and an arrangement for providing a wire-free mesh network are provided. An approval procedure is carried out in situations in which a subscriber who is registering on the mesh network transmits an MAC address which already exists in the mesh network, such that two different subscribers within the mesh network never have identical MAC addresses.

Abstract: In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information).

Abstract: A secure messaging system and method includes receiving an encrypted message, the message having been encrypted using a token of a corresponding pervasive device; wirelessly verifying the presence of the pervasive device; and, if the presence can be verified, decrypting the message using the token. The verification step can include the steps of establishing a wireless link with the pervasive device; and, querying the pervasive device over the wireless link. The establishing step can include the step of establishing a Bluetooth link with the pervasive device. Furthermore, the querying step can include the step of requesting geographic coordinates which locate the pervasive device.

Abstract: In an approach to caller ID verification by digital signature, a computing device receives authenticating information associated with a caller. The computing device creates a call record based on the authenticating information. The computing device retrieves additional information associated with the caller. The computing device updates the call record based on the additional information. The computing device retrieves a digital signature associated with the caller. The computing device retrieves public key information associated with the caller. The computing device performs a digital signature assessment based on the public key information. The computing device updates the call record based on the digital signature assessment. The computing device adds timestamp information to the call record. The computing device receives a request from a call recipient device. The computing device communicates information based on the call record to the call recipient device.

Abstract: A display control apparatus performs download processing and streaming processing. In the download processing, after first mutual authentication between removable media and a license server, the removable media receive and store a first title key from a license server and first encrypted content from a content server.

Abstract: The present invention belongs to the field of Biometry. It discloses useful technology and equipment to make remote processes of fingerprint recognition and identity authentication, based on the processing and validation of biometric data that is captured in a recipient device, controlled by a center that acts like the network controller, linked as well to a process that verifies and ensures the required identity. The referred process enables the application, in a simple and economic way, of Remote Biometric Authentication processes to economic activities currently beyond this technology, in which the physical presence of the person that intends being identifying is usually required. The invention overcomes the referred limitation, and makes this technology applicable to capable of commercial processes, of authorization and validation of banking and compatible payments, and medical care, social security and social services, among others.

Abstract: A method for ensuring media stream security in an IP Multimedia Subsystem network is disclosed. The method includes: assigning an end-to-end media stream security key for a calling User Equipment (UE) or a called UE, by a network device with which the calling UE or the called UE is registered, respectively, and transmitting the media stream security key to a network device with which the opposite end is registered; encrypting the end-to-end media stream security key using a session key shared with the calling UE or the called UE respectively, and transmitting the encrypted end-to-end media stream security key to the calling UE or the called UE, respectively, via a session message; encrypting or decrypting a media stream, by the calling UE or the called UE, respectively, using the end-to-end media stream security key.

Abstract: A method of providing particular account configurations to a user of a mobile device based on a predetermined account configuration offering between a mobile device manufacturer and a third-party service provider based on a code stored on the mobile device. During the out-of-box experience (OOBE) when the user is initially configuring the mobile device, the third-party provider receives user information, a code, and a mobile device identification number. The third-party service provider confirms that the mobile device is eligible for the particular account configuration by using the code and mobile device identification number. Once account configuration eligibility is confirmed, the third-party service provider associates the particular account configuration with either an existing user account or with a new user account established during the OOBE.

Abstract: A method of mutual verification between a client and a server is disclosed. The method comprises receiving a request via a telecommunication link, the request comprising an address of the server; receiving a verification data; decrypting the verification data with a private key of the server; identifying an account identity (ID) of the client from the decrypted verification data; generating a first logon token; generating a logon message comprising the first logon token and a uniform resource locator (URL) of the server; encrypting the logon message with a public key of the client; transmitting the logon message via the telecommunication link; receiving a logon request comprising the account ID and a second logon token; and determining whether the second logon token matches the first logon token.

Abstract: A method for securely deploying a communication device in a communication network, the method comprising: storing a device identity and an associated token in the network; receiving, in the network, a device identity, a token and an indication of a data routing point; determining whether the received device identity and the received token correspond with a device identity and associated token stored by the network; and, if so, determining that the communication device corresponding to the received device identity has been validly deployed in the network and storing the data routing point as a destination to which data associated with the validly deployed communication device should be routed by the network.

Abstract: An encryption service system comprises an API for receiving requests from one or more calling applications. Each request comprises information identifying the operations to be performed on data to be processed and information identifying the origin and target of the data. The encryption service system further comprises a cryptographic server for processing the requests and determining, for each request, an encryption policy to be applied.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to include an authentication module. The authentication module can be configured to receiving a request to access an electronic device, where the electronic device is separate from the authentication module, collect authentication data, communicate the authentication data to a network element, receive an authentication key, and communicate the authentication key to the electronic device.

Abstract: The invention proposes a method for transmitting a message to a plurality of user entities in a network by using a multicast service, comprising the steps of encrypting a multicast message by using ciphering, and sending the encrypted multicast message to the plurality of user entities simultaneously. The invention also proposes a corresponding multicast service control device and a corresponding user entity.

Abstract: Systems and methods include an input interface that receives registration information including a contact number input into a mobile device of a user, a call interface that transmits a call signal to a call center system, wherein the call signal comprises the call signal contact number that placed a call associated with the call signal and a communication interface that transmits the registration information to a profile database that stores the registration information as a profile for authenticating the mobile device user and identifying information from the mobile device of the user during the call. The call center system includes a call authentication processor that retrieves the user profile, an authentication interface that receives the identifying information, and an authentication processor that compares the identifying information with the user profile, and routes the call on an authenticated call path if the identifying information at least partially matches the user profile.

Abstract: A biometric authentication system includes a biometric device and a security authentication device, wherein the biometric device includes a digital image sensor configured to capture one or more images of human vasculature and a wireless transmitter configured to transmit the one or more images to the security authentication device, and the security authentication device is configured to return an authentication true message if a first vascular map retrieved from a database matches a second vascular map generated from the set of images.

Abstract: Various methods and systems are provided that allow a user to perform a free-form action, such as making a mark on a device, speaking into a device, and/or moving the device, to cause a step to be performed that conventionally was performed by the user having to locate and select a button or link on the device.

Abstract: Wireless communication techniques are useful for controlling access granted by a security device (22). In a disclosed example, a communication portion (24) comprises a residential gateway that is capable of communicating with a mobile station (30) over a local network (32). The communication portion (24) is also capable of communicating with a remotely located server (40) over a secure network connection (42) such as over the internet. The mobile station (30) identifies itself to the security device (22). The mobile station identifier is verified to determine authorization to gain the requested access. The security device (22) provides the mobile station identifier to the remote server (40) which provides a security code to the mobile station (30) and a pass code to the security device (22). The security device (22) uses the pass code to verify the security code received from the mobile station (30) and controls access accordingly.

Abstract: Methods, systems, and computer-readable medium for providing telecommunications carrier configuration at activation of a mobile device. In one implementation, a method is provided. The method includes receiving a request for activation of a mobile device, and during activation of the mobile device, determining for the mobile device a telecommunications carrier from a number of telecommunications carriers, and identifying information associated with the determined telecommunications carrier for configuring the mobile device.

Abstract: A method is provided for transmitting orientation data from an active stylus to a sensor controller, wherein the sensor controller is coupled to a sensor configured to receive input from the active stylus. In the method the active stylus transmits stylus capability information to the sensor controller, wherein the stylus capability information indicates one or more orientation sensors included in the active stylus, out of multiple orientation sensors that are respectively configured to measure multiple types of orientation data. The sensor controller, based on the received stylus capability information indicating the one or more orientation sensors included in the active stylus, requests the active stylus to transmit corresponding one or more types of orientation data measured by the one or more orientation sensors. The active stylus, in response to the request from the sensor controller, transmits the one or more types of orientation data.

Abstract: Automated secure registration techniques for communication devices are provided which address the problem of allowing multiple clients to gain access to one system, and thus provide a solution to the “reverse single sign-on” problem. For example, a method for registering a group of two or more communication devices in a communication network comprises the following steps. A group challenge message is sent from a network device to the group of two or more communication devices. The network device receives one or more response messages to the group challenge respectively from one or more of the group of two or more communication devices, wherein the response message from each of the responding communication devices in the group comprises a group credential corresponding to the group.

Abstract: Systems and methods are disclosed for originating a call to a wireless number by a contact center while enforcing various compliance requirements. In one embodiment, a compliance server and a PBX cooperate to originate the call to the wireless number. The agent logs into the compliance server and the compliance server provides the agent with a wireless number to dial. The agent manually enters the wireless number using a phone connected to the PBX. The PBX queries the compliance server regarding establishing the wireless call. Upon authorization, the PBX establishes a first call leg to the compliance server, and a second call leg to the called party that is joined with the call leg to the agent's phone. Upon completion of the call, the agent dispositions the call to the compliance server, which then releases the first call leg. In response, the PBX then releases the second call leg.

Abstract: A user equipment (UE) comprising a display, an input device configured to receive user input, a visual input configured to capture motion or stop photography as visual data, and a processor coupled to the display, input device, and visual input and configured to, receive visual data from the visual input, overlay a model comprising network data onto the visual data to create a composite image, wherein the model is aligned to the visual data based on user input received from the input device, and transmit the composite image to the display.

Abstract: The present disclosure provides a method for correcting an error caused by Hyper Frame Number (HFN) and Packet Data Convergence Protocol Sequence Number (PDCP SN) mismatch between a user equipment and base station when the user equipment fails in handover between cells in a wireless communication system. In addition, the present disclosure provides a handover procedure for a user equipment performing handover from a macro cell to a Closed Subscriber Group (CSG) cell shared by multiple operators in a wireless communication system. The present disclosure enables a user equipment and base station to perform communication without a malfunction after handover failure. For handover from a macro cell to a CSG cell shared by multiple operators, the present disclosure enables a user equipment to perform handover to an accessible cell.

Abstract: A policy language for an information management system allows specifying or more policies using policy abstractions. The policies and policy abstractions are decoupled from one another, so policies and policy abstractions may be specified and altered separately from each other. A policy may refer to any number of policy abstractions. Multiple policies may reference a single policy abstraction, and a change to that policy abstraction will result in multiple policies being changed. Further, policy abstractions may be nested, so one policy abstraction may reference another policy abstraction, and so forth.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a communication device having a controller to transmit to a communication system a PKI certificate, and engage in encrypted communications responsive to receiving a public key from the communication system. The communication system can have a plurality of network elements that integrate operations of a circuit-switched communication network and a packet-switched communication network. Other embodiments are disclosed.

Abstract: Methods and devices for implementing security policies on a wireless device. The wireless device may include a non-volatile memory comprising a security type hard-coded in the non-volatile memory. Based on the security type, it may be determined whether a received security policy governing behavior of one or more resources designated as personal is applicable to the one or more resources designated as personal. If the security type is determined to indicate that the received security policy is not applicable to the one or more resources designated as personal, the security policy may not be applied to the one or more resources designated as personal.

Abstract: A method for enhancing the accuracy performance of authentication systems includes determining an authentication data requirement for a desired transaction and at least one new verification phrase. The method also includes capturing authentication data from a user with a communications device in accordance with the authentication data requirement, and capturing biometric data of the at least one new verification phrase from the user with the communications device. Moreover, the method includes adding the determined at least one new verification phrase to an enrollment phrase registry and storing the biometric data captured for the at least one new verification phrase in an enrollment data record of the user after successfully authenticating the user.

Abstract: A method of controlling the re-direction of IP packets to an IP host having two or more different IP addresses comprises generating a first of said IP addresses as a one-way function of the second IP address. The method further comprises accepting a request to re-direct a packet destined to said first IP address to another IP address only if the other IP address is the second IP address.

Abstract: A method includes identifying, at a security device of a secured wireless network, a wireless-enabled device that is not authorized to access the secured wireless network. The method also includes sending an access request message directed to a messaging address in response to identifying the wireless-enabled device. The access request message includes information that identifies the wireless-enabled device includes a first selectable option to allow access to the secured wireless network without requiring user input of a network password associated with the secured wireless network via the wireless-enabled device. The access request message also and includes a second selectable option to deny access to the secured wireless network.

Abstract: An identifier containing at least one encrypted part is received at a first network entity. A second network entity may then be determined based on the identifier. A request for assistance in decryption of the identifier from the second network entity may be sent from the first entity to the second network entity. The second network entity may then assist the first networks entity in an appropriate manner.

Abstract: Apparatus and methods are disclosed for a multi-SIM/multi-standby wireless user equipment (UE) configured for tune-away operations enabling simultaneous communication on multiple subscriptions using a shared RF chain while maintaining an ongoing signaling procedure on a primary subscription. The UE performs a signaling procedure with a first network associated with a first subscription, and decodes a downlink channel of the first network during an initial period of a transmission time interval (TTI). If the decoded downlink channel indicates that no data of the first subscription is destined to the UE during the current TTI, the UE tunes away to a second subscription to receive data from a second network associated with the second subscription.

Abstract: The disclosed computer-implemented method for detecting suspicious Internet addresses may include (1) monitoring Internet communications of an entity (e.g., an organization or individual), (2) compiling an Internet-address history for the entity that includes one or more Internet addresses involved in the Internet communications of the entity, (3) detecting, after compiling the Internet-address history for the entity, an additional Internet address that may be used in future Internet communications involving the entity, (4) computing a similarity metric between the additional Internet address and at least one Internet-address in the Internet-address history, (5) determining that the similarity metric indicates that the additional Internet address is suspicious, and (6) performing a security action in response to determining that the similarity metric indicates that the additional Internet address is suspicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A communication device comprising a central processing unit (CPU) and a memory device is disclosed. The CPU is configured to send a first attach request including a first subscription identity (FSI) to the network apparatus, receive an authentication request including a random number and an authentication token from the network apparatus as a response to the first attach request. Further, the CPU is configured to authenticate the authentication token using the random number and a first key associated with the FSI, obtain a second key and a second subscription identity (SSI) in response to authentication of the authentication token failing, where SSI is obtained from the authentication request. The CPU is further configured to send an authentication failure to the network apparatus. The second key and SSI are stored in the memory device such that the second key is associated with SSI.

Abstract: Embodiments of a mobile device and method for secure online sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, provisioning occurs using a service set identifier (SSID) to associate with a hotspot and retrieve a virtual LAN (VLAN) identifier. The VLAN identifier is used to complete the signup and provisioning process. In some embodiments, a hotspot may implement a primary SSID and a dependent SSID. The mobile device associates with the hotspot using the dependent SSID to perform the secure online signup and provisioning process. Once credentials are obtained using the signup and provisioning process, the device can connect to the hotspot using the primary SSID and the already provisioned credentials. The provisioned credentials may include certificates, username/password, or SIM-type credentials.

Abstract: Briefly, in accordance with one or more embodiments, a conventional physical downlink control channel (PDCCH) is transmitted in a first region of a physical downlink control channel structure utilized by a remote radio head that has been assigned a cell identifier that is common to one or more other remote radio heads within the cell, and an enhanced physical downlink control channel (ePDCCH) is transmitted in a second region of the physical downlink control channel structure.

Abstract: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.

Abstract: A wireless terminal which newly joins a wireless communication system transmits a message containing its identification data to an access point in the wireless communication system at a communication parameter setting start. Upon receiving the message, the access point determines whether or not the wireless terminal has been registered. If it is determined that the wireless terminal has not been registered, the access point determines whether or not the wireless terminal is a setting target device of communication parameters based on the identification data contained in the message. If it is determined that the wireless terminal is a setting target device, the access point sets communication parameters for the wireless terminal.

Abstract: A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.

Abstract: A request is received for a brokered shipment from a particular entity to an anonymous user. A shipping identifier is obtained from a shipping entity, on behalf of the particular entity, for the shipment from the particular entity to the anonymous user. The shipping identifier is communicated to the particular entity and the shipping identifier is associated with a unique user identifier unique, within a system, to a pairing of the anonymous user with the particular entity. Address information of the anonymous user is unknown to the particular entity, and address information is obtained from the shipping entity for the anonymous user. In some aspects, address information of the particular user is received from a second entity and applied to the shipment identifier in connection with delivery of the shipment to the particular user.

Abstract: Embodiments of a wireless device and methods for rekeying with reduced packet loss in a wireless network are generally described herein. In some embodiments, during rekeying operations a new key for reception may be installed early (i.e., prior to receipt of a rekeying confirmation message). The use of the new key for transmission may be delayed until after receipt of the rekeying confirmation message. The early installation of the new key for reception may allow both the new key and old key to be active at the same time for use decrypting received packets to reduce packet loss during rekeying operations. The rekeying confirmation message may be the fourth message of a four-way handshake for rekeying. In some embodiments, two key identifiers may be alternated between four-way handshakes to prevent deletion of the old key.

Abstract: Systems and methods of performing link setup and authentication are disclosed. A method includes receiving, at a mobile device, a first access point nonce (ANonce) from an access point and generating a first pairwise transient key (PTK) using the first ANonce. The mobile device sends an authentication request including a station nonce (SNonce) to the access point, where the authentication request is protected using the first PTK. The mobile device receives an authentication response including a second ANonce from the access point, where the authentication response is protected using a second PTK. The mobile device generates the second PTK using the second ANonce and the SNonce and uses the second PTK to protect at least one subsequent message to be sent from the mobile device to the access point.

Abstract: A method, computer readable medium and apparatus for obtaining cellular network load information in a secure manner are disclosed. For example, the method receives the cellular network load information, where the cellular network load information is encrypted. The method then decrypts the cellular network load information using a decryption key and performs a task responsive to the network load information that is decrypted.

Abstract: Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

Abstract: A user may access a subscription-based service via a system comprising one or more devices with one or more separate domains where each domain may be owned or controlled by one or more different local or remote owners. Each domain may have a different owner, and a remote owner offering a subscription-based service may have taken ownership of a domain, which may be referred to as a remote owner domain. Further, the user may have taken ownership of a domain, which may be referred to as a user domain. In order for the user to access the subscription-based service, registration and credential roll-out may be needed. An exemplary registration and credential roll-out process may comprise registration of the user, obtaining credentials from the remote owner and storing the credentials.

Abstract: Systems and methods for verifying user identity in a virtual environment are provided that may include periodic transmitting/monitoring of biometric data and geographic location data. Integrated systems may include anti-tamper devices that automatically delete biometric data in the event if tampering and/or power loss. Thus, the present invention helps to prevent tampering with player identity information, as well as helping to prevent access by a player to the software, graphics or other content associated with selected online activities. Such systems and methods may find particular applicability in fields related to online gambling by verifying the identity and location of an on-line player.

Abstract: Techniques for concealing temporary identifiers (IDs) assigned to user equipments (UEs) by a wireless communication system are described. At a network entity, a first ID Assigned to a UE and possibly a salt value are transformed, e.g., based on a hash function, to obtain a second ID for the UE. An output message directed to the UE is generated based on an input message, the second ID, and the salt value (if present). The output message is sent via a common channel shared by the UE and other UEs. At the UE, a message is received via the common channel, and a salt value (if sent) is obtained from the received message. The first ID and the salt value are transformed to obtain the second ID, which is used to determine whether the received message is intended for the UE.

Abstract: An intermediate server can receive a request from a mobile device to authorize a software application, transmit a secure ID included in the request to a social-networking system, receive an access token from the social-networking system indicating that the software application has been authorized, evaluate the access token for validity, and transmit a response to the mobile device indicating the software application is authorized. The secure ID can indicate that a user of the mobile device has been authenticated by the social-networking system. The access token can be valid when the access token and the secure ID both correspond to the user of the mobile device.