Abstract: A system and method to detect and geographically locate rogue wireless access users to a computer network are described. The present invention maps an area covered by the wireless network into islands with substantially similar network performances based on information collected by a network management system. This information is collected throughout the day to form a spatial performance model which comprises historical records of each island, giving a dynamic picture of the area covered. The averages of these historical values of the performance parameters at each time interval of the day form the basis of comparison with the captured current values of the rogue user. Once a potential intruder has been identified from his Media Access Control and Internet Protocol addresses, the algorithm of the present invention is used to localize the suspect into the island which has the substantially similar performance characteristics as the rogue user's computer.

Abstract: A communications system includes a plurality of recipient processors located at geographically remote locations with respect to each other and connected for communication with an information provider processor, over the communications network. The provider and recipient processors may comprise respective computers coupled for communication on the Internet or WWW. The provider processor is capable of providing information from any suitable source, by communicating such information over a communications network. However, access to the information by the recipient processors is controlled, based on the geographic location or region of the recipient processors. Each recipient processor is operably associated with a positioning system for providing geographic location information corresponding to the location or region in which the positioning system is located, such as a global positioning system GPS.

Abstract: Generating symmetric keys among distributed appliances, includes generating public and private values on at least one appliance, importing a public value from another appliance via an out-of-band entity, and generating a secret value as a function of the private value corresponding to the local appliance and the public value received from the other appliance.

Abstract: The invention provides a method, system, and program product for encrypting information. In one embodiment, the invention includes prompting a user for a password associated with a digital signature certificate stored in a digital pen, capturing a handwritten password made using the digital pen, displaying to the user the captured password, and encrypting information entered using the digital pen using the captured password. In some embodiments, the password may be captured from a predefined field on a digital page.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: An apparatus for evidencing an occurrence of a transaction is provided that includes a tamper indicating housing, a processing unit provided within the tamper indicating housing, and a cryptographic module also provided within the tamper indicating housing. The processing unit is adapted to: (i) determine current location information indicating a current location of the apparatus, (ii) obtain transaction information relating to the transaction, and (iii) compile a data block including at least the current location information and the transaction information. The cryptographic module is adapted to generate cryptographic evidence based on the data block. The processing unit may also be adapted to obtain current time information, and the data block may further include the current time information. The processing unit may also be adapted to obtain user authentication information, such as biometric information, and the data block may further include the user authentication information.

Abstract: A cryptographic key split combiner includes a number of key split generators for generating cryptographic key splits from seed data, and a key split randomizer for randomizing the key splits to produce a cryptographic key. The key split generators can include a random split generator for generating random key splits, a token split generator for generating token key splits based on label data, a console split generator for generating console key splits based on maintenance data, a biometric split generator for generating biometric key splits based on biometric data, and a location split generator for generating location key splits based on location data. Label data can be read from storage, and can include user authorization data. A process for forming cryptographic keys includes randomizing or otherwise binding the splits to form the key.

Abstract: A power management architecture for an electrical power distribution system, or portion thereof, is disclosed. The architecture includes multiple intelligent electronic devices (“IED's”) distributed throughout the power distribution system to manage the flow and consumption of power from the system using real time communications. Power management application software and/or hardware components operate on the IED's and the back-end servers and inter-operate via the network to implement a power management application. The architecture provides a scalable and cost effective framework of hardware and software upon which such power management applications can operate to manage the distribution and consumption of electrical power by one or more utilities/suppliers and/or customers which provide and utilize the power distribution system.

Abstract: The invention relates to a tracking system with redundant security and retransmission features. The invention comprises one or more positioning devices (2), one or more localisers (1), one or more communication networks and one or more control centres (3). The localisers (1) and the positioning devices (2) comprise two or more communication interfaces and two or more positioning systems. The positioning devices (2) can calculate the position thereof using one of the positioning systems and send said position using one of the communication interfaces, thereby ensuring that the system functions if one of the positioning systems or one of the communication interfaces stops operating. The localisers can serve as nodes (4) and retransmit position-related data from a positioning device to a localiser requesting said information. Both the positioning devices and the localisers are mobile. In addition, the control centres can monitor the position of the positioning devices if necessary.

Abstract: An apparatus (213) and corresponding methods (FIG. 7) to facilitate maintaining crypto synchronization while processing communication signals in a communication unit includes a vocoder (215) configured to convert input audio band signals to vocoder output frames; a crypto processor (217) configured to encrypt the vocoder output frames to provide encrypted output frames; and a synchronizer (219) configured to substitute in a predetermined manner synchronization information corresponding to an encryption state of the crypto processor for a portion of the encrypted data in a portion of the encrypted output frames to provide resultant output synchronization frames suitable for synchronizing a decryption process at a target communication unit.

Abstract: In a first aspect, the present invention provides a protocol for communications across a securable communication channel between a first device and a second device. The protocol includes the transmission of a plurality of uniquely identifiable messages which each include security-related data, from the first device to the second device. The protocol includes determining whether a subset of messages that are received by the second device comply with at least one predetermined message criterion and are identifiable as having been sent from the first device. In the event that said subset of messages are determined to comply with the predetermined verification criterion (or criteria) and are identifiable as having been sent from the first device, the security-related data is determined to have been successfully communicated to the second device.

Abstract: An electronic device, a control method thereof and a security program are provided which are capable of preventing or suppressing the theft of the electronic device. The electronic device comprises mounting means for loading a portable recording medium and encrypted information write means for encrypting predetermined information using an encryption key unique to the electronic device and writing the encrypted information in the recording medium. The electronic device further comprises encrypted information read means for reading the encrypted information recorded in the recording medium in the case where the recording medium is loaded in the mounting means, decryption execution means for executing the decryption of the encrypted information using the encryption key, and control means for setting the electronic device in usable mode in the case where the encrypted information is decrypted by the decryption execution means.

Abstract: The present invention relates to a state machine which has a dual process which receives and concurrently processes ad-hoc and infrastructure processes. The dual process state concurrently executes both processes by either over-clocking a media access control core, or by routing the processes to multiple media access control cores for processing. The state machine contains an ad-hoc process state which accepts either an ad-hoc or an infrastructure signal, and either processes the signal if the received signal is an ad-hoc signal, or transfers control to an infrastructure process state for processing if the received signal is an infrastructure signal. The state machine also contains an infrastructure process state which accepts either an ad-hoc or an infrastructure signal, and either processes the signal if the received signal is an infrastructure signal, or transfers control to an ad-hoc process state for processing if the received signal is an ad-hoc signal.

Abstract: A method and system for controlling distribution of content within a personal domain that makes use of a determination of the relative proximity to a source device or the geographic locations of the receiving devices. The location information may be determined using a Global Positioning System (GPS) or wireless triangulation systems. Usage rights for devices in the network are determined using the location or proximity determination.

Abstract: A method and apparatus for controlling access to digital information utilizes a location identity attribute that defines a specific geographic location. The location identity attribute is associated with the digital information such that the digital information can be accessed only at the specific geographic location. The location identity attribute further includes a location value and a proximity value. The location value corresponds to a location of an intended recipient appliance of the digital information, and may be further defined in terms of latitude, longitude and altitude dimensions. The digital information is encrypted using a geolocking key based at least in part on the location identity attribute. The geolocking key is based on a shape parameter that is determined from the location identity attribute and is included with the encrypted digital information. The shape parameter describes a shape of a geographic area, but does not identify where the geographic area is located.

Abstract: A method and apparatus for processing satellite positioning system (SPS) signals which are weak in level. In one embodiment, a SPS receiver receives at least two signal samples representing, at least in part, common information, wherein the two signal samples are associated with one or more satellite messages. By combining the two signal samples, navigation information (e.g., time, position, velocity, etc.) may be determined based on the combination of the two signal samples. According to another embodiment, the two signal samples are differentially demodulated and summed together to form the combination.

Abstract: A system that facilitates efficient code construction comprises a component that receives a first code and a transformation component that transforms the first code to a new code. The new code has essentially same length parameters as the first code but is hidden to a computationally bounded adversary. The first code can be designed in the noise model and appear random to a computationally bounded adversary upon transformation.

Abstract: A system and method is provided to determine location information of a portable computing device and, in particular, to a secure and scalable system and method of decoupling and exposing handset originated location information to third parties. The system includes a location platform to determine location information of a remote user, and an encryption service configured to secure the location information of the remote user and send the secure location information to a content provider.

Abstract: A data encryption and decryption system securely geoencrypts data using location-dependent navigation signals. To increase the entropy of the cryptographic key to guard against a brute-force attack, geoencryption is made to depend on largely time-independent characteristics of the navigation signals that are not easily spoofed, including the time difference of arrival, the envelope-to-cycle difference, the differential signal-to-noise, the signal envelope shape, and the directions of arrival of the navigation signal set.

Abstract: The administration of protection of data on a client mobile computing device by a server computer system such as within an enterprise network or on a separate mobile computing device is described. Security tools are described that provide different security policies to be enforced based on a location associated with a network environment in which a mobile device is operating. Methods for detecting the location of the mobile device are described. Additionally, the security tools may also provide for enforcing different policies based on security features. Examples of security features include the type of connection, wired or wireless, over which data is being transferred, the operation of anti-virus software, or the type of network adapter card. The different security policies provide enforcement mechanisms that may be tailored based upon the detected location and/or active security features associated with the mobile device.

Abstract: Configuring functional capabilities in a data processing system comprising entitlement data in a non-volatile storage. The position of the data processing system is determined. Based on said position, functional capabilities are changed based on position information comprised in the entitlement data. Changing functional capabilities consists of enabling functional capabilities, disabling functional capabilities, and both enabling and disabling functional capabilities.

Abstract: According to the invention, a field mobile terminal, such as a PDA, is adapted to a use. The mobile terminal is provided with data, which is divided into several parts. Each part concerns data connected to a certain area, and the data of each part has been encrypted by using a specific encryption key or keys. The provision of data is a preliminary step for adapting the mobile terminal and it may be done in an office of a public utility or a corresponding organization. A decryption key (or keys) is location specific. The decryption keys are in a special server. When a decryption of a part (or parts) is needed, the server finds out the location of the mobile terminal. This is done by asking for the location information from a special location information application in a communication network. The application utilizes the location information of the mobile network, which is updated in the wireless network system, such as in a GSM network.

Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.

Abstract: Pervasive security is provided by a combination of physical interfaces and network interfaces to a service to a user includes establishing by the user's client device network connectivity to the service, transmitting by the service an identifier to the user's client device, determining by the service whether the user enters the identifier into the service in physical proximity to the service, and invoking the service once the user has entered the identifier into the service while in physical proximity to the service. The service can provide indication that the service has been granted by sending a control page to the user's client device.

Abstract: Aspects for secure access and communication of information in a distributed media network may include detecting when a legacy media peripheral is connected to a PC and/or a media processing system on the distributed media network. One or more identifiers associated with the legacy media peripheral may be established and utilized to facilitate communication of the legacy media peripheral over the distributed media network. At least one legacy media peripheral identifier and at least one identifier of a user utilizing the legacy media peripheral may be requested. The legacy media peripheral identifier may be a serial number of the legacy media peripheral, while the user identifier may be a user password and/or a user name. Media peripheral association software may be executed on the PC and/or the media processing system and utilized for media peripheral association and authentication in accordance with various embodiments of the invention.

Abstract: A method or system for providing a level of data security dependent on the location of the user of a wireless device is disclosed. One exemplary embodiment relates to a method of adjusting security for a network user node in communication with a network based upon the location of the node. The method is performed by determining the location of a network user node, selecting a single level of security from a group of more than two security levels based on the determined location, and modifying the security protection for the network user node based upon the selected level of security.

Abstract: A system and method for authenticating document processing transactions wherein the transaction is rejected if the user is not within a selected geographical region. A transaction request is first received representing a request for the completion of a selected transaction associated with a selected user. Preauthorized geographic region data, associated with the selected user, is then received indicating from where the associated user is allowed to request transactions. Location data representing the source of the transaction request is then received and tested against the preauthorized geographic region data. The result of this testing determines whether the requested transaction is authorized.

Abstract: In a method and apparatus for synchronizing the receiver and the emitter in an autocompensating quantum cryptography system it is allowed to one of the stations (for example the emitter) to define the timing of all its operations (for example the application of a signal onto the modulator used to encode the values of the bits) as a function of a time reference. This time reference can either be transmitted using a channel from the other station (for example the receiver). It can also consist of a time reference synchronized with that of the other station through using information transmitted along a channel and a synchronization unit. Preferably a time reference unit is provided at each station. One of these time reference units functions as a master, while the other one function as a slave. The slave is synchronized with the master using information transmitted over a communication channel by a synchronization unit.

Abstract: A system and method for controlling access to a wireless networking system using RFID tags is provided. The security system and method uses RFID tags to determine the location of mobile computing device. The security system and method selectively allows access to the wireless networking system based on the determined location of the mobile computing device. For example, the security system and method will permit access to the wireless networking system if the mobile computing device is determined to be in an area of permitted access. Conversely, the security system and method will deny access to the wireless networking system if the mobile computing device is determined to be not within an area of permitted access. Thus, the system and method is able to effectively control access to the wireless networking system by only permitting access to mobile devices within designated areas.

Abstract: A method of allowing a remote device connected to a first network to access a second network, including leasing a leased network address to the remote device, where the leased network address allows the remote device access to the first network for a pre-defined time period, submitting at least one identification token from the remote device to an appliance within the first network, validating the at least one identification token within the pre-defined time period, and connecting the remote device to the second network if the validating is successful.

Abstract: Systems and methods for improving HDCP (High-Bandwidth Digital Content Protection) authentication with DVI or HDMI receiver devices are provided. An HDCP transmitting apparatus according to the invention may include a computer and a look-up table accessible by the computer. The look-up table may include a database for storing an interoperability characteristic for an HDCP receiving device. The computer can communicate with the HDCP receiving device. The computer may also insert a delay in an initiation of the authentication and/or communication of content between the HDCP transmitting apparatus and the HDCP receiving device. The magnitude of the delay may be based on an interoperability characteristic retrieved from the look-up table that corresponds to the HDCP receiving device. The inserting may occur prior to the implementation of authentication initiation and ongoing link integrity checking between the transmitting apparatus and the HDCP receiving device.

Abstract: A method and system for authenticating a user receiving device to communicate with a partner service device includes a primary service provider. A user receiving device generates a request for a first encrypted token. The user receiving device communicates the request for the first encrypted token to an authentication web service of the primary service provider. The authentication web service generates the first encrypted token. The primary service provider communicates the first encrypted token to the user receiving device. The user receiving device communicates the first encrypted token to the partner service provider. The partner service provider communicates data to the user receiving device after receiving the first encrypted token.

Abstract: A system and method is set forth for communicating between a user network device, a partner service provider, a primary service provider and a user network device. The user network device initiates an account set-up page from the partner service provider, provides primary service account data in response to the account setup page and communicates the primary service account data to the primary service provider setup web service. The primary service provider validates the primary service account data and generates an encrypted token in response to validating the primary service account data. The user network device generates a request for data through a partner service provider. The partner service provider communicates the request for data with the encrypted token to the primary service provider. The primary service provider validates the request for data at the authentication web service and communicates data to the client device from a data web service through the partner service provider after validating.

Abstract: A digital watermark which is incorporated, perceptibly or imperceptibly, into a diffractive device such as a hologram. When applied to protect and/or authenticate a document of value or a product, the device provides an increased degree of overt and covert security, and permits tracking of the sale, use or other parameters associated with the product and/or document of value.

Abstract: An invention is provided for monitoring an item, such as a container. The invention includes a computer in communication with a receiver that receives signals from a remote source. A transmitter in communication with the computer receives values from the computer based on the signals received from the remote source. These values are then transmitted to a security device associated with the item, which includes an authentication table comprising a plurality of initial values. The security device then records values transmitted from the transmitter. The values can be jitter values, with each jitter value being a difference in arrival times of at least two timing signals from the same remote source.

Abstract: Methods and apparatuses for minimizing co-channel interference in communications systems are disclosed. A method in accordance with the present invention comprises scrambling a first header of the first signal using a first scrambling code, scrambling a second header of the second signal using a second scrambling code, and transmitting the first signal and the second signal with the scrambled first header and the scrambled second header over different channels of the communication system.

Abstract: A printer generates a public key with a passphrase containing at least printer position information and a random number by a public key cryptography, and holds this random number. A print client previously acquires the public key from the printer. When transmitting print data to the printer, the print client encrypts the print data in advance with the acquired public key and transmits the encrypted print data as print transmitting data. The printer which has received the print transmitting data generates a private key with a passphrase containing at least printer position information and the held random number by the public key cryptography. The printer then decrypts the received print transmitting data with the private key. Consequently, the security of the print data transmitted from the print client to the printer via a network is ensured.

Abstract: Data processing apparatus distributes a public key certificate and information about a private key to a user terminal as activation information separately from a terminal module. In the case where the public key certification is vulnerable, it transmits only the activation information again.

Abstract: A location-relevant service system provides location-relevant information to, or performs location-relevant service for, a first mobile unit based on the location of a second mobile unit. In one instance, the first mobile unit is fixed on a vehicle, while the second mobile unit can be provided as a cellular phone. In another instance, the first mobile unit is provided with a display panel, so that authentication can be achieved through providing the display location information to a location-relevant service server using the second mobile unit.

Abstract: Cryptographic techniques are provided having a complexity level which permits their implementation in inexpensive radio frequency identification (RFID) tags or other RFID devices. In an RFID system comprising one or more RFID devices and at least one reader that communicates with the devices, a plurality of pseudonyms is associated with a given one of the RFID devices. The RFID device transmits different ones of the pseudonyms in response to different reader queries, and an authorized verifier is able to determine that the different transmitted pseudonyms are associated with the same RFID device.

Abstract: A system and method is described for reliably transferring a node in a communications network from one Logical Network to another Logical Network. The system and method is reliable and robust with respect to potentially varying implementations of host devices in the communications network, and is compatible with other network management operations as specified in HomePlug Specifications.

Abstract: A key management method for wireless networks is disclosed. Before a mobile station residing in a first ASN switches to a neighboring second ASN, an authentication process between the mobile station and the second ASN is implemented. Thus, the authentication process is not required when the mobile station is switching to the second ASN.

Abstract: Secure establishment of a key associated with a first facility identifier is facilitated. The key is shared between a device and an operator of a first facility, via a public key management infrastructure of a payment system operating according to the payment standard, during a first transaction, substantially in accordance with the payment standard, between the device and the first facility. Controlling access to a first facility is facilitated, via the device, using the key associated with the first facility identifier, substantially without reference to an issuer of the device and substantially without use of asymmetric keys of the device, during a plurality of subsequent transactions, substantially in accordance with the payment standard, between the device and the first facility.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: This document describes tools capable of securely distributing entertainment content among and using distributed hardware. These tools may do so robustly by rebinding entertainment content between distributed hardware units. The tools, for example, may distribute content protection in hardware between a policy unit, a transcryption unit, a graphics processing unit, and a playback unit. By so doing the tools enable, among other things, users to select from many graphics cards rather than rely on the graphics capabilities of an integrated (e.g., SOC) hardware solution.

Abstract: A system, method and computer program for enforcing network cluster proximity requirements using a proxy is useful in preventing unauthorized devices from receiving encrypted broadcast content intended for only authorized users within a network cluster. The current art allows users to remotely establish trust via a cryptographic handshake. This results in encrypted broadcast content being delivered to unauthorized devices. The present invention assures that encrypted broadcast content is delivered to only authorized devices, allowing authorized remote devices to receive encrypted broadcast content while preventing unauthorized remote devices from doing so. The present invention enforces network proximity requirements to authorized devices within a defined area by timing the cryptographic handshaking, and by authorizing device proxies within a geographic area for retransmitting to authorized remote devices outside said geographic area.

Abstract: Systems and/or methods of selectively terminating security in mobile networks are presented. User equipment (UE) can specify cipher termination location capabilities for encrypting/decrypting data packets to a base station in a mobile network. The mobile network can subsequently determine at which node in the network to terminate the cipher in part according to the capabilities provided and deliver the determined location to the UE. The determined cipher termination location can be provided in response to a request to initiate communications, the initial request can specify the capabilities. The UE can utilize the location to support disparate types of networks and to intelligently deal with hand-offs and other functions of the mobile network.

Abstract: This invention provides a method and apparatus to eliminate the theft of various types of electronic equipment through the use of an existing telephonic connection. The method includes steps of determining an apparent theft, contacting a local police or security authority and providing a means of discovering the location of the stolen equipment. The method further allows the apparatus to eliminate the need for excessive hardware components by utilizing pre-existing infrastructure. In utilizing preexisting infrastructure, the invention allows operation in a plurality of locations through its stand-alone capabilities and location identification capabilities.

Abstract: A printer generates a public key dependent on printer position information and transmits it to a print client. The print client encrypts a common key with this public key and transmits it to the printer, and encrypts print data with this common key and transmits it to the printer. The printer generates a private key dependent on printer position information to decrypt the encrypted common key, and decrypts the print data with the common key. Consequently, the printer capable of restricting the place where a print operation can be executed can be provided.