Abstract: A portable telephone set capable of recognizing a call during music replay is disclosed. This portable telephone set comprises talking means and music replay means, and posts a call when receiving the same during music replay by the music replay means. Thus, the call can be recognized during the music replay.

Abstract: In a multicast delivery system, A delivery server enciphers delivery data by using a current use cipher key to generate enciphered data and transmits a multicast packet containing the enciphered data and a current use key identifier indicative of a pair of the current use cipher key and a current use decipher key as current use keys. A key management server holds as a current use key data, a set of the current use decipher key and the current use key identifier, and transmits a set of the current use decipher key and the current use key identifier as a current use decipherment key data in response to a current use key data request.

Abstract: A security program is installed on a plurality of user terminals that communicate with one another via an electronic conference room. A command interpreter (3) of the security program specifies a chat channel (CHi), a coordinated event (Ti), and an private key (Si), and then directs a common key generator (5) to generate a common key (CSi). The common key generator (5) generates a common key based on at least one of (CHi), (Ti), and (Si), and then stores the common key in a common key memorizer (6). The common key memorizer 6 stores the common key with reference to an index. An encrypter/decrypter (7) encrypts a conversation datum inputted with a newest common key, and transmits to other user terminals the encrypted conversation datum along with an index corresponding to the coordinated event used to generate the common key used to encrypt the conversation datum. The encrypter/decrypter (7) receives conversation datum generated by other user terminals, and decrypts the conversation datum using the common key.

Abstract: The present invention uses a group key management scheme for admission control while enabling various conventional approaches toward establishing peer-to-peer security. Various embodiments of the invention can provide peer-to-peer confidentiality and authenticity, such that other parties, such as group members, can not understand communications not intended for them. A group key may be used in combination with known unicast security protocols to establish, implicitly or explicitly, proof of group membership together with bi-lateral secure communication.

Abstract: A method and apparatus for distributing key certificates across PIM-SM routing domains by MSDP messages. A rendez-vous point RP in a PIM-SM domain can have a MSDP peering relationship with other rendez-vous point RP's in other domains. The peering relationship is a transport control protocol (TCP). Each domain has a connection to the MSDP topology through which it can exchange control information with active sources and rendez-vous points RP's in other domains. The normal source-tree building mechanism in PIM-SM is used to deliver multicast data over an internet domain distribution tree.

Abstract: A method for encrypting programming in which a controlled number of unintended recipients of a broadcast are allowed to view a program so that a set of encryption keys can be found which enables a broadcaster to more quickly broadcast the program to its intended paying recipients than conventional encryption methods which only allow programs to be viewed by its intended recipients. To find the set of keys, a broadcaster first determines an acceptable f-ratio of a total number of viewers of the broadcast program to a number of intended viewers in an identified target set who paid to receive the program. The target set of viewers is included in the total number of viewers. The broadcaster then constructs an f-redundant establishment key allocation set from which the establishment keys for encrypting the program are selected.

Abstract: A method for distributing group secrets (e.g., group ID and password combinations) for use in communication systems such as trunked radio communication systems. A user group record containing one or more group secrets is encrypted at an administrator using a user secret (e.g., a user ID and password combination) known to the administrator and to a communication device. The encrypted user group record is then distributed to the communication device where it is decrypted using the user secret.

Abstract: An electronic document delivery system and method in which a broadcast center periodically sends a “catalog” of available documents to a receiving computer, thereby allowing a user to browse through the available documents without having to access the broadcast center. The documents are transmitted as packets, and the packets are decrypted as soon as they are received, eliminating the need to store both an encrypted and an decrypted version of the documents at the receiving computer. The receiving computer periodically receives information allowing it to decrypt received documents and to encrypt billing information for the receiving computer. The invention is not limited to text-only documents and can receive all types of documents, such as software, images, text, and full-motion video.

Abstract: An RF electronic identification system (10) is disclosed and claimed. The system includes at least one transponder encoder (14.1) for writing data into a memory arrangement (52) of a selected transponder (1.1) of a plurality of transponders (1.1 to 1.n) adapted to receive data from the at least one encoder. The system further includes at least one verifier (16) for interrogating a selected transponder (1.1) and to read data stored in the transponder. The encoder includes a controller (42) for providing an identification code characteristic of the encoder to form part of the data to be written into the transponder. The verifier includes computing means (56) for extracting the identification code from the data read thereby and for comparing the code to authorized codes. An indicator (18) provides an indication whether the identification code corresponds to any of the authorized codes or not. A method of verifying the authenticity of a transponder is also disclosed and claimed.

Abstract: The present invention provides a system and apparatus for efficient and reliable, control and distribution of data files or portions of files, applications, or other data objects in large-scale distributed networks. A unique content-management front-end provides efficient controls for triggering distribution of digitized data content to selected groups of a large number of remote computer servers. Transport-layer protocols interact with distribution controllers to automatically determine an optimized tree-like distribution sequence to group leaders selected by network devices at each remote site. Reliable store-and-forward transfer to clusters is accomplished using a unicast protocol in the ordered tree sequence. Once command messages and content arrive at all participating group leaders, local hybrid multicast protocols efficiently and reliably distribute them to the back-end nodes for interpretation and execution.

Abstract: A method for distributing encryption keys for use in communication systems such as trunked radio communication systems. Group traffic keys are encrypted at a key administrator and passed to a distribution facility for storage and distribution. The distribution facility passes the encrypted group traffic key to communication devices where the group traffic keys are decrypted and used to encrypt/decrypt traffic.

Abstract: The inventive subject matter provides reliable methods and apparatus for secure communication within a network collaboration group including a VPN. Distribution of critical group data to member nodes (such as encryption keys for communication with other member nodes) is preferably handled by master nodes in a manner relatively resistant to misbehavior by current, past, or other nodes, and to outsider attacks such as replay attacks. A particular embodiment enables distribution of critical group data by master nodes to member nodes in a manner that offers confidentiality (the critical data cannot be read by eavesdropper), integrity (the receiving member node has evidence that the critical data has not been tampered with in transit), authenticity (the receiving member node has evidence that the critical data was sent by a master node), and freshness (the critical data is not a replay of a previous message).

Abstract: Methods, devices and systems for providing content providers with a secure way to multicast their data flows only to legitimate end users. By making a specific decision for each potentially legitimate end user requesting a specific data flow, differing subscriber profiles may be taken into account. Furthermore, end to end encryption is avoided by having a switch and/or router control the specific data flow to a specific end user. Each end user sends a request DTU to the switch and/or router asking for permission to join a multicast group. The switch and/or router extracts identification data from the request data transmission unit (DTU) and determines whether the requesting end user is cleared for the requested specific data flow. This determination may be made by sending a query DTU containing the identification data to a policy server which checks the identification data against preprogrammed criteria in its databases.

Abstract: A method and system are provided for delivering event messages in a secure scalable manner. A network includes an event distribution device serving as an event generation device for generating and disseminating an event message through the network to event distribution devices serving as edge event delivery devices having recipient devices connected thereto. Event messages may be encrypted at the event generation device for each of the destination recipient devices or event messages may be encrypted at each of the edge event delivery devices for delivery to respective recipient devices connected thereto. A signing key may also be included with the encrypted message such that the respective recipient devices may authenticate a sender of the encrypted message based on the signing key. Encryption keys may be established based on policies of the network of event distribution devices or based on policies of the respective recipient devices.

Abstract: An approach for establishing secure multicast communication among multiple multicast proxy service nodes of domains of a replicated directory service that spans a wide area network. The domains are organized in a logical tree and each domain stores a logical tree that organizes the multicast proxy service nodes. Each domain also comprises a group manager at the root node of the binary tree, a multicast key distribution center, multicast service agent, and directory service agent and key distribution center (Unicast). Multicast proxy service nodes each store a group session key and a private key. Replication of the directory accomplishes distribution of keys. A Multicast group member joins or leaves the group by publishing a message. The local key distribution center and multicast service agent obtain the identity of the publisher from a local directory service agent. Based on the ID value, a secure channel is established with the DSA of the group member's domain.

Abstract: A method and system for distributed security for a plurality of devices in a communication network, each of the devices being responsible for generating, distributing and controlling its own keys for access to the communication network and using the keys to establish a trusted network, each device's membership to the communication network being checked periodically by other devices by using a challenge response protocol to establish which devices are allowed access to the communication network and the trusted network.

Abstract: A system and method for securely delivering data content to devices across a computer network, such as the Internet, is provided. A secure channel (i.e., using Secure Socket Layers or other encryption technology) is used to provide details regarding a non-secure channel. The details may include a multicast group identifier if multicast broadcasting is used or a port identifier if a number of ports are used. The legitimate clients receive the details and listen for packets corresponding to the multicast group or port number. The details change periodically or in response to the detection of illicit receivers. Details regarding subsequent non-secure channel details are provided on the secure channel so that legitimate clients are able to continue receiving data packets, while illicit receivers are unable to continue receiving the data stream without interruption.

Abstract: A system and method for establishing and monitoring relationships among network devices comprises establishing a device view which has associated therewith at least one group type. The group type provides an umbrella for associating a plurality of groups, with devices assigned to each group. The devices and groups may be dynamically reassigned to permit ease of network administration, and may be established by simple entries in a database.

Abstract: An application of intrusion tolerant concepts to a software infrastructure for supporting secure group applications. This application is suited for use with network layer protocols such as TBRPF and is particularly adapted for wireless networks, and more specifically mobile ad hoc networks.

Abstract: A collaboration of resources in a distributed environment using credentials and encryption keys is described. According to one embodiment of the invention, a first resource entity receives a communication from a second resource entity over a network. The communication is decrypted with a secret and includes a set of one or more credential and a contact identifier of the second resource entity. The second resource entity is allowed to access a resource on the first resource entity based on the one or more credentials associated with the contact identifier.

Abstract: An apparatus and method, utilized by a receiving node in a multicast for authenticating a message received from a transmitting node, uses tags to determine if the transmitting node is in the multicast. More particularly, a first tag received with the message is located and utilized to determine if the transmitting node is in the multicast. The first tag includes data associated with at least one of the receiving node and the transmitting node. A second tag then is generated if the transmitting node is determined to be in themulticast. Once generated, the second tag is transmitted with the message to a third node in the multicast. Among other things, the second tag includes data indicating that the receiving node is in the multicast.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: The invention relates to a telecommunication system including a plurality of terminals divided into groups such that within each group each terminal can send multidestination messages to the other members of the group. Each terminal of a group is associated with encryption and decryption means so that each terminal can send multidestination messages that can be decrypted only by the other terminals of the group. The system includes a central server for distributing to each encryption and decryption means keys for secure transmission of communications within each group.

Abstract: A key distribution method for distributing, via a communications network, a key in a multicast communications system in which each one of a plurality of communications is directed to an associated multicast group including a plurality of recipients intended to receive the one communication. The method includes providing a plurality of implemented key distribution methods, dynamically choosing one implemented key distribution method of the plurality of key distribution methods, and distributing at least one key using the one implemented key distribution method. Related apparatus and methods are also provided.

Abstract: A system and method for sending a secure multicast transmission. The system includes a computer system coupled to a public network and configured to generate a multicast broadcast, and encrypt the generated multicast broadcast. The system also includes a router coupled to the public network, and a user system configured to request to join a multicast broadcast, wherein the user system is associated with the router. The router is configured to retrieve the encrypted multicast broadcast from the computer system over the public network, decrypt the sent multicast broadcast, and send the decrypted multicast broadcast to the user system requesting to join.

Abstract: In a method for increasing peer privacy, a request for a data is received from a data requester and the data is stored at a data provider. A plurality of peers are selected to form a path, where the data provider and the data requestor are the respective ends of the path. A mix is generated according to the path and the mix is transmitted to the data provider.

Abstract: Multicast networks are partitioned into hierarchical security domains. Each security domain may comprise one or more lower security domains. Each security domain includes a security broker that distributes a group key and translates multicast data destined to the security domain, if necessary. A primary security broker at the second level of the hierarchical multicast system distributes the top security key to all peer members, including all peer security domain brokers to establish trust relationships. For each security domain boundary with security domain border routers, a multicast virtual link in configured that connects the security domain border routers and the security broker for the security domain to reduce the latency in forwarding multicast data. It can also make the backbone of the security domain contiguous so that multicast data can travel unchanged across the backbone. The multicast data is forwarded to the security domain through the security broker with security translation.

Abstract: When a user successfully logs into an account, the user is provided with a first-class login token, which entitles the user to one or more unsuccessful login attempts without experiencing delays the user would otherwise experience. If attempts with a second-class login token or an expired first-class login token is impermissible, a subsequent login attempt is subject to delays the user would otherwise not experience. The delays minimize the effectiveness of dictionary attacks. Additionally, if the user attempts to login without a login token or an invalid login token, the login attempt is impermissible and the user is provided with a second-class login token for use in a delayed, subsequent login attempt.

Abstract: A computer implemented method and a computer program product includes a first computer readable code construct configured to handle request messages. This comprises receiving a request message and having an associated user name which is associated with a remote user on a network. Further, making an access determination to determine whether the forwarding of the request message is authorized, and finally when forwarding of the request message is authorized, the message to a target system is forwarded.

Abstract: A Ca server 13 generates and encrypts a work key (Kw) and delivers the key to receiving terminals. The CA server further updates scramble key (Ks) at a predetermined interval and delivers the key to the terminals. A contents server 14 encrypts service contents using the Kw and the Ks to deliver the contents toward an IP address for the group. A delivering router 15 receives the contents and delivers the content to the receiving terminals based on the IP address. The receiving terminals, when receives the encrypted contents, decode the contents using the Kw and the Ks and replace the IP address with its own IP address.

Abstract: An apparatus and method for limiting unauthorized access to a multicast by one or more members of a subnet reconfigures the multicast if all subnet members participating in the multicast do not reply to a query message. To that end, the apparatus first receives a query message requesting the identity of all subnet members that are participating in the multicast. Upon receipt, the query message is forwarded to each subnet member that is participating in the multicast. Receipt of the message by selected subnet members participating in the multicast causes a reply message to be forwarded. It then is determined if a reply message has been forwarded by all subnet members participating in the multicast.

Abstract: An application-layer multicast (ALM) system allowing high-speed ALM with precise routing control and simplified configuration. The routing control and data copying are separately performed with different hardware circuits: routing controller; and data copying device. The routing control is performed on the CPU of a computer, whereas the data copying is performed on a dedicated hardware circuit. This separate structure is employed in each intermediate node in the ALM network. The data copying device communicates with the routing controller within the same segment to manage the content data to be relayed by the intermediate system using a management ID uniquely assigned to the content data within the segment.

Abstract: A method and apparatus for distributed group key management for multicast security. According to one aspect of the invention, an initiator key server distributes to a plurality of key servers a first key set including an initial common group key and a replacement common group key. The initial common group key, but not the replacement common group key, is initially distributed to clients of the plurality of key servers that are currently members of a multicast group as a current common group key for multicast messages. Responsive to a need to re-key the current common group key of the multicast group, each of the key servers subsequently distributes to their clients that are currently members of the multicast group the previously distributed replacement common group key as the current common group key.

Abstract: An apparatus and methods for facilitating a reduction in data transmission bandwidth removes unnecessary data relating to encryption keys prior to sending a message or storing the encrypted information for a recipient. Encrypted data, such as message data for multiple recipients, is analyzed to determine whether encryption related data for other recipients may be removed.

Abstract: A network architecture for console-based gaming systems enables secure communication among multiple game consoles over a local area network. The system architecture supports a three-phase secure communication protocol. The first phase involves generating shared keys that are unique to an authentic game console running an authentic game title. In the second phase, a “client” console attempts to discover existing game sessions being hosted by a “host” game console by broadcasting a request over the local area network. The broadcast request is protected using the shared keys. If the host console agrees to let the client console play, the host console generates session keys that are returned to the client console. The third phase involves a key exchange in which the client and host consoles exchange data used to derive one or more secrets for securing future communications. The key exchange is protected using the session keys.

Abstract: A method, system and computer program product for transmitting a broadcast over the Internet by a broadcaster where users located approximately within a defined distribution area of the broadcaster can receive or interpret the broadcast. A broadcaster may transmit an encrypted broadcast over the Internet while transmitting a decryption key to users of computer systems over the air within its defined distribution area. Only users that are located approximately within the defined distribution area of the broadcaster may receive the decryption key and hence be able to decrypt the encrypted broadcast. Furthermore, a broadcaster may receive a request from a user of a computer system to transmit a broadcast over the Internet to that user. Upon determining the approximate location of the user, the broadcaster may transmit the broadcast over the Internet to that user if that user is located approximately within the defined distribution area of the broadcaster.

Abstract: According to the present invention there is provided a datacast distribution system which allows for the distribution of movies, music, games, application software, and the like using a new or existing terrestrial digital video broadcasting (DVB-T) network or the like.

Abstract: In a network, a media coordination system provides secure multimedia communication channels in a collaborative network environment. The media coordination system provides automatic encryption, dynamic interconnection of streams of data, and user interface elements that provide users with control over the ultimate destination of their audio and video data. The infrastructure of the system includes a plurality of client workstations that are connected to a central server using point-to-point network connections. The central server maintains a persistent virtual world of network places with objects located therein. Streams of audio and video data are coordinated between client workstations operating in the persistent virtual world by a key manager object using channels, transmitters, and receivers. The client workstations multicast their audio and video data over the network to defined recipients after receiving a multicast address and an encryption key for a specific multicast channel.

Abstract: The invention comprises a data dividing unit for dividing input data into a plurality of pieces, a divided data replicating unit for replicating divided data, an additional information embedding unit for embedding additional information into replicated data, an encrypting unit for encrypting the data embedded with the additional information, and a sending unit for sending the encrypted data by means of multicast communications, further comprises a decoding unit for decoding the encrypted data which is received, and an assembling unit for assembling the decoded data.

Abstract: A system for providing broadcasting services is disclosed. The system includes a digital channel database for storing a program from a broadcaster; a computer network for accessing and distributing the program as a data stream; a tower controller for receiving the program data stream from the computer network; and at least one transmitter selected by the tower controller to receive the data stream and to broadcast the program to end-user receivers.

Abstract: In a method for multicasting in a radio network, having at least one base station and multiple mobile terminals, the broadcast message is broadcast from the base station, and the broadcast message is received at the mobile terminals. Furthermore, a broadcast message is formulated as a multicast message, and a token is delivered to a selected group of mobile terminals. The token is needed to recover the information of the multicast message. The selected group of mobile terminals includes at least two mobile terminals. The token is used by the selected group of mobile terminals to allow the reception and recovery of the multicast message.

Abstract: A method and apparatus for protecting information communicated between a first and a second device includes generating a request to a third device, the request including information identifying the first and second devices. The third device verifies the first and second devices based on the information in the request. Predetermined information is sent to at least one of the first and second devices, and the first and second devices authenticate each other based on the predetermined information.

Abstract: A secure and scalable broadcast system and method of creating the same, having a plurality of nodes connected to a network with pre-positioned public/private encryption keys, including at least one root node for publishing digital messages, a plurality of interior nodes for relaying the published digital messages, and a plurality of leaf nodes for receiving the published and relayed messages. Each digital message includes an encrypted payload, and a symmetric key for decrypting the payload. The root and interior nodes publish and relay the message by encrypting the symmetric key with the public key of each node that will receive the published/relayed message from that node. Each interior and leaf node decrypts the symmetric key using its private key. Only the leaf nodes decrypt the message payload using the symmetric key. A back channel sends messages from the leaf nodes to the root nodes in the same manner.

Abstract: A common key 11 is shared by a controller and an operating terminal. An interface is displayed for entering control signals, and a user enters a control signal 21. A next operating rights code 22 is generated (112) and the common key 11 is used to encrypt a signal 23 that contains the control signal 21, the next operating rights code 22, and the current operating rights code 12 (114). This is then transferred to the controller (115), and the next operating rights code 22 is stored in the operating terminal (112). The controller uses the common key 11 to decrypt the transferred encrypted message 24 (117) and obtains the control signal 21, the current operating rights code 12, and the next operating rights code 22. The current operating rights code 12 is checked to see if it matches an operating rights code registered in the controller (118). If there is a match, the control signal is sent to the control device (19). The next operating rights code 22 is registered in the controller (120).

Abstract: The invention relates to a cellular radio system and a method of ciphering data transmission in a radio system that comprises at least one transceiver communicating with other transceivers on a radio connection including one or more parallel radio bearers or logical channels, ciphering being performed on said bearers or logical channels using selected ciphering method parameters. Ciphering is performed on said bearers using selected ciphering method parameters. To ensure diverse and efficient ciphering, different ciphering method parameters can be used on each parallel radio bearer.

Abstract: In a network, a media coordination system provides secure multimedia communication channels in a collaborative network environment. The media coordination system provides automatic encryption, dynamic interconnection of streams of data, and user interface elements that provide users with control over the ultimate destination of their audio and video data. The infrastructure of the system includes a plurality of client workstations that are connected to a central server using point-to-point network connections. The central server maintains a persistent virtual world of network places with objects located therein. Streams of audio and video data are coordinated between client workstations operating in the persistent virtual world by a key manager object using channels, transmitters, and receivers. The client workstations multicast their audio and video data over the network to defined recipients after receiving a multicast address and an encryption key for a specific multicast channel.

Abstract: The present invention provides a multicast communication system having a multicast server and a plurality of clients belonging to a multicast group. The multicast server transmits data encrypted by using a first encryption key to the clients by multicasting, and transmits the result of encrypting the first encryption key by using a second encryption key by unicasting to a client subscribed to a data distribution service, among the plurality of clients. The client subscribed to the data distribution service receives the encrypted data and the result. The client decrypts the result to obtain the first encryption key and decrypts the encrypted data using the first encryption key.

Abstract: In a public key encryption system where an individual is used as a unit, an idea of “group” is newly introduced. Then, both an encryption process operation of a plain text by an arbitrary member belonging to the group, and a decryption process operation of cryptogram information can be executed by employing such a combination key made from a group public key and a group secret key, which are produced in unit of “group”, and further an individual public key and an individual secret key. With employment of this encryption system, while high secrecies can be maintained inside and outside the group, the cryptogram information can be commonly shared based upon a confirmation of a member among members within the group. Also, an electronic signature can be made by a member belonging to the group.

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key. One embodiment provides link layer content encryption. Another embodiment provides end-to-end encryption.

Abstract: A method for conveying encryption information to parties in a multicast group in a mobile radio network is provided which is distinguished by the fact that a cipher key and a current encryption sequence number or parts of such a sequence number are transmitted via an air interface, via a connection already protected against interception by unauthorized persons which is allocated as dedicated to the receiver of the encryption information.