Abstract: Methods and systems are provided for single sign-on process for remote-access to remote servers, using user equipment associated with a user. An intermediate device (e.g., smart-card) associated with the user equipment may be activated using local-access authentication information provided by the user. The local-access authentication data may be provided by the user in response to requests by the user equipment. Once activated, the intermediate device may support remote-access operations, by providing, in response to authentication requests received from remote servers, remote-access authentication data, which may be used in authenticating the user at the remote servers. The authentication requests may be sent by the remote server to the user equipment in response to the user requesting remote access. The remote-access authentication data may be provided without requiring user input, once the intermediate device is activated.

Abstract: Techniques for managing assignment and reassignment of short codes are described herein. One or more computing devices may assign a short code to a first messaging campaign for a first time period. After expiration of the first time period, the one or more computing devices may then reassign the short code to a second messaging campaign for a second time period.

Abstract: A method of displaying a tutorial to a user of a mobile device is disclosed. In some examples, the mobile device receives an input associated with one or more user functions of the mobile device and launches a locally based application in response to the received input. The locally based application may output instructions to the user explaining to the user how to implement the one or more user functions.

Abstract: A network and related methods for transmitting processes in a network secretly and securely is described. The network use keys, through path-key establishment and a key pool bootstrapping, to ensure that packets are transmitted and received properly and secretly in the presence of one or more adversarial nodes.

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract: A method is provided for transferring control of a security module from a first entity to a second entity. The security module has a first security domain controlled by the first entity by at least one first secret control key specific to the first entity, and a second security domain, the second domain containing a private key and a certificate of a public key of a controlling authority. The method includes: receiving a request to obtain the certificate; sending the certificate; receiving data encrypted by the public key of the certificate, the data including at least one second secret control key specific to the second entity; decrypting the data; verifying the data; and if the verification is positive, replacing the at least one first secret control key by the at least one second secret control key.

Abstract: An apparatus and method to provision and distribute a traffic key amongst a plurality of radios enables secure communication, for a predetermined group or a predetermined event. Each radio has a controller, a radio transceiver for electromagnetic radio communications, and a near-field transceiver for near-field communications (NFC). The traffic key (or traffic keys) is provisioned locally at one radio and distributed to the remaining radios utilizing the NFC over a non propagating link. The same traffic key is distributed amongst all radios, and additional restrictions may be applied if desired. The same radios can later be re-provisioned for a different group or event. The local provisioning and distribution is highly advantageous for markets that do not require permanent assignment of radios.

Abstract: A method and system of securing account is provided. When a client computer requests access to an account accessible via a server, the server determines a MAC address associated with the client computer and compares it to a MAC address associated with the account. If the MAC address of the client computer is not the same as the MAC address associated with the account, the server initially denies access to the client computer, but may allow access after verification of the client computer by the user associated with the account.

Abstract: Embodiments of the present disclosure provide systems and methods to allow a multimedia device to operate in multiple modes of configuration simultaneously. The disclosed multimedia system includes a first communications circuitry having an access point connected to an external network and a number of devices. The first communications circuitry can receive and distribute media content over a wireless network, the wireless circuitry facilitating multi-modal simultaneous configuration of the multimedia device. The multi-modal simultaneous configuration includes a first mode and a second mode. The first mode facilitates exchange of data between the multimedia device and the other devices through the access point such as a wireless access point. The second mode facilitates direct exchange of data between the multimedia device and other devices in the wireless network without utilization of the access point. The multimedia device can change its mode of configuration based on a predefined trigger.

Abstract: A method and a wireless transmit/receive unit (WTRU), including a universal subscriber identity module (USIM), for identifying a closed subscriber group (CSG) cell are disclosed. The WTRU receives a broadcast from a cell including a cell identifier (ID). If the cell ID is associated with a CSG cell, the WTRU determines whether the CSG ID is programmed in the USIM. The cell broadcast may include a single bit information element (IE) indicating that the cell is a CSG cell. If the cell ID is a CSG ID, the cell ID may further include a plurality of fields which indicate at least one of a country, a region, an operator, and a home evolved Node-B (HeNB) number. The cell broadcast may further include a bit indicating whether the CSG cell is public or private. The cell broadcast may further include a bit indicating that emergency calls are allowed from all users.

Abstract: A touch sensitive screen mobile information apparatus having a wireless communication unit for wireless device discovery is herein disclosed. Close proximity wireless device discovery is enabled by wireless searching near distance via radio frequency field for a wireless device, receiving information from the wireless device over the near distance wireless communication, and storing the received information at the information apparatus for future wireless connections. Authentication or pairing of devices may be eliminated due to close proximity of the direct wireless device discovery. After wireless device discovery, the information apparatus and the wireless device may become locked or paired for subsequent wireless communication over any number of wireless communication protocols or standards (e.g., Bluetooth, IEEE 802.11, 2.4GHz) without the need to repeat wireless discovery or pairing. Examples of information apparatus include smart phones, digital camera, laptops, or information pads.

Abstract: A hardware implemented system and method of encryption key management may facilitate access to a connected device. In some embodiments, an Input/Output (I/O) controller coupled to a host system may comprise a cryptocontext memory that is only accessible via state machines running on the controller and a key unwrap engine to decrypt wrapped keys associated with commands received from the host system.

Abstract: A method and authentication server provide a mobile key. According to the method, upon receipt of an authentication message (access authentication) that is transmitted when a subscriber logs on to the network, the authentication server extracts a subscriber identification contained in said message and generates a corresponding mobile key, which is stored together with the respective extracted subscriber identification. Upon subsequent receipt of a key request message (key request) that is transmitted when a subscriber registers, the authentication server extracts a mobile identification of the subscriber contained in said message and searches for an identical mobile identification, which can be derived in accordance with a configurable derivation function from a subscriber identification that is stored in the authentication server.

Abstract: A method for registering a Smartphone when accessing security authentication device and a method for access authentication of a registered Smartphone are provided. When a Smartphone based application searches for a device and attempts an access to the found device, the search and access for the device is limited according to a result of authentication using an activation code.

Abstract: Secure virtualizing of a mobile cellular device uses a cellular communication network having base transceiver station edge node servers. A virtualized-instance host server contains a virtualized instance of an enterprise environment. Base station controllers are in communication with and control the base transceiver stations. A mobile switching center in communication with the base station controllers contains the virtualized-instance host server. A cellular communication device is in communication with an edge node server, and an auxiliary data display entry device is in communication with the cellular communication device such that the virtualized instance of the enterprise environment is on the edge node server. Communications between the auxiliary display and data entry device are encrypted.

Abstract: An apparatus, and an associated method, for providing secured effectuation of a communication service at a substitute mobile station. A user desiring temporarily to use a substitute mobile station to carry out the communication service initiates a request at the mobile station for its use. The communication service is available to be performed at the substitute mobile station for a selected period. Upon termination of the selected period, the communication service session ends, and data associated with the communication service session is deleted from the substitute mobile station.

Abstract: A mobile terminal that may be able to access a wireless communication network and a control method thereof are provided. The mobile terminal includes: a wireless communication unit configured to access a wireless communication network; a detection unit configured to detect a connectable wireless communication network through the wireless communication unit; and a controller outputting icons each corresponding to one or more wireless communication networks detected by the detection unit to a locked screen displayed in a locked state in which inputting of a control command with respect to an application is limited, releasing the locked state when selecting of any one of the output icons is detected, and controlling the wireless communication unit to access a wireless communication network corresponding to the selected icon.

Abstract: According to various aspects of this disclosure, a circuit arrangement is provided. The circuit arrangement may include: a memory configured to store a first encryption key for generating a first authentication vector for authentication between a mobile station and a home network of the mobile station; and a key-generator configured to derive a second encryption key from the first encryption key, the second encryption key for generating a second authentication vector for authentication between the mobile station and a visited network.

Abstract: A method and apparatus for a satellite system. A satellite system is comprised of a communications system in a satellite and a number of computers associated with the satellite. The communications system is configured to receive first information and transmit second information from the satellite to a remote platform over a number of communications links. The number of computers is configured to identify a block of information for encryption from instructions in the first information. The number of computers is further configured to generate a key from a portion of the block of information based on the instructions. The number of computers is further configured to perform an exclusive OR operation on the block of information using the key to form a block of encrypted information. The number of computers is further configured to transmit the block of encrypted information.

Abstract: Described are various embodiments of a system and method in which device-identifying data can be used to uniquely recognize and optionally track and report on device activity at one or more hotspot locations by way of the creation and management of a device profile uniquely associated with such devices and stored in a network accessible knowledge base.

Abstract: Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: An apparatus and method for generating a group key using the status of a wireless channel are provided. The apparatus includes a representative channel response selection unit for selecting a representative channel response signal from among pilot signals received from slave terminals. A key generation unit generates a group key based on a representative channel response value of the representative channel response signal. A hash value generation unit generates a hash value corresponding to the group key. A transmission pilot control unit adjusts power intensities of transmission pilots of the respective slave terminals using the channel response value of the representative channel response signal and channel response values and transmission power intensities of the slave terminals. A communication unit is individually connected to the slave terminals and configured to transmit pilot signals, power intensities of which have been adjusted, and the hash value to the slave terminals.

Abstract: Methods and apparatus for verifying authenticity of device information of an end-user device are provided herein. In some embodiments, a method for verifying authenticity of device information of an end-user device may include sending a request to verify device information of an end-user device receiving, responsive to the request, verification information regarding the device information sent, and performing a verification analysis on the verification information received.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: A system and method for secure instant messaging are described. For example, in one embodiment, a first user identifies a second user for an instant messaging session with the ID code of the second user. The first user is provided with network information for the second user and a public key associated with the second user. The first user encrypts an instant message using the public key of the second user and a private key. In one embodiment, the first user encrypts the content of the instant message (e.g., any text and/or attachments) using the public key of the second user and signs the content using the private key of the first user. The encrypted message is transmitted from the first user to the second user. The second user decrypts the instant message using the second user's private key and verifies the signature with the first user's public key.

Abstract: A method including: assigning identifiers to respective domains, where each of the domains is allocated a corresponding set of resources, and where the resources in the sets of resources are accessible at respective physical addresses; storing permissions to access the physical addresses, where each of the permissions indicates which of the physical addresses one or more of the domains are permitted to access. The method also includes: assigning a code to a first domain, where the code includes instructions, and where each of the instructions includes a corresponding one of the physical addresses; tagging each of the instructions by adding the identifier assigned to the first domain to each of the instructions; and during execution of each of the instructions, comparing the identifier included in the corresponding instruction to one of the permissions; and based on the comparison, permitting access to the set of resources allocated to the first domain.

Abstract: Enhanced cryptographically generated addresses (ECGAs) for MIPv6 incorporate a built-in backward key chain and offer support to bind multiple logically-linked CGAs together. Enhanced CGAs may be used to implement a secure and efficient route optimization (RO) for MIPv6.

Abstract: A method, system, and medium are provided for operating a computing device and a mobile device to access computer software with a secure access and to access a packet network, and for operating a computer software on a mobile device with different computing devices. A mobile device is used to authenticate a user's access to computer software. The computer software may reside on the mobile device, the user's computing device, or another computing device. A unique identifier is stored in the mobile device associated with the computer software to enable the authentication.

Abstract: There are disclosed systems and methods for authenticating a mobile device by a network and/or for generating one or more keys that can be used for securely transmitting data between the mobile device and the network. In one embodiment, the following operations are performed by a mobile device: (i) the mobile device participates in at least a portion of a key agreement protocol with a network to compute a secret value; (ii) the mobile device obtains a response value derived from the secret value; and (iii) the mobile device sends the response value to a verification entity for use in authenticating the mobile device. There are also disclosed systems and methods for authenticating a network by a mobile device.

Abstract: A method and system for handling security synchronization for prolonged periods of no-reception of voice frames. The method includes receiving one or more protocol data units (PDUs) by a radio link control (RLC) sub layer and determining a time period between the receiving of each PDU and a previously received PDU by the RLC sub layer. Further, the method includes initiating recovery procedure for the time period exceeding a first predefined time. The recovery procedure includes identifying count of the one or more PDUs to be recovered, deciphering each PDU using a plurality of hyper frame numbers (HFNs) and updating a master HFN based on the deciphering. The master HFN deciphers each PDU among the one or more protocol data units. Further, the method also includes delivering the one or more PDUs to a packet data convergence protocol sub layer where type verification of the PDU is performed.

Abstract: A method and apparatus to establish trust between two nodes in a communications network. A first node receives from a network node authentication data unique to the first node, which can be used to derive a compact representation of verification data for the first node. The first node also receives a certified compact representation of verification data of all nodes in the network. The first node derives trust information from the authentication data for the node, and sends to a second node a message that includes the trust information and part of the authentication data. The second node has its own copy of the certified compact representation of verification data of all nodes in the network, and verifies the authenticity of the message from the first node using the compact representation of verification data of all nodes in the network and the received trust information and authentication data.

Abstract: A processing device comprises a processor coupled to a memory and implements a host-based intrusion detection system configured to permit detection of tampering with at least one software component installed on the processing device. The host-based intrusion detection system comprises a forward-secure logging module configured to record information characterizing a plurality of events occurring in the device in such a manner that modification of the recorded information characterizing the events is indicative of a tampering attack and can be detected by an authority. For example, the recorded information may comprise at least one forward-secure logging record R having entries r1 . . . rn corresponding to respective ones of the events wherein any erasure or other modification of a particular pre-existing entry ri in R by an attacker is detectable by the authority upon inspection of R.

Abstract: The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Abstract: Methods and systems taught herein provide for authentication information for authenticating a user terminal to be shared between a network entity that supports IMS-AKA authentication of the user terminal and a network entity that supports GBA-AKA authentication of the user terminal. Sharing authentication information between these entities allows all or part of the authentication information generated for IMS-AKA authentication of the user terminal to be used subsequently for GBA-AKA authentication of the user terminal, or vice versa.

Abstract: A personnel access system may include a mobile device(s) comprising a first near field communication (NFC) device, a wireless device, and a first controller configured to generate an access request. An access control device may be associated with a personnel access position and include a second NFC device configured to receive the access request, and a second controller configured to generate a verification request for the mobile device(s) based upon the received access request. A verification device may be configured to receive the verification request from the access control device, and send a verification message to the mobile device(s). The first controller may be configured to receive the verification message via the wireless device, and generate verification data based thereon. The second controller may be configured to selectively grant personnel access based upon the verification data.

Abstract: Method for decrypting, within a wireless communication device, a sequence of encrypted packets received via a wireless communication channel between the communication device and a cell assigned to this device, comprising for each packet the following steps: —the computation of an encrypting sequence corresponding to the packet (21); and —the decrypting of the packet with the aid of the said encrypting sequence (22). In this method, the encrypting sequences are computed before the reception of the packets while the reception quality is above a threshold (20, TH) and an indication of change of cell is not received (24).

Abstract: A mobile station selects a provider such as an online sign up (OSU) provider by receiving a pre-association message including OSU selection information from a Wi-Fi network component, such as an access point in communication with the OSU provider, and sending a selection of an OSU provider in accordance with the OSU selection information to the network component. The OSU selection information excludes identification of the OSU network provider or resource, but provides other attributes to the user, such as price or service configuration. The pre-association message may be transmitted as a beacon or using ANQP.

Abstract: Obfuscating a message, in one aspect, may include detecting sensitive information in a message to be broadcast into public or quasi-public computer network environment; replacing the sensitive information in the message with a representation that preserves general aspects of the sensitive information and a user interface element, the user interface element for enabling a viewer of the message to request access to details of the sensitive information; and transmitting the replaced message for broadcasting into the public or quasi-public computer network environment. De-obfuscating the message, in one aspect, may include authenticating one or more viewers or receivers of the message and based on the authentication, presenting details associated with the sensitive information.

Abstract: Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions are disclosed. A messaging service firewall (MSF) separate from a short message service center (SMSC) receives a mobility management reply message (MMR) that is sent by a mobile location register element in response to an associated mobility management query (MMQ) and that includes a serving switch identifier. The MSF allocates a global title address (GTA) from a pool of GTAs and stores a correlation between the allocated GTA and the originating SMSC. The MSF replaces the serving switch identifier in the MMR with the allocated GTA and routes the modified MMR. The MSF then receives a messaging service message (MSM) that is addressed to the allocated GTA and that includes the purported originating SMSC. If the purported originating SMSC does not match the SMSC to which the GTA is correlated, the MSM is discarded.

Abstract: Embodiments of the present invention are directed to systems, apparatuses and methods for using a mobile device with an accelerometer to gain access into a secured or restricted area. A first device and a second device interact by making physical contact with each other thereby generating interaction data that is representative of the physical interaction between the first and second device. The first and second device may be mobile phones. The second device may be a point of sale terminal, access point device, or any other stationary (i.e., in a fixed position) device positioned at a line, door, gate, or entrance. A server computer determines, based on interaction data, that the first device and the second device made physical contact. After determining that the first device and the second device made contact, communications may be initiated between the devices.

Abstract: The invention is directed to a security module deployed in a host device, which provides a secondary agent that operates in coordination with the host agent in the host device, but operates independent of the host operating system of the host device to independently access an existing communication network interface in the host device or a separate dedicated network interface, if available. In one aspect, the present invention enables robust theft recovery and asset tracking services. The system comprises a monitoring center; one or more monitored devices; a security module in the monitored devices; and one or more active communications networks. Monitored devices may be stand alone devices, such as computers (e.g., portable or desktop computers), or a device or a subsystem included in a system. A monitored device comprises a security module, a host agent and software to support the host agent that runs in the monitored device's OS.

Abstract: Methods and systems for slow associated control channel signaling are disclosed. An example method for securing communications in a mobile network disclosed herein comprises transmitting a first variant of a message of a first type on a first slow associated control channel (SACCH) before ciphering is started on the first SACCH, and after ciphering is started on the first SACCH, transmitting a second variant of the message of the first type on the first SACCH, and subsequently transmitting the second variant of the message of the first type on the first SACCH, wherein the subsequently transmitted second variant of the message of the first type is the next transmitted message of the first type on the first SACCH.

Abstract: Methods and systems are provided for secure Mobile-IP traffic traversing network address translation (NAT). A virtual-private-network (VPN) tunnel extending between the mobile node and the home agent is established, wherein the home agent comprises a VPN function. Establishing the VPN tunnel comprises (i) the mobile node communicating with the home agent at a public address of the home agent via a private network, a NAT device, and a public network and (ii) the home agent assigning the mobile node a first public address. The mobile node is registered with the home agent. Registering the mobile node comprises (i) the mobile node communicating via the VPN tunnel with the home agent at the public address of the home agent and (ii) establishing the first public address as a home address for the mobile node for, for example, purposes of Mobile-IP communication.

Abstract: A handover method of a mobile terminal between heterogeneous networks for facilitating the handover with pre-authentication procedure is provided. A handover method between heterogeneous networks includes receiving, at a mobile terminal connected to a source network, information on at least one target authenticator of a target network from a source authenticator in response to an attach request; creating an authentication key between the mobile terminal and the target authenticator selected among the at least one target authenticator through a pre-authentication process; determining, when the mobile terminal transmits a handover request to the selected target authenticator, whether the authentication key contained in the handover request matches with the authentication key stored in the selected target authenticator; and connecting, when the authentication keys match with each other, to the target network via the selected target authenticator.

Abstract: A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorized users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium.

Abstract: In an exemplary embodiment content of a data message to be sent on a control channel is determined, and a selection is made between ciphering and not ciphering the data message based on the determined content. By example if from the content it is determined that that the data message is a SMS message, ciphering is selected and the control channel is a SACCH; else ciphering is not selected. Such a determination may be made by checking a service access point identifier for a data block comprising the data message. A data message within a data block received on the control channel is determined to be ciphered or not ciphered using only information within the data block, and the received data message is processed according to the determination. In another embodiment the FACCH is selected for sending the message if it is a SMS, and ciphering is selected for all data blocks sent on the FACCH.

Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.

Abstract: An embodiment of the invention is directed to associating a wireless device with a basestation. A connection request is received from the wireless device. The wireless device is authenticated to the basestation. A token-transfer-request message is received. The wireless device is associated with the basestation by transferring a token associated with the wireless device to the basestation.

Abstract: Disclosed is a method including allowing an application server to request setup of a session on behalf of a user terminal, and using mechanisms of a generic peer authentication procedure for procedure for enabling authentication of the application server to an interrogating server, the interrogating server being a network element that is configured to process said request to setup a session on behalf of a user terminal. Also disclosed are related devices, systems and computer programs.