Abstract: A method for deriving a key during an inter-network handover is provided. The method comprises: obtaining first key information from a first relocation request message, in response to receipt of said first relocation request message which reaches a target network entity first; deriving a key for handover based at least in part on said first key information; and generating an indicator for indicating that the key is derived based at least in part on said first key information.

Abstract: According to one embodiment, a server includes a message communicator, a key information storage, and a key controller. The message communicator is configured to communicate a message to a client. The key information storage is configured to store key information including at least a key value being value of key, a validity term of key, and assignment information of key. The key controller is configured to generate a key notification message including a key value of the client and a key update time when the message communicator receives a key request message from an authenticated client. The key value is corresponding with the assignment of the key information. The key update time decides from the validity term of the key and a validity term of authentication succeeded state of the client. The message communicator transmits the key notification message to the client.

Abstract: The present invention provides a method of route optimization involving a first mobile device associated with a first home gateway. One embodiment of the method is implemented in a first mobility forwarding entity and includes registering the first mobile device at the first mobility forwarding entity. The first mobile device is registered using a session key included in a registration message transmitted by the first mobile device. The embodiment also includes establishing a secure route between the first mobility forwarding entity and a terminating node using the session key. The secure route bypasses the first home gateway.

Abstract: In some embodiments, a method includes obtaining an object code of an application executed on a mobile device. The application is created by an author different from an operator of a data source. The method includes loading dynamically at least one intercept point into the object code, wherein the intercept point is to detect a predetermined input gesture. The method further includes, responsive to an input gesture being received within a context of the application at the mobile device and the input gesture matching the predetermined input gesture: (1) overlaying a user interface within the context of the application, the user interface permitting selection of data items from the data source; (2) determining from a selection signal received at the mobile device, a selected data item; (3) responsive to the determining, loading the selected data item into the context of the application; and (4) removing the user interface overlay.

Abstract: A method including: generating a random identification token on a computer, said identification token identifying the computer; modulating the identification token to an audio signal on the computer; causing, with the computer, a speaker to emit the audio signal; receiving, at video conference device, the audio signal with a microphone associated with the video conference device; demodulating the audio signal to the identification token in the video conference device; sending at least the identification token and a unique identifier of the video conference device to the computer; and establishing a communication session through a communication network, that both the computer and video conference device are communicatively connected to, from the computer to the video conference device enabling control of, and data transfer to, the video conference device from the computer.

Abstract: Methods and systems for causing a device to join a local area network or fabric. A joining device sends an indication that the electronic device is not connected to a network type and receives a device ID for an assisting device to assist the electronic device in joining a network of the network type. Moreover, the assisting device resides on the network. The joining device then authenticates to the assisting device from the assisting device and receives network credentials for the network. Furthermore, the joining device joins the network using the network credentials.

Abstract: The disclosure discloses a key sharing method for a Machine Type Communication (MTC) server, wherein when establishing a safe connection and performs safe communications with a first MTC server via a Generic Bootstrapping Architecture (GBA) process, an MTC device may send a second MTC server a request message containing a bootstrapping identifier (B-TID) currently used by the MTC device and the first MTC server and a host identifier NAF-ID1 of the first MTC server; the second MTC server sends a Bootstrapping Server Function (BSF) an authentication request containing a host identifier NAF-ID2 of the second MTC server, the B-TID, and NAF-ID; after verifying the validity of NAF-ID2 and NAF-ID1, the BSF generates a session key KNAF according to the B-TID and the NAF-ID1, and sends the generated KNAF to the second MTC server. Accordingly, the disclosure further discloses a key sharing system for an MTC server.

Abstract: In a network authentication method, a client device stores a certificate reference mapped uniquely to a certificate, which is assigned to an end user, and a reference private key obtained by encrypting a private key with a PIN code determined by the end user. The client device generates a digital signature for transaction data associated with the certification reference using a current key that is obtained by decrypting the reference private key with a user input code obtained through an input operation. A verification server verifies, based on a public key of a stored certificate, whether a received digital signature is signed with the private key, and obtains from the digital signature the transaction data when verification result is affirmative.

Abstract: A system includes: a first radio base station including: a first processor which performs processes to transmit and receive a first encryption key, and an first interface which transmits or receives the encapsulated packet, the second radio base station includes: a second interface which transmits or receives the encapsulated packet; and a second processor which encrypts or decrypts the packet with the first encryption key, the host node includes: a third processor which encrypts or decrypts the packet, and during processing of a handover of the mobile station, the host node transmits the packet encrypted with the first encryption key to the first radio base station, the first radio base station transmits the packet to the second radio base station by the tunneling, and the second radio base station decapsulates the packet, decrypts the packet with the first encryption key, and then transmits the packet to the mobile station.

Abstract: A computer implemented method, server computer and computer program for securely storing a data file via a computer communication network and open cloud services. The method includes: providing a user's computer with code for providing a unique user name; asking the user for a password; generating an asymmetric key pair having one public key and one private key; encrypting the private key via a hash of the password; generating a file-specific symmetric key specific for the data file; encrypting the data file via the file-specific symmetric key; encrypting the file-specific symmetric key via the public key; where the code is executed by a web browser on the computer; storing the encrypted file-specific symmetric key as a header part of the encrypted data file, and interacting with the file exchange interface of a cloud service which receives the encrypted data file, and storing the encrypted data file and header part.

Abstract: A method of delivering an audio and/or visual media file including, for example, one or more of full or partial master recordings of songs, musical compositions, ringtones, videos, films, television shows, personal recordings, animation and combinations thereof, over the air wirelessly, from one or more servers to an electronic device with or without an Internet connection, said method comprising transmitting and audio and/or visual media file in compressed format to said electronic device, and wherein the electronic device is effective to receive said audio and/or visual file and playback said audio and/or visual content on demand by a user.

Abstract: Embodiments of the present invention provide a service packet forwarding and processing method and system, and an access point AP. Change information of a packet forwarding path of a mobile terminal STA is obtained. A path update packet is sent to a forwarding device according to the change information of the packet forwarding path of the STA, so that the forwarding device performs update processing on the forwarding path of the STA according to the path update packet.

Abstract: A methods and apparatus may be used for accelerated link setup. A method may include a station (STA) acquiring information about an access point of an Institute of Electrical and Electronics Engineers (IEEE) 802.11 network in advance through a previously connected IEEE 802.11 interface and/or an interface other than the IEEE 802.11 network. The STA may use the acquired information during a link setup procedure between the STA and the access point. The information may include a suggestion for a specific procedure to complete the link setup procedure between the STA and the access point.

Abstract: A method of delivering an audio and/or visual media file including, for example, one or more of full or partial master recordings of songs, musical compositions, ringtones, videos, films, television shows, personal recordings, animation and combinations thereof, over the air wirelessly, from one or more servers to an electronic device with or without an Internet connection, said method comprising transmitting and audio and/or visual media file in compressed format to said electronic device, and wherein the electronic device is effective to receive said audio and/or visual file and playback said audio and/or visual content on demand by a user.

Abstract: A method and an apparatus for providing Machine-to-Machine (M2M) service are provided. A method of providing service by an M2M device includes transmitting a request for service to a Network Security Capability (NSEC), the request for service comprising a identifier of a Device Service Capability Layer (DSCL) of the M2M device, performing an Extensible Authentication Protocol (EAP) authentication with an M2M Authentication Server (MAS) via the NSEC, and generating, if the EAP authentication is successful, a service key using a Master Session Key (MSK), a first constant string, and the identifier of the DSCL.

Abstract: A method of delivering an audio and/or visual media file including, for example, one or more of full or partial master recordings of songs, musical compositions, ringtones, videos, films, television shows, personal recordings, animation and combinations thereof, over the air wirelessly, from one or more servers to an electronic device with or without an Internet connection, said method comprising transmitting and audio and/or visual media file in compressed format to said electronic device, and wherein the electronic device is effective to receive said audio and/or visual file and playback said audio and/or visual content on demand by a user.

Abstract: Systems and methods for secure peer-to-peer communication are disclosed herein. Various embodiments of the present invention advantageously enable authentication of a remote device, but without the use of a PKI certificate, and more generally, without requiring involvement from outside parties. In an exemplary embodiment, a password-protected message may be sent to a remote device, the password-protected message containing a unique identifier of a local device and a locally generated random number. Upon accessing the password-protected message, the remote device may reply to the local device including its own unique identifier and a remotely generated random number, where the reply is encrypted using the locally generated random number. An acknowledgement message may then be sent to the remote device including a mutually unique key, where the acknowledgement message is encrypted using the remotely generated random number.

Abstract: Embodiments of systems and methods for client and/or server authentication are provided. In one embodiment, a method includes sending information from a mobile network device to a server, wherein the information comprises a seed that is used by both the mobile network device and the server to compute a series of one time passwords. The method also includes receiving, by the mobile network device, a succession of one time passwords generated by the server throughout a session. And the method further includes comparing the received one time passwords generated by the server throughout the session to corresponding one time passwords generated at the mobile network device. In this manner, the server can be authenticated. In various embodiments, the process may be reversed to facilitate client authentication, e.g., mobile network device authentication.

Abstract: A mobile device and a method for providing a tethering service via a security mode and a list of preferred mobile devices are provided. The method includes determining, when the mobile device receives a connection request from a client mobile device, a number of client mobile devices that are currently connected to the mobile device, determining, when the number of connected client mobile devices is less than a preset maximum connection number, the number of created Basic Service Sets (BSSs), determining, when the number of BSSs is less than a preset maximum creation number, the identification-information regarding the client mobile device that requested connection, and providing a tethering service to the client mobile device according to the determined identification-information.

Abstract: A method and apparatus can be configured to transmit indicators to a network entity. The indicators indicate whether security will be applied to a media data, whether security will be applied by an application layer, and whether security will be applied by an evolved-packet-system layer. The method can also include transmitting the media data to the network entity.

Abstract: There is provided a method of a server system including identifying a first token and a second token based on an identifier received from a first external information processing apparatus, acquiring data from the first external information processing apparatus with use of the first token, generating a document from the acquired data, transmitting the second token to an authentication processing apparatus, acquiring a verification result of the second token from the authentication processing apparatus, and transmitting the generated document to a second external information processing apparatus with use of the second token.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.

Abstract: A scalar multiplication unit references a t-bit sequence representing a random number k one bit at a time from the most significant bit, and upon each referencing, sets in a work variable R[0] a value obtained by doubling a specific point G on an elliptic curve set in a scalar multiplication variable R, and sets in a work variable R[1] a value obtained by adding the specific point G to the work variable R[0]. The scalar multiplication unit 122 sets the work variable R[0] in the scalar multiplication variable R if the value of the referenced bit is 0, and sets the work variable R[1] in the scalar multiplication variable R if the value of the referenced bit is 1. A scalar multiple point output unit 123 outputs as a scalar multiple point kG a value obtained by subtracting a constant value 2tG from the scalar multiplication variable R.

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract: An LSI includes a first decryptor which receives first encrypted key data, and decrypts the first encrypted key data using a first cryptographic key, thereby generating first decrypted key data, a second cryptographic key generator which generates a second cryptographic key based on a second ID, a second encryptor which encrypts the first decrypted key data using the second cryptographic key, thereby generating second encrypted key data, and a second decryptor which decrypts the second encrypted key data using the second cryptographic key, thereby generating second decrypted key data. At a time of key setting, the second encryptor stores the second encrypted key data in a storage unit. At a time of key usage, the second decryptor reads the second encrypted key data from the storage unit.

Abstract: The present disclosure describes a method and apparatus for user identity verification as a user migrates amongst systems, servers, computing environments and/or segments within a cloud computing environment. A user currently accessing a first system seeks to migrate from the first system to a target system. The target system validates whether the user may access the target system based on a first private key and a first public key. A verification system maintains a second public key that is based on an identity of the user and inaccessible to the user. The verification system receives a second private key from an initial system of the user. Based on the second private/public keys, the verification system sends a validation of user identity to the target system.

Abstract: Disclosed are an apparatus and method of performing automated administrative operations on a mobile device. One example method may include determining via a hosted server that an action needs to be performed by a mobile device under management. The method may further include generating a message via the hosted server, the message includes the action, and transmitting the message to the mobile device under management, and receiving a result message from the mobile device under management responsive to the transmitted message, the result message indicating that the action has been satisfied.

Abstract: Methods and devices are provided for managing licenses in gaming networks. Some aspects of the invention are provided as a license manager module that operates as part of a server-based system for provisioning and configuring gaming machines. Security and authentication techniques are provided to prevent unauthorized gaming software usage. Such gaming software may be, for example, downloaded to gaming machines in the network under the control of a gaming establishment's game management server that is in communication with a license manager device. In preferred implementations, a gaming machine is prevented from executing software for a game of chance unless the license for that game is valid and has not expired.

Abstract: Given the rise in popularity of communicating personal, private, sensitive, or vital peer-to-peer or peer-to-group information over insecure text messaging infrastructure, it would be highly desirable to provide a lightweight solution that enables the exchange of information in a secure manner. The non-limiting technology herein provides systems and methods for the exchange of cryptographic material that can be used to encipher message-oriented communications between at least two peer devices. Once the cryptographic material is exchanged between cooperating peers, this lightweight solution can be used by common off the shelf hardware such as smartphones, tablets, feature phones, or special purpose machine to machine devices for private communications, such as command and control, location services, etc. using insecure voice or data communication paths, such as SMS.

Abstract: A device authentication server authenticates a remotely located device using a detailed history of movement of the device. Such movement history is represented by data representing a history of the external state of the device within a physical environment, examples of which include accelerometer logs, orientation logs, and magnetic field logs. To authentication of the device, the device authentication server sends a device key challenge to the device. The device key challenge specifies a randomized selection of device attribute parts to be collected from the device and the manner in which the device attribute parts are to be combined to form a device key. The device key is data that identifies and authenticates the device and includes a device identifier and device environmental data for comparison to reference device environmental data.

Abstract: A replaceable printer component includes a first memory device and a communication link. The first memory device is configured to store a first secret. The communication link is configured to communicatively link the first memory device to a printer controller when the replaceable printer component is installed in a printing system. The printing system comprises a second memory device storing a second secret. The second memory device is communicatively linked to the printer controller. The printer controller is configured to determine an authenticity of the replaceable printer component based on the first secret and the second secret.

Abstract: Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system based on at least one criteria and an established identity with a first system. The method includes receiving criteria, such as at least one predefined attribute. Also received from a user known to a first system is a request for network access to a second system, the request having at least one identifier. The first system is then queried with the identifier for attributes associated with the user. The attributes associated with the user are evaluated to the predefined attribute(s). In response to at least one attribute associated with the user correlating to the predefined attribute(s), providing a certificate with at least one characteristic for network access on the second system to the user. An associated system for providing a Certificate is also provided.

Abstract: A method for communicating messages by a mobile device via a sound medium is disclosed. The mobile device receives input sounds from at least one mobile device via the sound medium. From the input sounds, an input sound signal carrying a first message encoded with a first key is detected. The mobile device decodes the first message based on a matching key. An output sound signal carrying a second message encoded with a second key is generated. Further, the mobile device transmits an output sound corresponding to the output sound signal via the sound medium.

Abstract: A system encrypts a private key with a master key and includes a storage device for storing a protected private key at a site location, a processor that determines a plurality of derivatives by selecting an order of site characteristics from a plurality of disjoint sets of site characteristics unique to a software installation or site location, wherein the processor applies a hash algorithm to each site characteristic. The system further includes a buffer storage device for storing an order of random selections of the site characteristics for the derivatives. The system encrypts the master key with the derivatives and additionally stores the encrypted form of the master key in a storage device.

Abstract: Authentication devices and methods for generating dynamic credentials are disclosed. The authentication devices include a communication interface for communicating with a security device such as a smart card.

Abstract: A method of delivering an audio and/or visual media file including, for example, one or more of full or partial master recordings of songs, musical compositions, ringtones, videos, films, television shows, personal recordings, animation and combinations thereof, over the air wirelessly, from one or more servers to an electronic device with or without an Internet connection, said method comprising transmitting and audio and/or visual media file in compressed format to said electronic device, and wherein the electronic device is effective to receive said audio and/or visual file and playback said audio and/or visual content on demand by a user.

Abstract: A method of delivering an audio and/or visual media file including, for example, one or more of full or partial master recordings of songs, musical compositions, ringtones, videos, films, television shows, personal recordings, animation and combinations thereof, over the air wirelessly, from one or more servers to an electronic device with or without an Internet connection, said method comprising transmitting and audio and/or visual media file in compressed format to said electronic device, and wherein the electronic device is effective to receive said audio and/or visual file and playback said audio and/or visual content on demand by a user.

Abstract: A method for generating and delivering a message via a web service is provided. A message for a recipient is converted to a URL and sent. A request is received from a sender having a first type of security to send a message also having the first type of security to the recipient having a second type of security. A URL message is created in response to receiving the request to send the message to the recipient and the URL message is sent to the recipient. A URL message response is received from the recipient and provides a landing message to the recipient in response to receiving the URL message response. The landing message includes a hint requesting an answer from the recipient. An answer is received from the recipient and the message is sent to the recipient using the second type of security in response to receiving the answer.

Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.

Abstract: A first communication apparatus that functions as a providing apparatus that provides an encryption key or as a receiving apparatus that receives an encryption key provided by a providing apparatus, and that performs a key sharing process for sharing an encryption key with another apparatus, confirms whether or not the first communication apparatus functioned as the providing apparatus in the key sharing process performed among a plurality of apparatuses present on a network in which the first communication apparatus is joining; compares identification information of a second communication apparatus that has newly joined the network with identification information of the first communication apparatus; and determines whether or not the first communication apparatus is to function as a providing apparatus in the key sharing process performed between the first and the second communication apparatuses based on the result of the confirmation and the comparison.

Abstract: A computer receives, from a target device via a communication apparatus that is capable of accessing the target device, an issuance request for issuing key information unique to the target device. The computer generates the key information upon reception of the issuance request. The computer stores an address allocated to the communication apparatus and the key information in association with each other. The computer transmits the key information to the target device via the communication apparatus. The computer receives, from the communication apparatus, the key information and a registration request for registering a relay apparatus for relaying communication between the computer and the target device. The computer registers the communication apparatus as the relay apparatus when the address allocated to the communication apparatus and the address stored in association with the received key information match each other.

Abstract: Methods and apparatuses are presented for obtaining authorized access from a terminal to a discovered location server. The methods may include switching from a first network that does not support authenticated access from the terminal to a home location server to a second network that does support authenticated access from the terminal to the home location server. Authenticated access to the home location server may be obtained using the second network. Authorization for the discovered location server may then be obtained from the home location server. The terminal may then switch from the second network back to the first network. The terminal may then access the discovered location server using the first network based on the obtained authorization from the home location server.

Abstract: A client is authenticated by a server receiving an initial request from the client at the beginning of a session. The server receiving the initial request generates an authentication token and returns the authentication token to the client in response to the client being authenticated. The user's credentials used to authenticate the client are stored in the authentication token along with other information. After receiving the authentication token from the server that generated the authentication token, the client passes the authentication token with each of the future requests to the pool of servers. Using the client to pass the transferrable authentication token, the servers share the user's identity/credentials in a decentralized manner. Any server from the shared pool of servers that receives a subsequent client request is able to decrypt the token and re-authenticate the user without having to prompt the client for authentication credentials again.

Abstract: Aspects of the present disclosure are directed to methods and systems dynamic trust federation. In one aspect, a computer implemented method may include a security token that enables sign-on into a group applications based on applicable trust criteria. In one aspect, when a user interacts with one application in the group, the trust is elevated through the application internal authentication application program interface (API). The trust may be included in the security token to make available to other applications in the group. Applications can be in multiple groups with variable level of authentication based on location and other transactions variables.

Abstract: Disclosed is a method for transitioning an enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using a first enhanced security context root key associated with a UTRAN/GERAN-based serving network and a first information element. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second enhanced security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, the second enhanced security context root key from the first enhanced security context root key using the s first and second session keys as inputs. The remote station protects wireless communications, on the E-UTRAN-based serving network, based on the second enhanced security context root key.

Abstract: A method, system and apparatus for implementing secure call forwarding are provided in the present invention. The method includes: a calling party calling a called party, the called party triggering the subscribed call forwarding service; a key management server (KMS) obtaining information of a legal call-forwarded party of the called party through an application server; the call-forwarded party obtaining a media key from the KMS; and the calling party establishing a call connection with the call-forwarded party.

Abstract: In an application, variants of a class may be generated and associated with different security permissions for the application. When a class is to be loaded, a determination is made as to the application's security permissions, e.g. by decoding a security token. The class is then retrieved from a repository that stores class variants matching the required security level. The retrieved class variant, which may have a full or a reduced functionality as appropriate for the security permission may then by loaded.

Abstract: A multi-tenant identity management (IDM) system enables IDM functions to be performed relative to various different customers' domains within a shared cloud computing environment and without replicating a separate IDM system for each separate domain. The IDM system can provide IDM functionality to service instances located within various different customers' domains while enforcing isolation between those domains. A cloud-wide identity store implemented as a single LDAP directory can contain identity information for multiple customers' domains. This single LDAP directory can store identities for entities for all tenants, in separate partitions or subtrees of the LDAP directory, each such partition or subtree being dedicated to a separate identity domain for a tenant. Components of the cloud computing environment ensure that LDAP entries within a particular subtree are accessible only to service instances that have been deployed to the identity domain that corresponds to that particular subtree.

Abstract: A system and method for automatically pairing wireless remotes to the control components of automated furniture items is provided. In embodiments, a pairing mode selection indication is received, indicating a universal mode selection or a normal mode selection. In universal mode, the control component and the remote device are automatically paired based on commands received from the remote device. In normal mode, the control component and the remote component are automatically paired upon confirmation that the unique ID of the remote device corresponds to an ID database. Having paired the control component with the remote device, the control component may execute commands received from at least one remote device. In embodiments, the pairing method includes applying priority rules for particular remote devices. Further, the automatic pairing of remote devices may include varying levels of authorization for different users.