Abstract: Serialization is disclosed. It is detected if a component included in a graph of components associated with a user session on a first system has not changed since a prior serialization to a second system. A token is sent to the second system during a current serialization, instead of the component, indicating the component has not changed since the prior serialization. De-serialization is disclosed. a token is received at a first system from a second system, in a stream of serialized data from the second system, that indicates that a component on the second system has not changed since a prior serialization. A cached version of the component is retrieved. The cached copy is used to reconstruct on the second system a state of a user session with which the component is associated on the second system.

Abstract: A decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves.

Abstract: Some embodiments of the present invention provide an apparatus that provides routing services between a red network and a black network. The apparatus includes a red router within the red network, a black router within the black network, and an IP encryptor having a red side IPv4-only interface and a black side interface, with the red side interface operatively coupled to the red router and the black side interface operatively coupled to the black network. The apparatus is configured to provide unified IPv6/IPv4 OSPFv3 routing over IPv4-only interfaces using cross-layer extensions.

Abstract: A unified system of programming communication. The system encompasses the prior art (television, radio, broadcast hardcopy, computer communications, etc.) and new user specific mass media. Within the unified system, parallel processing computer systems, each having an input (e.g., 77) controlling a plurality of computers (e.g., 205), generate and output user information at receiver stations. Under broadcast control, local computers (73, 205), combine user information selectively into prior art communications to exhibit personalized mass media programming at video monitors (202), speakers (263), printers (221), etc. At intermediate transmission stations (e.g., cable television stations), signals in network broadcasts and from local inputs (74, 77, 97, 98) cause control processors (71) and computers (73) to selectively automate connection and operation of receivers (53), recorder/players (76), computers (73), generators (82), strippers (81), etc.

Abstract: One embodiment of the invention is a method for providing media content while preventing its unauthorized distribution. The method includes transmitting from a client to an administrative node a request for delivery of an instance of media content (IMC); determining which content source (CS) of a plurality of CSs to provide delivery of the IMC, provided the client is authorized to receive the IMC; transmitting to the client an access key and a location of the IMC; transmitting from the client to the CS a second request and the access key; in response to receiving the second request and the access key, transferring the IMC from the CS to the client; transmitting from the client to the administrative node an indicator indicating a successful transfer of the IMC; and generating a transaction applicable to the client and associated with the transfer of the IMC to the client.

Abstract: A method and apparatus for defeating copy protection signals in a video signal, and also for providing copy protection signals for a video signal, is disclosed. The defeat technique generally utilizes a particular pulse position shifting, modulation, etc., of AGC, normal sync and/or pseudo sync pulses to increase the separation between the pulses. Various embodiments are disclosed including selective shifting of the relative positions of either the sync/pseudo sync or AGC pulses, trimming portions of the sync/pseudo sync and/or the AGC pulses and narrowing of either the sync/pseudo sync and/or the AGC pulses, all to provide the selective position separation between the sync/pseudo sync and AGC pulses.

Abstract: A method of broadcasting a scrambled multimedia program, by way of a broadcast network, in which before transmitting a license key; a network head carries out a step of authenticating a terminal, and if the terminal has successfully authenticated, the network heads sends the terminal a license transmission message containing the license key or cryptogram of the license key, by way of a point-to-point link, and if the terminal is not successfully authenticated, the network head acts (at 200) in such a way as to prevent the complete descrambling by this terminal of the scrambled multimedia program broadcast.

Abstract: In one embodiment, a method of forming a secure group from a plurality of nodes for communicating with a user A comprises performing a discover protocol, wherein after performing the discover protocol, all nodes belong to at most one small group and wherein all nodes in each small group share a common key. The method further comprises selecting a leader for each small group. The method further comprises, for each of the leaders, generating a respective common key for the user A and that respective leader. The method further comprises generating a key tree having a plurality of levels, wherein the keys for the lowest level of the key tree are the common keys generated for each leader and wherein the keys for each successive layer are generated by combining pairs of keys from lower levels of the key tree.

Abstract: A method and system are provided for delivering event messages in a secure scalable manner. A network includes an event distribution device serving as an event generation device for generating and disseminating an event message through the network to event distribution devices serving as edge event delivery devices having recipient devices connected thereto. Event messages may be encrypted at the event generation device for each of the destination recipient devices or event messages may be encrypted at each of the edge event delivery devices for delivery to respective recipient devices connected thereto. A signing key may also be included with the encrypted message such that the respective recipient devices may authenticate a sender of the encrypted message based on the signing key. Encryption keys may be established based on policies of the network of event distribution devices or based on policies of the respective recipient devices.

Abstract: Embodiments of the present invention provide systems, apparatus, and methods for securing information shared between users of a database system. A message in a feed on a multi-tenant database can be securely shared when a user marks the message as private. Users of the database can selectively decide on which recipient and/or group of recipients have access rights to view the message. The messages are secured through cryptography, such as by a key shared between two or more users. The user can additionally have a private key that is used to decrypt the secure (e.g., encrypted) messages. This private key can be further protected by the user's password used to log into the database system. The secure message can appear in either encrypted form or be absent from the feed to which the secure message is posted. Secure messages can be transparently encrypted and decrypted by the system. In some embodiments, sharing rules can be pre-defined by the user to determine how messages are secured.

Abstract: Automated secure registration techniques for communication devices are provided which address the problem of allowing multiple clients to gain access to one system, and thus provide a solution to the “reverse single sign-on” problem. For example, a method for registering a group of two or more communication devices in a communication network comprises the following steps. A group challenge message is sent from a network device to the group of two or more communication devices. The network device receives one or more response messages to the group challenge respectively from one or more of the group of two or more communication devices, wherein the response message from each of the responding communication devices in the group comprises a group credential corresponding to the group.

Abstract: The present disclosure discloses a method for providing multicast services, which includes receiving a multicast service request sent by a UE through an IMS network, obtaining the media transmission parameters of the multicast media streams, sending a response to the UE through the IMS network with the media transmission parameters carried in the response, and sending the multicast media streams corresponding to the media transmission parameters to the UE. Further, a system providing multicast services and a multicast service support system is disclosed.

Abstract: A cryptographic communication system and method having a first plurality of stations, each of the first plurality of stations having at least one encryption key Kj, were j is a number greater than 2, a data packet D to be viewed by each of the first plurality of stations, means for encrypting the data packet by each of the first plurality of stations to form an encrypted data packet Ej for transmission to a central processor, and means for combining each of the encrypted data packets, wherein the means for encrypting is applied in parallel to allow each of the first plurality of stations to view the contents of the data packet D prior to encrypting the data packet D.

Abstract: A secret sharing apparatus according to the present invention is based on a (k,n)-threshold scheme with a threshold of at least 4 but is still operational with a threshold of at least 2. The secret sharing apparatus generates a generator matrix (G) of GF(2) in which any k of n column vectors are at a full rank, divides secret information into n?1 pieces to generate divided secret data (K(1), . . . , K(n?1)), generates random data (U(0,1), . . . , U(k?2,n?1)), calculates the product of matrixes of the divided secret data, the random data, and the generator matrix (G), assigns the j×(n?1)+ith column of the calculation result to sharing partial data (D(j,i)) to calculate sharing partial data (D(j,1)), generates header information (H(j)), and individually distributes n pieces of sharing information (D(0), . . . , D(n?1)) made up of the header information (H(j)) and sharing partial data (D(j,i)) to n storage apparatuses.

Abstract: A secret sharing device of (k, n) threshold scheme creates a generator matrix G, first divided secret data, and random number data, calculates shared partial data based on the product of matrices with the random number data, the divided secret data, and the generator matrix G, and delivers the shared information formed by the shared partial data and the header information individually to the storage units. The secret sharing device calculates a recovery matrix and multiplies the shared information by the recovery matrix, hence to recover the secret information.

Abstract: A method and system for embedding a secret in a bit string for safeguarding the secret. In one embodiment, the method comprises computing the length of the overall bit string as a function of q and t, where q and t are determined from the length of the secret. The method further comprises generating a plurality of information pieces based on q and t, the information pieces including a transformed secret and information for extracting the secret from the overall bit string. The method further comprises concatenating the plurality of information pieces to form the overall bit string.

Abstract: A method for content access control operative to enable authorized devices to access protected content and to prevent unauthorized devices from accessing protected content, the method comprising: providing a plurality of authorized devices; dividing the plurality of authorized devices into a plurality of groups, each of the plurality of authorized devices being comprised in at least one of the plurality of groups, no two devices of the plurality of authorized devices being comprised in exactly the same groups; determining whether at least one device of the plurality of authorized devices is to be prevented from having access to the protected content and, if at least one device is to be prevented, removing all groups comprising the at least one device from the plurality of groups, thus producing a set of remaining groups; and determining an authorized set comprising groups from the set of remaining groups, such that each device of the plurality of authorized devices which was not determined, in the determining

Abstract: As various applications of wireless ad hoc network have been proposed, security has become one of the big research challenges and is receiving increasing attention. The present invention provides for a distributed key management and authentication approach by deploying the recently developed concepts of identity-based cryptography and threshold secret sharing. Without any assumption of pre-fixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management service, which effectively solves the problem of single point of failure in the traditional public key infrastructure (PKI)-supported system. The identity-based cryptography mechanism provided not only to provide end-to-end authenticity and confidentiality, but also saves network bandwidth and computational power of wireless nodes.

Abstract: A method and apparatus is provided for consolidating cryptographic key updates, the consolidated update information enabling, for example, a returning member of a secure group who has been offline, to recover the current group key, at least in most cases. The unconsolidated key updates each comprise an encrypted key, corresponding to a node of a key hierarchy, that has been encrypted using a key which is a descendant of that node. The key updates are used to maintain a key tree with nodes in this tree corresponding to nodes in the key hierarchy. Each node of the key tree is used to store, for each encrypting key used in respect of the encrypted key associated with the node, the most up-to-date version of the encrypted key with any earlier versions being discarded. The key tree, or a subset of the tree, is then provided to group members.

Abstract: An electronic ticket providing system capable of distributing and browsing the information relating to a ticket can be realized while maintaining the security and transferability of an IC card. The electronic ticket information is divided into formal ticket data and provisional ticket data. The formal ticket data includes authentication information for admission, ticket notation information, and authentication information for acquisition of information for a ticket owner. The provisional ticket data includes the ticket notation information, and authentication information for acquisition of information for a ticket purchase requester. The electronic ticket information is distributed from an electronic ticket vending server to a mobile telephone over a communications network. In the mobile telephone, the formal ticket data is stored in a removable storage medium such as an IC card, etc. having high security and transferability, and the provisional ticket data is stored in the internal memory.

Abstract: A method is provided for securely transmitting multicast data across an unsecured public network. Such a method includes receiving a join message identifying at least one private multicast group; mapping the private multicast group to a public multicast group; generating a membership report specifying the public multicast group; and sending the membership report to the unsecured network. Additionally, the method may further comprise creating a secure tunnel through the unsecured network to a network element coupled; generating an encrypted control message specifying the private multicast group; and sending the encrypted control message through the secure tunnel to the network element.

Abstract: A dynamic network security system and a control method thereof in a router where an Intrusion Detection System (IDS) and a Voice over Internet Protocol Application Level Gateway (VoIP ALG) are integrated, system including: a VoIP ALG module for acquiring VoIP IP/port information of a counterpart unit in use for determining whether or not to perform intrusion detection on a packet received via VoIP signaling with the counterpart unit; an intrusion detection module for comparing the received packet with a preset intrusion detection log entry to perform intrusion detection on the received packet, and based on a result of the intrusion detection, determining whether or not to allow passage of the received packet; and an IP/port check module for checking VoIP IP/port information of the received packet according to the VoIP IP/port information of the counterpart unit provided from the VoIP ALG module to determine whether or not to perform the intrusion detection, and providing result information on the determinatio

Abstract: A station and a method of collecting information corresponding to security. A wireless communicator transmits a request packet to search a wireless network to at least one external device and receives a response packet to the request packet. An authentication method determiner analyzes the response packet to search for at least one wireless network and determines an authentication method supported by each of the searched wireless networks. A storage unit stores the determined authentication method of each of the searched wireless networks. Thus, necessary information corresponding to security during a connection to a wireless network can be searched in advance and provided to a user.

Abstract: In one embodiment, a method includes identifying a critical time when a current presence state associated with a first client is scheduled to change to a timed presence state. The method also includes generating a first presence document before the critical time, and providing the first presence document to at least a second client. The first presence document has an indication of the current presence state and the timed presence state, and is provided to the second client before the critical time.

Abstract: A system verifies configuration of a device within a network via an exchange of verification credentials, which are requested, received and authenticated. The verification credentials indicate that a configuration of the device was acceptable at the time of creation of the verification credentials for that device. The verification credentials of the device are obtained through a certifying process. During the certifying process, the credential certifier receives a current device configuration of the device in the network, and evaluates the current device configuration of a device with respect to its role within a network. The verification credentials are issued to the requesting device and stored within a database. The device submits its verification credentials if being requested by the other peer it's communicating with when it enters the network. It also monitors the current device configuration and if there are changes, it invalidates the existing certification credentials and requests new one.

Abstract: A method of handling mobility of a sender in a multicast packet sending scenario. The method comprises firstly establishing a multicast tree across a packet data network and transmitting multicast packets from the sender to a plurality of receivers via said multicast tree. Prior to a mobility event in respect of said sender, a suitable transfer anchor node is identified within said network, and the tree re-rooted to that transfer anchor node. Subsequently, multicast packets are transmitted from said sender to said transfer anchor node and injected into the multicast tree at said transfer anchor node. Following said mobility event, said sender continues to send multicast packets to said transfer anchor node for injection into the multicast tree.

Abstract: Provided is a group subordinate terminal in a key updating system that includes a server and a group of terminals including: a group managing terminal; and group subordinate terminals including the group subordinate terminal, the group subordinate terminal comprising: a group withdrawal request processing unit which transmits a group withdrawal request to the group managing terminal in response to an instruction to update its apparatus-unique key, the group withdrawal request requesting for withdrawal of the group subordinate terminal from the group; an update apparatus-unique key requesting unit which requests for another apparatus-unique key by transmitting to the server a group withdrawal certificate indicating that the withdrawal of the group subordinate terminal from the group of terminals is completed through invalidation of its group key; and an update processing unit which updates the apparatus-unique key held in an apparatus-unique key holding unit to the another apparatus-unique key obtained from th

Abstract: A system and a method for secure distribution of digital media content through a packet-based network such as the Internet. The security of the present invention does not require one-to-one key exchange, but rather enables keys, and/or information required in order to build the key, to be broadcast through the packet-based network. The digital media content is then also preferably broadcast, but cannot be accessed without the proper key. However, preferably only authorized end-user devices are able to access the digital media content, by receiving and/or being able to access the proper key. Thus, the present invention is useful for other types of networks in which digital media content is more easily broadcast rather than unicast, in addition to packet-based networks.

Abstract: The invention concerns a method for broadcasting a plurality of multimedia programmes generated by operators of different services, whereby one or more network headends broadcast (in 102) on a reference multicast address a list associating identifiers of service operators with at least one first level service multicast address, the reference multicast address being previously known to all the terminals capable of receiving and multiplexing broadcast multiplexed contents and said reference multicast address being different from all the broadcasting multicast addresses.

Abstract: The invention relates to a telecommunication system including a plurality of terminals divided into groups such that within each group each terminal can send multidestination messages to the other members of the group. Each terminal of a group is associated with encryption and decryption means so that each terminal can send multidestination messages that can be decrypted only by the other terminals of the group. The system includes a central server for distributing to each encryption and decryption means keys for secure transmission of communications within each group.

Abstract: A digital rights management (DRM) method is negotiated prior to initiating delivery of a DRM encoded content item over a digital network between a client and a target server. The client identifies a link to the target server for accessing the DRM encoded content item. The client initiates a network session with the target server. The client sends an offer message to the target server containing a list of at least one supported DRM method. The target server sends an answer message to the client containing a corresponding list 1) indicating whether each DRM method listed in the to offer message is supported by the target server, and 2) providing a network address of a DRM license server for each supported DRM method. The client selects a supported DRM method. The client obtains a DRM license using the network address listed for the selected DRM method. The target server delivers the DRM encoded content item to the client using the selected DRM method.

Abstract: In a method for implementing device grouping and interactions between grouped devices a device creating a device group sends an advertisement message carrying identification information of a device group to which it belongs, to the network. After receiving the advertisement message, a network device joins the device group by the corresponding advertisement message. When two grouped network devices interact with each other, the method further comprises: sending an access request to an accessed device; judging by the accessed device whether the device sending the request is a trusted device and if so, interacting by both parties with each other; otherwise, denying the access request, or determining by the initiating device and the accessed device, a common trusted third party; acquiring by the initiating device, key information of the accessed device from the common trusted third party, and interacting with the accessed device by using the acquired key information.

Abstract: A method and an apparatus for transmitting a message to a plurality of wireless devices that are classified into units of groups are provided. The method includes operations of: (a) determining whether the message is a predetermined message for detecting a device in a network; (b) encrypting the message with one of a plurality of keys respectively corresponding to a plurality of groups according to a determination result obtained in operation (a), each group comprising one or more devices in the network; and (c) transmitting the encrypted message. Accordingly, it is possible to prevent a guest wireless device that is unknown to a user from detecting a home wireless device of the user and controlling the detected home wireless device without authorization from the user.

Abstract: In the global information sharing and distributing service system, the public use of idle resources can be propelled and sufficient security can be guaranteed on the resources for private use. A node machine configuring an information network includes resources located in a private zone available to private use, resources located in a public zone for public service use, and a private resource security management unit for management of the security of the resources located in the private zone.

Abstract: In one embodiment, a method for facilitating authentication and ease the configuration of authentication includes receiving a credential type selection and selecting one or more authentication types based on the credential type selection and one or more policies set by the administrators. The policies can be preconfigured or dynamically pushed or fetched and updated to the client.

Abstract: Various embodiments of the disclosed subject matter provide methods and systems for improved efficiency and security in spoke-to-spoke network communication. Embodiments provide systems and methods for registering a spoke with a hub, updating a hub registration table with spoke registration information, sending the updated hub registration table to a plurality of registered spokes, using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke, and using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.

Abstract: A system and method securely establishes a shared secret among nodes of a security appliance. The shared secret is established by distributing private keys among the nodes in accordance with a node ring protocol that uses a predetermined encryption algorithm to generate messages containing the keys. Briefly, each node is initially notified as to the number of nodes participating in the shared secret establishment. Each node generates a public-private key-pair, as well as a first message that includes the generated public key and an indication of the source of the generated public key (hereinafter “source generated public key”). The node then sends the first message to an adjacent node of the appliance. Upon receiving the first message, each node extracts the source generated public key from the message and stores the extracted information into a data structure of “partner” public keys.

Abstract: An information processing system and method using an encryption key block sets sub-trees classified based on data processing ability of the devices (capability) in a key tree in which respective keys are corresponded to a root, nodes and leaves of a tree in which a plurality of devices are constituted as the leaves, generates a sub-enabling key block which is effective for an entity in a managing subject of each sub-tree (entity), and generates an enabling key block decodable only by the entities having common capability. Also, an information processing system and method using an encryption key block manages a partial tree of a key tree (sub-tree), generates a sub-enabling key block based only on a key set corresponding to nodes or leaves included in the sub-tree, and generates an enabling key block decodable only by selected entities by using the sub-enabling key block.

Abstract: A unified system of programming communication. The system encompasses the prior art (television, radio, broadcast hardcopy, computer communications, etc.) and new user specific mass media. Within the unified system, parallel processing computer systems, each having an input (e.g., 77) controlling a plurality of computers (e.g., 205), generate and output user information at receiver stations. Under broadcast control, local computers (73, 205), combine user information selectively into prior art communications to exhibit personalized mass media programming at video monitors (202), speakers (263), printers (221), etc. At intermediate transmission stations (e.g., cable television stations), signals in network broadcasts and from local inputs (74, 77, 97, 98) cause control processors (71) and computers (73) to selectively automate connection and operation of receivers (53), recorder/players (76), computers (73), generators (82), strippers (81), etc.

Abstract: A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field.

Abstract: A unified system of programming communication. The system encompasses the prior art (television, radio, broadcast hardcopy, computer communications, etc.) and new user specific mass media. Within the unified system, parallel processing computer systems, each having an input (e.g., 77) controlling a plurality of computers (e.g., 205), generate and output user information at receiver stations. Under broadcast control, local computers (73, 205), combine user information selectively into prior art communications to exhibit personalized mass media programming at video monitors (202), speakers (263), printers (221), etc. At intermediate transmission stations (e.g., cable television stations), signals in network broadcasts and from local inputs (74, 77, 97, 98) cause control processors (71) and computers (73) to selectively automate connection and operation of receivers (53), recorder/players (76), computers (73), generators (82), strippers (81), etc.

Abstract: A system and method for sharing files securely includes server software on a first device configured to communicate with server software operating on one or more other preauthorized devices, such as a second device. The servers communicate with each other securely using cryptographic information exchanged during a preauthorization phase using a range-limited communication channel. The server on the first device obtains file information from the other preauthorized device(s) and combines the information with local file information from the first device. This combined file information is sent to client software operating on the machine, which presents the combined file information to users.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract: A method decrypts the encrypted messages sent by a transmission device to a first electronic device associated with a first trusted authority and to a second electronic device. In one embodiment, first and second tokens are generated and exchanged, respectively, by the first and second electronic devices, which then generate a joint decryption key in order to decrypt the encrypted message.

Abstract: A system for and method of per access-point streaming media customization and privacy protected feedback in a wireless network. The system is operative to: encrypt real time streamed media content from a streaming media source; multicast the streamed encrypted media content for availability to a user device for playback, the user device sending out unicast responses at the time of joining or dropping the multicast; aggregate the unicast responses in the form of a connect multicast state or a disconnect multicast state of the user device based on the joining or dropping of the multicast; and provide information back to the streaming media source based on the aggregated unicast responses.

Abstract: In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.

Abstract: A method for distributing group secrets (e.g., group ID and password combinations) for use in communication systems such as trunked radio communication systems. A user group record containing one or more group secrets is encrypted at an administrator using a user secret (e.g., a user ID and password combination) known to the administrator and to a communication device. The encrypted user group record is then distributed to the communication device where it is decrypted using the user secret.

Abstract: A cryptographic communication system and method having a first plurality of stations, each of the first plurality of stations having at least one encryption key Kj, were j is a number greater than 2, a data packet D to be viewed by each of the first plurality of stations, means for encrypting the data packet by each of the first plurality of stations to form an encrypted data packet Ej for transmission to a central processor, and means for combining each of the encrypted data packets, wherein the means for encrypting is applied in parallel to allow each of the first plurality of stations to view the contents of the data packet D prior to encrypting the data packet D.

Abstract: This invention enhances the security strength of wireless communications in the ad-hoc mode. To this end, it is checked if the communication apparatus and a terminal of a communication partner can concurrently use different encryption keys in correspondence with a plurality of communication destinations. When at least one of the communication apparatus and the terminal of the communication partner cannot concurrently use different encryption keys in correspondence with the plurality of communication destinations, an encryption key uniquely set in the wireless network is set as an encryption key for a communication with the terminal of the communication partner.