Abstract: To safeguard data transmission, a first terminal communicates in a first network with the aid of at least one session key and a second terminal communicates in a second network with the aid of at least one session key. The first terminal is connected to the second terminal through a local interface. In the first terminal, at least one first session key is determined and at least one second session key is derived from the first session keys. At least one second session key is transmitted to the second terminal through the local interface by a safety protocol. The second terminal is authenticated to the second network by at least one second session key or by the key derived from the second session key(s) through an authentication protocol.

Abstract: Techniques for two-way authentication between two communication endpoints (e.g., two devices) using a one-way out-of-band (OOB) channel are presented. Here, in embodiments, both communication endpoints may be securely authenticated as long as the one-way OOB channel is tamper-proof. Embodiments of the invention do not require the one-way OOB channel to be private to ensure that both endpoints are securely authenticated. Since providing a two-way or private OOB channel adds to the cost of a platform, embodiments of the invention provide for a simple and secure method for two-way authentication that uses only a non-private one-way OOB channel and thus helping to reduce platform cost. Other embodiments may be described and claimed.

Abstract: A method of protecting username/password (U/P) credentials operates on a client computer that cooperates with an anti-phishing scheme that generates a client warning at the client computer when a suspected phishing website issues a U/P request. At the client computer, a set of S fake U/P credentials is generated when the client warning is heeded, or a set of (S?1) fake U/P credentials are derived from a client-supplied U/P credential provided after the client warning is ignored. The client computer then transmits to the suspected phishing website one of (i) the set of S fake U/P credentials, and (ii) the client-supplied U/P credential along with the set of (S?1) fake U/P credentials.

Abstract: A system and method for effectively protecting electronic content information includes a channel setup module that coordinates a channel setup procedure to create a secure communications channel between a content drive and a display module. A source DRM module transmits a special content key from the content drive to the display module over the secure communications channel. A content playback module then initiates a content playback procedure for utilizing the electronic content. The source DRM module responsively encrypts the electronic content with the content key. The channel setup module and the content playback module are unable to access or utilize the content key. A destination DRM module then receives the electronic content over the secure communications channel and utilizes the content key to decrypt the electronic content.

Abstract: A system and method provides secure channels for communication in a virtual universe by employing a packet interception layer for incoming and outgoing data packets. A data path is defined and is sequentially encrypted with the public keys of servers in the path. Decryption and identification of the next server occurs in a sequential manner in which the path is known only to the sender.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: A secure, open-air communication system utilizes a plurality of “decoy” data signals to hide one or more true data signals. The true data signal(s) are channel hopped with the plurality of decoy data signals to form a multi-channel “scrambled” output signal that is thereafter transmitted in an open-air communication system. The greater the number of decoy signals, the greater the security provided to the open-air system. Further security may be provided by encrypting both the true and decoy signals prior to scrambling and/or by utilizing a spatially diverse set of transmitters and receivers. Without the knowledge of the channel assignment(s) for the true signal(s), an eavesdropper may be able to intercept (and, with time, perhaps descramble) the open-air transmitted signals, will not be able to distinguish the true data from the decoys without also knowing the channel assignment(s).

Abstract: Content Based Routing with High Assurance MLS (multi-level security) methods and systems are described. In an embodiment, a security component receives content from a content provider. The security component can identify a security level of content metadata located within the content received from the content provider. A content router can receive a content descriptor from the content provider and an interest profile from a requesting system. The content router can utilize algorithms to create routing tables based on metadata in the content descriptor, and the interest profile. The content router can provide the content metadata to the requesting system based on the interest profile. A content filter can filter or sanitize the content metadata according to a security level of the requesting system before providing the content metadata to the requesting system.

Abstract: A process for distributing digital audio sequences according to a nominal flux format including a succession of fields, each of which includes at least one digital block clusterizing a selected number of coefficients corresponding to single audio elements that are digitally coded inside the flux and utilized by audio decoders that are able to play it to be able to decode it correctly, including a preparatory step including modifying at least one of the coefficients, and a transmission step including a primary flux in compliance with a nominal format including blocks that were modified during the preparatory step and by a route separated from the primary flux by an additional piece of digital information which allows reconstruction of the original flux starting with a calculation, on recipient equipment, as a function of the primary flux and of the additional information.

Abstract: A messaging method and system sends secure emails (14) by the email originator (10) removing the portion of the email (14) which is confidential (24) from the body of the email (14). The removed portion (24) is sent to a secure storage site (30). The residue (20) of the email (14) is sent to the intended recipient (12), together with a notification (22) that the confidential portion (24) is at the secure site (30). Secure storage site 30 then sends a SMS text message (38) to the recipient's mobile phone (44) which has an authentication code (38) which the recipient (12) uses to establish identity and retrieve the confidential portion (24) of the email message (14) from the secure store (30). The secure store (30) emails the originator with notification (60) when the recipient (12) retrieves the secure portion (24) of the email message (14).

Abstract: Devices and methods are disclosed which provide a mobile communications device with multiple methods of wireless communication which can use one method, such as WiFi, to connect to an independent wireless access point while using another method, such as cellular, to verify the security of the wireless access point. The wireless access point provides two SSID's: one private SSID, which is usually encrypted to prevent access, and one public SSID, which is open to any mobile communications device. The mobile communications device connects to the public SSID and downloads a digital certificate. The mobile communications device then uses its cellular connection to verify the authenticity of the digital certificate with its service provider. If verified, the mobile communications device can make use of the wireless access point.

Abstract: In an information processing apparatus, a first communication unit receives encrypted data from a portable terminal device when the portable terminal device is within a first communication range, a second communication unit receives decryption information from the portable terminal device when the portable terminal device is within a second communication range shorter than the first communication range, and a decryption unit decrypts the encrypted data with the decryption information.

Abstract: An apparatus and method for generating a multiplex of media streams, the method includes the steps of: (i) receiving a set of media streams that comprises first type media stream components and second type media stream components; (ii) applying a modification process that is not adapted to modify second type media stream components, such as to provide at least one modified first type media stream component; and (iii) multiplexing at least the second type media stream components and the modified first type media stream components.

Abstract: Security of communications between a mobile terminal 1 and a cellular network node (base station 3) is enhanced. A communication session transmitted on a first traffic channel ‘0’ is encrypted using a key ‘KA’. The security is enhanced by causing the communication channel to change to a second communication channel ‘7’ after a predetermined time, preferably very quickly after establishing the key. In one embodiment the communication channel then changes to a third communication channel ‘25’ after a predetermined time. In another embodiment the communication session is encrypted using a second key ‘KB’after causing the communication channel to change to the second communication channel ‘7’.

Abstract: A wireless power supply apparatus generates an electric signal frequency-modulated or otherwise phase-modulated according to a transmission-side code that is determined beforehand with a wireless power reception apparatus. The electric signal thus generated is transmitted via a transmission coil so as to generate an electric power signal including any one of an electric field, a magnetic field, and an electromagnetic field. The wireless power reception apparatus receives the electric power signal using a reception coil. A control unit changes the impedance of a resonance circuit that comprises the reception coil and a resonance capacitor, according to a reception-side code that is to correspond to the transmission-side code.

Abstract: A data decryption apparatus that decrypts encrypted data, includes a first data-receiving unit that receives a first data set, in which information on an encryption specification is embedded, through a first communication path; a time-information obtaining unit that obtains time information on a reception of the first data set by the first data receiving unit; a time-information storage unit that stores the time information with the information on the encryption specification associated therewith; a second data-receiving unit that receives a second data set through a second communication path, the second data set being encrypted based on the encryption-specification and appended by time information on performing data encryption; and an encryption-specification selecting unit that selects an encryption specification for use in decryption of the second data set based on the time information stored in the time-information storage unit and the time information appended to the second data set.

Abstract: A device for executing a cryptoalgorithm including a central processing unit for a first sub-group of operations and for a flow control of the cryptoalgorithm as well as a hardware circuit for a second sub-group of operations, wherein the first sub-group preferably includes arithmetic and/or logic operations, while the second sub-group includes rotation operations, permutation operations, substitution operations or selection operations.

Abstract: A system and method for providing an encrypted media stream to clients includes a plurality of remote multiple media stream manager and provider (RMP) units to receive a plurality of source media streams. The RMP units modulate the source media streams to provide a plurality of modulated media streams; encrypt the modulated media streams to provide a plurality of encrypted and modulated media streams; de-modulate the encrypted and modulated media streams to provide a plurality of encrypted and demodulated media streams; and transmit the encrypted and demodulated media streams over a high speed network.

Abstract: A method is described for negotiating the use of multi-link ciphering and for the generation of unique keys for each of the links using a single 4-way handshake protocol exchange.

Abstract: A method for establishing a secondary communication channel between at least two computing devices over a network medium through use of a primary channel connects a first computing device with a first telephonic unit and a second computing device with a second telephonic unit. If the two telephonic units are in communication with each other over a primary channel, and communication channels are established between the computing devices and their respective telephonic units, then the first computing device transmits its location information to the second computing device over the primary channel. A connection is then established between the second computing device and the first computing device over a secondary communication channel.

Abstract: In a subscriber television system with a host terminal, the present invention allows the identification of the individual packets from two separate MPEG transport streams that have been multiplexed together for decoding by a single external conditional access or point-of-deployment (POD) module. The decoding of individual packets from two separate MPEG transport streams supports the use of multiple tuner host terminals for such functions as picture-in-picture (PIP) program viewing and the viewing of one program while recording a second program.

Abstract: A secure, open-air communication system utilizes a plurality of “decoy” data signals to hide one or more true data signals. The true data signal(s) are channel hopped with the plurality of decoy data signals to form a multi-channel “scrambled” output signal that is thereafter transmitted in an open-air communication system. The greater the number of decoy signals, the greater the security provided to the open-air system. Further security may be provided by encrypting both the true and decoy signals prior to scrambling and/or by utilizing a spatially diverse set of transmitters and receivers. Without the knowledge of the channel assignment(s) for the true signal(s), an eavesdropper may be able to intercept (and, with time, perhaps descramble) the open-air transmitted signals, will not be able to distinguish the true data from the decoys without also knowing the channel assignment(s).

Abstract: A multichannel communications device is disclosed. The multichannel communications device includes more than one transceiver. The multichannel communications device also includes a first switch configured for switching between transceivers. Further still, the multichannel communications device includes more than one cryptographic element. Yet further still, the mulitchannel communications device includes a second switch which is configured to switch between the cryptographic elements. A switch policy is configured to control communications between the cryptographic elements, including restricting communications between the cryptographic elements.

Abstract: Cryptographic systems and methods that support multiple modes of operation, such as CBC, CTR and/or CCM modes. In one aspect, a method for encrypting data includes reading a plaintext data block from a memory, storing the plaintext data block in an input buffer, encrypting the plaintext data block in the input buffer using a first mode to generate a first ciphertext, storing the first ciphertext in an output buffer, encrypting the plaintext data block in the input buffer using a second mode to generate a second ciphertext. For example, in a CCM mode of operation wherein the first mode is a CTR (counter) mode and the second mode is a CBC (cipher block chaining) mode, the block of plaintext that is initially read from memory and stored in the data input register is applied to both the CTR and CBC modes, thereby reducing a number memory read operations as in conventional CCM modes.

Abstract: For data protection in a wireless network system, a frame, including its Medium Address Control (MAC) header and payload, is encrypted with an initialization vector modified at each set state in a wireless network system, such that wirelessly transmitted data is prevented from being exposed to unauthorized users.

Abstract: A multi-band radio having seamless satellite communication capability is provided. The radio includes: a user interface for controlling operations of the radio; an encryption module; a LOS wireless transceiver for transmitting encrypted data at a frequency in the radio frequency spectrum; a BLOS wireless transceiver for transmitting encrypted data at a frequency in the microwave frequency spectrum; and a router for routing the encrypted data to at least one of the LOS transceiver and the BLOS transceiver.

Abstract: A method and apparatus for encrypting data written to an Enterprise System Connection (ESCON) tape system and reading encrypted data from such a tape system and decrypting the encrypted data is described. One illustrative embodiment, in writing encrypted data to an ESCON tape system, receives from a computer over a first ESCON link a command to write a data block of specified size to the ESCON tape system; requests data constituting the data block from the computer in sub-blocks; compresses and encrypts each sub-block to produce a corresponding compressed and encrypted sub-block; and transmits to the ESCON tape system over a second ESCON link the compressed and encrypted sub-blocks using a series of chained-data write operations, the transmitted compressed and encrypted sub-blocks forming a compressed and encrypted data block on a tape of the ESCON tape system.

Abstract: Data exchange apparatuses and methods are provided. Two data exchange apparatuses are able to use a plurality of channels. One of the data exchange apparatus plays the active mode, while the other data exchange apparatus plays the passive mode. The active data exchange apparatus selects a first channel and transmits a data exchange request to the passive data exchange apparatus automatically through the first channel. The passive data exchange apparatus transmits an acknowledgment signal to the active data exchange apparatus automatically. Both the active and passive data exchange apparatuses select a second channel according to the acknowledgment signal and then exchange data through the second channel. People who owned a data exchange apparatus of the present invention can easily gather information according to his or her requirement from people who also own a data exchange apparatus.

Abstract: Methods and apparatus for converting original data into a plurality of sub-bands using wavelet decomposition; encrypting at least one of the sub-bands using a key to produce encrypted sub-band data; and transmitting the encrypted sub-band data to a recipient separately from the other sub-bands.

Abstract: Disclosed embodiments include a computer-implemented first method for providing the blinded result of a subtraction of a first split value of a first system from a second split value of the first system for a comparison. Furthermore, a computer-implemented second method is disclosed for computing a comparison of the blinded result of the subtraction provided by the first system with a result of a subtraction of a blinded first split value of a second system from a blinded second split value of the second system. Computer-implemented further methods for providing a contribution to the comparison of the split values are disclosed. The further methods involve a third system and a fourth system.

Abstract: A secure, open-air communication system utilizes a plurality of “decoy” data signals to hide one or more true data signals. The true data signal(s) are channel hopped with the plurality of decoy data signals to form a multi-channel “scrambled” output signal that is thereafter transmitted in an open-air communication system. The greater the number of decoy signals, the greater the security provided to the open-air system. Further security may be provided by encrypting both the true and decoy signals prior to scrambling and/or by utilizing a spatially diverse set of transmitters and receivers. Without the knowledge of the channel assignment(s) for the true signal(s), an eavesdropper may be able to intercept (and, with time, perhaps descramble) the open-air transmitted signals, will not be able to distinguish the true data from the decoys without also knowing the channel assignment(s).

Abstract: A symmetric key cryptographic method is provided for short operations. The method includes batching a plurality of operation parameters (1503), and performing an operation according to a corresponding operation parameter (1505). The symmetric key cryptographic method is a Data Encryption Standard (DES) method. The short operations can be less than about 80 bytes. The short operations can be between 8 and 80 bytes. The method includes reading the batched parameters from a dynamic random access memory (1504), and transmitting each operation through a DES engine according to the operations parameter (1505).

Abstract: Enabling and disabling login access to a web-based application by examining automatic number identification (ANI) information from a received telephone call, associating the ANI information with a user account, determining a current state of login access to a web-based application for the user account, the state of login access being one of enabled and disabled, and notifying the web-based application to change the state of login access to the other of enabled and disabled depending on the then-current state of login access. The methodology may further include examining dialed number identification service (DNIS) information of the received call to determine which of the enabling or disabling actions to take, and/or to determine which of a plurality of accounts is to be effected by the desired change in state of login access.

Abstract: Systems and methods for code-division multiplex communications. The methods involve forming orthogonal or statistically orthogonal chaotic spreading sequences (CSC1,1, CSCD,1), each comprising a different chaotic sequence. The methods also involve generating an offset chaotic spreading sequence (CSC1,2, CSC1,3, . . . , CSC1,K(1), CSCD,2, . . . , CSCD,K(D)) which is the same as a first one of the orthogonal or statistically orthogonal chaotic spreading sequences, but temporally offset. Spread spectrum communications signals (SSCs) are each respectively generated using one of the orthogonal or statistically orthogonal chaotic spreading sequences. Another SSC is generated using the offset chaotic spreading sequence. The SSCs are concurrently transmitted over a common RF frequency band.

Abstract: A method, apparatus and computer program product for transmitting data secures the data by adaptively transforming it and spreading the transformed data piecewise over plural transmission channels. The method, apparatus and computer program product may select low-cost channels preferentially to transmit greater amounts of the data; may disorder the data and transmit ordering information separately over a preferred channel of higher security; may conceal data in a lower-security channel by steganographic methods; and may conceal the sequence of the data by placing segments of it statically, for example, in a WWW website, while providing sequencing data on the preferred channel of higher security. A receiving method, apparatus and computer program product may also be provided for recovering information content from signals on the plural channels.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

Abstract: An apparatus (213) and corresponding methods (FIG. 7) to facilitate maintaining crypto synchronization while processing communication signals in a communication unit includes a vocoder (215) configured to convert input audio band signals to vocoder output frames; a crypto processor (217) configured to encrypt the vocoder output frames to provide encrypted output frames; and a synchronizer (219) configured to substitute in a predetermined manner synchronization information corresponding to an encryption state of the crypto processor for a portion of the encrypted data in a portion of the encrypted output frames to provide resultant output synchronization frames suitable for synchronizing a decryption process at a target communication unit.

Abstract: A data processing system, circuit arrangement, and method to communicate data over a multi-channel serial communications interface (14) using a dedicated encrypted virtual channel from among multiple virtual channels supported by the communications interface (14). Encryption for the dedicated encrypted virtual channel is provided by a hardware encryption circuit (34) that is coupled to the interface, such that encryption may be performed at a relatively low level, and with substantial protection from compromise, particularly along chip boundaries. In one particular application, access control may be provided for a digital data stream using a multi-chip access control scheme that relies on one chip (148) to provide access control over a received digital data stream, with another chip (150) utilized to process the digital data stream once authorized to do so.

Abstract: A digital couriering system and method for electronically moving records and images through a central user interface with a centralized security and access mechanism is disclosed. The disclosed system and method is a network that makes it possible for records comprising personal information and other non-personal information to be delivered in seconds via the Internet, instead of days through the use of the current standard couriers, such as messenger services or regular mail. Using the disclosed system and method, vital documents not only reach their destination more quickly but also in a more cost effective manner.

Abstract: A physical channel transmission method and a transmission chain therefor in a communication system are disclosed. In transmitting packet data or packet control data through a physical channel having a transmission format of variable lengths, the data transmission chain includes a scrambler for scrambling the packet data or packet control data using the transmission format information.

Abstract: The invention relates to a method for testing the authenticity of a data carrier (1) and/or an external device (2) which enters into data exchange with the data carrier (1). According to the invention, the data carrier (1) and the external device (2) are each equipped with a special additional apparatus (4, 6) for generating and/or testing authenticity data. Data transmission between the data carrier (1) and the external device (2) as required for authenticity testing is performed at least partly via a special transmission channel (B). The transmission channel (B) for transmitting authenticity data is separated physically or logically from a transmission channel (A) for transmitting standard data so that there is no mutual interference of data transmission via the two transmission channels (A, B).

Abstract: A method for efficiently deriving a traffic encryption key for data encryption is disclosed. A method of generating a traffic encryption key (TEK) comprises the steps of receiving, by a mobile station from base station, a first nonce and first security materials for deriving the traffic encryption key (TEK) and deriving the traffic encryption key (TEK) using one or more of the first nonce, the authentication key (AK), and the first security materials.

Abstract: A process for distributing digital audio sequences according to a nominal flux format including a succession of fields, each of which includes at least one digital block clusterizing a selected number of coefficients corresponding to single audio elements that are digitally coded inside the flux and utilized by audio decoders that are able to play it to be able to decode it correctly, including a preparatory step including modifying at least one of the coefficients, and a transmission step including a primary flux in compliance with a nominal format including blocks that were modified during the preparatory step and by a route separated from the primary flux by an additional piece of digital information which allows reconstruction of the original flux starting with a calculation, on recipient equipment, as a function of the primary flux and of the additional information.

Abstract: A base station generates a unicast channel, a MBMS channel, and a pilot channel, that are multiplied by a scrambling code specific to a particular cell. The pilot channel is replicated as necessary. The unicast channel and the MBMS channel are time-multiplexed. For data in a unit transmission frame, a same frequency component is multiplied by a same scrambling code.

Abstract: Subject matter includes methods of using conventional set-top boxes that receive streaming video modulated on coaxial cable rather than over an IP-based LAN as nodes in a media network. In one implementation, an exemplary adapter is used to integrate a conventional set-top box into a media network. In one implementation, an exemplary filter is used to reserve frequencies for communications between a conventional set-top box and a hub and to prevent communications from leaving a media network. In one implementation, an exemplary content protection method provides a way of encrypting program content on the media network in a manner that a conventional set-top box can decode.

Abstract: A process for distributing digital video sequences in accordance with a nominal stream format including a succession of frames, each frame including at least one digital block regrouping a plurality of coefficients corresponding to simple, digitally coded visual elements is disclosed.

Abstract: A method for operating a wireless sensor network, wherein the sensor network includes a multitude of distributed sensor nodes for sensing data within a pre-definable environment, and wherein the sensor nodes can exchange information via encrypted data transmissions over a radio Channel is—regarding the fact that during the operational phase of the network the Performance of changes in the network, in particular the composition of the sensor nodes that are integrated in the network, is allowed in a flexible way—characterized in that a subset of sensor nodes of the network is manipulated in order to establish a shared secret (x) by transferring a defined information to the sensor nodes of the subset over a secure out of band (OOB) Channel.

Abstract: A system and method for use with local area networks (LANs) automatically configures a new device on a LAN by secure encrypted transmission of setup parameters. A remote control (RC) with an infrared (IR) transmitter contains a stored setup command and a security number that is used only once (a “nonce”). Setup of a new device is initiated by pressing a “setup” button on the RC which generates the security number and transmits it and the setup command to the new device via IR. The new device receives the setup command and security number and queries the network for the setup parameters. The RC also transmits the security number via IR to a network member device that contains the setup parameters. The network member uses the security number as an encryption key to encrypt the setup parameters and transmit them over the network. The new device uses the security number as the decryption key to decrypt the transmitted setup parameters.

Abstract: A method for securing a communication between at least one initiator (I) and one responder (R) generates a first key (KEr) within the responder (R), generates a second key (K) within the responder (R), computes an authentication code (C) using the first key (KEr) and the second key within said responder (R), transmits the second key (K) and the authentication code (C) from the responder (R) to the initiator (I) using a first communication channel, transmits the first key (KEr) from the responder (R) to the initiator (I) using a second communication channel, computes a verification code (C?) using the first key (KEr) and the second key (K) within the initiator (I), and compares the verification code (C?) with the authentication code (C) within the initiator.

Abstract: A method and system for providing secure communications for transmitting data to and from a wireless device includes components that facilitate sending authentication-related data to a wireless device using a secure channel of a first protocol; and utilizing the authentication-related data to facilitate secure communications between the wireless device and an enhanced wireless service. The secure communications between the wireless device and the enhanced wireless service utilizes a second protocol.