Abstract: Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. For example, in one embodiment, a broadcast station can broadcast a first over-the-air broadcast that includes a token. A local device can scan for and identify the token in the first over-the-air broadcast it receives. The local device can then transmit the received token and user registration to an authentication server. The authentication server can use the token and user registration information to create a unique broadcast identifier. The authentication server can then transmit the unique broadcast identifier to the broadcast station and the local device. The broadcast station then broadcasts a second over-the-air broadcast that includes a unique broadcast identifier. Once the local device receives the unique broadcast identifier from the second over-the-air broadcast and the authentication server, it can be authenticated as being in the broadcast area.

Abstract: A controlling device provides conditional access to secured content renderable by an appliance. The controlling device transmits a data frame to the appliance and encrypts at least a part of the data frame that includes data to be used by the appliance to provide access to the secured content. At the appliance a decryption key complimentary to the encryption key is used to decrypt the received the data frame. The appliance allows the secured content to be rendered only after the appliance determines that the data in the received, decrypted data frame includes the data the appliance requires to provide access to the secured content.

Abstract: Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. For example, in one embodiment, a broadcast station can broadcast a first over-the-air broadcast that includes a token. A local device can scan for and identify the token in the first over-the-air broadcast it receives. The local device can then transmit the received token and user registration to an authentication server. The authentication server can use the token and user registration information to create a unique broadcast identifier. The authentication server can then transmit the unique broadcast identifier to the broadcast station and the local device. The broadcast station then broadcasts a second over-the-air broadcast that includes a unique broadcast identifier. Once the local device receives the unique broadcast identifier from the second over-the-air broadcast and the authentication server, it can be authenticated as being in the broadcast area.

Abstract: Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. In one embodiment, an authentication server can transmit a unique broadcast identifier to a broadcast system and a local device. The broadcast system can then transmit a broadcast that includes the unique broadcast identifier. Once the local device receives the unique broadcast identifier from the broadcast and the authentication server, it can be authenticated as being in the broadcast area.

Abstract: A system and method determines the proximity of the target node to the source node from the time required to communicate messages within the node-verification protocol. The node-verification protocol includes a query-response sequence, wherein the source node communicates a query to the target node, and the target node communicates a corresponding response to the source node. The target node is configured to communicate two responses to the query: a first response that is transmitted immediately upon receipt of the query, and a second response based on the contents of the query. The communication time is determined based on the time duration between the transmission of the query and receipt of the first response at the source node and the second response is compared for correspondence to the query, to verify the authenticity of the target node.

Abstract: Methods and systems for blackout provisioning in a communication network. In an aspect, a method is provided for blackout provisioning in a distribution network. The method includes determining one or more affected regions, and generating a blackout key based an original key and the affected regions. The method also includes encrypting content with the blackout key to produce encrypted content, and transmitting the encrypted content and an encrypted version of the original key over the distribution network. An apparatus is provided for blackout provisioning that includes provisioning logic to determine one or more affected regions, a key generator to generate a blackout key based an original key and the affected regions, encryption logic to encrypt content with the blackout key to produce encrypted content, and a transmitter to transmit the encrypted content and an encrypted version of the original key over the distribution network.

Abstract: A trusted service which publishes information describing security attributes of computing platforms in a defined physical area, for use by a visitor to a building, for example, who is unfamiliar with the computing platforms available for use therein. In a preferred embodiment, the system provides only details and/or a list of public keys of genuine trusted computing platforms within the area. In another embodiment of the invention, the information system comprises a trusted computing platform for providing selected information to a user's portable computing apparatus.

Abstract: Systems and methods are provided to facilitate transactions or limit operations. According to one embodiment, region information is determined in accordance with information received by a user device from a local location device. A region requirement is also determined, and it is arranged for the user device to operate in accordance with the region information and the region requirement.

Abstract: A group management apparatus which manages a group in which one or a plurality of information processing apparatuses connect to each other by wireless communication detects the position of an information processing apparatus and determines whether the information processing apparatus exists in a predetermined range. When determining that the information processing apparatus exists in the predetermined range, the group management apparatus notifies the information processing apparatus of an encryption key to be used in the group. Upon detecting, based on the position detection result, that the number of information processing apparatuses existing in the predetermined range has changed, the group management apparatus updates the encryption key.

Abstract: The pocket portable electronic entity (400) with connection element (420) for removable connection to a host station (300), having first members (460, 470, 471) for secure communication with a remote server (100) via the connection element and the host station, second members (450, 455) for communication between the secure first communication element and a second portable electronic entity (500), and elements (440, 445) for communicating to the remote server via the secure first communication means data received from the second portable electronic entity via the second communication members.

Abstract: An authenticating system is provided including a client and a receiver. The client creates a first hash value using a first hash algorithm, and creates a second hash value from the first hash value. The receiver receives a first hash algorithm identifier from a server, transmits the second hash value, and receives an authentication result. The server stores a third hash value created using a second hash algorithm identifier, transmits the first hash algorithm identifier to a PC, receives the second hash value, determines if the second hash algorithm identifier coincides with the first hash algorithm identifier, creates a fourth hash value from the third hash value using the first hash algorithm where it coincides, determines whether the second hash value coincides with the fourth hash value, transmits that the authentication is successful where it coincides, and transmits that the authentication is unsuccessful where it does not coincide.

Abstract: A device comprises means for computing the air-craft (A) current position, means for determining at least one maximum permitted deviation (E1) around a set position of the flight path of the flight plan according to accuracy and integrity performances of said current position computation and to the restriction of a flight range authorized in a flight corridor (6A, 6B), and a display system (7) for displaying at least one a distance scale (9) on a viewing screen (8), at least one a fixed symbol (10) displaying the current position and two movable pointers (13, 14) displaying the limits of said maximum permitted deviation (E1).

Abstract: A method for security authentication within a wireless network is disclosed. A method within an adhoc mesh network for two devices to quickly determine roles (i.e. which is the authenticator and which is the supplicant) while establishing a security association is provided for. The invention further provides for the inclusion of cached key information in the role negotiation process and the application of role negotiation to a shortened three-way handshake.

Abstract: One embodiment of the present invention provides a system that implements a long-lived query (LLQ) at a name server. During operation, the system receives an LLQ from a client at the name server, wherein the LLQ requests information related to one or more data items stored on the name server. In response to the LLQ, the system informs the client of updates to the one or more data items.

Abstract: A multi-user e-mail messaging system is described that is interfaced through the Internet and includes a first user group sharing a first server, which first server is interfaced to the Internet. In this system, after an e-mail message has been originated by an originating user of the first user group, the e-mail message is directed onto an e-mail enhancement path, and additional content is added to the e-mail message using the e-mail enhancement path to produce an enhanced e-mail message. Thereafter, the enhanced e-mail message from the e-mail enhancement path to the intended recipient. In one feature, the path taken by an incoming e-mail message is different from an outgoing path taken by an e-mail message sent from the first user group. The outgoing path defined to the intended recipient includes the enhancement path.

Abstract: This disclosure describes methods for using embedded auxiliary signals in documents for copy detection and other applications. In on application, the auxiliary signal is formed as an array of elements selected from a set of print structures with properties that change differently in response to copy operations. These changes in properties of the print structures that carry the embedded auxiliary signal are automatically detectable. For example, the changes make the embedded auxiliary signal more or less detectable. The extent to which the auxiliary data is detected forms a detection metric used in combination with one or more other metrics to differentiate copies from originals. Examples of sets of properties of the print structures that change differently in response to copy operations include sets of colors (including different types of inks), sets of screens or dot structures that have varying dot gain, sets of structures with different aliasing effects, etc.

Abstract: A content reproduction apparatus (1) which reproduces digital contents, and includes a device key storage unit (110) holding a device key (110a) specific to the content reproduction apparatus (1) in a manner that does not allow access from outside the content reproduction apparatus (1). The content reproduction apparatus (1), also includes a device ID storage unit (19) holding device key index information (19a) that is in a one-to-one association with a device key (110a), an instruction code receiving unit (14a) receiving an instruction code to output index information, a device key index information obtainment processing unit (10a) outputting, to outside, the device key index information (19a) stored in the device ID storage unit (19) based on the instruction, and a device key index information output processing unit (11a).

Abstract: The present invention relates generally to handheld devices and using such to extract identifying data. One claim recites a handheld wireless device including: an input for receiving a subset of database information; electronic memory for storing the retrieved subset of database information, the handheld device including an input device; an optical imaging device for capturing a portion of a map, the portion of the map including at least one steganographic watermark hidden therein through alterations to data representing the portion, the alterations being generally imperceptible to a human observer of the portion of the map, the steganographic watermark including map location information; an electronic processor configured to: determine which information of the retrieved subset of the database information corresponds to the map location information; and control providing corresponding retrieved subset database information. Other claims and combinations are provided as well.

Abstract: The presently claimed technology relates generally to audio-based, location-related methods. One claim recites a method in which a microphone in a user's portable device captures ambient sound, and corresponding data is then processed to determine location information about the user's location. Action is then taken involving the determined location information. By such arrangement, location information is determined by reference to ambient sound captured by a user-carried portable device. A great number of other features and arrangements are also detailed.

Abstract: One aspect involves receiving by a tag of wireless communications that utilize a first security provision, and wireless communications that utilize a second security provision different from the first security provision. A different aspect involves receiving by an entity of an authentication request that is based on a first digital certificate unknown to the entity, and determining by the entity, without external authentication of the first digital certificate, whether the first digital certificate is in a trust relationship with a second digital certificate that is different from the first digital certificate and that is known to the entity.

Abstract: The location of group members having mobile communications devices such as cellular telephones, PDAs, and the like are managed by maintaining group member location awareness among the individual group members. The location of each group member is known on the basis of the determined location of the mobile communications device of each, either in absolute terms or in relative terms. The absolute and/or relative location may be reported by the mobile communications devices, such as to a mobile communications device of an administrator of the group or directly to individual group members. Rules may be established for providing notifications such as alerts and alarms to the group members when a group member strays from the group or from a fixed reference point and information may be provided to the straying member to assist the straying member in returning to the group.

Abstract: A security system assesses the response time to requests for information to determine whether the responding system is in physical proximity to the requesting system. Generally, physical proximity corresponds to temporal proximity. If the response time indicates a substantial or abnormal lag between request and response, the system assumes that the lag is caused by the request and response having to travel a substantial or abnormal physical distance, or caused by the request being processed to generate a response, rather than being answered by an existing response in the physical possession of a user. If a substantial or abnormal lag is detected, the system is configured to limit subsequent access to protected material by the current user, and/or to notify security personnel of the abnormal response lag.

Abstract: Range-confined security management adapter and method simplify security deployment in a network. First RC security information, including nearest- and k-neighbor information, is transmitted between authenticating neighbor and supplicant neighbor using a predetermined transmission adaptation technique. The adapter can evoke a response from the neighbor by adapting the initial transmitted signal power level, and increasing incrementally; the initial transmitted signal bit rate, and decreasing incrementally; or both, in response to second RC security information signal. RC communications are effected at low power, high bit rate, or both, establishing secure configuration, effecting secure communication, and thwarting miscreant intrusion into the network.

Abstract: A method for provisioning a mobile communications device comprises sending a registration request for registration with a registration server, the registration request including a request for a personal information number; receiving a response from the registration server, the response including the personal information number; sending a provisioning request to a network node, the request including the personal information number and at least one device identifier associated with the mobile communications device; receiving a response from the network node, the response including a URL and a session ID based upon the personal information number and the at least one device identifier associated with the mobile communications device; and launching an application on the mobile communication device to establish a communication session between the mobile communication device and a provisioning system.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: A wireless communication system includes a plurality of terminals connected to at least one wireless network on the basis of authority of security configuration parameters shared by the plurality of terminals. Each of the plurality of terminals revokes security configuration parameters of the terminal itself or security configuration parameters of another terminal in accordance with an agreement with said another terminal.

Abstract: A system, method and apparatus for providing location services whereby location determination and location disclosure are treated as separate and independent processes. Location determination may be performed (as necessary) via a first set of network entities to obtain location information for a mobile station. The location information may be cached for subsequent disclosure to any number of applications. Location disclosure may be performed (when requested) via a second set of network entities to provide the location information. Location determination may utilize a first security procedure for authentication and authorization and to obtain a first session key used for location determination. Location disclosure may utilize a second security procedure for authentication and authorization and to obtain a second session key used for location disclosure. For a roaming mobile station, location determination may be performed via a serving network and location disclosure may be performed via a home network.

Abstract: Methods and apparatus for the automated configuration of 802.1x clients in wireless computer networks are described. In one embodiment, a wireless network client for a wireless network is configured automatically, by providing (using a software driver installed at either the network client or a remote server) network configuration information to a software client of the wireless network client.

Abstract: The protection of data on a client mobile computing device by a server computer system such as within an enterprise network or on a separate mobile computing device is described. Security tools are described that provide different security policies to be enforced based on a location associated with a network environment in which a mobile device is operating. Methods for detecting the location of the mobile device are described. Additionally, the security tools may also provide for enforcing different policies based on security features. Examples of security features include the type of connection, wired or wireless, over which data is being transferred, the operation of anti-virus software, or the type of network adapter card. The different security policies provide enforcement mechanisms that may be tailored based upon the detected location and/or active security features associated with the mobile device. Examples of enforcement mechanisms are adaptive port blocking, file hiding and file encryption.

Abstract: A communication apparatus includes an authentication part for authenticating another communication apparatus with a first digital certificate, and a certificate transmission part for transmitting a second digital certificate when the authentication part succeeds in authenticating the other communication apparatus with the first digital certificate.

Abstract: In a cellular interception system, an information processing method for converting information of several cellular-network wireless messages from a first encrypted format under a session key, where each message is encrypted by a cellular ciphering algorithm chosen out of a collection of one or more cellular ciphering algorithms under the session key, to a second unencrypted format comprising: (A) divide the messages in the first format into two sets; the first set containing messages encrypted under the same encryption algorithm, and a second set containing the remaining messages. (B) subject the messages in the first set to a ciphertext-only cryptanalysis of a cellular encryption algorithm to recover the session key. (C) for each message in the second set, subject the message together with the recovered session key to the corresponding cellular ciphering algorithm to receive the message's information in the second format.

Abstract: Computer implemented methods, apparatus, and computer-readable media for detecting suspected spam in e-mail (24) originating from a sending computer (21). A method embodiment comprises the steps of determining (11) the actual IP address (23) of the sending computer (21); converting (12) the actual IP address (23) into geo-location data; and, using the geo-location data, ascertaining (13) whether the e-mail (24) contains suspected spam.

Abstract: A system and method determines the proximity of the target node to the source node from the time required to communicate messages within the node-verification protocol. The node-verification protocol includes a query-response sequence, wherein the source node communicates a query to the target node, and the target node communicates a corresponding response to the source node. The target node is configured to communicate two responses to the query: a first response that is transmitted immediately upon receipt of the query, and a second response based on the contents of the query. The communication time is determined based on the time duration between the transmission of the query and receipt of the first response at the source node and the second response is compared for correspondence to the query, to verify the authenticity of the target node.

Abstract: The present invention in various embodiments provides a computerized wagering game method and apparatus that features an operating system kernel, a system handler application that loads and executes gaming program shared objects and features nonvolatile storage that facilitates sharing of information between gaming program objects. The system handler of some embodiments further provides an API library of functions callable from the gaming program objects, and facilitates the use of callback functions on change of data stored in nonvolatile storage. The nonvolatile storage also provides a nonvolatile record of the state of the computerized wagering game, providing protection against loss of the game state due to power loss. The system handler application in various embodiments includes a plurality of device handlers, providing an interface to selected hardware and the ability to monitor hardware-related events.

Abstract: This invention is directed to simplify operation to be performed by an operator and allow authentication processing between two apparatuses while each apparatus uses a single wireless communication unit. For this purpose, when an authentication start instruction button is operated, a host apparatus decreases its RF power to set a communication range to about several ten cm. The host transmits an inquiry signal containing verification data and time interval data. A device which has received this inquiry signal transmits an inquiry response signal containing verification data and information for specifying itself at instructed time intervals. The host transmits authentication information only when this inquiry response is received at the set time intervals, the inquiry response contains verification data, the reception signal intensity changes in a predetermined range, and the inquiry response is sent from one device.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: An Operations, Administration, and Maintenance (OA&M) 16 provides security for managed resources on a wireless client device 10 at many levels of granularity, from the entire device, to subsystems, to software and hardware components, services and applications, down to individual attributes.

Abstract: Display devices are connected with a content server mounted inside a vehicle by a wireless communication technology as stipulated in IEEE802.11b. The content server and display devices share common keys (encryption key and corresponding decryption key) acted on by key creation information consisting of information about the vehicle. The content server reads out stored contents according to requests from the display devices. The read contents are then encrypted using the encryption key shared with the display devices and sent to the display devices. The invention can be applied to a wireless communication system consisting of devices which communicate data by wireless communication technology within the vehicle.

Abstract: Aspects for secure access and communication of information in a distributed media network may include detecting when a legacy media peripheral is connected to a PC and/or a media processing system on the distributed media network. One or more identifiers associated with the legacy media peripheral may be established and utilized to facilitate communication of the legacy media peripheral over the distributed media network. At least one legacy media peripheral identifier and at least one identifier of a user utilizing the legacy media peripheral may be requested. The legacy media peripheral identifier may be a serial number of the legacy media peripheral, while the user identifier may be a user password and/or a user name. Media peripheral association software may be executed on the PC and/or the media processing system and utilized for media peripheral association and authentication in accordance with various embodiments of the invention.

Abstract: A system may include and/or involve a first device, a second device, and logic to effect pairing of the first and second devices upon detection of physical contact between the devices.

Abstract: A method for preventing unauthorized connection in a network system mainly includes adding an authentication key in the LLDP (link layer discovery protocol) transmitted in accordance with the 802.1ab communication protocol so as to proceed with security mechanism under the structure of 802.1ab communication protocol. The method for preventing unauthorized connection includes receiving a LLDP packet satisfying the 802.1ab communication protocol transmitted from a second network device by a first network device in a network system; analyzing the LLDP packet and checking whether the LLDP packet contains a legitimate authentication key; and if the authentication key does not exist or is illegitimate, then block all packets transmitted from the second network device so as to prevent the unauthorized second network device from using the network transmission service provided by the first network device.

Abstract: Methods and apparatus for generating and transmitting dynamically generated session keys are disclosed. A key distribution center generates a session key between the key distribution center and a first mobility entity (e.g., an access point). Once the session key between the key distribution center and the access point is transmitted to the access point, the access point retrieves a shared session key between the access point and a Mobile Node from the key distribution center, which is then transmitted to the Mobile Node, enabling the Mobile Node to connect to the network. Similarly, either the Mobile Node or its Home Agent retrieves a session key between the key distribution center and the access point from the key distribution center, enabling a shared session key between the Home Agent and the Mobile Node to be obtained from the key distribution center. The Mobile Node (or Home Agent) then transmits the shared session key to the Home Agent (or Mobile Node).

Abstract: A system and method for securing data in mobile devices (104) includes a computing mode (102) and a plurality of mobile devices (104). A node security program (202) executed in the computing node (102) interfaces with a device security program (204) executed at a mobile device (104). The computing node (102) is responsible for managing the security based on a node security profile (208) interpreted by a node security program (202) executed in the computing node (102). A device discovery method and arrangement (106) also detects and locates various information (120) about the mobile devices (104) based on a scan profile (206).

Abstract: A personal communication apparatus is presented for generating a verifiable recording of a transaction, the transaction comprising an exchange of information. The apparatus includes a receiving component, a protection component, a memory and a recording component. The receiving component receives a transaction between a user of the apparatus and a remote person, and of receiving biometric data (BIOKY) of the remote person. The protection component protects the voice conversation with the biometric data (BIOKY). The recording component records the transaction protected with the biometric data on the memory. A communication apparatus is also presented that includes a memory and an authentication component. The authentication component provides access to a protected transaction stored on the memory.

Abstract: A geospatial decision management system (GDMS) can save the overall state of a user's experience at one point in time within a GDMS session so that the user can restore the overall state at a later time, such as by restoring a geospatial browser view (e.g., camera settings for rending the map on the display screen, layer state information, map location) and restoring the states of one or more instances of geospatially-referenced tools that were active at the time of the state save. Upon restore, the browser and tools are initialized with their saved states so that the user is presented with the same functionality, data, and browser view that were displayed and accessible at the time of the state save. Saved states are transportable and can also be sequenced and animated to allow presentation of a slide show of individual GDMS views.

Abstract: A first processing device, which may be, for example, a wireless authentication token or an RFID tag, comprises a memory, a processor coupled to the memory, and interface circuitry coupled to the processor. The processor is operative to control the output of authentication information via the interface circuitry, where the authentication information comprises a sequence of values corresponding to images of a hash chain. A given one of the values of the sequence is utilized by a second processing device to generate a modified value suitable for providing joint authentication of the first and second processing devices.

Abstract: A method and apparatus for encapsulating long messages over limited Fiber Channel ELSs. The method includes ascertaining if the authentication message has a length that exceeds the message length supported by the device with which communication is sought, and either: fragmenting the authentication message into message fragments if the length of the message exceeds the message length supported by that particular device and sequentially sending the message fragments one by one; or sending the authentication message in its entirety if the length of the authentication message is less than the message length supported by that particular device. When the message is fragmented, a fragmentation bit in the message fragment is set except for the last message fragment. The set fragmentation bit indicates that subsequent fragments are to be sent. The fragmentation bit of the last fragment is reset to indicate that it is the last fragment in the authentication message.

Abstract: A mobile communications device includes logic means operable to generate a request that is transmitted to a first network node. The request includes a personal information number and at least one device identifier associated with the mobile communications device. The mobile communications device also includes logic means operable to receive a response from the first network node. The response includes a URL and a session ID based upon the personal information number and the at least one device identifier associated with the mobile communications device. The mobile communications device further includes logic means operable to establish a communication session with a second network node to provision at least one aspect of the mobile communications device by transmitting the URL and the session ID to the second network node.

Abstract: The present invention provides for an identification of a sender in a network, wherein first time-dependent data is generated at a sender on the basis of a first time. At least the first time-dependent data is communicated by the sender via a network to a receiver, which, in response to receiving the first time-dependent data, generates second time-dependent data on the basis of a second time. In order to verify the identity of the sender, the first and second time-dependent data are compared to determine a correspondence. Such a correspondence indicates that the sender is authorized to perform data communications with the receiver, i.e. indicates a successful verification of the identity of the sender.