Abstract: A network authentication system comprises user equipment (UE), a service network (SN) and a home network (HN). The HN generates an expected user response (XRES) based on an identifier of the UE and generate an indicator, and sends the part of XRES and the indicator to the SN. The SN receives the part of XRES and indicator, and receives a user response (RES) from the UE. The SN then compares the RES with the XRES base on the indicator, and sends a confirmation message to the HN when the comparison succeeds.

Abstract: This application provides a data transmission method and communications devices. In some implementations, a first device instructs a second device to stop sending data of an application to the first device, receives from the second device first indication information indicating a sequence number of data that is of the application and that has been received by the second device from the first device, and sends to the second device second indication information indicating a sequence number of data that is of the application and that has been received by the first device from the second device. After a connection between the terminal device and a second server is established, the first and second indication information are used to transmit the data of the application through the connection.

Abstract: Various examples pertaining to improvement for incorrect key set identifier (KSI) handling in mobile communications are described. An apparatus (e.g., user equipment) receives from a wireless network an authentication challenge after the processor having completed an authentication and key agreement (AKA) procedure with the wireless network. The apparatus detects an error in the authentication challenge and handles the error in the authentication challenge. For example, the apparatus can reject the authentication challenge responsive to detecting the error. Alternatively, the apparatus can accept the authentication challenge.

Abstract: A wireless roaming method and related system are provided. The method is applicable to an access control device and includes: determining a moving direction of a mobile device that is in a first connection connecting with a first access point; establishing, by a second access point and in response to a determination that the moving direction meets a preset condition, a second connection connecting the mobile device with the second access point, and disconnecting, by the first access point, the first connection. The first access point and the second access point are both connected to the access control device, and have a same static address or a same Identity Resolving Key. This method allows the mobile device to securely and seamlessly roam within the coverage areas of different access points.

Abstract: An electronic device used for unlocking a locking device is disclosed. The electronic device according to various embodiments of the present invention may comprise: a communication module for transmitting an unlock signal; and a processor which performs authentication with respect to a user so as to unlock a locking device, changes, after the user is authenticated, a valid time configured for a first key selected among one or more keys registered on an application, and transmits the unlock signal, including information on the changed valid time and information on the first key, via the communication module. Other various embodiments are also possible.

Abstract: An access point (AP) device of a wireless communication network determines that an unassociated client station requests to participate in a ranging measurement procedure with the AP device, and determines a preliminary network ID for uses by the unassociated client station during a ranging measurement session and while the unassociated client station remains unassociated with the wireless communication network. The AP device transmits a packet having the preliminary network ID, and after transmitting the packet having the preliminary network ID, participates in a multi-user (MU) null data packet (NDP) ranging measurement session with a plurality of client stations that includes the unassociated client station.

Abstract: A terminal apparatus includes a communication circuit, a display unit, and a processor. The processor acquires a first SSID of an access point to which the communication circuit already made a connection, and a second SSID that is obtained by electronic equipment by performing scanning processing. The processor obtains the degree of the sameness of the first SSID and the second SSID, and performs display processing on the display unit in a mode in which display is performed in a manner that is more emphasized for visibility or the display is performed in a manner that takes precedence.

Abstract: A method of replacing an authentication parameter for authenticating a security element co-operating with a terminal includes storing in the security element a first authentication parameter; transmitting to a mobile network operator the first authentication parameter for the operator to record it in its authentication system; on occurrence of an event, having a remote platform transmit to the security element an indicator informing the security element that it is authorized to replace the first authentication parameter with a second authentication parameter if its authentication fails; on occurrence of the event, having the entity transmit to the operator a second authentication parameter to replace the first authentication parameter; and in the event of subsequent failure of the security element to connect to the mobile network and if the indicator is present at the security element, replacing the first authentication parameter with the second authentication parameter at the security element.

Abstract: An embodiment of the disclosure provides a voice communication method, a calling terminal, a called terminal and a system, the voice communication method includes: establishing, by a calling terminal, a data communication connection between a called terminal and the calling terminal; obtaining a calling terminal international mobile subscriber identity (IMSI), a called terminal IMSI, a first random number for encryption and decryption, and generating a first encryption key; encrypting voice signals according to the first encryption key by using a preset encryption algorithm and obtaining first encrypted voice signals; sending the first encrypted voice signals to the called terminal. The first encryption key is generated according to the calling terminal IMSI, the called terminal IMSI, and the voice signals are encrypted by using the preset encryption algorithm, thus an encryption process is highly targeted and highly confidential, and security of voice services is improved.

Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

Abstract: An access point (AP) device of a wireless communication network determines that an unassociated client station requests to participate in a ranging measurement procedure with the AP device, and determines a preliminary network ID for uses by the unassociated client station during a ranging measurement session and while the unassociated client station remains unassociated with the wireless communication network. The AP device transmits a packet having the preliminary network ID, and after transmitting the packet having the preliminary network ID, participates in a multi-user (MU) null data packet (NDP) ranging measurement session with a plurality of client stations that includes the unassociated client station.

Abstract: A device may receive relationship information indicating a relationship between first geographic information and a network gateway. The network gateway may be associated with providing a user device with access to a network. The device may store the relationship information. The device may receive, from the user device and via a base station, second geographic information indicating a tracking area in which the user device is located. The device may identify one or more network gateways, associated with the second geographic information, based on the second geographic information and the relationship information. The device may provide, to the user device, one or more device identifiers associated with the one or more network gateways to permit the user device to access the network via the one or more network gateways. The one or more device identifiers may be provided in association with a non-access stratum message.

Abstract: A home wireless system and a method of controlling it wherein the home wireless system comprises a plurality of wireless peripheral nodes and a first gateway having a wireless communication means for communicating with and controlling wireless peripheral nodes.

Abstract: A method and system for allocating shareable wireless transmission resources. A resource pool is established. The resource pool is divided into a plurality of physical layer allocation units usable for wirelessly transmitting control information and traffic data. The allocation units are assigned at the media access control layer for the wireless transmission of the control information and traffic data. The system and method of the present invention also allows mobile stations to be dynamically grouped into multicast groupings to reduce system overhead resource requirements.

Abstract: Systems and methods may provide for implementing a secure communication using physical proximity. In one example, the method may include transmitting an encrypted first communication including a sensitive information file, decrypting the encrypted first communication to generate a decrypted first communication including the sensitive information file, displaying the decrypted first communication, capturing a version of the decrypted first communication displayed on the intermediary device, and extracting the sensitive information file at a user device.

Abstract: To facilitate a handoff of a communication session in a wireless network, a first wireless access point at least temporarily emulates a second wireless access point, spoofing a target communication device that communications transmitted from the first wireless access point appear to be transmitted from the second wireless access point. According to a first configuration, the communication session is handed off from the first wireless access point to the second wireless access point. According to another configuration, the communication session is handed off from the second wireless access point to the first wireless access point.

Abstract: A method and system for analyzing and optimizing the distribution of work from a plurality of queues includes storing historical data in a database. The historical data may include sets of different types of data items, each of the data items having an associated monetary value. The method further includes assigning a relative score to each of the data items within the sets and calculating a cumulative monetary value for each relative score, the cumulative monetary value being the summation of the monetary values for all items having relative scores up to and including the relative score. The method further includes determining the maximum cumulative monetary value calculated and its corresponding relative score. In one embodiment, the corresponding relative score is then used to determine which items to work in a set of queues that has not yet been worked.

Abstract: A mobile device sends a network attach request to a network node, and receives an authentication challenge from the network node, where the authentication challenge includes an authentication token, a random number, and a time variable associated with a current time at the network node. A microprocessor smart card of the mobile device retrieves the time variable from the authentication challenge, and starts a clock counter based on the retrieved time variable. The microprocessor smart card uses a current time represented by the clock counter to perform time expiration validation tests on certificates during Public Key Infrastructure (PKI) authentication or on authentication tokens during token-based authentication.

Abstract: A method performed by a subscriber data storage node of a visiting communication network for handling a signalling request in a communication system comprising a home communication network and the visiting communication network. The signalling request originates from a communication device subscribing to the home communication network and having a home subscriber identification, ID, for communication in the home communication network. The communication device is registered to the visiting communication network with a local subscriber ID different from the home subscriber ID, the local subscriber ID being associated with the home subscriber ID. The method comprises receiving the signalling request originating from the communication device, the signalling request being associated with the local subscriber ID and identifying that the local subscriber ID is associated with the home subscriber ID.

Abstract: Disclosed are a method, apparatus, and system for authenticating a communication session between a user equipment device (UE) and a communication network. A first authentication of a UE is performed by generating an authentication key, transmitting the authentication key over a first communication link from the UE to a communication network, authenticating the UE using the authentication key, and generating an authentication result indicative of authenticating the UE. A second authentication of the UE is performed to authorize a communication session over a second communication link between the UE and the communication network. The second authentication includes transmitting UE identifying information over the second communication link from the UE to the communication network and authenticating the UE using the UE identifying information and the authentication key. The second communication link is established under an internet protocol.

Abstract: The disclosed system allows a user to have access to a protected network through the distribution of signed send tokens. In particular, a device associated with the protected network, such as a network interface card, may generate and issue send tokens to various third-parties who seek access to the network. A send token may be a block of data that contains transmission information regarding the operations that are allowed to be performed by the network user. For example, the send token may identify the portions of the network to which the user's data packets are allowed to be sent, as well as the permitted content of the user's data packets.

Abstract: Client-side endpoint configuration can be accomplished by allowing a client to include as part of an API request, a desired endpoint for subsequent notifications from a server. The endpoint can be an endpoint identifier, such as a Uniform Resource Identifier (URI) or a domain name. When a web service receives the API request from a client device, the web service can generate a response to the request and send the response to the endpoint identified in the request. The API request can asynchronously communicate with the client device whenever the response is completed.

Abstract: A method, system and apparatus for sharing media content securely and reliably among various computing devices in a private network through media streaming technology is provided.

Abstract: A method of connecting to a network by a terminal in a communication system, the communication system including the terminal, one or more access points, and a network controller controlling the one or more access points is provided. The method includes establishing a connection with a first access point, setting and storing wake-up information, configured to selectively transceive with the first access point, in the first access point and the network controller, performing hand off to a second access point connected to the network controller, and selectively transceiving data with the second access point based on the wake-up information set and stored in the network controller.

Abstract: Embodiments describe synchronizing access routers with wireless terminal state information. According to an embodiment is a wireless terminal that transmits a message that includes an address for at least two access routers. State change information can optionally be included in the message. According to another embodiment is an access router that receives a state change notification from a wireless device or another access router. The state change notification is updated in the access router. An acknowledgment confirming the updated state change may be sent to the wireless terminal. Dynamic state synchronization is provided with minimal communication with wireless terminal.

Abstract: Methods for the authentication of a web site by a visitor to the web site. The visitor uses a device, such as a portable device like a cell phone to compute a dynamic identification string and a one-time password. The dynamic identification string is sent to a service provider, such as a certification service server associated with the web site. In response, the server computes a one-time password that is transmitted to the visitor's device. The device computed one-time password can then be compared to the server computed one-time password in order to authenticate the web site.

Abstract: A computer-implemented method for authenticating messages in a control area network is described. In one embodiment, a message identifier for a data message is ascertained. Each device is associated with one or more message identifiers. The data message is sent from a first device to a second device. The data message is associated with the ascertained message identifier. An authentication code computed by the first device is sent to the second device. The authentication code is sent by the first device in the data message or in an authentication message.

Abstract: The ability to connect a device to the Internet or another type of network from various network access points in a convenient manner is contemplated. The device may be conveniently connected to the desired network without requiring user input of a username and password when connecting to the various network access points.

Abstract: A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.

Abstract: A system arranged to authenticate a user via its mobile device to a service provider, the system comprising: an authentication server; the user mobile device, the user mobile device provided with a verification application arranged to communicate with the authentication server; and a notification server in communication with the authentication server and arranged to transmit a notification to the user mobile device responsive to the authentication server, the authentication server arranged to provide a signed authentication to the service provider responsive to present and historical information regarding one of: the user mobile device; and an additional user device in communication with said authentication server, said signed authentication provided in accordance with a rule set determined by an authorized entity stored on said authentication server memory governing the required present and historical information attribute.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator accesses a secret key associated with a mobile device. A key derivation function (KDF) is evaluated based on the secret key to produce a key derivation key, and the KDF is evaluated based on the key derivation key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, the mobile device receives the challenge value and accesses a secret key. A KDF is evaluated based on the secret key to produce a key derivation key, and the KDF is evaluated based on the key derivation key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: The transmission of data is accomplished across a network having wireless and wired interfaces. Data is transferred through a wireless interface from an Access Point to a Client/Bridge and then to one of a Intelligent Electrical Device (IED) connected to the Client/Bridge through a wired connection. Data is transferred from the Access Point to the Client/Bridge through a 4 address mode wireless interface having originator, transmitter, receiver and destination address fields. The Client/Bridge determines context cache information representing the media access control numbers of each of the IEDs connected to the Client/Bridge through the wired interface and transfers this context cache information to the AP. In the event of a failure of the Client/Bridge, the context cache information stored at the AP can be transferred to the Client/Bridge using the wireless interface to facilitate recovery of the Client/Bridge.

Abstract: Techniques are described for enabling authentication and/or key agreement between communications network stations and service networks. The techniques described include the negotiation and use of a cryptographic primitive shared between a service network and a home environment of a station. The techniques described also feature a key usage indicator, such as a sequence number, maintained by the service network and a station. Comparison of the key usage indicators can, for example, permit efficient authentication of the service network.

Abstract: A mobile terminal that may be able to access a wireless communication network and a control method thereof are provided. The mobile terminal includes: a wireless communication unit configured to access a wireless communication network; a detection unit configured to detect a connectable wireless communication network through the wireless communication unit; and a controller outputting icons each corresponding to one or more wireless communication networks detected by the detection unit to a locked screen displayed in a locked state in which inputting of a control command with respect to an application is limited, releasing the locked state when selecting of any one of the output icons is detected, and controlling the wireless communication unit to access a wireless communication network corresponding to the selected icon.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: A method including: assigning identifiers to respective domains, where each of the domains is allocated a corresponding set of resources, and where the resources in the sets of resources are accessible at respective physical addresses; storing permissions to access the physical addresses, where each of the permissions indicates which of the physical addresses one or more of the domains are permitted to access. The method also includes: assigning a code to a first domain, where the code includes instructions, and where each of the instructions includes a corresponding one of the physical addresses; tagging each of the instructions by adding the identifier assigned to the first domain to each of the instructions; and during execution of each of the instructions, comparing the identifier included in the corresponding instruction to one of the permissions; and based on the comparison, permitting access to the set of resources allocated to the first domain.

Abstract: A processing device comprises a processor coupled to a memory and implements a host-based intrusion detection system configured to permit detection of tampering with at least one software component installed on the processing device. The host-based intrusion detection system comprises a forward-secure logging module configured to record information characterizing a plurality of events occurring in the device in such a manner that modification of the recorded information characterizing the events is indicative of a tampering attack and can be detected by an authority. For example, the recorded information may comprise at least one forward-secure logging record R having entries r1 . . . rn corresponding to respective ones of the events wherein any erasure or other modification of a particular pre-existing entry ri in R by an attacker is detectable by the authority upon inspection of R.

Abstract: Obfuscating a message, in one aspect, may include detecting sensitive information in a message to be broadcast into public or quasi-public computer network environment; replacing the sensitive information in the message with a representation that preserves general aspects of the sensitive information and a user interface element, the user interface element for enabling a viewer of the message to request access to details of the sensitive information; and transmitting the replaced message for broadcasting into the public or quasi-public computer network environment. De-obfuscating the message, in one aspect, may include authenticating one or more viewers or receivers of the message and based on the authentication, presenting details associated with the sensitive information.

Abstract: Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions are disclosed. A messaging service firewall (MSF) separate from a short message service center (SMSC) receives a mobility management reply message (MMR) that is sent by a mobile location register element in response to an associated mobility management query (MMQ) and that includes a serving switch identifier. The MSF allocates a global title address (GTA) from a pool of GTAs and stores a correlation between the allocated GTA and the originating SMSC. The MSF replaces the serving switch identifier in the MMR with the allocated GTA and routes the modified MMR. The MSF then receives a messaging service message (MSM) that is addressed to the allocated GTA and that includes the purported originating SMSC. If the purported originating SMSC does not match the SMSC to which the GTA is correlated, the MSM is discarded.

Abstract: A Bluetooth host solves the aforementioned problems by evaluating a Bluetooth service provider server ID and by determining which of a plurality of access IDs map to the server ID and, correspondingly, providing a Bluetooth access ID that corresponds thereto. Accordingly, one Bluetooth host may readily gain access to any one of a plurality of different devices and different types of devices. Additionally, the Bluetooth host includes capacity to store and provide additional supporting information according to the type of device that is the Bluetooth service provider. Generally, the Bluetooth host stores a plurality of access or link IDs in relation to a plurality of master device IDs and, upon detecting a beacon, determines what access or link ID to provide and whether to provide additional stored information.

Abstract: A handover method of a mobile terminal between heterogeneous networks for facilitating the handover with pre-authentication procedure is provided. A handover method between heterogeneous networks includes receiving, at a mobile terminal connected to a source network, information on at least one target authenticator of a target network from a source authenticator in response to an attach request; creating an authentication key between the mobile terminal and the target authenticator selected among the at least one target authenticator through a pre-authentication process; determining, when the mobile terminal transmits a handover request to the selected target authenticator, whether the authentication key contained in the handover request matches with the authentication key stored in the selected target authenticator; and connecting, when the authentication keys match with each other, to the target network via the selected target authenticator.

Abstract: A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorized users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium.

Abstract: A mobile telecommunications network and method of operation that includes establishing a first user plane connection between a telecommunications device registered with the network and a network gateway device of the network via a first access point; providing the telecommunications device with a token using the first user plane connection; establishing a second user plane connection between the telecommunications device and the network gateway device via a second access point by using the token information to validate the telecommunications device; and, subsequent to establishment of and corresponding to the second user plane connection, establishing a control plane connection between the telecommunications device and the network gateway device via the second access point.

Abstract: A terminal identification method is provided which enables two-way communications between terminals and a network while identifying terminal IDs and protecting privacy. Also, authentication method and system are provided which require no complicated calculating process, less steps and smaller amount for wireless communications, and less power consumption. A server and terminal share a hash function and an initial value determined for each terminal, calculate the same temporary ID by hashing the initial value the same number of times with the hash function, and identify the terminal using the calculated temporary ID. The server and the terminal also hold a common hash function and authentication information, acquire an authenticating communication parameter from communication parameters temporarily common during communication, and generate an authentication key using the authentication information, the authenticating communication parameter, and the hash function.

Abstract: A method, user equipment (UE) and system are provided for negotiating a security capability during idle state mobility of the UE from a non-long term evolution (non-LTE) network to a long term evolution (LTE) network. The UE sends UE security capabilities supported by the UE to the LTE network for a non-access stratum (NAS) security algorithm selection use. The UE then receives from the LTE network selected NAS security algorithm. The UE further generates a root key from an authentication vector-related key stored at the UE and then derives, from the generated root key, a NAS protection key for security communication with the LTE network.

Abstract: Disclosed is a data processing apparatus providing a predetermined function by executing a program for the data processing apparatus, including a first storage unit that stores encoded execution starting data for starting execution of the program; a first decode key storage unit that stores a first decode key capable of decoding the encoded execution starting data; a start up unit that obtains the first decode key from the first decode key storage unit when turning on the power is accepted and decodes the encoded execution starting data by the first decode key to start executing the program; and an authentication confirmation unit that sends a request for authentication to an external apparatus after the start up unit starts executing the program and starts providing the predetermined function when obtaining an authentication result indicating the apparatus is authenticated from the external apparatus.

Abstract: A method of and system for digital rights management, in which access to a piece of content is granted in accordance with a license owned by a license owner to a client who is a member of a domain. This requires successfully verifying that a membership relation exists between the client and the domain as reflected in a first state variable, and that an association relation exists between the license owner and the domain as reflected in a second state variable. Both relationships are revoked by executing an online protocol between the parties in the relationship after which both remove the corresponding state variable. The domain controller propagates the state administration relating to the domain is propagated to the client so that the client can update its state administration.

Abstract: The successful authenticating of a Network Access Identifier (NAI) process is enabled by an authenticating method and a mobile terminal for a Code Division Multiple Access (CDMA) EVolution to packet Data Optimized (EVDO) network.

Abstract: A technique that enables a portable device to be automatically associated with a plurality of computers. Information that a computer can use to authenticate a portable device and establish a trusted relationship prior to creating an association with the portable device is created and stored in a data store that is accessible by a plurality of computers and is associated with a user of the portable device. When a computer discovers such a portable device with which it is not yet associated, the computer can identify a user logged into the computer and use information identifying the user to retrieve authentication information that is device independent and is expected to be presented by the portable device to authenticate it and allow automatic association.