Abstract: An apparatus, system and method provides an out-of-synchronization detection by using a network layer checksum. A process operating at an upper layer verifies that a checksum embedded in a network layer header is correct before encrypting and transmitting a data packet containing the header and a payload. The data packet is received through a wireless communication channel at a receiver and decrypted. A calculated checksum is calculated on the received payload at the receiver and compared to the received checksum embedded in the header. A key stream used at the receiver for decrypting the received encrypted data packets is determined to be out of synchronization with a key stream used at the transmitter to encrypt the data packets if the calculated checksum is not equal to the network layer checksum.

Abstract: A method for operating a wireless sensor network, wherein the sensor network includes a multitude of distributed sensor nodes for sensing data within a pre-definable environment, and wherein the sensor nodes can exchange information via encrypted data transmissions over a radio Channel is—regarding the fact that during the operational phase of the network the Performance of changes in the network, in particular the composition of the sensor nodes that are integrated in the network, is allowed in a flexible way—characterized in that a subset of sensor nodes of the network is manipulated in order to establish a shared secret (x) by transferring a defined information to the sensor nodes of the subset over a secure out of band (OOB) Channel.

Abstract: According to certain embodiments of the present invention, cryptosynchronization values are calculated on an initiating and/or responding device in a communications system such that cryptosynchronization-based procedures might succeed even when the discrepancy between the system times of the initiating and responding devices exceeds the cryptosync constraints imposed by the communications system. In one embodiment, the initiating device add/subtracts a cryptosynchronization adjustment value x to/from the initiating device's system time to yield an adjusted initiator cryptosynchronization value. In another embodiment, the receiving device adjusts the receiving device's system time to yield an adjusted receiver cryptosynchronization value.

Abstract: An encryption transmission apparatus and an encryption reception apparatus avoid attack that takes advantage of a re-transmission request. A server apparatus encrypts a content key five times, thereby generating five encrypted content keys, calculates a hash value of the content key, and transmits the five encrypted content keys and the hash value. An image playback apparatus receives the five encrypted content keys and the hash value, decrypts the five encrypted content keys thereby generating five content keys, calculates hash values, each corresponding to the generated content keys, and compares the calculated hash values with the received hash value, respectively. If at least one of the five calculated hash values matches the received hash value, the corresponding content key is considered correct. Conversely, if none of the five calculated hash values matches the received hash value, it is considered a decryption error.

Abstract: Provided are a cell search method, a forward link frame transmission method, an apparatus using the methods, and a forward link frame structure. The cell search apparatus includes a sync acquirer acquiring synchronization of sync channel symbols using a sync channel of a forward link, and a group detector detecting at least one hopping codeword element belonging to a hopping codeword of a target cell from a forward link signal containing sync channel symbols sequence-hopped using a hopping codeword corresponding to a code group to which a scrambling code of each cell belongs based on the acquired synchronization, and detecting a code group of the target cell based on the detected hopping codeword element, wherein the hopping codewords are orthogonal to a cyclic shift operation. Accordingly, a cell search time and the complexity of the cell search can be reduced.

Abstract: A method for protecting traffic in a radio access network connected to at least two core networks. The method comprises maintaining a core-network-specific authentication protocol and a radio-bearer-specific ciphering process, and generating, for each ciphering process, a count parameter comprising a cyclical sequence number and a hyperframe number (HFN) which is incremented each time the cyclical sequence number completes one cycle. For each core network or authentication protocol, a first radio bearer of a session is initialized with a HFN exceeding the highest HFN used during the previous session. When a new radio bearer is established, the mobile station selects the highest HFN used during the session for the core network in question, increments it and uses it for initializing the count parameter for the new radio bearer. At the end of a session, the mobile station stores at least part of the highest HFN used during the session.

Abstract: A method and an apparatus for managing an HFN for ciphering/deciphering at an RNC of a mobile communication system are provided. In the method, a Timing Adjustment (ToA) value is received from a base station, and a Connection Frame Number (CFN) is corrected. Whether correction of the CFN has been generated within the same cycle is determined by comparing the correction CFN with an absolute CFN serving as a reference. An HFN value is changed or maintained depending on whether the CFN correction has been generated within the same cycle.

Abstract: There are provided a base station device transmitting a frame capable of performing cell search without being affected by arrangement of a pilot channel and a mobile station device performing cell search by using the frame. In the base station device (100), a frame formation unit (120) forms a frame by arranging a P-SCH sequence used for synchronization of a frame timing on some symbols of multi-carrier symbols at a predetermined position from the frame head in the frequency direction and arranging an S-SCH sequence corresponding to a base station scrambling code so that it is not overlapped on some of the multi-carrier symbols at a predetermined position from the frame head with the same symbol as the frame synchronization sequence. The frame is received by the mobile station device (200) and the S-SCH is demodulated. Thus, it is possible to directly identify the base station scrambling code without using a pilot channel.

Abstract: An encryption system (1) and a method for encrypting and decrypting sensitive data during a data interchange between at least two electronic appliances communicating with one another. The encryption system (1) has a data stream module (2) for providing a synchronous data stream as raw material for key generation, a data module (5) for preparing the data for the encryption/decryption, a key generator (6) to which an agreed information portion of the data stream from the data stream module (2) is supplied, an encryption/decryption unit (7) which is connected to the data module (5) and to the key generator (6) and which encrypts/decrypts the sensitive data using a keyword, and an output unit (7) for forwarding the encrypted/decrypted data, the key generator (6) taking the data stream supplied to it and producing a respective keyword for each message which is to be encrypted/decrypted simultaneously on the appliances communicating with one another.

Abstract: A method for controlling access to a target application in accordance with an exemplary embodiment is provided. The method includes determining whether a user is within a predetermined distance from at least one predetermined base device. The method further includes determining whether the predetermined base device is within a predetermined geographical region. The method further includes receiving user access information associated with the user and authenticating the user access information. The method further includes authorizing a user computer only when the user is within the predetermined distance from the predetermined base device, and the predetermined base device is within the predetermined geographical region, and the user access information corresponds to predetermined user access information associated with the user. The method further includes allowing the user computer to access the target application when the user computer has been authorized.

Abstract: A rolling code transmitter is useful in a security system for providing secure encrypted RF transmission comprising an interleaved trinary bit fixed code and rolling code. To provide even greater security, the transmitter is limited in the number of times it may perform a resynchronization procedure. A receiver demodulates the encrypted RF transmission and recovers the fixed code and rolling code. Upon comparison of the fixed and rolling codes with stored codes and determining that the signal has emanated from an authorized transmitter, a signal is generated to actuate an electric motor to open or close a movable barrier.

Abstract: Secure access to a wireless network access can be provided in a system where wireless devices access a wireless network through a wireless access point (WAP). For example, a plurality of pre-shared keys (PSKs) may be generated and distributed to the WAP and the wireless device. The wireless device may automatically rotate an active one of the plurality of PSKs, while the WAP receives one or more rotation signals identifying the active one of the plurality of PSKs. The wireless device and the WAP may encrypt information relating to the active one of the PSKs within communications between them, thus securing the communications.

Abstract: An apparatus for dynamically managing a group transient key (GTK) and a method thereof in order to perform setting of a GTK successfully by an access point (AP). Wherein, the AP checks security state of a plurality of mobile stations (MS)s connecting to the AP, and exchanges and sets a GTK for authenticated MSs. The apparatus for managing a GTK in a wireless LAN system, the apparatus including: a GTK generation timing deciding unit for deciding timing to generate a GTK based on security state of an MS; a GTK generating unit for generating a GTK according to the GTK generation timing decided in the GTK generation timing deciding unit; a GTK exchanging unit for exchanging the GTK generated in the GTK generating unit based on the security state of the MS; and a GTK setting unit for setting the GTK based on the number of MSs exchanged the GTK.

Abstract: A sending apparatus generates a first initial vector, a second initial vector, and an encryption key in response to a pseudo random number. Original information is encrypted into cipher information in response to the encryption key and the second initial vector. The cipher information and the first initial vector are transmitted from the sending apparatus to a receiving apparatus. The receiving apparatus generates a first initial vector, a second initial vector, and an encryption key in response to a pseudo random number equal to that in the sending apparatus. The cipher information is decrypted back to the original information in response to the generated encryption key and the generated second initial vector. The receiving apparatus compares the received first initial vector and the generated first initial vector to check whether or not encryption/decryption-related synchronization between the sending apparatus and the receiving apparatus is normally maintained.

Abstract: Disclosed embodiments include a method for synchronizing a cryptosystem. In one embodiment, the method uses existing control data that is transmitted as part of a connection establishment process in a wireless communication system. In one embodiment, messages that are normally sent between a base station and a remote unit during the setup of both originating and terminating calls are parsed to detect a particular control message that indicates the start of telephony data transmission. Detection of this message indicates a point at which encryption/decryption can begin, and is used to synchronize the cryptosystem. Synchronizing a cryptosystem involves generating an RC4 state space in a keyed-autokey (“KEK”) encryption system. In one embodiment, Lower Medium Access Channel (“LMAC”) messages are used according to a wireless communication protocol. This is convenient because the LMAC messages are passed through the same Associated Control Channel (“ACC”) processing that encrypts and decrypts the telephony data.

Abstract: A system and method for wireless cryptographic key exchange among participants in a wireless computing network is presented. This allows the authorized participants in the wireless communication session not have the same key before the wireless computing session begins. This wireless online key exchange/generation is based on a random modulation technique and a domino match. Once the initial modulation scheme is selected, each data transmission includes an indication of what modulation scheme should be used for the next data transmission. If a given number of bits are to be used, the modulation scheme for the final transmission may be limited to complete the bit transfer. The bit value assignments within particular modulation schemes may also be varied for each subsequent transmission.

Abstract: A method and an apparatus of compensating for a signal receiving error at a receiver in a packet-based communication system. In the invention, frequency offset estimation and DC offset estimation obtained in a current packet are re-used in a next packet if the receiver is an intended recipient of the current packet and the current packet is received correctly, verified by CRC-32 checking in the PHY layer and the DA checking in the MAC layer, respectively. Thereby, the overall receiver performance and stability can be improved from packet to packet and the estimation algorithm is simplified.

Abstract: The invention relates to a method for encoding and decoding communication data, especially voice data, which is transmitted in a plurality of data packets in a digital communication network, especially for internet telephony. The communication data is encoded by means of a selected code at an emission point in each of the data packets; a code number of the selected code is transmitted as code information with each of the data packets; and the communication data is decoded by allocating the code number to the code stored in the code table created at a reception point.

Abstract: The present invention supports a secure transmissions protocol for information packet transmission between a Mobile Node and a Foreign Agent. The information packets are encrypted and decrypted using an integrated software client that combines mobile IP communication support and encrypting and decrypting protocols.

Abstract: Disclosed are a method of inserting vector information for estimating voice data in a key re-synchronization period, a method of transmitting vector information, and a method of estimating voice data in a key re-synchronization period using vector information, capable of estimating the voice data that corresponds to a silent period occurring in a key re-synchronization process when an encrypted digital voice is transmitted in a unidirectional wireless communication environment. A transmitter side inserts accumulation information (i.e., vector information) of a voice change direction of the transmitted previous frame in a key re-synchronization frame, using a voice feature that draws a sine wave, when making the key re-synchronization frame for the re-synchronization, and transmits the key re-synchronization frame with the vector information inserted thereto. A receiver side estimates the voice data value in the key re-synchronization period using the accumulation information (i.e.

Abstract: A system for establishing encryption keys in a manner suitable for linking low complexity and/or power constrained wireless devices. The present invention uses a combination of encryption algorithms and events, possibly including user manual intervention, to create a randomized encryption key that is substantially more difficult for a third party device to decipher than present automated algorithms currently in use. A user may randomly trigger, through a key press, information to be sent from a sending device to a receiving device which is used to establish an encryption key.

Abstract: A method and system for protecting portable computer data from unauthorized transfer or using portable computers to download unauthorized data. The invention is applicable to any computer capable of transferring data, but in one embodiment a portable computer is described. Authorization is enabled by an interface permitting synchronization of the portable computer with a host computer by authentication of the particular portable computer identity. For instance, in one embodiment, when a portable computer is docked with a compatible interface connected to a host desktop computer, it is sensed and identified by the interface. If the particular portable computer identity is authenticated as authorized for that desktop, then synchronization will be enabled by the interface. The computers may then transfer data. However, if the identity is not an authorized one, then authentication will not occur, synchronization is correspondingly disabled, and data transfer is prevented.

Abstract: A cryptographically controlled transmitter/receiver having transmission characteristics comprising a media access control layer having one or more media access parameters, a physical layer having one or more physical parameters, a radio frequency layer having one or more radio frequency parameters, a code generator configured to generate and send code words to at least one of the media access control layer, the physical layer, and the radio frequency layer, wherein at least one of the layers is configured to transmit and receive data and at least one of the other the layers is configured to input and output the data, and wherein at least one media access parameter, physical parameter, or radio frequency parameter is modified upon the receipt of the code.

Abstract: An encryption system and method that may encrypt all of the transmitted and received data packets on the data link layer without collisions on the Initialization Vector (IV). In the encryption system and method a new final key value may be generated and applied to every transmitted and received data packet. The encryption system and method provide for a novel three phase algorithmic process for generating a final secret key.

Abstract: A microcontroller for security applications includes an encryption unit between a bus and a functional unit. The encryption unit includes a gate and a key register. A memory is provided with a further encryption unit whose gate is connected between the register and the gate of the first encryption unit. As a result, the transferred information item is available in encrypted form at any point on the bus.

Abstract: A separated synchronizing scrambler/descrambler pair that removes the possibility of catastrophic error due to improper transmission of initial condition information without disrupting the OFDM modulation scheme of a system that includes error-correction coding circuitry and replay variation. A transmitting device within the pair includes a first and a second data scrambler wherein the first data scrambler couples to receive the incoming data stream and filters the incoming data stream to provide a first filtered signal using a key signal. The second data scrambler, having an initial condition, couples to receive the first filtered signal and converts it into a scrambled signal using a scrambling seed. The second data scrambler comprises a random series generator for generating the scrambling seed to convert the first filtered signal into a scrambled signal. The scrambled signal is transmitted to the receiving device.

Abstract: When having been set into, for example, a mode for registering a Bluetooth device address (BD_ADDR) in accordance with the Bluetooth Standard or a mode for registering a Personal Identification Number (PIN) code in accordance with the Bluetooth Standard, a wireless communication device of the present invention can be link-connected with a partner device without performing authentication on the partner device, to receive and register information from the partner device. Furthermore, if a BD_ADDR of a partner device is already registered, the wireless communication device of the present invention can be link-connected with the partner device without performing authentication of the partner device.

Abstract: A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client, for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc.

Abstract: An apparatus for authenticating memory space of an authorized accessory of a device includes an integrated circuit. The integrated circuit is configured to define two secret keys K1 and K2, a random function which returns a random number R and a first parameter being a function of the random number R using the secret key K1 of the integrated circuit and to define a test function operable on data using the secret key K2 of the integrated circuit to return a one or a zero. A control system is configured to call the random function of the integrated circuit, to call a read function defined by the accessory using a function of R with the secret key K1 stored by the accessory as a second parameter, such that the accessory returns a third parameter from the memory space which is a function of R using the secret key K2 stored by the accessory if the first and second parameters are equivalent, to call the test function using a function of R with the secret key K2 of the integrated circuit as a fourth parameter.

Abstract: A method and apparatus for re-synchronizing a stream cipher during soft handoff. Transmitted quasi-secret keying information is used with a secret key to reinitialize a stream cipher generator located in a base station and a stream cipher generator located in a travelling mobile station. Since the quasi-secret keying information is uniquely determined according to each base station in the wireless telephone system, a base station's quasi-secret keying information and a shared secret key can also be used to create a new key. Thus, as the mobile station travels from one base station to another base station, a unique new key is generated for each base station.

Abstract: A communication device for use in a non-self synchronizing scrambling (NS3) communication system and a method for using NS3 in a communication system are disclosed. A digital data stream is scrambled by modifying the digital data stream based on a pseudo-noise sequence (PNS) to produce a scrambled digital data stream. The PNS has a timing reference that is distinct from the digital data stream. The scrambled digital data stream is capable of being descrambled by performing an inverse modification, based on the same PNS and the same timing reference. The scrambled digital data stream may be transmitted over a communication medium and descrambled at the opposing end of the communication medium. Synchronization between the scrambler and the descrambler is maintained by providing a common timing reference to the scrambler and the descrambler. The common timing reference is distinct from the data stream.

Abstract: A method and apparatus for reducing perceived latency in a group communication network provides for receiving a request from a user of a communication device wishing to initiate a group call, receiving media from the user before completely processing the request, and buffering the received media for later transmission.

Abstract: A computing device has a running real-time secure clock adjustable only according to trusted time as received from an external trusted time authority, a time offset within which is stored a time value adjustable by at least one of the user and the trusted time authority, and a time display for displaying a running real-time display time calculated as the trusted time from the secure clock plus the stored time value in the time offset. Reference thus may be made to the secure clock to evaluate a temporal requirement without concern that the user has adjusted the secure clock to subvert the temporal requirement. The computing device sends a request for secure time and the trusted time authority sends same. The computing device receives the secure time, sets the secure clock according to same, and sends confirmation to the trusted time authority that the secure time has been received.

Abstract: An external client securely accesses a private corporate network using a communications device, but without the communications device being required to communicate through the private corporate network when communicating with resources external to the private corporate network. The external client establishes a connection with the private corporate network over the public network such as the Internet using, for example, Transmission Control Protocol (TCP). The external client then provides security to the connection by running, for example, the Secure Socket Layer (SSL) protocol over the TCP protocol. During the ensuing session with the private corporate network, the communications device establishes a subsequent connection(s) with the external resource.

Abstract: A receiver sends a first random number to a transmitter. The transmitter generates a sync signal in response to the first random number sent from the receiver. The transmitter embeds the sync signal and key information in a second random number to generate a composite signal. In the composite signal, the sync signal is a position indicator for the key information. The transmitter sends the composite signal to the receiver. The transmitter generates an encryption key from the key information. The receiver detects the sync signal in the composite signal sent from the transmitter. The receiver extracts the key information from the composite signal in response to the detected sync signal. The receiver generates an encryption key from the extracted key information. The encryption key generated by the receiver is equal to that generated by the transmitter. Thus, the transmitter and the receiver hold the same encryption key in common.

Abstract: Encryption synchronization (e-sync) is maintained between a transmitter (104) and one or more receivers (102) in a multi-modulation TDM system (100) where information is communicated in slots (402) comprising a slot header (404) and one or more data blocks (406), and wherein the data blocks are eligible to be encoded at different modulation rates thereby creating a likelihood of different numbers of blocks in different slots. The receiver and transmitter employ respective encryption elements (200, 300) comprising e-sync shifter elements (202, 302) and encryption algorithm blocks (204, 304). The e-sync shifter element provides an e-sync signal defining an encryption state vector to the encryption algorithm block and is operable to advance the encryption state vector (in the case of the receiver) according to a number of received bits plus a variable number of bits.

Abstract: A method and system are disclosed for substituting an anonymous Universal Unique Identifier (UUID) for a computer system's real UUID in order to disguise an identity of the computer system to an application which is requesting a UUID for the client computer system. A storage device is established in the computer system. The storage device includes a primary and a second location. A UUID stored in the primary location is used as a UUID for the computer system. An anonymous UUID is generated. The anonymous UUID does not identify any particular computer system. The anonymous UUID is stored in the primary location within the storage device, and the real UUID is backed up by moving it into the secondary location. Thereafter, the anonymous UUID is provided in response to requests for the computer system's UUID.

Abstract: A method and apparatus for providing security in a group communication network provides for receiving an encryption key, encrypting media for transmission to a controller using the received encryption key, the encrypted media being directed to another communication device, and communicating the encrypted media to the controller. In one embodiment, the communicating includes wireless communication. The method and apparatus further provides for receiving encrypted media from a controller and blocking the encrypted media if the communication device is not enabled to receive encrypted-media transmission, or if the media is not encrypted based on an encryption key previously specified by the communication device. In another aspect, the communication device is a push-to-talk (PTT) device.

Abstract: A synchronous data-stream generator, suitable for use as a synchronous stream cipher providing copy right protection for audio/video data, generates a stream of output data items in synchronisation with a clock trigger. The data-stream generator comprises at least two parallel arranged subgenerators Mi, i?1, such as linear feedback shift registers. The output of the subgenerators Mi is combined forming the output data items of the data-stream generator. A control subgenerator C is used for generating a stream of control data items. Control means (150) comprises for at least one subgenerator Mi an associated number selector Si for, in dependence on the control data item of the control subgenerator C, selecting a number ni,j from a group Hi of different integer numbers. At least two numbers of the group Hi are larger than zero.

Abstract: A transmitter adds packet transmission order information to transmitted packets using a forward error device (416) and a masking device (420). The masking device (420) receives ordering masks (610) from a mask store (424). The ordering masks (610) are maintained in a known order, and the ordering masks (610) and the known order are known to both the transmitter and the receiver. The receiver includes an unmasking device (504) that applies ordering masks to unmask the packets, and then an error detection device checks for errors. The ordering masks (610) are applied in the known order until errors are below an acceptable limit. When errors are below an acceptable limit, the relative packet order is determined from the known order of the ordering masks.

Abstract: A microprocessor configuration includes a data bus for data transfer between functional units. On the bus side, each unit contains an encryption/decryption unit that is controlled synchronously by a random number generator. The configuration permits a relatively high level of security against monitoring of the data transferred via the data bus, with a feasible level of additional circuit complexity.

Abstract: A method in a wireless communications network is disclosed whereby errors due to incorrect transmission of scrambler seed values can be very greatly reduced. This is achieved by using a known pseudo-random seed generating algorithm at both at least one transmitting device 1 that has an associated transmitting address and at least one receiving device 2 that has at least one associated receiving address, it is possible to reduce errors due to incorrectly transmitted scrambler seed values.

Abstract: Disclosed is a computer-readable medium containing program instructions for configuring a first computer so that a first telephony client on the first computer may securely communicate with a second telephony client on a second computer via a communication path. The computer-readable medium includes computer code for inserting a security algorithm within the communication path. The security algorithm facilitates secure communication between the first and second telephony clients such that more than a single type of telephony client may be implemented. In a specific embodiment, the security algorithm is inserted within the first computer's operating system kernel.

Abstract: The present invention provides a method, system, and computer program product for synchronizing security credentials of users and/or groups of users between directories, operating system platforms, and/or registries. The credentials stored at a master registry are used to authenticate whether a user requesting propagation of security credentials has the required permission. If the authentication process succeeds, the user's credentials may be securely propagated to one or more targets. This technique enables synchronizing multiple copies of a user's security credentials without requiring access to a plaintext version thereof, and without forcing the credentials to a new value as part of the synchronization process. The master registry may stored an identification of the targets of the propagation on a per-user basis, or for groups of users, or for the master registry as a whole.

Abstract: The present invention provides a method, system, and computer program product for synchronizing security credentials of users and/or groups of users between directories, operating system platforms, and/or registries. A user's security credentials at a master registry are to be securely set (or reset). To ensure that the user has the required permission for this operation, the user is first authenticated with a trusted authenticating domain. The authenticating domain may be identified by the user, or the identification of the domain may be obtained from the master registry. The master registry may store an identification of the authenticating domain on a per-user basis, or for groups of users, or for the master registry as a whole. The credentials may be propagated to other registries, in addition to the master.

Abstract: Method and apparatus for encrypting transmission traffic at separate protocol layers L1, L2, and L3so that separate encryption elements can be assigned to separate types of transmission traffic, which allows the implementation of different levels of encryption according to service requirements. Encryption elements use variable value inputs, called crypto-syncs, along with semi-permanent encryption keys to protect from replay attacks from rogue mobile stations. Since crypto-sync values vary, a method for synchronizing crypto-syncs at the mobile station and base station is also presented.

Abstract: A system and method are disclosed that overcome deficiencies of prior art IEEE 802.11 WEP key management schemes. Preferred embodiments of the present system and method update WEP keys and rotate transmission key indices in a synchronized manner and on a frequent basis making it impractical for a hacker to gather sufficient network traffic using any one WEP key to decrypt that key and without disrupting communications. Preferred embodiments of the present system and method do not require changes in access point or mobile unit hardware, radio drivers, or firmware and are therefore compatible with existing or legacy network infrastructure or components. The disclosed system and method may be used to facilitate secure communications between one or more access points and one or more mobile units and/or groups of two or more mobile units engaging in peer-to-peer associations.

Abstract: An access control system that utilizes security codes (500), a database (430), and a control device (20) is disclosed. Each security codes (500) is comprised of a unique key code (502) that provides security in addition to a use code (503) that is used to convey specific user defined functions. The use code (503) may be determined by the security code requester (400) at the time of security code (500) charge out from the database (430). The database (430) controls the issuance of security codes (500) and the control device (20) validates the key code (502) within the security code (500) against key codes (502) within control device (20) memory and if valid, performs an action based on the validation of the use code (503) parameters. As the key codes (502) that are within the control device (20) memory are used, the control device (20) then self-regenerates the key codes (502) in order to extend the control device (20) service life indefinitely.

Abstract: A method and apparatus for efficiently synchronizing a stream cipher. State information is transmitted that will allow the intended recipient of the encrypted data stream to set a stream cipher generator to the correct state from which to start generating the stream cipher. A cycle number indicating the current state of a linear feedback shift register and a stutter number indicating whether an output of the linear feedback shift register is dropped are both transmitted to a remote station along with the encrypted data stream.

Abstract: A data system includes a secured appliance capable of receiving broadcast programming and a remote control used to transmit data frames to the secured appliance. The secured appliance is provided with a decryption key that is complimentary to an encryption key provided to the remote control. The encryption key is used to encrypt at least a part of a data frame transmitted by the remote control to the secured appliance, the data frame including data for commanding an operation of the secured appliance. The remote control cannot be used to command certain operations of the secured appliance until such time as the decryption key is supplied to the secured appliance thus effectively limiting the ability to use the secured appliance to access the broadcast programming.