Abstract: A computer system includes a computer, a fingerprint reader, and a security apparatus to apply complete security for the benefit of an authorized user. The computer includes a first interface, a second interface, an account storage unit, and a fingerprint storage unit. The fingerprint reader can connect with the computer through the first interface for inputting fingerprint information. The security apparatus can connect with the computer through the second interface, and includes a password storage module, a first use module, a password modification module, and a normal use module.

Abstract: A method for a server to initiate resynchronization with an access terminal, when synchronization has been lost, that cannot be exploited by attackers is provided. The server may provide the access terminal with a secret key that is only known to the access terminal and the server. The access terminal may store the secret key in a secure storage device to prevent the secret key from being hacked. If the server determines that synchronization has been lost, the server may send a resynchronization message to the access terminal with the secret key attached. The access terminal retrieves the stored secret key from the secure memory device and compares it to the secret key attached to the resynchronization message. If there is a match, the access terminal may initiate a secure communication link with the server to reestablish synchronization.

Abstract: A system includes a remote authentication dial in user service (RADIUS) server in communication with a network access server. The network access server provides an authentication request to the RADIUS server. The authentication request includes at least a user identifier and a device identifier. The RADIUS server determines an authentication format utilized by the network access server based on the received authentication request. The system may also determine an authorization level to provide with an authentication response.

Abstract: Data storage and management systems can be interconnected as clustered systems to distribute data and operational loading. Further, independent clustered storage systems can be associated to form peered clusters. As provided herein, methods and systems for creating and managing intercluster relationships between independent clustered storage systems, allowing the respective independent clustered storage systems to exchange data and distribute management operations between each other while mitigating administrator involvement. Cluster introduction information is provided on a network interface of one or more nodes in a cluster, and intercluster relationships are created between peer clusters. A relationship can be created by initiating contact with a peer using a logical interface, and respective peers retrieving the introduction information provided on the network interface.

Abstract: Various embodiments are directed to providing a multi-tiered anti-abuse approach to registration of a mobile device user. A registration service may determine whether communications with the mobile device is through a trusted carrier gateway, and if so, then a mobile device identifier may be used to automatically register the mobile device. Otherwise, a determination may be made whether the mobile device is configured to support a challenge-response image. In one embodiment, such determination may be based, in part, on information received from the mobile device through a user agent, or the like. If the mobile device is capable of supporting a challenge-response image, one may be sent to the mobile device to enable registration. If, however, the mobile device does not support the challenge-response image and the carrier gateway is not trusted, the mobile device may be directed to employ an SMS mechanism to complete registration.

Abstract: A first terminal subscribes to at least one service using a service guide in which information necessary for reception of each service is stored, and sends the service guide and an identifier (ID) of the subscribed service to a smartcard. The smartcard stores the service guide and the ID of the subscribed service, and sends the service guide and the ID of the subscribed service to a second terminal through a response message to a request message used for acquiring TBK information, received from the second terminal. The second terminal receives the response message by sending the request message to the smartcard, acquires TBK information corresponding to a service that the second terminal intends to play back, from the service guide depending on the subscribed service's ID included in the response message, and acquires the TBK by performing an authentication process using the TBK information.

Abstract: The present invention relates to a far-end control method with a security mechanism including a host transmitting an identification code through the PSTN (Public switched telephone network) to the I/O control device of the far-end. The I/O control device has a CPU to receive the identification code and judge whether the identification code matches with the predetermined value stored therein; if the identification code matches with the predetermined value, the mobile internet connection between the host and the I/O control device is activated to enable the host to mutually transmit information or signals with a far-end control device from the I/O control device through the mobile internet, and the connection will be disabled after the information or signal transmission is completed.

Abstract: A method and apparatus for providing a secure authentication process is described. In one embodiment, a method for a method for providing a secure authentication process includes monitoring login activity of at least one authentication process associated with a computer resource and analyzing the login activity to identify suspicious login activity associated with user credentials.

Abstract: A method is provided in one example embodiment and includes communicating an access request to an authentication, authorization, and accounting (AAA) element. The access request is configured to include an attribute that indicates that a network element can support a particular home agent assignment from amongst a plurality of home agents. The method also includes receiving a response that includes an Internet Protocol (IP) address of a home agent loadbalancer, the response including a key that establishes a secure connection between the network element and the home agent loadbalancer. In other embodiments, the method includes communicating with a foreign agent in order to authenticate user equipment associated with the access request. In addition, the access request can be initiated by user equipment configured to establish a network communication session via the particular home agent.

Abstract: Systems, methods, and apparatus for facilitating secure over-the-air (OTA) programming are presented herein. A device can store a key, which can be based on a key algorithm (K-algorithm) and an identifier associated with the device. The device can receive information such as parameter(s) and a verification number from a communications system. The verification number can be generated by using an authorization algorithm (A-algorithm) based on the parameter(s) and a K-algorithm input. The device can generate a trial verification number by using the A-algorithm with the parameter(s) and the key as trial inputs. The device can compare the verification number to the trial verification number, and in response to the verification number being at least similar to the trial verification number, the device can use the parameter(s) for programming of the device.

Abstract: A multi-user computer system and a remote control method for the multi-user computer system includes a remote controller, with an input unit that receives a remote-control password to remotely operate the computer, information on an OS booted when the remote-control password is input, a key input setting the computer in a mode wherein the remote-control password and the OS information are set, and a key input operating the computer, a microprocessor, a wireless transmitter, and a computer, with a wireless receiver, a microprocessor, and a BIOS that automatically loads an OS corresponding to the remote-control password stored in the memory when the received remote-control password stored in the wireless receiver and the remote-control password in the memory are the same.

Abstract: The present invention discloses a security management method and a security management system for a WAPI terminal accessing an IMS network. The method comprises: an authentication service unit (ASU) sending, under the circumstance that an access point and the WAPI terminal pass the verification of the ASU, a security information request message to a home subscriber server (HSS) (S302); the HSS setting security information corresponding to the IMS account information of the WAPI terminal as access layer security after receiving the security information request message from the ASU (S304); a proxy-call session control function (P-CSCF) receiving an IMS login request message from the WAPI terminal, inquiring about the security information of the WAPI terminal through the HSS, and allowing the WAPI terminal to execute an IMS service flow under the circumstance that the security information of the WAPI terminal is the access layer security (S306).

Abstract: A method of and system for digital rights management, in which access to a piece of content is granted in accordance with a license owned by a license owner to a client who is a member of a domain. This requires successfully verifying that a membership relation exists between the client and the domain as reflected in a first state variable, and that an association relation exists between the license owner and the domain as reflected in a second state variable. Both relationships are revoked by executing an online protocol between the parties in the relationship after which both remove the corresponding state variable. The domain controller propagates the state administration relating to the domain is propagated to the client so that the client can update its state administration.

Abstract: Techniques and tools are described which provide control access mechanisms for contents made available by a service provider to a user. The user, after a registration process, uses a mobile application on a mobile device to generate a one-time content key. The content key is input into a set-top box which validates the key and provides access to the protected content. The mobile application allows for password protection for the user, as well as a recharging ability when its one-time content keys are exhausted.

Abstract: A communication device capable of preventing interference due to collision of signals of a plurality of communication devices (slaves) is provided. The communication device characterized by having a receiving part which receives a request signal by radio, a counter which starts count of a count value on reception of the request signal, a comparing part which compares the count value and a comparison value, and a transmitting part which transmits an acknowledge signal by radio in accordance with a result of the comparison is provided.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for providing contextual data aided security protection. In one aspect, a method includes automatically parsing an electronic message associated with a user that includes location information, and extracting the location information from the electronic message. The location information can be added to a database (e.g., white list) associated with the user. The location information in the database can be used to authenticate the user's request for access to electronic mail.

Abstract: The present invention relates to a system and method to enable subscriber self-activation and configuration of wireless data terminals by means of an activate button provided through the User Interface (UI). This allows for operations to be performed on the device by self-care. Any wireless device, in order to access the network needs credentials. This invention generates temporary credentials to present to the network for service activation. Once access is granted to the network, the device can be activated and configured for using the resources of the network.

Abstract: According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials.

Abstract: Techniques for non-repudiation of storage in cloud or shared storage environments are provided. A unique signature is generated within a cloud or shared storage environment for each file of the storage tenant that accesses the cloud or shared storage environment. Each signature is stored as part of the file system and every time a file is accessed that signature is verified. When a file is updated, the signature is updated as well to reflect the file update.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. A secret key holding section is provided for holding different secret keys for different apparatuses.

Abstract: A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: Embodiments of the invention provide systems and methods for providing service level, policy-based QoS enforcement on a network or networks. According to one embodiment, a system can comprise at least one communications network, a first endpoint communicatively coupled with the communications network, and a second endpoint communicatively coupled with the communications network and can monitor traffic on the communications network between the first endpoint and the second endpoint. A policy enforcer can be communicatively coupled with the network monitor. The policy enforcer can apply one or more policies based the traffic between the first endpoint and the second endpoint. The one or more policies can define a Quality of Service (QoS) for the traffic between the first endpoint and the second endpoint and can apply the policies to affect the traffic between the endpoints to maintain the QoS defined by the one or more policies.

Abstract: A trusted domain name server is introduced to provide a secure route optimization procedure for MIPv6. A trusted authority registers network addresses of a mobile node with corresponding fully qualified domain names. The trusted domain name server can later be queried to compare the domain of a network address for a mobile node with the domain of a network address for another network node.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. A secret key holding section is provided for holding different secret keys for different apparatuses.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. A secret key holding section is provided for holding different secret keys for different apparatuses.

Abstract: A reach back secure communications terminal includes a digital PBX adapter that offers immediate and secure voice, data and video connectivity over any of various commercially available PBX systems. In addition to use with a PBX system, integrated components simplify access to varied networks allowing deployed users to select and connect quickly to a network that best supports their present mission. Commercial or optional NSA Type 1 encryption may be implemented. Networking options include any of PSTN, PBX, GSM (or CDMA or other cell telephone standard), SAT, IP and WiFi. The digital PBX adapter includes an audio mixer that converts a 4-wire input from a handset jack of a PBX handset base, into a 2-wire output destined for an encryption unit (FNBDT). The user determines a necessary gain of the audio mixer for the particular PBX system by trial and error using a multi-position switch.

Abstract: A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.

Abstract: A computer implemented method for accessing materials for a meeting may include receiving a call from a meeting participant by a system, wherein the meeting participant calls a prearranged teleconference number to participate in the meeting. The method may also include validating participation of the meeting participant in the meeting by the system. The method may further include providing access to an appropriate set of materials to the meeting participant based on a predetermined attribute associated with the meeting participant.

Abstract: A process for testing an integrated circuit includes collecting a set of points of a physical property while the integrated circuit is executing a multiplication, dividing the set of points into a plurality subsets of lateral points, calculating an estimation of the value of the physical property for each subset, and applying to the subset of lateral points a step of horizontal transversal statistical processing by using the estimations of the value of the physical property, to verify a hypothesis about the variables manipulated by the integrated circuit.

Abstract: A system and method for establishing a connection on a mobile computing device includes generating a secret on a trusted platform of the mobile computing device. The secret is transported to a subscriber identity module (SIM)/Smartcard on the mobile computing device. A secure local communication channel is established between the trusted platform and the SIM/Smartcard using the secret.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory and a logic unit. The logic blocks are grouped into one or more partitions. The memory stores authentication and partition information uploaded to the programmable logic device prior to partition programming. The logic unit authenticates programming access to the one or more partitions based on the authentication information and controls programming of the one or more partitions based on the partition information.

Abstract: The present invention allows a communication client to send a session request to initiate a session with a receiving communication client, wherein the session request includes additional information configured to allow the receiving communication client to take an action in association with the communication session. The additional information may include context indicia, which may identify an association related to the subject matter of the session, or a specific instruction to take the action in association with the communication session.

Abstract: Methods and devices for allowing a wireless communication device (1301) initially unauthorized for communication with a network to obtain persistent soft network subscription credential information (1303) from a wireless communication device (1401) initially authorized for communication with the network are disclosed. In performing the persistent transfer of the soft network subscription credential information (1303), one of a token management module (1312), a session initiation protocol communication module (1408), or a electronic rights manager (1406) may be used to ensure that only one communication device is capable of communicating with a network at any one time.

Abstract: The disclosure discloses a method for communication based on pseudo-contact information, which including: when a call is received, acquiring contact information of a calling party, and encrypting the contact information by using a preset encryption algorithm to acquire pseudo-contact information; when the pseudo-contact information does not match locally stored pseudo-contact information, displaying real contact information of the calling party, wherein the locally stored pseudo-contact information represents the pseudo-contact information generated by encrypting the contact information to be stored according to the preset encryption algorithm and locally stored; and when the pseudo-contact information matches the locally stored pseudo-contact information, displaying a substituted contact information generated by substituting a plurality of bits of the real contact information of the calling party with an identifier.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket that uniquely corresponds to the combination of the device and SIM card, and that is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card, and initiates activation when the verification of the activation ticket is successful.

Abstract: An authentication control apparatus is disclosed that includes plural authentication units that perform authentication for an operator with different authentication methods; a corresponding information management unit that manages corresponding information between the mode of an authentication request and the authentication unit to be used; and an authentication control unit that determines the authentication unit corresponding to the mode of the authentication request based on the corresponding information in response to the authentication request from the operator and causes the determined authentication unit to execute the authentication for the operator.

Abstract: A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server.

Abstract: Using an identifier generation algorithm, a device coupled to a communication network generates an SSID and associated encryption key for a mobile device using its unique identifier. The encryption key and SSID are stored to a configuration database server coupled to the network. A wireless-capable device that provides access to the network receives the SSID and encryption key from the configuration database and sends a broadcast message that includes the SSID and unencrypted original information. The mobile user device receives the broadcast message when it enters the presence of the wireless access device. Using the identifier generation algorithm the mobile device generates an SSID and key from its unique identifier and encrypts the original information and sends a return message including the SSID and the encrypted original information. The mobile device is granted access if unencrypted original information from the return message matches that sent in the broadcast message.

Abstract: Systems and methods for emulating credentials are disclosed. In some cases, the systems include an access credential reader and an access credential writer. The access credential reader is communicably coupled to the access credential writer. The access credential reader is operable to receive information from an access credential, and to transfer at least a portion of the information to the access credential writer. The access credential writer is operable to transfer at least the portion of the information to an emulation access credential.

Abstract: A method and apparatus for performing Joint Randomness Not Shared by Others (JRNSO) is disclosed. In one embodiment, JRNSO is determined in Frequency Division Duplex (FDD) using a baseband signal loop back and private pilots. In another embodiment, JRNSO is determined in Time Division Duplex (TDD) using a baseband signal loop back and combinations of private pilots, private gain functions and Kalman filtering directional processing. In one example, the FDD and TDD JRSNO embodiments are performed in Single-Input-Single-Output (SISO) and Single-Input-Multiple-Output (SIMO) communications. In other examples, the FDD and TDD embodiments are performed in Multiple-Input-Multiple-Output (MIMO) and Multiple-Input-Single-Output (MISO) communications. JRNSO is determined by reducing MIMO and MISO communications to SISO or SIMO communications. JRNSO is also determined using determinants of MIMO channel products. Channel restrictions are removed by exploiting symmetric properties of matrix products.

Abstract: A system and method for dynamically and automatically updating the appropriate fields on the message application screen of an electronic message to show which of the appropriate service book, security encoding or security properties are acceptable or allowed for the message being composed. This updating occurs automatically based on the contents of the fields that are modified during composition of the message, such as, for example, modifications to classification of the message, recipients, keywords, or the like. Thus, the properties in place for a given message is reflected in a dynamic options list provided to the user based on the contents of various fields of the electronic message and the system policies resident on the system. The dynamic updating may provide an updated list of options to the user, or may optionally automatically apply minimum level settings based on security policy and contents of the message.

Abstract: Methods, devices, and systems for creating and using a trusted host list for Transport Layer Security (TLS) sessions are provided. The proposed solutions described herein provide a mechanism of specifying authorization policy for TLS sessions where such authorization was traditionally implied by the possession of a certificate issued by a mutually trusted third party. The proposed solutions also provide for wildcard use and regular expression matching to simplify administration of the trusted host list.

Abstract: A method and system to allow wireless devices, such as wirelessly-equipped digital cameras, to gain wireless packet-data connectivity and to interact with a media management server, such as a photo server. A wireless carrier distributes multiple devices all having the same set of radio access data (e.g., mobile identification number and electronic serial number), and all having shared or unique pre-registration data. Any such device can then readily use the shared radio access data to acquire radio connectivity and can then use the pre-registration data to gain access to the media management server. The first time such a device connects with the media management server using the pre-registration data, the server will engage in a online account registration session with the device and provision the device with post-registration data that the device can thereafter use to access the online account.

Abstract: Systems, methods, and apparatus for facilitating secure over-the-air (OTA) programming are presented herein. A device can store a key, which can be based on a key algorithm (K-algorithm) and an identifier associated with the device. The device can receive information such as parameter(s) and a verification number from a communications system. The verification number can be generated by using an authorization algorithm (A-algorithm) based on the parameter(s) and a K-algorithm input. The device can generate a trial verification number by using the A-algorithm with the parameter(s) and the key as trial inputs. The device can compare the verification number to the trial verification number, and in response to the verification number being at least similar to the trial verification number, the device can use the parameter(s) for programming of the device.

Abstract: A method of generating authentication seeds for a plurality of users, the method involving: based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of users; and distributing the plurality of derivative seeds to a verifier for use in individually authenticating each of the plurality of users to that verifier, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding user.

Abstract: A transaction processing service operates as an intermediary between acquirers of financial transaction requests and issuing institutions that process the financial transaction requests. The intermediary service enables a customer to selectively change the status of an account's associated with a payment instrument by activating or deactivating the account. The intermediary service may manage account status locally using a rules module. Alternatively, the issuing institution may manage account status, while the intermediary service provides an interface for customers. A customer communicates with the intermediary service to direct the service to change the account status. The intermediary service determines the account's issuing institution and provides an indication to the issuing institution of the current status of the account (or of the change in status).

Abstract: An apparatus and methods for securely forwarding data packets at a data switching node in a data transport network is provided. The data switching node maintains a switching database of switching entries. Each switching entry has a modification protection feature preventing its modification when activated. Dynamic topology discovery of data network nodes can be disabled via topology discovery control flags associated with individual physical communications ports of the data switching node. Unknown destination flood data traffic is not replicated to physical communications ports having topology discovery disabled or specifying the suppression of replication of such unknown destination data traffic thereto. The advantages are derived from a data switching node being enabled to operate concurrently in friendly and hostile environments while detecting, preventing and reporting incidences of hostile MAC ADDR attacks.

Abstract: Mobile terminals may be authenticated separately from a smart card used by the mobile terminal. In one implementation, a mobile terminal may query a remote server, based on a value identifying the mobile terminal, for security information relating to the mobile terminal, where a copy of the security information is stored in the mobile terminal as part of the manufacture of the mobile terminal. A smart card may receive the security information in response to the query. The security information may be received in an encrypted format that is not accessible by the mobile terminal. The smart card may communicate with the mobile terminal to authenticate the mobile terminal based on the security information received in response to the query and the copy of the security information that is stored in the mobile terminal.

Abstract: A method and system to increase the security of messages transmitted over an otherwise unsecured network. A secure channel is established in a normal manner over the network. A demodularization module on the sender sends a demodularization method to the intended receiver over the secure channel. The sender encodes a message definition and message data separately consistent with the demodularization method. The message definition and message key is sent over the secure channel as one transmission and the message data with the message key is sent as separate transmissions over the secure channel. Other embodiments are also described and claimed.