Abstract: An architecture and associated methods and devices are described that include a plurality of stages of cipher round logic, each stage configured to perform cryptographic processing of plaintext data in a counter mode and output ciphertext data, a plurality of multipliers, each multiplier configured to receive the ciphertext data output from at least one associated stage of the plurality of stages of cipher round logic and continue the cryptographic processing to output at least a portion of an integrity check value (ICV), and control logic configured to provide a selection between a first option of performing the cryptographic processing at a first data rate using a first number of the plurality of stages and a first number of the plurality of multipliers, and a second option of performing the cryptographic processing at a second data rate using a second number of the plurality of stages and a second number of the plurality of multipliers.

Abstract: Systems and methods for recording an encrypted contact center interaction.

Abstract: Techniques for the remote authorization of secure operations are provided. A secure security system restricts access to a secure operation via an access key. An authorization acquisition service obtains the access key on request from the secure security system when an attempt is made to initiate the secure operation. The authorization acquisition service gains access the access key from a secure store via a secret. That is, the secret store is accessible via the secret. The secret is obtained directly or indirectly from a remote authorization principal over a network.

Abstract: The radio communication system of the present invention includes a radio access network (10) and a radio communication apparatus (60). The radio communication apparatus (60) includes a control unit (61) that, when reconfiguring a radio access bearer between a DCH and an uplink line E-DCH and downlink line HSDPA, sets a start value that is to be used after the reconfiguration in ciphering the radio access bearer, and a transceiver (62) that transmits to the radio access network (10) the start value that was set in the control unit (61) and that is to be used after the reconfiguration.

Abstract: A method for offloading encryption and decryption of a message received at a message server to one or more end devices that are remote from the message server. An encrypting end device remote from the message server encrypts a message using cryptographic context and transmits the cryptographic context and encrypted message to the message server for storage at the message server. The message server stores the encrypted message as received without decrypting the message. The message server sends the stored cryptographic context and the encrypted message to a decrypting end device in response to the decrypting end device sending a request for the message server to transmit the encrypted message to the decrypting end device. The decrypting end device uses the cryptographic context to decrypt the encrypted message and then presents the decrypted message to a user of the decrypting end device.

Abstract: Optimization of encrypted traffic flowing over a WAN is provided by an arrangement in which WAN compression is distributed between endpoints (i.e., client machines or servers) in a subnet of a hub and branch network and a WAN compression server in the subnet. A client portion of the WAN compression running on each of one or more endpoints interfaces with a disposable local cache of data seen by endpoints in the subnet that is used for compressing and decompressing traffic using dictionary-based compression techniques. The local WAN compression server in a subnet stores a shared central database of all the WAN traffic in the subnet which is used to populate local disposable caches in the endpoints.

Abstract: Method and apparatus for securing the transmission of DTMF signals by a telephone over a telephone line. If the telephone is operating in a mode wherein another party may hear any DTMF tone generated by the telephone, such as over the loudspeaker of a speakerphone or as part of a conference call, the telephone prevents generation of an audible signal which predictably corresponds to the actual DTMF value of any button pushed by the user.

Abstract: A quantum key distribution (QKD) cascaded network with loop-back capability is disclosed. The QKD system network includes a plurality of cascaded QKD relays each having two QKD stations Alice and Bob. Each QKD relay also includes an optical switch optically coupled to each QKD station in the relay, as well as to input ports of the relay. In a first position, the optical switch allows for communication between adjacent relays and in a second position allows for pass-through communication between the QKD relays that are adjacent the relay whose switch is in the first position.

Abstract: Installed in an IGAR gateway is intelligence for determining the capabilities of an endpoint. Many older generation secure phones are not IP capable and are thus not directly capable of operating in a VOIP environment. The intelligence allows backwards compatibility of IGAR to legacy phones by recognizing that the endpoint is not IP capable and forcing the secure connection to be routed over PSTN. IGAR could also be included between independent instances of a communications manager (CM). Currently IGAR is supported on only a single CM controlling PSTN gateways, and not between independent CMs. This embodiment recognizes that incoming PSTN call based on a DN and once answered, in-band digits are passed from the originating PBX to the destination PBX in order to route the call within the answering PBX.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

Abstract: Techniques are described for the use of a cryptographic token to authorize a firewall to open a pinhole which permits certain network traffic to traverse firewalls. An initiating endpoint requests a token from a call controller, which authorizes a pinhole though the firewall. In response, the call controller may generate a cryptographic authorization token (CAT) sent towards the destination endpoint. The call controller may generate the token based on an authorization ID associated with the call controller, a shared secret known to both the call controller and the firewall, and data specific to the media flow for which authorization is requested.

Abstract: A method and apparatus are disclosed for efficiently bit-reversing and scrambling one or more bytes of payload data according to DSL standards on a processor. In one embodiment, this is achieved by providing an instruction for bit reversing and scrambling one or more bytes of data according to the DSL standards. Accordingly, the invention advantageously provides a processor with the ability to bit reverse and scramble data with a single instruction thus allowing for more efficient and faster scrambling operations for subsequent modulation and transmission.

Abstract: A method and apparatus are disclosed for efficiently de-scrambling one or more bytes of data according to DSL standards on a processor. This is achieved by providing an instruction for de-scrambling one or more bytes of data according to the DSL standards. Accordingly, the invention advantageously provides a processor with the ability to de-scramble data with a single instruction thus allowing for more efficient and faster de-scrambling operations for subsequent processing.

Abstract: Systems including both distributed and centralized architectures for providing multiple levels of security using “virtual” switches. Ports and channels are assigned the same time slots on a TDMA bus only when they have matching security levels.

Abstract: An approach is provided for providing secure packetized voice transmissions. A public key corresponding to a destination device is retrieved. An input signal is digitized for transmission over a packetized voice connection to the destination device. The digitized signal is encrypted using a public key of the destination device. This encrypted input signal when received at the destination device is decrypted using a secure private key at the destination device.

Abstract: A method and apparatus are disclosed for efficiently de-scrambling and bit-order-reversing one or more bytes of data according to DSL standards on a processor. In a preferred embodiment, this is achieved by providing an instruction for de-scrambling and bit-order-reversing one or more bytes of data according to DSL standards. Accordingly, the invention advantageously provides a processor with the ability to de-scramble and bit-order-reverse data with a single instruction thus allowing for more efficient and faster de-scrambling operations for subsequent processing.

Abstract: A system and method are disclosed in which a secure voicemail repository (50) is arranged to receive calls for a recipient system (20) and record said calls in an encrypted form. The encrypted form is decryptable by a key associated with the handset. On demand, the encrypted form is provided to the recipient system (20).

Abstract: A reach back secure communications terminal includes a modem to satellite interconnect board that captures DTMF tones, demodulates encrypted modem information, and converts both into an ASCII string for presentation to a data port of a satellite phone, allowing out-of-band control of a non-secure satellite system (e.g., AT command control of a data port) by a user on a secure side of an encryption device, by including the ability to interpret control signals and control the satellite system appropriately. A false dial tone is presented to the encryption device, and the data stream coming from the encryption device is monitored for the presence of dual-tone, multi-frequency (DTMF) tones representing control signals, the DTMF tones are converted to ASCII characters, which are in turn received as control signals by the satellite phone, allowing control of the functions of the satellite system directly from the secure side of the encryption device.

Abstract: Sensitive, Standard Telephone Equipment (STE) data is encapsulated into IP packets in a remotely deployed, secure communication system. The IP packets are addressed to a matching IP encapsulator/decapsulator device over the public Internet or other IP protocol network, that then passes it to a similar STE device over an ISDN link for decryption. The present invention is embodied in a system that provides secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, to a remote user. Most importantly, the embodiment allows for the routing of bulk encrypted (i.e., secure) data over a public network, e.g., the Internet.

Abstract: A system of Quality of Service signaling in an IP cable telephony system includes encrypting Quality of Service signals and sending them, instead of directly from an Internet Protocol Digital Terminal to a Cable Modem Termination System, indirectly via Broadband Telephony Interface serving a telephony device. The Broadband Telephony Interface, which lacks the encryption and decryption keys, includes the encrypted Quality of Service signaling message in a signaling message it transits to the Cable Modem Termination System when requesting a change in access to network resources. The Cable Modem Termination System attempts to decrypt the Quality of Service signaling message; and it controls access to network resources in accordance with the contents of the Quality of Service signaling message if it is able to decrypt it. This system reduces the number of signaling messages and network resources needed for call processing while providing security against denial-of-service attacks.

Abstract: In a method and apparatus for synchronizing the receiver and the emitter in an autocompensating quantum cryptography system it is allowed to one of the stations (for example the emitter) to define the timing of all its operations (for example the application of a signal onto the modulator used to encode the values of the bits) as a function of a time reference. This time reference can either be transmitted using a channel from the other station (for example the receiver). It can also consist of a time reference synchronized with that of the other station through using information transmitted along a channel and a synchronization unit. Preferably a time reference unit is provided at each station. One of these time reference units functions as a master, while the other one function as a slave. The slave is synchronized with the master using information transmitted over a communication channel by a synchronization unit.

Abstract: A method and an apparatus to perform Secure Real-time Transport Protocol-on-the-fly (SRTPoF) are disclosed. In one embodiment, the method includes monitoring negotiation between a first Voice-over-Internet-Protocol (VoIP) device and a second VoIP device after a call has been initiated between the first and the second VoIP devices, determining whether the first VoIP device is Secure Real-time Transport Protocol (SRTP)-capable and whether the second VoIP device is SRTP-capable, and performing SRTP-on-the-fly on a Real-time Transport Protocol (RTP) stream transmitted between the first and the second VoIP devices to make the call secure if the first VoIP device is not SRTP-capable and the second VoIP device is SRTP-capable. Other embodiments have been claimed and described.

Abstract: A method and system for authenticating a user receiving device to communicate with a partner service device includes a primary service provider. A user receiving device generates a request for a first encrypted token. The user receiving device communicates the request for the first encrypted token to an authentication web service of the primary service provider. The authentication web service generates the first encrypted token. The primary service provider communicates the first encrypted token to the user receiving device. The user receiving device communicates the first encrypted token to the partner service provider. The partner service provider communicates data to the user receiving device after receiving the first encrypted token.

Abstract: A secret element is shared with a cryptographic module. The secret element can be obtained from at least first and second partial secret information items. A first transmission transmits the first partial secret information item to the cryptographic module but not the first partial information item, this second transmission being separate from the first transmission. The secret element can then be obtained in the cryptographic module from the first and second partial secret information items transmitted.

Abstract: A communication system 10 includes a head end 12. The head end communicates with a system gateway 26. A plurality of user devices 28 is coupled to the gateway 26. The gateway receives the plurality of first encrypted signals, decrypts the plurality of first encrypted signals to form unencrypted signals and encrypts the unencrypted signals with a second encryption to form a plurality of second encrypted signals and communicates the second encrypted signals to the plurality of user devices. The signals may also be super-encrypted signals. That is, rather than un-encrypting at the gateway, the first encrypted signals may be again encrypted.

Abstract: An apparatus and method for establishing a communication connection between a first party and a second party using a secured communication connection object are provided. With the apparatus and method, a first party generates the secured communication connection object by setting parameters identifying and limiting the use of the secured communication connection object for establishing communication connections with the first party. These parameters are encapsulated with contact information for the first party such that the contact information is encrypted. The resulting secured communication connection object is then transmitted to a second party's communication device.

Abstract: An apparatus and method for establishing a communication connection between a first party and a second party using a secured communication connection object are provided. With the apparatus and method, a first party generates the secured communication connection object by setting parameters identifying and limiting the use of the secured communication connection object for establishing communication connections with the first party. These parameters are encapsulated with contact information for the first party such that the contact information is encrypted. The resulting secured communication connection object is then transmitted to a second party's communication device.

Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticateed data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.

Abstract: An architecture and associated methods and devices are described that include a plurality of stages of cipher round logic, each stage configured to perform cryptographic processing of plaintext data in a counter mode and output ciphertext data, a plurality of multipliers, each multiplier configured to receive the ciphertext data output from at least one associated stage of the plurality of stages of cipher round logic and continue the cryptographic processing to output at least a portion of an integrity check value (ICV), and control logic configured to provide a selection between a first option of performing the cryptographic processing at a first data rate using a first number of the plurality of stages and a first number of the plurality of multipliers, and a second option of performing the cryptographic processing at a second data rate using a second number of the plurality of stages and a second number of the plurality of multipliers.

Abstract: The invention discloses a computing system such as a computer, a Personal Digital Assistant, or a mobile phone, being connected both to an internal network and an external network and being able to quickly and safely switch therebetween without being shut down while ensuring a physical separation between the two networks. When a user inputs a request of switching, a switching unit will set a trigger thereof and generate a consequent non-maskable interrupt to CPU. After receives the NMI, the CPU controls the switching unit to run a switch program kept therein to back up a current status of the system. Then the switch program backs up a current status, controls the switching unit to interrupt all serving programs and loads the other status other than the current status to the computing system, and finally control the switching unit to reset the trigger.

Abstract: A network processing device identifies call requests that require secure media connections and that also require transport over both a packet switched network and a circuit switched network. The network processing device establishes an IP link over the circuit switched network and directs endpoints for the media connection to use Internet Protocol (IP) media encryption. The same IP encrypted media is then transported end-to-end over both the packet switched network and the IP link in the circuit switched network.

Abstract: Each of a transmitter (1) and a receiver (2) divides temporarily-shared data into one or more purification blocks and one or more disposable blocks, and mixes each purification block so as to enlarge a Hamming distance between corresponding purification blocks being held by the transmitter (1) and the receiver (2) by using a Hamming distance amplification effect. The transmitter (1) Vernam-encrypts the mixed data with the disposable data and transmits the mixed data to the receiver (2), and the receiver (2) decrypts the received Vernam-encrypted data by using a disposable block owned thereby, and compares the Hamming distance between the purification block owned thereby with the mixed data with a predetermined value so as to judge whether each purification block can be shared between the transmitter (1) and the receiver (2).

Abstract: An interface for facilitating facsimile transmission via a wireless communications device operatively connected to a wireless communications network, including: a modem suitable for being communicatively coupled to a facsimile machine; a controller coupled to the modem; and, a memory operatively coupled to the controller. The interface includes code to cause the modem to transmit a retrain request to the facsimile machine upon expiration of a given temporal period. The interface includes a circuit for selectively generating a ring signal corresponding to a plain old telephone service ring signal. The interface includes a circuit for selectively generating a hold signal corresponding to a plain old telephone service hold signal. And, the circuit includes code to cause the modem to transmit data indicative of white lines to the facsimile machine upon expiration of a given temporal period.

Abstract: A method, a system and a device for encrypting an optical signal to be transmitted via an optical fiber communication link by causing controlled chromatic dispersion of said signal. The controllable decryption device, as well as the controllable decryption device, can be implemented in the form of a variable dispersion compensation module controlled by a decryption key. In the system, the encryption device and the decryption device are controlled in synchronism by an encryption key and a decryption key respectively, the keys preferably being functions of time symmetric with respect to the time axis.

Abstract: The invention is directed to a method for providing a switch user functionality in a server-agent environment in an information technological (IT) network in which at least one agent runs on a node of the IT network, comprising: generating a switch user (SU) certificate using public-key cryptography upon receiving a request to switch from a user account presently used on the node to another user account; sending the SU certificate to the agent; checking the correctness of the SU certificate; performing the requested switch to the other user account provided that the SU certificate is correct. The invention is also directed to a corresponding computer program product and a computer system.

Abstract: A network apparatus communicates a recorded message from a calling party to a called party. A messaging controller accepts commands from the calling party and plays and records digital media including the recorded message. An encryption encoder/packager is coupled to the message controller for encrypting the recorded message in response to an encryption key and for packaging the encrypted recorded message with an identifier to produce a protected message file. A notification system sends a notification message for the called party to announce the protected message file. A message distributor delivers the protected message file to the called party when requested by the called party. A license server maintains the encryption key and the identifier and responds to a validated request for a license from the called party, wherein the validated request includes the identifier, and wherein the license includes a decryption key for accessing the protected message file.

Abstract: The disclosed systems and methods include a native portable communications device having an application module that modifies communications between the portable device and a non-native communications device connected to a non-native communications network. The application module transforms communications between a native standard to a non-native standard to allow interoperability between the native portable communications device and the non-native communications device within the non-native communications network. Further, the application module may modify communications in other manners, such as to apply a security function to the communication. Additionally, the systems and methods may include a communications accessory for switching communications between the application module of the native device, the non-native device, and the non-native network.

Abstract: A system of Quality of Service signaling in an IP cable telephony system includes encrypting Quality of Service signals and sending them, instead of directly from an Internet Protocol Digital Terminal to a Cable Modem Termination System, indirectly via Broadband Telephony Interface serving a telephony device. The Broadband Telephony Interface, which lacks the encryption and decryption keys, includes the encrypted Quality of Service signaling message in a signaling message it transmits to the Cable Modem Termination System when requesting a change in access to network resources. The Cable Modem Termination System attempts to decrypt the Quality of Service signaling message; and it controls access to network resources in accordance with the contents of the Quality of Service signaling message if it is able to decrypt it. This system reduces the number of signaling messages and network resources needed for call processing while providing security against denial-of-service attacks.

Abstract: An apparatus and a method for securing a communication information in a CDMA communication system are disclosed. The method of the invention comprises the steps of encoding a input analog signal as an information bit having a predetermined size and generating a vocoder packet information bit, and encrypting said encoded vocoder packet information bit using a block cipher and a security key, and adding a frame quality indicator and the encoder tail bits to the encrypted vocoder packet information bit and configuring it as a CDMA frame, and transmitting the CDMA frame which passes a convolutional encoder, interleaver, and modulator in sequence, to a base station through an assigned frequency band.

Abstract: A method and apparatus for recording audio so that the recording can be authenticated as to both content and time of recording is provided. The system may be implemented as a central server that is accessed via one or more telephone lines, or as a stand-alone unit. The system operates by encrypting audio information, storing the encrypted information, and providing users with a cryptographic key that can be used to decrypt the stored information. Preferably, time stamps are embedded in the stored information. Digital signatures may be used to provide additional security.

Abstract: The preferred embodiments described herein provide a method and system for calling line authenticated key distribution. In one preferred embodiment, an authentication key is provided to a calling party if the calling party is phoning from a calling line associated with an authorized user. This preferred embodiment provides a more secure authentication key distribution method as compared to the prior art since preventing an unauthorized user from gaining access to an authorized user's calling line is more feasible and reliable than attempting to prevent an unauthorized user from obtaining an authorized user's password. Other preferred embodiments are provided, and each of the preferred embodiments described herein can be used alone or in combination with one another.

Abstract: A chaotic communication system employs transmitting and receiving chaotic oscillating circuits. One improvement to first-generation systems is the ability to modulate a nonreactive element in the transmitting circuit, thus increasing modulation bandwidth. Other features include insertion of a gain control amplifier in a chaotic receiver; signal filtering in chaotic transmitters and receivers; use of chaotic modulation techniques for cellular telephony applications; dual-transmitter and receiver systems; a dual receiver synchronization detector; interfaces to communication systems; analog chaotic signal modulation; use of multiple chaotic transmitters and receivers; digital algorithm improvement using a cube-law nonlinear component; a Gb-only receiver; a Gb-only transmitter; and positive slope transmitter and receiver systems.

Abstract: A method, apparatus, and computer instructions for securely transferring information in a communications system. Signals are generated by a communications keypad. In response to receiving an input indicating activation of a secure data transfer mode, these signals are converted from the communications keypad into speech signals, and the speech signals are transmitted to a receiving party.

Abstract: A trusted path device is described which may be used stand alone or may be retrofitted to a users untrusted computer console or workstation so that an untrusted data input may be displayed on an untrusted display and verified by the user, following which the trusted data can be output to an untrusted or trusted device or network. The output may be encrypted or not, by means of an encryption device which may or may not use a ‘one time pad’ key provided from a structured array of retrievable “one time pad” keys having associated uniquely there with, a serial number which itself need not be encrypted but with which the input data and encrypted output data are uniquely associated. Sufficient “one time pad” keys are provided on a commonly available and physically manageable medium so as to allow much simplified key management procedures while still maintaining high levels of correctness and effectiveness of the encryption processes.

Abstract: A method is provided for secure establishment of a direct communication connection operating according to a first communication standard between at least a first communication terminal device and a second communication terminal device, wherein for establishment of the direct communication connection, an exchange of keys for encrypting data transferred over the direct communication connection is carried out, the key exchange being performed at least partially via a further switched communication connection operating according to a radio communication standard; in particular, the UMTS standard.

Abstract: Method, mobile station and radio communications system for controlling security-related functions for call handling. Based on the known method and radio communications system for controlling the security-related functions for call handling with subscriber authentication and secrecy of the information, a ciphering request having an identifier (cimode) is received and evaluated by the mobile station (MS) in order to determine whether the communications network wishes to have connections on the air interface (AIF) with ciphered information or with unciphered information. In this case, the mobile station (MS) can be switched under subscriber control to an operating mode in which the connection (for example v1) is terminated if the received identifier (cimode) allows connections with unciphered information.

Abstract: A cryptation system for information transmitted through packet switching networks masks the digital information data by combining it at the transmitting station with digital data of a certain cryptation code before transmitting the so-encrypted data through the network. The system also performs an inverse decrypting processing at the receiving station using the same code. The system generates at a transmitting station and at a receiving station, starting from a given pair of password codes or user key, a certain discrete chaotic model or map of the pair of codes or key, producing dynamically updated pairs of values of codes or keys every certain number of processing steps of the chaotic map. The data to be transmitted is masked by way of a logic combination with the current dynamically updated keys at the transmitting station.

Abstract: The present invention prevents unauthorized access and modifications to programs and non-executable files, particularly a dialer program, stored on a personal computer system (PC) by providing a protected storage area on a hard drive of the PC wherein access to the protected storage area is controlled by the owner/user of the PC. Attempts to add, remove, or modify any of the programs and non-executable files in the protected storage area will result in an interrupt prompting the user to supply a valid password or other acknowledgement. A preferred embodiment includes a protected memory area as a part of the computer's internal random access memory (RAM) such that upon initialization of a program, the program and non-executable files are copied into the protected memory area from the protected storage area. The protected memory area may also be password protected to provide additional safeguards against unauthorized access.

Abstract: A system is provided for securing voice mail messages. The system includes a packet network and a telephony device that is coupled to the packet network. The system also includes a voice mail system that is coupled to the packet network and that receives a voice mail message from a caller attempting to communicate with a user of the telephony device. The voice mail system encrypts the voice mail message using a public key associated with the telephony device and stores the encrypted voice mail message in an open file system coupled to the packet network.

Abstract: An automated prefix dialing system is disclosed to allow a subscriber/user to automatically insert a predetermined prefix dialing code in certain outgoing telephone call situations. The system is electrically disposed between the telephone company's central office circuit and the subscriber's circuit. The system preferably comprises six sub-circuits: DC power path circuit (off-hook sensor circuit), shadow-ring detector circuit, isolation circuit, DTMF receiver circuit, DTMF generator circuit, and micro controller circuit. When not in use, no power is used by the system. The DC power path circuit, provides power received from the central office line to the various circuits and components of the system when the subscriber's phone is taken off-hook. Off-hook sensor circuitry detects when the telephone has been lifted either in response to an incoming call or to initiate an outgoing call.