Abstract: An apparatus for securing communications includes a processor and memory storing executable computer code causing the apparatus to at least perform operations including receiving a request to activate a service transferring communications of a cellular network to a wireless local network. The computer program code may further cause the apparatus to provide an activation key to a device responsive to an indication that the device is authorized to utilize the service based on determining an identifier(s) of the request is valid. The computer program code may further cause the apparatus to provide a private key to the device, to enable the device to utilize the private key to subsequently register to transfer communications of the cellular network to a wireless local network(s), responsive to receiving a message for the private key from the device and a message from the cellular network. Corresponding methods and computer program products are also provided.

Abstract: User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process.

Abstract: A method and apparatus support delivering a video media stream to a wireless device by exchanging communication signals through a secure communications interface to establish first and second communication channels. The channels may be according to different communication protocols. A first portion of the streamed video media stream over the first communication channel is encrypted while a second portion of the video media stream over the second communication channel is not encrypted. The second portion is based on the first. In addition to encryption of only the first portion, one embodiment includes using different communication protocols for the first and second channels to further enhance secure media delivery.

Abstract: A method and apparatus for endpoint configuration management comprising receiving an endpoint topology and storing the endpoint topology in a configuration store, modifying a configuration for a remote session to conform to the endpoint topology and corresponding the configuration to the endpoint topology in the data structure and presenting to the endpoint the modified configuration of the remote session.

Abstract: Method and apparatus for SPS authentication, for example for use with GPS, are disclosed. The method may include receiving a first set of Y codes from a plurality of satellites, generating authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites, and generating an authentication response according to authentication decisions generated for the satellite channels.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for location-based authorization to access a resource. A first computer receives a request to access a resource from a second computer. The request to access the resource includes location information of the second computer. The first computer responds by sending a request to a third computer, requesting location information of the third computer. In response to receiving from the third computer, the location information of the third computer, the first computer determines a distance between the second computer and the third computer. If the distance between the second computer and the third computer fulfills a proximity condition, the first computer authorizes the resource request.

Abstract: A security system assesses the response time to requests for information to determine whether the responding system is in physical proximity to the requesting system. Generally, physical proximity corresponds to temporal proximity. If the response time indicates a substantial or abnormal lag between request and response, the system assumes that the lag is caused by the request and response having to travel a substantial or abnormal physical distance, or caused by the request being processed to generate a response, rather than being answered by an existing response in the physical possession of a user. If a substantial or abnormal lag is detected, for example due to the fact that the information was downloaded from the Internet, the system is configured to limit subsequent access to protected material by the current user, and/or to notify security personnel of the abnormal response lag.

Abstract: This disclosure relates to systems, methods, computer program products, and means that control access to position information at a receiver, or at another device external to the receiver, based on various considerations, including a requested service type, a user type, a device type, a software application type, a payment, and/or other characteristics associated with a particular software application or distributor of that software application. The disclosure further relates to systems, methods, computer program products and means for carrying out secure data transmissions intended for a particular application among other applications.

Abstract: A system can include a mobile computing device and a wearable computing device. The wearable computing device can include a sensor that outputs an indication that the wearable computing device is being worn. In some examples, one or both of the devices can be operable to determine that the devices are within a threshold distance of each other. Responsive to receiving the indications that the wearable computing device is being worn and the devices are within the threshold distance of each other, one or both of the devices can be operable to change an access mode of computing environment provided by the respective device from a reduced access mode to an increased access mode.

Abstract: Securing access to a portable electronic device (PED), securing e-commerce transactions at an electronic device (ED) and dynamically adjusting system settings at a PED are disclosed. In an example, usage or mobility characteristics of the PED or ED (e.g., a location of the ED or PED, etc.) are compared with current parameters of the PED or ED. A determination as to whether to permit an operation (e.g., access, e-commerce transaction, etc.) at the ED or PED can be based at least in part upon a degree to which the current parameters conform with the usage or mobility characteristics. In another example, at least a current location of a PED can be used to determine which system settings to load at the PED.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: A method includes controlling security in a communication system that involves a node capable of routing traffic according to one or more security algorithms with respective security levels. The node is adapted to estimate at least one safety degree relating to the node, to select at least one security algorithm of the one or more security algorithms, depending on the estimated safety degree; and to activate the at least one security algorithm.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enrolling a user in a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, receive user information associated with a user, the user information enabling identification of the user, associate the device identification information with the user information, and create a record based on the device identification information and the user information.

Abstract: Embodiments of the present invention are directed to systems, apparatuses and methods for using a mobile device with an accelerometer to gain access into a secured or restricted area. A first device and a second device interact by making physical contact with each other thereby generating interaction data that is representative of the physical interaction between the first and second device. The first and second device may be mobile phones. The second device may be a point of sale terminal, access point device, or any other stationary (i.e., in a fixed position) device positioned at a line, door, gate, or entrance. A server computer determines, based on interaction data, that the first device and the second device made physical contact. After determining that the first device and the second device made contact, communications may be initiated between the devices.

Abstract: An approach is provided for selecting a security policy. A security policy manager determines one or more factors for adjusting a safety score associated with a device. The safety score is based, at least in part, on a context associated with the device. The security policy manager then processes and/or facilitates a processing of the one or more factors and the safety score to calculate an adjusted safety score, and determines to select a security policy based, at least in part, on the adjusted safety score.

Abstract: Systems and methods of restricting access to mobile platform location information may involve receiving, via a link, location information for a mobile platform at a processor of the mobile platform, and preventing unauthorized access to the location information by an operating system associated with the mobile platform.

Abstract: A selective barrier prevents undesired communication between a protected region and an unprotected region. Wireless communication is allowed within the protected region, while wireless communication is prevented between the protected region and any unprotected regions. Particular undesired message packets might be selected by business rules responsive to aspects of individual messages. Particular unprotected regions might be statically or dynamically determined. Alternatively, the selective barrier similarly operates to block undesired message packets from originating in any of the unprotected regions and successfully being received in the protected region.

Abstract: A gesture-based method is disclosed for authenticating a user. More specifically, the user of an information handling system is prompted to enter a passcode finger tap sequence input gesture via a touch-sensitive device. The finger tap sequence input gesture is processed to generate a passcode finger tap sequence. The passcode finger tap sequence is then compared to a previously-generated authentication finger tap sequence. If the two finger tap sequences match, then the user is authenticated.

Abstract: A computer-implemented method may include maintaining a set of password-protection policies configured to prevent unauthorized access to a mobile device at different physical locations. The computer-implemented method may also include identifying a current physical location of the mobile device and searching a database that stores the set of password-protection policies for a particular password-protection policy that corresponds to the current physical location of the mobile device. The computer-implemented method may further include identifying, based on the search of the database, the particular password-protection policy that corresponds to the current physical location of the mobile device and then implementing the particular password-protection policy on the mobile device in response to the identification of the particular password-protection policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, system, and medium are provided for validating the identity or authority of a user of a wireless device to consent to providing geographic locations of their respective wireless device to a third-party application. Upon receiving a request to validate the authority of a user to consent to providing of geographic locations, the user is automatically redirected to a validation service portal. The validation service portal verifies the identity or authority of the user to consent by requiring the user to provide identification information. The identification information is compared to identification information in one or more databases to determine if the user has the authority to consent. An indication is provided by the validation service portal to the third-party application of whether the user has the authority to consent. The third-party application then initiates location-based services based on the indication.

Abstract: Disclosed are alternate embodiments of various components of a barrier operator system. and methods of operation, including of the mechanical drive subsystem with segmented and self-locking rail unit, rail mounting supports, belt and chain drive tensioning, and drive assembly carriage and interface; the electronics and software routines for controlled operation of the various barrier operator functions; wall console communications with the barrier operator; encryption and decryption of access codes; establishment and monitoring of travel limits and barrier speed and force profiles; thermal protection of barrier operator drive motors; and establishment and control of communications from the barrier operator to accessories by way of a wireless adapter.

Abstract: A method and apparatus for secure distribution of digital content is provided. In accordance with at least one embodiment, an intermediate device maintains an authorized content sink list which it uses to allow reauthorization of a first content sink for access to first content from a first content source when the first content sink has a first content sink entry on the authorized content sink list. In accordance with at least one embodiment, reauthorization is conditioned upon a first content sink entry currency status having not yet expired. In accordance with at least one embodiment, the intermediate device allows authentication of the first content sink by the first content source when no first content sink entry exists on the authorized content sink list or when the first content sink entry currency status has expired.

Abstract: A system and methods for location authentication are presented. An estimated server signal is estimated based on a generated known code signal, and a client received satellite signal is received from a client device. The client received satellite signal is compared to the estimated server signal to provide a comparison result.

Abstract: A method for providing message protection includes generating a ciphered message based upon a first counter, a message, and a ciphering key. The method further includes generating an unciphered message authentication code (MAC) based upon the first counter, an integrity protection key, and either the message or the ciphered message, and transmitting security protected data, which includes the MAC and the ciphered message, over a transmission medium.

Abstract: The present invention relates to a key update method based on the amount of communication in wireless sensor networks having a hierarchy structure.

Abstract: Handset, computer software and method for protecting sensitive network information, available in the handset, from disclosure to an unauthorized server, by using an abstraction function module, the handset being connected to a network.

Abstract: Systems and methods for implementing a location token service (LTS) to enhance the security of mobile device identity tokens by using the location of the mobile device to augment the tokens. The LTS enforces re-authentication (login) of the mobile device to one or more applications if the mobile device moves beyond a threshold distance from the location of the last use of the token within a time period defined in a temporal threshold. The LTS increases authentication strength and drastically reduces the potential for spoofing or otherwise permitting unauthorized access to one or more applications on the mobile device.

Abstract: A method and apparatus for dynamically protecting content in a system for managing use of the content in accordance with usage rights. A request is received from a user device for content stored on a server. Information is gathered from at least one source to build the content in accordance with the request and the content is mapped to usage rights. A reply including the usage rights is sent to the user device, and use of the content is permitted based on the usage rights under control of a security module for enforcing usage rights.

Abstract: A method includes controlling security in a communication system that involves a node capable of routing traffic according to one or more security algorithms with respective security levels. The node is adapted to estimate at least one safety degree relating to the node, to select at least one security algorithm of the one or more security algorithms, depending on the estimated safety degree; and to activate the at least one security algorithm.

Abstract: A request for an acknowledgement using a private key may be generated and transmitting to a customer device. The acknowledgement may be received from the customer device and verified using a public key associated with a customer operating the customer device. A request for a current location of the customer device may be transmitted and the current location may be received. A determination that the current location is proximate to a meter may be made, and, in response to determining that the current location is proximate to the meter, the meter may be manipulated.

Abstract: A method is used in validating association of client devices with authenticated clients. An authentication request for authenticating a client is received from a client device used by a client for establishing a session with a server. The client is authenticated by an authentication device. A token is created and provided to the client device. Identification information of the client device is gathered. The identification information identifies the client device. The identification information gathered from the client device is evaluated. Based on the evaluation, it is validated that the identification information corresponds to a client device associated with the authenticated client.

Abstract: A system and methods for location-based authentication using medium earth orbit (MEO) and low earth orbit (LEO) satellites are presented. Location of a client device is authenticated based on at least one client received MEO satellite signal received from at least one MEO satellite at the client device and at least one client received LEO satellite signal received from at least one LEO satellite at the client device.

Abstract: An authentication method and system provides for a user requesting authentication where the authentication request includes Personally Identifiable Information (PPI) such as geolocation data. The user's device requesting authentication alters or encrypts the PII in order to prevent the PII's unintentional discovery by third parties or to comply with jurisdictional requirements for the safeguarding of PII. The receiving party saves the altered or encrypted PII for later use. In order to use the PII and perform calculations for authentication, the receiving party requests a trusted third party with knowledge of the methodology or key used to alter or encrypt the PII to perform calculations on the original values of the PII without saving the PII. The trusted third party returns a computed value to the receiving party where it is used to determine whether the user will be authenticated.

Abstract: Provided is a radio communication base station device which can prevent damage of ARQ control in an ARQ in which a response signal (ACK/NACK) channel is shared by a plurality of mobile stations. In the device, a repetition unit (106) repeats a response signal inputted from a modulation unit (105) so as to obtain a plurality of identical response signals and outputs the plurality of response signals to a scrambling unit (107). The scrambling unit (107) scrambles the identical response signals by using a scrambling code corresponding to a mobile station ID number inputted from an allocation information generation unit (101) (that is, a scrambling code unique to each of mobile stations) and outputs the scrambled response signals to an S/P unit (108).

Abstract: Embodiments of a system and methods for predictive transmission of information are generally described herein. In some embodiments, a system includes a ground moving target indicator (GMTI) tracker module receives a current position estimate from a user equipment and to generate position and/or velocity estimates. A database system, including a mission/role database and user information database, receives the position and/or velocity estimates and transmits user information to the user equipment based on a predicted position of the user and the mission/role of a user.

Abstract: The present invention relates to a system and method for facilitating access to secure network sites, such as sites providing secure financial information. An active software agent is utilized to fetch passwords and user identifiers from a user computing system and to use the passwords and identifiers to extract required information from the secure site. The password sites and identifiers are encrypted and an encryption key is stored at a network mode remote from the user's computer and is fetched in order to enable the passwords and identifiers to be decrypted so that the active agent can use them to obtain the required information.

Abstract: A method (400) for processing location information relating to a certain mobile station in a cellular network is presented. The method involves a first network element, which is connected to the cellular network, and second and third network elements, which are connected to a packet data network. The first network receives (401) a location information request (201) relating to the mobile station from a second network element. A security document relating to the second network element is requested (404) from a third network element; establishment (406) of one security association pointing from the second network element to the first network element and involving information is the security document is initiated; after successful establishment of said security association, the data origin of the location service request is authenticated (408); and after successful authentication, a location procedure relating to the mobile station in the cellular network is initiated (410).

Abstract: An invention is provided for a providing authentication in a network environment. current radio frequency (RF) measurement data is received from a client device, wherein the current RF measurement data is based on a measured effect of the intervening materials on RF signals received at the client device from a remote RF source. The received RF measurement data is compared with stored RF measurement data, which is acquired at a previous time and is based on a measured effect of the intervening materials on RF signals received at a specific space from a remote RF source. Authentication is provided based on the result of comparing the received RF measurement data with stored RF measurement data.

Abstract: Methods, a user equipment, a server host, a client application, computer program products, and a server computer program. These methods and components can be utilized by a location based service. One method regards triggering of events in the user equipment based on a position of the user equipment, comprising the steps of: —looking up, in a server database at least one network cell-identity associated with a predefined geographical area, —sending the network cell-identity to the user equipment, —storing the network cell-identity in a database in the user equipment, —obtaining a current network cell-identity to which the user equipment currently is connected, —comparing in the user equipment the current network cell-identity with network cell-identities stored in the database, and —retrieving content associated with the current network cell-identity if the current network cell identity is among the network cell-identities in the database.

Abstract: Embodiments of the invention are related to systems and methods for analyzing transaction data for mobile merchant transactions, and generating a message based on the analysis. Transaction data for one or more transactions conducted at one or more mobile merchants is electronically received, the transaction data including a location for each of the one or more transactions. The transaction data is analyzed by a server computer which generates a message based on the analysis, the message being transmitted to a client device.

Abstract: When a user carries a mobile terminal with confidential information, such as customer information, stored therein, it is required to maintain information confidentiality and to prevent an unauthorized third party from accessing the confidential information even if the mobile terminal is stolen. According to the disclosed access control method, an encryption key is generated based on a planned route and the information is encrypted. When the user accesses the information, a decryption key is generated based on the actual movement route that is regularly acquired. The encrypted information can be decrypted if the planned route and the movement route match.

Abstract: Systems and/or methods of selectively terminating security in mobile networks are presented. User equipment (UE) can specify cipher termination location capabilities for encrypting/decrypting data packets to a base station in a mobile network. The mobile network can subsequently determine at which node in the network to terminate the cipher in part according to the capabilities provided and deliver the determined location to the UE. The determined cipher termination location can be provided in response to a request to initiate communications, the initial request can specify the capabilities. The UE can utilize the location to support disparate types of networks and to intelligently deal with hand-offs and other functions of the mobile network.

Abstract: A method and apparatus for automatically configuring and provisioning cryptographic certificates is described. A certificate management sensor receives instructions from a first computing device to analyze a second computing device to identify an application on the second computing device associated with cryptographic network traffic on the second computing device, generates an application fingerprint based on application characteristics of the application, transmits the application fingerprint and a certificate signing request (CSR) to a certificate management system (CMS), and receives second instructions from the CMS to automatically install a cryptographic certificate on the second computing device based on the application fingerprint and CSR.

Abstract: An optical communication system has a transmitter that generates an optical signal containing payload data and security data. The transmitter double modulates an optical signal where payload data is in-band and security data is out-of-band. If a man-in-the-middle attack occurs and the intrusion device is unable to detect the out-of-band signal, the intrusion device will not replicate the out-of-band signal thereby allowing the presence of the intrusion device to be detected.

Abstract: The present invention introduces methods and apparatus of encrypting/decrypting three-dimensional (3D) video content. The inventive methods and apparatus can achieve a flexible payment/authorization mechanism for the 3D video content. A user can choose to view only 2D images corresponding to the video content, or pay an authorization fee that allows the user to view the entire 3D video content.

Abstract: A system, method and program product for controlling access to a restricted item. A method is provided that includes: receiving a request for access to a restricted item at a computer system associated with a provider, said request originating from a client system; determining an IP address of the client system; determining a mobile phone number of a mobile phone associated with the requester; transmitting to a third party service provider the IP address and mobile phone number; and receiving back from the third party service provider a confirmation message indicating whether or not the IP address and mobile phone are located within an acceptable range of each other.

Abstract: Disclosed are a Radio Frequency Identification (RFID) personal privacy control system and a personal privacy protection method using the same which may dynamically process a privacy level according to peripheral circumstances of an RFID tagged object and an owner of the object, thereby securely protecting personal information associated with the RFID tag. The RFID privacy control server, the RFID privacy control server includes a context-aware information collecting unit to collect at least one context-aware information about a user; a privacy level adjusting unit to adjust a privacy level of the user based on the collected context-aware information; and a privacy control unit to determine, according to the adjusted privacy level, whether access of an RFID reader to RFID tag information is allowed, the RFID tag information corresponding to an RFID tag associated with the user.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: A method and apparatus for secure distribution of digital content is provided. In accordance with at least one embodiment, an intermediate device maintains an authorized content sink list which it uses to allow reauthorization of a first content sink for access to first content from a first content source when the first content sink has a first content sink entry on the authorized content sink list. In accordance with at least one embodiment, reauthorization is conditioned upon a first content sink entry currency status having not yet expired. In accordance with at least one embodiment, the intermediate device allows authentication of the first content sink by the first content source when no first content sink entry exists on the authorized content sink list or when the first content sink entry currency status has expired.