Abstract: Systems and methods are provided for securely providing a place-shifted media stream from a place shifting device to a remote player via a communications network. A request for a connection is received from the remote player at the place shifting device via the communications network. In response to the request for the connection, an authorization credential is requested from a central server via the communications network. Further, in response to the authorization credential received from the central server, the place-shifted media stream between the place shifting device and the remote player can be established over the communications network. At least a portion of the place-shifted media stream may be encrypted based upon the authorization credential.

Abstract: An apparatus stores first divided trust information which is one portion resulting from division of trust information generated by a transmission target apparatus that is a transmission target for data, receives a transmission request for the data from the target apparatus and receives second divided trust information which is the other portion resulting from division of the trust information of the target apparatus and verification information generated using information indicating a state of the target apparatus that made the request, recovers the trust information using the first divided trust information stored and the received second divided trust information, verifies trustworthiness of the target apparatus using the recovered trust information and the received verification information, transmits the data indicated by the request to the target apparatus when the verification of trustworthiness is successful.

Abstract: A computer-implemented method for transferring authentication credentials may include 1) identifying a request to receive an authentication credential that is stored on a first computing device onto a second computing device, 2) identifying an asymmetric key pair on the second computing device, 3) generating an identifier of the asymmetric key pair on the second computing device, 4) transmitting an encryption key of the asymmetric key pair and the identifier of the asymmetric key pair to a credential repository, 5) displaying the identifier of the asymmetric key pair to facilitate retrieval of the authentication credential from the credential repository based on the identifier, and 6) retrieving the authentication credential, encrypted with the encryption key of the asymmetric key pair, from the credential repository. Various other methods and systems are also disclosed.

Abstract: An unauthorized connection detecting device, which detects whether or not a power storage device is an unauthorized power storage device, includes: a communications unit receiving first charge/discharge information in which first identification information and first connection information are associated each other, the first identification information identifying an encryption key of the power storage device used for mutual authentication between a charge/discharge device and the power storage device, and the first connection information being on the power storage device and obtained when the power storage device is connected to the charge/discharge device; and an unauthorization detecting unit detecting whether or not the power storage device is the unauthorized power storage device, by determining, using the first identification information and the first connection information, whether or not two or more power storage devices associated with a single first identification information item are present.

Abstract: An encryption device and method for controlling download and access operations performed to a mobile terminal are disclosed. A switch circuit (102) is disposed on download channels (107, 108) between the master chip (101) of the mobile terminal and the connector (103) of the mobile terminal, an access software (105) is opened and an encryption chip (106) is accessed by using a dongle (112), the on-off of the switch circuit (102) is controlled by setting states of the encryption chip (106), so as to control the on-off of download channels (107, 108) to control the download and access operations performed to the mobile terminal by a computer (104). According to the device and method, hackers cannot crack the internal procedure of the memory of the mobile terminal using substitute code segments, thereby effectively improving the security and reliability of the download and access operations performed to the mobile terminal.

Abstract: A method for establishing a link key between correspondents in a public key cryptographic scheme, one of the correspondents being an authenticating device and the other being an authenticated device. The method also provides a means for mutual authentication of the devices. The authenticating device may be a personalized device, such as a mobile phone, and the authenticated device may be a headset. The method for establishing the link key includes the step of introducing the first correspondent and the second correspondent within a predetermined distance, establishing a key agreement and implementing challenge-response routine for authentication. Advantageously, main-in-the middle attacks are minimized.

Abstract: An information processing device includes a processing unit which performs user authentication. The processing unit includes a setting part that determines setting of operation of a target device using the user authentication. An authentication information setting part determines user authentication information. A password generation part generates a one-time password partially or fully. A transmission part transmits the setting of operation of the target device and the one-time password to the target device.

Abstract: Applications, systems and methods for securely and remotely operating a remote computer from a local computer over a network while providing seamless, firewall-compliant connectivity. Secure and remote operation includes authenticating at least one remote computer for connection to at least one computer over the network and/or at least one local computer for connection to at least one remote computer over the network; establishing a secure connection between the at least one local computer and the at least one remote computer over the network; and integrating a desktop of at least one remote computer on a display of at least one local computer. The connections may be made over a public network, as well as through multiple firewalls without loss of functionality.

Abstract: Data is transmitted between a first user and a second user via an information technology communications network, in a method comprising the steps of: generating a first hash value for a selected one of the data items; digitally signing and encrypting the first hash value with a secret identifier associated with the first user; transmitting to a second user the encrypted first hash value; receiving and storing the transmitted encrypted first hash value for audit purposes and generating a second hash value for the received encrypted first hash value; encrypting the second hash value with a private identifier associated with a second user and a public identifier associated with the first user; and returning the encrypted second hash value to the first user.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: A method and apparatus for authenticating a key management message within a secure communication system is provided herein. During operation, a digital signature for message authentication of a Project 25 Key Management Message (KMM) is utilized. In particular, the digital signature will be used to authenticate the KMM in scenarios where there is no Message Authentication Code (MAC). The MAC will be utilized to authenticate the KMM when available. Because authentication of KMMs take place, even when no MAC is available, it becomes increasingly more difficult to tamper or spoof the delivery of encryption keys.

Abstract: Systems, devices and/or methods that facilitate mutual authentication for processor and memory pairing are presented. A processor and a suitably equipped memory can be provided with a shared secret to facilitate mutual authentication. In addition, the memory can be configured to verify that the system operating instructions have not been subjected to unauthorized alterations. System integrity can be ensured according to the disclosed subject matter by mutual authentication of the processor and memory and verification of the authenticity of system operating instructions at or near each system power up. As a result, the disclosed subject matter can facilitate relatively low complexity assurance of system integrity as a replacement or supplement to conventional techniques.

Abstract: A system for monitoring order fulfillment of telecommunication services is disclosed. An apparatus that incorporates teachings of the present disclosure may include, for example, a monitoring system having a controller element that submits a correlation ID to a service orchestration system (SOS) that manages one or more order fulfillment systems (OFSs) that collectively fulfill a select one of a plurality of telecommunication service orders according to a plurality of intermediate fulfillment steps, receives from the SOS information associated with the plurality of intermediate fulfillment steps tagged with the correlation ID, records said information according to the correlation ID, and collects correlated fulfillment activity for the plurality of telecommunication service orders from a plurality of iterations of the foregoing steps. Additional embodiments are disclosed.

Abstract: A first wireless device is paired with a second wireless device for communication over a wireless connection. The first wireless device receives an input that indicates a device identifier of the second wireless device, and then matches the device identifier with one of the data entries in a data repository to obtain a code of the second wireless device without user interactions. The data repository contains a plurality of data entries associating a plurality of wireless devices with their corresponding codes. Based on the code of the second wireless device, the first wireless device authenticates the second wireless device and establishes the wireless connection.

Abstract: A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

Abstract: There is provided an authentication method for a system (10) comprising several devices (30). The method involves: a) providing each device (30) with an identity value (pi: i=1, . . . , n) and a polynomial (P) for generating a polynomial key; (b) including a verifier device (p1) and a prover device (P2)amongst said devices (30); (c) arranging for the prover device (p2) to notify its existence to the verifier device (P1); (d) arranging for the verifier device (pi) to challenge the prover device (p2) to encrypt a nonce using the prover (P2)device's polynomial (P) key and communicate the encrypted nonce as a response to the verifier device (p1); (e) arranging for the verifier device (p1) to receive the encrypted nonce as a further challenge from the prover device (pZ) and: (i ) encrypt the challenge using the polynomial keys generated from a set of stored device identities; or (ii) decrypt the challenge received using the set of polynomial keys; until said verifier device (p1) identifies an authentication match.

Abstract: An embodiment relates generally to a method of assigning roles to a token. The method includes determining a first role for a first participant on a token and providing exclusive access to a first section of the token for the first participant base on the first role. The method also includes determining a second role for a second participant on the token and providing exclusive access to a second section of the token for the second participant based on the second role.

Abstract: Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code.

Abstract: A method for confirming identity of a physical unit (M) in an open, wireless telecommunications network, having the following steps: storing a secret identity (SIMEI) and an open identity (IMEI) in memory in the physical unit (M); receiving an identity request (IR) with a first parameter (CHv) from the testing device (P) at the physical unit (M); generating an electronic signature (SIGt) by means of a first cryptographic function (F3) from the secret identity (SIMEI) and at least the first parameter (CHv) in the physical unit (M), and sending the generated electronic signature (SIGt) and the open identity (IMEI) to a testing device (P); wherein the identity of the physical unit (M) is confirmed if the electronic signature (SIGt) matches a corresponding electronic signature (SIGv) generated by the testing device by application of a first cryptographic function to the secret identity (SIMEI).

Abstract: A method, device and system for authenticating gateway, node and server are provided in this invention. The node receives a message sent by a gateway, wherein the message comprises a number T3 shared by the gateway and a server, and a gateway identification. The node encrypts data with a key K1 shared by the node and the server, the data including T3, the gateway identification, and a random number T1 generated by the node, and then sends the encrypted data and a node identification to the server through the gateway. The node decrypts data encrypted by the server and forwarded by the gateway with the key, determines that the server is a valid server according to a T1-related number obtained by decryption, and establishes a security channel with the gateway according to a new key obtained through the decryption.

Abstract: The generation of a shared secret key K in the implementation of a key agreement protocol, for example MQV, may be optimized for accelerated computation by selecting the ephemeral public key and the long-term public key of a correspondent to be identical. One correspondent determines whether the pair of public keys of the other correspondent are identical. If it is, a simplified representation of the shared key K is used which reduces the number of scalar multiplication operations for an additive group or exponentiation operations for a multiplicative group. Further optimization may be obtained by performing simultaneous scalar multiplication or simultaneous exponentiation in the computation of K.

Abstract: Provided is a controller capable of preventing card makers from conducting unauthorized acts. The controller includes: a controller key storage unit configured to hold a controller key that has been embedded by a controller manufacturing device in advance; a decryption unit configured to receive encrypted media key information that has been generated by a key issuance center that is authorized and to decrypt the received encrypted media key by using the controller key, the encrypted key information generated through encryption of key information with use of the controller key; and an encryption unit configured to encrypt the decrypted media key again by using an individual key that is unique to the controller.

Abstract: Electronic document processing logic coupled to a computer and to a quarantine is operable to identify an encrypted electronic document received at the computer; determine whether the key server stores particular decryption data, or credentials to access decryption data, that can decrypt the encrypted electronic document; in response to determining that the key server does not store particular decryption data that can decrypt the encrypted electronic document: store the electronic document in the quarantine; notify one of the users; receive from the one of the users the particular decryption data; decrypt the electronic document; scan the electronic document to identify specified content in the electronic document; and perform one or more responsive actions based on the specified content. As a result, encrypted content in documents or e-mail can be decrypted, scanned for viruses, malware, or prohibited content, and re-encrypted or delivered.

Abstract: One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message.

Abstract: A method for generating a network address in a communication network includes at least one user equipment and a network equipment. The method includes: a) providing a same shared secret key both at the at least one user equipment and at the network equipment; and b) generating at least a portion of the network address at the at least one user equipment and at the network equipment based upon at least the shared secret key.

Abstract: An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.

Abstract: Methods and systems for mutual authentication and personalizing a transaction device, such as a payment, transaction, or identity card. Successively generated one time codes are calculated by a first and second entity. One of the codes is transmitted to the second entity, which verifies the code is proper, then encrypts a second one time code using a third one time code and transmits the encrypted data to the first entity. The first entity decrypts the data using the third one time code, verifies the encrypted second one time code is proper, thereby mutually authenticating, and establishing a shared encryption key for subsequent communications, including transmission of personalization data.

Abstract: A method of communicating over a communications system includes determining that a communication event at a user terminal of the communications system requires use of a feature for processing data, the communication event being over the communications system and determining that the feature required by the communication event is not enabled for use at the user terminal when the communication event is initiated. Following the step of determining that the feature is not enabled, the method further includes retrieving a certificate enabling the use of the feature at the user terminal and using the feature at the user terminal to process data of the communication event.

Abstract: A method for authenticating messages in a communication network includes forming a super message having a plurality of individual messages such that at least two of the individual messages are intended for separate receiving entities. The method further includes creating a message authentication code (MAC) using a private key, such that the MAC is configured to permit authentication of the super message using a public key.

Abstract: A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted.

Abstract: A close-range mutual authentication system is described. A method may comprise receiving encoded connection information at a close-range input device of a client mode electronic device from a server mode electronic device; decoding the encoded connection information into one or more connection elements; establishing a communication connection with the server mode electronic device utilizing the connection elements; receiving authentication information at the client mode electronic device via the communication connection; authenticating the server mode electronic device to the client mode electronic device utilizing the authentication information; and generating one or more authentication elements responsive to authentication of the server mode electronic device for presentation via a close-range output device of the client mode electronic device, the one or more authentication elements configured to confirm authentication of the client mode electronic device to the server mode electronic device.

Abstract: Methods and system for implementing a clustered storage solution are provided. One embodiment is a storage controller that communicatively couples a host system with a storage device. The storage controller comprises an interface and a control unit. The interface is operable to communicate with the storage device. The control unit is operable to identify ownership information for a storage device, and to determine if the storage controller is authorized to access the storage device based on the ownership information. The storage controller is operable to indicate the existence of the storage device to the host system if the storage controller is authorized, and operable to hide the existence of the storage device from the host system if the storage controller is not authorized.

Abstract: An arrangement and corresponding method for authentication synchronizing cryptographic key information between a server and a client device, via data signals, where the client device at least comprises one client. The server is at least configured to generate and send to the client device a current encryption key and a next encryption key. The client device is at least configured to encrypt information on the client device using the next encryption key and the client device is at least configured to return a correct One Time Password using the current encryption key. As a consequence of the received correct One Time Password the server then knows that the client has received the current encryption key, used it and stored the information with the next encryption key.

Abstract: Embodiments of the present invention comprise systems and methods of creating monetary accounts for members in a social network. One aspect of one embodiment of the present invention comprises receiving transaction data associated with at least one member of a social network, associating a first member of the social network with a trust factor, associating a second member of the social network with another trust factor, and determining whether to create an account between the first member and second member, based at least in part on the trust factor of the first member and the trust factor of the second member. Another aspect of one embodiment of the present invention comprises receiving transaction data from a plurality of members of a social network, wherein each member has an associated trust factor, and resolving the transaction data based at least in part on the trust factors associated with the plurality of members.

Abstract: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.

Abstract: An approach is provided for authenticating a mobile device. A mobile device initiates transmission of a request to an authentication platform for generating a public-key certificate to access a service from the mobile device. The mobile device receives an identity challenge and responds by initiating transmission of a tag specific to the mobile device to the authentication platform. The authentication platform uses the tag to generate a public-key certificate.

Abstract: According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.

Abstract: Techniques for protecting digital content in a storage device from pirate and illegal use are described. According to one aspect of the techniques, a method for protecting digital content stored in a storage device from illegally accessing by a host, comprises: exchanging data between the storage device and the host to achieve a mutual authentication between the storage device and the host; disabling an encryption/decryption module in the storage device to prohibit the host from reading out the digital content decrypted by the encryption/decryption module until the authentication of the storage device to the host passes; and disabling the host to prohibit the host from reading out the digital content decrypted by the encryption/decryption module if the authentication of the host to the storage device fails. Thereby, pirate and illegal use of the digital content stored in the storage device are effectively prevented or decreased.

Abstract: In a system comprising a transient storage device (TSD) or other type of peripheral configured for communication with a host device, a first one-time password or other type of code is generated in the peripheral and transmitted to the host device. The first code is presented by the host device to an authentication server for authentication. The host device receives a second one-time password or other type of code from the authentication server and transmits it to the peripheral for authentication.

Abstract: A digital signature system and method are disclosed. The digital signature system may include a remote certificate server for storing and maintaining at least one digital certificate of a user by a service provider and a digital signature printer driver loaded on the user's computer for communicating with the service provider via a network, such as the Internet. The digital signature printer driver may obtain verification of the user's identity from the service provider via the network and electronically place on a printable document a digital signature of the user based on the remotely stored digital certificate. The system may further include a remote storage server for storing a digital copy of the digitally signed document. The digital signature may include a unique identifier for subsequent validation of the digital signature by the service provider.

Abstract: A data delivery apparatus including a storage adapted to store limited-access data which associates user data for specifying a user, with data, access to which is permitted or limited to the user; a function determination unit adapted to determine whether a destination device to which the limited-access data is to be transmitted has an access control function of permitting or limiting access to the limited-access data for each user; an authentication unit adapted to, when the limited-access data destination device is determined not to have the access control function, request input of authentication information and performing an authentication process using the input authentication information; and a transmission control unit adapted to, when the authentication process by said authentication unit is successful, transmitting the limited-access data to the destination device.

Abstract: The management apparatus 105a manages copying of information from an original recording medium 101a to a copy recording medium 102a. The management apparatus 105a comprises: a transmission/reception unit 701a configured to receive an original-medium identifier from the copying apparatus 104a and to transmit permission information to the copying apparatus 104a, the original-medium identifier identifying the original recording medium, and the permission information indicating permission for the copying of the information; and a control unit 708a configured to determine whether to permit the copying of the information based on the received original-medium identifier and a registered original-medium identifier that identifies a registered original recording medium, and to allow the transmission/reception unit 701a to transmit the permission information when determining to permit the copying.

Abstract: Techniques for binding multiple authentications for a peer are described. In one design, multiple authentications for the peer may be bound based on a unique identifier for the peer. The unique identifier may be a pseudo-random number and may be exchanged securely between the peer, an authentication server, and an authenticator in order to prevent a man-in-the-middle attack. Data for all authentications bound by the unique identifier may be exchanged securely based on one or more cryptographic keys generated by all or a subset of these authentications. In another design, multiple levels of security may be used for multiple authentications for a peer. The peer may perform a first authentication with a first authentication server and obtain a first cryptographic key and may also perform a second authentication with the first authentication server or a second authentication server and obtain a second cryptographic key. The peer may thereafter securely exchange data using the two keys using nested security.

Abstract: A method of improving storage security in a cloud environment includes interfacing a secure microcontroller with a storage controller associated with a client device in the cloud environment to authenticate a platform associated with the storage controller and registering the storage controller with an authentication server configured to be set up in the cloud environment. The method also includes authenticating the storage controller based on a communication protocol between the client device, the authentication server and the storage controller, and obtaining, at the client device, a signature data of the storage controller following the authentication thereof. The signature data is configured to be stored in the secure microcontroller interfaced with the storage controller.

Abstract: Provided are a method for authenticating a user terminal in an interface server, and an interface server and a user terminal using the same. The method includes receiving authentication request information from an application service providing server in order to request the interface server to authenticate the user terminal receiving an application service provided from the application service providing server, authenticating the user terminal according to the authenticating request information using an authentication method selected by the interface server or a user of the user terminal, and transmitting authentication response information including an authentication result of performing the authentication method to the application service providing server. The interface server provides an interface for a network to the application service providing server.

Abstract: Described are a system and method for securing an online transaction. A request is output from an electronic device to a verification server to perform an online transaction. The verification server generates a challenge request. The challenge request is encrypted with a private key of a pair of cryptographic keys. The encrypted challenge request is decrypted with a public key of the pair of cryptographic keys. The decrypted challenge request and the challenge request generated by the verification server are compared. A verification result is generated in response to the comparison.

Abstract: A method for preventing abuse of an Authentication Vector (AV) and a system and apparatus for implementing the method are provided. Access network information of a non-3rd Generation Partnership Project (3GPP) access network where a user resides is bound to an AV of the user, so that when the user accesses an Evolved Packet System (EPS) through the non-3GPP access network, even if an entity in the non-3GPP access network is breached, or an Evolved Packet Data Gateway (ePDG) connected to an untrusted non-3GPP access network is breached, the stolen AV cannot be applied to other non-3GPP access networks by an attacker.

Abstract: An information processing apparatus transmits, to another information processing apparatus, designation information that is used to specify at least one of an encrypted secret keys that can be decrypted using a first apparatus secret key, out of an encrypted secret key set contained in a first key management information, receives from the another information processing apparatus, the encrypted secret key specified by the designation information out of the encrypted secret key set contained in a second key management information, obtains a second secret key contained in the second key management information in a secret manner by decrypting the encrypted secret key received by the receiving unit using the first apparatus secret key, and performs the authentication process with the another information processing apparatus using the second secret key.

Abstract: A switching equipment stores identification information of communication established with respect to an infrastructure network system in a storage unit, and when an access request is received from a terminal device, the switching equipment adds the stored identification information to the access request and transfers the access request to a 1× Radius server. When the terminal device having requested the access is authenticated, the 1× Radius server notifies a PANA PAA of address information of the terminal device associated with the identification information added to the access request. The PANA PAA approves the same network access as the switching equipment with respect to the terminal device in the received address information.

Abstract: A system is provided that includes a first device and a second device. The second device is configured to communicate wirelessly with the first device. The first and second devices selectively reduce an operational range for communications before sharing a secret, the secret related to data encryption.