Abstract: Novel tools and techniques are provided for implementing web-based monitoring and detection of fraudulent or unauthorized use of voice calling service. In various embodiments, a computing system might receive, from a user device associated with an originating party, a request to initiate a call session with a destination party, the request comprising user information associated with the originating party and a destination number associated with the destination party; might query a database with session data (including user information) to access permission data and configuration data; and might configure fraud logic using received configuration data from the database. The computing system might analyze the session data and permission data using the configured fraud logic to determine whether the originating party is permitted to establish the requested call session with the destination party; if so, might initiate one or more first actions; and, if not, might initiate one or more second actions.

Abstract: Provided is predictive modeling for anti-malware solutions. A profile for a device is determined based on at least one characteristic identified from a successful attempt by the device to access a network. An expected characteristic for a next access attempt by the device to access the network is determined based on the profile. The characteristic of the next access attempt is matched to the expected characteristic. In response to determining that at least one characteristic of the next access attempt matches the expected characteristic, the next access attempt by the device to the network is automatically granted.

Abstract: A method of efficient rekey in a transparent decrypting storage array includes receiving an instruction to rekey data on a storage array, wherein the instruction identifies first encryption information and second encryption information. The method further includes decrypting, by a processing device of a storage array controller, the data using the first encryption information to generate decrypted data. The method further includes encrypting the decrypted data using the second encryption information to generate encrypted data.

Abstract: Some database systems may implement encrypted connections to improve the security of incoming server traffic. The systems may implement the encrypted connections using encryption keys known to both a proxy server and a server (e.g., a database server). For example, a proxy server may encrypt one or more communications between the proxy server and a user device, such as self-identifying information for the user device, using a known encryption key. The user device may, in turn, attempt to establish an encrypted connection with the server using the encrypted communications. Because the encryption key is known to both the server and the proxy server, the server may decrypt the encrypted communications and subsequently establish an encrypted connection with the user device based on the decrypted communications.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for seed scrambling. An apparatus includes a memory element. An apparatus includes a scrambler component. A scrambler component includes an input circuit that receives a random seed. A scrambler component includes a matrix circuit that generates a new seed based on a matrix operation performed on a seed. A scrambler component includes a rotation circuit that forms a shifted seed. A shifted seed is formed by shifting a new seed based on a seed.

Abstract: A key-generating apparatus is provided for generating a session key which is known to a first communication apparatus and a second communication apparatus, for the first communication apparatus, from secret information which may be determined by the first and second communication apparatuses. The key-generating apparatus includes a first module operable to calculate the session key using a concatenation of at least a part of a random number and a part of the secret information, and a second module operable to use the session key for communication with the second communication apparatus.

Abstract: Methods and apparatus for intrusion protection in systems that monitor for improper network usage are disclosed. An example method to protect a service platform comprises detecting responses from the service platform indicative of questionable signaling protocol transactions. The example method further comprises storing transaction records corresponding to questionable signaling protocol transaction records with at least one of the transaction records identifying a signaling protocol message including an associated originating device address corresponding to a respective questionable transaction record. Additionally, the method comprises determining whether the originating device address is associated with an improper intrusion of the service platform based on at least one on the transaction records corresponding to the originating device address.

Abstract: A communication system includes an information processing device and a management device including a challenge input device, an encryption device, and a combination data output device. The challenge input device inputs challenge data output by the information processing device. The encryption device creates combination data including the challenge data and the predetermined data, and encrypts the combination data in units of blocks. The encryption device creates the combination data such that at least one block of the combination data includes both at least a part of the challenge data and at least a part of the predetermined data. The combination data output device outputs the combination data encrypted by the encryption device to the information processing device. The information processing device is provided with a challenge output device, a challenge storage, a combination data input device, a decryption device, and a data utilizing device.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: A bit sequence, which is contained in a signalling message and which is known to a network unit and to a communications terminal which receives the signalling message from the network unit, informs the communications terminal that a test value is contained in a signalling message. The test value received by the communications terminal is compared with a test value computed by the communications terminal, and the communications terminal defines a signalling message as being unmodified only in the event that the bit sequence contained in a signalling message has been received and the comparison of both test values yields a positive result.

Abstract: A controlling device provides conditional access to secured content renderable by an appliance. The controlling device transmits a data frame to the appliance and encrypts at least a part of the data frame that includes data to be used by the appliance to provide access to the secured content. At the appliance a decryption key complimentary to the encryption key is used to decrypt the received the data frame. The appliance allows the secured content to be rendered only after the appliance determines that the data in the received, decrypted data frame includes the data the appliance requires to provide access to the secured content.

Abstract: Systems and/or methods that facilitate security of data are presented. A random number generation component generates random numbers based in part on electron activity in a select memory cell(s) to facilitate data security. Sensor components that are highly sensitive can be employed to sense activity of the select memory cell(s) and/or reference memory cell in a noise margin associated with respective memory cells in the memory component. The activity of the select memory cell is compared to the reference memory cell(s) to facilitate generating binary data. The binary data is provided to the random number generation component where the binary data is evaluated to determine whether a predetermined level of entropy exists in the binary data. The binary data, or a portion thereof, can be processed to generate random numbers that are utilized in cryptographic processes and/or as a physical signature to facilitate data security.

Abstract: A public key cryptography (PKI or other similar system) is used to sent partial or multiple of encryption or decryption algorithm (cipher or decipher) to the data sender or receiver to encrypt or decrypt the data to be sent or received and destroy itself after each or multiple use. Since the encryption algorithm is protected, it can be devised very small in size in compare to the data to be sent and the user can afford to use large key size in it's transmission to increase protection without significant compact to the overall speed. Without knowing the encryption algorithm, which may also be changing from time to time, it will be impossible to use brut force to break the code provided that the algorithm scheme is designed properly. It is due to that there are unlimited numbers of new or old algorithms with countless variations and it takes years of supper fast computing time to break even few algorithms.

Abstract: Authentication information (125) obtained by a device (100) at one level of a transformation sequence is securely communicated to another device (200) at another level of the transformation sequence. To assure that the communicated authentication information (125) is not merely a copy of previously communicated authentication information, each communication (145) includes an item (255) that the receiving device (200) can verify as having been recently generated.

Abstract: An electronic encryption endpoint device includes a management interface, a storage device interface and a controller. The management interface is capable of operating as a control interface (e.g., connecting to an array controller). The storage device interface is arranged to communicate with a set of storage devices. The controller is arranged to (i) receive a key encryption key through the management interface, (ii) decrypt a portion of a key table entry of a key table using the key encryption key to extract a data encryption key from the portion of the key table entry, the data encryption key being initially encrypted within the portion of the key table entry prior to decrypting the portion of the key table entry, and (iii) encrypt data using the data encryption key and store the encrypted data in the set of storage devices through the storage device interface.

Abstract: A self-authenticating printed document (101) comprises text and a symbol (102) printed on the document (101). The symbol (102) includes a verification value, which is representative of the entire data content of the text, and error correction codes for correcting the text. The verification value is used to check the integrity of the text after the document has been corrected using the error correction codes.

Abstract: An encrypted data communication system for communicating an encrypted stream as an encrypted data stream from a device at transmitting end to a device at receiving end to suppress the effect of an erroneous detection of a dummy code is disclosed. A device at transmitting end generates a data stream having the bit sequence of a marker for determination, a synchronization marker and a location identification code after the data, encrypts the bit sequence of the data and the marker for determination and transmits the encrypted stream. A device at receiving end receives the encrypted stream, detects the bit sequence of the synchronization marker and the location identification code and decrypts the encrypted stream. In the case where the bit sequence of the data and the marker for determination is decrypted, the detection of the valid bit sequence is determined, while the detection of a dummy bit sequence is determined otherwise.

Abstract: A system that facilitates efficient code construction comprises a component that receives a first code and a transformation component that transforms the first code to a new code. The new code has essentially same length parameters as the first code but is hidden to a computationally bounded adversary. The first code can be designed in the noise model and appear random to a computationally bounded adversary upon transformation.

Abstract: A secret communication method and a communication device used in the method are provided for secret communication using communication path less frequently as a whole while avoiding a duplicative use of public communication.

Abstract: To enable a method and a system, having at least one base station and/or one data carrier, for transmitting signals between the base station and a number of mobile data carriers operating in the crypto mode or in the plain mode, wherein [a] the base station emits at least one command signal and/or data signal that is provided with at least one identifying pattern, [b] at least one of the data carriers receives the command signal and/or data signal emitted by the base station that is provided with the identifying pattern, [c] at least one of the data carriers that receive the command signal and/or data signal transmits to the base station a response signal that is a response to the command signal and/or data signal, and [d] the base station receives the response signal transmitted by the data carrier.

Abstract: A method, system and apparatus are described for avoiding the use of a web-server or generic security when providing network administration services remotely to managed entities using wireless technology. Instead a true Proxy device, not operating as a web-server, is used to pre-process all command traffic from wireless input devices (WID). The intervention between the WID and the managed entities of the Proxy isolating the managed entities from the WID, enhanced by encoding using a novel messaging protocol, further enhanced by a novel security model based on multiple pre-shared keys and algorithms together with identifiers and passwords that are not transmitted, achieves several bandwidth and security advantages including the ability to deliver TELNET services across the Internet and behind a firewall.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: Disclosed are methods and systems for frustrating statistical attacks. A sender and receiver agree upon an encryption and integrity encoding scheme. For each “real” data packet, the sender generates integrity information, puts it in the packet, and then encrypts the packet using the agreed-upon scheme. Every now and again, the sender generates a “pseudo-data” packet encoded using a scheme different from the agreed-upon scheme. When the real-data and pseudo-data packets arrive at the receiver, they are decrypted using the agreed-upon scheme, and their validity is verified using the integrity information. Verification succeeds for real-data packets, and their data are accepted as valid. Verification fails for pseudo-data packets, however, and their data are discarded. An eavesdropper cannot differentiate pseudo-data from real-data and so cannot help but use all of the packets in its analysis.

Abstract: A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.

Abstract: In the optical disk apparatus, an arbitrary seed data for randomizing is added to an original data to be recorded on a disk. One-bit randomizing data is determined by operation using one-bit original data or seed data, and plural-bit past randomized data. At the time of descrambling, descrambling is performed without seed data.

Abstract: A system (100) and method (400, 500) for data encryption and decryption are disclosed. The encryption system is operable at encryption rates in excess of 10 Mbps and is expandable to over 200 Mpbs. For encryption, plain characters are received, and a key block (120) includes key characters corresponding to the plain characters is accessed. A current key character corresponding to a current plain character is located. A next key character corresponding to a next plain character is located. An offset between the current key character and the next key character is determined to encrypt the plain characters. Aliases are used to facilitate the encryption and decryption. Vector distances of offsets are utilized for the encryption and decryption, using many variables and many dimensions, such as using coordinates.

Abstract: A circuit for controlling the random character of a bit flow, including an input shift register receiving the bit flow and having its outputs exploited in parallel, at least one element for comparing at least a partial content of the input register with predetermined patterns, a plurality of counters in a number at most equal to the number of predetermined patterns, and an element for detecting the exceeding of at least one threshold by one of the counters, the result of this detection conditioning the state of a word or bit indicative of the random or non-random character of the bit flow.

Abstract: A system and method for encrypting data communications between a client and server utilizes an untrusted proxy server to perform computationally expensive encryption calculations which would otherwise be performed by the client. Prior to transmitting the data message to the proxy server, the client masks the data message such that the data message is indecipherable to the untrusted proxy. The untrusted proxy performs the computationally expensive encryption calculations prior to transmitting the data message to the intended receiver.

Abstract: In the optical disk apparatus, an arbitrary seed data for randomizing is added to an original data to be recorded on a disk. One-bit randomizing data is determined by operation using one-bit original data or seed data, and plural-bit past randomized data. At the time of descrambling, descrambling is performed without seed data.