Abstract: An improved key encryption system is provided for encrypting sensitive data on a shared data store. Various embodiments contemplate a system where a plurality of data clients are connected to one or more shared data stores. A secure data storage facility is provided on one or more of the shared data stores by using an encryption scheme. Encryption keys for decrypting the sensitive data are stored on the same data store as sensitive data which may be decrypted using the encryption keys in question. To provide another layer of protection, the data encryption keys are themselves encrypted using a key encryption key (KEK), which is generated by, and stored in a local persistent data store associated with the data clients.

Abstract: An information processing system includes an information processing device, an image forming device, an authentication server performing authentication of a user and a relay server receiving an authentication request from the image forming device and establishing data communication with the authentication server. The information processing device attaches authentication information set in advance in a printer driver to the print job and sends to the image forming device, while sending user information indicating that the user is successfully authenticated in the authentication server to the relay server.

Abstract: A system for providing a trusted peer-based information verification system may include one or more processors and a memory. The one or more processors may facilitate steps of receiving an identification item from a server hosting a web site and providing a request for verification of the identification item to devices of trusted peers. The steps may further include receiving verification responses from the devices of the trusted peers. The verification responses may be indicative of whether identification items received by the devices of the trusted peers via the web site are different than the identification item received from the server hosting the web site. The steps may further include determining a validity of the identification item based on the verification responses received from the devices of the trusted peers. In one example the identification item may be a digital certificate, such as a public key certificate.

Abstract: A digital verified identification system and method are presented for verifying and/or authenticating the identification of an entity associated with an electronic file, such as, for example the digital signatory thereof. In particular, the system and method include a module generating assembly structured to receive at least one verification data element, and at least one digital identification module structured to be associated with at least one entity. The digital identification module is capable of being disposed or embedded within at least one electronic file. Further, the digital identification module includes at least one primary component structured to at least partially associate the digital identification module with the entity, and one or more metadata components.

Abstract: A method and authentication server provide a mobile key. According to the method, upon receipt of an authentication message (access authentication) that is transmitted when a subscriber logs on to the network, the authentication server extracts a subscriber identification contained in said message and generates a corresponding mobile key, which is stored together with the respective extracted subscriber identification. Upon subsequent receipt of a key request message (key request) that is transmitted when a subscriber registers, the authentication server extracts a mobile identification of the subscriber contained in said message and searches for an identical mobile identification, which can be derived in accordance with a configurable derivation function from a subscriber identification that is stored in the authentication server.

Abstract: A portable computing device configured to provide secure data communications with a network via a network communications interface. In one embodiment, the portable computing device includes a network security apparatus configured to communicate data with other network security apparatus over the network via the establishment of an association, the establishment of the association between the network security apparatus and the other network security apparatus resultant in the execution of a key generation algorithm configured to cause the network security apparatus and the other network security apparatus to exchange information utilized in the generation of cryptogaphic keys.

Abstract: Methods and apparatus in accordance with various embodiments provide for private service IDs for utilization in wireless devices in neighbor aware networks. One aspect of the subject matter described in the disclosure provides a method of transmitting service information in a wireless neighborhood aware network. The method includes generating a first message comprising a first service identifier, wherein the first service identifier includes a first hash value based on a service name and timing information, wherein the first hash value is generated by applying a first hash function. The method further includes transmitting the first message.

Abstract: A configuration for achieving efficient content verification processing based on hash values is provided. Hash values of hash units set as segmented data of a content stored on an information storage medium are recorded in a content hash table and are stored on the information storage medium together with the content. An information processing apparatus for executing content playback executes hash-value comparison processing based on one or more randomly selected hash values. Regardless of the data amount of content, the configuration can perform hash-value determination and comparison processing based on hash units having a small amount of data, so that user equipment for executing content playback can perform efficient content verification.

Abstract: There is provided a provisioning device which provides, in advance, setting information necessary for joining in a wireless network to a first field device which is to newly join the wireless network to exchange data with an existing field device that is installed in a plant. The provisioning device includes: a storage unit that stores a white list which contains unique information of the first field device and the setting information such that the unique information and the setting information are correlated with each other; a device information acquiring unit that acquires the unique information from the first field device by wireless communication; an extracting unit that extracts, from the white list, the setting information that is correlated with the acquired unique information; and a setting unit that sends the extracted setting information to the first field device by wireless communication.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: Arrangements described herein relate to accessing a cloud based service. Responsive to a user of a first communication device initiating access to the cloud based service via the first communication device, a prompt for a valid password to be entered to access the cloud based service can be received by the first communication device. Responsive to the valid password required to access the cloud based service not being stored on the first communication device, the first communication device can automatically retrieve the valid password from a second communication device via a peer-to-peer ad hoc communication link between the first communication device and the second communication device. The valid password can be automatically provided, by the first communication device, to a login service for the cloud based service to obtain access by the first communication device to the cloud based service.

Abstract: An infrastructure for securely communicating with electronic meters is described, which enables secure communication between a utility and a meter located at a customer, over a communication link or connection such as via a network. This enables messages to be sent from the utility to the meter and vice versa in a secure manner. The network provides a communication medium for communicating via the C12.22 protocol for secure metering. A cryptographic backend is used to cryptographically process messages to be sent to the meter and to similarly cryptographically process messages sent from the meter. By providing appropriate cryptographic measures such as key management, confidentiality and authentication, the meter can only interpret and process messages from a legitimate utility and the utility can ensure that the messages it receives are from a legitimate meter and contain legitimate information.

Abstract: Malware beaconing activity detection is disclosed, including: monitoring a plurality of conversations between an internal device and one or more external destinations; extracting feature sets based at least in part on the plurality of conversations; and determining that a conversation of the plurality of conversations is anomalous based at least in part on the extracted feature sets.

Abstract: In a downloadable conditional access system (DCAS), preferably all DCAS-specific code is implemented in a configurable secure (CS) processor that is in communication with the host processor. Preferably, no DCAS-specific code is executed in the host processor. The host processor delivers commands to the CS processor, which the CS processor performs to configure itself in accordance with the particular DCAS encryption scheme used by the DCAS. Once configured, the CS processor executes a DCAS software module that has been downloaded to the CS processor, which looks for the corresponding EMMs and ECMs, processes them to obtain the CW, and then uses the CW to decrypt the content stream.

Abstract: A network component comprising at least one processor coupled to a memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the attributes provide security features for the ONU and an optical line terminal (OLT). Also included is an apparatus comprising an ONU configured to couple to an OLT and comprising an OMCI ME, wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, and wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT.

Abstract: A method of authenticating a device involves establishing a local connection between a local target device and a local source device; at the source device, obtaining credentials of the target device via the local connection; at the source device, sending the credentials to a cloud authentication server via a secure communication channel; at the cloud authentication server, checking the credentials of the target device against a database of known good devices; at the source device, receiving a message from the cloud authentication server via the secure communication channel, said message indicating that the target device is authenticated; and delivering content from the source device to the target device on the condition that the target device is authenticated. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Abstract: A method and system for providing service access to a user, includes the steps of: a) Registering a local identity provider located in al local network at a global identity provider with a local identifier of the local identity provider, b) Requesting service access requiring identity authentication to a service provider by a user located in the local network, c) Requesting an identity management service from the global identity provider by the service provider, d) Redirecting the user's access request to the local identity provider according to the provided local identifier within the local network, e) Checking if the local identifier corresponds to the local network of the user, f) Providing the requested identity management service to the service provider by the global identity provider in accordance with a result of the checking according to step e), and g) Granting service access for the user to the service provider.

Abstract: A method of processing content according to a workflow, where a digital content is processed on one of a plurality of processing devices according to process definition associated to the content, includes the steps, iterated at the processing device, of: a) receiving from a server a signed workflow information, a workflow information comprising a status of the content processing, a signature of the process definition and a hash of the content; b) verifying the workflow information; c) when the workflow information is verified, processing the content according to the process definition and according to status of the content processing; d) updating and signing the workflow information; e) sending to the server the signed workflow information; and the steps iterated at the server of: f) receiving from a processing device a signed workflow information; g) publishing the signed workflow information received from the processing device. A system for performing the method is also provided.

Abstract: A method for secure and anonymous electronic communication via cryptography-facilitated delivery. The method handles and delivers messages such that the intended recipients are not revealed to any third party, nor is the sender revealed to any third party other than the server (or equivalent distribution mechanism). Messages are cryptographically signed and encrypted by the sender, after which the resulting encrypted payloads are distributed to all clients. Clients then attempt to decrypt the payloads, where successful decryption indicates that a client is the intended recipient of a message. The decrypted message is then processed with all known public keys (of which the client is aware) to determine whether any of the keys successfully validate the message against the included signature provided by the sender. If the message is successfully validated, the recipient has successfully received the message and identified the sender.

Abstract: A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that includes programming data for use by the mobile communication device, decrypting the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message, determining a schedule for providing messages from a secure device processor to a secure element of the mobile communication device where the secure device processor is separate from the secure element and in communication with the secure element, and providing the decrypted over-the-air programming message to the secure element according to the schedule. Other embodiments are disclosed.

Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.

Abstract: A method of receiving, by a memory card, a rights object (RO) from a rights issuer (RI) via a terminal. The method includes: receiving from the terminal, a provisioning setup request message including information about a size of rights to be installed in the memory card; checking whether there is a space in the memory card for the rights; transmitting, to the terminal, a provisioning setup response message including a status indicating a result of processing the provisioning setup request message; and receiving, from the terminal, a rights provisioning request message for installing the rights into the memory card, the rights provisioning request message including rights information. The rights information is based on rights being extracted from a RO response message if a device identifier (ID) in the RO response message matches an ID of the memory card which is different from an ID of the terminal.

Abstract: An e-mail server decrypts attachments of an e-mail message with a key associated with a sending device such that failure of the decryption indicates the e-mail message can be harmful. The sending device inserts its device identifier into the e-mail message as a header and uses an encryption key associated with the device identifier and a digital fingerprint of the sending device to encrypt all attachments of the e-mail message. The delivering e-mail server processes the e-mail message. If the e-mail message contains no identifier, if no key is associated with the parsed identifier, or if attempted encryption fails, the e-mail server determines that the e-mail message is potentially harmful and disarms the e-mail message.

Abstract: To protect sensitive data in program code, a method includes providing a programming interface with a capability of allocating a protected region of memory which can only be accessed by authorized code. Sensitive data present in program code is stored in the protected region of memory. The method includes marking parts of code in a program as authorized or not authorized to access the sensitive data, and determining if that part of a program which is executing is authorized to access protected data by reference to the marking.

Abstract: A method of anonymous access to a service, comprising the allocation, by at least one certifying entity, of a plurality of certificates to a user entity, the certificates being calculated on the basis of at least one attribute associated with the user entity, the calculation, by the user entity, of an aggregated certificate on the basis of a plurality of certificates among the certificates allocated to the user entity, the calculation, by the user entity, of a proof of knowledge of the aggregated certificate and a verification, performed by a verifying entity, of at least one of these certificates by means of said proof of knowledge, the access to the service being provided by the verifying entity to the user entity as a function of the result of this verification.

Abstract: A web server authenticates a user with a web client using a database user table and provides a list of new applications, suspended application sessions, and running application sessions. In response to a request for a new application session, a connection is made from an agent server to an application server hosting the requested application, and connection information including a unique session_ID is added to a database session table such that the client can send a user selection for a session_ID to the web server, which associates the requested session_ID to an existing suspended or running application session using the connection database. For additional security, the client is determined to be trusted or untrusted, and if untrusted, connections to the client are made through a forwarding host, which makes connections to the agent server, and the agent server maintains persistent connections from the agent server to the application server.

Abstract: Systems and methods for providing secured network access are provided. A user device located within range of a branded hotspot initiates a request for the secured network access. The request concerns secured network access at the hotspot by the user device and includes a unique pre-shared key. A query regarding the unique pre-shared key is sent to a database, which retrieves information regarding a corresponding pre-shared key. That information is sent to the hotspot controller, which allows the user device secured network access as governed by one or more parameters associated with the pre-shared key.

Abstract: Systems, devices, and methods for outputting an alert on a mobile device to indicate the use of a weak hash function are disclosed herein. In one example embodiment, the method comprises receiving data (e.g. from a server) that identifies at least one first hash function, identifying a hash digest generated using a second hash function, determining if the second hash function is weak using the received data, and outputting an alert indicating that the second hash function is weak if it is determined that the second hash function is weak.

Abstract: Methods and systems of concealing access patterns to data storage, such as within servers of a cloud computing environment are presented. Server data storage is securely partitioned into smaller electronic data storage partitions of predetermined size. The client side maintains a shuffling buffer and position map for these blocks as stored on the electronic data storage partitions of the server. Concealment is performed with respect to accesses from the client to server using an oblivious sorting protocol. Access operation is concealed with each block being randomly assigned to any of the data storage partitions, and whenever a block is accessed, the block is logically removed from its current partition and logically assigned to a fresh random partition selected from all partitions, while the client maintains tracking of which partition each block is associated with at any point of time.

Abstract: System and method embodiments are provided for asynchronous event notification and message handling in dynamic adaptive streaming over hypertext transfer protocol (DASH). The embodiments includes sending in a segment file, from a network server to a client, a message box that is configurable for encryption, for scheduling a callback from the client, and with one or more arguments according to a messaging scheme of the message box. The network server further sends a message handling descriptor to the client for reloading a media presentation description (MPD) for obtaining a DASH event. The client then configures a universal resource locator (URL) for the MPD using the message box and the message handling descriptor, and sends the URL back to the network server. After receiving the URL, the network server sends the MPD to the client, which then uses the MPD to request segments of an asynchronous event.

Abstract: In one embodiment, receiving a notice from a first user associated with a first mobile device indicating that the first user wishes to share information of the first user with one or more second users respectively associated with one or more second mobile devices; accessing information known about one or more users and one or more mobile devices respectively associated with the one or more users; identifying at least one candidate for the first user based on the information known about the one or more users and the one or more mobile devices; and confirming one or more of the at least one candidate as the one or more second users.

Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

Abstract: Techniques for verifying the transfer from a content provider of a selected data file selected by a client device using a proxy server is disclosed. By creating a local set of characteristics of the selected data file, network traffic sent between the client device and the content provider can be monitored. A local record of a transfer session is then created, and a download request from the client device is received and forwarded, thus initiating the transfer of the selected data file to the content provider. A data file is then received from the content provider and forwarded to the client device. The characteristics of the received data file are evaluated, thus allowing verification that the characteristics of the received data file match the local set of characteristics of the selected data file to take place. Finally, the received data file is forwarded to the client device.

Abstract: Devices and methods are disclosed which relate to managing multiple public user identifiers (PUIDs) in a database by setting customizable access rules and requiring authorization from applications for access. These PUIDs can be virtually any electronic identifier such as a telephone number, email address, FACEBOOK name, etc. The PUID database is on the memory of a mobile communication device. Applications on the mobile communication device or on the network request access to the PUID database. Access logic on the mobile communication device checks another database of PUID Access Policies and Preferences (PAPP) for authorization. The PAPP database may allow the application immediate access, deny access, or query the user for allowance. The PUID database and PAPP database are on a server on a network.

Abstract: A computer-implemented method for generating secure passwords may include 1) displaying a user interface for entering a textual password, 2) receiving user input via the user interface to select a color for at least one character of the textual password, 3) displaying the entered textual password via the user interface by displaying the character in the selected color and by displaying at least one additional character in at least one additional color, and 4) generating a modified textual password by encoding the textual password with information relating the selected color to the character. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention provides cost efficient two way authentication method in which the authentication module can be provided as a Plug and Play (PnP) architecture enabling dual layer security with reduced cost where the actions are initiated by a server and user input is received through an audio session for added security. The second level authentication can be carried out with mobile as client device making it cost efficient. The invention can be hosted as an independent service or can be integrated with existing authentication mechanisms, making it elegant for usage.

Abstract: An authentication processing device receives biometric data to be checked from a biometric measuring device; transforms the biometric data that is input from the biometric measuring device by using a checking transformation parameter that is different from a registration transformation parameter; and creates checking biometric data. Then, the authentication processing device performs a differential transformation process on the created checking biometric data by using a differential parameter by which a transformation state transformed by the checking transformation parameter and a transformation state transformed by the registration transformation parameter have the same state. Thereafter, the authentication processing device checks the transformed checking biometric data against the registration biometric data stored in a transformation registration data DB and performs authentication.

Abstract: A cryptographic process is provided which allows a server to verify that a client device is genuine. The client device is provisioned with first and second data elements and a key which can be stored in fuses at the time of manufacture. When the client device requests digital content such as multimedia from the server, the server issues a genuineness challenge to the client device. The genuineness challenge is a message which includes a message authentication code (MAC) derived from a secret key of the server, in addition to an encrypted timestamp nonce. The client device prepares a response which includes a MAC derived from the client's key and the genuineness challenge. The response also includes the first and second data elements but not the client's key. The server processes the response to confirm that the client device is genuine.

Abstract: A transmission terminal transmits video data and display data of a screen shared with another transmission terminal to the other transmission terminal via a predetermined relay apparatus. The transmission terminal includes a storage unit that stores relay apparatus information of the relay apparatus to which the transmission terminal transmits the video data; a receive unit that receives the display data from an external input apparatus connected to the transmission terminal; and a transmitting unit that transmits the display data received by the receive unit to the relay apparatus indicated by the relay apparatus information stored in the storage unit.

Abstract: When the terminal device attempts to use a special content, which has an attribute including information distinguishing the special content from regular contents and is stored in the recording medium device, the recording medium device refers to the revocation information indicating terminal devices restricted from using the special content. When the recording medium device determines the terminal device as a terminal device to be restricted from using the special content based on the terminal identifying information of the terminal device, the usage information output unit of the recording medium device does not transmit the necessary information for using the special content to the terminal device.

Abstract: Cross Site Request Forgery (CSRF) and other types of fraudulent submission can be mitigated using state information that typically is already maintained for various users. Each submission requiring authentication can include a state identifier (ID). The state ID can be compared to a corresponding secure state ID stored in a secure location, such as in a secure token or cookie or in a variable on a page that can only be accessed by code executing in the same security context as the site to which the request is made. If the received state ID is valid and matches the secure state ID, the submission is processed. Otherwise, an interstitial element is generated to prompt the user to confirm the prior submission. A subsequent confirmation submission confirming the prior submission and containing the proper state ID can be processed. If no such confirmation is received, the submission is not processed.

Abstract: The systems and methods described herein can be used for enhancing the security of computer passwords by electronically receiving a password, the password comprising a plurality of components, each of the components being of a type of component, storing the received password in an electronic data store, converting the stored password to a topological representation of the password by which each of the plurality of components is represented and stored as its type of component, and storing the topological representation of the password in an electronic data store.

Abstract: A method of establishing secure communications between a first computer, eg a client computer, and a second computer, eg a web server, whereby the client computer receives one or more security policies relating to the web server. A client application examines the client computer and preferably configures one or more aspects of the client computer in order to make it comply with the security policies. Once the web server receives the results of this examination and/or configuration process, it can determine whether the secure communications are to be established and whether any restrictions need to be placed on this communication and/or the activity conducted via the communication.

Abstract: Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway.

Abstract: Methods and systems are provided for efficient and secure “Machine-to-Machine” (M2M) between modules and servers. A module can communicate with a server by accessing the Internet, and the module can include a sensor and/or actuator. The module and server can utilize public key infrastructure (PKI) such as public keys to encrypt messages. The module and server can use private keys to generate digital signatures for datagrams sent and decrypt messages received. The module can internally derive pairs of private/public keys using cryptographic algorithms and a set of parameters. A server can use a shared secret key to authenticate the submission of derived public keys with an associated module identity. For the very first submission of a public key derived the module, the shared secret key can comprise a pre-shared secret key which can be loaded into the module using a pre-shared secret key code.

Abstract: A method and system for generating ciphertext and message authentication codes utilizing shared hardware are disclosed. According to one embodiment, a method is provided of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware. In the described embodiment, plaintext message data is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules. Thereafter, a first message authentication code (MAC) associated with a first authenticated encryption mode and a second MAC associated with a second authenticated encryption mode are generated. More specifically, the first MAC is generated utilizing the plaintext message data and first authenticated encryption hardware module and ciphertext message data and the second MAC are generated utilizing the plaintext message data and second authenticated encryption hardware module.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender's domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication.

Abstract: A user authentication method and apparatus are disclosed. One embodiment of the invention can provide a method for authenticating a user from a server that includes: (a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and (b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID.

Abstract: A computer device includes means for receiving a request for at least one random number; means for generating a message authentication code from the identifier and at least one random number to be transmitted; and means for creating a message for transmission, including the random number in plain text and the message authentication code. A random number distribution system includes the computer device; a communication network; and a receiver device connectable to the computer device via the network to transmit requests for random numbers to the computer device and to receive messages from the computer device.