Abstract: A computer-implemented method may include maintaining a set of password-protection policies configured to prevent unauthorized access to a mobile device at different physical locations. The computer-implemented method may also include identifying a current physical location of the mobile device and searching a database that stores the set of password-protection policies for a particular password-protection policy that corresponds to the current physical location of the mobile device. The computer-implemented method may further include identifying, based on the search of the database, the particular password-protection policy that corresponds to the current physical location of the mobile device and then implementing the particular password-protection policy on the mobile device in response to the identification of the particular password-protection policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, system, and medium are provided for validating the identity or authority of a user of a wireless device to consent to providing geographic locations of their respective wireless device to a third-party application. Upon receiving a request to validate the authority of a user to consent to providing of geographic locations, the user is automatically redirected to a validation service portal. The validation service portal verifies the identity or authority of the user to consent by requiring the user to provide identification information. The identification information is compared to identification information in one or more databases to determine if the user has the authority to consent. An indication is provided by the validation service portal to the third-party application of whether the user has the authority to consent. The third-party application then initiates location-based services based on the indication.

Abstract: Disclosed are alternate embodiments of various components of a barrier operator system. and methods of operation, including of the mechanical drive subsystem with segmented and self-locking rail unit, rail mounting supports, belt and chain drive tensioning, and drive assembly carriage and interface; the electronics and software routines for controlled operation of the various barrier operator functions; wall console communications with the barrier operator; encryption and decryption of access codes; establishment and monitoring of travel limits and barrier speed and force profiles; thermal protection of barrier operator drive motors; and establishment and control of communications from the barrier operator to accessories by way of a wireless adapter.

Abstract: A method and apparatus for secure distribution of digital content is provided. In accordance with at least one embodiment, an intermediate device maintains an authorized content sink list which it uses to allow reauthorization of a first content sink for access to first content from a first content source when the first content sink has a first content sink entry on the authorized content sink list. In accordance with at least one embodiment, reauthorization is conditioned upon a first content sink entry currency status having not yet expired. In accordance with at least one embodiment, the intermediate device allows authentication of the first content sink by the first content source when no first content sink entry exists on the authorized content sink list or when the first content sink entry currency status has expired.

Abstract: A system and methods for location authentication are presented. An estimated server signal is estimated based on a generated known code signal, and a client received satellite signal is received from a client device. The client received satellite signal is compared to the estimated server signal to provide a comparison result.

Abstract: The present invention relates to a key update method based on the amount of communication in wireless sensor networks having a hierarchy structure.

Abstract: A method for providing message protection includes generating a ciphered message based upon a first counter, a message, and a ciphering key. The method further includes generating an unciphered message authentication code (MAC) based upon the first counter, an integrity protection key, and either the message or the ciphered message, and transmitting security protected data, which includes the MAC and the ciphered message, over a transmission medium.

Abstract: A method and apparatus for dynamically protecting content in a system for managing use of the content in accordance with usage rights. A request is received from a user device for content stored on a server. Information is gathered from at least one source to build the content in accordance with the request and the content is mapped to usage rights. A reply including the usage rights is sent to the user device, and use of the content is permitted based on the usage rights under control of a security module for enforcing usage rights.

Abstract: Handset, computer software and method for protecting sensitive network information, available in the handset, from disclosure to an unauthorized server, by using an abstraction function module, the handset being connected to a network.

Abstract: Systems and methods for implementing a location token service (LTS) to enhance the security of mobile device identity tokens by using the location of the mobile device to augment the tokens. The LTS enforces re-authentication (login) of the mobile device to one or more applications if the mobile device moves beyond a threshold distance from the location of the last use of the token within a time period defined in a temporal threshold. The LTS increases authentication strength and drastically reduces the potential for spoofing or otherwise permitting unauthorized access to one or more applications on the mobile device.

Abstract: A request for an acknowledgement using a private key may be generated and transmitting to a customer device. The acknowledgement may be received from the customer device and verified using a public key associated with a customer operating the customer device. A request for a current location of the customer device may be transmitted and the current location may be received. A determination that the current location is proximate to a meter may be made, and, in response to determining that the current location is proximate to the meter, the meter may be manipulated.

Abstract: A method includes controlling security in a communication system that involves a node capable of routing traffic according to one or more security algorithms with respective security levels. The node is adapted to estimate at least one safety degree relating to the node, to select at least one security algorithm of the one or more security algorithms, depending on the estimated safety degree; and to activate the at least one security algorithm.

Abstract: A method is used in validating association of client devices with authenticated clients. An authentication request for authenticating a client is received from a client device used by a client for establishing a session with a server. The client is authenticated by an authentication device. A token is created and provided to the client device. Identification information of the client device is gathered. The identification information identifies the client device. The identification information gathered from the client device is evaluated. Based on the evaluation, it is validated that the identification information corresponds to a client device associated with the authenticated client.

Abstract: A system and methods for location-based authentication using medium earth orbit (MEO) and low earth orbit (LEO) satellites are presented. Location of a client device is authenticated based on at least one client received MEO satellite signal received from at least one MEO satellite at the client device and at least one client received LEO satellite signal received from at least one LEO satellite at the client device.

Abstract: An authentication method and system provides for a user requesting authentication where the authentication request includes Personally Identifiable Information (PPI) such as geolocation data. The user's device requesting authentication alters or encrypts the PII in order to prevent the PII's unintentional discovery by third parties or to comply with jurisdictional requirements for the safeguarding of PII. The receiving party saves the altered or encrypted PII for later use. In order to use the PII and perform calculations for authentication, the receiving party requests a trusted third party with knowledge of the methodology or key used to alter or encrypt the PII to perform calculations on the original values of the PII without saving the PII. The trusted third party returns a computed value to the receiving party where it is used to determine whether the user will be authenticated.

Abstract: Provided is a radio communication base station device which can prevent damage of ARQ control in an ARQ in which a response signal (ACK/NACK) channel is shared by a plurality of mobile stations. In the device, a repetition unit (106) repeats a response signal inputted from a modulation unit (105) so as to obtain a plurality of identical response signals and outputs the plurality of response signals to a scrambling unit (107). The scrambling unit (107) scrambles the identical response signals by using a scrambling code corresponding to a mobile station ID number inputted from an allocation information generation unit (101) (that is, a scrambling code unique to each of mobile stations) and outputs the scrambled response signals to an S/P unit (108).

Abstract: Embodiments of a system and methods for predictive transmission of information are generally described herein. In some embodiments, a system includes a ground moving target indicator (GMTI) tracker module receives a current position estimate from a user equipment and to generate position and/or velocity estimates. A database system, including a mission/role database and user information database, receives the position and/or velocity estimates and transmits user information to the user equipment based on a predicted position of the user and the mission/role of a user.

Abstract: The present invention relates to a system and method for facilitating access to secure network sites, such as sites providing secure financial information. An active software agent is utilized to fetch passwords and user identifiers from a user computing system and to use the passwords and identifiers to extract required information from the secure site. The password sites and identifiers are encrypted and an encryption key is stored at a network mode remote from the user's computer and is fetched in order to enable the passwords and identifiers to be decrypted so that the active agent can use them to obtain the required information.

Abstract: A method (400) for processing location information relating to a certain mobile station in a cellular network is presented. The method involves a first network element, which is connected to the cellular network, and second and third network elements, which are connected to a packet data network. The first network receives (401) a location information request (201) relating to the mobile station from a second network element. A security document relating to the second network element is requested (404) from a third network element; establishment (406) of one security association pointing from the second network element to the first network element and involving information is the security document is initiated; after successful establishment of said security association, the data origin of the location service request is authenticated (408); and after successful authentication, a location procedure relating to the mobile station in the cellular network is initiated (410).

Abstract: An invention is provided for a providing authentication in a network environment. current radio frequency (RF) measurement data is received from a client device, wherein the current RF measurement data is based on a measured effect of the intervening materials on RF signals received at the client device from a remote RF source. The received RF measurement data is compared with stored RF measurement data, which is acquired at a previous time and is based on a measured effect of the intervening materials on RF signals received at a specific space from a remote RF source. Authentication is provided based on the result of comparing the received RF measurement data with stored RF measurement data.

Abstract: Methods, a user equipment, a server host, a client application, computer program products, and a server computer program. These methods and components can be utilized by a location based service. One method regards triggering of events in the user equipment based on a position of the user equipment, comprising the steps of: —looking up, in a server database at least one network cell-identity associated with a predefined geographical area, —sending the network cell-identity to the user equipment, —storing the network cell-identity in a database in the user equipment, —obtaining a current network cell-identity to which the user equipment currently is connected, —comparing in the user equipment the current network cell-identity with network cell-identities stored in the database, and —retrieving content associated with the current network cell-identity if the current network cell identity is among the network cell-identities in the database.

Abstract: Embodiments of the invention are related to systems and methods for analyzing transaction data for mobile merchant transactions, and generating a message based on the analysis. Transaction data for one or more transactions conducted at one or more mobile merchants is electronically received, the transaction data including a location for each of the one or more transactions. The transaction data is analyzed by a server computer which generates a message based on the analysis, the message being transmitted to a client device.

Abstract: When a user carries a mobile terminal with confidential information, such as customer information, stored therein, it is required to maintain information confidentiality and to prevent an unauthorized third party from accessing the confidential information even if the mobile terminal is stolen. According to the disclosed access control method, an encryption key is generated based on a planned route and the information is encrypted. When the user accesses the information, a decryption key is generated based on the actual movement route that is regularly acquired. The encrypted information can be decrypted if the planned route and the movement route match.

Abstract: Systems and/or methods of selectively terminating security in mobile networks are presented. User equipment (UE) can specify cipher termination location capabilities for encrypting/decrypting data packets to a base station in a mobile network. The mobile network can subsequently determine at which node in the network to terminate the cipher in part according to the capabilities provided and deliver the determined location to the UE. The determined cipher termination location can be provided in response to a request to initiate communications, the initial request can specify the capabilities. The UE can utilize the location to support disparate types of networks and to intelligently deal with hand-offs and other functions of the mobile network.

Abstract: A method and apparatus for automatically configuring and provisioning cryptographic certificates is described. A certificate management sensor receives instructions from a first computing device to analyze a second computing device to identify an application on the second computing device associated with cryptographic network traffic on the second computing device, generates an application fingerprint based on application characteristics of the application, transmits the application fingerprint and a certificate signing request (CSR) to a certificate management system (CMS), and receives second instructions from the CMS to automatically install a cryptographic certificate on the second computing device based on the application fingerprint and CSR.

Abstract: An optical communication system has a transmitter that generates an optical signal containing payload data and security data. The transmitter double modulates an optical signal where payload data is in-band and security data is out-of-band. If a man-in-the-middle attack occurs and the intrusion device is unable to detect the out-of-band signal, the intrusion device will not replicate the out-of-band signal thereby allowing the presence of the intrusion device to be detected.

Abstract: The present invention introduces methods and apparatus of encrypting/decrypting three-dimensional (3D) video content. The inventive methods and apparatus can achieve a flexible payment/authorization mechanism for the 3D video content. A user can choose to view only 2D images corresponding to the video content, or pay an authorization fee that allows the user to view the entire 3D video content.

Abstract: Disclosed are a Radio Frequency Identification (RFID) personal privacy control system and a personal privacy protection method using the same which may dynamically process a privacy level according to peripheral circumstances of an RFID tagged object and an owner of the object, thereby securely protecting personal information associated with the RFID tag. The RFID privacy control server, the RFID privacy control server includes a context-aware information collecting unit to collect at least one context-aware information about a user; a privacy level adjusting unit to adjust a privacy level of the user based on the collected context-aware information; and a privacy control unit to determine, according to the adjusted privacy level, whether access of an RFID reader to RFID tag information is allowed, the RFID tag information corresponding to an RFID tag associated with the user.

Abstract: A system, method and program product for controlling access to a restricted item. A method is provided that includes: receiving a request for access to a restricted item at a computer system associated with a provider, said request originating from a client system; determining an IP address of the client system; determining a mobile phone number of a mobile phone associated with the requester; transmitting to a third party service provider the IP address and mobile phone number; and receiving back from the third party service provider a confirmation message indicating whether or not the IP address and mobile phone are located within an acceptable range of each other.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: A method and apparatus for secure distribution of digital content is provided. In accordance with at least one embodiment, an intermediate device maintains an authorized content sink list which it uses to allow reauthorization of a first content sink for access to first content from a first content source when the first content sink has a first content sink entry on the authorized content sink list. In accordance with at least one embodiment, reauthorization is conditioned upon a first content sink entry currency status having not yet expired. In accordance with at least one embodiment, the intermediate device allows authentication of the first content sink by the first content source when no first content sink entry exists on the authorized content sink list or when the first content sink entry currency status has expired.

Abstract: In an aspect, the invention features a method for mission planning. The method includes displaying a graphical representation of a geographical area and displaying a graphical representation of one or more regions within the geographical area. The method also includes accepting a specification of geographical regions from a user, accepting a specification of a set of one or more receivers from the user, and accepting a specification of resource access rights associated with the specific one of the geographical regions from the user. The method also includes remotely causing access to a vehicle's resources to be provided or denied to the specified set of one or more receivers based on their association with the specific one of the geographical regions specified by the user when the vehicle is within the specific one of the geographical regions specified by the user.

Abstract: A method of providing access to content based upon one or more adequately-credentialed keys being proximate to a certain location. The method includes a first step of acquiring credential information from at least one key tagged with credential information using a credential acquisition device (CAD) at the certain location. The method also includes a second step of confirming that the credential information meets requirements for receiving the content. Further, the method includes a step of providing access to the content after performing the first and second steps.

Abstract: Aspects for secure access and communication of information in a distributed media network may include detecting when a legacy media peripheral is connected to a PC and/or a media processing system on the distributed media network. One or more identifiers associated with the legacy media peripheral may be established and utilized to facilitate communication of the legacy media peripheral over the distributed media network. At least one legacy media peripheral identifier and at least one identifier of a user utilizing the legacy media peripheral may be requested. The legacy media peripheral identifier may be a serial number of the legacy media peripheral, while the user identifier may be a user password and/or a user name. Media peripheral association software may be executed on the PC and/or the media processing system and utilized for media peripheral association and authentication in accordance with various embodiments of the invention.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: A method for facilitating authentication enables to automatically log the user to an application multiple times as long as the user has not left proximity of the terminal since the last successful login.

Abstract: A set-top-box has on-chip OTP memory emulated using an external flash memory and a series of on-chip fuses. The external memory is comprised of one or more regions, each having its own unique region identification. Each on-chip fuse corresponds to one of the memory regions and comprises a component which can be caused to change to a particular (blown) state irreversibly. When data first needs to be written to a region of the external memory, the identification of that region is appended to the data itself together with a parity field and a validity field. The resultant data packet is then encrypted by a cryptographic circuit using a secret key unique to the set-top-box and the encrypted data packet is written to the specified region of the external memory. Then, the on-chip fuse corresponding to the region that has been written to is irreversibly blown, effectively locking that region.

Abstract: A mobile device for the display of messages includes a message viewer application for displaying segments of the message received from a server. The message can include content that is encoded in a first encoding that is renderable for display on the device, and the same content encoded in a second encoding. On determination that the received portion of the message includes a first part comprising content encoded in a first encoding and is renderable for display, first displayable portion of the message content, the server is signalled to halt forwarding further segments of the message.

Abstract: The invention relates to a system and method, by means of which the availability of readable contents (books, magazines, documents) can be linked according to location. The invention further relates to an electronic terminal, in particular a mobile reading device, having means for carrying out said method, and to the use of such an electronic terminal.

Abstract: A method and system for authenticating an internet user identity by cross-referencing and comparing at least two independent sources of information. A first IP address of an internet user is identified and the geographical location of the first IP address is traced to determine a first location. The geographical-location of a communication voice device of said internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the internet user. Based upon geographical proximity of said locations, a score is assigned to the internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated.

Abstract: A system and methods for secure communication are disclosed. A network packet comprising encrypted network address comprising an unencrypted network address encrypted by a first GPS time and a first pseudo random number is received. The encrypted network address is decrypted using the first GPS time and the first pseudo random number to provide the unencrypted network address. The network packet is transmitted based on the unencrypted network address.

Abstract: An authentication method, a server, and a terminal for a wireless local area network (WLAN) are provided. The method includes: redirecting a Hypertext Transfer Protocol (HTTP) request message sent by a WLAN terminal to an address of a login webpage of a WLAN network and returning the redirected HTTP request message to the WLAN terminal; sending authentication request information carrying an International Mobile Subscriber Identity (IMSI) identifier of a Subscriber Identity Module (SIM) card sent by the WLAN terminal to an Authentication/Authorization/Accounting (AAA) server corresponding to the address of the login webpage of the WLAN network, such that the AAA server performs authentication based on the IMSI identifier.

Abstract: A wireless communication system includes a plurality of terminals connected to at least one wireless network on the basis of authority of security configuration parameters shared by the plurality of terminals. Each of the plurality of terminals revokes security configuration parameters of the terminal itself or security configuration parameters of another terminal in accordance with an agreement with said another terminal.

Abstract: A method, system, and medium are provided for validating the identity or authority of a user of a wireless device to consent to providing geographic locations of their respective wireless device to a third-party application. Upon receiving a request to validate the authority of a user to consent to providing of geographic locations, the user is automatically redirected to a validation service portal. The validation service portal verifies the identity or authority of the user to consent by requiring the user to provide identification information. The identification information is compared to identification information in one or more databases to determine if the user has the authority to consent. An indication is provided by the validation service portal to the third-party application of whether the user has the authority to consent. The third-party application then initiates location-based services based on the indication.

Abstract: Certain embodiments allow security keys to be maintained across mobile device states, or communication events, such as hand-over, and system idle and sleep power savings modes. By monitoring the lifetime of security keys, keys may be refreshed in an effort to ensure key lifetimes will not expire during a hand-over process or other device unavailable state.

Abstract: A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, a plurality of stored signatures are maintained in a signature database, each signature being associated with one of a plurality of registered documents. In one embodiment, the signature database is maintained by de-registering documents by removing the signatures associated with de-registered documents. In one embodiment, the database is maintained by removing redundant and high detection rate signatures. In one embodiment, the signature database is maintained by removing signatures based on the source text used to generate the signature.

Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: A method for authenticating a first party with a second party, the first and second parties having means for communicating with each other, the first party having secret information and supporting a plurality of authentication modes for authenticating the first party with another party, using said secret information, the authentication modes of said plurality being arranged for protecting the first party's privacy with respective degrees. A degree with which the first party's privacy must be protected when authenticating the first party with the second party is negotiated between the first party and the second party. If the negotiation is successful, the first party is authenticated with the second party according to the authentication mode of said plurality having the negotiated degree of protection of the first party's privacy.

Abstract: In accordance with embodiments of the present disclosure, systems and methods for facilitating network transactions include user authentication over a network by providing strong mutual authentication of client web application to server side application server, providing session encryption key negotiation after authentication to continue encryption during communication, and providing a high-level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm. In various implementations, the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password or personal identification number) with something the user Has (e.g., a secure identification card) to create a stronger identity authentication proof for access to a mobile device and applications running on the mobile device.