Abstract: A personnel access system may include a mobile device(s) comprising a first near field communication (NFC) device, a wireless device, and a first controller configured to generate an access request. An access control device may be associated with a personnel access position and include a second NFC device configured to receive the access request, and a second controller configured to generate a verification request for the mobile device(s) based upon the received access request. A verification device may be configured to receive the verification request from the access control device, and send a verification message to the mobile device(s). The first controller may be configured to receive the verification message via the wireless device, and generate verification data based thereon. The second controller may be configured to selectively grant personnel access based upon the verification data.

Abstract: Method for decrypting, within a wireless communication device, a sequence of encrypted packets received via a wireless communication channel between the communication device and a cell assigned to this device, comprising for each packet the following steps: —the computation of an encrypting sequence corresponding to the packet (21); and —the decrypting of the packet with the aid of the said encrypting sequence (22). In this method, the encrypting sequences are computed before the reception of the packets while the reception quality is above a threshold (20, TH) and an indication of change of cell is not received (24).

Abstract: Obfuscating a message, in one aspect, may include detecting sensitive information in a message to be broadcast into public or quasi-public computer network environment; replacing the sensitive information in the message with a representation that preserves general aspects of the sensitive information and a user interface element, the user interface element for enabling a viewer of the message to request access to details of the sensitive information; and transmitting the replaced message for broadcasting into the public or quasi-public computer network environment. De-obfuscating the message, in one aspect, may include authenticating one or more viewers or receivers of the message and based on the authentication, presenting details associated with the sensitive information.

Abstract: A mobile station selects a provider such as an online sign up (OSU) provider by receiving a pre-association message including OSU selection information from a Wi-Fi network component, such as an access point in communication with the OSU provider, and sending a selection of an OSU provider in accordance with the OSU selection information to the network component. The OSU selection information excludes identification of the OSU network provider or resource, but provides other attributes to the user, such as price or service configuration. The pre-association message may be transmitted as a beacon or using ANQP.

Abstract: Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions are disclosed. A messaging service firewall (MSF) separate from a short message service center (SMSC) receives a mobility management reply message (MMR) that is sent by a mobile location register element in response to an associated mobility management query (MMQ) and that includes a serving switch identifier. The MSF allocates a global title address (GTA) from a pool of GTAs and stores a correlation between the allocated GTA and the originating SMSC. The MSF replaces the serving switch identifier in the MMR with the allocated GTA and routes the modified MMR. The MSF then receives a messaging service message (MSM) that is addressed to the allocated GTA and that includes the purported originating SMSC. If the purported originating SMSC does not match the SMSC to which the GTA is correlated, the MSM is discarded.

Abstract: Embodiments of the present invention are directed to systems, apparatuses and methods for using a mobile device with an accelerometer to gain access into a secured or restricted area. A first device and a second device interact by making physical contact with each other thereby generating interaction data that is representative of the physical interaction between the first and second device. The first and second device may be mobile phones. The second device may be a point of sale terminal, access point device, or any other stationary (i.e., in a fixed position) device positioned at a line, door, gate, or entrance. A server computer determines, based on interaction data, that the first device and the second device made physical contact. After determining that the first device and the second device made contact, communications may be initiated between the devices.

Abstract: Methods and systems for slow associated control channel signaling are disclosed. An example method for securing communications in a mobile network disclosed herein comprises transmitting a first variant of a message of a first type on a first slow associated control channel (SACCH) before ciphering is started on the first SACCH, and after ciphering is started on the first SACCH, transmitting a second variant of the message of the first type on the first SACCH, and subsequently transmitting the second variant of the message of the first type on the first SACCH, wherein the subsequently transmitted second variant of the message of the first type is the next transmitted message of the first type on the first SACCH.

Abstract: The invention is directed to a security module deployed in a host device, which provides a secondary agent that operates in coordination with the host agent in the host device, but operates independent of the host operating system of the host device to independently access an existing communication network interface in the host device or a separate dedicated network interface, if available. In one aspect, the present invention enables robust theft recovery and asset tracking services. The system comprises a monitoring center; one or more monitored devices; a security module in the monitored devices; and one or more active communications networks. Monitored devices may be stand alone devices, such as computers (e.g., portable or desktop computers), or a device or a subsystem included in a system. A monitored device comprises a security module, a host agent and software to support the host agent that runs in the monitored device's OS.

Abstract: Methods and systems are provided for secure Mobile-IP traffic traversing network address translation (NAT). A virtual-private-network (VPN) tunnel extending between the mobile node and the home agent is established, wherein the home agent comprises a VPN function. Establishing the VPN tunnel comprises (i) the mobile node communicating with the home agent at a public address of the home agent via a private network, a NAT device, and a public network and (ii) the home agent assigning the mobile node a first public address. The mobile node is registered with the home agent. Registering the mobile node comprises (i) the mobile node communicating via the VPN tunnel with the home agent at the public address of the home agent and (ii) establishing the first public address as a home address for the mobile node for, for example, purposes of Mobile-IP communication.

Abstract: A handover method of a mobile terminal between heterogeneous networks for facilitating the handover with pre-authentication procedure is provided. A handover method between heterogeneous networks includes receiving, at a mobile terminal connected to a source network, information on at least one target authenticator of a target network from a source authenticator in response to an attach request; creating an authentication key between the mobile terminal and the target authenticator selected among the at least one target authenticator through a pre-authentication process; determining, when the mobile terminal transmits a handover request to the selected target authenticator, whether the authentication key contained in the handover request matches with the authentication key stored in the selected target authenticator; and connecting, when the authentication keys match with each other, to the target network via the selected target authenticator.

Abstract: In an exemplary embodiment content of a data message to be sent on a control channel is determined, and a selection is made between ciphering and not ciphering the data message based on the determined content. By example if from the content it is determined that that the data message is a SMS message, ciphering is selected and the control channel is a SACCH; else ciphering is not selected. Such a determination may be made by checking a service access point identifier for a data block comprising the data message. A data message within a data block received on the control channel is determined to be ciphered or not ciphered using only information within the data block, and the received data message is processed according to the determination. In another embodiment the FACCH is selected for sending the message if it is a SMS, and ciphering is selected for all data blocks sent on the FACCH.

Abstract: A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorized users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium.

Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.

Abstract: An embodiment of the invention is directed to associating a wireless device with a basestation. A connection request is received from the wireless device. The wireless device is authenticated to the basestation. A token-transfer-request message is received. The wireless device is associated with the basestation by transferring a token associated with the wireless device to the basestation.

Abstract: Disclosed is a method including allowing an application server to request setup of a session on behalf of a user terminal, and using mechanisms of a generic peer authentication procedure for procedure for enabling authentication of the application server to an interrogating server, the interrogating server being a network element that is configured to process said request to setup a session on behalf of a user terminal. Also disclosed are related devices, systems and computer programs.

Abstract: A wireless communications system may include a user-wearable device including a clasp having open and closed positions, a first wireless security circuit (WSC), and a first controller coupled to the clasp and the first WSC. The system may further include a mobile wireless communications device including a portable housing, an input device(s), a second WSC carried by the portable housing and configured to communicate with the first WSC when in close proximity therewith, and a second controller carried by the portable housing and coupled to the second WSC and the input device(s). The second controller may be configured to enable mobile wireless communications device(s) function based upon a manual entry of an authentication code via the input device(s), and bypass the manual entry and enable the mobile wireless communications device function(s) based upon a communication from the user-wearable device and a position of the clasp.

Abstract: The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Abstract: Wireless security is enforced at L1, in addition to or in lieu of other layers. AP's can switch dynamically from serving to scanning. Scanners listen for authorized frame headers. Scanners either receive, or allow authorized frames to be received, at their destination. Scanners kill unauthorized frames while they are still transmitting; scanners continue listening for and killing unauthorized frame headers until frame ending time demands their return to serving, multiplying their effectiveness. AP's include dual-mode multi-frequency omni-directional antennae, used to prevent third parties from snooping messages received at those AP's.

Abstract: Arranging data ciphering in a telecommunication system comprising at least one wireless terminal, a wireless local area network and a public land mobile network. At least one first ciphering key according to the mobile network is calculated in the mobile network and in the terminal for a terminal identifier using a specific secret key for the identifier. Data transmission between the mobile network and the terminal is carried out through the wireless local area network. A second ciphering key is calculated in the terminal and in the mobile network using said at least one first ciphering key. The second ciphering key is sent from the mobile network to the wireless local area network. The data between the terminal and the network is ciphered using said second ciphering key.

Abstract: A mobile telecommunications network and method of operation that includes establishing a first user plane connection between a telecommunications device registered with the network and a network gateway device of the network via a first access point; providing the telecommunications device with a token using the first user plane connection; establishing a second user plane connection between the telecommunications device and the network gateway device via a second access point by using the token information to validate the telecommunications device; and, subsequent to establishment of and corresponding to the second user plane connection, establishing a control plane connection between the telecommunications device and the network gateway device via the second access point.

Abstract: Methods and systems provide secure functions for a mobile client. A circuit may include a memory configured to store a server access key and a first function authentication key. The circuit may also include authentication circuitry configured to access the server access key to authenticate access to a server to download a function capsule comprising a first function and to access the first function authentication key to authenticate use of the first function of the function capsule.

Abstract: A terminal identification method is provided which enables two-way communications between terminals and a network while identifying terminal IDs and protecting privacy. Also, authentication method and system are provided which require no complicated calculating process, less steps and smaller amount for wireless communications, and less power consumption. A server and terminal share a hash function and an initial value determined for each terminal, calculate the same temporary ID by hashing the initial value the same number of times with the hash function, and identify the terminal using the calculated temporary ID. The server and the terminal also hold a common hash function and authentication information, acquire an authenticating communication parameter from communication parameters temporarily common during communication, and generate an authentication key using the authentication information, the authenticating communication parameter, and the hash function.

Abstract: A method and system is provided for assessing the cumulative set of access entitlements to which an entity, of an information system, may be implicitly or explicitly authorized, by virtue of the universe of authorization intent specifications that exist across that information system, or a specified subset thereof, that specify access for that entity or for any entity collectives with which that entity may be directly or transitively affiliated. The effective system-level access granted to the user based upon operating system rules or according to access check methodologies is determined and mapped to administrative tasks to arrive at the cumulative set of access entitlements authorized for the user.

Abstract: Device authentication is based on the ability of a human to synchronize the movements of his or her fingers. A pairing procedure for two wireless devices may thus involve a synchronization test that is based on the relative timing of actuations of input devices on each of the wireless devices. In some aspects a synchronization test involves determining whether actuations of user input devices on two different wireless devices occurred within a defined time interval. In some aspects a synchronization test involves comparing time intervals defined by multiple actuations of user input devices on two wireless devices.

Abstract: Systems and methods are provided for handling electronic messages. An electronic message is examined as to whether the message contains one or more encoding properties. A visual indication is generated for use in a display to a user wherein the visual indication is displayed to the extent to which the encoding property applies to a displayed portion of the message.

Abstract: A method for providing message protection includes generating a ciphered message based upon a first counter, a message, and a ciphering key. The method further includes generating an unciphered message authentication code (MAC) based upon the first counter, an integrity protection key, and either the message or the ciphered message, and transmitting security protected data, which includes the MAC and the ciphered message, over a transmission medium.

Abstract: A mobile terminal includes a near-field communication device capable of performing near-field wireless communication with an external device, and a controller configured to instruct the external device or the near-field communication device to execute a command. The near-field communication device has a storage unit, a first mutual authentication unit for authenticating the controller and for requesting the controller to authenticate the near-field communication device, a first communication key setting unit for setting a first communication key, a second mutual authentication unit for authenticating the external device and for requesting the external device to authenticate the near-field communication device, and a second communication key setting unit for setting a second communication key.

Abstract: Systems and methods for implementing a location token service (LTS) to enhance the security of mobile device identity tokens by using the location of the mobile device to augment the tokens. The LTS enforces re-authentication (login) of the mobile device to one or more applications if the mobile device moves beyond a threshold distance from the location of the last use of the token within a time period defined in a temporal threshold. The LTS increases authentication strength and drastically reduces the potential for spoofing or otherwise permitting unauthorized access to one or more applications on the mobile device.

Abstract: Handset, computer software and method for protecting sensitive network information, available in the handset, from disclosure to an unauthorized server, by using an abstraction function module, the handset being connected to a network.

Abstract: A method for securely authenticating a user of a consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the consumer device from the access device. Next, the consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.

Abstract: A device or “dongle” (30) is provided for controlling communications between a Subscriber Identity Module (or SIM) (12), such as of the type used in a GSM cellular telephone system, and a computer, such as a WINDOWS® operating system-based PC (10). The SIM (12) can be authenticated by the telephone network, in the same way as for authenticating SIMs of telephone handset users in the network, and can in this way authenticate the user of the PC (10) or the PC (10) itself. Such authentication can, for example, permit use of the PC (10) for a time-limited session in relation to a particular application which is released to the PC (10) after the authentication is satisfactorily completed. The application may be released to the PC (10) by a third party after and in response to the satisfactory completion of the authentication process. A charge for the session can be debited to the user by the telecommunications network and then passed on to the third party.

Abstract: In conjunction with establishment of a session between an access network and user equipment of a communication system, session-specific information is transmitted from the access network to the user equipment. The session-specific information transmitted from the access network to the user equipment comprises information to be utilized in an authentication protocol carried out between the user equipment and an authentication server of the system. For example, the session-specific information transmitted from the access network to the user equipment may comprise an identifier of a gateway coupled between the access network and the authentication server.

Abstract: A request for an acknowledgement using a private key may be generated and transmitting to a customer device. The acknowledgement may be received from the customer device and verified using a public key associated with a customer operating the customer device. A request for a current location of the customer device may be transmitted and the current location may be received. A determination that the current location is proximate to a meter may be made, and, in response to determining that the current location is proximate to the meter, the meter may be manipulated.

Abstract: A method, system and apparatus for authenticating a communication request sent from a client computing device. The communication request is initially blocked by a firewall preventing delivery to a server. A first logging event corresponding to the communication request is created. The communication request and the logging event are stored in a firewall. The server is notified of the first logging event. The communication request corresponding to the first logging event is authenticated. A port in the firewall is enabled if the communication request is authenticated.

Abstract: Technologies are generally described for authentication systems. In an example, an authentication system can be built among devices by sharing an image that is virtually torn into pieces. Each participant in the authentication system receives a piece of the image. The participants are authenticated when the pieces are later joined to form the original image.

Abstract: An anti-theft mobile terminal is disclosed, including: a setting module (10); an encryption module (11), configured to set a screen-lock password and an information return verification password of the mobile terminal; a password verification module (12), configured to verify a screen-unlock password input by a user; a detection module (18), configured to trigger a power management module (13) when detecting that an SIM card or battery has been pulled out, or the battery has run down longer than a preset duration; the power management module (13), configured to stop power supply from the battery of the mobile terminal and start a standby power supply to supply power to an information return module (14), an information deleting module (15), a positioning module (16), and an IMSI; the information return module (14), configured to verify a received information return verification password and return information saved in a set storage area after successful verification; the information deleting module (15), config

Abstract: Authentication key generation for local area network communication, including: participating in communication of a message comprising a cipher suite selection type indicating cellular network compatible cipher suite; and creating cellular network compatible authentication keys according to said cipher suite selection type.

Abstract: A service request is received and associated with a subscriber id. Profile information is accessed for the source of the service request. A copy of the profile information is stored in a network element employed by the source of the service request to access the network.

Abstract: The present invention provides a method wherein an MNO receives a secret key allocated to a corresponding embedded UICC (eUICC) through SM-SR (secure routing) in an environment where SM is divided and implemented as SM-SR and SM-DP (data preparation), that is, provided is a method wherein the MNO dynamically acquires the secret key (public key or the like) from the corresponding eUICC through the SM-SR and uses the acquired secret key. In addition, the present invention allows the eUICC to receive an encrypted profile from the MNO or the SM and decrypts the encrypted profile using profile access credential information (a secret key corresponding to an eUICC public key) stored in the eUICC to use the decrypted profile, thereby securely transmitting important data such as operation profiles, and blocking external entities such as a device or terminal from accessing the important data.

Abstract: A method of providing certificate issuance and revocation checks involving mobile devices in a mobile ad-hoc network (MANET). The wireless devices communicate with each other via Bluetooth wireless technology in the MANET, with an access point (AP) to provide connectivity to the Internet. A Certificate authority (CA) distributes certificates and certification revocation lists (CRLs) to the devices via the access point (AP). Each group of devices has the name of the group associated with the certificate and signed by the CA. A device that is out of the radio range of the access point may still connect to the CA to validate a certificate or download the appropriate CRL by having all the devices participate in the MANET.

Abstract: Disclosed is a data processing apparatus providing a predetermined function by executing a program for the data processing apparatus, including a first storage unit that stores encoded execution starting data for starting execution of the program; a first decode key storage unit that stores a first decode key capable of decoding the encoded execution starting data; a start up unit that obtains the first decode key from the first decode key storage unit when turning on the power is accepted and decodes the encoded execution starting data by the first decode key to start executing the program; and an authentication confirmation unit that sends a request for authentication to an external apparatus after the start up unit starts executing the program and starts providing the predetermined function when obtaining an authentication result indicating the apparatus is authenticated from the external apparatus.

Abstract: In a mobile communication system, a radio device is configured to transmit notification information transmitted from a distribution server, to a mobile station, by use of broadcast communication. The distribution server 10 includes a key transmitter unit 12 configured to transmit a public key of the distribution server 10 to the mobile station UE; the radio device RNC, Node B includes a notification information transmitter unit 22, 42, 42A configured to transmit, to the mobile station UE, the notification information transmitted from the distribution server 10; and the mobile station UE includes an authentication unit 36 configured to authenticate the validity of the received notification information in reference to an electronic signature for the notification information.

Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.

Abstract: A method (400) for processing location information relating to a certain mobile station in a cellular network is presented. The method involves a first network element, which is connected to the cellular network, and second and third network elements, which are connected to a packet data network. The first network receives (401) a location information request (201) relating to the mobile station from a second network element. A security document relating to the second network element is requested (404) from a third network element; establishment (406) of one security association pointing from the second network element to the first network element and involving information is the security document is initiated; after successful establishment of said security association, the data origin of the location service request is authenticated (408); and after successful authentication, a location procedure relating to the mobile station in the cellular network is initiated (410).

Abstract: A system, a method and computer-readable media for handling a device that experiences a failure to complete a network's authentication process. Causes of the failure are determined, and device attributes are received. These causes and attributes are then used to determine an alternative authentication process. The device is authenticated by using this alternative authentication process.

Abstract: Disclosed are methods and systems related to a Personal Assistance Safety System. In one aspect, disclosed are methods and systems for vehicle communications comprising an antenna selecting unit configured to select an antenna according to an antenna selection strategy and a first antenna switch coupled to the antenna selecting unit configured to direct communications through the selected antenna.

Abstract: The successful authenticating of a Network Access Identifier (NAI) process is enabled by an authenticating method and a mobile terminal for a Code Division Multiple Access (CDMA) EVolution to packet Data Optimized (EVDO) network.

Abstract: A method of and system for digital rights management, in which access to a piece of content is granted in accordance with a license owned by a license owner to a client who is a member of a domain. This requires successfully verifying that a membership relation exists between the client and the domain as reflected in a first state variable, and that an association relation exists between the license owner and the domain as reflected in a second state variable. Both relationships are revoked by executing an online protocol between the parties in the relationship after which both remove the corresponding state variable. The domain controller propagates the state administration relating to the domain is propagated to the client so that the client can update its state administration.

Abstract: The invention relates to a system comprising: a lock (10) provided with electronic circuits for transmission/reception via NFC and electric circuits for controlling mechanical locking/unlocking members, and a mobile phone (16) provided with circuits allowing same to operate in NFC mode. In addition, means are provided for transmitting power to the lock by means of remote power feeding (18) from the phone, such as to charge a buffer capacitor in order subsequently to provide power temporarily to the electronic and electric circuits of the lock while the lock is querying the NFC circuits of the phone in order to check the authorization of the person with the phone and to order to opening of the door.

Abstract: A method and apparatus for transmitting/receiving encryption information in a mobile broadcast system providing broadcast service (BCAST) are disclosed. In the mobile broadcast system, a broadcast (BCAST) Service Distribution/Adaptation (BSD/A) unit comprises a transmitter for transmitting a Registration Key Material (RKM) request message for requesting delivery of an RKM for registration of the BCAST service of a terminal to a BCAST Subscription Management (BSM) unit managing subscriber information of the terminal, and a receiver for receiving an RKM request response message from the BSM unit. The RKM request message includes an identifier (ID) of the BCAST service, and the RKM request response message includes the ID of the BCAST service and the RKM. The transmitter transmits a Long-Term Key Message (LTKM) request message for requesting delivery of an LTKM provided to the terminal during subscription of the BCAST service to the BSM unit.