Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Particular communication authentication technique

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
713176000 Authentication by digital signature representation or digital watermark 689
713171000 Having key exchange 358
713170000 Authentication of an entity and a message 150
713169000 Mutual entity authentication 138
713175000 By generation of certificate 116
713172000 Intelligent token 91
713181000 Message digest travels with message 65
713180000 Generating specific digital signature type (e.g., blind, shared, or undeniable) 46
Entries
DocumentTitleDate
20110185173Method for Implementing Encryption and Device Thereof - The present invention provides an encryption method in which the encryption device stores data to be encrypted received via the input/output interface in its own memory, converts the data to be encrypted in the memory into a format required by the output device and transmits the converted data to the output device via the management interface, and the output device outputs the received information. The present invention also provides an encryption device for implementing the above method. The encryption device determines whether confirmation information has been received from a management interface, encrypts the data to be encrypted in the memory if the answer is positive, while performs no encryption or prompts to input correct confirmation information if the answer is negative. With the present invention, the user is allowed to view the contents to be actually encrypted, thereby avoiding such a case as signature counterfeiting or tampering.07-28-2011
20130031367Facilitating access control in peer-to-peer overlay networks - Methods and apparatuses are provided for facilitating access controls for digital objects stored within a peer-to-peer overlay network. A privacy-preserving method is provided for matching identities between a first peer node and a second peer node in a peer-to-peer network. Such identity matching may be used, for example, to ascertain whether the first peer node should provide access to certain digital object stored in the peer-to-peer overlay network. Rather than providing its identities in an unprotected format, the second peer may provide its identities to the first peer node in a concealed representation so as to prevent the first peer from learning about non-matching identities. Such concealed representation may be a data structure that cryptographically conceals one or more identities of the second peer node or a user of the second peer node within a shared data space of the data structure.01-31-2013
20130031366MANAGING ACCESS TO A SECURE CONTENT-PART OF A PPCD FOLLOWING INTRODUCTION OF THE PPCD INTO A WORKFLOW - In a method for managing access to a secure content-part of a PPCD following introduction of the PPCD into a workflow among a plurality of workflow participants, in a secure content manager, from a workflow participant of the plurality of workflow participants, a key-map file for a subsequent workflow participant that is to receive the key-map file is received, wherein the key-map file comprises a set of keys to enable the subsequent workflow participant to access the content-part in the PPCD. In addition, authenticity of the received key-map file is verified, the subsequent workflow participant to receive the PPCD is identified and authenticated, a public key of the subsequent workflow participant is accessed, the key map file or a symmetric key used to encrypt the key-map file prior to receipt of the key-map file by the secure content manager is encrypted using the public key of the subsequent workflow participant, and the encrypted key-map file is sent to the subsequent workflow participant.01-31-2013
20090217041PROVISIONAL SIGNATURE SCHEMES - A method and apparatus for implementing portions of a provisional signature scheme are disclosed. In one embodiment, the method comprises creating a provisional signature by performing an operation on a message and completing the provisional signature to create a final signature on the message. Such a scheme may be used for server assisted signature schemes, designated confirmer signature schemes and blind signature schemes.08-27-2009
20120204029METHOD AND SYSTEM FOR CONDUCTING AN ATTORNEY CLIENT PRIVILEGED CONFERENCE WITH THE LAWYER AT AN INDEPENDENT LOCATION - The present invention relates to a secure system for video conference between an attorney and their incarcerated inmate client. Client is positioned at a video conference terminal and attorney at their computer and the conference scheduled, confirmed and completed over the internet in a secure manner.08-09-2012
20090210706METHODS AND APPARATUS FOR CONDITIONAL ACCESS OF NON REAL-TIME CONTENT IN A DISTRIBUTION SYSTEM - Methods and apparatus for conditional access of non real-time (NRT) content in a distribution system. A method includes encrypting NRT content with a control word (CW) to generate encrypted NRT content, providing the CW to entitlement control message (ECM) generators, receiving ECMs from the ECM generators, wherein each ECM comprises a unique encryption of the CW to provide conditional access to the CW, and providing the encrypted NRT content and the ECMs for transmission over a distribution network. An apparatus includes a synchronizer configured to provide a CW to ECM generators and receive ECMs from the ECM generators, wherein each ECM comprises a unique encryption of the CW to provide conditional access to the CW, and a management module configured to encrypt the NRT content with the CW to generate encrypted NRT content and provide the encrypted NRT content and the ECMs for transmission over the distribution network.08-20-2009
20130046980HOME NODE-B APPARATUS AND SECURITY PROTOCOLS - A method for authenticating a home nodeB/home evolved node B (H(e)NB) with a network is disclosed. The method includes securely storing H(e)NB location information in a Trusted Environment (TrE); and securely sending the stored H(e)NB location information to the network via the TrE02-21-2013
20130046979PROTECTING THE INFORMATION ENCODED IN A BLOOM FILTER USING ENCODED BITS OF DATA - Illustrated is a system and method that includes identifying data stored as an entry in a list. The system and method also includes truncating the entry to create a truncated entry. It further includes transforming the truncated entry into a hash, the hash used to set an index position value within a Bloom filter. The system and method also includes an interface module to transmit the Bloom filter.02-21-2013
20120173875METHOD AND APPARATUS FOR PROVIDING SECURE COMMUNICATION IN A SELF-ORGANIZING NETWORK - A communication system provides secure communication between two nodes in a self-organizing network without the need for a centralized security or control device. A first node of the two nodes is provisioned with one or more security profiles, auto-discovers a second node of the two nodes, authenticates the second node based on a security profile of the one or more security profiles, selects a security profile of the one or more security profiles to encrypt a communication session between the two nodes, and encrypts the communication session between the two nodes based on the selected security profile. The second node also is provisioned with the same one or more security profiles, authenticates the first node based on a same security profile as is used to authenticate the second node, and encrypts the communication session based on the same security profile as is used for encryption by the first node.07-05-2012
20100088515SCRAMBLE KEY MANAGEMENT UNIT, SCRAMBLE KEY MANAGEMENT INFORMATION TRANSMITTING UNIT, METHOD FOR SCRAMBLE KEY OUTPUT MANAGEMENT, SCRAMBLE KEY MANAGEMENT PROGRAM, LICENSE INFORMATION MANAGEMENT UNIT, LICENSE MANAGEMENT INFORMATION TRANSMITTING UNIT, METHOD FOR LICENSE INFORMATION OUTPUT MANAGEMENT, AND LICENSE INFORMATION MANAGEMENT PROGRAM - A low cost scramble key management apparatus which enables to manage a scramble key based on individual contract information and to ensure security in narrow band broadcasting. The scramble key management apparatus 04-08-2010
20100017608Distributed Network Management Hierarchy in a Multi-Station Communication Network - The invention relates to a network and to a method of operating a network. The network comprises a plurality of stations each able to transmit and receive data so that the network can transmit data between stations via at least one selected intermediate station. The network further comprises a plurality of levels of stations including a first level comprising user and/or seed stations, a second level comprising auxiliary stations providing access to auxiliary networks, a third level comprising at least one location management station, and a fourth level comprising at least one authentication station. The method comprises transmitting, from or on behalf of a station on the first level requiring authentication, to an authentication station via one or more stations, an authentication request message. In response, the authentication station transmits authentication data via one or more stations to the station on the first level to authenticate the station on the first level. The authentication station maintains a record of each authenticated station on the first level. A location management station monitors the location of each authenticated station on the first level with respect to its connectivity, whether directly or indirectly, with one or more stations on the second level. Where a station on the first level attempts to communicate with another station on any level and is assisted by a station on another level, the assisting station transmits connectivity data directly, or indirectly via other stations, to the station on the first level and/or to an intermediate station.01-21-2010
20100017605METHOD OF DETECTING AN ABNORMAL USE OF A SECURITY PROCESSOR - The invention relates to a method of detecting an abnormal use of a security processor invoked by at least one receiving terminal in order to control access to a scrambled digital content supplied by at least one operator to said receiving terminal.01-21-2010
20100011211Radio Frequency Identification (RFID) Based Authentication System and Methodology - Disclosed are embodiments of a radio frequency identification (RFID) authentication system and an associated authentication methodology. The embodiments incorporate an identification device (e.g., an identification badge, a key fob, etc.) with an embedded RFID tag. The embedded RFID tag is associated with a specific user and stores a private key generated as part of a public key-private key encryption scheme. The private key is read by an RFID reader and used to decode public key encrypted data stored within or accessible by a computer system (e.g., a desktop computer system, a laptop computer system, a personal digital assistant (PDA), a digital fax machine, wireless telephone, etc.). Thus, the embodiments provide a portable way to use public key-private key encryption scheme data anywhere using RFID technology.01-14-2010
20130031368REMOTE COMPUTER MANAGEMENT WHEN A PROXY SERVER IS PRESENT AT THE SITE OF A MANAGED COMPUTER - The invention facilitates remote management of a computer via a network. Remote computer management in which communication between a managed computer and a remote computer management server is initiated by the managed computer is implemented so that the presence of a proxy server at the site at which the managed computer is located can be detected, and communication from the managed computer to the remote computer management server is routed to a communication port assigned for communication with the proxy server, with instructions to then send the communication to the remote computer management server.01-31-2013
20110202768APPARATUS FOR MANAGING IDENTITY DATA AND METHOD THEREOF - An apparatus and a method for managing identity data are disclosed, which can recover lost or deleted ID data stored in a user terminal and prevent a malicious user to plagiarize a user's ID. The apparatus includes a user ID management device (08-18-2011
20110202766METHOD AND APPARATUS FOR EFFICIENT AND SECURE CREATING, TRANSFERRING, AND REVEALING OF MESSAGES OVER A NETWORK - An encryption based method of enabling a plurality of parties to share, create, hide, or reveal message or token information over a network includes a commutative group cipher (CGC), where the underlying CGC is secure against ciphertext-only attack (COA) and plaintext attacks (KPA), and is deterministic. The protocols do not require a trusted third party (TTP), and execute rapidly enough on ordinary consumer computers as to be effective for realtime play among more than two players. Protocols are defined which include VSM-L-OL, VSM-VL, VSM-VPUM, and VSM-VL-VUM, wherein the letters V, O, SM, P, and UM represent, respectively, Verified, Locking Round, Open, Shuffle-Masking Round, Partial, and Unmasking Round.08-18-2011
20110202765SECURELY MOVE VIRTUAL MACHINES BETWEEN HOST SERVERS - A virtual hard drive is moved as an at least partially encrypted file to a different computing device. A key is provided to the different computing device in a protected form and a user on the different computing device can access the protected key by authentication. For example, the user may be authenticated to a server. Because the guest operating system is encrypted by an encryption device on a source computing device, the virtual hard disk drive can be decrypted with a copy of the key.08-18-2011
20120179911CRYPTOGRAPHIC KEY BACKUP AND ESCROW SYSTEM - A system for securely storing application keys is comprised of a database system, a peripheral hardware security module and cryptographic keys, wherein cryptographic keys comprise application keys, intermediate keys and a master key. Application keys are grouped according to characteristic and are associated with a particular intermediate key, which is utilized to scramble and descramble application keys within the associated group. Intermediate keys are associated with the master key, which is utilized to scramble and descramble the intermediate keys. Scrambling and descrambling of keys is performed within the peripheral hardware security module.07-12-2012
20090177884DIGITAL CONTENT SECURITY SYSTEM, PORTABLE STEERING DEVICE AND METHOD OF SECURING DIGITAL CONTENTS - The present invention discloses a digital content security system and a method that combines information provided by both of a content provider server and a portable steering device to establish multi-way protections of the digital content from reproduction and/or playing of other unauthorized device and hacked intercept of a private key for decrypting the digital content. In application, the portable steering device has a higher compatibility with various network platforms including, for example, any common computer using a Window media player built therein.07-09-2009
20120246478INFORMATION SHARING SYSTEM, COMPUTER, PROJECT MANAGING SERVER, AND INFOMATION SHARING METHOD USED IN THEM - A project managing unit 09-27-2012
20120246477Method for Validating a Road Traffic Control Transaction - A method for validating a road traffic control transaction. The method includes: storing a cryptographic key assigned to a transaction receiver, in the transaction receiver; recording an image of a vehicle; reading an identification of the vehicle in the recorded image by OCR and generating a control transaction thereof in the control station; generating a random key and encrypting the recorded image into authentication data with the random key and the cryptographic key in the control station; transmitting the recorded image, the control transaction, the random key and the authentication data to the transaction receiver; in the transaction receiver, encrypting the received recorded image into nominal authentication data with the received random key and the stored cryptographic key; and comparing the received authentication data with the nominal authentication data. The received control transaction is then validated when the received authentication data and the nominal authentication data are identical.09-27-2012
20120246474SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PRODUCT LICENSE MANAGEMENT - According to one aspect of the present disclosure, a method and technique for product license management for a clustered environment having a plurality of nodes is disclosed. The method includes unlocking a product on a first node of the plurality of clustered nodes; responsive to unlocking the product on the first node, indicating an unlocked status of the product on a shared storage device accessible to the plurality of clustered nodes; and transmitting a self-unlock message from the first node to remaining nodes of the cluster to enable the remaining nodes of the cluster to self-unlock the product on the respective remaining nodes based on the status indication of the shared storage device.09-27-2012
20100077211BIT-ERROR RATE TESTER WITH PATTERN GENERATION - Identical random, or pseudorandom, test patterns in a peripheral device (“receiver”) to be tested, and in a transmitter that sends the test pattern to the receiver, are generated by using pattern generation circuitry in both the transmitter and the receiver that operates identically based on a pattern input value, or seed. The same seed is input to both the transmitter and the receiver. The pattern generation circuitry can be a linear-feedback shift register (“LFSR”), which generates pseudorandom numbers, and identical LFSRs in both the transmitter and the receiver are provided with the same seed. The LFSR may be reseeded periodically. The new seed can be an output of the LFSR itself, or a second LFSR is provided whose output is used to determine the new seed for the first LFSR. Alternatively, cryptographic modules are used in the transmitter and the receiver to generate the test pattern based on identical keys.03-25-2010
20100077210CAPTCHA IMAGE GENERATION - Methods and systems are described for generating captchas and enlarging a core of available captchas that are hard for an automated or robotic user to crack.03-25-2010
20100077209GENERATING HARD INSTANCES OF CAPTCHAS - Methods and systems are described for enhancing the difficulty of captchas and enlarging a core of available captchas that are hard for an automated or robotic user to crack.03-25-2010
20100115275SECURITY SYSTEM AND METHOD FOR WIRELESS COMMUNICATION SYSTEM - A security system processing method of a User Equipment (UE) and a security system for a wireless communication system are provided. The security processing method of the UE includes transmitting a Layer 3 message including a UE security capability to a Mobility Management Entity (MME) and the eNB, receiving a Access Stratum Security Mode Command (AS SMC) including a AS security algorithm selected by the eNB, as a result of verification of the UE security capability and information received from the MME, and a AS Message Authentication Code (MAC), transmitting a AS security mode complete message including the AS SMC to the eNB after verification of integrity of the AS SMC using the AS MAC, and transmitting, when receiving a Non Access Stratum (NAS) SMC including the UE security capability, a NAS security mode complete message to the MME after verification of integrity of the NAS SMC.05-06-2010
20130086380SYSTEM AND METHOD FOR FACILITATING COMMUNICATIONS BASED ON TRUSTED RELATIONSHIPS - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for facilitating communications based on a trusted relationships. A system configured to practice the method first receives a communication request from a second communication device for a specific resource, wherein the communication request is based, at least in part, on trust information generated by a previously established trusted relationship. The system confirms, via an access to a trust database and using the trust information, (1) an identity of a sender of the communication request and (2) access permissions for a requested resource. Then, if the identity and the access permissions are confirmed, the system establishes communications between the first communications device and the second communications device in response to the communication request according to the specific resource. The trust information can include a trust user ID and a trust key.04-04-2013
20130086381MULTI-SERVER AUTHENTICATION TOKEN DATA EXCHANGE - A client is authenticated by a server receiving an initial request from the client at the beginning of a session. The server receiving the initial request generates an authentication token and returns the authentication token to the client in response to the client being authenticated. The user's credentials used to authenticate the client are stored in the authentication token along with other information. After receiving the authentication token from the server that generated the authentication token, the client passes the authentication token with each of the future requests to the pool of servers. Using the client to pass the transferrable authentication token, the servers share the user's identity/credentials in a decentralized manner. Any server from the shared pool of servers that receives a subsequent client request is able to decrypt the token and re-authenticate the user without having to prompt the client for authentication credentials again.04-04-2013
20130080775SECURING EMAIL CONVERSATIONS - At least a portion of a transmission of an outgoing first email from a first email account to at least a second email account is encrypted. Second email address data is changed corresponding to the second email account to cause replies to the first email intended for the second email account to be sent to an intermediate device prior to being routed to the second email account. Replies to the first email are then sent to the intermediate device and sent over one or more encrypted channels. Replies to the first email including the changed email address data are decoded to identify the second email address data associated with the second email account. A reply to the first email is then sent to the second email account based on the identified second email address data.03-28-2013
20130080779INDENTIFIERS IN A COMMUNICATION SYSTEM - A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.03-28-2013
20130080780METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION BETWEEN A SENDING UNIT AND A RECIPIENT BASED ON CHALLENGE USAGE DATA - A method, apparatus and/or system generates a challenge for user authentication, having a challenge data element from a stored pool of challenge data elements. The challenge is based on rule data and stored usage data associated with at least some of the challenge data elements in the stored pool of challenge data elements. The generated challenge is sent for use in an authentication of a user to a sender. A method, apparatus and/or system also generates sender authentication and corresponding location information, having a data element from a stored pool of challenge data elements. Selection of the data elements is based on rule data and stored usage data associated with at least some of the data elements in the stored pool of data elements.03-28-2013
20130080778METHOD AND SYSTEM FOR PROVIDING PROGRAM GUIDE DATA FROM A CONTENT PROVIDER TO A USER DEVICE THROUGH A PARTNER SERVICE PROVIDER BASED UPON USER ATTRIBUTES - A method and system for providing program guide data to a user network device associated with a user identifier includes a partner service provider in communication with the user network device and a primary service provider in communication with the partner service provider authenticating the user network device provider using the user identifier. The user network device generates a request for program guide data and communicates the user identifier and the request to the partner service provider. The partner service provider or the primary service provider communicates program guide data to the user network device based on the identifier data. The user network device displays the program guide data on a display device.03-28-2013
20130080777Delivering A Content Item From A Server To A Device - Methods and systems for delivering a segmented content item from a server to a first and second device are provided. A first key is used to encrypt the segmented content item into a first plurality of encrypted segments and a second key is used to encrypt the segmented content item into a second plurality of encrypted segments. The first and second keys are different. The first plurality of encrypted segments is delivered to the first device, and the second plurality of encrypted segments is delivered to the second device.03-28-2013
20130080774Two-stage Anonymization of Mobile Network Subscriber Personal Information - A two-stage anonymization process is applied to monitored network traffic in which unique user identifiers, such as the MSISDN (Mobile Station International Subscriber Directory Number), are extracted from the traffic and anonymized to generate an ASI (anonymized subscriber identifier). A strictly random RSI (random subscriber identifier) is generated and used to replace the ASI. The RSI is generated upon a first occurrence of an ASI and stored in a lookup table for utilization upon subsequent ASI occurrences. Use of the strictly random RSI enables various studies and analyses of user behavior to be performed at a heightened level of privacy protection as compared with conventional anonymization schemes that do not utilize strictly random identifiers.03-28-2013
20130080776Secure Document Collaboration - The present invention provides a secure method for a trusted group of users, researchers and/or collaborators to share, comment, enter into an electronic chat about, and/or make revisions to electronic information/documents while maintaining confidentiality of the material and fostering a related collaborative discussions and forum. The invention creates a dynamic work share environment where the ideas that are exchanged are protected from unwelcomed and uninvited participants. Disclosed is a method and system for secure, multi-user document discussions and/or document collaboration through a cellular/mobile network or the Internet particularly through a computer application or smart phone that may occur in real-time.03-28-2013
20130086382SYSTEMS AND METHODS FOR SECURELY TRANSFERRING PERSONAL IDENTIFIERS - A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI.04-04-2013
20130036306METHOD AND SYSTEM FOR HANDLING DEFINED AREAS WITHIN AN ELECTRONIC DOCUMENT - A method is provided for handling defined areas within an electronic document, which includes: marking at least one area in an electronic source document as indecomposable area which can be processed as a whole content only; generating signature data for the indecomposable area; assigning the signature data to the indecomposable area to create an indecomposable area object; storing the indecomposable object; encrypting and transmitting the indecomposable area object in response to a request of an enhanced content reader application, where the enhanced content reader application decrypts the indecomposable area object and processes the indecomposable area in an electronic target document; and generating and transmitting a protected version of the indecomposable area in response to a request of a regular content reader application, where the regular content reader application outputs the protected version of the indecomposable area in an electronic target document.02-07-2013
20130036305Group Key Management and Authentication Schemes for Mesh Networks - According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.02-07-2013
20130036304Share cookie on native platform in mobile device without having to ask for the user's login information - Methods, apparatuses, and computer-readable media for obtaining a limited ID cookie for ad targeting are disclosed. A client requests a limited ID cookie from a cookie making module (CMM), which sends a personal cookie to a verification module for verification. After verification, verification module sends a user ID with user information to CMM. CMM creates the limited ID cookie, and the limited ID cookie is sent to the client. The limited ID cookie is sent to an ads server which utilizes the limited ID cookie to target ads towards the user.02-07-2013
20130212388PROVIDING TRUSTWORTHY WORKFLOW ACROSS TRUST BOUNDARIES - Methods, systems and apparatuses for providing trustworthy workflow across trust boundaries are disclosed. One method includes a curator generating a first public key (PK08-15-2013
20130042110CENTRALIZED AUTHENTICATION SYSTEM WITH SAFE PRIVATE DATA STORAGE AND METHOD - A token-based centralized authentication method for providing access to a service provider to user information associated with a user's relationship with the service provider includes the steps of: authenticating a user presenting a user token at a user terminal, the user token having stored thereon a user ID; deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information; retrieving the user information from the storage network using the resource identifier; and providing the retrieved user information to the service provider.02-14-2013
20130042109METHOD FOR PRODUCING ACKNOWLEDGED TRANSACTION DATA AND CORRESPONDING DEVICE - A method and a display preparation unit are proposed for the execution of a transaction during which transaction data are processed which have to be confirmed by a user. The display preparation unit has a converter unit which converts transaction data to be interpreted into pixel values and displays them on a monitor, an interface of its own for directly attaching an input unit via which a user confirms displayed transaction data, as well as a crypto unit for generating a signature for a record of confirmed transaction data. In a variant the confirmation can be effected by the crypto unit generating and displaying a random number which has to be inputted by the user via a conventionally attached input unit.02-14-2013
20130042108PRIVATE ACCESS TO HASH TABLES - A server and a client mutually exclusively execute server-side and client-side commutative cryptographic processes and server-side and client-side commutative permutation processes. The server has access to a hash table, while the client does not. The server and client perform a method including: encrypting and reordering the hash table using the server; communicating the encrypted and reordered hash table to the client; further encrypting and further reordering the hash table using the client; communicating the further encrypted and further reordered hash table back to the server; and partially decrypting and partially undoing the reordering using the server to generate a double-blind hash table. To read an entry, the client hashes and permute an index key and communicates same to the server which retrieves an item from the double-blind hash table using the hashed and permuted index key and sends it back to the client which decrypts the retrieved item.02-14-2013
20100042837METHOD AND DEVICE FOR SERVICE TRACKING - A service tracking method includes that after receiving a service tracking identification and a service request message, recording interaction information of the service if a tracking judging unit judges that the service identified by the service tracking identification corresponds to the service requested by the service request message; and uploading service tracking information to an upload address contained in the service tracking identification, the service tracking information containing the interaction information. A network device, Operation and Maintenance (O&M) controller, and service requesting device provided in embodiments of the present invention may achieve or assist in achieving the service tracking method provided in embodiments of the present invention. With the present invention, information including but not limited to the service tracking information may be uploaded to the O&M controller, thereby improving the flexibility in service tracking, enabling the service tracking information to be managed in a distributed manner and facilitating trouble location and detection.02-18-2010
20100042836METHOD FOR SECURELY TRANSMITTING DEVICE MANAGEMENT MESSAGE VIA BROADCAST CHANNEL AND SERVER AND TERMINAL THEREOF - A secure transmission of a device management message via a broadcast (BCAST) channel, by which a BCAST server can securely transmit a device management message including an authentication value to a plurality of terminals via a one way BCAST channel, and accordingly the terminals is not required to use a separate channel for authenticating the device management message received from the BCAST server.02-18-2010
20100042835SYSTEM AND METHOD FOR PERMISSION CONFIRMATION BY TRANSMITTING A SECURE REQUEST THROUGH A CENTRAL SERVER TO A MOBILE BIOMETRIC DEVICE - A system for permission confirmation incorporates a terminal device for transmitting an authorization request on a network. The terminal device includes capability for encryption of the request and for decryption of a response. A request arbitrating server (RAS) is connected to the network for receiving the authorization request from the terminal device. The RAS incorporates capability for decryption of the request from the terminal display and determines an authorizing party responsive to the request. The RAS then has capability for encryption of a request to an authorizing party for transmission on the network, and, for decryption of a response and biometric data from the authorizing party. The RAS has capability to confirm biometric data received and encrypt a response to the terminal device. A user biometric device (UBD) is connected to the network having capability for receiving an authorization request from the RAS and decrypting the request. A display for the decrypted request and a sensor for entry of biometric data along with an input device for entry of a response to the request is incorporated in the UBD. The UBD provides capability for encrypting the biometric data and response and transmission of the encrypted biometric data and response to the network for receipt by the RAS.02-18-2010
20100042834SYSTEMS AND METHODS FOR PROVISIONING NETWORK DEVICES - A method performed by a network device may include generating and storing a first public key and a first private key in a first device, transmitting a serial number and the first public key from the first device to a second device, generating, by the second device, a second public key and a second private key, transmitting the second public key from the second device to the first device and transmitting the serial number, the first public key, the second public key and the second private key to a third device, establishing and authenticating a connection between the first device and the third device using the first public key and the second public key and transmitting encrypted configuration information with the two key pairs from the third device to the first device.02-18-2010
20100042833DATA ANONYMITY SYSTEM - A method and system for providing data anonymously is provided. The method involves receiving an encrypted operator match ID by a client device from a first entity, where the encrypted operator match ID is encrypted using a first encryption key; decrypting the encrypted operator match ID using a first decryption key, associated with the first encryption key, by the client device to obtain a decrypted operator match ID; encrypting the decrypted operator match ID using a second encryption key by the client device to obtain a re-encrypted operator match ID; and sending the client device usage information with the re-encrypted operator match ID by the client device to a second entity through an anonymous channel, where the second entity decrypts the re-encrypted operator match ID using a second decryption key, associated with the second encryption key, to obtain the operator match ID.02-18-2010
20090158038UNIVERSAL AUTHENTICATION METHOD - The present invention is directed to a universal authentication method that is more secure than conventional methods found on most electronic systems. The universal authentication method does not send passwords over hard wires or wireless systems. Consequently, it is difficult for would be password thief to intersect password data. It can also provide a further layer of security by providing rotating passwords.06-18-2009
20090158039DEVICE PAIRING USING "HUMAN-COMPARABLE" SYNCHRONIZED AUDIBLE AND/OR VISUAL PATTERNS - A first device may authenticate a key of a second device (after discovering the second device, and executing a pairing protocol with the second device, wherein a result of the pairing protocol is a bit string) by encoding the bit string, transmitting a human-perceptible representation of the encoded bit string, transmitting a human-perceptible distinctive end of string indicator, receiving human feedback and determining whether or not a key of the second device is authentic based on the received human feedback. At the first device, wireless communications with the second device may be controlled based on the determination of whether or not the key of the second device is authentic.06-18-2009
20100332828APPARATUS AND METHOD FOR SHARING OF AN ENCRYPTION KEY IN AN AD-HOC NETWORK - It is so arranged that an encryption key can be shared with a communication apparatus that participates in a network anew, even in an ad-hoc-mode type of environment. In order to achieve this, a communication apparatus determines whether it possesses an encryption key shared with another communication apparatus and, in accordance with the result of the determination, initiates sharing process for sharing the encryption key with a first communication apparatus from the communication apparatus after the sharing process for sharing the encryption key has been initiated from the first communication apparatus.12-30-2010
20100106970DEVICE AUTHENTICATION - Authentication of two devices in communication with a third device is achieved where the first and second devices each possess a shared secret value. The authentication includes communication of authentication values from the first device to the second device using the third device. Similarly, there is communication of values from the second device to the first device using the third device. The third device retains the communicated values. The values are calculated to permit the third device to authenticate the first and second devices without the third device receiving the shared secret value. The authentication may be used to establish a communications channel between the first and the second devices.04-29-2010
20100106969DYNAMIC FOREIGN AGENT-HOME SECURITY ASSOCIATION ALLOCATION FOR IP MOBILITY SYSTEMS - The present invention utilizes the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association.04-29-2010
20100031040Information Communication System - An information communication system comprises: a one-way channel (02-04-2010
20090125718DOMAIN UPGRADE METHOD IN DIGITAL RIGHTS MANAGEMENT - Disclosed is domain upgrade method in Digital Rights Management (DRM) capable of reducing network resources by simplifying signal procedures at the time of transferring changed domain keys. A device joining after domain upgrade is provided with only a domain key of a domain generation after the domain upgrade, but is not provided with a domain key of the previous domain generation. Accordingly, even if the joining device is mal-operated or is hacked, contents before upgrade are prevented from being illegally used or leaking out.05-14-2009
20100095118CRYPTOGRAPHIC KEY MANAGEMENT SYSTEM FACILITATING SECURE ACCESS OF DATA PORTIONS TO CORRESPONDING GROUPS OF USERS - Cryptographic Key Management System facilitating secure access of data portions to corresponding groups of users. In an embodiment, corresponding group key (asymmetric key pair) is provided for each group, with the private key being stored in a secure format requiring the user credentials for decryption. In addition, a data key required to decrypt a data portion of interest is encrypted using the group public key. Thus, when a user attempts to access a data portion, the user credentials are used to decrypt the group private key, which is then used to decrypt the data key. The data key is then used to decrypt the data portion of interest.04-15-2010
20120166800PROCESS AND DEVICE FOR AUTHENTICATION - The authentication process comprises: 06-28-2012
20120166799SYSTEM AND METHOD FOR SECURELY MOVING CONTENT - A domain controller is provided for use with a content source and a media device. The content source can provide encrypted content and rights data corresponding to the encrypted content. The media device can provide a request for the encrypted content and the rights data. The domain controller includes a communication portion, a digital rights management portion and a memory portion. The communication portion can engage in a first bi-directional communication with the content source and can engage in a second bi-directional communication with the media device. The digital rights management portion can receive the rights data. The memory portion can store the encrypted content. The second bi-directional communication includes an authorization and authentication communication between the communication portion and the media device, a secure move message exchange between the communication portion and the media device and a content download from the communication portion to the media device.06-28-2012
20090044011Systems, Devices and Methods for Managing Cryptographic Authorizations - Certain exemplary embodiments can provide a method that includes a proof of authorization for any number of activities within an organization, where the proof of authorization associates a specific set of rights, privileges, permissions and/or powers with a collection of entities, each of which has a distinct digital identity. The proof of authorization allows any entity within the collection of entities to interface with or access one or more specific categories of information and/or one or more physical resources within an organization, according to the set of rights privileges, permissions and/or powers established by the authorization proof. The authorization proof may further include references to authorization proofs issued by other organizations in a federation of organizations.02-12-2009
20130046978REPLICATION SERVER SELECTION METHOD - A method for a client computer to find a network address of a server computer by searching for the network address using at a backup search procedure if the address of the server computer cannot be identified using a primary search procedure. The primary and backup search procedures can be performed in parallel and multiple backup search procedures can be performed to identify the address of the server computer. Alternatively, the primary and backup search procedures can be performed in serial wherein the backup search procedure is performed only when the primary search procedure does not identify the address of the server computer.02-21-2013
20130046976System and Method for Accessing Private Networks - A system and method are provided for using a mobile device to authenticate access to a private network. The mobile device may operate to receive a challenge from an authentication server, the challenge having being generated according to a request to access a private network; obtain a private value; use the private value, the challenge, and a private key to generate a response to the challenge; and send the response to the authentication server. An authentication server may operate to generate a challenge; send the challenge to a mobile device; receive a response from the mobile device, the response having been generated by the mobile device using a private value, the challenge, and a private key; verify the response; and confirm verification of the response with a VPN gateway to permit a computing device to access a private network.02-21-2013
20130046977SECURE STREAMING CONTAINER - A system and method for securely streaming encrypted digital media content out of a digital container to a user's media player. This streaming occurs after the digital container has been delivered to the user's machine and after the user has been authorized to access the encrypted content. The user's operating system and media player treat the data stream as if it were a being delivered over the Internet (or other network) from a streaming web server. However, no Internet connection is required after the container has been delivered to the user and the data stream suffers no quality loss due to network traffic or web server access problems. Encrypted content files are decrypted and fed to the user's media player in real time and are never written to the user's storage device. This process makes unauthorized copying of the digital content contained in the digital container virtually impossible.02-21-2013
20090044012RF TRANSACTION AUTHENTICATION USING A RANDOM NUMBER - A system and method for securing Radio Frequency Identification (RFID) transactions is provided. An exemplary method includes using a random number in an authentication tag and authorizing an RF transaction in response to verifying the authentication tag. The method may also involve variously validating an RFID device authentication tag and an RFID reader authentication tag. Additionally, a system and method is disclosed for verifying an RFID transaction device and RFID reader operable with an RF transaction system. The method involves presenting an RFID device to an RFID reader, receiving a random number, creating an RFID transaction device authentication tag using the random number and a counter value, providing the RFID transaction device authentication tag to an RFID reader, creating an RFID reader authentication tag using the counter, random number, and RFID authentication tag, and providing the RFID reader authentication tag and RFID transaction device authentication tag for authentication.02-12-2009
20090037731 Architecture and Design for Central Authentication and Authorization in an On-Demand Utility Environment Using a Secured Global Hashtable - A Centralized Authentication & Authorization (CAA) system that prevents unauthorized access to client data using a secure global hashtable residing in the application server in a web services environment. CAA comprises a Service Request Filter (SRF) and Security Program (SP). The SRF intercepts service requests, extracts the service client's identifier from a digital certificate attached to the request, and stores the identifier in memory accessible to service providers. The client identifier is secured by the SP using a key unique to the client identifier. When the web services manager requests the client identifier, the web services manager must present the key to the SP in order to access the client identifier. Thus, the present invention prevents a malicious user from attempting to obtain sensitive data within the application server once the malicious user has gained access past the firewall.02-05-2009
20090307490ELECTRONIC DATA COMMUNICATION SYSTEM - There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message. In this way, although the trusted third party has access to the private key of the user, the trusted third party does not have access to any decrypted message. In another aspect, in order to digitally sign a message, the sender applies a hash function to the message to generate a hash value, and then sends the hash value to the trusted third party server where it is encrypted using the private key associated with the sender in order to generate the digital signature, which is then returned to the sender.12-10-2009
20090307489Mobile Communication Equipment and Method of Controlling Same - The present invention provides mobile communication equipment (12-10-2009
20090307488HEALTH KEYSET MANAGEMENT - Systems and methodologies that facilitate delegation of keyset management to a platform presenting a centralized health-related data repository are provided. Effectively, a central keyset manager is provided that generates, manages and distributes key material to client applications and servers deploying the platform. Thus, communications with the platform storing sensitive health-related data can be secured without incurring the costs associated with implementing and enforcing policies associated with key generation and expiration among a plurality of servers and client applications. Additionally, the innovation can scale keyset management to meet short term demand needs.12-10-2009
20120191976SYSTEM AND METHOD FOR SCHEDULING AND EXECUTING SECURE ELECTRONIC CORRESPONDENCE OPERATIONS - A secure electronic correspondence method and system based on a principle relating to the uniqueness of the originals of the correspondences. The archiving thereof is certified by a certification service provider and performed by an archive operator in an electronic safe box. The main steps of the processes for processing said correspondences are the subject of a report confirming the correct execution thereof, including the return of a certification token by the operator responsible for the step to the managers of the trust chain. In a variant, correspondences belonging to a document management series can only be sent if they meet management rules set for the series. In a privileged mode, functions of the electronic correspondence operators that do not necessarily have to meet user proximity requirements can be grouped together into shared service centers within which the communications are reduced without negatively affecting the reliability of the process.07-26-2012
20120191975CRITICAL SECURITY PARAMETER GENERATION AND EXCHANGE SYSTEM AND METHOD FOR SMART-CARD MEMORY MODULES - A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.07-26-2012
20120191974CONTENT DISTRIBUTION SYSTEM, MOBILE COMMUNICATION TERMINAL DEVICE, AND COMPUTER READABLE MEDIUM - A content distribution system includes a management device and a viewing device. The management device manages encrypted content information. The viewing device acquires the encrypted content information from the management device, decodes the encrypted content information, and allows the decoded content information to be viewed. The management device includes a view control information issuing unit. Upon receipt of a request from the viewing device to issue view control information, the view control information issuing unit issues view control information including decryption key information corresponding to an (i)-th random number corresponding to an ordinal number (i) among plural random numbers and period-of-validity information about a period of validity. The plural random numbers are shared between the management device and the viewing device. The viewing device includes a storage unit, a counting unit, a holding unit, a request unit, a calculation unit, a display controller, an update unit, and a deletion unit.07-26-2012
20120191973ONLINE PRESENCE OF USERS - The invention concerns presence of users, such as online presence in a broadcast domain. First one-way encrypted (e.g. hashed) presence information of multiple users is received (07-26-2012
20110016316AUTHENTICATED ADVERSARIAL ROUTING - A routing protocol is used to transmit messages from a sender to a receiver over a network of nodes, where adversaries can control links between the nodes and can also control the behavior of a large number of nodes. Various techniques can be used, along or in combination, to combat these effects. In one approach, certain trigger conditions are identified, the occurrence of which signals malicious behavior within the network. When signaled, the sender requests status reports from the intermediate nodes in an effort to determine which nodes are malicious. The information for the status reports is generated by nodes as packets are passed from one node to the next.01-20-2011
20130073850HYBRID ENCRYPTION SCHEMES - Methods, systems, and computer programs for using hybrid encryption schemes are disclosed. In some implementations, a random value is obtained by a pseudorandom generator. A symmetric key is generated based on the random value. A public component is also generated based on the random value. Additionally, an initialization vector is generated based on the random value. The symmetric key and the initialization vector are used to generate an encrypted message based on an input message. The encrypted message and the public component are transmitted to an entity. At least one of the public component or the symmetric key is generated based additionally on a public key of the entity.03-21-2013
20090094457SYSTEM FOR REGISTRATION OF SENSING DEVICE WITH PRINTER - A system is provided having a sensing device for sensing coded data printed on a print media surface which is installed with a secret key and a first identifier which uniquely identifies the sensing device, a printer installed with a second identifier which uniquely identifies the printer, and a server installed with the first and second identifiers. The printer obtains the first identifier from the sensing device and communicates the first and second identifiers to the server. The server determines from the received first and second identifiers whether the sensing device should be registered with the printer and if so, authenticates the sensing device by verifying an encryption from the sensing device, using the secret key, of a challenge message. Upon successful authentication, the sensing device is registered in the server so as to be associated with the printer.04-09-2009
20090094456METHOD FOR PROTECTION AGAINST ADULTERATION OF WEB PAGES - The method verifies the integrity and authenticity of a page received by the browser client (04-09-2009
20130073851CONTROL DEVICE AND COMPUTER READABLE MEDIUM - A control device includes: a random number generating unit that generates a random number; a first setting unit that sets the random number in a first storage; a message creating unit that encrypts the random number using a public key of the administrative server and to create a request message to be transmitted to the administrative server; a timer starting unit that starts a timer; an activation unit that activates the system software; a timer canceling unit that accepts an interruption from the system software and cancels the timer; a message verifying unit that verifies the notification message from the administrative server using the public key and the random number; and a restart unit that restarts the system software while limiting the functions, in the case where the timer expires time or the verification fails.03-21-2013
20130073853METHODS AND APPARATUS FOR VALIDATING COMMUNICATIONS IN AN OPEN ARCHITECTURE SYSTEM - A system, methods, and apparatus for validating communications in an open architecture system are disclosed. In an example embodiment, a method includes selecting transactional information to transmit from a server to a communicatively coupled client device based on a request from the client device, selecting presentation information corresponding to the transactional information to transmit from the server to the client device, transmitting at least one message including the presentation and transactional information from the server to the client device, determining a prediction as to how the client device will render the transactional information based on the presentation information, receiving a response message from the client, and responsive to information in the response message not matching the prediction, providing an indication there is a malicious application affecting communications between the server and the client device.03-21-2013
20130073852COMMUNICATION APPARATUS AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication apparatus establishes communication with an external apparatus through a higher-level device. The communication apparatus includes a main processor and a key generator. The main processor receives a data authentication request including data to be authenticated, a first key specification, and a message authentication algorithm identifier from the higher-level device. The key generator retains a key hierarchy used by an authentication protocol that is used between the higher-level device and the external apparatus, and to generate a first key by use of the key hierarchy and the first key specification. The main processor generates a message authentication code for the data to be authenticated by use of the message authentication algorithm, which is identified by the message authentication algorithm identifier, and the first key, and transmits a data authentication response including the message authentication code to the higher-level device.03-21-2013
20130061052SYSTEM AND METHOD FOR AUTHENTICATION IN WIRELESS NETWORKS BY MEANS OF ONE-TIME PASSWORDS - The present invention is directed to perform high-reliable authentication using a one-way function that a communication is a communication which was performed with the same apparatus to be authenticated by storing a password only in an apparatus to be authenticated (it is unnecessary to store a password in both of an authentication apparatus and an apparatus to be authenticated) without transmitting a challenge code. When a setting is updated in a setting management server, authentication is performed by using a one-time password obtained last time. A sound communication terminal performs a process using a hash function once on a one-time password transmitted this time, and performs authentication by determining whether the processed one-time password matches a one-time password obtained last time or not. Whether the information at the time of the change in the setting is proper or not is determined by a sound terminal.03-07-2013
20130061050Computational systems and methods for linking users of devices - Methods, apparatuses, computer program products, devices and systems are described that carry out accepting device-identifier data corresponding to at least one communication device; accepting network-participation identifier data associated with a verified real-world user associated with the at least one communication device; and assigning a unique identifier at least partly based on the device-identifier data and the network-participation identifier data.03-07-2013
20130061051METHOD FOR AUTHENTICATING ELECTRONIC TRANSACTION, SERVER, AND TERMINAL - A method for authenticating an electronic transaction includes: transmitting first authentication data to a first terminal and transmitting second authentication data to a second terminal; receiving first encryption data from the first terminal and receiving second encryption data from the second terminal, the first encryption data corresponding to the first authentication data and the second encryption data corresponding to the second authentication data; storing the first encryption data and the second encryption data; and authenticating the first terminal and the second terminal according to the first authentication data and the second authentication data. The first encryption data is encrypted by a first internal key of the first terminal, and the second encryption data is encrypted by a second internal key of the second terminal.03-07-2013
20090019283System and method for a secure multi-level network access mechanism using virtual service set identifier broadcast - A method, system, and computer program product for network management, including masking a true service set identifier (SSID) in beacon frame; and broadcasting the beacon frame with the masked true SSID, whereby an authorized device retrieve the true SSID from the broadcast beacon frame.01-15-2009
20110202767METHOD AND APPARATUS FOR PSEUDONYM GENERATION AND AUTHENTICATION - The invention provides a method and apparatus for pseudonym generation and authentication. The method comprises the steps of: transmitting a user identity ID08-18-2011
20090271623Intersystem mobility security context handling between different radio access networks - A method and apparatus for intersystem mobility security context handling between different radio access networks which can include a receiver configured to receive a tracking area update message from a user terminal. The message can include a first key identifier configured to identify a mapped security context and a second key identifier configured to identify a cached security context. A verifier can be configured to verify the tracking area update message with a key identified by the first or second key identifier.10-29-2009
20090271622Securing Wireless Body Sensor Networks Using Physiological Values for Nonces - A key establishment protocol for securing wireless body sensor networks using environmental data for nonce values. To establish a secure communication between sensors in a sensor network using environmental data, the protocol measures a first environmental value at a first sensor and a trusted third party. A second environmental value is measured at a second sensor and the trusted third party. The trusted third party then sends to the second sensor a first authentication construct comprising the second environmental value, wherein the second environmental value is used by the second sensor to prevent replay attacks of messages between the trusted third party and second sensor. The trusted third party also sends to the first sensor a second authentication construct comprising the first environmental value, wherein the first environmental value is used by the first sensor to prevent replay attacks of messages between the trusted third party and first sensor.10-29-2009
20090271621SIMPLIFIED LOGIN FOR MOBILE DEVICES - Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials.10-29-2009
20120226905Method and System for Discovering, Authenticating and Accessing Multiple Computing Devices - The system and methods disclosed allows devices, possibly on different networks, to discover, access and authenticate one another. When the target device is on the same network as the source device (or is otherwise directly addressable by the source device), the system provides a mechanism by which the source device can connect directly to the target device; otherwise, the system provides a mechanism by which the source and target devices may communication with one another using a commonly accessible computing device as a proxy. In the latter case, the mechanism is such that it is not technologically feasible for the proxy device to decipher communications between the source and target devices. The system accommodates dynamic change in network location (e.g. IP address) without requiring reconfiguration by the user, and mitigates problems introduced by the existence of firewalls.09-06-2012
20130067227System and Method for Anonymous Digital Communication - A system and method for anonymous email, text messaging and social network communication between an initiator and one or more recipients. The system includes conversation tool which presents a menu page in which the initiator's telephone number, email address, social network identifier is submitted along with the recipient's telephone number, email address, or social network identifier, and a text message. The system includes a conversation server coupled to the communication network that receives the information from the menu page and forwards the text message to the desired number, address or identity. The conversation server includes an encryption/decryption engine that combines the initiator's number, address or network identity with the timestamp and then encrypts and embeds it into the text message. The reply containing the encrypted information is decrypted and routed by the conversation server. The communication tool hides the identities of the recipients from the initiator and the other recipients.03-14-2013
20130067226SECURE WILDCAD SEARCHABLE DATABASE - A system and method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database is disclosed. A representation of at least some of the data from the database in unencrypted form is stored in volatile memory associated with the server. The wildcard search is performed on the representation. Search results are displayed to the user to allow the user to select database contents to be retrieved. The user's selection is retrieved from the database and decrypted. Finally, the unencrypted selection results are provided to the user.03-14-2013
20120117385METHOD AND APPARATUS FOR DATA ENCRYPTION - Embodiments of the invention relate to message based encryption and authentication to support secure communication of a message. A time stamp embedded within the message is evaluated to ensure that a received message has not been subject to a significant time delay. More specifically, tools are employed to evaluate the authenticity of the message subject to the characteristics of the embedded time stamp. A message subject to a time delay is considered to be tainted and is not authenticated for receipt by a target device.05-10-2012
20110022842CONTENTS TRANSMITTER APPARATUS, CONTENTS RECEIVER APPARATUS AND CONTENTS TRANSMITTING METHOD - For achieving the protection of copyright, by suppressing illegal copy production thereof, in particular, when transmitting contents with using a wired or wireless LAN, as well as, for preventing the transmission of contents from deviating from a range of a personal use thereof, a contents transmitter apparatus and a contents receiver apparatus make an authentication, mutually, before transmitting contents therebetween. At the time when conducting this authentication, measurement is made upon a time-period up to arrival of a receipt confirmation responding to the transmission of an authentication request or a response to the authentication; then, only in the case when this value measured does not exceed a predetermined upper value, the transmission is conducted on the contents encrypted, and at the same time, address information and equipment information unique to the apparatus are registered, thereby conducting the transmission of encrypted contents, but without conducting the time-measurement thereon, when transmitting the contents, again. Also, while conducting the time-measurement periodically, dynamic management is made on the registration information, so that the contents thereof are suitable for the network structure at the present.01-27-2011
20110271110KEY MANAGEMENT DEVICE, SYSTEM AND METHOD HAVING A REKEY MECHANISM - According to some embodiments, a key management apparatus for deploying in a smart grid system adapted to receive metering data from smart meters connected to at least one relay via a network, includes: a key control mechanism that derives a key array of individual purpose specific keys from one master key such that the purpose specific key in the key array are each independent cryptographic keys for each specific usage in an application or for each application if there is only one specific usage in an application.11-03-2011
20090265553Multipoint Server for Providing Secure, Scaleable Connections Between a Plurality of Network Devices - A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.10-22-2009
20090235072SYSTEM, TERMINAL, METHOD, AND SOFTWARE FOR COMMUNICATING MESSAGES - A system for secure communication of a message from a first terminal to a second terminal being operatively coupled by means of a communication network comprising an authenticating station for obtaining a random seed and for obtaining a masked seed by applying a masking function to the seed by encrypting the message using the masked seed for transmitting the seed and the encrypted message to the authenticating station; the authenticating station comprising further means for obtaining a further random seed for receiving the seed and the encrypted message for recovering the further masked seed by applying the masking function to the seed by decrypting the encrypted message using the recovered masked seed and by applying a masking function to the further seed by encrypting the recovered message using the further masked seed for transmitting the further seed and the further encrypted message to the second terminal; the second terminal comprising receiving means for receiving the further seed and the further encrypted message for recovering the further masked seed by applying the masking function to the further seed by decrypting the further encrypted message using the recovered further masked seed.09-17-2009
20090055645METHOD AND APPARATUS FOR CHECKING ROUND TRIP TIME BASED ON CHALLENGE RESPONSE, AND COMPUTER READABLE MEDIUM HAVING RECORDED THEREON PROGRAM FOR THE METHOD - An apparatus and method of checking adjacency between devices are provided. A challenge response based round trip time (RTT) checking method includes: generating a random number; encrypting the random number using a symmetrical key; transmitting a challenge request message including the encrypted random number to a device; receiving a challenge response message including the random number from the device which received the challenge request message and decrypted the encrypted random number using the symmetrical key, from the device; and determining an RTT based on a time when the challenge response message is received and a time when the challenge request message is transmitted.02-26-2009
20090013182Centralized Identification and Authentication System and Method - A method and system is provided by a Central-Entity, for identification and authorization of users over a communication network such as Internet. Central-Entity centralizes users personal and financial information in a secure environment in order to prevent the distribution of user's information in e-commerce. This information is then used to create digital identity for the users. The digital identity of each user is dynamic, non predictable and time dependable, because it is a combination of user name and a dynamic, non predictable and time dependable secure code that will be provided to the user for his identification. The user will provide his digital identity to an External-Entity such as merchant or service provider. The External-Entity is dependent on Central-Entity to identify the user based on the digital identity given by the user. The External-Entity forwards user's digital identity to the Central-Entity for identification and authentication of the user and the transaction. The identification and authentication system provided by the Central-Entity, determines whether the user is an authorized user by checking whether the digital identity provided by the user to the External-Entity, corresponds to the digital identity being held for the user by the authentication system. If they correspond, then the authentication system identifies the user as an authorized user, and sends an approval identification and authorization message to the External-Entity, otherwise the authentication system will not identify the user as an authorized user and sends a denial identification and authorization message to the External-Entity.01-08-2009
20090013181METHOD AND ATTESTATION SYSTEM FOR PREVENTING ATTESTATION REPLAY ATTACK - Provided are a method and an attestation system for preventing an attestation replay attack. The method for preventing an attestation replay attack in an attestation system including an attestation target system and an attestation request system, the method including: measuring associated components when an event that affects the integrity of the attestation target system occurs; perceiving own identity information and verifying the perceived identity information; extending the measured component and the identity information into a register and logging the measured component and the identity information; generating an attestation response message including values of the log and the register when an attestation request message is received from the attestation request system; and transmitting the generated attestation response message to the attestation request system. Therefore, the method and an attestation system may be useful to provide an additional simple mathematical operation in verifying an attestation message by preventing an attestation replay attack, and thus to minimize performance degradation in the attestation system, compared to the conventional attestation processing mechanisms.01-08-2009
20090006848Secure credential management - Apparatus and methods associated with providing secure credential management are described. One apparatus embodiment includes a data store to store authentication data and an authentication supplicant (AS) logic to provide a response to an authentication communication (ACM) received from an authentication process. An authentication management (AM) logic may receive the ACM from a connection management (CM) logic associated with a host operating system (HOS), provide the ACM to the AS logic, and provide the response back to the CM logic. The apparatus may include a device management (DM) client logic to provide a secure connection to an operator DM server associated with the authentication process and to store authentication data provided by the operator DM server in the data store. The AS logic, AM logic, and DM logic may reside in firmware that is not accessible to the HOS.01-01-2009
20130166911IMPLEMENTATION PROCESS FOR THE USE OF CRYPTOGRAPHIC DATA OF A USER STORED IN A DATA BASE - A security module (“SM”) implements user cryptographic data by means of a user terminal. The cryptographic data is encrypted by a first encryption key established from a secret key from the terminal and the user's authentication element and by a second encryption key specific to the SM. An authentication is performed between the SM and the terminal, based on an asymmetric cryptographic protocol, and, in the event of a positive authentication of the SM and the terminal, an authentication of the SM and the user is performed. In the event of positive authentication between the SM and the terminal and between the SM and the user, the SM obtains the user's cryptographic data, and the terminal calculates the first encryption key and sends the first encryption key to the SM. The user's cryptographic data is decrypted by the SM using the second encryption key and then the first encryption key.06-27-2013
20130166912INFORMATION PROCESSING APPARATUS AND METHOD - In order to limit use of content, when a source receives a request for transmitting content from a sink, the source performs an authentication process. When the authentication is successful, the source transmits to the sink key information necessary for decrypting the encryption applied to the content. The sink can receive the content by receiving the key information and by decrypting the encryption applied to the content by using the key information.06-27-2013
20130166909Client-Side Player File and Content License Verification - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for verifying a message based on application of a hashing algorithm. In one aspect, a method includes obtaining a license, from a remote server, for a content item to be presented using a player file executed by a multimedia player on a computing device. The license includes an encryption key and an authorization to present the content item using one or more authorized player files. A particular player file is received for use in presenting the content item, and a determination is made whether the particular player file is authorized for use in presenting the content item based on the authorization. The content item is decrypted using the encryption key, and the content item is presented using the particular player file in accordance with the determination.06-27-2013
20130166910Revocable Security System and Method for Wireless Access Points - Disclosed are various embodiments of a wireless access point. Embodiments can include establishing a master pre-shared key associated with a wireless network, obtaining a request to establish a connection to the wireless network with a client device and generating a revocable key for the client device that is different from the pre-shared key.06-27-2013
20080301442Method and Apparatus for Local Area Networks - A mechanism for segregating traffic amongst STAs that are associated with a bridge, referred to herein as the personal virtual bridged local area network (personal VLAN), is based upon the use of a VLAN to segregate traffic. The IEEE 802.1Q-1998 (virtual bridged LANs) protocol provides a mechanism that is extended by the invention to partition a LAN segment logically into multiple VLANs. In the preferred embodiment, a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong. One embodiment of the invention extends the standard VLAN bridge model to provide a mechanism that is suitable for use within an AP. In a preferred embodiment, the Personal VLAN bridge extends the standard VLAN bridge in at least any of the following ways: VLAN discovery in which a personal VLAN bridge provides a protocol for VLAN discovery; VLAN extension in which a Personal VLAN allows a station to create a new port that serves a new VLAN, or to join an existing VLAN via an authentication protocol; Logical ports in which a Personal VLAN bridge can maintain more than one logical port per physical port, and bridges between ports of any kind; and cryptographic VLAN separation.12-04-2008
20080294896Method and System for Transmitting and Receiving User's Personal Information Using Agent - A method and system for transmitting and receiving user's personal information using an agent are provided. An information management server managing user's personal information provides an agent including user's personal information in response to a user's personal information request message from a client. A client receives the agent and requests user's personal information from the agent. Then, the agent determines whether the client is authorized and provides the user's personal information to the client when it is determined that the client is authorized. Accordingly, the user's personal information is safely managed and transmitted.11-27-2008
20080294895Disaggregation/reassembly method system for information rights management of secure documents - The present invention pertains to a computerized system and method that provides for the secure storage and retrieval of electronic digital information; and, more particularly, to such a computerized system and method that provides for multiple access levels of such secure information; provides for secure access to portions of secure information dependent upon access privileges of the authorized user; provides virtually limitless data expansion capabilities; and provides for rapid access to such secure information by authorized users.11-27-2008
20080294894Binding Content Licenses to Portable Storage Devices - Systems, methods, and/or techniques (“tools”) for binding content licenses to portable storage devices are described. In connection with binding the content licenses to the portable storage devices (“stores”), a host may perform authentication protocols that include generating a nonce, sending the nonce to a store, and receiving a session key from the store, with the session key being generated using the nonce. The store may perform authentication protocols that include receiving the nonce from the host, generating a random session key based on the nonce, and sending the session key to the host.11-27-2008
20090006849PEER-TO-PEER NAME RESOLUTION PROTOCOL (PNRP) SECURITY INFRASTRUCTURE AND METHOD - A security infrastructure and methods are presented that inhibit the ability of a malicious node from disrupting the normal operations of a peer-to-peer network. The methods of the invention allow both secure and insecure identities to be used by nodes by making them self-verifying. When necessary or opportunistic, ID ownership is validated by piggybacking the validation on existing messages. The probability of connecting initially to a malicious node is reduced by randomly selecting to which node to connect. Further, information from malicious nodes is identified and can be disregarded by maintaining information about prior communications that will require a future response. Denial of service attacks are inhibited by allowing the node to disregard requests when its resource utilization exceeds a predetermined limit. The ability for a malicious node to remove a valid node is reduced by requiring that revocation certificates be signed by the node to be removed.01-01-2009
20110035591ENTERPRISE INSTANT MESSAGE AGGREGATOR - A disclosed enterprise instant messaging (IM) service aggregator enables validation of mobile stations and/or users for enterprise IM service through a wireless communication network; and in the examples, the enterprise IM service provides a secure messaging environment that allows IM traffic to/from wireless mobile stations. The security offered may be unique to and controlled by each enterprise, for example, by enabling each enterprise to generate its own encryption key for distribution through the aggregator and by allowing mobile stations to generate their own keys for distribution back through the aggregator to the enterprise IM servers. As disclosed, the login credentials are encrypted from the mobile station to the enterprise IM server. The use of standard encryption methods within the call flows allows a simple method of ensuring that only authorized users can access the enterprise servers and that the messages will be encrypted by the strongest possible means.02-10-2011
20110035590Method and Apparatus for Connecting a Network of Electronic Signs - A method and apparatus allows owners of electronic signs, such as retailers, real estate owners, other space owners, and content providers, such as advertisers, entertainment producers, event promoters, visual artists, and the general community to participate in an open content network, in which electronic signs are universally uniquely identified and then added to a network in a distributed fashion, after which content is selectively downloaded to the electronic signs. The times at which the content is presented are determined collaboratively by the owners of the electronic signs and the content providers. A mechanism that verifies whether the content is actually presented on the electronic signs is also disclosed.02-10-2011
20110035589Content usage monitor - A trusted content usage monitor for monitoring content usage is provided. A unique identifier generation unit generates a unique identifier indicative of content being rendered and a packet generator generates a trusted packet comprising the unique identifier. The trusted packet is trust signed by the trusted content usage monitor, so that it can be trusted by its recipient. The trusted content usage monitor has at least one mode of operation in which content rendering cannot be decoupled from operation of the unique identifier generation unit, so that generated packets can be trusted as truly indicative of content usage.02-10-2011
20110035588Encoding Method and Device for Securing a Counter Meter Reading Against Subsequential Manipulations, an Inspection Method and Device for Verifying the Authenticity a Counter Meter Reading - The invention relates to an encoding method for identifying a subsequential manipulation of a counter meter reading consisting, when the counter reading is increased or decreased, in activating the computation of a new encoded meter reading and in calculating a new encoded meter reading by applying a forward chain one-way function to the encoded meter reading, wherein a complex variable domain of said forward chain one-way function is included into the antecedent domain thereof. The invention also relates to a method for verifying the authenticity of a counter meter reading consisting in subtracting test meter readings based on the meter reading for obtaining the number of tests, in producing an encoded test meter reading by applying the chain one-way function to the encoded meter reading, in applying the chain one-way function with the number of tests and in comparing the test meter reading with the final encoded meter reading and, if the test meter reading defers from the final encoded meter reading, a negative status signal is emitted. An encoding system for carrying out said encoding method and a verification system for carrying out the verification method are also disclosed.02-10-2011
20090217035Bilaterally Generated Encryption Key System - Bilaterally Generated Encryption Key System is a variable password based computationally non intensive symmetric encryption key system dispensing with memorization and exchange of keys, capable of providing one encryption key for each object exchanged between two parties, two different encryption keys per transaction and a plurality of encryption keys for a session, integrating authentication and securing transactions preventing breaking attempts. The Password/Encryption Key is a random permutation of Character Units of Variable Character Set System of authentication devices {FIG. 08-27-2009
20110099375System and Method for Managing Security Testing - The subject matter relates generally to a system and method for managing security testing. Particularly, this invention relates to maintaining a security database by correlating multiple sources of vulnerability data and also to managing security testing from plural vendors. This invention also relates to providing secure session tracking by performing plural authentications of a user.04-28-2011
20100153721Portable Electronic Devices, Systems, Methods and Computer Program Products for Accessing Remote Secure Elements - Portable electronic devices are provided including a virtual secure element module configured to access a remote secure element server. The virtual secure element module being configured to access the remote secure element server from the portable electronic device to provide a predetermined level of security for secure transactions. Related systems, methods and computer program products are also provided.06-17-2010
20100153718METHOD AND SYSTEM USING A PORTABLE OBJECT FOR PROVIDING AN EXTENSION TO A SERVER - The present invention concerns a method and a system for extending a server connected with at least one client(s), characterized in that it consists in providing said extension on the client side by means of a portable object which is connected to said client and which performs at least one of the server's operation(s) in part or entirely.06-17-2010
20090276627DIGITAL CONTENT DECRYPTING APPARATUS AND OPERATING METHOD THEREOF - A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device, wherein the source device is configured to perform an authenticating operation with the target device by using an identifier (ID) associated with at least one of the target device and a storage medium of the target device; performing an addition operation by using a target internal key and the ID, the target internal key being associated with the target device; generating a target encryption key based on an output of the addition operation; and decrypting the encrypted digital content by using the target encryption key.11-05-2009
20110283105METHOD OF DISTRIBUTING A DECRYPTION KEY IN FIXED-CONTENT DATA - Secondary content in encrypted for distribution to client terminals by selecting at least a portion of raw encrypted audio-video data (REAVD) that is provided on a media article as an encryption key, encrypting secondary content using the encryption key, and storing encrypted secondary content at a remotely located host. The media article can then be used for providing access to the encrypted secondary content to client terminals by receiving encrypted secondary content at a client terminal, extracting a decryption key from a media article encoded with REAVD, the decryption key being determined by at least a portion of the REAVD, using the decryption key to decrypt the secondary content, and outputting the decrypted secondary content from the client terminal.11-17-2011
20110283107METHOD FOR ESTABLISHING A SECURED COMMUNICATION WITHOUT PRELIMINARY INFORMATION SHARE - The invention relates to a method for generating a session key between two communicating electronic devices not requiring any prerecorded information in one of the two devices and enabling the authentication of one of said devices. The method uses a close collaboration between a symmetrical algorithm and an asymmetrical algorithm.11-17-2011
20110283106METHOD FOR REALIZING AUTHENTICATION CENTER AND AUTHENTICATION SYSTEM - A method for realizing an authentication center (AC) and an authentication system are disclosed. The method comprises: a UE sends an authentication request to an AC and applies for temporary authentication information, the AC assigns a first authentication random code to the UE, then the UE calculates a first response code and sends it to the AC, the AC assigns the temporary authentication information to the UE after authentication and authorization; the UE sends a login request to the application system (AS) which assigns a second authentication random code to the UE, and the UE uses it and the temporary authentication information to calculate a second response code, and sends this code to the AS; the AS sends the second response code to the AC for authentication and authorization; the AC returns the authentication result to the AS which in turn returns the authentication result to the UE.11-17-2011
20120131342METHOD AND APPARATUS FOR CONTROLLING ACCESS TO DATA BASED ON LAYER - Disclosed is an access control apparatus and method for giving access authority with respect to data. The access control apparatus may encrypt, using a Public Key (PK) of a terminal, a Node Key (NK) of a target layer in which the access authority is to be granted to the terminal, and produce an Access Control List (ACL) of the target layer based on the encrypted NK and ID information of the terminal. Also, the access control apparatus may produce a copy of the ACL based on the produced ACL, and store the produced copy of the ACL in a lower layer.05-24-2012
20120131340Enrollment of Physically Unclonable Functions - Aspects of the present disclosure are directed toward a method that includes a physically-unclonable function (PUF) device that receives a communication that includes a first challenge value, a second challenge value and a remote message authenticity value. The method includes the generation of additional challenge-response pairs in a secure manner. The additional challenge-response pairs are securely communicated between the PUF device and an authenticating server or other device for subsequent use in authentication.05-24-2012
20120131339SYSTEM AND METHOD FOR SECURE BI-DIRECTIONAL COMMUNICATION - An aspect of the present invention provides a method of communicating within a system having a first device, a second device, a key distribution device and an interactive service portal device. The method includes: storing a tag within the interactive service portal device; associating the tag with the first device; registering the first device with the key distribution device; associating, by way of the key distribution device, an encryption key with the first device; accessing, by way of the second device, the tag; providing information to the second device; and establishing secure bi-directional interactive communication, corresponding to the tag, between the first device and the second device based on a relationship between the information and the encryption key.05-24-2012
20110283104Domain Access System - A domain access system may include a connection package for a remote device. The connection package may be installed and used to connect to a domain without having to be physically attached to the domain. The connection package may include a domain identifier and a machine name, as well as certificates used to authenticate the device to the domain, group policies, and other components and configuration information. An installation program may configure the remote device with the various components and certificates so that the remote device may connect to the domain.11-17-2011
20100268949METHOD FOR PROTECTING A SENSOR AND DATA OF THE SENSOR FROM MANIPULATION AND A SENSOR TO THAT END - A method for protecting a sensor and data of the sensor from manipulation, as well as a sensor to that end; in the course of the authentication, a random number being sent by a control unit to the sensor; in order to recognize manipulation of the sensor data, the sensor data from the sensor to the control unit being provided with a cryptographic integrity protection; and to prevent replay attacks, additional time-variant parameters being added to the sensor data, the sensor data, together with the integrity protection and the added time-variant parameters, being sent by the sensor to the control unit. In this context, after the authentication of the sensor, the random number or a part of the random number or a number obtained from the random number by a function is utilized for the time-variant parameters.10-21-2010
20110040971PORTABLE SYSTEM AND METHOD FOR REMOTELY ACCESSING DATA - Embodiments of the present invention provide a portable system and method for accessing data remotely. The system and method include a first module and a second module, each of the modules being associated with the host system, wherein the first module is capable of being connected to the host system and the second module, and the second module is capable of being connected to the remote system to establish a secure communication channel between the first and second modules across the data link to access the data.02-17-2011
20110040970METHOD FOR VERIFYING THE CERTIFICATION OF A RECORDING APPARATUS - A method for verifying the certification of a recording apparatus (02-17-2011
20100095117SECURE AND POSITIVE AUTHENTICATION ACROSS A NETWORK - One embodiment takes the form of a method for authenticating an identity of a first party to a second party, without any prior contact between the parties. Further, the first party may authenticate its identity to the second party while eliminating the ability of the second party to steal the first party's identity. A trusted authority may facilitate authenticating the identity of two or more communicating parties. In one embodiment, the authority may ensure the validity of the identification of a number of parties talking over a communications network. The parties communicating over the secure network trust what the authority states concerning the identities of the other parties in the network. Another embodiment may prevent the authority from monitoring which two parties are communicating to each other through the network.04-15-2010
20120290844SYSTEM AND METHOD FOR CONTROLLING MESSAGE ATTACHMENT HANDLING FUNCTIONS ON A MOBILE DEVICE - A system and method for controlling message attachment handling functions on a mobile device is described herein. An attachment handling control can be set to identify one of a number of selected attachment handling control modes. Depending on the attachment handling control mode identified, a request for the attachment structure that includes a decrypted session key for an encrypted message received at the mobile device may or may not be automatically sent to a remote server. This may provide the user with increased control over the content of an encrypted message that the remote server may access when determining the attachment structure for a message.11-15-2012
20120290842METHOD FOR SECURELY DOWNLOADING FROM DISTRIBUTED DOWNLOAD SOURCES - The present invention deals with a method for securely downloading from distributed download sources. The greatest possible download security with a simultaneously minimized server load is achieved in this case. The object of the present invention was to provide an improved download method which also allows simple servers, without the possibility of setting up a secure connection, to be used as download servers and allows the total CPU load on the servers involved to be minimized, wherein the data transmission security can he kept the same, in comparison with a download from a single server, via a secure connection. This object is achieved by the method according to the invention for securely downloading from distributed download sources according to the main claim with the aid of a secure database server, a secure main server and 1 to n non-secure download servers, wherein the non-secure download servers newly encrypt the symmetrically encrypted download packets at predefined intervals of time independently of the secure main server.11-15-2012
20120290841Unique identifier, method for providing the unique identifier and use of the unique identifier - A unique identifier which substantially prevents product counterfeiting, wherein the unique identifier can be produced in a very cost-effective manner. The unique identifier is suitable not only for use as a product identifier but also for authorization, for example for securing physical or electronic accesses, such as doors, computer programs or the like.11-15-2012
20110302416METHOD AND SYSTEM FOR SECURED COMMUNICATION IN A NON-CTMS ENVIRONMENT - A method for bypassing a Cable Modem Termination System (CMTS), the method includes: receiving, by a session manager, an encrypted Security Association Identifier (SAID) and an encrypted Traffic Encryption Key (TEK) that are associated with unicast transmission from the CMTS to a cable modem. The encrypted SAID and the encrypted TEK are upstream transmitted from the cable modem. Providing to an edge device, over a secured link a representation of the SAID and a representation of the TEK. Receiving by the edge device information that is associated with the SAID and should be downstream transmitted to the cable modem. Encrypting, by the edge device, the information by the TEK to provide encrypted information. Transmitting, by the edge device, the encrypted information to the cable modem while bypassing the CMTS.12-08-2011
20110302417IMPARTING CRYPTOGRAPHIC INFORMATION IN NETWORK COMMUNICATIONS - This specification describes technologies relating to imparting cryptographic information in network communications. In general, aspects of the subject matter described in this specification can be embodied in methods that include identifying a location in a pre-defined portion of a network communication to be sent in a client-server environment, wherein the pre-defined portion is reserved for random data, inserting cryptographic information into the pre-defined portion of the network communication at the location, and sending the network communication in the client-server environment to facilitate modifying interactions in the client-server environment based at least in part on a result of processing of the cryptographic information; and on a receiving side, receiving cryptographic information inserted into the pre-defined portion of the network communication in the client-server environment, identifying the location, processing the cryptographic information, and modifying interactions in the client-server environment based at least in part on a result of the processing.12-08-2011
20110302414REMOTE CONTROL OF MEDICAL DEVICES USING INSTANT MESSAGING INFRASTRUCTURE - Systems and methods for remote control and management of medical workstations using an instant messaging infrastructure. A remote client, such as a mobile phone, laptop, tablet, or other computing device, is used to generate instructions or information requests in one or more data packets. The remote client sends the one or more data packets using the instant messaging infrastructure to a medical workstation at another location. A service application in communication with the medical workstation receives the data packets and causes the medical workstation to retrieve the requested information or execute the instruction. The communications between the remote client and the service application are encrypted and signed to ensure secure communications.12-08-2011
20120005478AUTOMATIC CONFIGURATION OF DEVICES UPON INTRODUCTION INTO A NETWORKED ENVIRONMENT - Automatic configuration of devices upon introduction into a networked environment, can be implemented, for example, by having a device randomly generate a series of letters and/or numbers, e.g., generate a PIN (Personal Identification Number) that encodes temporary credentials that, in addition to proving ownership and/or control over the device by virtue of having access to the PIN, also allows creating a temporary secure communication channel based on the PIN over which permanent security credentials may be transferred to the device to facilitate provisioning it to securely communicate in the networked environment. In a wireless scenario, a unique SSID and encryption key (WEP or WPA) may be determined as a function of the PIN, where both the device and its access point utilize the PIN to establish a temporary secure communication channel. Various techniques may be used to establish ownership and/or control over the device to prevent inadvertent association of the device with a wrong networked environment.01-05-2012
20110289317METHOD AND APPARATUS FOR PROVIDING CONTENT AGGREGATION IN SUPPORT OF VIRTUAL CHANNELS - An approach is provided for content aggregation in support of virtual channels. Query information and authentication information of a user are received from a media application associated with a set-top box. A query request is generated for media content from a content provider using the query information, the authentication information, and an identifier of a service provider. Transmission of the query request is initiated to the content provider system. One or more search results are received in response to the query request. Transmission of the one or more search results is initiated to the media application.11-24-2011
20110197064METHOD FOR OPERATING A NETWORK, A SYSTEM MANAGEMENT DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR - The present invention relates to a method for operating a network comprising communicating devices representing nodes of the network. More precisely, the invention relates to a method for operating a network (08-11-2011
20090089581System and Method for Securing Data Through a PDA Portal - Consumers may utilize computing devices to assist in the purchase and/or loyalty process, and in particular, the consumer may utilize a PDA to facilitate the purchase and/or loyalty process. During the purchase and/or loyalty process, the consumer may need to insure that any content downloaded or used in association with the PDA is secure in how it is collected, assembled, and delivered to the PDA device. This system and method secures the data from its source to when it is actually viewed or used by the authorized user. The PDA may have direct access to an Internet web site portal that offers secure personal content from a content provider, such as, for example, an on-line banking or financial institution. Using the web site portal, the content provider may offer personal or confidential data, such as financial information, to PDA users in a secure (e.g., encrypted) environment. The exemplary system and method may establish a PDA portal link to the web site for collecting specified information for a user and transmitting the information to the remote device. To receive the information, the PDA contacts the portal and establishes a connection, authenticates itself to the network and allows the user to complete secured transactions or transmissions over the network.04-02-2009
20110296181Apparatuses and a Method for Protecting a Bootstrap Message in a Network - The embodiments of the present invention relate to apparatuses in the form of a first network unit and a device, and also relates to a method for enabling protection of a bootstrap message in a device management network system. The method comprises: receiving at the first network unit, a request to bootstrap the device; transmit a request for a bootstrap key, to a second network unit; receiving a message comprising the bootstrap key and further comprises trigger information and transmitting the trigger information to the device to trigger generation of the bootstrap key internally in the device. Thereafter a protected bootstrap message can be transmitted to the device from the first network unit, and when the device verifies and/or decrypts the bootstrap message, device management (DM) sessions can start between the device and the first network unit.12-01-2011
20110296182System and method for downloading application - A method for downloading an application is disclosed by the present invention which is implemented based on an application downloading system including a smart card, a mobile terminal, an Over The Air (OTA) server and an outside-card entity management platform. The outside-card entity management platform establishes a connection with the smart card through the OTA server and mobile terminal, selects a security domain for application downloading in the smart card after receiving an application downloading request from the smart card, establishes a security channel with the smart card, and downloads the application to the smart card based on the security channel. By using the system and method for downloading an application of the present invention, the application may be downloaded to the smart card over a mobile communication network at a high speed, in real time, conveniently and safely, with user experience being improved.12-01-2011
20110296180MOTOR VEHICLE DISPLAY DEVICE, MOTOR VEHICLE ELECTRONIC SYSTEM, MOTOR VEHICLE, METHOD FOR DISPLAYING DATA AND A COMPUTER PROGRAM PRODUCT - The invention relates to a motor vehicle display apparatus having an electronic appliance containing: 12-01-2011
20110296179Encryption System using Web Browsers and Untrusted Web Servers - In one embodiment of the present invention, a first user—the creator—uses a web browser to encrypt some information. The web browser provides to the creator a URL which contains the key used for encryption, such as in the form of an anchor embedded within a URL. The web browser also provides a hash of the cryptographic key and the encrypted information to a web server. The creator transmits the URL to a second user—the viewer—who provides the URL to a web browser, thereby causing the web browser to navigate to a decryption web page maintained by the web server, but without transmitting the cryptographic key to the web server. The viewer's web browser hashes the cryptographic key and sends the hash to the web server, which uses the hash to identify and return the encrypted information to the viewer's web browser, which in turn uses the encryption key to decrypt the message and display the decrypted message to the viewer.12-01-2011
20110296178Auto Provisioning Method in Wireless Communication Network - A method for auto provisioning for a communication device in a wireless communication network comprises the steps of: receiving a request from a station; determining the validity of the request according to a verification code carried by the request; sending a response to the station; receiving a security message from the station; retrieving a security key carried by the security message; and executing network provisioning according to the security key.12-01-2011
20110296177METHOD AND SYSTEM FOR MICROLOCKING WEB CONTENT - A method and system for ensuring the authenticity of server returned information displayed at a client browser is provided. The method comprises receiving the server returned information at a client computer; storing a copy of the server returned information at the client computer; inspecting the server returned information for one or more locked objects; allowing the client browser to operate one or more client installed scripts; inspecting the server returned information for any modifications to the one or more locked objects; and in response to determining that the one or more client installed scripts have made modifications to the one or more locked objects, replacing the modified locked objects with unmodified versions of the locked objects from the stored copy of the server returned information.12-01-2011
20110302415SECURING CUSTOMER VIRTUAL MACHINES IN A MULTI-TENANT CLOUD - A trusted virtualization platform protects sensitive customer data during operation of virtual machines in a multi-tenant cloud computing center. The trusted virtualization platform limits administrator access to the data and state of the virtual machines running thereon, reports any changes made thereto, and requires keys provided by the customer or a trusted third party of the customer to perform management operations on the virtual machines. By requiring cloud computing centers to use such trusted virtualization platforms, customers uploading their virtual machines into the cloud computing center can be assured that cloud administrators will not be able to access or tamper with their private data. Furthermore, customers can directly audit all important state or configuration changes for their virtual machines as the trusted virtualization platform can be configured to report all such changes according to a security policy set by the customer.12-08-2011
20090292919SECURE EXECUTION ENVIRONMENT ON EXTERNAL DEVICE - A device, such as a smartcard, may be externally-connected to a host platform and may be used to enhance or extend security services provided by the host platform's Trusted Platform Module (TPM). The device and the platform exchange keys in order to facilitate reliable identification of the platform by the device and vice versa, and to support cryptographic tunneling. A proxy component on the host device tunnels information between the platform and the device, and also provides the device with access to the TPM's services such as sealing and attestation. The device can provide secure services to the platform, and may condition provision of these services on conditions such as confirming the platform's identity through the exchanged keys, or platform state measurements reported by the TPM.11-26-2009
20130219178Media Player Security for Full Length Episodes - A streaming video player and authentication server work in conjunction to provide secure streaming media. Player authentication is used to ensure that only users using an authorized media player authorized users can access and stream the media content. An encryption process protects unauthorized users from playing media streams that are intercepted between the content server and an authorized user. Additionally, timed tokens are used to ensure that a user authorized to access a stream during a specified time period cannot access the same stream at a later time when the user is no longer authorized.08-22-2013
20130219179SYSTEM AND METHOD OF SECURE ENCRYPTION FOR ELECTRONIC DATA TRANSFER - A system for secure transfer of encrypted data involves a sender client, a recipient client, a main server, and a key server. The sender client receives instructions from a first user identifying transfer data and a recipient identifier, creates a key, encodes the transfer data using the key, and communicates the key and the recipient identifier to a server. The server creates a secure package identifier and communicates such to the sender client. The recipient client receives and identifies the secure package identifier and the encoded transfer data, receives from a second user a user identifier, and communicates the user identifier and the secure package identifier to the server. The server communicates the key to the recipient client only if the secure package identifier received from the recipient client matches the secure package identifier created by the server and if the user identifier matches the recipient identifier.08-22-2013
20080270794Method and Server for Providing Mobility Key - After a radio link is established between a mobile subscriber terminal and an access network, to authenticate the subscriber an authentication proxy server of an intermediate network forwards at least one authentication message containing a subscriber identification between the access network and a home network of the subscriber. If authentication is given by an authentication server of the home network, the authentication proxy server of the intermediate network stores the subscriber identification. The home agent receives a registration request message originating from the subscriber terminal and containing a subscriber identification; the home agent transmits a key request message, containing the subscriber identification, for a mobile key to the relevant authentication proxy server. The authentication proxy server provides a mobile key for the home agent, if the subscriber identification contained in the key request message matches one of the subscriber identifications that has been stored by the authentication proxy server.10-30-2008
20110167263WIRELESS CONNECTIONS TO A WIRELESS ACCESS POINT - A method and apparatus for establishing a wireless connection. A digital certificate having a second name is obtained by a processor unit in response to receiving a selection of a network using a first name broadcast by a wireless access point. A determination is made by the processor unit as to whether the digital certificate is valid. A determination is made by the processor unit as to whether the second name in the digital certificate matches the first name broadcast by the wireless access point. The processor unit establishes the wireless connection to the wireless access point in response to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point.07-07-2011
20110191586METHOD AND APPARATUS FOR AUTHENTICATING PUBLIC KEY WITHOUT AUTHENTICATION SERVER - Provided is a method in which a first device authenticates a public key of a second device. The method includes: receiving a first value generated based on the public key of the second device and a password displayed on a screen of the second device and the public key of the second device, from the second device; generating a second value based on the public key of the second device and a password input to the first device by a user of the first device according to the password displayed on the screen of the second device; and authenticating the public key of the second device based on the first value and the second value.08-04-2011
20100169643PROOF VERIFICATION SYSTEM, PROVING DEVICE, VERIFYING DEVICE, PROOF VERIFICATION METHOD, AND PROGRAM - The proof verification system of the present invention is composed of a proving device (07-01-2010
20100077212On-Demand Protection And Authorization Of Playback Of Media Assets - On-demand protection and authorization of playback of media assets includes receiving digital media at a server computer, storing intermediary data in a data store, and receiving a request from a client for the digital media. The method also includes generating a protected copy of the digital media from the digital media and the intermediary data. The method also includes storing a description of the protected copy in a database and sending the protected copy to the client. The method also includes receiving a request from the client to access the digital media and reading the description from the database based on information in the request. The method also includes sending a response to the client, the response indicating whether the client is authorized to access the digital media, and the response including cryptographic data to decrypt the protected digital media if the client is authorized to access the digital media.03-25-2010
20100268950DEVICE AND METHOD FOR DIGITAL RIGHT MANAGEMENT - The present invention provides a method for authenticating the copy right of a device by an offline way, a digital right protection system, and a method for providing digital contents, which mainly includes embedding an authentication agent into the digital content, said authentication agent, instead of the copyright issuer at the server side, authenticates the rendering qualification of the device before rendering the digital content. If the device is a non-compliant device, the authentication agent will not permit the device to render the digital content. The technique of the invention realizes offline digital right management, so it is not restricted by the network condition and can be applied widely in various environments.10-21-2010
20100115274Conditional access system and method - The present invention relates to methods of and systems for providing conditional access to electronic content. Electronic content is provided to a user along with authorization information. The electronic content may be transmitted to the user, and the user may use the authorization information to access the electronic content. An authorization code may be provided to the user such that the user may be granted access to the content based on a comparison of the provided authorization code and a second authorization code transmitted with the electronic content, and transmission of the second authorization code may be controlled by a content provider to control access by the user.05-06-2010
20100268948RECORDING DEVICE AND CONTENT-DATA DISTRIBUTION SYSTEM - A recording device comprises a memory unit configured to be communicationable with an external device and to record key data for encryption of content data through an authentication process, and a controller which controls the memory unit. The memory unit comprises a normal recording unit which is accessible from the exterior through the controller without an authentication process, a protected recording unit which is accessible from the external device when authentication of a first authentication process completes, and a writing restricted/protected recording unit which is accessible from the external device when authentication of a second authentication completes and is unwritable and unaccessible from the external device when authentication of only the first authentication process completes.10-21-2010
20100268947SYSTEMS AND METHODS FOR REGISTERING A CLIENT DEVICE IN A DATA COMMUNICATION SYSTEM - A two-way wireless communication system comprises a central authority in communication with a plurality of client devices via both a circuit switched data communication system and a packet switched data communication system. The packet switched communication system can assign packet switched network addresses to the client devices dynamically. Therefore, the central authority can be configured to send a circuit switched message, through the circuit switched data network, to a client device requesting the client device to register with the central authority through the packet switched data network10-21-2010
20110271106Communication Channel of a Device - A method including transferring a device ID through a first communication channel between a device and a transaction device, configuring the device to send secured information in response to receiving a transaction request and sending user information to a service provider through a second communication channel in response to receiving a request to authenticate the secured information.11-03-2011
20100023764SYSTEM AND METHOD FOR AUTHENTICATING COMPONENTS IN WIRELESS HOME ENTERTAINMENT SYSTEM - Configuration information is exchanged between a home entertainment system server and various wireless components by pushing a button on the server and a random button on a remote control device as it is pointed at the devices sought to be authenticated.01-28-2010
20120110331METHOD FOR ACTIVATING A NETWORK NODE - In a method for activating a destination network node (SN) to be woken up in a wireless network (05-03-2012
20080294897METHOD AND APPARATUS FOR EFFICIENT SUPPORT FOR MULTIPLE AUTHENTICATIONS - Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed.11-27-2008
20120036360SYSTEM AND METHOD ESTABLISHING TRUSTED RELATIONSHIPS TO ENABLE SECURE EXCHANGE OF PRIVATE INFORMATION - The invention disclosed here is aimed at enabling a trusted third party to manage user opt-ins which would enable growth of personalized information services, that is, enabling trusted business relationships between three types of entities—an end-user, an information source/provider, and an application service provider/developer—so that they can have a controlled, secure and private exchange of sensitive and/or confidential information. The inventive system has modes of operation recommended based on various conditions, enabling a secure exchange of private information between personal information repository owners and application services providers to enable deliver of personalized services. One mode is Durable Subscription Management, which is used when per transaction approval is not needed, that is, when an end-user has given permission to access data for a given or predefined period of time. A second mode is Per-Transaction Subscription Management Without Logs and a third mode is Per-Transaction Subscription Management With Logs.02-09-2012
20120036358Document encryption and decryption - A document encryption and decryption system for selectively encrypting and decrypting files and any other items and method for same to protect or secure its contents by helping to prevent unauthorized individuals from viewing data in human-perceivable or readable form. The encryption system includes remote authentication to verify a user's credentials stored on a remote database hosted by a web server. The encryption system further includes remote delete to automatically delete encrypted items stored on the user's computer, handheld or portable device, smartphone, and any other computing device of any kind when it logs onto a network if the user's computer or computing device is reported lost, stolen, or otherwise compromised. Decryption keys allow selective decryption of encrypted items that are on the computer or computing device of any kind. A Windows Communication Foundation service helps with authenticating the users with the encryption key and login process stored and processed by the web server.02-09-2012
20100088512Method and Apparatus for Automatically Publishing Content Based Identifiers - A method and apparatus for automatically publishing content based identifiers are described. In one embodiment, the method comprises accessing an electronic communication to obtain a content based identifier (CBI) contained in the electronic communication. In one embodiment, the method may also comprise using the CBI to validate integrity of a hash chained log.04-08-2010
20130024690CENTRALIZED SERVICE FOR DISTRIBUTED SERVICE DEPLOYMENTS - A centralized service communicatively links an application provider to a plurality of different message forwarding services. The centralized service receives a request and authenticates the application provider associated with the request. Further, the centralized service delivers a message embodied by the request to a first message forwarding service with a first protocol and/or to a second message forwarding service with a second protocol different than the first protocol.01-24-2013
20100082980METHOD TO CONNECT WIRELESS COMMUNICATION DEVICE, WIRELESS COMMUNICATION DEVICE, AND COMPUTER USABLE MEDIUM THEREFOR - A method to connect a wireless communication device to an intended wireless network is provided. The method includes a first step, in which options of authorization methods are presented to be selectable to a user, a second step, in which a first authorization method is automatically selected if an option of a third authorization item is selected, a third step, in which options of encryption methods corresponding to the selected first authorization method are presented to be selectable to the user, a fourth step, in which a first encryption method is automatically selected if a third encryption item is selected, and a fifth step, in which establishment of the connection is attempted by use of the selected first authorization method and the selected first encryption method.04-01-2010
20090217039System, Method and Apparatus for Authenticating Calls - The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.08-27-2009
20110126010SERVER, SYSTEM AND METHOD FOR MANAGING IDENTITY - Disclosed herein is a system and method for managing identity. The system includes a mobile terminal, a web server, and a service terminal. The mobile terminal includes a smart card on which a management server for managing user identity is mounted. The web server generates the user identity and provides the generated identity to the management server over a wired/wireless network. The service terminal receives a required identity from the mobile terminal using Near Field Communication (NFC).05-26-2011
20100082978Wireless Communication Device, Method for Wireless Connection, and Computer Usable Medium Therefor - A wireless communication device to be wirelessly connected to a wireless network is provided. The wireless communication device includes an encryption examiner to examine as to whether communication in the wireless network is encrypted, a password obtainer to obtain a password designated by a user for connecting the wireless communication device to the wireless network if the encryption examiner determines that the communication in the wireless network is encrypted, and a wireless connector to connect the wireless communication device to the wireless network with the use of the obtained password. The wireless connector sequentially selects one set from a plurality of sets, and sequentially attempts to connect the wireless communication device to the wireless network with the use of the sequentially selected one set. Each set of the plurality of sets has an authorization method and an encryption method.04-01-2010
20100088514Method and device for authorising access to data - The present invention is related to a device for authorising access to data content protected by a control signal (CW) and delivered to a terminal over a network comprising an access network. The device is arranged for receiving a version of the control signal and further comprises processing means for processing the received version of the control signal and arranged for sending to the terminal an output signal derived from that processed version of the control signal. Said output signal enables the terminal to get access to the delivered data content protected by the control signal. The device is characterised in that it is operable in the access network.04-08-2010
20090013180Method and Apparatus for Ensuring the Security of an Electronic Certificate Tool - The present invention discloses a method and apparatus for ensuring the security of an electronic certificate tool, the method comprising: A: inputting business information by using the input or confirmation function set up in the electronic certificate tool; and step B: encrypting, attaching signature to or/and authenticating the inputted business information by the electronic certificate tool and sending the processed business information over the Internet via a computed connected to the Internet to make business dealing or/and payment. The method and apparatus ensure the security of the electronic certificate tool and are convenient and easy to use.01-08-2009
20100082981ELECTRONIC BUSINESS POSTAL SYSTEM - An electronic business postal system collects, clears and delivers electronic business mail through a closed access, secure messaging system. A collection subsystem consists of access portals that are associated with secured system nodes. The access portals provide authenticated users access to the system to send and retrieve electronic business mail that includes postal system electronic delivery addresses, physical delivery addresses, or both. Secured message servers that are associated with the respective access portals process the electronic business mail into uniquely identified messages for delivery over the system nodes and also process received messages to provide the corresponding electronic business mail to the intended recipients through associated access portals. A delivery subsystem directs the messages through the system nodes associated with the senders' access portals to the system nodes associated with the recipients' access portals. A clearance subsystem confirms the integrity of both the messages and their delivery and ensures that each message is delivered once and intact.04-01-2010
20100082982Service control system and service control method - In a safety determining system, an information processing apparatus performs authentication of biometrical information and gathers corresponding environment information (apparatus information, software, peripheral devices, location information). Then, the information processing apparatus sends the gathered environment information and service information of a target service to a central server. Based on the environment information, the service information, and information stored in an environment information DB, the central server determines whether it is safe to provide a service to the information processing apparatus. Based on that determination result, a service terminal provides a service to the information processing apparatus.04-01-2010
20100082979METHOD FOR THE PROVISION OF A NETWORK SERVICE - Methods and systems provide for sharing information between computer networks in which the information to be shared is required at one location (e.g. for the provision of a data-processing service) but is only available at a separate location. The information may be deliberately absent (e.g. for privacy reasons) or may be unavailable as an artifact of the computer network(s) involved. For the provision of a data-processing service, where several different devices on one network may service contiguous requests from a client device on another network according to a load-balancing strategy, data is propagated once only through the service network. Network communication software is subsequently amended to provide the minimal information necessary for a device on the service network to retrieve the information pertinent to the client device and necessary for its service. Therefore, a web-based single sign-on scheme can operate over HTTP to authorize data-processing services, such as web-filtering services.04-01-2010
20090164783METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATION OF FRAGMENTS USING HASH TREES - An apparatus for authentication of fragments using hash trees may include a processor. The processor may be configured to provide one or more data fragments and a hash tree representing the one or more fragments, send at least one first fragment accompanied by any nodes of the hash tree necessary to authenticate the one or more first sent fragments, and send one or more subsequent fragments accompanied by only some, but not all, of the nodes of the hash tree necessary to authenticate the one or more subsequent fragments with the other nodes that are not sent but are necessary for authentication having been previously sent in conjunction with a prior fragment.06-25-2009
20100100738METHOD FOR ESTABLISHING A SECURE AD HOC WIRELESS LAN - Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.04-22-2010
20100088516Systems and Methods For Providing Security to Different Functions - Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.04-08-2010
20090282244MEDICAL DEVICE RIGHTS AND RECALL MANAGEMENT SYSTEM - The embodiments provide systems and methods for medical device rights and recall management system. A digital IP rights and recall management device activates a central key server to authenticate software contents and services operated on a microprocessor based medical devices through a coding key that may be embedded in a medical device or in a service provider server or in an end user computer. The recall management server unlocks the software content transmitted from or to a value-added service provider and selectively recall the value-added software component without requiring any physical recall of the medical device. The system maintains a virtual device master record which enables quality control and recall capability for software elements independent of any physical hardware recall.11-12-2009
20120185693SECURE PROGRESSIVE DOWNLOAD FOR MEDIA CONTENT PLAYBACK - In embodiments of secure progressive download for media content playback, a client device (07-19-2012
20090089580WIRELESS COMMUNICATION DEVICE, PORTABLE TERMINAL, COMMUNICATION CONTROL PROGRAM AND COMMUNICATION SYSTEM - A wireless communication device, comprising: a wireless communication unit which communicates with other communication device located at a prescribed range; a first identification information generator which generates first identification information including a service name of available service and inherent information; an encryption unit configured to encrypt said first identification information by using a prescribed encryption key to generate encryption data; a second identification information generator which generates second identification information including the service name, the inherent information and the encryption data; and an inherent information transmitter which transmits the second identification information for an other communication device which has requested transmission of the inherent information.04-02-2009
20100100735APPARATUS AND METHOD FOR PROVIDING A PORTABLE BROADBAND SERVICE USING A WIRELESS CONVERGENCE PLATFORM - An apparatus and method for providing a portable broadband service, the method comprising enabling a first connectivity between a wireless convergence platform and an Internet gateway; enabling a second connectivity between the wireless convergence platform and at least one device; obtaining an application service through the Internet gateway using the first connectivity; and relaying the application service through the second connectivity to the at least one device.04-22-2010
20090276626PORTABLE SMART CARD READER HAVING SECURE WIRELESS COMMUNICATIONS CAPABILITY - A reader device includes a housing for receiving a smart card, a processor in electronic communication with an integrated circuit chip of the smart card when the smart card is received in the housing, a wireless communications device in electronic communication with the processor for enabling the reader device to transmit first encrypted information wirelessly and to receive second encrypted information wirelessly, and a memory in electronic communication with the processor that includes one or more routines executable by the processor. The one or more routines include a cryptographic module adapted to encrypt first information to create the first encrypted information and decrypt the second encrypted information to obtain second information. In addition, a communication system that includes the reader device and a computing device, wherein the reader device and computing device are able to wirelessly exchange information in a secure manner.11-05-2009
20090144546APPLICATION CONTROLLED ENCRYPTION OF WEB BROWSER DATA - A browser cache-securing component facilitates online communication of confidential data, such as for financial information, purchasing transactions, or user identification. Caching webpages for subsequent presentation enhances user productivity and efficiency while reducing burdens on network resources. Yet, the security risks of intrusions into cache memory are mitigated by retaining encrypted data in cache memory without prior decryption. A modest overhead in decrypting when and if the webpage is to be presented again gains a security and privacy advantage without taking away functionality. Decrypted versions of confidential data can thereby be relegated to volatile memory. Upon termination of a session, a session key shared by a network server is deleted, preventing subsequent decryption. Executing the browser cache-securing component in a virtual machine environment allows multiple browser types to benefit from the security feature.06-04-2009
20090138709OPTICAL TRANSCEIVER WITH VENDOR AUTHENTICATION - An optical receiver comprising at least one processor and a memory including at least one of an encryption key or a decryption key and at least one of encryption microcode or decryption microcode that includes processor-executable instructions that, when executed by the at least one processor, cause the optical transceiver to perform the following: an act of performing an encryption or decryption operation on data received from a host computing system to thereby authenticate the optical transceiver.05-28-2009
20090287926PROVING APPARATUS AND VERIFICATION APPARATUS APPLIED TO DENIABLE ZERO-KNOWLEDGE INTERACTIVE PROOF - The present invention enables deniable zero-knowledge interactive proof to be performed with low amounts of communications and calculations by utilizing a method of a special honest verifier zero-knowledge interactive proof when such method is given. The verification apparatus generates a commitment of a challenge value with respect to a predetermined relationship and transmits the commitment of the challenge value to the proving apparatus, which determines whether or not a required relationship using the commitment of the challenge value holds, and stops its operation if such relationship does not hold. The proving apparatus causes the proof commitment generation apparatus to generate a proof commitment and transmits the proof commitment to the verification apparatus, which transmits a challenge value and a random number to the proving apparatus. The ladder transmits a response to the verification apparatus which determines acceptance or non-acceptance of the proof through communications with the interactive proof verification apparatus.11-19-2009
20110197063NEAR FIELD REGISTRATION OF HOME SYSTEM AUDIO-VIDEO DEVICE - A near field communication (NFC) sticker which stores a key is attached to a new client device. A remote commander in a home network reads the key using a NFC interface and IR-transmits it to a home network server. Once the client is connected to the network, it encrypts its own device information with the key and sends the encrypted information to the server, which decrypts the data with the key sent from the remote commander. In this way, client device registration is executed easily and securely.08-11-2011
20100100736METHOD AND SYSTEM FOR SECURE COMMUNICATION - A method and system for secure communication is provided. The method for secure communication with devices includes: obtaining a parameter for protecting a content; authenticating each other by exchanging a certificate with the device; and exchanging a key with the device using a key authenticated through the certificate to establish a secure authenticated channel with the device. Accordingly, it is possible to establish the secure authenticated channel and perform secure communication by computing a secure authenticated channel key.04-22-2010
20100100734DIGITAL RADIOLOGY SYSTEM AND METHOD FOR IMPLEMENTING THE RADIOLOGY SYSTEM - The invention relates to a digital radiology system and a method of implementing the radiology system. The radiology system includes a mobile cassette and a fixed base station, the cassette including an X-ray image acquisition device to which the cassette is exposed, the system also including a communication interface between the cassette and the base station to enable transfer data such as the image between the cassette and the base station. The communication interface includes a removable wired link and a wireless link, both capable of transferring data and the system includes a circuit to deactivate the wireless link as soon as the wired link is set up. The method includes setting up as a priority a data interchange over the wireless link and switching the exchange over to the wired link as soon as the latter is set up.04-22-2010
20090276628DIGITAL CONTENT DECRYPTING APPARATUS AND OPERATING METHOD THEREOF - A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device, wherein the source device is configured to perform an authenticating operation with the target device by using an identifier (ID) associated with at least one of the target device and a storage medium of the target device; performing a first addition operation by using a first target internal key and the ID; generating a target encryption key based on an output of the first addition operation and a second target internal key by using a predetermined encryption algorithm; and decrypting the encrypted digital content using the target encryption key.11-05-2009
20090282247METHOD, SYSTEM AND DEVICE FOR AUTHENTICATING A USER - Embodiments described herein relate to a method and device for authenticating a user of a computer and a corresponding system using the method and device. The device is a handheld electronic device configured to receive a first authentication code and to generate a secure identification token. If the received first authentication code and the generated token match, a second authentication code is transmitted to a computer to unlock the computer.11-12-2009
20090287927SECURE AUTHENTICATED DISTANCE MEASUREMENT - The invention relates to a method for a first communication device to performing authenticated distance measurement between said first communication device and a second communication device, wherein the first and the second communication device share a common secret and said common secret is used for performing the distance measurement between said first and said second communication device. The invention also relates to a method of determining whether data stored on a first communication device are to be accessed by a second communication device. Moreover, the invention relates to a communication device for performing authenticated distance measurement to a second communication device. The invention also relates to an apparatus for playing back multimedia content comprising a communication device.11-19-2009
20100281258SECURED PRESENTATION LAYER VIRTUALIZATION FOR WIRELESS HANDHELD COMMUNICATION DEVICE - The connectivity and security of wireless handheld devices (HDs) can be leveraged to provide a presentation appliance (PA) such as a laptop with an ability to securely communicate with an enterprise's private network. A split-proxy server, with part of it executing on the HD and a part executing on the PA, implements a full HTTP 11-04-2010
20110271107System and Method for Comparing Private Data - The present disclosure is directed to systems and methods including accessing a first private value, generating a first intermediate value based on the first private value, receiving a second intermediate value that is based on a second private value, generating a first comparison value based on the second intermediate value, receiving over the network a second comparison value that is based on the first intermediate value, comparing the first comparison value and the second comparison value to generate a result, and displaying the result, the result indicating that the first private is greater than the second private value when the first comparison value is less than the second comparison value, and the result indicating that the first private value is less than or equal to the second private value when the first comparison value is greater than the second comparison value.11-03-2011
20110271104Security device and building block functions - A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.11-03-2011
20100299523MOBILE HOST USING A VIRTUAL SINGLE ACCOUNT CLIENT AND SERVER SYSTEM FOR NETWORK ACCESS AND MANAGEMENT - A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.11-25-2010
20110271108METHOD AND SYSTEM FOR SECURE EXCHANGE AND USE OF ELECTRONIC BUSINESS CARDS - Some embodiments provide a system that facilitates the use of an electronic business card. During operation, the system obtains one or more permissions for the electronic business card. Next, the system manages use of the electronic business card by a recipient of the electronic business card based on the permissions.11-03-2011
20110271111Systems and Methods For Providing Security to Different Functions - Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.11-03-2011
20110271109SYSTEMS AND METHODS OF REMOTE DEVICE AUTHENTICATION - Methods and systems are provided herein that allow for a first device to remotely authenticate a particular software or hardware feature of a second device with which the first device is communicating. More specifically, the teachings herein allow for a server to verify that a particular application running on a client machine is an authentic application, as opposed to an application developed by a rogue element disguising itself as a authentic application. In a broader sense the teachings herein allow a server to initiate a sequence of instructions on the remote machine, and for which assurance is needed that the intended instructions were executed on the remote machine. Additionally methods and systems are provided that generate and update client registration certificates that are tightly bound to both client and server.11-03-2011
20110271114SYSTEM AND METHOD FOR AUTHENTICATING REMOTE SERVER ACCESS - A system and method for providing secure authentication for website access or other secure transaction. In one embodiment, when a user accesses a website, the web server identifies the user, and sends an authentication request to the user's mobile device. The mobile device receives the authentication requests and sends back authentication key to the web server. Upon verifying the authentication key, the web server grants access to the user.11-03-2011
20090204816Method Of Authorizing Network Publishing - A method of authorizing printing of a publication at a printer by a publisher in a network is provided, in which an alias identity of a user is created from both a sensing device identity and an application identity when the user interacts with a printed application tag associated with the publication using the sensing device, the publication is addressed to the user by the alias identity, the publication is signed using a private key of the publisher, the signed publication is sent to the printer, and it is confirmed that the signed publication may be printed at the printer by verifying the private key signature.08-13-2009
20120297191SYSTEM AND METHOD FOR SECURE DISTRIBUTION AND/OR STORAGE OF DATA FILES WITH LONG TERM FILE INTEGRITY VERIFICATION - Systems and methods for securely uploading, distributing, managing and/or storing any type of data file within a subscriber-based system maintained by a third party administrator are disclosed. The subscriber-based system acts as an electronic repository to ensure that data files remain intact, secure, and unaltered from their original form. Systems and methods for long term verification of data file integrity using checksum records stored in a public checksum directory are also disclosed.11-22-2012
20110173447MASTER UNIT AND SLAVE UNIT - Provided is a communication device which securely registers a slave unit. A secret address generation and setup section generates a secret address generator, and a secret address of the slave unit used temporarily instead of a unique address of the slave unit based on the secret address generator and identification information of the slave unit. A second communication section transmits to the slave unit a registration start notice containing the secret address generator by broadcast. A registration process section generates a registration authentication key; generates a unique key of the slave unit by transmitting/receiving, to/from the slave unit, unique key generation information encrypted using the registration authentication key; receives, from the slave unit, the unique address of the slave unit encrypted using the registration authentication key; and stores the identification information in association with the unique address and the unique key of the slave unit in the registration information storing section.07-14-2011
20100281257CONFIDENTIAL COMMUNICATION METHOD - It is an object of the present invention to solve a problem included in the onion routing which is used as a confidential communication method, that if a system down occurs in a computer within a communication route, connection is not made to further components at all, or a problem that the system and the traffic become slow by using multiplexed encryption. It is a communication method in which a client of an information providing source encrypts random numbers and calculates its hash value using respective public keys of an information server to which it connects, a function server of a destination to be sent, and an information server to which the function server connects, respective servers decrypt the encrypted random number using their own secret keys to compare the random number with the hash value, and thus, the client determines whether or not the route is related to the client. In such a way, information can be provided as an information providing source and an information provided destination are hidden, and as a response to provided contents from the function server which is the information provided source can also be kept anonymous.11-04-2010
20100299522Content Sharing Systems and Methods - Systems and methods are described for peer-to-peer sharing of electronic content. In one embodiment, if a license associated with a content item permits a sharing peer to share the content item with a receiving peer, the sharing peer rebinds a cryptographic key associated with the content item to the receiving peer and generates a sharing license for the content item. The sharing peer sends the sharing license and the content item to the receiving peer for consumption.11-25-2010
20100293376METHOD FOR AUTHENTICATING A CLENT MOBILE TERMINAL WITH A REMOTE SERVER - The disclosure relates to a method and a device for authenticating a client mobile terminal on a remote server of said terminal, with said server sending a challenge to said mobile terminal in advance, said mobile terminal having to respond to the challenge, to authenticate at the same time, by transmitting a response consisting in encoding said challenge combined with a secret key known to said terminal and the same time to the server, wherein the secret key is hidden in a media file recorded in the mobile terminal using steganography.11-18-2010
20100005296Systems and Methods for Controlling Access to Encrypted Data Stored on a Mobile Device - Encrypted data on mobile devices is protected by remotely storing a decryption key. In order to decrypt the encrypted data on the mobile device, the mobile device obtains the decryption key from an access control system that is remote from the mobile device. The access control system can control access to the encrypted data by controlling access to the decryption key. For example, the access control system can implement user authentication as a condition for providing the decryption key. Access to the encrypted data can also be controlled by withholding the decryption key where, for instance, a mobile device has been reported to be lost or stolen, or once an individual's access privilege has been revoked, or at certain times of the day.01-07-2010
20100223464PUBLIC KEY BASED DEVICE AUTHENTICATION SYSTEM AND METHOD - Provided is a public key based device authentication server including a server authenticator identifying a device in which a service list is registered and acquiring a certificate of the device issued by a certificate authority (CA); and an encryption key generator generating a public key and a private key for the device and transmitting to the device the public key, the private key and the certificate of the device.09-02-2010
20080250244SYSTEM AND METHOD FOR DISTRIBUTION OF CREDENTIALS - The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.10-09-2008
20080276088Continuous isochronous read access and measurement of data stored in non-volatile memory - A measurement and authentication engine in a nonvolatile memory computes an original hash value on data read from the nonvolatile memory. A measurement and authentication engine in a host processor recomputes the hash value on the data received from nonvolatile memory and checks that the computed hash value matches the hash value generated and transferred from the nonvolatile memory.11-06-2008
20110208966INTEGRATED CIRCUIT FOR AUTHENTICATION OF CONSUMABLE STORAGE DEVICE - An integrated circuit is provided for the authentication of a consumable storage device by an apparatus. The integrated circuit has a memory space which contains encrypted data defined by a message authentication code (MAC) applied to data relating to a consumable stored by the device. The MAC is a construction of an asymmetric cryptographic function whereby a public key K08-25-2011
20110208965METHOD AND SYSTEM FOR SECURE COMMUNICATION - A system and method for secure communication is provided. Outgoing messages to another computing device are encrypted using a first shared key shared with said other computing device, and a first counter, said first shared key and said first counter being stored in storage of a computing device. Incoming messages from said other computing device are decrypted using said first shared key and a second counter stored in said storage of said computing device.08-25-2011
20090265555METHODS AND APPARATUS FOR CREDENTIAL VALIDATION - A secure credential validation compares stored and received modified credentials, e.g., biometric credentials, such that the validating system does not have access to the unmodified credentials. A capture system and a credential validation system are operatively coupled to a network (e.g., the Internet). The credential validation system is configured to store a set of modified stored credentials associated with the principal, receive a set of modified received credentials, and perform a credential validation procedure to validate the modified received credentials, wherein the credential validation procedure performs a one-way consistency test to compare the modified stored credentials and the modified received credentials. The credential validation procedure employs one or more similarity measures, e.g., a weighted quorum of exact matches, a discrete N-ball (or “N-shell”) intersection, or a client-based algorithm with encryption.10-22-2009
20090265554MEANS AND METHOD FOR SINGLE SIGN-ON ACCESS TO A SERVICE NETWORK THROUGH AN ACCESS NETWORK - The present invention provides means and method for Single Sign-On authentication of a user accessing a service network through an access network when the user has been already authenticated by a core network where the user holds a subscription. Therefore, a number of means are provided in different entities distributed between the core network and the service network, as well as in the user's equipment, for carrying out the proposed method. The Single Sign-On authentication takes place upon matching in the service network a shared key for the user submitted from the core network with another shared key for the user derived at the user's equipment.10-22-2009
20090265552SYSTEMS AND METHODS FOR SECURE SHORT MESSAGING SERVICE AND MULTIMEDIA MESSAGING SERVICE - Systems and methods for managing (for example, creating, transmitting, delivering, encrypting, storing, and the like) secure SMS (short message service) and secure MMS (multimedia messaging service) communications are disclosed.10-22-2009
20090265551System and Methods for Access Control Based on a User Identity - System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.10-22-2009
20090265550Method and arrangement for transmitting data in a communication system that employs a multi-hop method - In a multi-hop network, packets are classified into header and user data for coded distribution. The header information, especially the multi-hop information, is separated in a coded manner from the user data, such that each network node need only decode the header in order to forward the packet. The header and the user data are guided, independently from each other, to the hardware of the respective device for separate coding, as if they were complete packets. A hardware accelerated coding of header and user data is possible using different keys. The header also contains integrity protection.10-22-2009
20120297190USABLE SECURITY OF ONLINE PASSWORD MANAGEMENT WITH SENSOR-BASED AUTHENTICATION - A multi-party security protocol that incorporates biometric-based authentication and withstands attacks against any single party (e.g., mobile phone, cloud, or the user). The protocol involves the function split between mobile and cloud and the mechanisms to chain-hold the secrets. A key generation mechanisms binds secrets to a specific device or URL (uniform resource locator) by adding salt to a master credential. An inline CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) handling mechanism uses the same sensor modality as the authentication process, which not only improves the usability, but also facilitates the authentication process. This architecture further enhances existing overall system security (e.g., handling untrusted or compromised cloud service, phone being lost, impersonation, etc.) and also improves the usability by automatically handling the CAPTCHA.11-22-2012
20080313460SYSTEM AND METHOD FOR GUARANTEEING SOFTWARE INTEGRITY VIA COMBINED HARDWARE AND SOFTWARE AUTHENTICATION - A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted.12-18-2008
20080209213AUTHORIZING SECURE RESOURCES - A system receives a request to access a secure resource and a verification telephone number from a first device, establishes a secure session with a second device associated with the verification telephone number, requests an authentication mechanism from the second device to verify the secure resource request, verifies the received authentication mechanism if the requested authentication mechanism is received from the second device, and determines whether to grant or deny the first device access to the secure resource based on the verification of the received authentication mechanism.08-28-2008
20110010542METHOD AND APPARATUS FOR COMMUNICATION, AND METHOD AND APPARATUS FOR CONTROLLING COMMUNICATION - Method and apparatus for communication between client and service provider using external server, and a method and apparatus for controlling communication between a client and a service provider are provided. The method includes: receiving from the service provider a first authentication token indicating that the service provider has authenticated communication with the client by logging on the service provider; storing, in the external server, authentication information containing the first authentication token and additional information relating to communication with the service provider; receiving, when there is a request to access the service provider, authentication information corresponding to the request from the external server; and communicating with the service provider using the received authentication information. It is possible to alleviate the burden on a user to enter his or her ID and password, and to remove necessity for a user to enter the ID and password after registration has been performed once.01-13-2011
20110010545PROCESSING RECORDABLE CONTENT IN A STREAM - Methods and a systems are described for processing recordable content in a broadcast stream sent to a receiver, wherein said broadcast stream is protected in accordance with a conditional access system and wherein said receiver is configured for storing and consuming content in said broadcast stream in accordance with a digital rights management system. In this methods and systems recording information is sent in one or more entitlement control messages over a broadcast network to a receiver. Using the recording information in the entitlement control messages the receiver is able to store recordable events in a broadcast stream on a storage medium and to consume said recorded events in accordance with a digital rights management system.01-13-2011
20110010544PROCESS DISTRIBUTION SYSTEM, AUTHENTICATION SERVER, DISTRIBUTION SERVER, AND PROCESS DISTRIBUTION METHOD - In an authentication server performing an authentication process to authenticate a user using a terminal with the terminal by means of a TLS authentication in tunnel using a TLS parameter having preliminarily been acquired, user identification information and the TLS parameter are included in a transfer request signal, and transmitted to a distribution server, when user identification information transmitted from the terminal does not exist in an authentication database. A search is conducted in a distribution server database for authentication server identification information associated with the user identification information included in the transfer request signal. The user identification information and the TLS parameter are transmitted to the authentication server assigned with the authentication server identification information that has been searched for.01-13-2011
20110010543PLATFORM VALIDATION AND MANAGEMENT OF WIRELESS DEVICES - Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network.01-13-2011
20120297192CONTENT DELIVERY NETWORK ENCRYPTION - A system and method for delivering content to end users encrypted within a content delivery network (CDN) for content originators is disclosed. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for the content object, which is encrypted in the CDN.11-22-2012
20100005295SYSTEM AND METHOD FOR PROVIDING UNIQUE ENCRYPTION KEY - A system and method for providing a unique encryption key including a receiver, at a Voice over Internet Protocol (VoIP) adapter, configured to receive a configuration file, a processor, at the VoIP adapter, configured to decrypt the configuration file using a default key stored in the VoIP adapter, update one or more profile parameters of the configuration file, and install an encryption key at the VoIP adapter using the configuration file, and a transmitter, at the VoIP adapter, configured to register, with a network element, for network service using the updated configuration file such that the receiver is configured to receive network service from the network element when the updated configuration file is authenticated by the network element.01-07-2010
20100100737SYSTEM AND METHOD FOR GENERATING A NON-REPUDIATABLE RECORD OF A DATA STREAM - A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream.04-22-2010
20110271112METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR FACILITATING RANDOMIZED PORT ALLOCATION - A method, apparatus, and computer program product are provided for facilitating randomized port allocation. An apparatus may include a processor configured to receive a port allocation message from a network management entity. The port allocation message may comprise an encryption key, an initial input value, and a value indicating a number of ports allocated to the apparatus for communication on a network. The processor may be further configured to calculate at least one port allocated to the apparatus with an encryption function based at least in part upon the encryption key and initial input value. Corresponding methods and computer program products are also provided.11-03-2011
20100138655TERMINAL APPARATUS AND OPERATION INFORMATION COLLECTING SYSTEM - A terminal apparatus includes a receiving unit for receiving content data having definition information containing information regarding collection of operation information and information limiting a destination of the operation information; a playback processing unit for playing back the content data; a separating unit for separating the definition information from the content data, an operation-log collecting unit for collecting an operation log based on the information regarding the collection of the operation information; an operation-information generating unit for generating operation information from the operation log; a transmission enabling/disabling determining unit for determining whether or not transmission of the operation information is enabled, and a transmitting unit for transmitting the operation information to an information collecting server in response to a user operation that causes data communication, when the transmission enabling/disabling determining unit determines that transmission of the operation information is enabled.06-03-2010
20120144195METHOD AND SYSTEM FOR UNIFIED MOBILE CONTENT PROTECTION - Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control.06-07-2012
20120144193Open protocol for authentication and key establishment with privacy - A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.06-07-2012
20100146272METHOD OF CONTROLLING INFORMATION REQUESTS - A method controls information requests in a system operating in an unauthorised, unassociated mode. The system includes at least one user device and an access point. The method involves receiving at the access point a first information request from a user device and a user device identifier. A utilization indicator is set. At the access point a second information request is received from a user device. A check is performed to determine whether the timer has expired; and if so, processing the second information request for response.06-10-2010
20100146273METHOD FOR PASSIVE RFID SECURITY ACCORDING TO SECURITY MODE - Provided are a method for passive radio frequency identification (RFID) security according to a security mode. An RFID tag transmits its own current security mode to a reader and the reader drives a security protocol depending on the current security mode of the RFID tag. Also, the reader grasps the ability of the tag and then the reader drive a protocol suitable for the ability through the security mode.06-10-2010
20100146274SECURITY FOR SOFTWARE DEFINED RADIO TERMINALS06-10-2010
20080270795METHOD TO CREATE AN OSI NETWORK LAYER 3 VIRTUAL PRIVATE NETWORK (VPN) USING AN HTTP/S TUNNEL - A method of creating and using a virtual private network (VPN) client encrypts network communications to server/gateways using strong algorithms to ensure data integrity and privacy during transport. Transport uses standard HTTP packets. Encryption and integrity are provided by using Secure Socket Layer (SSL, sometimes referred to as TLS). This invention is compatible and portable to different computer operating systems and mobile devices, and is also lightweight, allowing for ‘clientless’ installation and removal or small-footprint (thin) client software installations. The invention can also secure mobile user communication links over public wireless hotspots or wired Internet links.10-30-2008
20080270793Communication Protocol and Electronic Communication System, in Particular Authentication Control System, as Well as Corresponding Method - In order to provide a communication protocol for cryptographic authentication on the basis of at least one cryptographic algorithm, in particular according to the A[dvanced]E[ncryption]S[tandard], by 10-30-2008
20100005294Security in Wireless Environments Using Out-Of-Band Channel Communication - A methodology of using an (preferably uni-directional) out-of-band channel for secure information transmission between two devices capable for LPRF communication is provided. Information, which is intended for secure transmission from one of the devices to the other device, is encoded into a time dependent visual sequence. The visual sequence may comprise one or more visual signals, in particular lighted-up and dark states. The visual sequence is emitted in a time-dependent visual signal by a light emitter of the one device and the emitted signal is detected by a light sensor of the other device on the basis of the detected signal. The time-dependent signal especially timely varies in the light intensity. The light sensor generates a (time-dependent) sequence of detection signals. These detection signals are decoded to reconstruct the information intended for secure transmission. The out-of-band channel transmission of the information being separate from the LPRF communication enables to transmit a shared secret. The shared secret is required for secure authentication of the devices during initialization of the LPRF communication.01-07-2010
20100138654SYSTEM AND METHOD FOR AUTHENTICATION BASED ON PARTICLE GUN EMISSIONS - A system, method and computer readable medium are disclosed for authentication. The method includes generating a challenge on a sender based on physical emission properties of a particle gun; transmitting the challenge from the sender to a receiver; receiving the challenge on the receiver; and verifying the authenticity of an entity, such as data, an object or a person, at the receiver by comparing the challenge with a value generated at the receiver. The process of generating the challenge and value is such that it is difficult to retrieve details of the input data based on the output data.06-03-2010
20110271113SECURE STREAMING CONTAINER - A system and method for securely streaming encrypted digital media content out of a digital container to a user's media player. This streaming occurs after the digital container has been delivered to the user's machine and after the user has been authorized to access the encrypted content. The user's operating system and media player treat the data stream as if it were a being delivered over the Internet (or other network) from a streaming web server. However, no Internet connection is required after the container has been delivered to the user and the data stream suffers no quality loss due to network traffic or web server access problems. In this process of the invention, the encrypted content files are decrypted and fed to the user's media player in real time and are never written to the user's hard drive or storage device. This process makes unauthorized copying of the digital content contained in the digital container virtually impossible.11-03-2011
20110208964METHOD AND APPARATUS FOR APPLYING A PARTIAL PASSWORD IN A MULTI-FACTOR AUTHENTICATION SCHEME - A method includes receiving, via a server, a User ID and Password from a client device, and generating a Secret PIN (SPIN). Values for a Partial Password and an encrypted version of the SPIN (ESPIN) are determined. The method includes challenging a user of the client device with a challenge that prompts the user to enter the Partial Password and an ESPIN. An Additional Factor, e.g., a One-Time Password from a Shared Secret, is locked using the SPIN. The Partial Password and challenge unlock the Additional Factor. The method includes authenticating the identity using the unlocked Additional Factor. A system includes a server in communication with a client device, and a non-transitory memory device on which is recorded process instructions for authenticating the identity of a user of the client device. The server executes the instructions to thereby authenticate the identity of the user using the unlocked Additional Factor.08-25-2011
20110208963SECURED KVM SYSTEM HAVING REMOTE CONTROLLER-INDICATOR - Organizations often defend against security threats by physically isolate their internal classified networks from external networks attached to the internet. To enable easy user's access to several networks many organizations are using KVM (Keyboard Video Mouse) devices attached to multiple PCs or thin-clients, each attached to a different network. As KVMs may be abused by attackers to bridge or leak between isolated networks, Secure KVM typically used having isolated circuitry for each computer channel to reduce its vulnerability to leakages between channels. To enable remote installation of a KVM with isolated computers a remote Controller-Indicator is needed in order to present to the user the KVM front panel indications and to enable certain control functions. The current invention provides a KVM switch capable of providing secure remote extension of KVM control and indication functions. Another object of the present invention is to provide a KVM switch having secure remote extension of the complete user console with support of: remote keyboard, mouse, one or more displays, smart-card reader, audio devices, KVM control and KVM monitoring.08-25-2011
20090183003Authentication in data communication - Method of authenticating a client comprising the steps of sending a subscriber identity to an authentication server; obtaining at least one challenge and at least one first secret to the authentication server based on a client's secret specific to the client; forming first credentials; forming a first authentication key using the at least one first secret; encrypting the first credentials using the first authentication key; sending the at least one challenge and the encrypted first credentials to the client; forming an own version of the first authentication key at the client; decrypting the encrypted first credentials using the own version of the first authentication key. In the method, the encrypted credentials are sent together with the at least one challenge to the client so that the client can proceed authentication only if it can derive the first secret from the at least one challenge.07-16-2009
20090177886Storage Apparatus, Method for Validating Encrypted Content and Terminal Apparatus - A user can watch desired content among a plurality of encrypted contents recorded in a storage apparatus having a large capacity recording medium when the user wants to watch. Usage Pass (UP) necessary for watching content and encrypted content are recorded in a rental storage apparatus. The UP is in an invalid state when the storage apparatus is rented, and processing for validating the corresponding UP is executed between the storage apparatus and a host apparatus through which content is watched to thereby make content watchable. A history that processing for validating the UP is executed is recorded in the storage apparatus. A service provider bills a content use fee to the user based on the history of the storage apparatus.07-09-2009
20120084563Systems and methods for multi-factor remote user authentication - What is disclosed is a handheld multi-factor remote user authentication card device in the form factor of a prior art one factor of “what you have” security card. The handheld multifactor card-device has innovative features that enable this single card device itself to function and accomplish a multifactor remote user authentication of “what you know”, “what you have”, “where you are” and “what you are”, factors to a network. The authentication logic dynamically adjusts what factors are applicable for specific security application enabling a universal remote authentication card-device.04-05-2012
20090177885METHOD AND APPARATUS FOR ENCRYPTED AUTHENTICATION - A sink device including a first data processing unit and a second data processing unit authenticates the processing units, when turned on, to generate first authentication keys having the same data. When a data request is issued from the sink device to the source device, device authentication is made between the source device and the first data processing unit to generate second authentication keys having the same data. The source device encrypts an exchange key using the second authentication key, and sends the encrypted exchange key to the first data processing unit. The first data processing unit decrypts the encrypted exchange key using the second authentication key, encrypts the decrypted exchange key using the first authentication key, and sends the encrypted exchange key to the second data processing unit. The second data processing unit decrypts the encrypted exchange key using the first authentication key to obtain an exchange key.07-09-2009
20090259847Security protocols for hybrid peer-to-peer file sharing networks - In a hybrid peer-to-peer file sharing network including a receiver peer and a provider peer, the receiver sends the provider a ticket [10-15-2009
20090259848OUT OF BAND SYSTEM AND METHOD FOR AUTHENTICATION - A method and system for out of band authentication for ensuring a user is in possession of a device.10-15-2009
20090083542METHOD AND SYSTEM FOR CONTROLLED DISTRIBUTION OF APPLICATION CODE AND CONTENT DATA WITHIN A COMPUTER NETWORK - A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server's private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.03-26-2009
20110145576Secure method of data transmission and encryption and decryption system allowing such transmission - A secure transmission is performed between at least one sender and one recipient, a method of which includes: a step of authenticating the sender to a trusted network to request the encryption of the data; a step of encryption of the data by the trusted network with the aid of an encryption key; a step of slicing the encryption key into arbitrary blocks; a step of storing the blocks in a memory space; a step of generation of an index including the sequence of addresses of the blocks in the memory space; a step of delivery, by the trusted network, of the encrypted data and of the index to the sender; the encrypted data and the index being transmitted to the recipient via a network, the recipient being able to authenticate himself with the trusted network to provide it with the encrypted data and the index, the trusted network reconstructing the encryption key on the basis of the index to decrypt the encrypted data and restoring the decrypted data to the recipient.06-16-2011
20110145577System and Method for a Variable Key Ladder - A method and apparatus is described that may receive a data message and storing configuration data. The method and apparatus may also select between a first device key and a second device key depending upon the configuration data and decrypt at least a portion of the data message using a key ladder that includes the selected first or second device key.06-16-2011
20110145575Secure Bootstrapping Architecture Method Based on Password-Based Digest Authentication - The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.06-16-2011
20090063859CONTENT DISTRIBUTION SERVER AND CONTENT DISTRIBUTION SYSTEM USING THE SAME - The present invention relates to a content distribution server or the like, capable of more surely preventing an unauthorized use of a content. Content distribution servers 03-05-2009
20090055647Auxiliary display system, device and method - The present invention provides an auxiliary display system, device and method. The auxiliary display system includes a client and a server. The client includes an auxiliary display unit which further includes a security module. The server generates information to be shown in the auxiliary display unit, and uses a shared encryption key of the auxiliary display unit to encrypt the information. The security module uses the shared encryption key to verify validity of encrypted information from the server, and decrypts the encrypted information so that the decrypted information will be shown in the auxiliary display unit. The present invention can prevent from forging the auxiliary display information by malicious programs and provide users with reliable information display, and improve experience of the users.02-26-2009
20090055646DISTRIBUTED MANAGEMENT OF CRYPTO MODULE WHITE LISTS - An apparatus and method for managing the distribution and expansion of public keys held by a group or array of systems in white lists. The addition of a new system to the array entails a manual input to authorize the introduction of the new system to one trusted system in the array. After the introduction the new system is trusted by the one member and the white list of the one member is loaded into the white list of the new system. The new system then requests joining each of the other systems in the array. For each system in the array asked by the new system, the systems in the array ask if any other systems in the array already trust the new member. In response, a system of the array that trusts the new system responds by sending its white list (containing the public key of the new system) to the requesting system. Eventually the public key of the new system is in the white lists of all the systems in the array. In practice this trusts expansion occurs in the background with respect to running applications.02-26-2009
20120079272ONE-TIME USE AUTHORIZATION CODES WITH ENCRYPTED DATA PAYLOADS FOR USE WITH DIAGNOSTIC CONTENT SUPPORTED VIA ELECTRONIC COMMUNICATIONS - In one embodiment, a computing apparatus that receives respective unique identifiers corresponding to a machine and a diagnostic tool and a requested parameter setting for configuring a machine component residing in the machine, and provides an authorization code with a payload comprising the requested parameter setting, the payload encrypted based on the unique identifiers.03-29-2012
20110231660SYSTEMS AND METHODS FOR SECURELY STREAMING MEDIA CONTENT - Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.09-22-2011
20110231659Out-of-Band Session Key Information Exchange - A source device that plans to participate in one or more encrypted communication sessions with a destination device sends a discovery message towards the destination device. An intermediary device that processes this discovery message requests a master key from the source device. The source verifies that the intermediary device is a trusted device and then sends the intermediary device the requested master key. Prior to transmitting encrypted messages to the destination device, the source device sends session key information, encrypted using the master key, to the intermediary device. The intermediary device uses this session key information to decrypt and process encrypted messages sent as part of the encrypted communication session between the source device and the destination device.09-22-2011
20090204815System and method for wireless device based user authentication - An automated system and method for authenticating entities or individuals attempting to access a computer application, network, system or device using a wireless device is provided. The system employs one or more short-range wireless interfaces (e.g. BLUETOOTH or Wi-Fi) or long-range wireless interfaces (e.g. cellular or WiMAX) to detect the presence or location of the wireless device and it's proximity to the secure system to be accessed. The wireless device incorporates a unique identifier and secure authentication key information associated with the user of the wireless device. An authentication result is generated and may be used for a variety of applications. The application may process the result and determine the degree of access for which the entity or individual is allowed.08-13-2009
20090217037Method and Devices for Secure Measurements of Time-Based Distance Between Two Devices - In order to provide a secure measurement of Round Trip Time (RTT), the calculation of RTT and the authentication data are separated. A device A sends a message to device B to start the method. Both devices generate a random number and device A waits for device B to finish. Device A sends its random number to B, which answers with its own random number, and device A calculates the RTT. If the RTT is below a certain limit, device A then requires authentication data, which is calculated by device B and sent to device A that verifies the authentication data. The RTT can thus be securely calculated regardless of the calculating resources of device B. Alternate embodiments, a system and devices are also provided.08-27-2009
20120198233METHOD FOR RECALLING A MESSAGE AND DEVICES THEREOF - A method for recalling a message and a device thereof are provided, thereby efficiently satisfying a message recall demand, and improving a service quality of a message service. The method includes: sending a message recall request to a message receiving device, in which the message recall request carries a message identifier of the message to be recalled and a message authentication header field, and the message authentication header field includes an encryption algorithm and a random number generated by encrypting a random number for authenticating the message through the encryption algorithm, so that the message receiving device determines the message to be recalled according to the message ID and the message authentication header field, and disposes the message to be recalled according to a local policy and a delivery status of the message to be recalled; and receiving a message recall disposition result returned by the message receiving device.08-02-2012
20090222661Mechanism for securely ordered message exchange - In one embodiment, a mechanism for securely ordered message exchange is disclosed. In one embodiment, a method includes associating sequence numbers with each of a plurality of messages that are part of a transmission from a broadcaster to an intended recipient, and for each message of the plurality of messages, calculating a unique message authentication code (MAC) using as inputs the message, a shared secret key, and the associated sequence number. The method also includes sending to the intended recipient the plurality of messages each with the associated calculated MAC attached to the message.09-03-2009
20090222660Method and device for end-user verification of an electronic transaction - The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.09-03-2009
20090254747METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR PROVIDING E-TOKEN BASED ACCESS CONTROL FOR VIRTUAL WORLD SPACES - A method for providing e-token based access control to virtual world (VW) spaces includes intercepting a request from a first VW member to invite a second VW member to a VW space within a VW network, the request intercepted outside of the VW network. The access controls also include using a secret code associated with the first member to generate an e-token that includes an identifier of the second member and the space. The access controls further include sending the e-token inside the network. In response to a request for access to the space, the access controls include sending the e-token outside of the network for verification. Upon successful verification of the e-token, the access controls include accessing the network and controlling a guard bot inside the network to grant access for the second member to the space. The guard bot adds the second member to an access control list.10-08-2009
20090254746COMMUNICATION RELAY DEVICE, INFORMATION PROCESSING SYSTEM, CONTROL METHOD AND PROGRAM - A relay adapter, a method for processing communication data through use of a relay adapter, and a process for leasing the relay adapter to a user by a service provider. The relay adapter includes: an authentication information storage section that stores authentication information of the relay adapter; a power plug; a power socket; and a push switch within the power plug or power socket. The push switch may be depressed. The power plug is detected to be plugged into a power socket of the user. The power socket is connected to a control server by a power line carrying a power signal. Responsive to ascertaining that the push switch is not depressed, mutual authentication is enabled between the relay adapter and the control server. After the mutual authentication, communication data is relayed from an information processing device of the user to a service provider server via the control server.10-08-2009
20100275018SYSTEM AND METHOD FOR CONVERSION AND DISTRIBUTION OF GRAPHICAL OBJECTS - A system for converting a first digital representation of a graphical object defined in two dimensions, such as a floor plan of a building such as a house or an apartment, into a second digital representation of said graphical object, said second digital representation defined in three dimensions, said system comprising means for converting the first digital representation into a vector based representation by means of an computer implemented algorithm, and means for converting said vector based representation of the first digital representation into a three dimensional representation of the graphical object. Furthermore the invention relates to a system for secure administration and/or provision of protected data files in a computer network, such as the Internet or a local LAN, said computer network comprising at least one server and a plurality of clients. Finally the invention relates to a system that allows 310-28-2010
20120131343SERVER FOR SINGLE SIGN ON, DEVICE ACCESSING SERVER AND CONTROL METHOD THEREOF - Disclosed are a server, a device accessing the server and a control method thereof, the server for single sign on including: a storage unit which stores user information of a second device; and a controller which identifies a second device which is accessed by a same user as a user of a first device and which stores account information, if the first device requests the account information for a content provider. With this configuration, there are provided a server which shares account information for a content provider, a device accessing the server and a control method thereof.05-24-2012
20120131341METHOD AND SYSTEM FOR IMPROVING STORAGE SECURITY IN A CLOUD COMPUTING ENVIRONMENT - A method of improving storage security in a cloud environment includes interfacing a secure microcontroller with a storage controller associated with a client device in the cloud environment to authenticate a platform associated with the storage controller and registering the storage controller with an authentication server configured to be set up in the cloud environment. The method also includes authenticating the storage controller based on a communication protocol between the client device, the authentication server and the storage controller, and obtaining, at the client device, a signature data of the storage controller following the authentication thereof. The signature data is configured to be stored in the secure microcontroller interfaced with the storage controller.05-24-2012
20120131337DEVICE ARCHIVING OF PAST CLUSTER BINDING INFORMATION ON A BROADCAST ENCRYPTION-BASED NETWORK - Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content.05-24-2012
20090240940POSITION BASED ENHANCED SECURITY OF WIRELESS COMMUNICATIONS - The convenience of a wireless network is tempered by the concern that a rogue device can listen in on the wireless communications. Determining the position of the home device and other devices within range allows the user of the home device to choose the specific wireless devices with which to communicate. The distance to the other devices within wireless communications range is helpful and allows the user to sort between safe and unsafe or rogue devices. Distance can be determined by a variety of methods including use of trusted references, signal strength, and error rate. Once the safe device is selected, the system will then establish a communications path with that device.09-24-2009
20090164782METHOD AND APPARATUS FOR AUTHENTICATION OF SERVICE APPLICATION PROCESSES IN HIGH AVAILABILITY CLUSTERS - A method and communication node that for generate a unique service application process biometric identifier for a service application service application process requesting resources and services to another service application service application process in a High Availability (HA) cluster. The method and communication node further authenticate the requesting service application service application process using the unique service application process biometric identifier and thus allowing communication between the first service application process and the second service application process.06-25-2009
20090282245SECURITY METHOD AND SYSTEM FOR MEDIA PLAYBACK DEVICES - A Digital Rights Management (DRM) system for distribution of digital content such as audio or video uses a method to enhance security of the content from unauthorized access and use, including access by unauthorized players. The method does not necessarily require a token exchange and thereby minimizes storage demands on the server which distributes the digital content. The system generates and distributes keys for decryption of the digital content whereby the keys are unique to a specific player and user account.11-12-2009
20100161979PORTABLE ELECTRONIC ENTITY FOR SETTING UP SECURED VOICE OVER IP COMMUNICATION - A portable electronic entity includes an interface (06-24-2010
20100153723METHOD AND SYSTEM FOR ENCRYPTION OF DATA - A method for transmitting a message securely between two entities, a sender and a receiver remotely located from each other and a system for carrying out the method is disclosed. The method includes using an array containing numbers based on the infinite sequence of value of ‘pi’; selecting a pattern and tracing and extracting the selected pattern along the numbers in the array sequentially to form a decimal number string. The decimal string is partitioned and converted to binary which is used as a cipher for coding the message by XORing.06-17-2010
20100153722METHOD AND SYSTEM TO PROVE IDENTITY OF OWNER OF AN AVATAR IN VIRTUAL WORLD - The present application provides an method and system for verifying a user's identity within a virtual world environment. The verification is to be in real-time and avoids the possibility of providing credential (e.g., biometric information) that were previously authentication, by sending to the user a time-sensitive challenge and requiring the user to provide the requested credentials (e.g., biometric information) within a predetermined time period. Therefore, the present invention is best positioned for environments where trusted identification of a user is needed online to facilitate secure transactions.06-17-2010
20100153717Security device and building block functions - A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.06-17-2010
20120246473ENCRYPTION INFORMATION TRANSMITTING TERMINAL - The communication unit transmits and receives a communication message. The authentication processor performs an authentication process for establishing the network connection by transmitting and receiving an authentication message to and from an authentication server through the communication unit. The encryption information generator generates an encryption key shared with the authentication server when the authentication process is successfully completed. The first message generator generates a first communication message instructing the destination device to acquire the encryption key from the authentication server. The second message generator generates a second communication message including data to be transmitted to the destination device. The communication unit transmits the first communication message to the destination device, encrypts the second communication message with the encryption key, and transmits an encrypted second communication message to the destination device.09-27-2012
20120246475CENTRAL AND IMPLICIT CERTIFICATE MANAGEMENT - Facilitating management of digital certificates is addressed. More specifically, digital certificates as well as public and private keys can be stored in a centrally accessible location and dynamically acquired from the location as needed. Additionally, binding of digital certificates and associated keys can be implicit and determined as a function of a host name provided during protocol negotiation, for example.09-27-2012
20120246476MULTI-APPLICATION SMART CARD, AND SYSTEM AND METHOD FOR MULTI-APPLICATION MANAGEMENT OF SMART CARD - A multi-application smart card and a multi-application management system and method for the smart card are provided. The multi-application smart card comprises a management device for the application security domain, and the management device is use to manage and maintain the application security domains in the multi-application smart card, and the application security domains comprise a plurality of issuer application security domains which share the control right of the multi-application smart card. Optionally, the application security domains also comprise at least one cardholder application security domain which is subordinate to the issuer application security domain that creates the cardholder application security domain, and wherein the at least one cardholder application security domain is used to manage and maintain the applications created by the cardholder.09-27-2012
20120246480Method and Arrangement for Enabling Play-Out of Media - Methods and arrangements for enabling the use of a first device (09-27-2012
20100185859SOFTWARE UPDATE SYSTEM, MANAGEMENT APPARATUS, RECORDING MEDIUM, AND INTEGRATED CIRCUIT - An update server 07-22-2010
20100180115METHOD AND SYSTEM FOR DETECTING SUCCESSFUL AUTHENTICATION OF MULTIPLE PORTS IN A TIME-BASED ROVING ARCHITECTURE - In one embodiment of the present invention, a method includes authenticating an HDCP transmitting device at a first port of an HDCP receiving device. A port of the HDCP receiving device is connected to a pipe of an HDCP architecture of the HDCP receiving device at a first time. A synchronization signal is received from the HDCP transmitting device at the port of the HDCP receiving device at a second time. A loss of synchronization between the HDCP transmitting device and the HDCP receiving device is detected when the time-span between the first time and the second time is not greater than the period of time between synchronization signals sent from the HDCP transmitting device. A re-authentication is initiated between the HDCP transmitting device and the HDCP receiving device in response to detecting the loss of synchronization.07-15-2010
20100161985Methods and Systems for Protecting Media Content - Various embodiments provide methods and systems that utilize a protocol which enables media content protection by establishing a secure communication channel and, in some embodiments, a secure data channel, between a device such as a computing device running a protected content playback application, and a downstream component such as an associated driver, such as a graphics driver, of an associated display device such as a monitor, flat panel LCD, television and the like.06-24-2010
20100161981STORAGE COMMUNITIES OF INTEREST USING CRYPTOGRAPHIC SPLITTING - Methods and systems of managing access to data in a secure data storage network are disclosed. One such method includes associating a storage resource with a community of interest, the community of interest associated with a workgroup key providing access to a virtual disk, the virtual disk allowing access to a volume comprising a plurality of shares stored on a plurality of physical storage devices. The method also includes, upon determining a user of a client device is a member of the community of interest, providing access to the storage resource to the user, whereby the storage resource is associated with the workgroup key.06-24-2010
20100185857REMOVABLE SECURITY MODULES AND RELATED METHODS - Example removable security modules for use with process control devices and related methods are disclosed. An example removable security module includes a body configured to be removably coupled to the process control device and a memory disposed in the body with a shared secret stored in the memory. The example removable security module also includes a processing unit disposed in the body, coupled to the memory and configured to read information from the process control device, compare the information to the shared secret and authenticate the process control device based on the comparison.07-22-2010
20100262824System and Method for Software Protection and Secure Software Distribution - The various embodiments of the present invention provide a secure software distribution and execution method. According to the method, a server receives software from service provider for downloading to a client and identifies the sections for encoding. APIs are inserted in the identified sections. A unique ID is created based on the identity of the each client to generate an encryption algorithm, decryption key and decryption algorithm. The identified sections are encrypted with the generated encryption algorithm. The encrypted application along with encryption algorithm, decryption key and decryption algorithm are downloaded to the driver of the client machine. The API makes call to the driver by sending the encrypted segment when the encrypted portion is reached during the execution of software in the client machine so that the driver decrypts the encoded portion using the received key and the decryption algorithm to enable the continuous execution of the downloaded software.10-14-2010
20100191965VERIFICATION OF SYSTEM INFORMATION IN WIRELESS COMMUNICATION SYSTEM - The present invention relates to a method for communicating between a network and a mobile terminal. The method comprises possessing at least one configuration parameter, and transmitting a message to the network, wherein the message includes information for verifying the authenticity of the at least one configuration parameter to the network, and wherein the information for verifying the authenticity of the at least one configuration parameter is calculated using an integrity key.07-29-2010
20100191966Method for checking the integrity of data, system and mobile terminal - The invention relates to a method for checking the integrity of a message transmitted between a sender in a transmitting end and a recipient in a receiving end, in which method an authentication value is calculated for the first message and a random string is generated.07-29-2010
20100191964COMMUNICATIONS METHODS AND APPARATUS FOR USE IN COMMUNICATING WITH COMMUNICATIONS PEERS - Methods and apparatus related to the determination of the trustworthiness of information communicated in a message and/or the exchange of trust information are described. Various described methods and apparatus are well suited to peer to peer wireless communications in an ad-hoc network. At a given time, a communications device may have a trust relationship with a first set of devices. A first communications device determines trustworthiness of a received message from a second device, which is not a member of the first set of devices, based on information received from a third device which is a member of the first set of devices. The first communications device makes an informed decision as to whether or not to act upon the first message based upon its trustworthiness determination.07-29-2010
20100191963Method for transmission of dhcp messages - The invention describes a method for transmission of a DHCP message between a telecommunication network, especially a telecommunication network according to the WiMAX-standard, and an Internet Protocol (IP) subscriber (SS/MS; MN) to the telecommunication network. Therein, an information secured with an encryption key is added to the DHCP message. The encryption key is derived from a basic key being provided by a network component of the telecommunication network.07-29-2010
20100153720MOBILE SYSTEM, SERVICE SYSTEM, AND SERVICE PROVIDING METHOD TO SECURELY TRANSMIT PRIVATE INFORMATION FOR USE IN SERVICE - A mobile system, a service system, and a service providing method for securely transmitting private information for use in a service are provided. The mobile system maintains at least one user data and identification data with respect to the user data used for processing at least one service, sets a session key for the service system, and encrypts service data identified based on the identification data to transmit to the service system.06-17-2010
20100228978Terminal Device, System, Connection Management Server, and Computer Readable Medium - A second terminal device is used in a system including a connection management server, a first terminal device, and the second terminal device. The second terminal device includes: a local address obtaining unit configured to obtain a first local IP address and first authentication information of the first terminal device from the connection management server, if a first global IP address matches a second global IP address; a determination unit configured to determine, by using of the obtained first authentication information, whether a first particular terminal device with which the second terminal device can communicate by use of the first local IP address is the first terminal device; and a target data communication unit configured to communicate first data with the first terminal device by using the first local IP address, if the first particular terminal device is determined to be the first terminal device.09-09-2010
20100228975METHOD, SYSTEM AND SOFTWARE PRODUCT FOR TRANSFERRING CONTENT TO A REMOTE DEVICE - The present invention relates to a method for transferring content to a device, the method including the steps of: receiving a request for content from the device; delivering a uniquely identifiable, ephemeral player to the device; and transferring content to the device, for presentation on the device by the player. The invention has particular application to digital rights management in respect of the distribution of audiovisual content such as film and television programs, advertisements and live event broadcasts over communication networks such as the Internet.09-09-2010
20100217980Communication Control System, Mobile Communication Terminal and Computer Program - In order to reduce the registration time of a Mobile IP/Simple IP and an SIP, an AAA (08-26-2010
20100217979System and Method for Providing Certified Proof of Delivery Receipts for Electronic Mail - The present disclosure provides a system and method for certifying the delivery of electronic mail messages. In one embodiment, the sender contacts a proof-of-delivery-request creation server which receives the message the sender would like to obtain a proof-of-delivery for, generates a processed message and a proof-of-delivery-request, and returns both to the sender. The sender then uses his regular email infrastructure to transmit to the recipient the processed message and the proof-of-delivery-request as a single email. Upon receiving the sender's email, the recipient contacts a proof-of-delivery-request processing server operated by a trusted-third-party and sends it the proof-of-delivery-request. Said server processes the proof-of-delivery-request, notifies the sender that the recipient has received the message and provides the recipient with information usable for extracting the original message from the processed message.08-26-2010
20100250935Systems and Methods for Secure Transaction Management and Electronic Rights Protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”09-30-2010
20100161984SECURE MESSAGE SYSTEM WITH REMOTE DECRYPTION SERVICE - Systems and methods for secure messaging are provided. A sender may encrypt content and send the encrypted content to a recipient over a communications network. The encrypted content may be decrypted for the recipient using a remote decryption service. Encrypted message content may be placed into a markup language form. Encrypted content may be incorporated into the form as a hidden form element. Form elements for collecting recipient credential information such as username and password information may also be incorporated into the form. At the recipient, the recipient may use the form to provide recipient credential information to the remote decryption service. The recipient may also use the form to upload the encrypted content from the form to the decryption service. The decryption service may provide the recipient with access to a decrypted version of the uploaded content over the communications network.06-24-2010
20100228973ELECTRONIC DATA COMMUNICATION SYSTEM - There is described a key server which is connected to a local area network, and an encryption authority transfers private keys for clients of the local area network to the key server. In an embodiment, the key server encrypts outgoing emails using public keys for the recipients and decrypts internal emails using private keys for the recipients. In another embodiment, the clients of the local area network download their respective private keys from the key server so that encryption operations may be performed by client software.09-09-2010
20100235637Method of Preventing Web Browser Extensions from Hijacking User Information - The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser.09-16-2010
20100241857AUTHENTICATION METHOD, AUTHENTICATION SYSTEM, IN-VEHICLE DEVICE, AND AUTHENTICATION APPARATUS - An authentication system is configured such that: an in-vehicle device generates an authentication key, and displays on a display unit, a two-dimensional code including the generated authentication key and a URL indicating a predetermined WEB page on a network; and a portable terminal device acquires the authentication key and the URL from the two-dimensional code by reading the two-dimensional code via an imaging unit, downloads a communication program for communicating with the in-vehicle device from the WEB page indicated by the URL, and transmits the authentication key to the in-vehicle device by causing the downloaded communication program to operate.09-23-2010
20100241855Systems and Methods for Secure Execution of Code Using a Hardware Protection Module - Systems and methods for securely executing digital rights management software comprising content code are described. One method comprises receiving encrypted multimedia content and content code from a storage medium by a host processor, wherein the content code provides restricted content distribution by examining an environment in which a player application resides. Based on functions defined within the content code, the host processor partitions the content code into portions. Based on whether the functions corresponding to the portions are related to computations involving confidential data, commands and parameters related to the portions of the content code are generated and forwarded to a secure processor for decrypting the encrypted multimedia content.09-23-2010
20100241854Method and apparatus for low-power ap-assisted fast wireless roaming using optimized neighbor graphs - An embodiment of the present invention provides a method, comprising using optimized neighbor graphs for low-power access point assisted fast wireless roaming by a wireless station (STA) operating in a wireless network.09-23-2010
20100241853SYSTEM AND METHOD FOR GENERATING A PLAINTEXT / CYPHERTEXT DATABASE FOR USE IN DEVICE AUTHENTICATION - Plaintext/cyphertext pairs are generated for use in authenticating a device. The device performs a secure authentication algorithm on a secure authentication image file and a received plaintext challenge, and outputs a cyphertext response. If the cyphertext response matches a pre-stored cyphertext string associated with the plaintext challenge, then the device is authenticated. A master processor manages the generation of the plaintext/cyphertext pairs. Plaintext challenges are generated in the master processor using a binary counter and an n-bit key. Each plaintext challenge is transmitted to a first processor and a second processor. The first processor executes the secure authentication algorithm on each plaintext challenge and outputs a cyphertext response associated with each plaintext challenge. The second processor executes the secure authentication algorithm on each plaintext challenge and outputs a second cyphertext response associated with each plaintext challenge. The master processor receives the first and second cyphertext responses for each plaintext challenge. If the first cyphertext response matches the second cyphertext response, then the master processor stores each plaintext challenge and the associated cyphertext response as a vector pair in a database.09-23-2010
20100235639INFORMATION PROCESSING APPARATUS, COMMUNICATION SYSTEM, METHOD OF CONTROLLING THEM, AND STORAGE MEDIUM - An information processing apparatus connected to a network via a network interface device and capable of performing encrypted communication with an external apparatus on the network. When the information processing apparatus is operating in a normal power mode, a sleep control module thereof detects whether a condition under which the apparatus shifts to an energy saving mode in which power consumption is smaller than in the normal power mode is satisfied. When the condition is detected to be satisfied, a proxy response registration module of the apparatus instructs an IPSec module of the same to request the external apparatus not to perform encrypted communication.09-16-2010
20100211782TRUSTED CLOUD COMPUTING AND SERVICES FRAMEWORK - A digital escrow pattern is provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially (encrypted) to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber.08-19-2010
20100228976METHOD AND APPARATUS FOR PROVIDING SECURED NETWORK ROBOT SERVICES - At least one client robot in a domain are connected to a domain security management unit and a root security management unit is connected to at least one external server outside the domain and the domain security management unit via a network. A method for providing secured network robot services includes generating, at the domain security management unit, a shared key between the client robot and the external server when the client robot requests key distribution; generating, at the domain security management unit, a key distribution request message containing the shared key; and transmitting, at the domain security management unit, the key distribution request message to the external server.09-09-2010
20100228979Terminal Device, System and Computer Readable Medium - A second terminal device is used in a system including a server, a first terminal device, and the second terminal device. The second terminal device includes: a first command transmission unit configured to transmit a first command to the first terminal device via the server; a storage control unit configured to hold a first address and first authentication information of the first terminal device; a second command transmission unit configured to transmit a second command to the first address; a determination unit configured to determine whether a terminal device as a destination of the second command is the first terminal device, by using first response data from the terminal device and the first authentication information; and a third command transmission unit configured to transmit a third command to the first address if the terminal device is determined to be the first terminal device.09-09-2010
20100228977Communications Hub for Use in Life Critical Network - Secured communications between patient portable communicators (PPC) and a central authority (CA) via an unsecured network are implemented using software implemented by a communications device. The communications device provides for detecting, using a multiplicity of disparate communication protocols, presence of entities requesting a network connection and determining whether or not each of the entities is a PPC, establishing, only for the entities determined to be PPCs, a connection to the CA via the unsecured network using the disparate communication protocols, authenticating only the PPCs to the CA, and facilitating communication of PPC data between the PPCs and the CA via the communications device and the unsecured network upon successful PPC authentication. The PPC data comprises at least some patient implantable medical device data acquired by the PPCs.09-09-2010
20100228974VLAN TAGGING OVER IPSec TUNNELS - In accordance with a nonlimiting example, a network device transfers communications data along a communications channel within an Internet Protocol (IP) network. A communications module includes a signal input connected to the communications channel of the IP network and receives an Ethernet packet having an Ethernet header and IP data. A processor is coupled to the communications module and processes the Ethernet packet. It removes the Ethernet header and adds Virtual Local Area Network (VLAN) tagging information to a padding section in the packet. In one aspect, the processor includes an encryption module that encrypts the VLAN tagging information along with the IP data. The network device includes a signal output through which the packet is transferred to a destination within the IP network over the communications channel as an IPSec tunnel.09-09-2010
20100217984METHODS AND APPARATUS FOR ENCRYPTING AND DECRYPTING EMAIL MESSAGES - An e-mail encryption method the sender embeds commands and optionally, parameters relating to the commands in an e-mail message. A domain suffix associated with an encryption e-mail server is appended to the recipient e-mail address before sending the e-mail message. The e-mail message is sent and delivered to the encryption e-mail server. The encryption e-mail server parses the e-mail message and executes any commands, optionally executing the commands based on submitted parameters. The encryption e-mail server encrypts the message and forwards the encryption message, or alternatively, a link to a memory location in the encryption email server where the encryption e-mail message is stored. The recipient receives an email notifying them of the encrypted message. The recipient is prompted for a password. The password is validated. If valid and no limits on the e-mail are exceeded, the contents of the encrypted e-mail message are decrypted and displayed for the recipient.08-26-2010
20100217983Archive system, management apparatus, and control method - A user terminal reads out an encrypted content that is an authentication target from an encrypted content memory medium that stores the encrypted content in association with management information, assigns data forming the read encrypted content to the same hash function as that of a management apparatus, and computes a first hash value. The management apparatus acquires the computed first hash value and management information from the user terminal, reads out, from a management information memory unit that stores a second hash value that is a hash value previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function in association with the management information, the corresponding second hash value by using the acquired management information as a retrieval key, authenticates whether the acquired first hash value and the second hash value are identical to each other, and permits a decryption process when the authentication result is an authentication success indicating that the first hash value and the second hash value are identical to each other.08-26-2010
20100217981METHOD AND APPARATUS FOR PERFORMING SECURITY COMMUNICATION - Provided is a method of performing secured communication. In the method, a secured communication request for performing secured communication is received from the second device, a security key required for the secured communication is randomly generated and output, and a plurality of pieces of data encrypted using the security key are transmitted and received to and from the second device.08-26-2010
20100217978Method for sharing secret information among cooperating parties - A method and system for distributing a secret to a plurality of computing systems. In one embodiment, the method determines the number (n) of shares to generate and a threshold number (k) of the shares from which the secret can be reconstructed. The method further chooses n coprime random bit strings in any one of general rings as moduli, the general rings including one or more non-integer rings. The secret is then embedded in a bit string which is at least one bit longer than the product of any k−1 moduli and at least one bit shorter than the product of any k moduli. The method further computes shares of the bit string for distribution to n computing systems, each share including one of the moduli and a corresponding remainder.08-26-2010
20100235635Methods, Systems And Computer Program Products For Authenticating Computer Processing Devices And Transferring Both Encrypted And Unencrypted Data Therebetween - Methods for transferring a set of data from a first processing device to a second processing device are provided. Pursuant to these methods a secure shell (“SSH”) authentication is performed to authenticate a first user that is logged onto the first processing device to a second user that is logged onto the second processing device. The set of data is divided into a first data subset and a second data subset. The first data subset is encrypted to provide an encrypted data set. The encrypted data set is transferred from the first processing device to the second processing device. The second data subset is also transferred from the first processing device to the second processing device, but without encrypting the second data subset. Related data transfer systems and computer program products are also provided.09-16-2010
20100235636Method for delivering web content and applications to the user via email or other communication channels - A method of enabling enriched content of an electronic message including embedding instructions within the electronic message for rendering the content of the message correctly on a recipient system. That may be protected by a firewall, anti virus or anti-spam program, the method comprising the steps of transforming the message content including the embedded instructions into data, in accordance with an algorithm; transmitting the data to the recipient system; receiving the data by recipient system, inverse transforming the data to regenerate the message and the embedded instructions, and executing the embedded instructions to correctly display the enriched content.09-16-2010
20100250933COMMUNICATION APPARATUS - A communication apparatus including: a communication module configured to establish communication with a counterpart device and receive and transmit a content from and to the counterpart device; a storage configured to store the content; a first processor configured to perform decryption and encryption on the content using a first key that is unique to the communication apparatus; a second processor configured to perform decryption and encryption on the content using a second key that is unique to the content; and a controller configured to control the second processor to perform the encryption on the content stored in the storage when transmitting the content to the counterpart device, and to control the first processor to perform the encryption on the content received from the counterpart device and decrypted by the second processor when storing the content in the storage.09-30-2010
20100241856COMMUNICATION DEVICES AND METHODS - A communication device, method and network are provided. The communication method comprises generating a first registration packet including first bio data, sending the first registration packet to a network, generating a content packet having second bio data and content data and sending the content packet to the network. The other communication method comprises receiving a first registration packet including first bio data, storing the first bio data together with a device identification, receiving a content packet including second bio data, extracting the second bio data from the content packet, comparing the first bio data with the second bio data and authorizing communication when the first bio data matches the second bio data.09-23-2010
20100235638IDENTIFICATION AND AUTHENTICATION OF DEVICES IN A NETWORK - A method of distributing a network access key to devices in a network comprises the steps of generating a network access key, and generating a plurality of distinct key shares for the network access key. A device requires a predetermined number of distinct key shares to generate the network access key. Key shares are distributed to devices in the network, such that at least one device receives a plurality of distinct key shares.09-16-2010
20100235634SECURITY CONSIDERATIONS FOR THE LTE OF UMTS - A method for providing message protection includes generating a ciphered message based upon a first counter, a message, and a ciphering key. The method further includes generating an unciphered message authentication code (MAC) based upon the first counter, an integrity protection key, and either the message or the ciphered message, and transmitting security protected data, which includes the MAC and the ciphered message, over a transmission medium.09-16-2010
20100211784METHOD FOR ACCESSING A PORTABLE DEVICE, CORRESPONDING PORTABLE DEVICE, HOST DEVICE AND SYSTEM - The invention relates to a method for accessing a portable device, the portable device being connected to a host device. According to the invention, the host device, as a client, opens a communication channel to the portable device, as a server, according to a first network communication protocol, and the portable device, as a client, uses the communication channel to transport data to the host device, as a server, according to a second network communication protocol, without the implementation of any complex infrastructure. The invention relates also to a corresponding system for accessing a portable device, a corresponding portable device accessible from outside and a corresponding host device for accessing a portable device.08-19-2010
20100211785SYSTEM AND METHOD FOR AUTOMATIC WIRELESS CONNECTION BETWEEN A PORTABLE TERMINAL AND A DIGITAL DEVICE - A method and system are provided for automatic wireless connection to a digital device in a portable terminal, wherein information about the portable terminal is acquired. The information about the portable terminal is commonly used for automatic wireless connection to the digital device. A state of a Wireless Local Area Network (WLAN) is checked and activated, and the WLAN is set to an Ad-hoc mode. A Service Set Identifier (SSID) of the WLAN is set using the acquired portable terminal information, a security key of the WLAN is set using the acquired portable terminal information, and an Internet Protocol (IP) address of the WLAN is automatically set using the acquired portable terminal information.08-19-2010
20100250932METHOD AND APPARATUS FOR SIMULATING A WORKFLOW AND ANALYZING THE BEHAVIOR OF INFORMATION ASSURANCE ATTRIBUTES THROUGH A DATA PROVIDENCE ARCHITECTURE - A method and apparatus that simulates a workflow and analyzes the behavior of information assurance attributes through a data providence architecture is disclosed. The method may include injecting one or more faults into a simulated workflow, receiving a message in the simulated workflow having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, analyzing the calculated degree of trust with respect to the one or more injected faults and the information assurance attributes, and outputting the analysis to a user.09-30-2010
20100250931DECRYPTION OF ELECTRONIC COMMUNICATION IN AN ELECTRONIC DISCOVERY ENTERPRISE SYSTEM - Apparatus, methods and computer program products are described herein for automatically decrypting electronic communication that is harvested from custodians in an enterprise-wide electronic discovery system. Automatic decryption provides for electronic communication that is encrypted to be decrypted, even in instances in which the system is not provided the password and/or decryption key(s) from the encrypting custodian. The automatic decryption process, which ensues prior to delivering data to the third party data analysis provider or the requesting party, allows for data that may otherwise be unavailable or incomprehensible to the third party or requester to be readily accessible. Thus, decryption of such data in a relatively efficient and automated manner is highly beneficial.09-30-2010
20090292918AUTHENTICATION SYSTEM AND AUTHENTICATION DEVICE - An authentication system is provided with a server device for generating a random number used for authentication and check data obtained by encrypting the random number using an encryption key, an authentication device for authenticating a device to be authenticated by transmitting the random number transmitted from the server device to the device to be authenticated and comparing reply data transmitted from the device to be authenticated with check data transmitted from the server device, and the device to be authenticated for encrypting the random number transmitted from the authentication device using the encryption key and transmitting the encrypted random number as reply data.11-26-2009
20100217982METHOD AND SYSTEM FOR REGISTERING A PRESENCE USER WITH A PRESENCE SERVICE - A method, performed by a registrar of a presence service, for registering a user with a presence service. The method entails negotiating a key with a client device operated by the user in order to establish an encrypted communications channel between the client device and the registrar via a proxy node, authenticating the user by exchanging messages through the encrypted communications channel and through a separate e-mail channel, binding a universally unique identifier identifying the user with one particular function node that is interposed between the proxy node and a publish-subscribe subsystem of the presence service and creating a user profile for the user and storing the user profile in a persistent data store.08-26-2010
20100211783 Method And System Of Transferring Electronic Messages - The invention relates to a method and system of transferring internet electronic messages (e-mails). The method comprises the steps of creating a first e-mail by sender's mail user agent (08-19-2010
20100211781TRUSTED CLOUD COMPUTING AND SERVICES FRAMEWORK - A digital escrow pattern is provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially (encrypted) to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber.08-19-2010
20100211779Identity Based Authenticated Key Agreement Protocol - A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is sent to the second party, the first random key component being encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted random key component pair is received from the second party, the random key component pair being formed from the first random key component and a second random key component computed at the second party, and encrypted at the second party using a public key of the first party in accordance with the identity based encryption operation. The second random key component, in encrypted form, is sent to the second party, the second random key component being encrypted using the public key of the second party. A key for use in subsequent communications between the first party and the second party is computable at the first party based on the second random key component. The key may be computed at the second party based on the first random key component.08-19-2010
20100250934CONTENT PROTECTION DEVICE AND CONTENT PROTECTION METHOD - According to one embodiment, a content protection device includes a writing module configured to write protection information into file management information item in order to protect a content which is specified to be protected, wherein the writing module is configured to write the protection information corresponding to sectors which stores content key management information file includes content key link information item includes content key position information item of encrypted content key corresponding to content which is specified to be protected, or to write protection information corresponding to at least part of a sectors which stores content key management file includes encrypted content key corresponding to content which is specified to be protected.09-30-2010
20100250930METHOD AND APPARATUS FOR PROTECTING THE ROUTING OF DATA PACKETS - A method and apparatus for protecting the routing of data packets in a packet data network. When a first end-host sends an address query to a DNS server system regarding a second end-host, the DNS server system responds by providing a destination parameter containing an encrypted destination address associated with the second end-host. Thereby, the first end-host is able to get across data packets to the second end-host by attaching the destination parameter to each transmitted data packet. A router in the packet data network admits a received packet if a destination parameter is attached to the pocket including a valid destination address encrypted by a key dependent on a distributed master encryption key. Otherwise, the router discards the packet if no such valid destination address can be derived from the packet by applying decryption to the destination parameter.09-30-2010
20100250929METHOD AND APPARATUS FOR EMAIL COMMUNICATION - According to a first aspect of the present invention there is provided a method of verifying to a recipient of an email that a sender of the email possesses a mobile telecommunications device associated with a specific telephone number. The method comprises at the sender, sending an identifier of the email content and the telephone number to a server via the Internet (A09-30-2010
20120144194Service providing client, wireless terminal and method for implementing binding - The disclosure discloses a service providing client, a wireless terminal and a method for implementing binding. The service providing client comprises a transmission module, which is configured to transmit authentication information to the wireless terminal (06-07-2012
20120144196System and Method for Secure Control of Resources of Wireless Mobile Communication Devices - Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.06-07-2012
20080276087Peripheral Device for Programmable Logic Controller - The invention aims to provide, in order to prevent dishonest operations associated with leakage of authentication data, and leakage of data that is information assets, a peripheral device for a programmable logic controller, that does not require to give out the content of data and authentication data to a user of the peripheral device.11-06-2008
20090249068CONTENT PROTECTION INFORMATION USING FAMILY OF QUADRATIC MULTIVARIATE POLYNOMIAL MAPS - A computer based method and apparatus to tie content protection information to recipient devices via a family of deterministic permutations of quadratic multivariate polynomial maps used for computing an HMAC (Hash Message Authentication Code) or a signed digest. This allows digital rights management (DRM) systems to customize the protection information (such as an HMAC or signed digest) for audio and video content, whereby such protection information for a piece of content differs for different recipient devices or for types of recipient devices.10-01-2009
20100138656Shielding a Sensitive File - Embodiments of the invention provide for shielding a sensitive file on a computer that can connect to a server computer via a network. The computer may determine whether it complies with security compliance requirements sent from another computer or not in response to a read instruction or a write instruction of the sensitive file by application software, and encrypt the sensitive file with an encryption key.06-03-2010
20100161983DIGITAL CONTENTS REPRODUCING TERMINAL AND DIGITAL CONTENTS TRANSMISSION/RECEPTION METHOD THEREOF - A terminal for reproducing a digital content in support of transmitting/receiving the digital content to/from another terminal includes: an encryption unit configured to encrypt the digital content to produce encrypted digital content; a use scope determining unit configured to determine a use scope of a target terminal to which the digital content is to be transmitted; a personal-use authentication information generation unit configured to transform encryption information of the digital content according to a determination result of the use scope determining unit and generate personal-use authentication information; and a communication unit configured to transmit the encrypted digital content and the personal-use authentication information to the target terminal.06-24-2010
20100049976ADAPTIVE DATA VERIFICATION FOR RESOURCE-CONSTRAINED SYSTEMS - A system and method for adaptively verifying data in resource constrain systems. The adaptive data verification mechanism employs the proper mode of verification adaptively to balance cost/performance requirements plus security requirements. The algorithm uses a belief level for the validity of a received message, and assigns the belief level to a scale between a bona fide message at one end of the scale and a malicious message at an opposite end of the scale. Depending where on the scale the belief level falls determines which validation mode will be used to authenticate the message. In an alternate embodiment, the belief level relative to a scale and the amount of data waiting to be processed in a buffer are both used to determine which mode will be used to validate the message.02-25-2010
20100049975Method and apparatus for secure online transactions - Phishing attacks succeed by exploiting a user's inability to distinguish legitimate websites from spoofed websites. Most prior work focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process enhances security and eliminates many forms of fraud. We disclose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.02-25-2010
20120036361METHOD AND SYSTEM FOR ESTABLISHING A SERVICE RELATIONSHIP BETWEEN A MOBILE COMMUNICATION DEVICE AND A MOBILE DATA SERVER FOR CONNECTING TO A WIRELESS NETWORK - A method and system for establishing a service relationship between a mobile communication device and a mobile data server for connecting to a wireless network are disclosed. In accordance with one embodiment, an Internet browser receives a request to establish a service relationship between a mobile communication device and a mobile data server. A device identifier and device capability data is received from the mobile communication device. Service data for the mobile communication device is received from a mobile data administration server in accordance with the device identifier and device capability data, which is then stored in a memory of the mobile communication device.02-09-2012
20100205437Protection method and device for a mobile IPV6 fast handover - A protection method for a mobile IPv6 fast handover is provided, which includes the following steps: generating a fast-handover signaling protection key by using a key which is shared with a network side device; generating an authentication code according to the protection key; adding the authentication code to the fast-handover signaling and transmitting the fast-handover signaling to a router. A protection device for a mobile IPv6 fast handover is also provided. By using the method, the shared key between the mobile node and the network side device is used to derive the fast-handover signaling protection key to protect the fast-handover signaling, which solves the security problem of the fast-handover message during a mobile IPv6 fast handover, decreases overhead during storing and calculating regarding the mobile node, and can be used to protect the downward fast-handover signaling of the SeND protocol that cannot be supported by the mobile node.08-12-2010
20100088513NETWORK SECURITY METHOD - This invention provides a method for allowing the recipient of a message 04-08-2010
20090282246Method and system for continuously transmitting encrypted data of a broadcast service to a mobile terminal - In service access networks having different key hierarchies that provide broadcast service to a mobile terminal, when switching from a first service access network, from which the mobile terminal receives the data of the broadcast service in an encrypted manner by a first data content encryption key, to a second service access network, from which the mobile terminal receives the data of the same broadcast service in an encrypted manner by a second data content encryption key, the mobile terminal receives a key of the hierarchy of the second service access network which is encrypted by a user-specific key of the first service access network.11-12-2009
20090327721Method and Apparatuses for Securing Communications Between a User Terminal and a SIP Proxy Using IPSEC Security Association - A method and user terminal for securing communications between the user terminal and a SIP proxy. The user terminal performs a full authentication procedure with a first SIP proxy to generate an IPSec Security Association, wherein signaling is exchanged between the user terminal and a home network. In response to a change of location of the user terminal or to a handover of the user terminal to a second SIP proxy, a local re-authentication of the user terminal is performed at the first SIP proxy, or at the second SIP proxy in the case of a handover, based upon the pre-existing Security Association in order to establish a new Security Association.12-31-2009
20090327717SYSTEM, METHOD, AND SERVICE FOR TRACING TRAITORS FROM CONTENT PROTECTION CIRCUMVENTION DEVICES - A traitor tracing system generates a hypothesized model of the circumvention device that models a hypothesized set of device keys compromised by the circumvention device. The system iteratively invokes a subset tracing system to identify a compromised device key until substantially all the compromised device keys in the set of compromised device keys are identified so as to disable the circumvention device. A subset tracing system generates a circumvention device model that models behavior of a circumvention device using prior knowledge and The system iteratively selects and applies to the circumvention device a test based on the hypothesized model and the circumvention device model and receives a response from the circumvention device indicating a success of the test in playing protected content on the circumvention device. The system updates the hypothesized model using the received response, the selected test, a current version of the hypothesized model, and a current version of the circumvention device model to focus the test selecting process in determining the device keys obtained from the traitor.12-31-2009
20100268946SYSTEM AND METHOD FOR GENERATING SECURED AUTHENTICATION IMAGE FILES FOR USE IN DEVICE AUTHENTICATION - A secure authentication image file is generated for use in authenticating a device. The device performs a secure authentication algorithm on the secure authentication image file and a received plaintext challenge, and outputs a cyphertext response. If the cyphertext response matches a pre-stored cyphertext string associated with the plaintext challenge, then the device is authenticated. The secure authentication image file is pre-generated in a secure environment. A plurality of key address locations are reserved in a raw memory image file. A key merger application merges the secure key data into the raw memory image file to generate a secure authentication image file. A test set of plaintext/cyphertext pairs are generated using the newly created secure authentication image file. To maintain security of the secure authentication image file, the secure key data and the raw memory image file are erased from a working memory. The test set of plaintext/cyphertext pairs are used to verify a production device containing the secure authentication image file.10-21-2010
20090276625HIERARCHICAL BROWSING MANAGEMENT METHOD AND SYSTEM FOR DIGITAL CONTENT - A hierarchical browsing management method and system for a digital content are described, in which a client decrypts a part of an encrypted content corresponding to an user permission of the client according to a different decryption key. The hierarchical browsing management method includes the following steps. A document fetching unit fetches a digital content, and then loads and stores the digital content to a document server. A client sends a request for transferring the digital content to another client to the document server. A key server executes a content encryption procedure, assigns a corresponding user permission to each content object, and generates encrypted objects. The content encryption procedure is executed to generate encrypted objects and a corresponding encrypted content according to the corresponding user permission assigned to each content object. The client receives the encrypted content, executes a decryption procedure for the encrypted objects, and outputs a decrypted content.11-05-2009
20090327723SECURE TRANSFER OF DIGITAL OBJECTS - Transferring a digital object, comprising: receiving a digital object; validating the received digital object according to predefined rules; building a description of the validated digital object; providing access to the description to select the validated, described digital object for transfer; and transferring the validated, described digital object.12-31-2009
20090327722Transient Protection Key Derivation in a Computing Device - A computing device is arranged to use any possible permutation of methods available to it to authenticate a user, without needing to persistently store any unencrypted data that can be used in authentication, such data only ever being held in transient memory. A user of the device is provided with their own unique common protection key (CPK) which can be used to guard or encrypt sensitive data and functionality. Each authentication method is guaranteed to return a unique consistent identification sequence (CIS) each time it is employed by any specific user. When a user registers on the device, the CIS from each authentication method is used to generate a key which in turn is used to encrypt the CPK; this E(CPK) is then stored in a table indexed by user and authentication method. Neither the CPK nor any CIS are ever kept on the device except in transient memory. When authentication is sought, the CIS for each requested method is obtained and is used to regenerate the key that can be used to decrypt the E(CPK). All the CPKs thus decrypted must match for authentication to be granted.12-31-2009
20110066855AUTHENTICATION FOR DEVICES LOCATED IN CABLE NETWORKS - An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices.03-17-2011
20110066854METHOD FOR SECURE DYNAMIC BANDWIDTH ALLOCATION IN A TT ETHERNET - A communication method for transmitting TT Ethernet messages is a distributed real-time system, including a plurality of node computers. Each node computer has an Ethernet controller, which by way of a data line is directly connected to a port of a TTE star coupler, said port being uniquely associated with the node computer. A plurality of TTE star couplers are connected among each other by way of one or more data lines to form a TTE network. A TTE message scheduler dynamically calculates the conflict-free schedules for a number of time-controlled messages and signs the schedule provided for each node with a secret part of a public-key signature before it transmits said schedule to the corresponding node computer. Each node computer integrates the signed periodic schedule, which is transmitted to the node computer in the form of a TTE message header of an ETE message, into each dynamically calculated TTE message. The TTE star couplers check whether each dynamically calculated TTE message contains an authentically signed schedule.03-17-2011
20110066853SYSTEM AND METHOD FOR SECURELY IDENTIFYING AND AUTHENTICATING DEVICES IN A SYMMETRIC ENCRYPTION SYSTEM - The present invention describes a system and method for securely identifying and authenticating devices in a symmetric encryption system. An RFID tag can generate indicators using encryption state variables and a symmetric key. An RFID reader, after receiving the encryption state variables from the tag, may identify the tag by performing an exhaustive key search in a key database. Each key in the database may be tested by using the key and encryption state variables to perform an encryption operation similar to that performed by the tag. The result is then compared with the received tag indicators to determine if the tag has been identified. A rotor-based encryption scheme provides for a low cost key search while providing resilience against cloning, tracking, tampering and replay attacks.03-17-2011
20110066852DOCUMENT MANAGEMENT SYSTEM, DOCUMENT MANIPULATION APPARATUS, AND COMPUTER READABLE MEDIUM - According to an aspect of the invention, a document management system includes a protection policy storage unit, a correspondence storage unit, an embedding unit, a portable identification unit, a storage control unit, and a document manipulation unit. The document manipulation unit executes a user manipulation specified by the certain user based on a communication between the portable identification unit and the document manipulation unit.03-17-2011
20090254748ELECTRONIC MAIL GATEWAY APPARATUS - An e-mail gateway apparatus is configured to delete unnecessary e-mails that are on an e-mail server apparatus. When the S/MIME gateway apparatus fails to receive an e-mail from the e-mail server apparatus, a main control unit of the S/MIME gateway apparatus distributes to a client PC an error notification mail indicating the failure. When a deletion request signal requesting deletion of the reception-failed e-mail is received from the client PC, the main control unit of the S/MIME gateway apparatus requests the e-mail server apparatus to delete the e-mail.10-08-2009
20090319788ENHANCED SHARED SECRET PROVISIONING PROTOCOL - An Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched at two network devices together within a predetermined time interval. These two devices then automatically register with each other. When two devices running ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. With ESSPP, two ESSPP devices that are attempting to register with each other will only provision a key when they detect that they are the only two ESSPP devices on the wireless network running ESSPP. If additional devices running ESSPP are detected, the ESSPP protocol is either terminated or suspended.12-24-2009
20090150669METHOD AND APPARATUS FOR PROVIDING DOWNLOADABLE CONDITIONAL ACCESS SERVICE USING DISTRIBUTION KEY - An apparatus and a method for providing a downloadable conditional access service using a distribution key are provided. With regard to the apparatus for providing the downloadable conditional access service using the distribution key, a subscriber authorization system transmits a target entitlement management massage being encoded with a target distribution key to a host, and the host decodes the encoded target entitlement management message being encoded with the target distribution key included in a target secure micro client.06-11-2009
20090319789Encrypted portable medical history system - The invention consists of a system of integrated components comprised of at least one portable data storage device, a secure server based system to warehouse data within a database and an image of the computer readable media on the portable data storage device, and a user interface to the secure server. It is contemplated that access to the secure server can be accomplished through a browser via the internet, an intranet, or an extranet. It is further contemplated that a secure client/server arrangement could permit direct access to the database. A client/server arrangement could be of a thin-client or fat-client type architecture. Users would require only a minimal amount of interaction with the system for the purpose of editing information and uploading files, while health care providers would require greater access and reporting for the purpose of facilitating the delivery of appropriate care.12-24-2009
20090319790MASKED DIGITAL SIGNATURES - The present invention relates to digital signature operations using public key schemes in a secure communications system and in particular for use with processors having limited computing power such as ‘smart cards’. This invention describes a method for creating and authenticating a digital signature comprising the steps of selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system computing a recovered second signature component s′ by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature. Verifying these signature components as in a usual ElGamal or ECDSA type signature verification.12-24-2009
20090164784SECURE PEER-TO-PEER MESSAGING INVITATION ARCHITECTURE - A system and methods providing immediate peer-to-peer messaging between mobile devices in a wireless system. An invitation architecture is disclosed which enables the exchange of personal identification numbers (PINs) without requiring a user to directly access or provide his or her PIN. A messaging application encrypts its associated PIN before providing it to a messaging application on another mobile device through an existing communication application. An invitation process for exchanging encrypted PINs involves receiving an invitation containing a question, obtaining user input of an answer, and transmitting the answer back to the sender with an encrypted PIN. The sender confirms the received answer is correct and replies with its encrypted PIN.06-25-2009
20110238992APPLICATION CONTROLLED ENCRYPTION OF WEB BROWSER CACHED DATA - A browser cache-securing component facilitates online communication of confidential data, such as for financial information, purchasing transactions, or user identification. Caching webpages for subsequent presentation enhances user productivity and efficiency while reducing burdens on network resources. Yet, the security risks of intrusions into cache memory are mitigated by retaining encrypted data in cache memory without prior decryption. A modest overhead in decrypting when and if the webpage is to be presented again gains a security and privacy advantage without taking away functionality. Decrypted versions of confidential data can thereby be relegated to volatile memory. Upon termination of a session, a session key shared by a network server is deleted, preventing subsequent decryption. Executing the browser cache-securing component in a virtual machine environment allows multiple browser types to benefit from the security feature.09-29-2011
20120198232GENERALIZED POLICY SERVER - A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control database to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets.08-02-2012
20100223468METHOD AND DEVICE FOR AUTHENTICATING REQUEST MESSAGE - A method for authenticating request messages is disclosed. An authentication service device performs centralized allocation and management for authentication random numbers; when a User Equipment (UE) uses a protected service, the key negotiation process needs to be performed only once, whereupon the authentication is performed with multiple Application Servers (ASs) in turn according to the policy of using an authentication random number. Further, the corresponding authentication service device, AS, and UE are disclosed.09-02-2010
20100223465METHOD FOR LENDING OUT ELECTRONIC KEY AND COMMUNICATION TERMINAL - The present invention aims at providing an electronic key lending method capable of ensuring the high security by a relatively easy method. An electronic key lending method of the present invention of lending an electronic key (09-02-2010
20080250243Method and System for Secure Position Determination - A system and method of security for navigation, positioning, and localization systems, and applications of cryptography thereto are provided. The security can be applied to navigation, aircraft landing guidance, air traffic control, location-based access control, the prevention of relay attacks against financial and legal transaction protocols and protection of other data transmissions.10-09-2008
20110238988APPLIANCE AUTHENTICATION SYSTEM, AND METHOD OF CONTROLLING POWER SUPPLY - Provided is a method where a power management apparatus (a) acquires, from a server managed by a manufacturer of an electronic appliance, a public key paired with a secret key that the electronic appliance and the server hold, (b) generates a ciphertext by generating a random number and encrypting the random number by the public key, and (c) transmits the ciphertext to the electronic appliance and the server, where the electronic appliance (d) restores the random number by decrypting the ciphertext transmitted in (c), (e) causes an electrical part to operate, based on the random number, and (f) transmits to the server the value of current flowing through the electrical part, and where the server (g) restores the random number by decrypting the ciphertext transmitted in (c), (h) calculates the value of current to flow through the electrical part based on the random number, and (i) compares values of current.09-29-2011
20090106553METHOD AND SYSTEM UTILIZING QUANTUM AUTHENTICATION - A system and a method with quantum cryptography authentication. The system includes an optical link connecting a sender and a receiver. The sender transmitting a first optical pulse and a second optical pulse having a defined time delay therebetween. The first pulse is modulated with a first authentication phase shift; and the second pulse is modulated with phases selected from one basis of two non-orthogonal bases, and encoded with one of two orthogonal states within the one basis based on an information of the sender, and with a second authentication phase shift. The receiver includes a splitter receiving and splitting the first and the second pulse into pulses of interest. The split pulses of interest are modulated with the first authentication phase shift; and the second authentication phase shift, respectively. The receiver includes a second coupler whereby the split pulses of interest arrive at the second coupler simultaneously. The receiver includes a first set of detectors receiving the combined pulses, which determine the one basis of the two non-orthogonal bases; and a second set of detectors receiving the combined pulses, and determine the one of the two orthogonal states within the basis and thereby decoding the information of the sender.04-23-2009
20100306538Trust Establishment from Forward Link Only to Non-Forward Link Only Devices - A method, apparatus, and/or system are provided for establishing trust between an accessory device and a host device, using a global key known to both the host device and the accessory device, so that content protection for subscriber-based mobile broadcast services is provided. A secure link may be established between the accessory device and the host device so that when the accessory device receives encrypted content via a secured forward link only network, the accessory device may decrypt the content at the forward link only stack. The content is then re-encrypted/re-secured using one or more derived encryption keys and then sent to the host device where it may be decrypted and played back. A global key, unique to the particular device type of the host device, is employed to ultimately derive the session encryption keys used to re-encrypt/re-secure the content conveyed from the accessory device to the host device.12-02-2010
20090037734DEVICE AUTHENTICATION SYSTEM, MOBILE TERMINAL DEVICE, INFORMATION DEVICE, DEVICE AUTHENTICATING SERVER, AND DEVICE AUTHENTICATING METHOD - According to a device authentication system (02-05-2009
20090037733Method for Recording and Distributing Digital Data and Related Device - The invention relates to a method for burning digital data onto a blank disk by a client device, the digital data being transmitted to the client device by a remote content server. The method comprises the following steps carried out by the client device: setting up a secure authenticated channel with the content server; receiving the digital data transmitted by the content server; verifying the existence of the secure authenticated channel and authorizing the burning of the digital data received only during the existence of the secure authenticated channel; and burning onto the blank disk the digital data received. The invention also relates to a client device and a method for distributing digital data.02-05-2009
20130013922SECURE DISSEMINATION OF EVENTS IN A PUBLISH/SUBSCRIBE NETWORK - Various embodiments of systems and methods to securely disseminate events in publish/subscribe network are described herein. One or more subscribers are authorized to receive events from a publisher through an authorize protocol carried out between the publisher, a trusted party and the one or more subscribers. A security token specific to a product associated with an event is provided, by the publisher, to the authorized one or more subscribers. Further, the event is encrypted using a public key of the trusted party, a security key of the publisher and a secret key of the publisher. The encrypted event is disseminated, by the publisher, in a publish/subscribe network. Furthermore, the encrypted event is received by the authorized one or more subscribers. The encrypted event is decrypted using the security token and an authorization key by the authorized one or more subscribers.01-10-2013
20090070585Measurement probe systems for co-ordinate positioning apparatus - A measurement probe, such as a touch trigger measurement probe, is described that comprises a measurement portion for measuring an object and a data transfer portion for receiving data from and/or transmitting data to an associated unit. The measurement device also comprises an authentication module for verifying the authenticity of the associated unit. The authentication module may include a processor for running a one-way hash algorithm. Authenticity may be established using a challenge and response authentication process.03-12-2009
20090070583SYSTEM AND METHOD FOR SECURE TRANSACTION - Systems and methods for performing a secure transaction provided. In one embodiment, the method includes: reading data on a command token, reading data on a token; encrypting the token data with a key; encrypting an authentication data with a clear text token data; and transmitting the encrypted authentication data with the encrypted token data to a remote device.03-12-2009
20090070582Secure Network Location Awareness - Secure network location awareness is provided whereby a client is able to use appropriate settings when communicating with an access node of a communications network. In an embodiment a client receives a signed message from the access node, the signed message comprising at least a certificate chain having a public key. In some embodiments the certificate chain may be only a self-signed certificate and in other embodiments the certificate chain is two or more certificates in length. The client validates the certificate chain and verifies the signature of the signed message. If this is successful the client accesses stored settings for use with the access node. The stored settings are accessed at least using information about the public key. In another embodiment the signed message also comprises a location identifier which is, for example, a domain name system (DNS) suffix of the access node.03-12-2009
20130013921Methods and apparatus for secure data sharing - This disclosure relates to methods and apparatus for securely and easily sharing data over a communications network. As communications services on a communications network are continuously becoming cheaper, faster, and easier to use, more users are becoming receptive to the idea of sharing data over the communications network. However, although E-mails and web folders, to a certain degree, provide easy-to-use or secure data sharing mechanisms, none of the existing data sharing methods is both easy-to-use and highly secure. This disclosure provides methods and apparatus for easily and securely sharing data over a communications network.01-10-2013
20100306535Business To Business Secure Mail - Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.12-02-2010
20100306537SECURE MESSAGING - A method for securely transmitting a message to a recipient whilst allowing subsequent access to the message content, wherein at least part of the message is encrypted, comprising the steps of: (a) encrypting a first piece of content with an encryption key; (b) providing a decryption engine at an address on a recipient accessible server; (c) incorporating the address of the recipient accessible server within the message, together with the first piece of encrypted content; (d) transmitting the first piece of encrypted content together with the address of the recipient accessible server to the recipient, such that the recipient is able to decrypt the first piece of content by uploading it to the decryption engine, and (e) authenticating the sender to the recipient.12-02-2010
20100306540ENCRYPTION PROCESSING METHOD AND ENCRYPTION PROCESSING DEVICE - Provided is an encryption processing device which can effectively improve an encryption processing performance of a secure multi-media communication. The encryption processing device (12-02-2010
20100306539METHOD AND SYSTEM FOR CONTENT DELIVERY CONTROL USING A PARALLEL NETWORK - A method and system for controlling distribution of content through a communications network uses a second, parallel network for delivery of a transaction indicia to a requesting party. The use of the parallel network enables the transaction indicia to be forwarded to the party independently of the communications network, thereby reducing the probability of a party fraudulently obtaining delivery of the content. Additionally, information associated with the parallel network can be used to restrict distribution of the content to parties within a predetermined domain, such as, for example, a geographical region. The content may be delivered to the party in an encrypted form, preferably using an encryption algorithm and key designed to enable decryption of the content on only the content delivery device from which the request for the content was originated.12-02-2010
20100313020METHODS AND APPARATUS FOR USE IN FACILITATING THE COMMUNICATION OF NEIGHBORING NETWORK INFORMATION TO A MOBILE TERMINAL WITH USE OF A RADIUS COMPATIBLE PROTOCOL - A disclosed example method for requesting neighboring network information from a device involves encoding a request for neighboring network information and sending the request to an authentication server to obtain the neighboring network information. The example method also involves receiving a response to the request, retrieving the neighboring network information contained in the response, and decoding the neighboring network information. The decoded neighboring network information is stored.12-09-2010
20100313018METHOD AND SYSTEM FOR BACKUP AND RESTORATION OF COMPUTER AND USER INFORMATION - A method for performing backup of computer specific information from a computer is disclosed. The method includes receiving, at a remote server, user authentication data obtainable from a user of the computer; in response to a positive authentication based on the user authentication data, the remote server establishing a communication channel between the computer and the remote server; authenticating, via the communication channel, the computer for use with the server; sending, via the communication channel, a computer specific information collect request from the server to the computer; collecting computer specific information at the computer; encrypting the computer specific information; and sending, via the communication channel, the encrypted computer specific information to the remote server.12-09-2010
20100313017IDENTIFICATION-DEPENDENT COMMUNICATION BETWEEN VEHICLES - A method and assistance system drawn to identification-dependent communication that takes place between vehicles. The messages to be transmitted are encrypted by cryptographic methods, wherein the necessary keys for the cryptographic methods are stored in vehicle components which are protected from unauthorized removal and installation by means of protection mechanisms. The method and system make it possible to limit standardized broadcasts to a particular group of users.12-09-2010
20130138957MIGRATING AUTHENTICATED CONTENT TOWARDS CONTENT CONSUMER - Techniques involving migrating authenticated content on a network towards the consumer of the content. One representative technique includes a network node receiving an encrypted seed having at least a location of the user data at a network service that stores the user data, and a cryptographic key to access the user data. The seed is received in response to a user login attempt to the network service. The user data is requested from the location using at least the received cryptographic key. The method further includes receiving and storing the user data at the network node, where the network node is physically closer to a location of the user than is the location of the network service. If the user is successfully authenticated, user access is provided to the stored user data at the network node rather than from the network service.05-30-2013
20130138958METHOD AND APPARATUS OF MATCHING MONITORING SETS TO NETWORK DEVICES - Monitoring computer devices operating on a network is disclosed. Computer devices are all different and require monitoring settings that are tailored to their specific requirements. One example method of assigning a sample set to a network device operating on a network may include identifying the at least one network device, and identifying at least one object identifier associated with the at least one identified network device. The method may also include transmitting the at least one object identified to a memory location, and comparing the at least one object identifier to a plurality of sample sets and assigning relevancy scores to the plurality of sample sets based on the comparison. The method may also include assigning at least one sample set having a greater relevancy score than the other sample sets to the at least one network device. The sample sets may be SNMP sample sets.05-30-2013
20130138959Enabling Users to Select Between Secure Service Providers Using a Central Trusted Service Manager - Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element.05-30-2013
20100325434REAL-TIME DELIVERY OF LICENSE FOR PREVIOUSLY STORED ENCRYPTED CONTENT - Content is stored as ClearText by a content provider within a trusted area. Specific content is requested by an end user, preferably via a service provider, and the requested content is encrypted and then delivered over a secure communications channel to a home server system. While the encrypted content is stored on the home server system, the associated encryption keys are stored as a license with the content provider. When a playback device on the home server system is instructed to play back the encrypted content, the encrypted content is streamed from local storage within the home server system while the associated encrypted keys are simultaneously streamed from the content provider to the playback device.12-23-2010
20130145161DIGITAL RIGHTS MANAGEMENT OF STREAMING CONTENTS AND SERVICES - Managing digital rights of contents and services streamed to a client device, including: receiving and validating a certificate from the client device; enabling the client device to log into and communicate with a server using a secure protocol to establish a private relationship between the client device and the server; and transmitting a resource identifier to the client device using the secure protocol when the private relationship is established.06-06-2013
20100325433LOGIN SYSTEM - A method for secure log on to a server is provided. The method includes: providing a first user name and a first password from a client to the server; determining if the first user name and first password correspond to a registered user; providing a first data set from the server to the client if the outcome of the determination step is positive; providing a second user name and a second password from the client to a trusted third party; determining if the second user name and second password correspond to a user registered at the trusted third party; providing the first data set from the client to the trusted third party if the outcome of the determination step is positive; providing the first data set from the trusted third party to the server; providing a second data set from the server to the trusted third party if the first data set received from the trusted third party corresponds to the first data set provided to the client; providing the second data set from the trusted third party to the client; providing the second data set from the client to the server; log on the client at the server if the second data set received from the client corresponds to the second data set provided to the trusted third party.12-23-2010
20100325432COUNTERFEIT PREVENTION STRATEGY FOR PLUGGABLE MODULES - A method is provided, including (a) upon a standard small form-factor pluggable (SFP) module being inserted into an SFP jack on a network host device, determining if the SFP module is a legacy device or a smart device, (b) upon determining that the SFP module is a legacy device, receiving a magic code from the SFP module and determining if the magic code is a valid magic code, and (c) upon determining that the SFP module is a smart device, performing a smart authentication process with the SFP module. Associated apparatuses and additional methods are also provided.12-23-2010
20090138708CRYPTOGRAPHIC MODULE DISTRIBUTION SYSTEM, APPARATUS, AND PROGRAM - In a cryptographic module distribution system, a cryptographic management server apparatus encrypts a cryptographic module using a key shared by a cryptographic apparatus, and transmits the encrypted cryptographic module to a client apparatus. The client apparatus transmits the encrypted cryptographic module to a cryptographic apparatus. The cryptographic apparatus decrypts the encrypted cryptographic module using the key shared by the cryptographic management server apparatus, and transmits the decrypted cryptographic module to the client apparatus. The client apparatus stores the received cryptographic module.05-28-2009
20090138707Method for Fast Pre-Authentication by Distance Recognition - A method of pre-authentication of a first entity (05-28-2009
20100332831METHOD AND APPARATUS FOR AUTHENTICATING A SENSOR NODE IN A SENSOR NETWORK - A method and apparatus for authenticating a sensor node in a sensor network. The method for authenticating a sensor node by a first sink node in a sensor network includes receiving an authentication request using an authentication ticket from the sensor node, identifying a second sink node which has issued the authentication ticket, decoding the authentication ticket using a group key, which is previously stored in correspondence to the second sink node to confirm the validity of the authentication ticket, when the second sink node is included in a neighboring node list, normally processing authentication for the sensor node, generating an authentication ticket using a group key of the first sink node, and transmitting the generated authentication ticket to the sensor node.12-30-2010
20100223467Methods and Systems for Sharing Database Content - Mechanisms and methods for sharing database content stored by a first organization with a third party are provided. A network address is provided to the third party, which can enable control of the access to the content and tracking of the views of the content. For example, the network address can include an encrypted key that contains information about the organization that created content and the specific distribution ID for delivering the content when requested by the third party using the address. A distribution can be created in numerous ways, with various restrictions on the access to the document of a distribution.09-02-2010
20100332830SYSTEM AND METHOD FOR MUTUAL AUTHENTICATION BETWEEN NODE AND SINK IN SENSOR NETWORK - Disclosed a system and method for mutual authentication between a node and a sink in a sensor network. At least one sink periodically creates a neighboring sink list including information on at least one adjacent sink, and the sink requests node authentication to a base station when receiving an authentication request from the node and transmits its own neighboring sink list to the node when the node authentication has been completed. When the node moves and requests authentication to another sink, the another sink stores a neighboring sink list received from the node, determines if a node-authenticable sink exists in its own neighboring sink list according to the authentication request, and requests re-authentication of the node to the node-authenticable sink when the node-authenticable sink exists, so that re-authentication between the node and the sink is easily performed.12-30-2010
20100332829Method for detecting the use of a cloned user unit communicating with a server - A method to prevent, detect and fight against cloning attacks by using payload keys to encrypt request and response messages exchanged between user units and server. In an initialization phase, the user unit generates locally an initial payload key and sends to the server in a secure way a request comprising a unique identifier of the user unit, check data, the initial payload key and a request instruction encrypted with a payload key retrieved from the memory of the user unit. Each time the server receives a request from a user unit; it will retrieve the payload key by searching in its memory according to the unique identifier of the user unit. The obtained payload key is then used to decrypt the request instruction. The server then generates a derivation key as response key which will be used by the user unit to compute a new payload key. Doing this way, the payload key is modified preferably during each data exchange between user unit and server, allowing thus the server to check in the next incoming request from the same user unit if the payload key is the expected one. The server also stores a fallback payload key, which is the last one used by the user unit. By checking a status parameter at decryption with the expected payload key or with the fallback key, the server can, by applying predefined business rules, distinguish correct behaviors or authorized user units from unexpected system failures (network, storage, interferences, application software crash, etc.) and from true cloning attacks.12-30-2010
20100332827CREATING AND USING SECURE COMMUNICATIONS CHANNELS FOR VIRTUAL UNIVERSES - A system and method provides secure channels for communication in a virtual universe by employing a packet interception layer for incoming and outgoing data packets. A data path is defined and is sequentially encrypted with the public keys of servers in the path. Decryption and identification of the next server occurs in a sequential manner in which the path is known only to the sender.12-30-2010
20110010546INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING MEDIUM AND PROGRAM - The present invention relates to an information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner.01-13-2011
20110113244STATELESS CRYPTOGRAPHIC PROTOCOL-BASED HARDWARE ACCELERATION - According to one embodiment of the invention, a network device comprises a first processing element and a second processing element. The first processing element is adapted to handle an authentication handshaking protocol, such as the SSL/TLS Handshake, and upon receipt of a Client Key Exchange message, passes control of the authentication handshaking protocol to the second processing element. The second processing element completes the authentication handshaking protocol.05-12-2011
20110029773Optical Network Terminal Management Control Interface-Based Passive Optical Network Security Enhancement - A network component comprising at least one processor coupled to a memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the attributes provide security features for the ONU and an optical line terminal (OLT). Also included is an apparatus comprising an ONU configured to couple to an OLT and comprising an OMCI ME, wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, and wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT.02-03-2011
20110029774SECURE COMMUNICATION BETWEEN A HARDWARE DEVICE AND A COMPUTER - A group of secret sets is provided, each set including a key and an assigned identifier. The sets are stored in a secure hardware device that can retrieve the key of any of the sets using the key's corresponding identifier. A set is stored in an application, and the application is executed on a computer coupled to the secure device. The application defines a session key, encrypts the session key using the key from the set stored in the application, generates session data including the stored set's identifier and the encrypted session key, and sends the session data to the secure device. The secure device obtains from the session data the encrypted session key and the identifier, retrieves the key corresponding to the identifier, and uses the retrieved key to decrypt the session key. The session key is then used to encrypt and decrypt communications between the secure device and the computer.02-03-2011
20100161982HOME NETWORK SYSTEM - A home network system includes: a plurality of wireless devices cooperated with a home network, each device having a tag attached thereto to identify it; a tag reader for reading tag information from the tag of each wireless device; and a network manager for storing a shared key and identifying each wireless device connected to the home network using the tag information and supporting information exchange between the wireless devices by using the shared key.06-24-2010
20100161980APPARATUS AND METHOD OF SECURITY IDENTITY CHECKER - A method and apparatus that establish secure communications between two stations. The apparatus includes a low power communication processor and a host processor in a sleep mode. The low power communication processor receives a protocol message to initiate a communication. The protocol message includes an encrypted cryptographic identity token and triggers a wake-up event in order to wake up the host processor according to a result of identity a freshness checks performed by the low power communication processor.06-24-2010
20110119488METHOD AND SYSTEM FOR FACILITATING THROTTLING OF INTERPOLATION-BASED AUTHENTICATION - One embodiment provides a system that facilitates throttling of interpolation-based authentication at a client. During operation, the system receives data points encrypted with a public key associated with a throttle server. The system then applies offsets to the data points, wherein a respective offset for a data point is associated with a user input. The system blinds the offset data points, and sends to the throttle server the blinded offset data points, thereby allowing the throttle server to perform an interpolation on the blinded offset data points and maintain a count of interpolation attempts from the client. Subsequently, the system receives from the throttle server an evaluation point based at least on the interpolation. In response, the system unblinds the evaluation point, and uses the unblinded evaluation point as a secret for a subsequent authentication process.05-19-2011
20110113246SECURE DATA TRANSFER USING AN EMBEDDED SYSTEM - A method and device for securing data transmission via an embedded system that is operationally coupled to a local device and a remote computing system using a network is provided. The method includes, determining if data received from the remote computing system is secured, handshaking with the remote computing system if the data received is from a new connection; decrypting the secured data; and transmitting the decrypted data to the local device. The method also includes, determining if the data received from the local device is from a new connection, handshaking with the remote computing system if the data received is from a new connection; encrypting the data; and transmitting the encrypted data to the remote computing system. A receiving module determines whether input data needs to be encrypted or decrypted; a processing module for encrypting and/or decrypting input data; and an output module for transmitting encrypted and/decrypted data.05-12-2011
20110113245ONE TIME PIN GENERATION - A method and system is provided for generating a one-time passcode (OTP) configured for use as a personal identification number (PIN) for a user account from a user device. The OTP may be generated using an OTP generator which may include an algorithm an user account-specific OTP key. The OTP key may be camouflaged by encryption, obfuscation or cryptographic camouflaging using a PIN or a unique machine identifier defined by the user device. Obtaining an OTP from the user device may require inputting a data element which may be one of a PIN, a character string, an image, a biometric parameter, a user device identifier such as an machine effective speed calibration (MESC), or other datum. The OTP may be used for any transaction requiring a user PIN input, including ATM and debit card transactions, secure access and online transactions.05-12-2011
20090049297SYSTEMS AND METHODS FOR VERIFYING THE AUTHENTICITY OF A REMOTE DEVICE - Some embodiments of the invention are directed to, among other things, systems, computer readable media, methods and any other means for verifying the authenticity of a client device. In some embodiments, a token is issued by one or more remote media servers that allows the client device to download video, media or other data from one or more remote media servers.02-19-2009
20110040972TERMINAL FOR STRONG AUTHENTICATION OF A USER - The invention relates to a terminal (02-17-2011
20110113248Leak-Resistant Cryptographic Token - Chip cards are used to secure credit and debit payment transaction. To prevent fraudulent transaction, the card must protect cryptographic keys used to authenticate transactions. In particular, cards should resist differential power analysis and/or other attacks. To address security risks posed by leakage of partial information about keys during cryptographic transactions, cards may be configured to perform periodic cryptographic key update operations. The key update transformation prevents adversaries from exploiting partial information that may have been leaked about the card's keys. Update operations based on a hierarchical structure can enable efficient transaction verification by allowing a verifying party (e.g., an issuer) to derive a card's current state from a transaction counter and its initial state by performing one operation per level in the hierarchy, instead of progressing through all update operations performed by the card.05-12-2011
20110040969METHOD AND SYSTEM FOR DYNAMIC SERVICE NEGOTIATION WITH A UNIFORM SECURITY CONTROL PLANE IN A WIRELESS NETWORK - A method and system to facilitate dynamic service negotiation with a uniform and persistent security control plane in a wireless network. In one embodiment of the invention, a node in the wireless network determines each capability provided by each of one or more virtual nodes that it supports and transmits a frame that has information of each capability provided by each of the one or more virtual nodes. By combining all the information of each capability provided by each of the one or more virtual nodes into one frame, the node reduces the volume of management traffic required and increases the available usable channel bandwidth in one embodiment of the invention.02-17-2011
20110113247AUTOMATICALLY RECONNECTING A CLIENT ACROSS RELIABLE AND PERSISTENT COMMUNICATION SESSIONS - The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. The method includes providing a first connection between a client and first protocol service and a second connection between the first protocol service and a host service. The first protocol service detects a disruption in the first connection. The client re-establishes the first connection between the client and the first protocol service while maintaining the second connection between the first protocol service and the host service. The first protocol service receives a ticket associated with the client and validates the ticket. The first protocol service links the re-established first connection to the maintained second connection after the ticket is validated.05-12-2011
20090063858Systems, methods, and media for retransmitting data using the secure real-time transport protocol - Systems, methods, and media for retransmitting data using the SRTP are provided. In some embodiments, methods for retransmitting data using the SRTP are provided. The methods include: receiving at least one data unit associated with a media session; determining the index of the at least one data unit; determining the session key of the media session using the index; authenticating the at least one data unit using the session key; and retransmitting the at least one data unit.03-05-2009
20110087885METHOD AND APPARATUS FOR EFFICIENT AND SECURE CREATING, TRANSFERRING, AND REVEALING OF MESSAGES OVER A NETWORK - An encryption based method of enabling a plurality of parties to share, create, hide, or reveal message or token information over a network includes a commutative group cipher (CGC), where the underlying CGC is secure against ciphertext-only attack (COA) and plaintext attacks (KPA), and is deterministic. The protocols doe not require a trusted third party (TTP), and execute rapidly enough on ordinary consumer computers as to be effective for realtime play among more than two players. Protocols are defined which include VSM-L-OL, VSM-VL, VSM-VPUM, and VSM-VL-VUM, wherein the letters V, O, SM, P, and UM represent, respectively, Verified, Locking Round, Open, Shuffle-Masking Round, Partial, and Unmasking Round.04-14-2011
20110087884Methods and Systems for Improving the Security of Password-Based Authentication Protocols for IEEE 802.11 Networks - A password element is generated for a station running an Elliptic Curve Cryptography (ECC) or a Finite Field Cryptography (FFC) group based password authenticated protocol. A password element is multiplied by a cofactor to generate a modified password element for the ECC group. The station verifies that the modified password element is not equal to a point at infinity for the ECC group. A password element is generated by exponentiating a password value to a power t, where t=(p−1)/r, p and r are primes, and r has a bit length of at least 160 bits for the FFC group. A commit-element parameter is generated using a temporary secret value and the ECC modified password element or the FFC password element, and is then transmitted to another station in a commit message. The receiving station checks if the received commit-element parameter has desired properties before continuing with the protocol.04-14-2011
20090070581SYSTEM AND METHOD FOR CENTRALIZED USER IDENTIFICATION FOR NETWORKED DOCUMENT PROCESSING DEVICES - The subject application is directed to a system and method for centralized user identification for networked document processing devices. A secure communications channel is first established between a document processing device designated as an authentication device and at least one additional document processing device of a plurality of document processing devices. The authentication device then communicates address data to each additional document processing device. Credential data associated with a user of a document processing device is then received. The received credential data is communicated from the document processing device to the authentication device. The user of the document processing is then authenticated in accordance with the received credential data. Authorization data representing the authorization of the user to perform a document processing operation on the document processing device is then communicated to the document processing device from the authentication device according to the completed authentication of the user.03-12-2009
20110213973IC CARD FOR ENCRYPTION OR DECRYPTION PROCESS AND ENCRYPTED COMMUNICATION SYSTEM AND ENCRYPTED COMMUNICATION METHOD USING THE SAME - It is possible to perform encrypted communication between members of a group while assuring a sufficient security compatible with a change of the members. An IC card having the same fixed code F(a) is distributed to all the staffs of company A. When communication is performed between a staff α and a staff β belonging to the same project group, α of the transmission side writes an arbitrary variable code V(09-01-2011
20110213972METHOD OF EXECUTING A CRYPTOGRAPHIC CALCULATION - A cryptographic calculation is executed in an electronic component, according to a cryptographic algorithm including at least one application of a one-way function which is disabled upon an intrusion into the electronic component. The one-way function is based on a first affine operation corresponding to a first secret key. The one-way function is applied, by obtaining (09-01-2011
20090327715System and Method for Cryptographic Identification of Interchangeable Parts - An anti-counterfeiting identification system for a medical tubing system, including a tubing assembly having upstream and downstream tubing portions removably connected to one another in a mechanically coupled state and a mechanically uncoupled state. The mechanically coupled state is a reliable fluid tight connection of the upstream and downstream portions for fluids passing there through from the upstream portion to the downstream portion. A two-part encrypted identification assembly has a first part connected to the upstream portion and a second part connected to the downstream portion. The first and second parts are electrically connected only through one lead and ground and are electrically connected to one another only in the mechanically coupled state. Also provided are methods for identification, anti-piracy, and inventory.12-31-2009
20110083013PRIVACY VAULT FOR MAINTAINING THE PRIVACY OF USER PROFILES - Methods, systems, and computer-readable media for facilitating personalization of web content is provided, while protecting the privacy of the user data utilized to personalize the user's experience. A privacy vault may collect user data including user activity data, demographic data, and user interests submitted by a user. In one embodiment, the privacy vault operates on a user client device. The privacy vault sends the user data to a community vault that collects user data from multiple users. The community vault generates segment rules that whether a user belongs to a user segment, which expresses a user's interest. The segment rules are then communicated back to the privacy vault, which assigns one or more user segments to the user based on the user data available to the privacy vault and the segment rules. The privacy vault may communicate user segments to one or more content providers that supply personalized content that is selected based on the user segments provided.04-07-2011
20100223463COMMUNICATION SYSTEM, KEY MANAGING/DISTRIBUTING SERVER, TERMINAL APPARATUS, AND DATA COMMUNICATION METHOD USED THEREFOR, AND PROGRAM - To provide a mobile communication system that can prevent unauthorized use of an encryption key otherwise caused by loss thereof and that can securely perform a direct communication between terminals using the encryption key. A portable terminal apparatus 09-02-2010
20100211780SECURE NETWORK COMMUNICATIONS - Apparatus, systems, and methods may operate to establish a secure communications tunnel between a server node and a client node, and to receive user requests from the client node at the server node via the secure communications tunnel. The user requests may be received in conjunction with a device verification token derived from nonces generated by the server node and transmitted to the client node as part of keep-alive response messages. The nonces may change according to a period of time established by the server node. Additional apparatus, systems, and methods are disclosed.08-19-2010
20100100733System and Method for Secure Provisioning of an Information Handling System - Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key.04-22-2010
20090031129HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF UNWANTED E-MAIL01-29-2009
20100180116INTRUSION-TOLERANT GROUP MANAGEMENT FOR MOBILE AD-HOC NETWORKS - An inventive system and method for intrusion-tolerant group management for a network is presented. The method comprises a client broadcasting a message request to controllers and validating the rekey messages received from the controllers, and controllers validating the client's broadcast message request and broadcasting proposals, collecting proposals, constructing threshold-signed proofs, updating the view umber, performing the client's message request, generating the rekey based on the valid proposals and transmitting the rekey to the client. Simultaneously, controllers send reconciliation messages to all controllers, based on which the membership state is updated. The client updates a shared key when a predetermined number of valid rekey messages are received. The controllers can communicate via a byzantine fault-tolerant agreement. The client can use its public key to decrypt the rekey and perform validation. The client's message request can be a join or a leave.07-15-2010
20120246479PRIMITIVE FUNCTIONS FOR USE IN REMOTE COMPUTER MANAGEMENT - The invention facilitates remote management of a computer via a network. Remote computer management capability can be expanded beyond that previously available through the addition of one or more new primitive functions that can be performed on a managed computer.09-27-2012
20090327718Content data mangement system and method - Embodiments of the present invention allow encrypted data to restrict unlimited output of content data recorded in an area where reading can be performed by standard commands. According to one embodiment, a data storage area of a storage device is provided with an accessible area which can be accessed from the outside of an interface by specifying an address, and a hidden access area which can be accessed from the outside only in a specified case where an authentication condition is satisfied. In the hidden area, a table is recorded in which one entry includes an entry number and a field of a content identifier. An expansion area is provided in each sector of the accessible area, and data output control information and an entry number are recorded. The data output control information indicates information of one of (1) output is allowed only when there is information capable of decrypting the data, and (2) output is allowed without limitation. In the case where data recorded in the accessible area is read by a standard read command, output of content data recorded in the storage device is controlled based on the data output control information recorded in the expansion area.12-31-2009
20090327720Secure access to encrypted information - A method of using a mini filter driver to secure access to encrypted information stored on a removable storage device. The method comprises receiving a request to read information from the removable storage device. The mini filter driver ascertains if the request originated from an authorized client. The mini filter driver receives encrypted information read from the removable storage device, and decrypts the encrypted information in the event that the request originated from an authorized client. The decrypted information can then be conveyed to the authorized client. If the client is not authorized, then the mini filter driver does not decrypt the information.12-31-2009
20090327719COMMUNICATION AUTHENTICATION - Systems and methods that establish trust between a receiver (e.g., a user) and a sender of a message by authenticating such sender through demonstration of knowledge for a shared secret—yet without revealing such secret. A messaging component can convey messages as directed by the shared secret to communication systems that are under control of the user. Accordingly, the user can readily determine that the sender of the message is what such sender claims to be, since the sender has demonstrated a knowledge of the shared secret by sending the message to the communication system as determined by the user. Moreover, by not actually revealing the shared secret during communication, robustness of the secret is typically ensured.12-31-2009
20090327716Verifying a Cipher-Based Message Authentication Code - A system for verifying a cipher-based message authentication code (CMAC), including a reception (RX) module logically residing between a physical layer controller (PHY) and a media access controller (MAC) processor, such that the RX module is configured to receive one or more portions of the CMAC with one or more bursts, process the one or more bursts, and write the one or more portions of the CMAC to one or more memory locations in a memory. The system also includes a transmission (TX) module logically residing between the PHY and the MAC processor, such that the TX module configured to verify the CMAC concurrently as the RX module processes the one ore more bursts.12-31-2009
20100064137Inspection and rewriting of cryptographically protected data from group VPNs - Systems, methods, and other embodiments associated with processing secure network traffic are described. One example method includes determining whether a device is a preconfigured member of a group key system. If the device is not a preconfigured member then the method selectively establishes membership in the group key system by requesting membership from a group controller. The example method may also include receiving a set of keys from the group controller and being assigned a role by the group controller. The method may further include processing secure network traffic as an inspection point, a rewriting point, and/or a validation point based on the received set of keys and the assigned role(s).03-11-2010
20100037052Network Binding - In a communication network comprised of a central management entity and plurality of terminals, methods and systems for remotely binding terminals to the network and for unbinding already bind terminals when necessary. Once bind to a network, a terminal may not operate in another network, unless the two networks share a secret.02-11-2010
20100058057REMOTE COMPUTER MANAGEMENT WHEN A PROXY SERVER IS PRESENT AT THE SITE OF A MANAGED COMPUTER - The invention facilitates remote management of a computer via a network. Remote computer management in which communication between a managed computer and a remote computer management server is initiated by the managed computer is implemented so that the presence of a proxy server at the site at which the managed computer is located can be detected, and communication from the managed computer to the remote computer management server is routed to a communication port assigned for communication with the proxy server, with instructions to then send the communication to the remote computer management server.03-04-2010
20090217042PROVISIONAL SIGNATURE SCHEMES - A method and apparatus for implementing portions of a provisional signature scheme are disclosed. In one embodiment, the method comprises creating a provisional signature by performing an operation on a message and completing the provisional signature to create a final signature on the message. Such a scheme may be used for server assisted signature schemes, designated confirmer signature schemes and blind signature schemes.08-27-2009
20090217040INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER READABLE RECORDING MEDIUM - An information processing apparatus for collecting apparatus data from an apparatus connected through a network and sending the apparatus data to a server connected through the network includes a recording unit storing a secret key and a public key certificate which are encrypted by key data and commonly distributed; an obtaining unit for obtaining, from the information processing apparatus, individual identification data by which the information processing apparatus can be uniquely identified, sending a request to provide the predetermined key data through the network to the server by specifying the individual identification data, and receiving the key data encrypted by the individual identification data from the server; and a decoder for obtaining the individual identification data from the information processing apparatus, decoding the key data by using the individual identification data, and decoding the common public key certificate and the secret key by using the decoded key data.08-27-2009
20090217038Methods and Apparatus for Locating a Device Registration Server in a Wireless Network - Methods and apparatus for locating and accessing a data server in a wireless network are disclosed. The disclosed techniques may be used to allow a wireless device provided with temporary credentials to access a wireless network and obtain a network address for a data server for downloading subscription credentials. An exemplary wireless device comprises a processing unit configured to send an access authentication request to a wireless network, and to receive an authentication challenge value from the wireless network in response. The processing unit is further configured to generate a cryptographic response from the authentication challenge value and to send the cryptographic response to the wireless network, and to also derive a data server address from the authentication challenge value. Thus, the authentication challenge value serves two purposes—as a challenge key for use in a network access authentication procedure, and as a carrier for data server address information.08-27-2009
20090217036DIGITAL RIGHTS MANAGEMENT - In a digital rights management (DRM) scheme a mobile terminal (08-27-2009
20100070765SECURE AND RECOVERABLE DATABASE FOR ON-LINE VALUE-BEARING ITEM SYSTEM - An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a secure database is disclosed. The secure database includes account balances and other information for all of the on-line value-bearing item system customers and is capable of preventing access by unauthorized users. Also, a secure communication network is in operation to prevent unauthorized access to the users' data stored in the database.03-18-2010
20100070766Authentication Method, Client, Server And System - An authentication method, which includes: a server sends a challenge to a client; the client obtains a first key performs a transformation on the first key utilizing a local hash function to obtain a third key, encrypts the first key and the challenge utilizing the third key to obtain a ciphertext, and sends the ciphertext to the server; the server decrypts the ciphertext utilizing a second key stored locally, obtains a decrypted first key and a decrypted challenge if the second key is the same as the third key, performs a transformation on the decrypted first key utilizing a local hash function to obtain a fourth key, the client passes the authentication if the decrypted challenge and the fourth key are respectively the same as the challenge sent by the server and the second key stored locally by the server.03-18-2010
20100070764TRANSFER DATA MANAGEMENT SYSTEM FOR INTERNET BACKUP - Erroneous deletion of data due to a collision of digest information during data de-duplication using digest information is prevented. When backup data is stored on a backup server 03-18-2010
20110154036Method For Implementing Encryption And Transmission of Information and System Thereof - The invention discloses a method for implementing encryption and tranmission information and system thereof. The method comprises the following steps when a sender sends information to a receiver: a client of the sender encrypts the information by using a unique identifier of a receiver identity as a public key; the sender sends the encrypted information to the receiver; the receiver receives the encrypted information, and a client of the receiver performs decryption by using a user private key; wherein the client of the receiver obtains the user private key by one-off registration and the user private key matches with the unique identifier of the receiver identity. The system comprises an information transmission platform, a sender and a receiver connected to each other by the information transmission platform, clients provided in the sender and the receiver, and a registration component. According to the present invention, secure communication between the sender and the receiver is realized without a process of establishing any initial key, and the negotiation process between the sender and the receiver before encryption/decryption and the interactions with any other entities during every encryption/decryption procedure are avoided.06-23-2011
20100064138APPARATUS AND METHOD FOR PROVIDING SECURITY SERVICE OF USER INTERFACE - An apparatus and method for providing a security service for UI applications in a network system. In a network supporting a user interface, encryption-unneeded data is distinguished from data in which security identifier is specified, that indicates a need for security between a server and a communication device, and the distinguished data is transmitted over a security channel and a general channel separately.03-11-2010
20100064136 METHOD AND SYSTEM FOR ELECTRONIC VEHICLE DOCUMENT DISPLAY - A method and system for automatically displaying electronic documents on a vehicle display screen, is provided. One implementation involves transferring an encrypted digital certificate to a control module in a vehicle, the vehicle including a display screen embedded in a window area of the vehicle, wherein the control module is configured for connection to the display screen; storing the digital certificate in a memory unit of the control module; automatically displaying information on the display screen by: retrieving the digital certificate from the memory unit of the control module; and upon validating the digital certificate in the control module, displaying said information associated with the digital certificate on the display screen.03-11-2010
20100058056Display system with security enhancement function - An exemplary display system includes a flat panel display and a host connectable to the flat panel display. The flat panel display includes a first storage unit including a first security code stored therein, a register, and a micro processing unit. The host includes a second storage unit including a second security code stored therein, and a central processing unit. The central processing unit is configured for converting the second security code to a digital signal and sending the digital signal to the register. The micro processing unit is configured to read and compare the first security code with the digital signal in the register, and output a control signal according to a result of said comparison.03-04-2010
20110252236SYSTEM AND METHOD FOR SYNCHRONIZING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating data synchronization between devices. The method includes sending a host identifier and pairing record to a second device having a file system encrypted on a per file and on a per class basis for a set of classes, receiving from the second device a sync ticket containing encryption keys for the set of classes, and storing the sync ticket. Also disclosed is a method for synchronizing encrypted data between devices. This method includes receiving, at a first device having a file system encrypted on a per file and on a per class basis, a sync ticket containing encryption keys from a second device, retrieving an escrow key bag containing protection class keys, decrypting protection class keys based on the sync ticket, and synchronizing data with the second device based on the decrypted protection class keys.10-13-2011
20110154035Method and apparatus for client-driven profile update in an enterprise wireless network - A technique for allowing client-driven profile updates in a wireless network uses a shared character password and a shared image that is known by both a client device and a network server. In some embodiments, a random character table is generated by a client device and is used, along with the shared character password and shared image, to calculate a one-time password (OTP). The OTP is then used to both encrypt and sign a new security profile to be delivered to the network server in a profile update request. The server may then generate the same OTP using information within the request and the shared character password and shared image. The new profile may then be decrypted and validated within the server.06-23-2011
20110154033ONLINE STORAGE SERVICE SYSTEM AND ITS DATA CONTROL METHOD - A WEB service providing server can execute WEB service processing using data provided by an online storage service providing server, and leaking of data at the WEB service providing server can be prevented.06-23-2011
20110078441SYSTEMS AND METHODS FOR WIRELESS PROCESSING AND MEDICAL DEVICE MONITORING VIA REMOTE COMMAND EXECUTION - A method according to the present invention includes receiving data wirelessly from a medical device, transmitting the data to an intermediary device, formatting a message including the received data for transmission to a medical data server, and receiving a command from the medical data server. Commands from the medical data server can be used for the authentication, configuration, and control of the medical device, intermediary device or another device operating in conjunction with the present invention, as well as to achieve other purposes. This method can be practiced automatically to allow a medical device for a patient or other subject to be monitored without requiring the patient to manually enter information.03-31-2011
20110083014METHOD AND APPARATUS FOR GENERATING TEMPORARY GRUU IN IMS SYSTEM - There is provided a method and apparatus for generating a temporary Globally Routable User Agent URI (GRUU) in an IP Multimedia Subsystem (IMS) system. The method and apparatus can generate a temporary GRUU without the need to generate and manage a separate database (DB). Since the previously registered user's aor and Instance Id cannot be found if a DB managing an I value I_i and an aor-Instance Id pair is lost, the method generates a temporary GRUU based on the current timestamp, an Address Of Record (aor) and an Instance Id (or Private User Identity).04-07-2011
20110072265System And Method Of Non-Centralized Zero Knowledge Authentication For A Computer Network - Zero-knowledge authentication proves identity without revealing information about a secret that is used to prove that identity. An authentication agent performs authentication of a prover agent without knowledge or transfer of the secret. A non-centralized zero-knowledge authentication system contains multiple authentication agents, for access by multiple computers seeking access on a computer network through local prover agents. Once authenticated, those multiple computers may also implement authentication agents. The secret may periodically expire by publishing a new encrypted secret by a trusted source, thwarting attempts to factor or guess information about the secret.03-24-2011
20120303959SOURCE-OF-LEAKAGE DETECTABLE E-MAIL ADDRESS FORMING, SENDING AND DETECTION - Provides e-mail address forming methods to know with certainty whether or not an e-mail address was leaked. A method includes: sending a receiver's identifier and a sender's identifier to a receiver's mail server; computing a value which is encrypted by the mail server with a secret key, the secret key being only possessed by the mail server, from the receiver's identifier, the sender's identifier, and a nonce issued by the mail server, and sending the value to a receiver; and forming an e-mail address (LD address) to be used by a sender who sends a mail to a receiver, by attaching a receiver's domain name to the encrypted value. Furthermore, the present invention has an e-mail address sending method, and en e-mail sending system which uses the e-mail address forming method to know with certainty whether or not the user of an e-mail address leaked the e-mail address.11-29-2012
20120303958SOURCE-OF-LEAKAGE DETECTABLE E-MAIL ADDRESS FORMING, SENDING AND DETECTION - Provides e-mail address forming methods to know with certainty whether or not an e-mail address was leaked. A method includes: sending a receiver's identifier and a sender's identifier to a receiver's mail server; computing a value which is encrypted by the mail server with a secret key, the secret key being only possessed by the mail server, from the receiver's identifier, the sender's identifier, and a nonce issued by the mail server, and sending the value to a receiver; and forming an e-mail address (LD address) to be used by a sender who sends a mail to a receiver, by attaching a receiver's domain name to the encrypted value. Furthermore, the present invention has an e-mail address sending method, and en e-mail sending system which uses the e-mail address forming method to know with certainty whether or not the user of an e-mail address leaked the e-mail address.11-29-2012
20120303957SOURCE-OF-LEAKAGE DETECTABLE E-MAIL ADDRESS FORMING, SENDING AND DETECTION - Provides e-mail address forming methods to know with certainty whether or not an e-mail address was leaked. A method includes: sending a receiver's identifier and a sender's identifier to a receiver's mail server; computing a value which is encrypted by the mail server with a secret key, the secret key being only possessed by the mail server, from the receiver's identifier, the sender's identifier, and a nonce issued by the mail server, and sending the value to a receiver; and forming an e-mail address (LD address) to be used by a sender who sends a mail to a receiver, by attaching a receiver's domain name to the encrypted value. Furthermore, the present invention has an e-mail address sending method, and en e-mail sending system which uses the e-mail address forming method to know with certainty whether or not the user of an e-mail address leaked the e-mail address.11-29-2012
20120303956SYSTEM AND METHOD FOR VERIFYING DELIVERY AND INTEGRITY OF ELECTRONIC MESSAGES - A server transmits a message from a sender to a destination address. During transmission, the server and the destination address have a dialog constituting an attachment, via a particular one of SMTP and ESMTP protocols, concerning the message, the server and the destination address. The message passes through servers between the server and the destination address. This passage is included in the attachment. Verifiers are provided for the message and for the attachments. The verifiers may constitute encrypted hashes of the message and of the attachment. The sender receives the message, the attachments and the verifications from the server before authentication and transmits the message, the attachments and the verifiers to the server to obtain authentication by the server. The server operates on the message and the message verifier to authenticate the message and operates on the attachments and the attachments' verifier to verify the attachments.11-29-2012
20110078442METHOD, DEVICE, SYSTEM AND SERVER FOR NETWORK AUTHENTICATION - A method, a device, a system and a server for network authentication are provided. The method includes: receiving a user authentication request forwarded by a second Access Management Functional Entity (AM-FE) when a user is attached to the second AM-FE from a first AM-FE; obtaining an authentication key of a security domain of the second AM-FE according to the user authentication request; and authenticating the user by using the authentication key. The following problems are solved: packets of user services are lost and even services are temporarily interrupted because of long time consumption and poor security during intra-domain or inter-domain handover of the user. Therefore, the safe authentication of the user's intra-domain or inter-domain roaming is achieved, and thus the security and reliability of user authentication are improved.03-31-2011
20110078440METHOD AND APPARATUS TO IMPLEMENT VALID MOBILE TICKET TRANSFER - Computer-implemented methods and apparatus to perform a valid transfer of an electronic mobile ticket on a mobile device by a ticketing application system of a ticket processing center. One method includes: receiving a first electronic message from a first user, where the first message includes an encrypted electronic mobile ticket and a mobile device number of a second user, and where the electronic mobile ticket is encrypted with a key shared between the first user and the ticketing application system; decrypting the encrypted electronic mobile ticket; generating an electronic mobile ticket encrypted with a key shared by the ticketing application system and the second user; and transmitting a second electronic message that includes the electronic mobile ticket encrypted with the key shared between the ticketing application system and the second user to a mobile device of the second user.03-31-2011
20110072264Secure information storage and retrieval apparatus and method - A user using a client computer registers with a server computer over a computer network by submitting a biometric scan of a body part of the user. The user commands the client computer to encrypt an electronic file. The client computer generates a private key, encrypts the electronic file and transmits the key to the server computer. The client computer saves the encrypted file. The encrypted file and the key are saved at different physical locations. The owner of the file is able to grant permission to other registered users to unlock the encrypted file.03-24-2011
20110072263Device Pairing Based on Graphically Encoded Data - In a computing device, both an address of a first device and a secret are graphically encoded to generate one or more images that can be captured by a second device. The second device captures and decodes the one or more images, and sends a communication initiation request to the address of the first device. The communication initiation request includes the address of the second device and identifies the secret. Communication between the first and second device continues only if the first device verifies, based on the communication initiation request, that the second device knows the secret.03-24-2011
20110072262System and Method for Identifying Security Breach Attempts of a Website - The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on.03-24-2011
20110252237Authorizing Remote Access Points - Authorizing remote access points for use in a network: A remote access point contains identity information established during manufacturing; this identity information may be in the nature of a digital certificate which can be used to establish a secure connection between networked entities. After the remote access point is provisioned to communicate securely to a controller using its TCP/IP address provided by a user, the remote access point is put into an un-authorized state by the controller pending further authorization. The user is presented with a secure captive portal page authenticating the end-user. This authorization may be through entering a user name and password, through presenting a certificate, through two-factor methods, or other methods known to the art. User's authentication credentials are verified by the controller. Optionally this verification can be performed using a per-user certificate. After the remote access point has been authorized, the controller marks it verified as a fully functional node, and saves this state. The user performing the authorization is associated with the remote access point, and may be used to monitor the usage and potentially revoke the authorization. The remote access point is provisioned with the current provisioning parameters for the remote access point as configured by the IT administrator for the end user, so that each remote access point can have unique per-user configuration applied.10-13-2011
20110060908BIOMETRIC AUTHENTICATION SYSTEM FOR ENHANCING NETWORK SECURITY - A network-based biometric authentication system includes a client computer (03-10-2011
20110060907METHOD FOR ANALYZING SIMULTANEOUSLY TRANSMITTED, ENCODED DATA STREAMS - In a data stream individually encoded data stream (ds03-10-2011
20110060906PROCEDE ET DISPOSITIF DE SECURISATION DE TRANSFERTS DE DONNEES - The method of securing data transfer comprises: a step of attempting to transmit a document from a document sender to at least one document recipient, by implementing at least one transmission attribute and for at least one step of attempted transmission, a step of evaluating the value of at least one transmission attribute and a step of making the evaluation of the value of the transmission attribute available to the sender. Preferably, in the course of the evaluating step, the evaluation is dependent on the anomalies of correspondence that are observed for each attempted transmission. Preferably, in the course of the evaluating step, the evaluation is, moreover, dependent on the elements provided by the recipient in the course of a step of registering with an electronic document transmission service.03-10-2011
20110016314METHODS AND ENTITIES USING IPSec ESP TO SUPPORT SECURITY FUNCTIONALITY FOR UDP-BASED OMA ENABLES - Methods in OMA SEC_CF for providing security services to traffic over UDP between a client and a server and the relevant entities are provided. A pre-shared key is pre-shared between the client and the server. A pair of IPSec ESP SAs between the client and the server is established without shared key negotiation, wherein traffic data cryptographic algorithms are determined. Traffic data security keys are derived from the pre-shared key via the determined traffic data cryptographic algorithms. Then, data of the traffic can be provided with security services with the traffic data security keys through use of IPSec ESP.01-20-2011
20100313019METHOD AND SYSTEM FOR MANAGING A SOFTWARE APPLICATION ON A MOBILE COMPUTING DEVICE - A method of and system for managing a one time password security software application employed on a mobile computing device (12-09-2010
20110016315METHOD AND SYSTEM FOR MULTIMEDIA TAGS - A multimedia data construct called a tag (FIG. 01-20-2011
20110258444Network Controller Decryption - A system for selectively transmitting packets involves marking a plurality of packets coming into a transmit queue with an indicator of a packet type. Some packet types may take longer to process than others. For example, packets associated with security protocols may take a longer time to process than those that do not involve security processing. A dispatcher may determine based on the marking of the packet whether it is a security or a non-security packet and may determine when to transmit the packet based on that information.10-20-2011
20100306536SYSTEM AND METHOD FOR ROUTING MESSAGES BETWEEN APPLICATIONS - A system and method for enabling the interchange of enterprise data through an open platform is disclosed. This open platform can be based on a standardized interface that enables parties to easily connect to and use the network. Services operating as senders, recipients, and in-transit parties can therefore leverage a framework that overlays a public network.12-02-2010
20110252239METHOD FOR PROTECTING THE FIRST MESSAGE OF SECURITY PROTOCOL - The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved.10-13-2011
20110258449SECURE PROXIMITY VERIFICATION OF A NODE ON A NETWORK - A system and method determines the proximity of the target node to the source node from the time required to communicate messages within the node-verification protocol. The node-verification protocol includes a query-response sequence, wherein the source node communicates a query to the target node, and the target node communicates a corresponding response to the source node. The target node is configured to communicate two responses to the query: a first response that is transmitted immediately upon receipt of the query, and a second response based on the contents of the query. The communication time is determined based on the time duration between the transmission of the query and receipt of the first response at the source node and the second response is compared for correspondence to the query, to verify the authenticity of the target node.10-20-2011
20110258448METHOD AND SYSTEM OF SECURED DIRECT LINK SET-UP (DLS) FOR WIRELESS NETWORKS - Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure.10-20-2011
20110258447METHOD, SYSTEM AND AUTHENTICATION CENTRE FOR AUTHENTICATING IN END-TO-END COMMUNICATIONS BASED ON A MOBILE NETWORK - The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.10-20-2011
20110258445Apparatus and method for signaling enhanced security context for session encryption and integrity keys - Disclosed is a method for establishing an enhanced security context between a remote station and a serving network. In the method, the remote station forwards a first message to the serving network, wherein the first message includes an information element signaling that the remote station supports an enhanced security context. The remote station generates at least one session key, in accordance with the enhanced security context, using the information element. The remote station receives, in response to the first message, a second message having an indication that the serving network supports the enhanced security context. The remote station, in response to the second message, has wireless communications protected by the at least one session key.10-20-2011
20110258443USER AUTHENTICATION IN A TAG-BASED SERVICE - There is provided an exemplary method for accessing a personalized tag-based service using a mobile communication device. The service may be provided by an application server. The exemplary method comprises capturing the tag using a reader unit of the mobile communication device and passing information included in the tag to an application. The exemplary method also comprises generating a service request based on the information with the application, and adding to the service request a security feature, the security feature being generated using information uniquely assigned to a user of the mobile communication device. The service request may be transmitted from the mobile communication device to a certification unit. The exemplary method additionally comprises verifying with the certification unit the security feature included in the service request and confirming the authenticity of the service request to the application server in response to a successful verification of the security feature.10-20-2011
20110258440SYSTEM AND METHOD OF ENCRYPTING A DERIVATIVE WORK USING A CIPHER CREATED FROM ITS SOURCE - A derivative work is encrypted using a cipher created from digital sources used to create the derivative work. A software application made available for download permits a mix artist to generate a derivative-encrypted work from a derivative work that the mix artist has created using one or more of the digital sources. The derivative-encrypted work is streamed to a worldwide web server, where it is made available for download by consumers for a fee. The software application is also available for download by the consumers and permits the consumers to purchase and download any available derivative-encrypted work. However, the derivative-encrypted works can only be decrypted if the consumer has possession of a digital source for each of the source art works associated with the digital sources used to create the derivative work.10-20-2011
20120204031SYSTEM AND METHOD FOR DISTRIBUTING KEYS IN A WIRELESS NETWORK - A technique for improving authentication speed when a client roams from a first authentication domain to a second authentication domain involves coupling authenticators associated with the first and second authentication domains to an authentication server. A system according to the technique may include, for example, a first authenticator using an encryption key to ensure secure network communication, a second authenticator using the same encryption key to ensure secure network communication, and a server coupled to the first authenticator and the second authenticator wherein the server distributes, to the first authenticator and the second authenticator, information to extract the encryption key from messages that a client sends to the first authenticator and the second authenticator.08-09-2012
20120204030METHOD AND SYSTEM FOR CLOUD BASED STORAGE - A method is disclosed wherein a first virtual machine is provided in execution. A storage area network for storing of data of the first virtual machine is also provided. A second virtual machine is executed for receiving first data from the first virtual machine for storage within the storage area network and for securing the first data to form secured first data and for storing the secured first data within the storage area network.08-09-2012
20090240939SYSTEM AND METHOD FOR AUTHENTICATION IN WIRELESS NETWORKS BY MEANS OF ONE-TIME PASSWORDS - The present invention is directed to perform high-reliable authentication using a one-way function that a communication is a communication which was performed with the same apparatus to be authenticated by storing a password only in an apparatus to be authenticated (it is unnecessary to store a password in both of an authentication apparatus and an apparatus to be authenticated) without transmitting a challenge code. When a setting is updated in a setting management server, authentication is performed by using a one-time password obtained last time. A sound communication terminal performs a process using a hash function once on a one-time password transmitted this time, and performs authentication by determining whether the processed one-time password matches a one-time password obtained last time or not. Whether the information at the time of the change in the setting is proper or not is determined by a sound terminal.09-24-2009
20090240938Device, System and Method for Service Delivery with Anti-Emulation Mechanism - A method for service delivery to a client, in which the client selects a service, and establishes a connection with a system server to which it sends an identity associated with the client and an identifier of the service. The system server verifies that the client is authorised to access to the service and that the client is non-emulated. If this is verified, the service is provided to the client. In a preferred embodiment, the service is scrambled content and the system server provides a descrambling key to the client, and instructs a content server to provide the scrambled content to the client. Also claimed are a device, a system, and a system server.09-24-2009
20110161669System and Method for Enabling Device Dependent Rights Protection - A system and method for enhancing the protection of digital properties while also increasing the flexibility of distribution of the digital properties. In one embodiment, the digital property is protected through the binding of at least one unique client device identifier with the digital property prior to distribution. Decryption at a client device would therefore be dependent on a comparison of the unique client device identifier that is extracted from the encrypted digital property with a unique client device identifier of the device that is seeking to access the digital property.06-30-2011
20080320306Tag authentication system - An authentication method is disclosed that makes the identification information of an object public and performs authentication in referring, from the identification information, to the information of the object corresponding to the identification information. The method includes generating a third value through a predetermined operation of a temporary first value generated every time the identification information is referred to and a temporary second value generated for a referrer to the identification information; encrypting the third value by first and second different encryption methods; decrypting the third value encrypted by the first encryption method in a tag device attached to the object; and decrypting the third value encrypted by the second encryption method in an apparatus managing the information of the object, and comparing the third value decrypted in the apparatus with the third value decrypted in the tag device, thereby verifying the relationship between the object and the referrer thereto.12-25-2008
20080320305METHOD AND APPARATUS FOR SECURE COMMUNICATIONS AND RESOURCE SHARING BETWEEN ANONYMOUS NON-TRUSTING PARTIES WITH NO CENTRAL ADMINISTRATION - A unifying network model with a structure and architecture configured to address security, interoperability, mobility, and resource management, including priority and quality of services is provided. The network of the network model is structured as a hierarchical mesh network, with dynamically generated routing tables. The configuration of the network model optimizes routing and distributes communication load. Every device on the network is capable of being both an endpoint and a forwarder of communications. The network model may include underlying networks that are represented with one of two models, the link model or the star model. The nodes are organized in a hierarchical relationship structure to optimizes throughput. The model may include a cryptographic method of dynamically assigning local network addresses.12-25-2008
20080307224Removable Secure Portable Electronic Entity Including Means for Authorizing Deferred Retransmission - A removable secure portable electronic entity includes elements for receiving a broadcast digital content, elements for sending the received broadcast digital content, secure elements for deferred retransmission of the received digital content adapted to prohibit reproduction of the received digital content prior to sending it and to instigate the deferred sending of the received digital content by the sending elements, the elements being adapted to operate in parallel mode or in quasi-parallel mode. In variants, the secure deferred retransmission elements include a unit for storing the received digital content, for example a non-volatile memory. In variants, the secure deferred retransmission elements include members for authentication of a user.12-11-2008
20110258442System and method for secured peer-to-peer broadcast of instantaneous testimony in text format - A method and apparatus for securely broadcasting an instantaneous deposition testimony is provided. The method includes capturing a witness's testimony, authenticating the testimony, transmitting the testimony in instantaneous to authorized subscribers, viewers and participants remotely located from the deposition through a peer-to-peer network connection using the Internet. Accordingly, the invention allows subscribing attorneys to interactively access and save the textual deposition documents, while also allowing interactive communication between the deposing attorney and attorneys or colleagues at the home-office or other remote locations, during the deposition.10-20-2011
20110258446SYSTEMS AND METHODS FOR SERVER AIDED PROCESSING OF A SIGNED RECEIPT - A method for processing security communication protocol compliant signed receipts at a mobile communication device linked to a host system is provided. The host system receives an email message linked to a digital signature, and a signed receipt. The host system redirects the signed receipt to the mobile communication device. The host system determines if the email message is available at the mobile communication device, and if not, the host system retrieves the email message and redirects the email message to the mobile communication device. The mobile communication device can then verify the signed receipt based on the email message. Optionally, rather than the email message, the host system retrieves and/or recalculates data elements associated with the email message and required to verify the signed receipt, and redirects these data elements to the mobile communication device. A related system is provided, as well as server computer program for the host system, and device computer program for the mobile communication device.10-20-2011
20080229101AUTHENTICATED CORRESPONDENT DATABASE - A system that can intelligently drive down false positive rates with regard to identification and/or classification of spam correspondence is disclosed. Authentication information from sending domains can be stored and used to establish confidence and drive down the false positives related to acceptance and/or classification of communications. A correspondent database of known correspondents can be constructed using the authenticated information. Accordingly, decisions (e.g., white and black list) can be better informed by employing relationship and correspondent communication pattern data which is maintained within the correspondent database.09-18-2008
20080229103Private entity authentication for pervasive computing environments - A method is provided for authenticating an entity having a plurality of keys in a digital form residing on a claimant computing device. The method comprises: generating a first code word by applying a hash function to a first key residing on the claimant computing device; encoding the first code word into an array of bits having a Bloom filter format; generating a second code word by applying a hash function to a second key residing on the claimant computing device; encoding the second code word into the array of bits; and broadcasting an authentication message having the array of bits therein from the claimant computing device.09-18-2008
20080229102System and method for platform activation - A platform discrimination indication register is stored in a wireless network card. This register holds a platform discrimination indication that indicates whether the wireless network card can be used to transfer data with notebook computers or whether the wireless network card is restricted to transferring data from a personal digital assistant or defined set of restricted devices. The platform discrimination indication can be upgraded using a key value obtained from at Internet site. This key value is limited to a specific wireless network card because of the use of a unique electronic I.D. An Internet site encrypts the electronic I.D. to produce the first key, such as a platform activation key (PAK). This first key is then decrypted at the personal data device in order to obtain a unique calculated I.D. value. If the calculated I.D. value matches the electronic I.D. value on the wireless network card, then the platform discrimination indication is altered (upgraded), allowing the operation of the wireless network card with notebook computers.09-18-2008
20110161667TRUSTED GRAPHICS RENDERING FOR SAFER BROWSING ON MOBILE DEVICES - The present disclosure describes a method and apparatus for determining a safety level of a requested uniform resource locator (URL) on a mobile device. Secure memory may be configured to host at least one database comprising a plurality of uniform resource locators (URLs) and to also host information representing at least one logo indicative of a safety level of the URLs in the database. Secure circuitry may be configured to compare a requested URL with the database to determine if the requested URL corresponds to one of the URLs of the database and to select an appropriate logo stored in the secure memory. The secure circuitry may be further configured to direct overlay circuitry to blend the appropriate logo onto rendered data from a frame buffer video memory for display to a user.06-30-2011
20110055563ENCRYPTION OF SECURITY-SENSITIVE DATA BY RE-USING A CONNECTION - Techniques are provided for processing data. Connections having different security properties are stored, wherein each of the connections allows applications at the client computer to access data sources at a server computer. A request is received from an application to access a data source, wherein the request has associated security properties. In response to the client computer requesting establishment of a connection on behalf of the application, it is determined whether there is a stored connection that used a same set of security properties as are associated with the request from the application and that connected to the data source that the application requests access to. In response to determining that there is a stored connection that used the same set of security properties and that connected to the data source, the connection and an associated client encryption seed, client encryption token, server encryption seed, and server encryption token are re-used. In response to determining that there is not a connection that used the same set of security properties and that connected to the data source, a new client connection key, client encryption seed, client encryption token, sever connection key, server encryption seed, and server encryption token are generated.03-03-2011
20110055566Verifying a Message in a Communication Network - A method and apparatus for verifying a request for service in a communication network. An authentication node generates a secret and transmits the secret to a node providing a service. The authentication node then receives a request for authentication from a requesting node, and once the requesting node is authenticated, the authorisation node sends an identifier for the requesting node and a first token, which is derived using the secret and the identifier. A service providing node subsequently receives a request for service from the requesting node, the request including the identifier for the requesting node and the first token. The service providing node derives a second token using the identifier and the secret. If the first token and the second token match, then the service providing node allows the request, and if the first token and the second token do not match, then the request is refused.03-03-2011
20110055565IMS USER EQUIPMENT, CONTROL METHOD THEREOF, HOST DEVICE, AND CONTROL METHOD THEREOF. - An IMS User Equipment (UE) is provided. The IMS UE comprises: searching means for searching, based on UPnP technology, a UPnP network for a host device that has IMS subscription information, establishing means for establishing a session with the host device discovered by the searching means, subscription retrieving means for retrieving, from the host device via the session, the IMS subscription information, registering means for registering with the IMS network using the IMS subscription information, key retrieving means for retrieving, from the host device via the session, a first encryption key shared with an IMS application server (AS) in an IMS network by sending identity of the IMS AS to the host device via the session, and communicating means for performing encrypted communication with the IMS AS using the first encryption key.03-03-2011
20110055564METHOD AND DEVICE FOR TRANSMITTING MESSAGES IN REAL TIME - A method and system for transmitting a message in real time between users in a closed network of a vehicle (03-03-2011
20110055562PUBLIC KEY CERTIFICATE BASED SOCIAL WEBSITE ACCOUNT AUTHENTICATION - Methods of the present inventions allow for verifying the authenticity of social website accounts. An example embodiment of a public key certificate based social website account authentication method may comprise the steps of receiving a request (that may include a business name and a business email address) to verify the authenticity of a social website account and determining whether a public key certificate has been issued for the domain name used by the business email address. If a public key certificate has been issued, the method may further comprise determining whether the public key certificate identifies the business name and/or domain name provided in the original request. If so, the method may further comprise determining whether the business email address is under the control of the business and, if so, certifying the authenticity of the social website account.03-03-2011
20110055561ACCESS AUTHENTICATION METHOD SUITABLE FOR THE WIRE-LINE AND WIRELESS NETWORK - An access authentication method includes pre-establishing a security channel between the authentication server of the access point and the authentication server of the user terminal and performing the authentication process at user terminal and access point. The authentication process includes 1) the access point sending the authentication_activating message; 2) the user terminal sending the authentication server of user terminal request message; 3) the authentication server of the user terminal sending to the user terminal response message; and 4) completing the authentication.03-03-2011
20100281256HASH FUNCTION USING A PILING-UP PROCESS - In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of randomness exhibited by well known tetromino stacking games. Computation of the hash value (digest) is the result of executing such a “piling on” (tetromino stacking game) algorithm using the message as an input (a seed) to a pseudo random number generator which generates the game pieces (shapes) from the resulting random numbers, then executing the game algorithm.11-04-2010
20110258450METHOD FOR TRANSMITTING SYNCML SYNCHRONIZATION DATA - The present invention provides methods for transmitting SyncML synchronization data. One is that the originator constructs a SyncML message after encrypting the user data to be transmitted and then transmits the data in an existing transmission way; the user data includes, but is not confined to, authentication information, terminal capability information and the data to be synchronized; the other method is that the originator encrypts the SyncML message in the transport layer before transmitting the message, and the recipient deciphers the received SyncML message from transport layer and processes the message subsequently. The two methods can be used either separately or together. If they are used together, the transmission of SyncML synchronization data is provided with double safety insurance. By using the present invention, user data can be transmitted safely without being intercepted by the third party.10-20-2011
20080201576Information Processing Server And Information Processing Method - An information-processing server (08-21-2008
20110022841AUTHENTICATION SYSTEMS AND METHODS USING A PACKET TELEPHONY DEVICE - Authentication systems and methods for increasing the security of online account access and transactions by leveraging the use of customer equipment provided by VoIP service providers. A method includes registering a packet telephony device with a packet telephony service provider for subsequent packet telephony communication, where the registration is based at least on an encoded encryption key. On a subsequent request to access an account, instructions are transmitted which require physical access to the packet telephony device to perform. Upon receipt of an indication that the instructions were successfully performed, the request is authenticated and access to the account is granted. Authentication may require a secure connection be automatically established between a web-enabled device and a packet telephony device. The instant disclosure leverages the security in the customer equipment hardware such as a Terminal adaptor (TA) or router so that a compromised account may be recovered.01-27-2011
20110167266SYSTEMS AND METHODS FOR DOCUMENT CONTROL USING PUBLIC KEY ENCRYPTION - Systems and methods for document control using public key encryption are provided. An interface program serves as a software interface between user applications used to create and access documents and a data storage system that stores the documents in an encrypted form. When a document is saved for the first time, information corresponding to the destruction of that document is obtained either from a user or in accordance with predefined criteria. The document is encrypted and stored with a pointer to an encryption key on a token/key server. When the document is subsequently accessed, the interface program will read the pointer and attempt to retrieve the key. If the key has expired in accordance with the destruction policy, the document is inaccessible. Otherwise, the document is decrypted using the key. Multiple documents may be saved according to the same destruction policy and even the same key, thereby greatly enhancing the ability to “destroy” documents regardless of their location with minimal process.07-07-2011
20110179273Application Server, Control Method Thereof, Program, and Computer-Readable Storage Medium - An application server (07-21-2011
20110179272Method for Forming an Electronic Group - Method for managing an electronic group comprising two or more group members (07-21-2011
20110264912MANAGED SERVICES ENVIRONMENT PORTABILITY - A device and method for forming a portable network environment outside a managed network environment for sharing content is provided. A portable network device enables authorized consumption of content outside a managed environment. The portable network device may have an internal rechargeable battery and support wireless protocols such as Wi-Fi. The portable network device may act as a Wi-Fi base station allowing access to authorized Wi-Fi clients via a mesh network.10-27-2011
20100287372MAIL SERVER AND METHOD FOR SENDING E-MAILS TO THEIR RECIPIENTS - The present invention relates to a mail server for a network. The mail server has a sender part arranged to receive outgoing e-mails from users of the network and to send the received e-mails to their recipients. The sending part is arranged to copy at least some of the contents in the received e-mail to a storage. The sending part provides an amended e-mail based on the received e-mail, said amended e-mail comprising at least one pointer substituting the contents copied to the storage, said pointer pointing at said contents in said storage.11-11-2010
20100293377Methods and Apparatus for Performing Authentication and Decryption - Methods and apparatus are provided for performing authentication and decryption operations. A record including multiple encrypted blocks is received. An encrypted block in the record is extracted and decrypted first in order to obtain context information for performing authentication operations. Each remaining block is then decrypted and authenticated by using the available context information. Authentication operations can be performed without having to wait for the decryption of all of the blocks in the record.11-18-2010
20100293378METHOD, DEVICE AND SYSTEM OF ID BASED WIRELESS MULTI-HOP NETWORK AUTHENTICATION ACCESS - A method, device and system of ID based wireless multi-hop network authentication access are provided, which are used for security application protocol when the WAPI frame method (TePA, Triple-Element and Peer Authentication based access control method) is applied over the specific network including the wireless LAN, wireless WAN and wireless private network. The method includes the following steps: defining non-controlled port and controlled port; the coordinator broadcasts the beacon frame, the terminal device sends the connection request command; the coordinator and the terminal device perform the authentication procedure; the coordinator opens the controlled port and sends the connection response command at the same time if the authentication is successful; the terminal device receives the connection response command and opens the controlled port in order to access the network. The method of the present invention solves the technical problem of the presence of the security trouble in the present wireless multi-hop network authentication access method, improves the security and performance of accessing the wireless multi-hop network from the terminal device, and ensures the communication safety between the terminal device and the coordinator.11-18-2010
20100293373INTEGRITY SERVICE USING REGENERATED TRUST INTEGRITY GATHER PROGRAM - An approach is provided to receive a request at a first computer system from a second system. The first system generates an encryption key, modifies retrieved source code by inserting the generated encryption key into the source code, and compiles the modified source code into an executable. A hash value of the executable program is calculated and is stored along with the encryption key in a memory area. The executable and the hash value are sent to the second system over a network. The executable is executed and it generates an encrypted result using the hash value and the embedded encryption key. The encrypted result is sent back to the first system where it is authenticated using the stored encryption key and hash value.11-18-2010
20100293372ASYMMETRIC CRYPTOGRAPHY FOR WIRELESS SYSTEMS - A method for authenticating messages in a communication network includes forming a super message having a plurality of individual messages such that at least two of the individual messages are intended for separate receiving entities. The method further includes creating a message authentication code (MAC) using a private key, such that the MAC is configured to permit authentication of the super message using a public key.11-18-2010
20120151212Securing home agent to mobile node communication with HA-MN key - The invention is a new protocol for securing the communication link between the Home Agent and the Mobile Node. A cipher key and an integrity key are generated at a home AAA server and are also generated independently at the Mobile Node. The two keys generated at the home AAA server are transmitted to the Home Agent to secure information packets transmitted between the Mobile Node and the Home Agent. The cipher key and integrity key are used to establish a security association used for information packet transmissions. The cipher key is used to encrypt the information packets, and the integrity key is used to ensure that the contents of the encrypted message are not altered.06-14-2012
20110126013Systems and Methods to Securely Generate Shared Keys - A method for secure bidirectional communication between two systems is described. A first key pair and a second key pair are generated, the latter including a second public key that is generated based upon a shared secret. First and second public keys are sent to a second system, and third and fourth public keys are received from the second system. The fourth public key is generated based upon the shared secret. A master key for encrypting messages is calculated based upon a first private key, a second private key, the third public key and the fourth public key. For re-keying, a new second key pair having a new second public key and a new second private key is generated, and a new fourth public key is received. A new master key is calculated using elliptic curve calculations using the new second private key and the new fourth public key.05-26-2011
20110126012METHOD AND SYSTEM FOR SECURE DATA COLLECTION AND DISTRIBUTION - A data provider generates a data encryption key and an identifier, uses the data encryption key to encrypt data, sends the encrypted data and the identifier to a data requestor, and sends the data encryption key and the identifier to a crypto information server. The data requestor sends the identifier to the crypto information server to request the encryption key. The crypto information server authenticates the data requestor and, contingent on that authentication, sends the data encryption key to the data requestor. If a plurality of data instances are captured, then for each instance, a respective data encryption key and identifier are generated.05-26-2011
20110126011METHOD OF USER-AUTHENTICATED QUANTUM KEY DISTRIBUTION - A method of user-authenticated quantum key distribution according to the present invention shares a position having the same basis without making public basis information using previously shared secret keys and authenticates a quantum channel by confirming whether there is the same measured outcome at that position, in order to secure unconditional security of BB84 quantum key distribution (QKD) protocols vulnerable to man-in-the-middle attack.05-26-2011
20110126009Event Triggered Pairing of Wireless Communication Devices Based on Time Measurements - An event-triggered pairing mechanism allows pairing wireless devices having short range interfaces (e.g., Bluetooth devices) by bumping the wireless devices together. A wireless device being paired with a connecting device detects a bump event; exchanges time information about the bump event with the connecting device; authenticates the connecting device based on the exchanged time information; and allows exchange of user data with the connecting device based on verification of the exchanged time information. Once the devices are paired, user content can be securely exchanged between the devices.05-26-2011
20110138176SYSTEMS AND METHODS FOR FACILITATING USER IDENTITY VERIFICATION OVER A NETWORK - In accordance with embodiments of the present disclosure, systems and methods for facilitating network transactions including user identity verification over a network provide strong mutual authentication of client web application to server side application server, provide session encryption key negotiation after authentication to continue encryption during communication, and provide a high-level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm. In various implementations, the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password) with something the user Has (e.g., a biometric signature) to create a stronger identity authentication proof for access to a mobile device and applications running on that device.06-09-2011
20110138178SYSTEM AND METHOD FOR CONTROLLING DATA COMMUNICATIONS BETWEEN A SERVER AND A CLIENT DEVICE - A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.06-09-2011
20110138182Method for Generating a Cipher-based Message Authentication Code - In a method for generating a cipher-based message authentication code, a state array (06-09-2011
20110138181MULTI-PARTY ENCRYPTION SYSTEMS AND METHODS - A cryptographic communication system and method having a first plurality of stations, each of the first plurality of stations having at least one encryption key K06-09-2011
20110138177ONLINE PUBLIC KEY INFRASTRUCTURE (PKI) SYSTEM - A method is provided for updating network-enabled devices with new identity data. The method includes requesting new identity data for a plurality of network-enabled devices and receiving notification that the new identity data is ready to be delivered to the plurality of network-enabled devices. A software object is delivered to the plurality of network-enabled devices over a first communications network. Each of the software objects is configured to cause the network-enabled devices to download the new identity data to the respective network-enabled device over a second communications network and install the new identity data at a time based at least in part on information included with the software object.06-09-2011
20110138175MANAGED VIRTUAL POINT TO POINT COMMUNICATION SERVICE HAVING VERIFIED DIRECTORY, SECURE TRANSMISSION AND CONTROLLED DELIVERY - A system for providing a managed virtual point to point communication service having a verified directory and providing secure transmission and controlled delivery of electronic document images may include a memory, an interface, and a processor. The memory may store a verified directory of users. The interface may communicate with devices of sending and receiving users in the verified directory. The processor may be operative to receive a request to deliver an electronic document image from a sending user to a receiving user. The processor may provide secure access to the electronic document image to the receiving user. The processor may provide a delivery confirmation to the sending device of the sending user upon determining that the electronic document image was securely accessed by the receiving user. The delivery confirmation may indicate that the electronic document image was securely transmitted to the receiving user.06-09-2011
20120311333SYSTEM AND METHOD FOR AUTHENTICATING IDENTITY OF DISCOVERED COMPONENT IN AN INFINIBAND (IB) NETWORK - A system and method can verify trustfulness of a fabric component in an InfiniBand (IB) fabric. A subnet manager that is responsible for authenticating the fabric component using private/public key pairs. The subnet manager can first send a first encrypted message to a fabric component in the IB fabric, wherein the first encrypted message contains a token and is encrypted using a public key associated with the fabric component. Then, the fabric component is allowed to decode the first encrypted message using a private key associated with the fabric component, and to send a second encrypted message back to the subnet manager. Finally, the subnet manager can authenticate the fabric component if the second encrypted message contains correct information.12-06-2012
20120311332SYSTEM AND METHOD FOR PROVIDING SECURE SUBNET MANAGEMENT AGENT (SMA) IN AN INFINIBAND (IB) NETWORK - A system and method can provide a secure subnet management agent (SMA) in an Infiniband (IB) network. The system can comprise a host channel adapter (HCA) associated with a host, wherein the HCA operates to implement a SMA in its embedded firmware. The HCA can prevent a host administrator or software with root access to the host from changing the embedded firmware on the HCA and modifying one or more states associated with the SMA without being endorsed by a site administrator. Additionally, the SMA is associated with a management key, and the host is not allowed to observe the management key without being endorsed by a site administrator.12-06-2012
20120311331LOGON VERIFICATION APPARATUS, SYSTEM AND METHOD FOR PERFORMING LOGON VERIFICATION - An apparatus for performing logon verification comprising: an obtaining device configured to obtain from a user certificate, for a first logon verification, first encryption information, second encryption information, and first decryption data in first decryption information associated with the first logon verification, the first and second encryption information are obtained by encrypting unique identification of the user according to first and second encryption method, respectively; a decrypting device configured to decrypt, based on second decryption information associated with the first logon verification and the first decryption data, the second encryption information according to a decryption method corresponding to the second encryption method to obtain the identification; an encrypting device configured to encrypt the obtained identification according to the first encryption method to obtain third encryption information; and a verifying device configured to confirms the first logon verification successful if the first and third encryption information are identical.12-06-2012
20120311330METHOD AND SYSTEM FOR SINGLE SIGN-ON - A method and a system for single sign-on are provided by the present invention, wherein the method comprises: a terminal sending an authentication request carrying a user identity identification to an RP and the RP redirecting the authentication request to an authentication center; the authentication center authenticating the terminal by means of SIP Digest and redirecting the authentication result to the RP via the terminal; and the RP providing services for the terminal according to an authentication result. By the present invention, the resources required by the operators to deploy GBAs are reduced, at the same time the requirement of non-UICC terminals accessing IMS network can be met, and the relevant application services of the IMS network can be accessed by means of SSO.12-06-2012
20120311329SYSTEM AND METHOD FOR SECURE INSTANT MESSAGING - A system and method for secure instant messaging are described. For example, in one embodiment, a first user identifies a second user for an instant messaging session with the ID code of the second user. The first user is provided with network information for the second user and a public key associated with the second user. The first user encrypts an instant message using the public key of the second user and a private key. In one embodiment, the first user encrypts the content of the instant message (e.g., any text and/or attachments) using the public key of the second user and signs the content using the private key of the first user. The encrypted message is transmitted from the first user to the second user. The second user decrypts the instant message using the second user's private key and verifies the signature with the first user's public key.12-06-2012
20120311328PROBE RESPONSE SUPPORTED WIRELESS AUTOCONNECTION - Computing devices can autoconnect to access points even if they have not previously received authentication information for those access points. A computing device broadcasts a probe request, comprising a request for authentication information. An access point receiving such a probe request generates a probe response that provides authentication information that the computing device can then utilize to establish a useful communication connection to the access point. The provided authentication information can be either encrypted or unencrypted, and can be encrypted for specific users or specific computing devices. Dedicated application programs can decrypt encrypted authentication information, thereby enabling autoconnecting, while also delivering targeted information to users of the autoconnecting computing devices from a retailer hosting the access point. Authentication information for a “landing page” can be provided to a web browser to enable autoconnection.12-06-2012
20100180117RANDOM SIGNAL GENERATOR - A random signal generator uses a folded MOS transistor, whose drain-source current includes a random component, as an electronic noise source. The random signal generator generates a random binary signal from the random component. The invention may be applied, in particular, to smart cards.07-15-2010
20110138180SECURE METHOD OF TERMINATION OF SERVICE NOTIFICATION - A method for notifying a client device of termination of at least one service provided to the client device by a server system within an enterprise network is disclosed. The method includes the step of establishing authentication data and notification data, where the authentication data is related to the notification data, and sending the authentication data to the client device for storage during a provisioning operation. When the server system identifies a termination of service, it sends the notification data to the client device, which may then authenticate the received notification data using the authentication data.06-09-2011
20110138179Scalable Session Management - Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.06-09-2011
20110010547SERVER AUTHENTICATION SYSTEM, SERVER AUTHENTICATION METHOD, AND PROGRAM FOR SERVER AUTHENTICATION - In order to complete an authentication process in shorter time in a case where there is a large number of clients which concurrently authenticate a server, the server in a server authentication system includes an address key allocation means for generating an identifier to identify each of the clients by a combination of addresses on a plurality of address spaces and allocating address keys to the respective addresses configuring the generated identifier, and a message authentication code generation means for generating message authentication codes corresponding to a message by using the address keys allocated by the address key allocation means. Each of the clients includes a server authentication means for authenticating the server based on the message authentication codes generated by the message authentication code generation means.01-13-2011
20100153719Lightweight Authentication Method and System for Low-Cost Devices Without Pseudorandom Number Generator - An algorithm or an authentication system for a low-cost authenticating device such as a radio frequency identification (RFID) tag, or a sensor node are provided, by which authentication is processed efficiently without requiring a random number. A claimant entity attempting to be authenticated and a verifying entity to authenticate the claimant entity, share a plurality of secret keys so that authentication is processed as the claimant entity responds to a challenge by the verifying entity. The verifying entity and the claimant entity perform authentication using Learning Parity with Noise (LPN) problem. The claimant entity may generate an encrypted value for use in the authentication, using a basic Boolean Exclusive OR and a logical AND operations.06-17-2010
20100122090Secure Bytecode Instrumentation Facility - A secure bytecode instrumentation facility, wherein a new code fragment is registered in an encrypted registry by first extracting a digital certificate from a specified code fragment location. A certification authority (CA) in the digital certificate is compared against a list of registered trusted certification authorities in the registry. If the CA is in the registry list, the code fragment origin in the digital certificate is compared against a list of registered trusted origins in the registry. If the code fragment origin is in the registry list, a determination is made as to whether the code fragment is authentic. If so, the information of the code fragment is recorded into the registry. The injection of code fragments may begin upon the initialization of the instrumentation facility if the encrypted registry has not been corrupted since last accessed, and if the code fragment content matches code fragment information in the registry.05-13-2010
20100122089SYSTEM AND METHOD FOR COMPRESSING SECURE E-MAIL FOR EXCHANGE WITH A MOBILE DATA COMMUNICATION DEVICE - A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device: the message is processed so as to modify the message with respect to encryption and/or authentication aspect. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a remote system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the remote system to one or more receivers.05-13-2010
20100122087METHOD AND APPARATUS FOR LOGGING IN A HEALTH INFORMATION TELE-MONITORING DEVICE BY USING A PERSONAL PORTABLE DEVICE - A method of logging in a health information tele-monitoring device by using a personal portable device. The method includes issuing a security key embedded in a health information tele-monitoring device to a personal portable device, storing the security key issued by the health information tele-monitoring device in the user's personal portable device; requesting the user's personal portable device to authenticate the health information tele-monitoring device in order to connect the health information tele-monitoring device to a healthcare server; and authorizing access of the health information tele-monitoring device to the healthcare server.05-13-2010
20100122088METHOD AND SYSTEM FOR CONTROL OF CODE EXECUTION ON A GENERAL PURPOSE COMPUTING DEVICE AND CONTROL OF CODE EXECUTION IN A RECURSIVE SECURITY PROTOCOL - Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained.05-13-2010
20110093708METHOD FOR PERSONALIZING AN AUTHENTICATION TOKEN - An authentication token using a smart card that an organisation would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user.04-21-2011
20110093709Providing Social-Network Information to Third-Party Systems - Particular embodiments receive, at a first computing device associated with a social-networking system and from a second computing device associated with a third-party system, a query comprising a first identifier corresponding to a user of the third-party system, wherein the first identifier is computed by applying a hash algorithm to a user credential associated with the user of the third-party system; determine, by the first computing device, whether the user of the third-party system matches any member of the social-networking system; and if the second identifier corresponding to a member of the social-networking system matches the first identifier, then send, by the first computing device to the second computing device, social-network information of the member of the social-networking system in response to the query.04-21-2011
20110093704METHOD AND APPARATUS FOR PROVIDING SERVICE USING PERSONAL NETWORK - A method and apparatus in which a device capable of near-field communication receives a service from an external network using a communication function of a device capable of accessing the external network. A personal network is formed with devices having different users, and subscriber information for each user is safely acquired and authenticated, making it possible to provide a service received from the external network to the devices included in the personal network more conveniently.04-21-2011
20110093703Authentication of Computing and Communications Hardware - A method for authenticating a computing device or hardware component includes computer-implemented process steps for assigning a unique identifier to the hardware component, generating a baseline fingerprint for the hardware component using algorithm-processing characteristic configuration data determined from the hardware component as input, wherein the baseline fingerprint is capable of being regenerated from the hardware component so long as configuration of the hardware component is not changed, transmitting the identifier in association with the baseline fingerprint for storage in a computer-readable data structure, and generating a data signal, in response to a query comprising the assigned identifier, indicating whether the stored baseline fingerprint for the assigned identifier matches a second fingerprint regenerated from the hardware component at a time after the baseline fingerprint is generated.04-21-2011
20110093706ENCRYPTION DEVICE, KEY DISTRIBUTION DEVICE AND KEY DISTRIBUTION SYSTEM - A key distribution system distributes key data for using content to a second encryption device that has been legitimately outsourced processing by a first encryption device. The first encryption device acquires permission information indicating that the first encryption device has permission to use the content, generates certification information by making an irreversible alteration the to permission information, and transmits the permission information and the certification information to the second encryption device. The second encryption device receives the permission information and the certification information, sends them to a key distribution device, and acquires the key data from the key distribution device. The key distribution device receives the permission information and the certification information, judges whether or not the certification information was generated by the by the first encryption device, and if judging in the affirmative, transmits the key data to the second encryption device.04-21-2011
20110093705METHOD, DEVICE, AND SYSTEM FOR REGISTERING USER GENERATED CONTENT - A method, a device, and a system for registering user generated content (UGC) are provided. The method for registering UGC includes the following steps. A content registration request is received, in which the content registration request carries a UGC and a guarantee credential corresponding to the UGC, and the guarantee credential is generated by a third party network entity. The UGC is registered according to the guarantee credential. The device and the system correspond to the method. Therefore, the registration of UGC is realized with a simple, feasible, and diversified registration method.04-21-2011
20100223466SHARED SCALABLE SERVER TO CONTROL CONFIDENTAL EVENT TRAFFIC AMONG RECORDATION TERMINALS, ANALYSIS ENGINES, AND A STORAGE FARM COUPLED VIA A PUBLIC NETWORK - A highly secure event server receiving and storing encrypted assets and references to those assets over a public wide area network. A system for selectively decrypting and transmitting references to analysis clients such as authenticated mutually unconscious users, and retrieving, decrypting and transmitting certain assets from high-volume storage, distributed storage, or in transit. A method for controlling a plurality of event recordation clients and a plurality of analysis clients transmitting policies and commands requesting upload of assets and obtaining status solely by receiving client initiated sessions.09-02-2010
20120151210EXTENDED SECURITY FOR WIRELESS DEVICE HANDSET AUTHENTICATION - A mobile device is related to a user account. An agent implemented as processor instructions on a computing device sends login information to a service provider server. The service provider server compares the login information to the user account, performs a proximity check of the mobile device and the computing device, and sends authorization to the agent to approve an exchange of data with an application on the computing device.06-14-2012
20090300355Information Sharing Method and Apparatus - Embodiments of the present invention relate to methods and apparatus for sharing information with third parties and providing mechanisms whereby those third parties may legitimately pass the personal information on to other, for example affiliated, third parties. In one example of information sharing, information is shared electronically between an information provider and an information requester, the information provider storing a body of information and associated sharing criteria provided by an originator, receiving a first information request from a first requestor and revealing the information and the sharing criteria to the first requestor if the first request is authorised by the originator, receiving a second information request from a second requestor and revealing the information to the second requestor if the second request contains an information identifier obtained from the first requester and the sharing criteria so permits, and storing evidence of information requests.12-03-2009
20090300354METHOD AND APPARATUS FOR PREVENTING REPLAY ATTACK IN WIRELESS NETWORK ENVIRONMENT - A method for preventing a replay attack is provided. A prime number is mutually exchanged between a main node and children nodes. The main node generates a Prime Sequence Code Matrix (PSCM) corresponding to the prime number, notifies the children nodes of sequence orders corresponding to the children nodes. The main node selects an arbitrary value of a Prime Sequence Code-1 (PSC1) among a series of values corresponding to an arbitrary node in the PSCM. The arbitrary node computes a Prime Sequence Code-2 (PSC2) subsequent to receiving the PSC1 using a sequence order received from the main node and the prime number. The PSC2 is transmitted to the main node. The main node compares the received PSC2 with the PSCM. The method can be easily applied by supplementing a weakness for a replay attack on the basis of an IEEE 802.15-4-2006 standard and minimizing system load.12-03-2009
20090300353TRUSTED NETWORK INTERFACE - Systems and methods for combating and thwarting attacks by cybercriminals are provided. Network security appliances interposed between computer systems and public networks, such as the Internet, are configured to perform defensive and/or offensive actions against botnets and/or other cyber threats. According to some embodiments, network security appliances may be configured to perform coordinated defensive and/or offensive actions with other network security appliances.12-03-2009
20090300352Secure session identifiers - An apparatus and a method for an authentication protocol. In one embodiment, a server generates a sequence number, and a server message authentication code based on a server secret key. The server sends the sequence number, an account identifier, and the server message authentication code to the client. The client generates a client message authentication code over the sequence number, a request specific data, and a shared secret key between the client and the server. The client sends a request to the server. The request includes the sequence number, the account identifier, the server message authentication code, the request specific data, and the client message authentication code. The server determines the validity of the client request with the shared secret key.12-03-2009
20110154034DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTIONS - A secure mobile financial transaction is provided by receiving a list of protection methods from an external terminal over a communication network. A matrix of protection methods corresponding to the external terminal is created based on the identified protection methods. Security-related information is received from one or more trust mediator agents over the communication network. Rules corresponding to the received security related information are retrieved, and at least one protection method is selected from the matrix of protection methods based on the retrieved rules. The selected protection method is transmitted to the trust mediator agents for implementation.06-23-2011
20110191587Media Processing Devices With Joint Encryption-Compression, Joint Decryption-Decompression, And Methods Thereof - In one embodiment, a method of adaptive media streaming includes receiving a cipher media stream at a media device. The cipher media stream is compliant with a media compression standard. The cipher media stream is decrypted and decoded using an inverse stream cipher algorithm and a compressed media stream is generated by combining the cipher media stream with a keystream.08-04-2011
20100031041Method and system for securing internet communication from hacking attacks - The present invention is directed to a method of authenticating internet communication using at least one reference URL along with associated, approved digital certificates. The method includes the use of a URL verification module for verifying communication from a source URL. Communications from the source URL are intercepted and comparison made with approved digital certificates to determine if communication is authorized.02-04-2010
20100031039METHOD AND APPARATUS FOR DATA PROTECTION SYSTEM USING GEOMETRY OF FRACTALS OR OTHER CHAOTIC SYSTEMS - In computer based data security systems which involve entity authenticating or document time stamping or other cases where data is to be derived from a previous state, the necessary linking values are calculated using recursive chaos based equations such as the type used in fractal theory (the Mandelbrot set) or the Lorentz attractor or other similar approaches. In each case a value in each step is calculated using these equations so that each authentication or timestamp or other data derivation is linked to the previous one in a chaotic way. This makes it impossible to calculate any one value in the link series without having the previous value, due to the chaos aspect thereby enhancing security.02-04-2010
20100031037SYSTEM AND METHOD FOR EXPORTING INDIVIDUAL DOCUMENT PROCESSING DEVICE TRUST RELATIONSHIPS - The subject application is directed to a system and method for exporting individual document processing device trust relationships. User data tokens are first stored in memory associated with a primary document processing device, with each token corresponding to access settings of a document processing device configured for the user associated with the token. Each of the tokens also includes user identification data, user role data, and user permission data. Selection data of one or more user data tokens is then received. An encrypted user data token is then generated, and device selection data corresponding to the identity of a second document processing device is received. Each of the encrypted user data tokens is then output to the second document processing device based upon the received device selection data.02-04-2010
20100031036SECURE WIRELESS COMMUNICATIONS SYSTEM AND RELATED METHOD - A wireless communications system may include wireless communications devices with each including a wireless transceiver and a processor coupled thereto for transmitting and receiving communications and using a challenge-response authentication protocol. The wireless communications devices may also include a master wireless communications device and a slave wireless communications device. The master wireless communications device may transmit a polling message including an unencrypted portion and an initial encrypted challenge portion. The slave wireless communications device may transmit a polling reply message including an unencrypted portion and an initial encrypted response portion based upon receiving the polling message from the master wireless communications device.02-04-2010
20100023762HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT - Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch processor that is used to validate authentication and authorization data that is valid only for an epoch. The epoch processor can maintain a public key that can be used to decrypt the authentication and authorization data during the epoch that the key is valid. The epoch processor can receive a new public key during each epoch. The epoch processor can also determine if the authentication or authorization data was fraudulently generated based on the contents of the data, and verifying whether the data is valid for the epoch in which it was decrypted.01-28-2010
20100023765METHOD FOR UPDATING A ROUTING ENTRY - The present invention concerns method for updating a routing entry BC for a communication partner node CN communicating with a communication originating node MN via a network containing at least one routing node HA, the method comprising the steps of: requesting 1. a routing entry update from said communication originating node MN to said communication partner node CN, wherein said update request contains at least an identification BUIN of the request, submitting 2. request verification information, associated to said identification BUIN of the update request, from said communication originating node MN to said at least one routing node, requesting 4. verification of said routing entry update by said communication partner node CN to said routing node HA using said identification BUIN of the update request, retrieving 5. said request verification information from said routing node based on said identification BUIN of the update request.01-28-2010
20100023763MULTI-INTERFACE MOBILITY CLIENT - A mobile node comprises: a plurality of network interfaces, each with a respective device driver; a network layer; a multi-interface driver capable of communication with each network interface by way of the respective device driver for that network interface, the multi-interface driver handling communications from the network layer to any of the network interfaces; the multi-interface driver switching from a first one of the network interfaces to a second one of the network interfaces by changing the one of the plurality of network interfaces with which the multi-interface driver communicates, while hiding the switching from the network layer.01-28-2010
20100017611Authentication system - An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one.01-21-2010
20100017610Authentication system - An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one.01-21-2010
20100017609METHOD AND DEVICE FOR CONTROLLING AND MANAGING COMPRESSED AND FREELY DOWNLOADED MULTIMEDIA FILES - The present invention relates to a method for controlling the distribution and use of digital multimedia files composed of binary data blocks according to an original format, and separated into at least two parts, characterised in that it includes a step of transmission, from a server of utilisation conditions, of the preferred parameters for the reconstruction of the whole or a part of said original file on a terminal.01-21-2010
20100017607METHODS AND SYSTEMS TO RESOLVE MESSAGE GROUP - A method and system for resolving addresses of a message including looking up, from a source directory, a group name associated with a message address of the message, looking up through a cache of user names mapped to user addresses, a user address for each of the looked up user names and returning an associated user address, and addressing the message to each looked up user addresses. Expanding group address by looking up user name in for group from source directory, looking up user address for each user name from user cache, addressing message to looked up user, address, and transmitting message to looked up user address.01-21-2010
20100017606Interoperable systems and methods for peer-to-peer service orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PAs.01-21-2010
20100017604METHOD, SYSTEM AND DEVICE FOR SYNCHRONIZING BETWEEN SERVER AND MOBILE DEVICE - An arrangement and corresponding method for authentication synchronizing cryptographic key information between a server and a client device, via data signals, where the client device at least comprises one client. The server is at least configured to generate and send to the client device a current encryption key and a next encryption key. The client device is at least configured to encrypt information on the client device using the next encryption key and the client device is at least configured to return a correct One Time Password using the current encryption key. As a consequence of the received correct One Time Password the server then knows that the client has received the current encryption key, used it and stored the information with the next encryption key. 01-21-2010
20100017603Extensible Authentication Protocol Authentication and Key Agreement (EAP-AKA) Optimization - Systems and methods are described for improved authentication of subscribers wishing to connect to a wireless network using the EAP-AKA protocol. Embodiments exploit the requirement that the client store and transmit the Pseudonym and Fast Re-authentication Identities upon request. By using the Fast Re-authentication Identity to store session state key information, the need for the AAA server to store and replicate the EAP-AKA key information for every session is eliminated.01-21-2010
20100017602Ad-Hoc Trust Establishment Using Visual Verification - Methods for ad-hoc trust establishment using visual verification are described. In a first embodiment, a visual representation of a shared data is generated on two or more devices and the visual representations generated can be visually compared by a user. This method can be used to verify that the correct devices are involved in a negotiation, when pre-existing trust relationships do not exist between the devices. The visual representation may, for example, comprise a picture with a number of different elements, each representing a part of the shared data. In another embodiment, a method of secure key exchange is described in which, before sharing the keys, the parties exchange information which encapsulates the key. This information can be used subsequently to check that a party has not changed the key that they are using and prevents a man in the middle attack.01-21-2010
20100017601Method and Server for Providing a Mobility Key - A method and authentication server provide a mobile key. According to the method, upon receipt of an authentication message (access authentication) that is transmitted when a subscriber logs on to the network, the authentication server extracts a subscriber identification contained in said message and generates a corresponding mobile key, which is stored together with the respective extracted subscriber identification. Upon subsequent receipt of a key request message (key request) that is transmitted when a subscriber registers, the authentication server extracts a mobile identification of the subscriber contained in said message and searches for an identical mobile identification, which can be derived in accordance with a configurable derivation function from a subscriber identification that is stored in the authentication server. Once a derived mobile identification that is identical or can be uniquely assigned to the extracted mobile identification has been found, the authentication server provides the stored corresponding mobile key that has been generated, to cryptographically protect the mobile signaling messages of the registered subscriber.01-21-2010
20110219231METHOD AND APPARATUS FOR IDENTIFYING CGA PUBLIC KEY, AND METHOD, APPARATUS, AND SYSTEM FOR DETERMINING CGA PUBLIC KEY - A method and an apparatus for identifying a Cryptographically Generated Address (CGA) public key, and a method, an apparatus, and a system for determining a CGA public key are disclosed. The method for identifying a CGA public key includes: receiving, by a receiving node, a first message protected using a public key from a sending node; obtaining a type of the public key according to the first message. The method for determining a CGA public key includes: receiving, by a receiving node, a first message protected using a public key from a sending node; obtaining, a type of the public key to be determined according to the first message; and judging whether the public key to be determined is supported by the receiving node according to the type of the public key to be determined; and, if the public key to be determined is supported by the receiving node, determining the public key as a public key supported by the receiving node. The embodiments of the present invention implement identification and determining of public keys in the process of CGA that supports multiple public keys.09-08-2011
20110219230SYSTEM AND METHOD OF NOTIFYING MOBILE DEVICES TO COMPLETE TRANSACTIONS - A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.09-08-2011
20110219229APPARATUS AND METHODS FOR RIGHTS-MANAGED CONTENT AND DATA DELIVERY - Methods and apparatus for providing access to content across a plurality of devices and environments. In one embodiment, a downloadable rights profile is utilized in order for a user device to determine whether to provide content to a subscriber. The user device is first registered to content delivery the network; the device then requests a rights profile indicating the rights of the subscriber associated with the device to access content. The rights profile is transmitted to the device. The rights profile may be configured to be valid only for a pre-determined time, thus enabling a subscriber's rights to be updated (including revoked). Security mechanisms may also be utilized to ensure access to content is limited only to authorized subscribers. In another embodiment, a user-based authentication procedure is utilized, thereby making the rights determination and content provision process completely agnostic to the underlying hardware.09-08-2011
20120042165METHOD FOR PROVIDING DATA ON MOBILE TERMINALS AND MOBILE TERMINAL FOR PERFORMING THE METHOD - A method for providing data on mobile terminals is provided. The method comprising the following steps: providing a continuous network connectivity of the plurality of mobile terminals of different users executing a local application on one of the terminals, which leads to a creation or a change of a data set and automatically providing the created or changed data set on the other terminals. The created or changed data set is automatically provided on the other terminals in that the created or changed data set is transmitted to the other terminals by means of a push service and the created or changed data set is transparently integrated into the corresponding local application on the other terminals.02-16-2012
20120042164MONITORING BASED ON CLIENT PERSPECTIVE - According to one general aspect, a method may include establishing a network tap point near, in a network topology sense, an intranet/internet access point device. The network tap point may provide a substantially non-intrusive means of viewing network communication through the intranet/internet access point. The method may include monitoring, via the network tap point, at least partially encrypted network communication between a client computing device that is within the intranet and server computing device that is within the internet. The method may also include analyzing the monitored at least partially encrypted network communication to generate at least one set of metrics regarding the performance of the network communication between the client computing device and server computing device.02-16-2012
20090183004CONDITIONAL ACCESS SYSTEM - The invention provides an improved conditional access system with efficient bandwidth usage on the interface between a receiver and a conditional access module. The conditional access system has a receiver, a selection module, a conditional access module and possibly a terminal. The conditional access module has a first memory for storing service identifiers of services and transmits one or more service identifiers to the selection module. The selection module receives an input signal from the receiver and selects from the input signal those sub-signals as identified by the service identifiers and transmits the sub-signals to the conditional access module.07-16-2009
20120042163SECURELY IDENTIFYING HOST SYSTEMS - Embodiments of the present invention allow for “end-user” provisioned instances to securely identify themselves beyond a simple user ID and password. Specifically, embodiments of the present invention use a multi-part security approach that includes (among other things): an identifying key (e.g., a shared private key) known by the cloud security system and the instance; and at least one additional security factor such as an identifier found in TCP/IP packets (e.g., an internet protocol address). In a typical embodiment, a request for an instance (e.g., a virtual machine) is received, and a template (e.g., an image) corresponding to the requested instance is identified. From this template, the instance is provisioned. Under the embodiments of the present invention, the instance will be provisioned to include a security key. When a request is thereafter received from the instance, the request is validated using the security key and the additional security factor(s).02-16-2012
20080201577AUTHENTICATION DEVICE AND METHOD - An apparatus for generating intermediate cryptogram data corresponding to a dynamic password for a first cryptographic scheme, the intermediate cryptogram data being suitable for display using a device designed for a second, different cryptographic scheme, the apparatus including: a communications interface for communicating with a said device; and a processor coupled to a memory, the memory storing processor control code to control the processor, when running, to: generate a dynamic password according to the first cryptographic scheme; and generate intermediate cryptogram data corresponding to said dynamic password, the intermediate cryptogram data being suitable for outputting to the said device so that, when the said device processes said intermediate cryptogram data according to the second cryptographic scheme, the said device generates data suitable for displaying said dynamic password.08-21-2008
20110307696MONITOR PORTAL, MONITOR SYSTEM, TERMINAL AND COMPUTER READABLE MEDIUM THEREOF - A monitor portal includes: a position information acquisition unit that acquires position information representing a position of a terminal connected to a communication network on the communication network; a command unit that commands a virtual server control unit that generate a plurality of virtual servers from at least one physical server connected to the communication network and control the virtual servers to generate the virtual servers based on the position information; and a transmission unit that transmits a program for causing the virtual server to function as a monitor unit for acquiring a state signal from the terminal based on the position information to the virtual server so that the virtual server executes the program.12-15-2011
20090172399Communication System For Providing The Delivery of E-Mail Message - A communication system comprising a sender unit, a recipient unit and a control unit, wherein the sender unit is adapted to generate an electronic message, to send the electronic message directly to the recipient unit, and to send a sending information message to the control unit indicating that the sender unit has sent the electronic message to the recipient unit, wherein the recipient unit is adapted to receive the electronic message directly from the sender unit and to send a receipt information message to the control unit, the receipt information message indicating that a user of the recipient unit has received the electronic message.07-02-2009
20090172398Method and Arrangement for Providing a Wireless Mesh Network - Provided are a method and an arrangement for creating a wireless mesh network in which a new node is provided that is connected between mesh nodes and an AAA server located in an infrastructure network. Based on basic encoding data that is available to the new node following successful initial authentication of a first mesh node, the new node performs the authentication similar to a proxy server instead of an AAA server, particularly for a limited time, during subsequent authentication attempts.07-02-2009
20090172397IMS Security for Femtocells - A mobile station can be authenticated by, for example, sending a challenge to a mobile station, and receiving a first authentication response from the mobile station through a wireless link, the first authentication response being generated based on the challenge and an authentication key stored at the mobile station. A second authentication response is generated based on the first authentication response. The second authentication response is provided to an IMS network for authenticating the mobile station to enable the mobile station to access the IMS network. In some examples, an authentication response of the mobile station is carried in an SIP message sent from the femtocell to a server that can authenticate the mobile station or forward the authentication response to another server that can authenticate the mobile station. Authentication of the mobile station can be performed as an integrated part of or separate from a registration process.07-02-2009
20090172396SECURE INPUT - In some embodiments input information received at an input device is encrypted before it is sent to a computer to be coupled to the input device. Other embodiments are described and claimed.07-02-2009
20090172395System and Method for Service Virtualization Using a MQ Proxy Network - A system, method, and computer program product for transmitting message traffic encapsulating a MQ network having a plurality of MQ clients coupled to a MQ queue via at least one MQ queue manager and at least one MQ proxy server coupled to the plurality of MQ clients. The at least one MQ proxy server retrieves a message from a first MQ client coupled thereto, evaluates the message content and forwards the message to the MQ queue via a designated MQ queue manager. If the destination MQ client is served by a second MQ proxy server the originating MQ proxy server notifies the second MQ proxy server coupled to the second MQ client. The second MQ proxy server retrieves the message from the MQ queue thru the designated MQ queue manager, evaluates the message content and forwards the message to the second MQ client. If the first MQ client and the second or destination MQ client are served by the same MQ proxy server, then the MQ proxy server will just retrieve the message from the MQ queue through the designated MQ queue manager and forward the message to the second MQ client.07-02-2009
20080276089Content Authentication and Recovery Using Digital Watermarks - The disclosure describes methods for using digital watermarking to authenticate digital media signals, such as images, audio and video signals. It also describes techniques for using embedded watermarks to repair altered parts of a media signal when alteration is detected. Alteration is detected using hashes, digital watermarks, and a combination of hashes and digital watermarks.11-06-2008
20120233461DATA TRANSMITTING APPARATUS AND DATA AUTHENTICATING METHOD - According to an aspect of the present invention, there is provided a data transmitting apparatus including an authenticator generating unit and a communicating unit. The authenticator generating unit generates a first authenticator by using a first encryption key and generates a second authenticator including a first to an n-th fragment information items by using a second encryption key. The communicating unit transmits a first packet including the first authenticator and the first fragment information item to a destination device and, after the first packet is transmitted, if a response indicating successful authentication is not received from the destination device within a certain period, sequentially transmits an i-th packet (i is an integer being 2 or more and n or less) including the i-th fragment information item to the destination device.09-13-2012
20110093707TECHNIQUES FOR SECURING CONTENT IN AN UNTRUSTED ENVIRONMENT - Techniques for securing content in an untrusted environment are provided. Content is encrypted and stored with a content delivery service in an encrypted format. Encrypted versions of a content encryption/decryption key and a first key are also housed and distributed by the content delivery service. The first key is used to decrypt the encrypted version of the content encryption/decryption key. The content delivery service is unaware of the content encryption/decryption key and the first key; and the content held by the content delivery service is encrypted with the content encryption/decryption key. Principals securely share, create, manage, and retrieve the encrypted versions of the content encryption/decryption key and the first key from the content delivery service using secure communications. The encrypted content is obtainable via insecure communications from the content delivery service.04-21-2011
20110093702IMAGE FORMING APPARATUS - An image forming apparatus includes a main controller unit provided in a main body of the image forming apparatus. The main controller includes a replacement component management memory to store lifespan information of a replacement component is provided in An authentication operation is performed with respect to the replacement component management memory, and the lifespan information of the replacement component is encrypted and stored in the replacement component management memory. Accordingly, the security of the main controller unit may be enhanced and illegal use of the replacement component may be prevented.04-21-2011
20120210133DATA PROCESSING APPARATUS - In the configuration performing a data processing by a hardware processing circuit (accelerator), to provide a technology capable of improving a poorness of processing efficiency by multiple accesses to the data, the following solving means are provided. A network data processing accelerator of the present network data processing apparatus comprises processing units corresponding to each processing of an encryption/decryption, a message authentication, and a checksum, and in the data processing including a combination of each processing, accesses for the same data of the memory and the like through a bus I/F unit and the like is collected together into one time, and a pipeline processing is performed using the least common multiple of the data processing unit of each processing.08-16-2012
20120210130User Authentication System - Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.08-16-2012
20080288776Security method using virtual keyboard - The present invention relates to a security method using a virtual keyboard, and more specifically, to a security method using a virtual keyboard, in which a user may input information through the virtual keyboard using a mouse when the user logs into a web server by inputting an identification (ID) and a password, and the inputted password is transmitted to the web server after being encrypted, so that personal information is prevented from being leaked by a hacking program and a safe connection is established. According to the present invention, risk of personal information leakage that can be occurred when an ID and a password are inputted through a keyboard may be greatly reduced, and it is effective in that even when a symmetric key is leaked, which is least expected, decipher of data is prevented by maintaining security of a private key.11-20-2008
20120047365SECURE, AUDITABLE FILE EXCHANGE SYSTEM AND METHOD - Secure and auditable file exchange between a professional and a client, patient, colleague, or other associate of the professional may be achieved via a file exchange service that automatically verifies the professional's professional status and identity and provides applications and/or tools to accept files for transfer to the verified professional. The files are stored in encrypted form, along with cryptographic integrity codes. After the files have been transferred to the professional, the cryptographic integrity codes may be used to verify that the professional received a correct copy of the file that was originally provided.02-23-2012
20080263356SECURITY ENFORCEMENT POINT INSPECTION OF ENCRYPTED DATA IN AN ENCRYPTED END-TO-END COMMUNICATIONS PATH - Embodiments of the present invention address deficiencies of the art in respect to security function processing of encrypted data in a security enforcement point and provide a method, system and computer program product for security enforcement point inspection of a traversing encrypted data in a secure, end-to-end communications path. In an embodiment of the invention, a method for security enforcement point inspection of encrypted data in a secure, end-to-end communications path can be provided. The method can include establishing a persistent secure session with a key server holding an SA for an end-to-end secure communications path between endpoints, receiving the SA for the end-to-end secure communications path over the persistent secure session, decrypting an encrypted payload for the end-to-end secure communications path using session key data in the SA, and performing a security function on the decrypted payload.10-23-2008
20120210131SECURE METHOD OF SYNCHRONIZING CACHE CONTENTS OF A MOBILE BROWSER WITH A SERVER - A method of securely synchronizing cache contents of a mobile browser with a server includes initiating a session between the browser and server, including transmission of browser state information regarding the cache contents and an authentication key to the server; maintaining a record of data sent from the server to the browser for storage in the cache; maintaining a record of the state information regarding the cache contents transmitted from the browser to the server; and transmitting data requests from the browser to the server, in response to which the server uses the key as a seed generation function and accesses each the record of data and returns only data that does not already form part of the cache contents, and wherein the data includes a result of a hash of data generated by the generation function for authentication by the browser before updating the cache contents with the data.08-16-2012
20120210132METHOD AND APPARATUS FOR SECURING DEVICES IN A NETWORK - An access point receives a notification (or advertisement) from a device, which lacks a service. The access point adds the service to the notification, and forwards the notification to other devices on the network. Upon receiving from a control point a request to use the added service, the access point provides the service on behalf of the device.08-16-2012
20120210127AUTHENTICATION DEVICE USING TRUE RANDOM NUMBER GENERATING ELEMENT OR PSEUDO-RANDOM NUMBER GENERATING ELEMENT, AUTHENTICATION APPARATUS, AND AUTHENTICATION METHOD - Provided are an authentication device using a true random number generating element or a pseudo-random number generating element, for example, a USB token, an authentication apparatus using the same, an authentication method, an authentication system and the like. In the authentication system, the authentication device is prepared on a user side, and one code generated in the authentication device is used to encrypt another code. The authentication apparatus registers the codes and decrypts the encrypted code sent from the authentication device by using the registered codes to perform an authentication.08-16-2012
20120210129METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) - A method for external organization path length (EOPL) validation is provided. A relying party node of an organization receives an authentication request from a subject node of an external organization. The relying party node then obtains and evaluates certificates from a chain of certificates that link the subject node to a trust anchor of the relying party node wherein, at least one certificate from the chain of certificates comprises an enabled external organization flag (EOF) and/or an external organization path length constraint (EOPLC). The relying party node invalidates authentication of the subject node when the relying party node determines that a total number of enabled EOFs from certificates in the chain of certificates exceeds the lowest EOPLC value from certificates in the chain of certificates.08-16-2012
20120210128INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - An information processing apparatus includes: a data processing unit generates contents to be provided to a client, extracts plural blocks as content configuration data from an original content, sets patterns including block rows of the extracted blocks, generates encrypted blocks applying block keys which are different according to respective patterns and respective blocks, selects encrypted blocks from the patterns at random in each content delivery, generates individually-encrypted portions by encrypting part of configuration data of the selected blocks by applying an individual key corresponding to a client as a content delivery destination, and generates encrypted content including encrypted blocks on which encryption processing by the block keys is performed and individually-encrypted portions on which encryption processing by the individual key is performed as the content to be provided to the client.08-16-2012
20120011365Method and Apparatus for Reliable Communications in Underground and Hazardous Areas - A method and apparatus for reliable wireless voice, data and location communication for deployment in underground, industrial and other hazardous environments using a wireless mesh network. The network includes protocol for dispatch operation, emergency operation, remote supervision, remote status, asset control, machine state of health and operational management. The architecture is based on localized clusters of autonomous nodes capable of ad hoc interconnection with nearby nodes and connection to gateway nodes. The resulting network is an ad hoc mesh topology comprised of fixed mesh nodes with approximately 50% coverage overlap between nodes. This provides a reliable communication network for mobile nodes carried by personnel and sensor nodes that are fixed or mobile that supports voice, data and tracking/situation awareness. Each cluster of nodes transfers digital voice and data to gateway nodes either directly or through multi-hop transactions.01-12-2012
20110167267SYSTEM AND METHOD FOR TOY ADOPTION AND MARKETING - Provided are a method and computer system for providing a virtual world. The computer system includes a virtual product interface system, which includes a server system with an encrypted part, a non-encrypted part, and a computer-readable memory for storing an encryption key. The server system includes a network connection and sends the encryption key over the network connection addressed to a client via a secured protocol. The non-encrypted part of the server system sends multimedia information addressed to the client over the network via a non-secure protocol. The encrypted part controls adopting a virtual product by receiving a code that is indicative of a virtual product to be virtually adopted by a user and confirming the code. A communication indicative of a specific product that has been registered is carried out using the encryption key, and communication indicative of the multimedia information is carried out unencrypted, without using the encryption key.07-07-2011
20110167265CRYPTOGRAPHIC POLICY ENFORCEMENT - Objects can be extracted from data flows captured by a capture device. In one embodiment, the invention includes assigning to each captured object a cryptographic status based on whether the captured object is encrypted. In one embodiment, the invention further includes determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.07-07-2011
20110167264DECRYPTION-KEY DISTRIBUTION METHOD AND AUTHENTICATION APPARATUS - A decryption key for decrypting data from an access node is distributed to an access terminal intending to receive the data. An authentication unit receives a message for terminal authentication including a terminal identifier from the terminal and authenticates the terminal. The authentication unit refers to a content registration table having stored in advance the content type of a content which the terminal can receive, in association with the terminal identifier, according to the received terminal identifier to obtain a corresponding content type. The authentication unit refers to a decryption data base having stored in advance a decryption key and its valid period in association with a content type, according to the obtained content type to obtain a corresponding decryption key and valid period. The authentication unit sends an authentication result and the decryption key and valid period to the terminal or to a packet control unit.07-07-2011
20110167262IDENTIFICATION AND AUTHORIZATION OF COMMUNICATION DEVICES - A method implemented by a wearable wireless communication device (“WWCD”) includes detecting a connection between the WWCD and an accessory device. The WWCD accesses a memory location in the accessory device, the memory location being designated for storing brand data indicating a brand identity associated with the accessory device. The WWCD determines a brand status of the accessory device based on data, if any, accessed from the memory location in the accessory device. The WWCD also determines one or more interactions permitted between the WWCD and the accessory device based at least in part on the brand status of the accessory device.07-07-2011
20120011364METHOD FOR SECURE REMOTE BACKUP - The present invention is directed to an architecture and mechanism for securely backing up files and directories on a local machine onto untrusted servers over an insecure network.01-12-2012
20120011363METHOD OF GENERATING A VIRTUAL PRIVATE COMMUNITY AND NETWORK USING THE VIRTUAL PRIVATE COMMUNITY - Provided is a method of generating a user-oriented virtual private community without the need for a server. The method includes generating a first virtual private community for a predetermined user including at least one communication device of the predetermined user.01-12-2012
20120011361PROTECTING SENSITIVE EMAIL - According to one embodiment, a plurality of components are located within an appliance configured to send and receive email. The appliance receives an email and selects one or more policies to apply based on a designation indicating that the email communicates sensitive information. The policies determine whether to allow or block the email according to rules for assuring email. If the email is allowed, the appliance directs the email to one or more recipients.01-12-2012
20090037732TETHERED DEVICE SYSTEMS AND METHODS - Systems and methods are described for applying digital rights management techniques to tethered devices. In one embodiment, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device. In another embodiment, a method of using extended SCSI commands to communicate over a USB connection is provided.02-05-2009
20120017085TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT - Techniques for providing identity-enabled interfaces for deployment are presented. Specifically, an agent of an enterprise infrastructure authenticates and acquires an agent identity for interacting with a cloud processing environment. Once the agent is deployed in the cloud processing environment, enterprise policy can be enforced within the cloud processing environment on actions occurring within the cloud. The agent acts as an Application Programming Interface between the enterprise and the cloud processing environment. The reverse is also achievable, where a cloud deploys an agent to the enterprise to deploy a cloud interface within the enterprise for policy enforcement.01-19-2012
20120023332SYSTEM AND METHOD FOR PRIVATE SOCIAL NETWORKING - System protects user's data on social networking websites by creating a data filter, which operates between the user and the social networks accessed by the user. The filter may be deployed as a user's web browser plug-in and operates in the following way. First, the filter encrypts all or some information that is posted by the user on a social network using SSL encryption technology. Second, to enable select other users of the social networking site to view the encrypted information, the instances of the filter executing on the accessing users' computers verify whether these users have access permission from the owner of the content and, if so, use the decryption key to decrypt the private data and enable the users to view it. The decryption key may be automatically passed to the instances of the filter running on the accessing users' computers. In an alternative implementation, the encryption and access control may be performed by a security/privacy mediator deployed on the network.01-26-2012
20120023333INFORMATION TERMINAL APPARATUS, INFORMATION PROCESSING APPARATUS AND INFORMATION COMMUNICATION SYSTEM - When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection.01-26-2012
20120060033SPLIT KEY SECURE ACCESS SYSTEM - The present invention is a secure access system whereby the key that facilitates entrance to electronic data is split into at least two segments. Electronic data may be accessed by the application of the key segments in combination. A server may be used to derive key segments by way of algorithms, in a manner that improves the bit security of the key. Bit strings generated by the present invention may be concatenated to form data blocks whereby plaintext may be encrypted or ciphertext decrypted. The concatenation of the unique bit string variables and the generation of bit strings of specific sizes, as may occur through padding of blocks, work to provide a secure means of encrypting a key. A different bit string may be generated for each encryption/decryption transmission which limits the opportunity for an adversary to decrypt the plaintext.03-08-2012
20120060031SECURE VIDEO CONTENT PROVISIONING USING DIGITAL RIGHTS MANAGEMENT - A method that includes receiving a first request for video content from a user of a user device; retrieving an identifier for the user device using an application programming interface; sending a second request to receive the video content that includes the identifier; receiving an instruction to provide payment to rent or purchase the video content; sending the payment in response to the instruction; receiving the video content and a token, where the video content is encrypted based on a key and where the token indicates that the payment was processed; sending a third request to obtain a license associated with the video content that includes the token and the identifier; receiving the license, which includes the key and terms under which the video content is to be processed; decrypting the video content, using the key, when the decrypting is performed in a manner permitted by the terms; and playing the decrypted video content.03-08-2012
20120179912Method and System for Generating Ciphertext and Message Authentication Codes Utilizing Shared Hardware - A method and system for generating ciphertext and message authentication codes utilizing shared hardware are disclosed. According to one embodiment, a method is provided of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware. In the described embodiment, plaintext message data is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules. Thereafter, a first message authentication code (MAC) associated with a first authenticated encryption mode and a second MAC associated with a second authenticated encryption mode are generated. More specifically, the first MAC is generated utilizing the plaintext message data and first authenticated encryption hardware module and ciphertext message data and the second MAC are generated utilizing the plaintext message data and second authenticated encryption hardware module.07-12-2012
20120060032SYSTEM, METHOD AND COMPUTER PRODUCT FOR SENDING ENCRYPTED MESSAGES TO RECIPIENTS WHERE THE SENDER DOES NOT POSSESS THE CREDENTIALS OF THE RECIPIENT - A system for encrypting and decrypting messages using a browser in either a web or wireless device or secure message client software for transmission to or from a web server on the Internet connected to an email server or message server for the situation where the sender does not possess the credentials and public key of the recipients. The encryption and decryption is conducted using a standard web browser on a personal computer or a mini browser on a wireless device, or message client software on either a personal computer or wireless devices such that messages transmitted to the web or wireless browser or message client software can be completed and encrypted and signed by the user such that encrypted and signed data does not require credentials and public key of the recipients. A method for delivering and using private keys to ensure that such keys are destroyed after use is also provided. A method of transmitting encrypted messages to a web or wireless browser or message client and decrypting and verifying such messages by recipients who do not possess or who are not enrolled in a PKI and do not have private keys. A method for authenticating the sender/user of the browser, and a method for accessing or generating public and private keys for encrypting and decrypting messages for recipients who are not enrolled in a public key infrastructure.03-08-2012
20120159167METHOD AND APPARATUS FOR AUTHENTICATING PER M2M DEVICE BETWEEN SERVICE PROVIDER AND MOBILE NETWORK OPERATOR - A system is capable of authenticating a service per Machine to Machine (M2M) device between an M2M service provider and a mobile communication operator. The system includes an authentication server for generating an M2M device IDentifier (ID), a first authentication key, and an M2M service provider ID per M2M device, The authentication server also generates a second authentication key, a first hash function value, and a first random variable based on the M2M device ID, the first authentication key, and the M2M service provider ID. and transmitting the second authentication key, the first hash function, and the first random variable to an M2M agent to an M2M agent.06-21-2012
20120159168AUTHENTICATED COMMUNICATION ASSOCIATION - A computer based system enables secure communication between children. A first child requests to form a buddy association with another child using a computer connected to a server using a network. The server provides the first child with a passcode, which the first child gives a second child, in person. The second child then completes the request on a computer connected to the server, and provides the passcode to form the association. Parents or guardians are notified that the children have formed an association, and may thereafter supervise the association.06-21-2012
20120159160HIGH SECURITY DISPLAY OF PRIVATE DATA - A device, method, and computer-readable medium are disclosed. In one embodiment, the device includes an inbound port to receive information from an information retrieval peripheral. The device also includes an outbound port to send information to a local computing device. The device includes masking logic to cause the local computing device to recognize the portable security device as at least one of a plurality of endpoint devices. The device also includes data obfuscation logic that is capable of obfuscating simple data format data, received from the information retrieval peripheral, obfuscating that data into a non-simple data format, and sending the obfuscated data to the local computing device. The non-simple data format includes at least one frame of video.06-21-2012
20120159161AUTHENTICATION APPARATUS AND METHOD FOR NON-REAL-TIME IPTV SYSTEM - An authentication apparatus for a non-real-time IPTV system decrypts a first encrypted value included in a contents request message received from a device using a preset session key, and then verifies the validity of the contents request message. If the verification results of the contents request message are valid, the authentication apparatus encrypts a variation between timestamps of the authentication apparatus and the device using the session key, and then generates a second encrypted value. After verification information by which the device is capable of verifying the authentication apparatus has been generated using the second encrypted value, the authentication apparatus sends verification information, together with contents corresponding to the contents request message, to the device.06-21-2012
20120159169BIDIRECTIONAL ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY - An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 06-21-2012
20120159166METHOD OF VERIFYING KEY VALIDITY AND SERVER FOR PERFORMING THE SAME - Disclosed herein is a method of verifying key validity and a server for performing the method. The method is configured such that a service provision server verifies key validity in an anonymous service for providing local linkability. The service provision server receives a revocation list. A local revocation list is generated using the received revocation list and a secret key. A virtual index of a service user required to verify key validity is calculated. Whether a key of the service user is valid is verified, based on whether the virtual index is included in the local revocation list.06-21-2012
20120159165Protecting Computers Using an Identity-Based Router - A router is placed between a protected computer and devices with which the computer communicates, including peripherals and other computers. The router includes a list of authorized devices that are permitted to send data to the protected computer, against which requests to send data are checked. The router also communicates with a remote authentication service to authenticate devices requesting such permission. The authentication service may be a cloud-based identity service.06-21-2012
20120159164MESSAGE-HANDLING SERVER AND METHOD FOR HANDLING SECURE MESSAGE ATTACHMENTS FOR A MOBILE DEVICE - A secure message that includes an attachment is received at a server. The secure message may have a secure layer that indicates that the secure message is at least digitally signed. The secure message may be provided without the attachment to the mobile device over a wireless network. A request may be received from the mobile device to access the attachment. The request may include an attachment identifier (ID) that identifies the attachment in accordance with a message-attachment indexing system. In response to the request to access the attachment, the server may perform an index lookup to find the attachment based upon the attachment ID, may look through the secure layer of the secure message in order to locate the attachment within the secure message, and may render at least an initial portion of the attachment by the server in a format for viewing by the mobile device.06-21-2012
20120159163LOCAL TRUSTED SERVICES MANAGER FOR A CONTACTLESS SMART CARD - Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.06-21-2012
20120159162PREVENTING RACE CONDITIONS IN SECURE TOKEN EXCHANGE - The present invention relates to methods and systems for preventing race conditions in secure token conversations. The method includes generating a message from a client application to a server application, determining that a first secure conversation token (SCT) exists, and using the first SCT to encrypt the message. The method further includes sending the encrypted message to the server, receiving an indication that the first SCT has expired, and initiating an SCT renew request. The method includes storing the first SCT, receiving a second SCT in response to the SCT renew request, and storing the second SCT in addition to the first SCT. The method further includes retrieving an encrypted message, determining that the encrypted message has been encrypted using the first SCT, in response to the determination, using the first SCT to decrypt the message, and generating a response from the server to the client.06-21-2012
20120159159SYSTEM AND METHOD FOR SECURE COMMUNICATIONS IN A COMMUNICATION SYSTEM - A system and method for secure communications in a communication system, wherein the system programs a computer to perform the method, which includes: receiving at least one authentication key, without an encryption key, from a key-management server; receiving a packet, which is encrypted, from a source device; authenticating the packet, using the at least one authentication key, without cryptographically altering the packet; and forwarding the authenticated packet to a destination device of the packet.06-21-2012
20120072727MULTI-ISP CONTROLLED ACCESS TO IP NETWORKS, BASED ON THIRD-PARTY OPERATED UNTRUSTED ACCESS STATIONS - A mechanism that allows sharing of an existing infrastructure for access to public or private IP networks, such as the public Internet or private LANs is provided. Specifically, infrastructure owners lease the infrastructure resources on a short-term basis to different Internet Service Providers (ISPs). An ISP uses these resources to provide Internet services to subscribing customers or users. The ISP controls all aspects of the Internet service provided to the subscriber, including billing, bandwidth management, and e-mail. The ISP also ensures privacy for the subscriber by means of encryption. Leasing network resources from an existing network infrastructure frees the ISP from building an expensive access infrastructure itself while the infrastructure owner is given an opportunity to generate additional revenue from infrastructure. Importantly, neither the user, nor the ISP need to trust the access station (i.e.: the access station is untrusted) through which the access to the IP network is accomplished.03-22-2012
20120110330AUTOMATIC USER CREDENTIALS FOR REMOTE SUPPORT - Various embodiments herein include at least one of systems, methods, and software to receive and process credential requests for remote support of computer applications. One embodiment includes receiving a credentials request in a first environment from a second environment in response to an incident in the first environment. This embodiment further includes processing the received credentials request within the first environment by approving the request, activating credentials, and sending the credentials to the second environment. This embodiment may further include receiving, within the first environment, a message indicating the incident is resolved and deactivating the credentials.05-03-2012
20120110329TECHNIQUES FOR MOBILE DEVICE AUTHENTICATION - A user authenticates a mobile device (MD) to a network-based service (NBS) for initial authentication. Policy is pushed from the NBS to the MD and the MD automatically obtains details about devices and attributes that are near or accessible to the MD in accordance with the policy. The details are pushed as a packet from the MD to the NBS and multifactor authentication is performed based on the details and the policy. If the multifactor authentication is successful, access privileges are set for the MD for accessing the NBS and perhaps for accessing local resources of the MD.05-03-2012
20110107098Methods and Systems for Controlling Traffic on a Communication Network - Methods and systems for controlling traffic on a communication network are provided. In accordance with some embodiments, methods for controlling traffic on a communication network are provided, the methods comprising—receiving, at a processor in a receiver, a query message for permission to send a data flow to the receiver; sending a permission message from the receiver; defecting that at least one of a message and a data packet being sent to the receiver has been dropped; and causing the path for sending the data flow to be changed.05-05-2011
20110107097METHOD FOR ENCODED DATA EXCHANGE AND COMMUNICATION SYSTEM - In a system and method for encrypted data exchange between entities (users) of a communication system using cryptography based on elliptic curves, in response to a challenge of a first user a scalar multiplication is calculated by the second user, wherein only part of the result of the scalar multiplication is sent back as response to the first user.05-05-2011
20110107096Method, apparatus and system for managing DRM content - A method and an apparatus manages DRM (digital rights management) content with a forward lock so that the DRM content can also be used in other devices. The method comprises receiving DRM content with a forward lock from a content provider server. The DRM content is encoded by using an encoding key based on a user input such that the encoded DRM content cannot be decoded by another device without the encoding key. The encoded DRM content is transmitted to another mobile device after establishing a communication channel with the other mobile device.05-05-2011
20110107095SYSTEM AND METHOD FOR OBTAINING AN AUTHORIZATION KEY TO USE A PRODUCT - A system and method for obtaining an authorization key to use a product utilizes a secured product identification code, which includes a serial number and at least one code that is generated based on a cryptographic algorithm.05-05-2011
20110107094DISTRIBUTED STORAGE NETWORK EMPLOYING MULTIPLE ENCODING LAYERS IN DATA ROUTING - A distributed storage processing unit creates multiple different data slices from the same data object, and generates a message including one or more of the different data slices. The distributed storage processing unit identifies a chain of distributed storage units, and encrypts the message into multiple nested layers using, for example, public keys of public/private key pairs associated with each of the storage units in the chain. The distributed storage processing unit sends the layered, encrypted message to the first storage unit in the chain, which decodes and removes the outermost layer, and forwards the message to the next storage unit in the chain. This process continues until the message reaches the endpoint distributed storage unit, which decodes the innermost layer and stores the data slice encoded in the message.05-05-2011
20110107093System and Method for Providing an User's Security when Setting-up a Connection Over Insecure Networks - A method for setting up a secure communication line between a user and a service provider using non-secure communication channels within an insecure network, comprising the steps of transmitting an identity token from a user station to a service provider station both coupled to the insecure network; upon reception of the identity token, triggering the creation of a secret URL by the service provider station; transmitting the secret URL within a secure side channel to the user station; obtaining, within the user station, the secret URL, and setting-up a new communication path in the insecure network linking the user and the service provider station based on said secret URL. Beside discarding a man-in-the-middle by denying him access to the data flow it is also possible to stop him through denying him access to the content of the data flow. Such access can be denied through use of a one-time codebook with semantics only known to the User and the authentication service provider.05-05-2011
20110107092PERFORMANCE BASED AUTHENTICATION METHOD AND APPARATUS FOR SECURE COMMUNICATION - An apparatus includes a first module and a second module. The first module provides a challenge. The second module performs a signature function in response to the challenge. The first module authenticates the second module based on a time required by the second module to complete the signature function and/or an amount of power consumed by the second module to complete the signature function.05-05-2011
20110107091Secure communication between client device and server device - A user is enabled to select one or more client devices from a number of client devices and to select one or more server devices from a number of server devices. Secure communication is to occur between each selected client device and each selected server device. For each unique pair of a selected client device and a selected server device, a validation of a security configuration of the selected client device and a security configuration of the selected server device is performed, to determine whether secure communication can occur between the selected client device and the selected server device. Where the validation has failed, reconfiguration of one or more of the selected client device and the selected server device is performed so that secure communication can occur between the selected client device and the selected server device.05-05-2011
20100095119COMMUNICATION APPARATUS, AND METHOD FOR CONTROLLING COMMUNICATION APPARATUS - A communication apparatus is provided that encrypts content data that is to be uploaded to a server by using a first encryption key used in a process for sharing a communication parameter for communicating with other communication apparatus via a wireless network or a second encryption key based on the communication parameter shared in the sharing process. Consequently, the content data can be viewed only by a specific communication apparatus.04-15-2010
20100095116Method and System for Secure Collaboration Using Slepian-Wolf Codes - A method and system provide for secure sharing of arbitrary data between users with limited mutual trust. A user can encode its information by using a Slepian-Wolf code at a rate which enables a second user to correctly decode only if the side-information it has satisfies a conditional entropy constraint. The key advantages are as follows. Firstly, it is very flexible, in that it enables secure sharing for general data including multimedia data. Secondly, by appropriate Slepian-Wolf code selection, it enables compression in conjunction with security. Thirdly, it can be used for the case where the data model is imperfectly known and trust is to be built up incrementally.04-15-2010
20110099374AUTHENTICATION OF A SECURE VIRTUAL NETWORK COMPUTING (VNC) CONNECTION - A secure Virtual Network Computing (VNC) connection between a server and a client is authenticated using a series of message exchanges. A server receives a request from a client to establish a VNC connection. If the request indicates that the client supports an encryption scheme, the server provides a first set of mechanisms for a subsequent authentication process. If the request indicates that the client does not support the encryption scheme, the server provides the client a second set of mechanisms for the subsequent authentication process. The second set contains fewer mechanisms than the first set. The client chooses an authentication mechanism from the first set or the second set provided by the server. The server and the client then perform the subsequent authentication process, using the authentication mechanism chosen by the client, with a series of message exchanges.04-28-2011
20110099373Digital Broadcasting System and Method of Processing Data in Digital Broadcasting System - A digital broadcasting system and a method for processing data in the same are disclosed. A method for controlling a digital television (DTV) located in one independent space among a plurality of independent spaces physically separated from one another is disclosed. The DTV includes an access point (AP) card. The method includes receiving independent space identification information recorded in a storage area of a compact wireless device and a wired equivalent privacy (WEP) key value of the AP card, receiving the WEP key value corresponding to the AP card of the DTV from a management server, comparing the WEP key value received from the compact wireless device with the WEP key value received from the management server, receiving first checklist information associated with the use of the independent space from the management server, if the WEP key values are identical to each other, displaying the received first checklist information, and transmitting second checklist information, in which one or more elements of the displayed first checklist information is marked, to the management server.04-28-2011
20110099372METHOD AND SYSTEM FOR PROVIDING PEER-TO-PEER VIDEO ON DEMAND - A method in which user generated video content is distributed over a peer to peer network as video on demand. Video is rendered during download and a user may request a specific point in the video content and that point and all subsequent video content will be downloaded and rendered first via the peer to peer network.04-28-2011
20110099371AERONAUTICAL SECURITY MANAGEMENT OVER BROADBAND AIR/GROUND NETWORK - A method to facilitate securing of air-to-ground communications for an aircraft is provided. The method includes receiving security management information at the aircraft via at least one broadband data link prior to takeoff of the aircraft. The security management information is received for ground entities that can be communicatively coupled with the aircraft traveling on a flight path. The method of securing avionics also includes validating the security management information for the ground entities, and storing the validated security management information for the ground entities in the aircraft. The validating and storing of security management information occur prior to takeoff of the aircraft.04-28-2011
20120124377PROCESS AND STREAMING SERVER FOR ENCRYPTING A DATA STREAM WITH BANDWIDTH BASED VARIATION - There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet-type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to affect the inventive process.05-17-2012
20120124376Information Processing System Using Nucleotide Sequence-Related Information - The present invention provides a highly-safe information processing system that is capable of effectively using nucleotide sequence information differences between individual organisms to offer semantic information useful for each individual organism while properly preventing leakage and illegal use of nucleotide sequence information.05-17-2012
20120124374SECURED ACKNOWLEDGE PROTOCOL FOR AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS AND FOR NETWORKED SENSOR DEVICES - A method for generating a secure acknowledgment message that involves constructing a plaintext of the acknowledgment message, computing a cyclic redundancy check (CRC) value for the plaintext of the acknowledgment message, encrypting the plaintext of the acknowledgment message to obtain a ciphertext of the acknowledgment message, computing a secure check (CHK) value from the ciphertext using bits of the cyclic redundancy check value (CRC) and then appending the secure check value (CHK) to the plaintext of the acknowledgment message.05-17-2012
20120124373METHOD AND APPARATUS FOR AUTHENTICATIING A NETWORK DEVICE - A trust centre (05-17-2012
20120124375APPARATUS, SYSTEM AND METHOD FOR VERIFYING SERVER CERTIFICATES - A device and method are provided for a device that authenticates a server over a network. The device and method are operable to contact the server to initiate a handshaking operation. The device receives certificate information and handshaking information from the server. The device completes the handshaking operations to establish the connection with the server. The device downloads the content from the server through the connection before authenticating the server to establish a secure connection. In some aspects, the device may display a portion of the downloaded content before the server is authenticated.05-17-2012
20090132817METHOD, SYSTEM AND DEVICE FOR DETERMINING A MOBILE IP KEY, NOTIFYING A MOBILE IP TYPE - The present invention relates to a wireless communication technology field. A method for determining a mobile IP key of a mobile terminal is provided, which includes: receiving a mobile IP registration request message of a mobile terminal, in which the mobile IP registration request message includes a key material field; and reporting material information for determining a key according to the key material field. A method for determining a mobile IP key of a mobile terminal, a mobile IP agent device, a system for obtaining a mobile IP type, and a mobile terminal are also provided. With the technical solutions provided in the present invention, the mobile IP keys and/or the mobile IP type of the mobile terminal can be correctly determined, thus achieving a fast and correct access of the mobile terminal.05-21-2009
20120317416Imparting Real-Time Priority-Based Network Communications In An Encrypted Communication Session - This specification describes technologies relating to imparting real-time priority-based network communications in an encrypted session. In general, aspects of the subject matter described can be embodied in methods that include establishing, based on cryptographic information in a reserved, random-data portion of a handshake communication, a session, receiving parameter values relating to a sub media stream, included in a header of a network communication, storing the parameter values, obtaining state information and a data payload included in a second network communication, identifying, from the state information, a purpose of the second network communication, and whether a header of the second network communication includes one or more new values corresponding to one or more of the parameters, updating one or more of the stored values based on the one or more new values, and processing the data payload based on the identified purpose and the stored parameter values.12-13-2012
20120166798METHOD AND SYSTEM FOR USING NEIGHBOR DISCOVERY UNSPECIFIED SOLICITATION TO OBTAIN LINK LOCAL ADDRESS - A system that facilitates enhancing security for a computer device by obtaining a link layer address of an IPv6 IPsec address. The system including a computer device having a software module, which performs the following steps: capturing multicast addresses and solicited multicast addresses for one or more IPv6 IPsec addresses; calculating the computer device identifier from the one or more multicast addresses and solicited multicast addresses; storing the computer device identifier for the one or more multicast addresses and solicited multicast addresses; sending a neighbor solicitation to one or more of the IPv6 IPsec addresses as a tentative target address simulating double address detection; capturing the neighbor advertisement response from the one or more IPv6 IPsec addresses and calculating a link-layer identifier; generating a neighbor cache with the link-layer identifier; and enabling IPv6 IPsec communication with the one or more IPv6 IPsec addresses using the link-layer identifier.06-28-2012
20120131338AUTHENTICATION AND AUTHORIZATION OF A DEVICE BY A SERVICE USING BROADCAST ENCRYPTION - Provided are techniques to enable a device that provides a service to authorize a second device for receiving the service and the delivery of the service to the second device and other devices within a trusted network. A signed Management Key Block (MKB) is generated and transmitted over a network. Devices authorized to access a particular service parse the MKB and transmit a request. A server associated with the service determines whether or not the device is authorized to access the service based upon data included in the request. The first device may issue a challenge to the second device for authentication purposes. If service is approved, service is initiated, either from the first device or another authorized device. Devices may be organized into classes such that devices of a specific class are authorized to access the service.05-24-2012
20100205436Mobile Terminal System - A system, apparatus and method for enabling interaction between a mobile device and a dynamic list of remotely hosted applications. A mobile device is provided with a removable module implementing a virtual machine defined by a set of instructions. The mobile device requests an initial application from an application server. The application server generates a message, including a set of commands and any parametric information, such as text to be displayed, which is then compiled into executable code. The executable code is then forwarded to the mobile device for execution. The mobile device interprets the executable code and runs it, possibly causing text or a menu to be displayed. In a first embodiment, the mobile device requests a list of currently available applications and is provided with such a list by a first application server. The user is then able to select from the list of applications, some which can be located on other servers. In another embodiment, an application server initiates a communication by transmitting a set of commands causing one or more actions on the mobile device, such as the sounding of an audio alarm, the displaying of text, etc.08-12-2010
20100205434DOWNLOAD SECURITY SYSTEM - A download security system (08-12-2010
20120137131AUTHENTICATION METHOD, SYSTEM, AND DEVICE - The present invention provides an authentication method, an authentication system, and an authentication device, which is in information security field. The method includes that a service side receives a username and a first value from a client side, searches a seed of a dynamic password token, and generates a first dynamic password according to the first value and the seed, converts the first dynamic password to the first authentication password and the second authentication password, and sends the first authentication password to the user; the dynamic password token generates a second dynamic password and sends the first authentication password to a user; the dynamic password token generates a second dynamic password and converts the second dynamic password to a third authentication password and a fourth authentication password; the user compares the first authentication password and the third authentication password to determine that they are identical, so as to confirm that the user is legal or the transaction is permissible. The invention prevents malicious attack and operation of illegal users, which improves the security of information and property of the users.05-31-2012
20110185176BIOMETRIC AUTHENTICATION METHOD AND SYSTEM - At a registration time, a feature data array for registration is generated from biometric information acquired by a client, and a position correction template and a comparison template obtained by converting the feature data array for registration are registered in a server.07-28-2011
20110185175Authentication Method and System for Online Gaming - Embodiments of an authentication technique for online gaming are provided. In one aspect, an authentication method for online gaming includes storing a user identity of a user in a portable data storage device; providing access to the user identity for an authentication server to authenticate the user such that the authentication server allows the user to participate in online gaming when the user is authenticated; and when the online gaming continues, providing access to the user identity for the authentication server to validate the authenticity of the user at a first threshold time after the user identity is accessed previously.07-28-2011
20110185174System and Method for Providing a One-Time Key for Identification - A server includes a key generator and an authenticator. The key generator is configured to receive a request for a first key from a worker device, to create the first key that is associated with a worker, and to transmit the first key to the worker device. The authenticator is in communication with the key generator, the authenticator is configured to receive a second key and identification details from a customer device, to transmit the identification details to the worker device, to receive acknowledgment of the identification details from the worker device, and to authenticate the second key and the identification details with the customer device.07-28-2011
20100185858Image Forming System - A Multi-Function peripheral (MFP), a server apparatus, and a client apparatus for generating image output data from document data and transmitting the image output data to the server apparatus are each connected to a network. In the server apparatus, an output data management unit stores the received image output data in an output data storage unit. Upon receiving user authentication information that is input with a user operation on the MFP, the server apparatus determines whether the user authentication information is valid. When the user authentication information is determined to be valid, the server apparatus transmits to the MFP one or more among the stored image output data associated with the user authentication information.07-22-2010
20100185856Stateless Agent - Secure and stateless data transfer between a source agent at a first computer system and a destination agent at a second computer system is provided. A first list of labels of content structures is generated at the first computer system. During a first data transfer session, the first list, authentication information, at least one object included in the content structures, and file identifiers for one or more files included in the content structures are transferred from the first computer system to the second computer system. A second list is generated at the second computer system and received at the first computer system. The second list lists at least one requested file identified by the transmitted file identifier(s). During a second data transfer session, authentication information, the first list, the at least one object, and the requested file(s) are transferred from the first computer system to the second computer system.07-22-2010
20100174906Method, system and equipment for key distribution - A method, system and equipment for key distribution are disclosed. During the course of computing a shared key Kab between a client node and a third party equipment, a serial number is introduced into keying materials to compute the Kab, instead of just using constant parameter, thus once the Kab is leaked, the Kab can be simply and duly updated by updating the variable parameter, and hence the security of message transmission is improved. Furthermore, in the implementations, methods for security protection and security verification for message are used, so as to effectively prevent threats to message security such as message forgery or replay attack, and hence further improve the security of message transmission.07-08-2010
20100174905Communication Between Call Controllers By Amending Call Processing Messages - Call Control entities in a network communicate between themselves by amending call processing messages to include encrypted network information. As such, a call may be established whose path through the network is dependent on the paths of other calls. Information of a scope larger than a Call Controller normally possesses can, as a result of this communication, be made available to Call Controllers for constraining call establishment. This information could relate to other calls and connections associated with those other calls. The information may also relate to gateways in and to adjacent networks and the Call Controllers in the adjacent networks that are related to the current Call Controller.07-08-2010
20100174903SECURE LOGIN PROTOCOL - The present invention provides a method for generating a secret to be used in an authentication of a user before a server. Using a data association between two data sets, the association being created by the server, the user can provide a secret using an algorithm based on a pin number and a selection of a group of elements from one of the data sets, the selected group of data elements having counterpart group of elements from the other data set by virtue of the data association. The secret is transmitted to the server. The server performs a similar secret provision, and if the secret from the client is identical to the secret provided by the server, the user is authorized to access information on the server.07-08-2010
20100174904USE OF MODULAR ROOTS TO PERFORM AUTHENTICATION INCLUDING, BUT NOT LIMITED TO, AUTHENTICATION OF VALIDITY OF DIGITAL CERTIFICATES - Authentication of elements (e.g. digital certificates 140) as possessing a pre-specified property (e.g. being valid) or not possessing the property is performed by (07-08-2010
20120221857System And Method For Securing And Tracking Files - A method, system and computer program product for securing and tracking restricted files stored in a data processing system is provided. The data processing system is connected to a server for sharing information. An entity requesting to access a restricted file is authenticated, based on certain policies defined by a system administrator. Further, the system maintains a log of operations executed on the restricted file, and sends a record of the log to the server.08-30-2012
20120173876KEYLESS CHALLENGE AND RESPONSE SYSTEM - A confidential information exchange between a sender and a receiver may be conducted without the use of encryption keys. The information is coded with a Challenge-Response Table that is shared between the sender and the receiver. Rather than sending a challenge and then waiting for a response, the challenge and response are both sent by the sender of the information. The information sent comprises an index with a challenge and a response from the Challenge-Response Table. Upon receiving the coded information, the receiver uses the Challenge-Response Table to decode the information by using the index to locate the challenge and its valid response. Upon determining that the challenge and the response are correct, a first decoded answer is determined. Upon determining that either the challenge or the response, or both, are incorrect, a second decoded answer is determined.07-05-2012
20120216039Method and Apparatus for Source Identification for Key Handling Following a Han-Dover Failure - A method of enabling key handling for a handover between different domains may include determining whether an indication of a potential key mismatch is present responsive to an attempt to conduct a handover between a first domain and a second domain, and defining validity of a most recent key set used for ciphering communication between a mobile terminal and a network device based on a result of the determining.08-23-2012
20120216038UNIFIED VIDEO DELIVERY SYSTEM FOR SUPPORTING IP VIDEO STEAMING SERVICE - A home gateway may be used to handle at least a portion of processing of content obtained for consumption by client devices serviced via the home gateway. The home gateway may receive a single copy of content having a first format, and may convert the received content to one or more other formats suitable for presentation by at least one of the client devices based on knowledge of the client devices. The home gateway may maintain secure and/or protected access of the content handled via the home gateway. During protected access the home gateway may partition the content into a plurality of encrypted segments that are forwarded separately to the client devices. The client devices may utilize a corresponding plurality of encryption keys for decrypting the encrypted segments. The encryption keys may be obtained from an external key server. The home gateway may also generate the encryption keys.08-23-2012
20120216037METHODS AND SYSTEMS FOR ACCESS SECURITY FOR DATALOADING - Systems and methods for access security for dataloading are provided. In one implementation, a system comprises a first computer that transmits a packet, the first computer comprising: an authentication code memory that stores an authentication code for the packet; a first processing unit that executes communication instructions in a first memory, the communication instructions attaching the authentication code to the packet; and a first communication port that transmits the packet. The system also comprises a second computer that receives the packet, the second computer comprising: a second communication port that receives the packet; a verification code memory that stores a verification code for verifying the packet's authentication code; and a second processing unit that executes verification instructions in a second memory, the verification instructions comparing the verification code against the authentication code, wherein the second computer rejects the packet if the verification code does not match the authentication code.08-23-2012
20100299524METHOD, APPARATUS, AND SYSTEM FOR CONFIGURING KEY - A method, an apparatus, and a system for configuring a key are provided. The method includes the following steps. A mobile node (MN) and an authentication authorization accounting home server (AAAH) generate a domain specific root key (DSRK) of a visited domain respectively. The AAAH sends the DSRK to an AAA visited server (AAAV). The MN and the AAAV generate a domain specific media independent handover service root key (DS-MIHS-RK) by using the DSRK respectively. The AAAV sends the DS-MIHS-RK to a visited domain media independent handover (MIH) authenticator. Thus, cumbersomeness and risks of errors in configuring and authenticating a password manually are avoided, so that large-scale and secure deployment of the MIH service becomes possible.11-25-2010
20100299521KEY MANAGEMENT SYSTEM, KEY MANAGEMENT METHOD, SERVER APPARATUS AND PROGRAM - Disclosed is a key management system including plural terminal devices and a server. Each of the terminal devices includes: authentication means for authenticating a user and acquiring user information; delivery key registration means for registering a delivery key linked to the user information based on corresponding information, transmitted from the server, between the user information and the delivery key; encryption key receiving means for receiving an encryption key using the delivery key. The server includes terminal information storage means for storing the terminal identification information, user information on the user utilizing the terminal device and the delivery key, wherein the terminal identification information, the user information and the delivery key are linked to each other; and encryption key delivering means for transmitting the encryption key using the delivery key linked to the user information on the user performing secret communication.11-25-2010
20120233463Cluster Federation and Trust - An improved scalable object storage system allows multiple clusters to work together. In one embodiment, a trust and federation relationship is established between a first cluster and a second cluster. This is done by designating a first cluster as a trust root. The trust root receives contact from another cluster, and the two clusters exchange cryptographic credentials. The two clusters mutually authenticate each other based upon the credentials, and optionally relative to a third information service, and establish a service connection. Services from the remote cluster are registered as being available to the cluster designated as the trust root. Multi-cluster gateways can also be designated as the trust root, and joined clusters can be mutually untrusting. Two one-way trust and federation relationships can be set up to form a trusted bidirectional channel.09-13-2012
20120233460SERVER-AIDED MULTI-PARTY PROTOCOLS - The disclosed architecture employs techniques that make secure multi-party computation (MPC) practical and scalable. In support of utilizing cloud computing, for example, for evaluating functionality, a third party server can be employed which does not have any input to the computation and does not receive any output from the computation, yet has a vast amount of computational resources. Accordingly, the secure MPC architecture can outsource as much as possible of the computation and communications burden of the parties without the server(s) learning any information about the party inputs.09-13-2012
20100031038METHOD TO ALLOW SECURE COMMUNICATIONS AMONG COMMUNICATION UNITS - A first communication unit receives an encrypted transmission from a second communication unit. The encrypted transmission was encrypted by the second communication unit using a first encryption key. The first communication unit compares the first encryption key to an encryption key associated with the first communication unit. If the first encryption key matches the encryption key associated with the first communication unit, the first communication unit processes the encrypted transmission further. If the first encryption key does not match the encryption key associated with the first communication unit, the first communication unit compares the first encryption key to an encryption key associated with the second communication unit. If the first encryption key matches the encryption key associated with the second communication unit, the first communication unit processes the encrypted transmission further; otherwise, the first communication unit does not process the encrypted transmission further.02-04-2010
20120233462METHOD AND SYSTEM FOR AUTOMATICALLY LOGGING IN A CLIENT - A method and system for automatically logging in a client is disclosed in the present invention, mainly comprising: use encrypted ICCID for the authentification of user's identity during automatic login; when authentification is passed, determine the account information corresponding to the identification of the client to be logged in currently by the user, and log in the client automatically with the determined account information, so that the user can conveniently manage the account information corresponding to each client when he guarantees the security of the account information simultaneously, avoiding the troublesome inputting of username and password of the account and achieving the purpose of automatically logging in a client.09-13-2012
20130173919Method and System for Activation of Local Content with Legacy Streaming Systems - A method and system for activation of local content with legacy streaming systems are disclosed. In one embodiment, a storage device stores encrypted content. The encrypted content can be preloaded or downloaded into the storage device. To consume the content, a host device using the storage device receives a stream of data from a network. The host device then derives a key from the received stream of data and decrypts the encrypted content using the key derived from the received stream of data. Other embodiments are possible, and each of the embodiments can be used alone or together in combination.07-04-2013
20120254613INFORMATION PROCESSING APPARATUS AND AUTHENTICATION BYPASSING METHOD - In an information processing apparatus, when a command does not include information relating to whether to perform or not to perform authentication of firmware or a first control unit, authentication or authentication bypassing is performed based on a power state and an operation table, and when the command does include the information, the authentication or the authentication bypassing is performed based on the command.10-04-2012
20120254612Privacy-Preserving Probabilistic Inference Based on Hidden Markov Models - A probability of an observation sequence stored at a client is evaluated securely with respect to a hidden Markov model (HMM) stored at a server. The server determines, for each state of the HMM, an encryption of a log-probability of a current element of the observation sequence. Determines, for each state of the HMM, an encryption of a log-summation of a product of a likelihood of the observation sequence based on a previous element of the observation sequence and a transition probability to the state of the HMM. Determines an encryption of a log-likelihood of the observation sequence for each state as a product of the encryption of a log-summation and an encryption of a corresponding log-probability of the current element of the observation sequence; and determines an encryption of the log-probability of the observation sequence based on the log-likelihood of the observation sequence for each state.10-04-2012
20120254614NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM, INFORMATION COMMUNICATION DEVICE AND METHOD - A program causes a PC 10-04-2012
20090070584Method for Providing, Distributing and Engraving Digital Data and Associated Distribution Server - The invention relates to a method for engraving digital data received from a remote server. The inventive method consists in acquiring an identifier of a secured disc used for receiving digital data, in transmitting the identifier and a digital data loading instruction to the remote server, in receiving digital date scrambled by at least one second encryption key and second encryption keys by a first encryption key and in engraving scrambled digital data and the second encryption keys on the secured disc. A providing and distributing methods and a distribution server are also disclosed.03-12-2009
20120185694INFORMATION PROCESSING APPARATUS, A SERVER APPARATUS, A METHOD OF AN INFORMATION PROCESSING APPARATUS, A METHOD OF A SERVER APPARATUS, AND AN APPARATUS EXECUTABLE PROGRAM - To provide an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program.07-19-2012
20100293374Secure Portable Memory Storage Device - A wireless secure authentication system for portable memory storage devices to prevent unauthorized transfer of stored data. The system includes a memory device such as a USB storage device that is capable of data storage. A wireless receiver and/or transmitter on the device receives and/or transmits an external signal from and/or to an external remote device, such as RFID card, bluetooth receiver, cellular telephone or any other wireless device. The device does not allow data to be accessed in the memory of the device until it receives an appropriate signal from the external device. Once the appropriate signal has been received, data transfer is allowed. In the event that the signal is lost, the data transfer is terminated and access to the data is not permitted. Examples of the system includes a USB memory device that requires a RFID card with an encrypted signal to be within a dedicated perimeter from the device.11-18-2010
20090327714System and Method for End-to-End Electronic Mail-Encryption - The present disclosure provides a system and method for end-to-end electronic mail encryption. In one embodiment, the sender contacts a payload-encryption-packet creation server which receives the message the sender would like to encrypt, generates an encrypted message and a payload-encryption-packet, and returns both to the sender. The sender then uses his regular email infrastructure to transmit to the recipient the encrypted message and the payload-encryption-packet as a single email. Upon receiving the sender's email, the recipient contacts a payload-encryption-packet processing server and sends it the payload-encryption-packet and authorization information. Depending on the validity of the authorization information, said server processes the payload-encryption-packet and provides the recipient with information usable for extracting the original message from the encrypted message.12-31-2009
20090327713SYSTEM AND METHOD FOR ESTABLISHING BEARER-INDEPENDENT AND SECURE CONNECTIONS - A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.12-31-2009
20120084564SECURITY OPERATION METHOD AND SYSTEM FOR ACCESS POINT - A system and a method of operating a security for an Access Point (AP) are provided. The method includes sending, by a mobile terminal, a key code conversion request message to the AP, generating, by the AP, a conversion key code in response to the key code conversion request message, sending, by the AP, the generated conversion key code to the mobile terminal, and accessing, by the mobile terminal, the AP based on the received conversion key code.04-05-2012
20120084562METHODS AND SYSTEMS FOR UPDATING A SECURE BOOT DEVICE USING CRYPTOGRAPHICALLY SECURED COMMUNICATIONS ACROSS UNSECURED NETWORKS - Methods and systems for updating a virtual terminal associated with a secure network are disclosed. One method includes validating at a service enclave an identity of a user of a virtual terminal. The service enclave includes an authorization server, and the virtual terminal is generated from a trusted set of processing modules executing from a secure boot device at a client computing device. The method further includes authorizing the user of the virtual terminal to access a customer enclave and an update enclave based on security credentials received from the virtual terminal. The method also includes, while the user of the virtual terminal establishes a secure connection between the client computing device and the customer enclave, transmitting updates from the update enclave to the client computing device, thereby updating the trusted set of processing modules.04-05-2012
20120084561TOKEN-BASED AUTHENTICATION USING MIDDLE TIER - An intermediary system that facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request.04-05-2012
20120260091Methods and Apparatus for Authenticating Data as Originating from a Storage and Processing Device and for Securing Software and Data Stored on the Storage and Processing Device - Techniques are described for using unique features of a storage medium for authentication of data as originating from the storage medium, and also for installing software and data to a storage medium in a way which inhibits unauthorized copying of the software and data to another storage medium. Cryptoprocessing keys are created using unique features of the storage medium such as location information related to storage of selected elements of a software installation on the storage medium, or alternatively defective block information relating to the storage medium. The cryptoprocessing keys are used to encrypt data for transmission to a remote server. The remote server uses the cryptoprocessing keys to decrypt the data and authenticates the data as having been encrypted with the correct keys.10-11-2012
20120260092METHOD FOR SUPPORTING A REPUTATION MECHANISM IN A NETWORK AND NETWORK - Method for supporting a reputation mechanism in a network including one or more domains with one or more users being connected to the domains, one or more Identity Providers that manage identity information, and at least one entity that functions as Web Service Consumer for the users. When a user requests a Web Service Consumer of one of the domains for a web service provided by a Web Service Provider, the requested Web Service Consumer requests its known Identity Providers regarding a recommendation of the Web Service Provider. The Identity Providers function as recommendation aggregators by collecting reputation assessments of the Web Service Provider from entities registered on the Identity Providers who return an aggregated recommendation to the requested Web Service Consumer that determines a trust assessment about the Web Service Provider. A privacy homomorphism is employed for providing an encrypted exchange of recommendation related information.10-11-2012
20120226906Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP - A method of authenticating and encrypting a client-server communication is provided. Two one-time passwords (OTP09-06-2012
20120226908System and Methods for Web-Application Communication - A system for providing communication between one or more clients (09-06-2012
20120226907Method and Apparatus For Article Authentication - An authentication method for authenticating an article in a device includes the steps of (a) reading an identification number stored on the article, (b) reading an authentication number stored on the article, (c) determining an input number based at least in part on the identification number, (d) applying an authentication function to the input number to calculate an output number, (e) determining that the article is authentic only if the authentication number corresponds to the output number, and (f) permitting use of the article in the device if the article is authentic, and disabling use of the article in the device if the article is not authentic.09-06-2012
20120260090APPARATUS AND METHODS FOR STORING ELECTRONIC ACCESS CLIENTS - Apparatus and methods for storing and controlling access control clients. In one embodiment, transmitting and receiving devices ensure that only one copy of an eSIM is active at any time. Specifically, each transferred eSIM is encrypted for the destination device; the eSIM from the source device is deleted, deactivated, or otherwise rendered unusable. Various aspects of network infrastructure are also described, including electronic Universal Integrated Circuit Card (eUICC) appliances, and mobile devices. Various scenarios for transfer of eSIMs are also disclosed.10-11-2012
20090019282Anonymous authentication method based on an asymmetic cryptographic algorithm - A method for authenticating at least one client entity (A) by means of an authentication entity (B) based on a public key encryption (ASYM(PB,R))/decryption (ASYM(SB,R′)) algorithm, implemented on the client entity side and authentication entity side, respectively, including, on the client entity side: 01-15-2009
20120233464PCI DSS COMPLIANT PROXY SERVICE - The innovation includes systems and methods of facilitating electronic commerce (e-commerce) via a proxy service. Such a method can include the acts of receiving a hypertext transfer protocol with secure socket layer (HTTPS) request from a client application and translating the HTTPS request to a format appropriate for an e-commerce web application. Additionally, such a method can include the steps of sending the translated request to the e-commerce web application via HTTPS and receiving a response based at least in part on the translated HTTPS request. The method can also include the acts of translating the HTTPS response to a format appropriate for the client application and sending the translated response to the client application via HTTPS. Secure information can be encrypted and stored at the client application separately from the encryption key, which can be stored by the proxy service.09-13-2012
20120233465Distribution of Credentials - The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.09-13-2012
20080301443MOBILITY DEVICE PLATFORM - A mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device. Further, the mobility device management server is operable to perform one or more mobility device management functions to provide encryption keys to cooperating mobility devices and to authenticate and verify cooperating mobility devices requesting web services from the mobility device management server. The mobility device management server and mobility device may further operate to perform authentication and verification using user identification and password information.12-04-2008
20080301441Secure Channel For Image Transmission - Systems, devices, and methods for establishing a secure session for the transmission of data from an input device to a remote server device is disclosed. The input device may be an electronic check scanner attached to a banking customer's home personal computer. The customer may visit a bank's Internet website using the web browser or other application on their personal computer, and then submit scanned images of check to the bank. The bank, however, to ensure security and prevent fraud, may wish to establish a secure session between the devices and components in the system before the image data may be scanned and transmitted.12-04-2008
20120265991SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING - A method for enabling efficient SSL handshakes through pre-computing of handshake messages, the method includes: receiving, by an appliance, a server certificate identifying a server; generating, by the appliance, at least one of: (i) an SSL server certificate message comprising the received server certificate, (ii) an SSL client certificate request message, and (iii) an SSL hello done message; storing, by the appliance, the generated messages; receiving, by the appliance from a client, an SSL client hello message identifying the server; and transmitting, by the appliance to the client, an SSL server hello message and at least one of the stored messages. Corresponding systems are also described.10-18-2012
20120265990AUTHENTICATION SYSTEM, METHOD AND DEVICE - An authentication system, method and device are provided in the present application. The authentication system includes an Application Server (AS) for providing non Internet protocol Multimedia Subsystem (IMS) service, an authentication gateway and an IMS terminal. The AS forwards a connection request message sent by the IMS terminal to said authentication gateway, the authentication gateway sends a obtained first random number to said IMS terminal through the AS, the IMS terminal generates a first Response (RES) value according to the first random number and sends the generated first RES value to the authentication gateway through the AS, and if the received first response value and an obtained Expected Response (XRES) value is found coincident after being compared by the authentication gateway, the authentication gateway determines that the authentication to the IMS terminal is passed, and indicates the AS to provide non IMS service for the IMS terminal. By using the technical solutions of the present application, solved is the problem existed in prior art that non IMS AS needs to authenticate each of IMS terminals respectively for obtaining non IMS service and thus reducing the service processing efficiency of the AS.10-18-2012
20110004759MASS SUBSCRIBER MANAGEMENT - An authentication and mass subscriber management technique is provided by employing a key table derived as a subset of a larger key pool, a network edge device, and authentication tokens attached on both the network edge device and on a subscriber's computing device. The network edge device and subscriber's computing device are provided with secure, tamper-resistant network keys for encrypting all transactions across the wired/wireless segment between supplicant (subscriber) and authenticator (network edge device). In an embodiment of the invention, a secure, secret user key is shared between a number of subscribers based upon commonalities between serial numbers of those subscribers' tokens. In another embodiment of the invention, a unique session key is generated for each subscriber even though multiple subscribers connected to the same network connection point might have identical pre-stored secret keys.01-06-2011
20110004758Application Specific Master Key Selection in Evolved Networks - An authentication method comprises providing a set of N plural number of master keys both to a user terminal (01-06-2011
20110004757Apparatus, Method, System and Program for Secure Communication - Embodiments provide an apparatus, method, product and storage medium for secure communication, wherein a message is sent over a secure signalling path to a recipient, the message including a value indicating a key for encrypting or decrypting information for secure communication, or a key derivation value for deriving a key. The message further includes an indication indicating the type of usage of the value. The receiver of the message may return a message which also includes a key or key derivation value and an indication indicating the type of key or type of usage of the value.01-06-2011
20110004756GPS-BASED PROVISIONING FOR MOBILE TERMINALS - A computing device to enable a feature thereof according to a current location and a control method thereof, the computing device including: a location unit to determine the current location of the computing device; and a licensing unit to determine whether the current location corresponds to a predetermined authorized location, and to enable the feature if the current location corresponds to the authorized location. Accordingly, a permission to use a software feature or a hardware feature of the computing device can be controlled according to the current location of the computing device.01-06-2011
20110004755User information providing system - In the system, when the service providing apparatus is used through the multi-functional peripheral, user authentication is performed and user information is provided to the service providing apparatus, and the authenticating apparatus holds authentication information and user information associating each information with identification information of a user, performs user authentication based on the input of the authentication information of the user for the multi-functional peripheral, transmits the identification information of the user to the multi-functional peripheral by authentication, and is allowed access to the service providing apparatus through the multi-functional peripheral by receiving the identification information, and the service providing apparatus, by receiving a service request from the multi-functional peripheral and the identification information, transmits the identification information to the authenticating apparatus, and thereby obtains user information transmitted from the authenticating apparatus.01-06-2011
20110004754Method And Apparatuses For Authentication And Reauthentication Of A User With First And Second Authentication Procedures - A method of authenticating a user to a network, the user being in possession of first and second authentication credentials associated respectively with first and second authentication procedures. The method comprises sending a challenge from the network to the user according to said second authentication procedure, receiving the challenge at the user and computing a response using said first credential or keying material obtained during an earlier running of said first authentication procedure, and said second credential, sending the response from the user to the network, and receiving the response within the network and using the response to authenticate the user according to said second authentication procedure.01-06-2011
20120265989SECURE LOGIN METHOD - The present invention provides a secure login method, including connecting a user end to a server end via internet and accessing user end information by the server end; generating or selecting an algorithm corresponding to the user end information by the user end according to a predetermined rule; and providing a website page to the user end by the server end, and encrypting information entered into the website page by the algorithm provided via the website page and to storing the encrypted information in the user end. While the user end is re-connected to the server end and logins the server end, the website provided to the user end uses the algorithm to decrypt the encrypted information stored in the user end, and the decrypted information is entered into the website page. Accordingly, the present invention prevents hackers from stealing others' cookies, so as to secure the user's information.10-18-2012
20110131413APPARATUS AND METHOD FOR DYNAMIC UPDATE OF SOFTWARE-BASED IPTV CONDITIONAL ACCESS SYSTEM - The apparatus for dynamic update of a software-based IPTV conditional access system includes: a server master key manager managing a master key and encrypting a conditional access code ID; a conditional access server manager generating and managing a server list, linking and storing an update policy with the conditional access server IDs included in the server list, and controlling execution of the conditional access server; and a conditional access code download server generating an ID map of set of conditional access codes by combining the plurality of conditional access codes and the plurality of conditional access code IDs that are encrypted, and transmitting the ID map of set of conditional access codes and the conditional access code to a receiver.06-02-2011
20110131412HTTP HEADER COMPRESSION - Techniques for HTTP header compression are described herein. In an implementation, an electronic device may be configured to enable compression/decompression of HTTP messages, including compression/decompression of information in the headers of the messages. A HTTP message is generated that contains at least a header and a body. The HTTP message is reformatted to place at least some of the header information into the body. Then, the body of the reformatted message having the header information is compressed to form a compressed HTTP message. Decompression may be applied by a recipient of the compressed HTTP message to reconstruct the original HTTP message.06-02-2011
20110131411Secure content based routing in mobile ad hoc networks - The present invention describes methods and systems for information dissemination in mobile ad hoc networks founded on Content Based Routing. The method comprises generating a first data packet at a source node, encoding, via an encoding logic within the source node, a plurality of information categories associated with the first data packet in a header of the first data packet, encrypting the first data packet with an encryption key unique to the plurality of information categories, generating a second data packet having a unique dissemination group identity in its header and the encrypted first data packet as a payload of the second data packet, disseminating the second data packet across a dissemination mesh, and receiving the second data packet at a destination node. The system comprises a host within the source node that generates a first data packet comprising a first packet header and the content within a first payload of the first data packet, an identity generator within the source node to receive the first data packet and to generate a dissemination group identity for a dissemination group, an encoding unit to encode within the first packet header a plurality of information categories associated with the content, an encryption unit for encrypting the first data packet with an encryption key unique to the dissemination group identity, such that a second data packet is formed, the second data packet having in a second header the dissemination group identity and in a second payload the encrypted first data packet, and a routing unit to disseminate the second data packet to the dissemination mesh.06-02-2011
20120239929HYBRID NETWORKING MASTER PASSPHRASE - A method and apparatus for providing a passphrase-based security setup for a hybrid network including multiple network interfaces configured for communicating over one or more communication media are provided. The method includes receiving a passphrase from a user at a network interface of the multiple network interfaces. The received passphrase is then used for authenticating the device for one or more network interfaces. The authentication can be performed irrespective of a communication medium used by the network interfaces.09-20-2012
20120239928Online Security Systems and Methods - Described are a system and method for securing an online transaction. A request is output from an electronic device to a verification server to perform an online transaction. The verification server generates a challenge request. The challenge request is encrypted with a private key of a pair of cryptographic keys. The encrypted challenge request is decrypted with a public key of the pair of cryptographic keys. The decrypted challenge request and the challenge request generated by the verification server are compared. A verification result is generated in response to the comparison.09-20-2012
20120239930Keyed PV Signatures - A system and method enabling a recipient correspondent of a keyed PV signature to convert it to a signature with properties similar to a traditional signature (i.e., where the message is public and may be verified by anyone), removing the keyed aspect of the signature. The recipient correspondent may transfer the converted signature to a third party and provide the third party with a proof of knowledge such that the third party may be convinced that the originator of the signature signed the message.09-20-2012
20110047380PEER-TO-PEER NETWORK INFORMATION STORAGE - In a typical peer-to-peer network, any user of the peer-to-peer network may request a lookup of a key and its associated value. To limit access to a stored key-value pair, a user node may register a key-value pair in a peer-to-peer network associated with an access list listing those user nodes which are authorized to access the key-value pair. The access list may include one or more retrieval identifiers. To further secure the information, the retrieval identifiers and/or the payload may be encrypted. To allow the retrieving user to decrypt an encrypted payload, the payload may be encrypted using a group key associated with the stored key-value pair. The group key may be encrypted using a key known to the retrieving user.02-24-2011
20110047379APPARATUS AND METHOD FOR TRANSMITTING DIGITAL MULTIMEDIA BROADCASTING DATA, AND METHOD AND APPARATUS FOR RECEIVING DIGITAL MULTIMEDIA BROADCASTING DATA - Provided are a method and apparatus for transmitting digital multimedia broadcasting data, and a method and apparatus for receiving digital multimedia broadcasting data. A basic audio signal and a multichannel audio signal are encoded to generate a basic audio stream and a multichannel audio stream, and a first data stream describing property and position data of the basic audio stream and a second data stream describing property and position data of the multichannel audio stream are transmitted as independent streams. According to the performance of the receiving apparatus, an audio signal may be decoded by using just the first data stream only or both the first data stream and the second stream.02-24-2011
20110047378SYSTEM AND METHOD FOR IDENTIFYING ACCOUNT AND PERIPHERAL DEVICE THEREOF - An account identification system, an account identification method, and a peripheral device thereof are provided, wherein the peripheral device has a private key. When a user is about to log into an identification server, besides identifying an account and a password of the user, the identification server further authenticates the peripheral device used by the user so as to identify the user and prevent the user's account from being misappropriated.02-24-2011
20110047377SECURE DIGITAL COMMUNICATIONS VIA BIOMETRIC KEY GENERATION - Systems and methods for secure communications in a communications network (02-24-2011
20120324223SYSTEMS AND METHODS FOR MAINTAINING DATA SECURITY ACROSS MULTIPLE ACTIVE DOMAINS - Systems and methods for maintaining data security across multiple active domains are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The primary domain includes a centralized key manager. In one embodiment, each domain includes its own local data vault and a replica of each data vault associated with every remote domain. Any domain can access the data vaults (local and replica) and retrieve a token created by any other domain. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found in the data vaults.12-20-2012
20120324224STATELESS HUMAN DETECTION FOR REAL-TIME MESSAGING SYSTEMS - Stateless human detection for real-time systems allows a real-time message system to challenge incoming messages suspected of being generated by an automated application. When a suspect message is detected, a challenge is presented to a sender of the message. The challenge is designed to require human intervention to provide a correct answer to the challenge. A challenge packet is sent with the challenge and includes a challenge answer and, possibly, a server identifier, a challenge identifier and/or a time stamp that can be used to prevent attacks on the challenge. The challenge packet is encrypted so that the sender cannot access the contents thereof. When the sender provides a response to the challenge, the sender returns the challenge packet. The challenge packet is decrypted and the challenge answer is compared to a sender answer. If the answers match, the sender is allowed subsequent access to the messaging system.12-20-2012
20110238993Agile Network Protocol For Secure Communications With Assured System Availability - A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.09-29-2011
20110238991CONTENT DECRYPTION DEVICE AND ENCRYPTION SYSTEM USING AN ADDITIONAL KEY LAYER - Various embodiments relate to a content decryption device for receiving a signal comprising encrypted content data and conditional access data. The conditional access data comprises one or more first keys. The content data is encrypted under one or more second keys. The device is configured for communicating with a secure module. The device comprises a signal input for receiving the signal from a head-end system and is configured for providing at least a portion of the conditional access data to the secure module to obtain the one or more first keys from the conditional access data. The device also has a decrypter, preferably a hardware descrambler, comprising a signal input for receiving at least the encrypted content data. The decrypter is configured for decrypting the encrypted content data under the one or more second keys to provide decrypted content data. A key provider, preferably a hardware component, is provided in the device configured for receiving the one or more first keys from the secure module and for providing the one or more second keys to the decrypter using the one or more first keys.09-29-2011
20110238990SYSTEM AND METHOD FOR SECURE AND/OR INTERACTIVE DISSEMINATION OF INFORMATION - An interactive information dissemination system includes a media server (09-29-2011
20110238989METHOD AND SYSTEM FOR SECURE COMMUNICATION USING HASH-BASED MESSAGE AUTHENTICATION CODES - A system and method for secure communication is provided. A first hash-based message authentication code is generated from a shared secret and a first counter value stored in storage of a computing device. A second hash-based message authentication code is generated from such shared secret and a second counter value. An encryption key is derived from a function of the first hash-based message authentication code and the second hash-based message authentication code. A message is encrypted using the encryption key, and communicated via a network interface of the computing device.09-29-2011
20110238987ADAPTIVE CERTIFICATE DISTRIBUTION MECHANISM IN VEHICULAR NETWORKS USING FORWARD ERROR CORRECTING CODES - A method for improving the reliability and performance of Vehicle-to-Vehicle (V2V) networks where digital certificates are necessary for message authentication and some messages may be lost in transmission. The method uses Forward Error Correcting (FEC) codes to encode a digital certificate into multiple segments, and attaches one or more segment to each message transmitted. Nodes receiving the messages can reconstruct the certificate as long as they successfully receive a minimum number of the transmitted messages, where the minimum number is less than the total number of messages transmitted. This allows message authentication to continue uninterrupted, even in a network environment where some messages are lost in transmission. Two different types of FEC codes are described, and adaptive schemes are included to optimize message throughput based on such network conditions as node density.09-29-2011
20110238985METHOD AND APPARATUS FOR FACILITATING PROVISION OF CONTENT PROTECTED BY IDENTITY-BASED ENCRYPTION - An approach is provided for reducing communication traffic/cost and protecting content. A criterion application causes, at least in part, reception at a first recipient one or more first data encrypted with one or more first recipient criteria as a public key of identity-based encryption, the first data including one or more first instructions. The criterion application matches one or more second recipient criteria corresponding to the first recipient against the first recipient criteria that encrypted the first data. The criterion application decrypts with a first decryption key one or more of the first data corresponding to at least a matched one of the first recipient criteria, when one or more of the second recipient criteria match the at least one of the first recipient criteria. The criterion application executes automatically or on demand at the first recipient one or more of the first instructions included in decrypted first data.09-29-2011
20100250928CONTENT DATA, TRANSMITTING APPARATUS, RECEIVING APPARATUS AND DECODING METHOD - A transmitting apparatus 09-30-2010
20120278624INFORMATION PROCESSING APPARATUS, PRINT CONTROL APPARATUS, PRINT CONTROL SYSTEM, STORAGE MEDIUM OF STORING COMPUTER-READABLE PROGRAM, AND PROGRAM - An information processing apparatus, which encrypts print data (PDL), receives a personal identification code (PIN) input by a user, generates a random number (rnd), encrypts the generated random number by using the personal identification code or an encryption key generated based on the personal identification code, converts the personal identification code by using a predetermined function, and encrypts print data by using the random number as an encryption key, thereby maintaining security in the printing.11-01-2012
20120278622METHOD AND SYSTEM FOR ELECTRONIC CONTENT STORAGE AND RETRIEVAL WITH GALOIS FIELDS ON CLOUD COMPUTING NETWORKS - A method and system for electronic content storage and retrieval with Galois Fields on cloud computing networks. The electronic content is divided into plural portions and stored in plural cloud storage objects. Storage locations for the plural cloud storage objects are selected using a Galois field and the plural cloud storage objects are distributed across the cloud network. When the electronic content is requested, the plural portions are retrieved and transparently combined back into the original electronic content. No server network devices or target network devices can individually determine locations of all portions of the electronic content on the cloud communications network, thereby providing layers of security and privacy for the electronic content on the cloud communications network.11-01-2012
20120278623METHOD AND SYSTEM FOR SECRET COMMUNICATION BETWEEN NODES - The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified.11-01-2012
20120278621SYSTEM AND METHOD OF DATA INTERCEPTION AND CONVERSION IN A PROXY - An intercepting proxy server processes traffic between an enterprise user and a cloud application which provides Software as a Service (SaaS). The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating information by encrypting individual real data elements without disturbing the validity of the application protocol. To the processing cloud application real data are only visible as encrypted tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding sensitive real data. In this way, the enterprise is able to enjoy the benefits of the cloud application, while protecting the privacy of real data.11-01-2012
20120278620Forwarding E-Mail From A Wireless Device - A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients.11-01-2012
20120278619STREAMING VIDEO SERVER WITH VIRTUAL FILE SYSTEM AND METHODS FOR USE THEREWITH - A streaming video server generates a virtual file system that includes virtual addresses of a plurality of encrypted segments of a plurality of video programs at each of a plurality of bitrates, without storing the plurality of encrypted segments in persistent storage. A request is received from a client device to access a selected one of the plurality of video programs via a request to access the virtual file system. The plurality of encrypted segments of the selected one of the plurality of video programs are generated at a selected bitrate, in response to the request.11-01-2012
20120278618METHODS OF AUTHORIZING A COMPUTER LICENSE - A system and method of authorizing a product including transmitting from an end user device a character string, including a Transaction ID, to a licensing authority. The licensing authority encrypts the Transaction ID using an encryption key associated with a product for which the end user is seeking authorization to produce an Authorization number. Each product is associated with a different encryption key resulting in a different Authorization number being produced for each product based on the same Transaction ID. The licensing authority then returns the Authorization number to the end user device. A decryption processor associated with the end user device decrypts the Authorization number using an unchangeable decryption key and compares the decrypted Authorization number with the Transaction ID. If the decrypted Authorization number matches the Transaction ID the product is authorized.11-01-2012
20110252238Apparatus and Method for Efficiently and Securely Exchanging Connection Data - An apparatus, method, and machine-readable medium are described for securely and efficiently exchanging connection data for a peer-to-peer (“P2P”) session on a network comprising. For example, in one embodiment, a connection data exchange (“CDX”) service can perform the function of a central exchange point for connection data. In one embodiment, the CDX service can perform the operations of receiving a connection data structure, sometimes referred to herein as a “ticket,” created by a matchmaker or an invitation service in response to requests from a group of mobile computing devices attempting to establish peer-to-peer (“P2P”) connections. The ticket can identify each of the group of mobile computing devices and can include encrypted NAT hole punch data associated with each of the mobile computing devices. The CDX service can authenticate the ticket and decrypt the NAT hole punch data contained in the ticket using a CDX ticket key used by the matchmaker service or the invitation service to encrypt the ticket. Once the ticket is authenticated and the hole punch data retrieved, the CDX service can send connection data to each of the mobile computing devices residing behind NAT devices using the NAT hole punch data.10-13-2011
20120089836OBJECT DELIVERY AUTHENTICATION - A method and system for authenticating delivery including the steps of receiving by a receiver a delivery information package from a deliverer over a network during a communication between the receiver and the deliverer, wherein the delivery package includes deliverer identity information, sending an authentication request of the received delivery package from the receiver to an authentication module having a hardware processor, over at least one of a call network and an additional network, and authenticating the received delivery package using the deliverer identity information.04-12-2012
20120089834ESTABLISHMENT METHOD AND DEVICE FOR LINK BETWEEN ACCESS POINT AND REPEATER IN WIRELESS DISTRIBUTION SYSTEM - The present invention provides an establishment method and device for a link between an access point and a repeater in a wireless distribution system. The method comprises: starting the access point and the repeater in the wireless distribution system; the access point and the repeater transmitting an interactive message to each other, and obtaining channel information, channel encryption mode, cipher key information, and address information of an opposite end about the link between the access point and the repeater from the interactive message; the access point and the repeater establishing the link between the access point and the repeater according to the channel information, the channel encryption mode, the cipher key information, and the address information of the opposite end. The device comprises: a starting module, an interactive module, and an establishment module. The present invention overcomes the problem of the establishment method for a link between the access point and the repeater in a wireless distribution system, that is, it needs a user's manual input to determine the channel of the WDS link establishment, which causes the procedure of the link establishment is relatively troublesome. Furthermore, the present invention achieves the automatic optimal configurations on the channel of the WDS link, such that the operation of the user is more convenient and quicker, and the quality and the rate of the link are increased04-12-2012
20120089833SECURE DEPLOYMENT OF PROVABLE IDENTITY FOR DYNAMIC APPLICATION ENVIRONMENTS - An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have.04-12-2012
20120331294METHOD FOR SECURE REMOTE BACKUP - The present invention is directed to an architecture and mechanism for securely backing up files and directories on a local machine onto untrusted servers over an insecure network.12-27-2012
20110276801COMMUNICATING ADMISSION DECISIONS AND STATUS INFORMATION TO A CLIENT - In an example embodiment, a technique that employs a SAP/SDP packet to communicate data to a client device when a request for a multicast stream, such as a video stream, is denied. Rather than announcing a program, the SAP/SDP packet reports a status to the client device. The SAP/SDP packet may suitably comprise data representative of the video name, and a reason code, enabling the client device to provide an output, e.g. a text string, to a user associated with the client device indicating the reason for the denial. In addition, contact information such as an email address and a uniform resource locator (URL) pointing to a predetermined web page may also be included in the SAP/SDP packet that can inform the associated user of the client device where additional information can be obtained for the denial.11-10-2011
20120096266AUTHENTICATION SYSTEM - The authentication system includes a user node, a plurality of service nodes, an authentication database storage unit, an authentication unit, a user info nation database storage unit, and a key distribution unit. Each service node is configured to provide a service corresponding to its domain. The authentication database storage unit is configured to store a secret key of the user node for each domain. The user information database storage unit is configured to store an account used for associating a domain with the user node. The key distribution unit is configured to, upon receiving a domain change request from the user node and then confirming that the user information database stores the account associating the user node with a desired domain to which the user node intends to belong, obtain the secret key of the user node associated with the desired domain from the authentication database storage unit, and send the obtained secret key to the user node. The authentication unit is configured to create a session key, and encrypt the created session key with the secret key corresponding to the desired domain, and send the encrypted session key to the user node.04-19-2012
20120331292ELECTRONIC ACCESS CLIENT DISTRIBUTION APPARATUS AND METHODS - Apparatus and methods for distributing access control clients. In one exemplary embodiment, a network infrastructure is disclosed that enables delivery of electronic subscriber identity modules (eSIMs) to secure elements (e.g., electronic Universal Integrated Circuit Cards (eUICCs), etc.) The network architecture includes one or more of: (i) eSIM appliances, (ii) secure eSIM storages, (iii) eSIM managers, (iv) eUICC appliances, (v) eUICC managers, (vi) service provider consoles, (vii) account managers, (viii) Mobile Network Operator (MNO) systems, (ix) eUICCs that are local to one or more devices, and (x) depots. Moreover, each depot may include: (xi) eSIM inventory managers, (xii) system directory services, (xiii) communications managers, and/or (xiv) pending eSIM storages. Functions of the disclosed infrastructure can be flexibly partitioned and/or adapted such that individual parties can host portions of the infrastructure. Exemplary embodiments of the present invention can provide redundancy, thus ensuring maximal uptime for the overall network (or the portion thereof).12-27-2012
20110289316USER AUTHENTICATION - Embodiments of the present invention relate to a method and system in which a URI is signed using a private key (PKI), and the signed URI is sent to a second server where the signature is validated using the public key.11-24-2011
20110307697INFORMATION PROTECTION APPARATUS, INFORMATION PROTECTION METHOD, AND STORAGE MEDIUM - An apparatus for protecting information includes a hash value generating unit configured to identify a program file of a requester requesting information encrypted using a first hash value and to generate a second hash value of the identified program file, and a decryption unit configured to decrypt the information using the second hash value and if the information is successfully decrypted, to return the decrypted information to the requester.12-15-2011
20110320815Key Sharing System, Communication Terminal, Management Device, Key Sharing Method, and Computer Program - In a case where another user's communication terminal (nTE12-29-2011
20110320814SYSTEM AND METHOD OF AUTHENTICATION - Disclosed herein are systems, methods and computer readable media for performing authentication. The proposed scheme utilizes new algorithms that introduce randomness using a physical value for authentication. An exemplary method includes sharing an initial state value S(0) with a sender and a receiver, generating a sender S(t, v) based on a parameter t and an identifier v and based at least in part on the value S(0). The method includes generating a receiver S(t, v) from S(0) based on the parameter t and the identifier v wherein the parameter t is related to a physical value in authenticating the identifier v based on a comparison of the sender S(t, v) and the receiver S(t, v). The process of generating the sender S(t, v) and the receiver S(t, v) includes a random variable generated by a process such as by a random number generator, the Brownian Motion or Wiener Process. Other embodiments do not use the physical value for authentication.12-29-2011
20110320813Network system and authentication method thereof - A management server includes an encryption processor for individually scrambling a control program and authentication information in response to a transmission request from a terminal, a merging unit for merging the control program and the authentication information subsequent to scrambling, a communication control unit for transmitting the merge information to the terminal, and a permission signal generator for checking decrypted authentication information from the terminal against the original authentication information, and generating a permission signal that permits the control program to be installed if the decrypted authentication signal matches the original authentication signal. The terminal includes a communication control unit for transmitting the transmission request to the management server, a decryption processor unit for separating the control program and the authentication information from the merge signal from the management server, and individually decrypting the control program and the authentication information, the communication control unit for returning the decrypted authentication information to the management server, and an installation processor unit for starting installing the control program in response to a reception of the permission signal from the management server.12-29-2011
20120102327METHOD AND DEVICE FOR AUTHENTICATING COMPONENTS WITHIN AN AUTOMATIC TELLER MACHINE - The invention relates to a device and a method for authenticating components of an self-service automatic teller machine, wherein the components comprise unambiguous identification information that can be exchanged among the components, wherein an authentication of the components and/or the information exchanged between the components is carried out by the encryption and/or signature of the information on basis of identity based encryption (IBE) that uses the identification information of the components.04-26-2012
20120102326Facilitating Secure Communications - The claimed subject matter provides systems and methods for facilitating secure communications. The disclosed systems and methods can include components for receiving and processing user authentication information from users or other systems to selectively provide access to stored information. The stored information may be displayed on or accessed via interfaces that interact with components of the system. An embodiment provides for generating a message request based at least in part on at least one received user input, transmitting the message request to a server device, and receiving a message representation associated with the at least one user input that contains at least one resource identifier.04-26-2012
20120102325Methods And Apparatus For Protecting Digital Content - A processing system to serve as a source device for protected digital content comprises a processor and control logic. When used by the processor, the control logic causes the processing system to receive a digital certificate from a presentation device. The processing system then uses public key infrastructure (PKI) to determine whether the presentation device has been authorized by a certificate authority (CA) to receive protected content. The processing system may also generate a session key and use the session key to encrypt data. The processing system may transmit the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content. Presentation devices and repeaters may perform corresponding operations, thereby allowing content to be transmitted and presented in a protected manner. Other embodiments are described and claimed.04-26-2012
20120102324REMOTE VERIFICATION OF USER PRESENCE AND IDENTITY - A system for verifying presence and identity of a user on a remote computer comprises a server connected to a networked communication system; a remote computer including an interface for a digital key, wherein the remote computer is connected to the networked communication system; a digital key that connects to the remote computer via the interface, wherein the digital key contains an encrypted key; a processor on the remote computer for reading digital key from the digital key and transmitting the encrypted key to the server over the networked communications system; and a computer program executing on the remote computer that captures behavioral data of the user and transmits the behavioral data to the server over the networked communications system.04-26-2012
20120102323DATA SECURITY PROTECTION METHOD - A data security protection method generates dynamic encryption keys and dynamic decryption keys for a host and a client during data transmission between the host and the client. The host stores a host initial key K04-26-2012
20120102322PROCESSING OF COMMUNICATION DEVICE SIGNATURES FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS - A method for execution in a communication device, which comprises receiving a first data set and a second data set over a first communication path; receiving a series of requests over local communication path different from the first communication path; responding to a first one of the requests by releasing a first response including the first data set over the local communication path; and responding to a second one of the requests by releasing a second response including the second data set over the second communication path.04-26-2012
20120331293METHOD AND SYSTEM FOR SECURE OVER-THE-TOP LIVE VIDEO DELIVERY - A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.12-27-2012
20120331291MULTIMEDIA PROCESSING APPARATUS - According to one embodiment, a multimedia processing apparatus includes one or more first module, a second module, and a third module. The first module is configured to realize a function involved with a multimedia processing. The second module is configured to manage the first module. The third module is configured to control the first module or to perform a state transition of the first module through the second module. One of two modules out of the first to third modules holds a certificate that provides its personal identification. When a first processing is executed between the two modules, the other one of the two modules authenticates the one module by using the certificate held by the one module, and then, the two modules start the first processing.12-27-2012
20120331290Method and Apparatus for Establishing Trusted Communication With External Real-Time Clock - Embodiments of the present invention provide systems and methods to enable secure communication between a host processor and external real time counter (RTC) logic. In an embodiment, the host processor generates a message including a command to an external device containing the RTC. The external device verifies a Message Authentication Code (MAC) included in the message and responds to the command. Embodiments of the present invention advantageously provide a dedicated power domain for the external RTC logic while guarding against third party attacks on the RTC logic and the communication between the RTC logic and the host processor.12-27-2012
20120290843Privacy-Aware Content Protection System - A method and system are disclosed for preventing rendering of content at overlapping time periods on more rendering devices than permitted by a license associated with the content.11-15-2012
20120290839METHOD AND SYSTEM OF COMMUNICATING INFORMATION DISPLAYED AT A PUBLISHER DEVICE WITH A RECEIVER DEVICE - The invention provides a method of communicating a display of information at a publisher device with a receiver device for display at the receiver device, the method including receiving a push-through packet from the publisher device at a connect server, including data entered at the publisher device and a key, receiving a key from the receiver device, comparing the keys received from the publisher and receiver devices to determine if a match exists and transmitting a push-through packet, including the data, from the connect server to the receiver device if a match exists between the keys received from the publisher and receiver devices.11-15-2012
20120290840PIER-TO-PIER EVENT-TIME SECURED LINK ESTABLISHMENT - A method establishes a secure authenticated connection between two devices. The method includes (A) obtaining data related to a tapping event between a first device and a second device, the data including time data of the tapping event; (B) selecting, by the first device, a target device; (C) establishing a non-authenticated secure communication link between the first device and the target device; (D) sending, by the first device, a challenge communication to the target device, the challenge communication including a request for a further data related to the tapping event; (E) receiving, by the first device, a response communication in response to the challenge communication, the response including the further data; (F) determining if the target device is the second device by matching the data with the further data; (G) if the target device is the second device, establishing a secure authenticated communication link between the first and second devices.11-15-2012
20120290838System and Method for Web-Based Security Authentication - A security authentication method comprises establishing a user account associated with a login credential, generating an encryption salt, generating graphical key images of a plurality of sequences of values each beginning at a random point, generating encrypted key values by encrypting each value in the plurality of sequences using the generated encryption salt, incorporating the graphical key images and encrypted key values into a displayable input form, receiving user input including a plurality of encrypted key values, generating decrypted key values by decrypting the encrypted key values of the user input using the encryption salt, and verifying that the decrypted key values match the login credential.11-15-2012
20100205435METHOD FOR IMPLEMENTING LOCATION BASED SERVICES, METHOD FOR BROADCASTING GEOGRAPHIC LOCATION INFORMATION OF BASE STATION, AND DEVICE THEREOF - A method and device for broadcasting geographic location information of a base station (BS) and relates to radio communication technologies is disclosed. The purpose is to improve the security of the world interoperability for microwave access (WiMAX) network in the provisioning of location based services (LBS) in the prior art. A method for implementing LBSs includes: In a WiMAX system providing LBSs, the system obtains an encryption key for encrypting the geographic location information of the BS; and encrypts the broadcasted geographic location information of the BS based on the obtained key. The technical solution of the disclosure may be applied in the WiMAX system.08-12-2010
20100199091Authentication and Encryption for Secure Data Transmission - A system and method for authenticating and encrypting messages for secure transmission is disclosed. A frame to be transmitted between devices comprises a frame header and a frame body. The frame body includes a security sequence number (SSN), frame payload, and message integrity code (MIC). The SSN is incremented by one for each frame transmitted using a same pairwise temporal key (PTK). A nonce is formed using the frame header and the SSN. Counter blocks Ctr08-05-2010
20100199090Secure Communication Between An Electronic Label And A Reader - The invention relates to a secure communication between an electronic label (A) and a reader (B), in particular for the authentication of the label by the reader, in which: the reader (08-05-2010
20100199089CENTRALIZED AUTHENTICATION SYSTEM WITH SAFE PRIVATE DATA STORAGE AND METHOD - A token-based centralized authentication method for providing access to a service provider to user information associated with a user's relationship with the service provider includes the steps of: authenticating a user presenting a user token at a user terminal, the user token having stored thereon a user ID; deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information; retrieving the user information from the storage network using the resource identifier; and providing the retrieved user information to the service provider.08-05-2010
20130013925System and Method for Authentication via a Proximate Device - Techniques are provided to authenticate components in a system. Users may enter credentials into an input device and the credentials may be authenticated and/or securely transmitted to the components. The components may then provide the credentials to a server in the system. Strong authentication may thus be provided to the effect that credentials associated with specific users have been received from specific components in the system. The server may then enable the components to access selected services.01-10-2013
20130013923METHODS FOR OBTAINING AUTHENTICATION CREDENTIALS FOR ATTACHING A WIRELESS DEVICE TO A FOREIGN 3GPP WIRELESS DOMAIN - A method for obtaining authentication credentials for attaching a wireless device to a foreign wireless domain in a 3rd Generation Partnership Project (3GPP) communication system, which includes: receiving an attach request message from the wireless device; and responsive to the attach request message, authenticating the wireless device and retrieving a set of authentication vectors, wherein the authentication vectors are for authenticating the wireless device to the foreign wireless domain. The method further includes encrypting the set of authentication vectors using a first security key of a home wireless domain of the wireless device. In addition, the method includes encrypting the first security key using a second security key of the foreign wireless domain and sending the encrypted set of authentication vectors and the encrypted first security key to the wireless device.01-10-2013
20130013920DYNAMIC DATA-PROTECTION POLICIES WITHIN A REQUEST-REPLY MESSAGE QUEUING ENVIRONMENT - A request to process a request message using a request queue within a request-reply messaging environment is detected at a dynamic data protection module. At least one authorized sender module and a sole authorized recipient module of a response message to the request message is identified using a request queue policy of the request queue. A reply queue policy is dynamically created to process the response message using the identified at least one authorized sender module and the sole authorized recipient module of the response message. The dynamically-created reply queue policy is associated with a reply queue. The response message is processed responsive to a request to process the response message using the dynamically-created reply queue policy and the associated reply queue.01-10-2013
20130013924DYNAMIC DATA-PROTECTION POLICIES WITHIN A REQUEST-REPLY MESSAGE QUEUING ENVIRONMENT - A request to process a request message using a request queue within a request-reply messaging environment is detected at a dynamic data protection module. At least one authorized sender module and a sole authorized recipient module of a response message to the request message is identified using a request queue policy of the request queue. A reply queue policy is dynamically created to process the response message using the identified at least one authorized sender module and the sole authorized recipient module of the response message. The dynamically-created reply queue policy is associated with a reply queue. The response message is processed responsive to a request to process the response message using the dynamically-created reply queue policy and the associated reply queue.01-10-2013
20100131760CONTENT USING SYSTEM AND CONTENT USING METHOD - For an audio-visual terminal that reproduces content, anonymity of a user is ensured while enabling reproduction of the content. A content using system of the present invention includes a communication terminal, an audio-visual terminal and a license server. The communication terminal generates an electronic ticket by providing a group sign to license information obtained from the license server. The audio-visual terminal, after verifying the group sign of the electronic ticket obtained from the communication terminal, transmits the electronic ticket to the license server. The license server judges whether or not the electronic ticket is usable, which is transmitted from the audio-visual terminal and assigns a license of the content to the audio-visual terminal when the electronic ticket is judged to be usable. The audio-visual terminal decrypts the content which is encrypted, by using a decryption key obtained based on the license, and reproduces the content.05-27-2010
20100131759METHOD AND SYSTEM FOR AUTHENTICATING SENDERS AND RECIPIENTS IN A CARRIER SYSTEM AND PROVIDING RECEIPT OF SPECIFIED CONTENT BY A RECIPIENT - Methods and systems for authenticating senders and recipients in a carrier system and providing receipt of specified content by a recipient are provided. A one-time recipient identification code is generated that can be entered into the delivery agent's portable terminal. Data is protected against eavesdropping by encryption and by splitting cipher text and an encryption key into two parts that are not accessible to any single party except at the moment of the mail unit delivery.05-27-2010
20120151213Method and System for Managing Home Gateway Digital Certifications - The present invention discloses a method and system for managing digital certificates in a home gateway, the method comprising: a network management server sending certificate management information to the home gateway via the Technical Report-069.CPE WAN Management Protocol (TR069) packet, and remotely managing the digital certificates in the home gateway; after the home gateway receives the TR069 packet, it manages the digital certificates according to the certificate management information in the packet as follows: add digital certificates, update digital certificates, or delete digital certificates. With the technical solution of the present invention, the remote management for digital certificates in the home gateway can be achieved.06-14-2012
20120151211SYSTEMS, METHODS AND APPARATUS TO APPLY PERMISSIONS TO APPLICATIONS - Methods and apparatus are disclosed to apply permissions to applications. A disclosed example method includes navigating to a first network address of a first network entity and downloading an application from the first network entity, disabling all network address communication except for the first network address, sending an authorization request to a second network entity via the first network address, and authorizing the application to execute when an indication of authentication is received from the second network entity via the first network address.06-14-2012
20130019097Method and Apparatus for Securing Communication Between a Mobile Node and a Network - In accordance with the teachings of the present invention, a method and apparatus is presented for securely negotiating a session key between a mobile node and a network node, such as a first hop IP router. A session key is encoded using asymmetric encryption. The encrypted session key is then communicated to the first hop IP router for later use. In accordance with another teaching of the present invention, the session key is then used by the mobile node and a first hop IP router to authenticate a message. Lastly, in accordance with the third teaching of the present invention, a standardized protocol is used to securely negotiate the session key between the mobile node and the first hop IP router.01-17-2013
20130019096SYSTEM AND METHOD FOR COMMUNICATING BETWEEN DIFFERENT ENTITIES USING DIFFERENT DATA PORTIONS FOR DIFFERENT CHANNELS - A first entity for communicating with a second entity and a third entity includes a data subdivider for subdividing a data entity into a first data portion and a second data portion. The data portions are processed by an output interface for transmitting a first message to the third entity and the second message to the second entity. In the third entity, the data portion directly received from the first entity and the other data portion received via the second entity are reassembled.01-17-2013
20110154037SECURE DIGITAL COMMUNICATIONS - There is disclosed a method in a communications system for enabling authentication of a sender device and a receiver device in the communication system, wherein the sender device is associated with a self-generated first identity and a first master device, the receiver device is associated with a self-generated second identity and a second master device and wherein the authentication is enabled by utilizing the first master device and the second master device for the sender device and the receiver device to verify the identities of each other. In one embodiment, both the sender device and the receiver device are also associated with a third device ant the third device is used in addition to the master devices for verifying said identities. There is also disclosed a method In a sender device, a method in a receiver device, a method in a third device, a sender device, a receiver device, a third device, and a computer program product for the same.06-23-2011
20110161668METHOD AND DEVICES FOR DISTRIBUTING MEDIA CONTENTS AND RELATED COMPUTER PROGRAM PRODUCT - A method of distributing media content over networks where content is shared includes coupling downloading metadata, which is accessed to start downloading media contents from the network, with semantic metadata representative of the semantic information associated with at least one of the content, and with source metadata indicative of the source of the media content. At least one of the semantic and the source metadata may be made accessible without downloading, even partially, the media content. A digital signature may also be applied to the metadata to enable the verification that, at reception, the metadata is intact and has not been subjected to malicious tampering.06-30-2011
20130024688METHODS OF PROVIDING AN INTEGRATED AND MUTUAL AUTHENTICATION IN A COMMUNICATION NETWORK - A service ticket request is transmitted to a key distribution center in response to providing the security credential. In response to the transmitting, a session key encrypted with a TGT session key shared between a SIP client and a Kerberos authentication server, and a service ticket encrypted with a SIP service key shared between a SIP server and the Kerberos authentication server are received. The service ticket includes the session key. The session key, encrypted with the SIP session key shared between the SIP client and the Kerberos authentication server, is decrypted by the SIP client. The service ticket is transmitted to a SIP server. The SIP server decrypts the service ticket using the SIP service key shared between the SIP server and the Kerberos authentication server and stores the session key. The session key is utilized for mutual digest authentication between the SIP client and the SIP server.01-24-2013
20130024689Method and System for Providing Secret-Less Application Framework - In one embodiment, providing, by a client device, device information and key data over a network to a server device, the device information uniquely identifying the client device; generating a device key, by a device key generation logic, at the server device based on the device information; receiving a module from the server device, the module comprising a bound content key and the device key generation logic, wherein the bound content key is encrypted by the device key at the server device; and processing protected content using the module.01-24-2013
20130024691Method and Apparatus for Securing Communication Between a Mobile Node and a Network - In accordance with the teachings of the present invention, a method and apparatus is presented for securely negotiating a session key between a mobile node and a network node, such as a first hop IP router. A session key is encoded using asymmetric encryption. The encrypted session key is then communicated to the first hop IP router for later use. In accordance with another teaching of the present invention, the session key is then used by the mobile node and a first hop IP router to authenticate a message. Lastly, in accordance with the third teaching of the present invention, a standardized protocol is used to securely negotiate the session key between the mobile node and the first hop IP router.01-24-2013
20130173920SYSTEM AND METHOD FOR AUTOMATICALLY VERIFYING STORAGE OF REDUNDANT CONTENTS INTO COMMUNICATION EQUIPMENTS, BY DATA COMPARISON - A method is intended for verifying storage of contents into communication equipments connected to at least one communication network. This method consists, when a first communication equipment stores a content and wants to verify that this content is still stored into a second communication equipment: i) in transmitting a first request, comprising at least an identifier of this content and first data representative of this content and requiring verification of the storage of this content into the second communication equipment, to an auxiliary communication equipment acting as an interface between the communication network and the second communication equipment, ii) in transmitting a second request, comprising at least the content identifier, to the second communication equipment, to require transmission of second data representative of the content to the auxiliary communication equipment, and in triggering a timeout having a chosen duration, and iii) if the auxiliary communication equipment has received the second data before expiration of this timeout, in comparing these received second data, possibly after having processed them, to the received first data, and in transmitting a message representative of the result of this comparison to the first communication equipment.07-04-2013
20130173921SYSTEM AND METHOD FOR USING A STREAMING PROTOCOL - An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.07-04-2013
20130173922METHOD FOR CERTIFICATE-BASED AUTHENTICATION - A first subscriber authenticates himself to a second subscriber with a certificate associated to the first subscriber. The certificate specifies one or several characteristics, which have to be fulfilled by the second subscriber. In the course of the authentication, it is verified using the certificate whether the second subscriber fulfills the characteristics, wherein a criterion required for successful authentication is that the second subscriber fulfills the characteristics(s). Characteristics of the second subscriber are verified in the framework of the authentication process, the second subscriber representing the authenticator with respect to whom the authentication is carried out. In this way, certificates for authentication dedicated communication links between two communication partners can be determined. The method can be used for any subscribers in a communication network, e.g., representing components of an automation system, such as, for example, control devices, field devices, sensors, actuators and the like.07-04-2013
20110246776Method and Apparatus for Secure Key Delivery for Decrypting Bulk Digital Content Files at an Unsecure Site - Rather than downloading each content document on demand from the publisher location to the user site, at the publisher location, each content document is encrypted and then multiple encrypted documents are assembled into a distribution archive that is itself encrypted with a scheduled key. The distribution archive is then downloaded into a content server at the user site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents. The scheduled key used to decrypt an archive file is included with an archive file that was sent previously to the user site in accordance with the subscription service. The scheduled key to decrypt the first archive file sent to the user is sent from the publisher to the user over a communication channel different from the communication channel used to send the archive file from the publisher to the user.10-06-2011
20110246769SUBSYSTEM AUTHENTICITY AND INTEGRITY VERIFICATION (SAIV) - Systems and methods are disclosed for enhancing anti-terrorism public safety measures, by more securely determining whether explosives or other contraband have been inserted into notebook computer batteries or other large, replaceable subsystems of electronic devices. Because notebook computers typically require large, heavy batteries, they present attractive containers for smugglers and terrorists attempting to bring explosives onto an airplane. The disclosed security testing system provides more reliable results than many current tests, and does not require that the device under test be powered on. The systems and methods disclosed use out-of-band authentication for added security.10-06-2011
20110246775System and Method For Providing Unique Encryption Key - A system and method for providing a unique encryption key including a receiver, at a Voice over Internet Protocol (VoIP) adapter, configured to receive a configuration file, a processor, at the VoIP adapter, configured to decrypt the configuration file using a default key stored in the VoIP adapter, update one or more profile parameters of the configuration file, and install an encryption key at the VoIP adapter using the configuration file, and a transmitter, at the VoIP adapter, configured to register, with a network element, for network service using the updated configuration file such that the receiver is configured to receive network service from the network element when the updated configuration file is authenticated by the network element.10-06-2011
20110246774SECURING DIGITAL CONTENT SYSTEM AND METHOD - A system and method of encrypting digital content in a digital container and securely locking the encrypted content to a particular user and/or computer or other computing device is provided. The system uses a token-based authentication and authorization procedure and involves the use of an authentication/authorization server. This system provides a high level of encryption security equivalent to that provided by public key/asymmetric cryptography without the complexity and expense of the associated PKI infrastructure. The system enjoys the simplicity and ease of use of single key/symmetric cryptography without the risk inherent in passing unsecured hidden keys. The secured digital container when locked to a user or user's device may not open or permit access to the contents if the digital container is transferred to another user's device. The digital container provides a secure technique of distributing electronic content such as videos, text, data, photos, financial data, sales solicitations, or the like.10-06-2011
20110246773SYSTEM AND METHOD FOR UNATTENDED COMPUTER SYSTEM ACCESS - A secure access system, method and patch management system for access to a remote computer system is disclosed. The remote computer system requires local authentication to boot an operating system. A client module is arranged to be executed on the remote computer system upon booting of the computer system and is arranged upon execution to obtain access data over a network from an authentication system for access to the computer system and to use said access data to perform said local authentication at the remote computer system and boot said operating system. The authentication system being arranged to said store access data for the remote computer system in a data repository and being responsive to provide said access data to said client module over the network upon authentication of a request from the client module.10-06-2011
20110246772Secure client-side communication between multiple domains - Methods and systems for secure client-side communication between multiple domains is provided. Such methods and systems can provide for decreased communication latency particularly effective for dynamic multi-domain and/or multi-tenant environments while allowing for granular security or specific security of messages and operations with regard to users, user sessions, groups, organizations, permissions sets, applications, or any other logical delineation. Such methods and systems may involve a variety of security components, for example, at least one set of instructions including a plurality of defined instruction to be utilized by users of the set of instructions to communicate, and cryptographic construct data in order to verify the data integrity and the authenticity of messages sent and received using the secure client-side communication between multiple domains.10-06-2011
20110246771CONTENT REPRODUCING APPARATUS AND PROGRAM OF THE SAME - When continuously reproducing a plurality of contents, a content reproducing apparatus determines whether or not a remaining time of an expiration date of a session key is shorter than a total reproduction time of the plurality of contents to be continuously content. When it is determined that the remaining time of the expiration date of the session key is shorter than the total reproduction time of the plurality of contents to be continuously reproduced, a new session key is acquired from a server, and then the plurality of contents are continuously reproduced, using the new session key. When it is determined that the remaining time of the expiration date of the session key is not shorter than the total reproduction time of the plurality of contents to be continuously reproduced, the plurality of contents are continuously reproduced, using the current session key without acquiring the new session key from the server. This can prevent the continuous reproduction of the plurality of contents from being stopped due to the acquisition processing of the session key when the plurality of contents are continuously reproduced.10-06-2011
20110246770AUTHENTICATION METHOD, AUTHENTICATION SYSTEM, SERVER TERMINAL, CLIENT TERMINAL AND COMPUTER PROGRAMS THEREFOR - An authentication method between a client (10-06-2011
20110264913METHOD AND APPARATUS FOR INTERWORKING WITH SINGLE SIGN-ON AUTHENTICATION ARCHITECTURE - A method is provided for use in interworking a single sign-on authentication architecture and a further authentication architecture in a split terminal scenario. The split terminal scenario is one in which authentication under the single sign-on authentication architecture is required of a browsing agent (10-27-2011
20080222415AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.09-11-2008
20130179686Transaction Verification on RFID Enabled Payment and Transaction Instruments - A display enabled RFID tag (DERT) receives transaction details from the reader. DERT verifies that the details match their counterparts in the reader public key certificate. The process is aborted in case of a mismatch. DERT extracts and displays user-verifiable data. It then enters a countdown stage that lasts for a predetermined duration. A user observes the transaction information and, if the transaction amount and other details are deemed correct, presses an accept button provided on the DERT before the timer runs out. DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.07-11-2013
20130179687METHOD AND APPARATUS FOR AUTHENTICATING MULTICAST MESSAGES - The last link in an initialization hash chain, calculated by a transmitter based on its anchor value, is distributed as an initialization function value to a receiver in an initialization phase. Subsequently, a multicast message is received and stored by a receiver and an authentication key release message, containing a cryptographic authentication key, is received from the transmitter by the receiver. A cryptographic function value h, calculated by the receiver for the cryptographic authentication key using a prescribed cryptographic function, is compared with the initialization function value to check the validity of the cryptographic authentication key in the authentication key release message. The multicast message is authenticated by the receiver using the cryptographic authentication key which has been recognized as valid.07-11-2013
20130179688SYSTEM AND METHOD FOR ISSUING AN AUTHENTICATION KEY FOR AUTHENTICATING A USER IN A CPNS ENVIRONMENT - The present invention relates to a system and method for issuing an authentication key for authenticating a user in a CPNS environment. The system comprises a user terminal, a gateway and a CPNS device. The user terminal is equipped with a short-range wireless communication function, requests the gateway to register terminal information including an ID and password, encrypts the terminal information including the ID and password using the password, transmits an authentication request signal including the encrypted terminal information to the gateway, and receives an authentication key generated by a CPNS device. The CPNS device stores the terminal information, performs user authentication by decrypting the encrypted terminal information in response to the authentication request, generates an authentication key for the CPNS when a user is authenticated, encrypts the generated authentication key using the password, and transmits the encrypted authentication key to the user terminal through the gateway.07-11-2013
20130179685SECURE REMOTE PERIPHERAL ENCRYPTION TUNNEL - A Secure Remote Peripheral Encryption Tunnel (SeRPEnT) can be implemented in a portable embedded device for the Universal Serial Bus (USB) with a much more restricted attack surface than a general purpose client computer. The SeRPEnT device can comprise a small, low-power “cryptographic switchboard” that can operate in a trusted path mode and a pass-through mode. In the trusted path mode, the SeRPEnT device can tunnel connected peripherals through the client to a server with Virtual Machine (VM)-hosted applications. In the pass-through mode, the SeRPEnT device can pass-through the connected peripherals to the client system, allowing normal use of the local system by the user. SeRPEnT can also enable secure transactions between the user and server applications by only allowing input to the VMs to originate from the SeRPEnT device.07-11-2013
20130145162DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, a device includes first and second data generator, a one-way function processor, and a data output interface. The first data generator generates a second key by encrypting a host constant with a first key in AES operation. The second data generator generates a session key by encrypting a random number with a second key in AES operation. The one-way function processor generates authentication information by processing secret identification information with the session key in one-way function operation. The data output interface outputs the encrypted secret identification information, a family key block, and the authentication information to outside of the device.06-06-2013
20110271105METHOD AND APPARATUS FOR IMPLEMENTING A NOVEL ONE-WAY HASH FUNCTION ON HIGHLY CONSTRAINED DEVICES SUCH AS RFID TAGS - A method and apparatus for implementing a novel one-way hash function with provable security properties for authentication and non-authentication applications on highly constrained devices, with particular application to RFID tags.11-03-2011
20080215884Communication Terminal and Communication Method Thereof - A communication terminal capable of helping make communication with the other end more active and of enabling even elder people or the like, who are unaccustomed to operating information devices, to have telephone conversation, while readily displaying various video information through simple operation, thereby furthering warm communication. In this apparatus, an information storage processing part (09-04-2008
20130138956SYSTEMS AND METHODS OF AUTOMATIC MULTIMEDIA TRANSFER AND PLAYBACK - Digital rights management to protect copyrighted materials is a common element of consumers accessing content for a variety of uses including business and recreational. Such techniques have been generally deployed on small items of multimedia content such as individual tracks of music. However, at present despite the penetration of portable electronic devices for texting, telephony, email, and music their use by consumers for video, film, and large multimedia content has been limited in part due to the issues of downloading and handling individual files of hundreds or thousands of MB. It would therefore be beneficial to provide a means to download large multimedia content files and render these upon a variety of portable electronic devices whilst allowing the downloaded multimedia content to be securely stored within a portable memory device allowing the user to render the content upon their own electronic devices or other electronic devices without re-distributing the content.05-30-2013
20130091356OPTIMIZING WEB LANDING PAGE LINK ACCESS TIMES THROUGH PRELIMINARY FUNCTIONS DURING PAGE DEPLOYMENT - Making redirection from links selected in the landing page to a selected page to a selected page or site more effective and faster by performing functions at the Web site providing the landing page during the deployment of the landing page.04-11-2013
20130091355Techniques to Prevent Mapping of Internal Services in a Federated Environment - Techniques are provided for securely providing protected information within an enterprise network to a service provider located outside of the enterprise network. An identity provider device hashes an address associated with protected information within an enterprise network to obtain a hashed address and maintains a mapping of the hashed address to the address associated with the protected information within the enterprise network. An assertion is sent to a service provider outside of the enterprise network, which contains the hashed address. The service provider receives a request, including the hashed address contained in the sent assertion, to access the protected information within the enterprise network. The service provider or other authorized party can then gain access to the protected information within the enterprise network by relating the hashed address to the address associated with the protected information within the enterprise network according to the mapping.04-11-2013
20130091357DATABASE MANAGEMENT SYSTEM AND ENCRYPTION METHOD PERFORMED IN DATABASE - A database management system (DBMS) performs encryption in a DB. The system receives authentication authorization regarding a security policy of the DB from an external encryption unit that is separated from the DB and performs encryption. Important data in a column unit is selectively encrypted and an encrypted comparison code (ECC) of the important data is generated inside the DB. The encrypted important data and the corresponding ECC is generated as a single encryption data type.04-11-2013
20130097422METHOD AND SYSTEM FOR AUTHENTICATING PEER DEVICES USING EAP - A system and method for authenticating a peer device onto a network using Extensible Authentication Protocol (EAP). The key lifetime associated with the keying material generated in the peer device and the authentication server is communicated from the authenticator to the peer device within the EAP Success message. The peer device, having been provided with the key lifetime, can anticipate the termination of its authenticated session and initiate re-authentication prior to expiry of the key lifetime.04-18-2013
20130103946Location-aware Mobile Connectivity and Information Exchange System - A computer platform and method for managing secure data transactions between user accounts on a server, based on the respective locations of mobile user devices related to the user accounts, where the user devices create a secured mobile communication cloud between themselves to ensure secure data communications.04-25-2013
20130103945ENCRYPTING DATA OBJECTS TO BACK-UP - Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.04-25-2013
20130103944Hypertext Link Verification In Encrypted E-Mail For Mobile Devices - A method, device and computer readable memory are provided for verifying hypertext links in an encrypted e-mail message to be sent to a mobile device to remove links that may contain malicious programs, link to a phishing website, or potentially comprise security of the mobile device or expose the user to unsafe sites or content. The hypertext links are extracted by decrypting the encrypted e-mail message. The hypertext links from the decrypted e-mail message are extracted and for each link the status is determined to verify the link. Actions can then be performed based upon the determined status of respective extracted hypertext links.04-25-2013
20130103943DISPLAYING PRIVATE INFORMATION USING ALTERNATE FRAME SEQUENCING - Private information can be displayed using alternate frame sequencing to prevent unauthorized viewing. The private information can be ascertained by an authorized user using an active shutter viewing device synchronized to the alternate frame sequencing display. Private information can be displayed on a portion of the display, while public information, including a basic user interface, can be displayed on a second portion visible to authorized and unauthorized users. For enhanced security, alternate frame sequencing synchronization parameters can be encrypted and exchanged between a display device and the viewing device. When and where to display private information using alternate frame sequencing can be determined using environmental sensors. A single display screen can be configured to simultaneously present private information to multiple users, each user permitted to view a portion of the private information according to the unique synchronization parameters employed by a user's viewing device.04-25-2013
20130103942SYSTEM AND METHOD FOR PSEUDO-RANDOM POLYMORPHIC TREE CONSTRUCTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data via a pseudo-random polymorphic tree. A server, using a seed value shared with a client device, generates a tag stream according to a byte-string algorithm. The server passes the tag stream and the data to be transmitted to the client device through a pseudo-random polymorphic tree serializer to generate a pseudo-random polymorphic tree, which the server transmits to the client device. The client device, using the same seed and byte-string algorithm, generates the same tag stream as on the server. The client passes that tag stream and the received pseudo-random polymorphic tree through a pseudo-random polymorphic tree parser to extract the data. Data to be transmitted from the server to the client device is hidden in a block of seemingly random data, which changes for different seed values. This approach obfuscates data and has low processing overhead.04-25-2013
20130124862System And Method For Digital Rights Management With Secure Application-Content Binding - Various embodiments of a system and method for digital rights management with secure application-content binding are described. Various embodiments may include a system configured to decrypt an encrypted application key with a private key. The system may also be configured to decrypt an encrypted application including a binding key with the decrypted application key. The system may also be configured to decrypt an encrypted content key with the binding key from the decrypted application. The system may be further configured to decrypt encrypted content with the decrypted content key. In various embodiments, the system may also be configured to consume the decrypted content with the decrypted application.05-16-2013
20130124864METHOD FOR IMPORTING RIGHTS OBJECT AND RIGHTS ISSUER - A method for importing or moving a rights object (RO) is provided, a rights issuer (RI) receives a request message of importing or moving an RO to a target device, the request message including key information encapsulated by a public key of the target device; the RI generates the RO according to the request message, the RO including the key information encapsulated by the public key of the target device; and the RI provides the RO for the target device. An RI is also provided. In the present invention, the key information encapsulated by the public key of the target device is provided for the RI, and the real key is hidden from the RI, such that the un-trust RI cannot generate the illegal RO for other devices except the target device, thereby enhancing the security of importing or moving the RO through the RI.05-16-2013
20130124863SYSTEMS AND METHODS FOR SECURE COMMUNICATION USING A COMMUNICATION ENCRYPTION BIOS BASED UPON A MESSAGE SPECIFIC IDENTIFIER - An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by assembling the message specific identifier from one or more attributes associated with the message and the first device. An encryption key request is transmitted to a server, wherein the encryption key request is based upon the message specific identifier. An encryption key is received from the server, wherein the encryption key is based on the message specific identifier and a random character set. The message is encrypted using the received encryption key and the encrypted message is sent to the second device.05-16-2013
20130132721Method and Apparatus for Providing a Key Certificate in a Tamperproof Manner - A method and a server are configured to provide, in a tamperproof manner, a key certificate for a public device key of a user device, which is installed for a user, by means of a server belonging to a service provider who provides the user with a service via the user device, wherein the server provides the user device with the key certificate if a signing request message received by the user device is successfully verified by the server using a one-time password generated for the user device by the server.05-23-2013
20130145160SYSTEM AND METHOD FOR MOUNTING ENCRYPTED DATA BASED ON AVAILABILITY OF A KEY ON A NETWORK - A system and a method are provided for retrieving decryption keys from a secure location that is separate from the encrypted data. In particular, for each decryption key, there is an associated key ID, public and private authentication key pair and a storage key. The decryption key is encrypted and can be decrypted with the storage key. A key-server securely stores the encrypted decryption key, key ID and public authentication key. A separate key-host stores the storage key, key ID and private authentication key. For the key-host to retrieve the encrypted decryption key, the key-server first authenticates the key-host using the authentication keys. Upon receipt of the encrypted decryption key, the key-host decrypts the encrypted key using the storage key. The decryption key is then used for decrypting the encrypted data.06-06-2013
20130145163NEAR FIELD REGISTRATION OF HOME SYSTEM AUDIO-VIDEO DEVICE - A near field communication (NFC) sticker which stores a key is attached to a new client device. A remote commander in a home network reads the key using a NFC interface and IR-transmits it to a home network server. Once the client is connected to the network, it encrypts its own device information with the key and sends the encrypted information to the server, which decrypts the data with the key sent from the remote commander. In this way, client device registration is executed easily and securely.06-06-2013
20110225422METHOD AND APPARATUS FOR REPORTING AUDIENCE MEASUREMENT IN CONTENT TRANSMISSION SYSTEM - A method and apparatus for reporting a consumption time of a service or content in Audience Measurement (AM), which measures a user consumption pattern of the service or the content is provided. A method for reporting a consumption time of the service or the content in a terminal of a content transmission system includes receiving an encryption key for encrypting the service or the content from a broadcasting server and transmitting a message requesting interpretation of the encryption key to a smart card. The message includes consumption time information of the service or the content.09-15-2011
20110252235Method of machine-to-machine communication - In one embodiment, the method includes encrypting, at a device, data with a first key, and forming a message that includes a device identifier and the encrypted data. The device identifier identifies the device. A signaling message is formed that includes a class identifier, the message and an action code. The class identifier identifies a group of devices to which one or more devices belong. The action code indicates the type of data, and may be part of the message. The signaling message is sent to a network, for example, a wireless network. The wireless network identifies and routes the message portion of the signaling message based on the class identifier. And, using the class identifier and perhaps a device identifier, the wireless network may signal the device to change an operating parameter.10-13-2011
20110238986ADAPTIVE CERTIFICATE DISTRIBUTION MECHANISM IN VEHICULAR NETWORKS USING VARIABLE INTER-CERTIFICATE REFRESH PERIOD - A method for improving the reliability and performance of Vehicle-to-Vehicle (V2V) networks where digital certificates are necessary for message authentication and some messages may be lost in transmission. The method uses a variable inter-certificate refresh period to optimize communications throughput based on network conditions such as node density and bandwidth saturation. In some network conditions, the inter-certificate refresh period may be increased, such that more certificate digests are sent between full digital certificates, to decrease average message size. In other network conditions, the inter-certificate refresh period may be decreased, to allow for more frequent message authentication by receiving nodes. Empirical data and an adaptive controller are used to select the refresh period which will provide the best performance based on network conditions.09-29-2011
20110258441Secure Access to a Virtual Machine - A method for providing secure access to a virtual machine includes dispensing an image corresponding to a virtual machine from a management appliance to a distributed computing system such that the virtual machine is implemented by at least one of a plurality of interconnected physical computing devices in the distributed computing system; establishing a trusted relationship between the management appliance and the virtual machine; and providing a user with access to the virtual machine from the management appliance without further authentication credentials from the user.10-20-2011
20130151852METHOD, DEVICE AND SYSTEM FOR AUTHENTICATING GATEWAY, NODE AND SERVER - A method, device and system for authenticating gateway, node and server are provided in this invention. The node receives a message sent by a gateway, wherein the message comprises a number T06-13-2013
20130151851System, Apparatus and Method for Enabling/Disabling Display Data Channel Access to Enable/Disable High-Bandwidth Digital Content Protection - A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, the switch dynamically switches to a closed position in order to enable the at least one source to authenticate with the input card and the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the switch switches dynamically to an open position in order to disable the at least one source from authenticating with the input card, therefore the output card also does not attempt to authenticate with the at least one sink for security protocol encryption.06-13-2013
20100293375METHOD FOR THE REMOTE ANALYSIS OF A COOKING APPLIANCE, AND A COOKING APPLICATION FOR CONDUCTING SAID METHOD - The invention relates to a method for storing data in a memory of a cooking appliance and/or for reading data from the memory of the cooking appliance, wherein the cooking appliance comprises at least one interface to a server. In a first step, data of the cooking appliance is stored in the memory, and in a second step, following authentication by the server in relation to the cooking appliance, data is read from the memory by the server via encoded data transmission. The invention further relates to a cooking appliance, comprising at least one memory, a user interface, and at least one interface to at least one server in order to carry out such a method for the purpose of transmitting data between the memory and at least the server.11-18-2010
20100318797SECURE DATA GATHERING FROM RENDERED DOCUMENTS - A facility for securing text captured from a rendered document is described. The facility receives data including an encryption of text captured from a rendered document. The facility decrypts the captured text included in the received data.12-16-2010
20100318796METHOD AND SYSTEM FOR SECURING WIRELESS COMMUNICATIONS - A method for transmitting an encrypted signal to a wireless transmit/receive unit (WTRU) such that decryption of the encrypted signal depends on a trust zone associated with the WTRU is disclosed. The encryption may be performed using hierarchical modulation, scrambling, authentication, location validation, or a combination thereof. The size of a trust zone may also be adjusted.12-16-2010
20100318795BLOOM FILTER BASED DEVICE DISCOVERY - Aspects describe enabling two peers that have already paired together under some circumstances to re-identify themselves under different circumstances so that the peers can bypass performing another pairing only to discover that they are already paired. A Bloom filter is constructed from an available pool of locally selected identifiers and is sent to a peer node in a first message. Upon receiving the message with the Bloom filter, peer node checks all its known identifiers. If peer node finds that one of its identifiers is a member of the Bloom filter, peer node sends a reply in order to achieve a mutual identification.12-16-2010
20120284516CROSS-DOMAIN COLLABORATIVE SYSTEMS AND METHODS - The present disclosure relates to systems and methods for secure and authentic electronic cross domain collaboration between a plurality of users using a combination of biometric security, a separate and secure network infrastructure, management processes, encrypted electronic storage, and collaborative templates. In an exemplary embodiment, an cross domain collaboration system includes a server including a network interface connected to the Internet, a data store including electronic data storage, and a processor, wherein each of the network interface, the data store and the processor are communicatively coupled, and wherein the network interface, the data store and the processor are collectively configured to: biometrically authenticate a plurality of users, wherein each of the plurality of users comprises a security level and a domain; and enable cross domain collaboration between the plurality of users based on the security level of each of the plurality of users.11-08-2012
20120284513RENDER SERVICE FOR REMOTE ACCESS TO APPLICATIONS - The present disclosure relates to providing remote access to applications with an increased level of security. A server for providing access to applications is provided, as well as a method therefor, comprising an input channel and an output channel to connect a client with said server, an interface coupled to said input channel and an application, said interface to receive input data from said client via said input channel and to communicate said received input data to the application, and a renderer coupled to said output channel and said application, said renderer to render the output of said application into a data stream to be transferred via the output channel to the client, wherein the input data and the data stream are both encrypted.11-08-2012
20120284515COPYRIGHT PROTECTION DATA PROCESSING SYSTEM AND REPRODUCTION DEVICE - A content protection data processing system and a playback device determine whether to permit playback of a content recorded in a recording medium, based on a type of the recording medium and a signature type of a signature attached to a program. Additionally, the content protection data processing system and the playback device switch a procedure relating to a digital signature for each signature type of the digital signature, which enables both the protection of the copyright of the content and the efficient manufacturing of commercial ROM media.11-08-2012
20120284514MANAGING DATA FOR AUTHENTICATION DEVICES - Methods, systems, and computer programs for managing authentication data for an authentication device are disclosed. An authentication device may be included, for example, in a mobile device battery so that the battery can be authenticated by a mobile device. In some implementations, encrypted certificate data are stored on an authentication device. The encrypted certificate data are accessed, and unencrypted certificate data are generated by decrypting the encrypted certificate data. The unencrypted certificate data are stored on the authentication device. The unencrypted certificate data enable the authentication device to provide a valid reply message, for example, in response to receiving an interrogation message from an interrogation device. In some implementations, the reply message includes the unencrypted certificate data and a response value generated by the authentication device based on a secret value.11-08-2012
20120284512RURAL SERVICES PLATFORM - A middleware platform is executable by a computer to receive a request for a service, the service provided by a service application in communication with the middleware platform. The middleware platform determines, via a device adaptation component of the middleware platform, capabilities of a device subject to the request. The middleware platform selects an interface having a format that is compatible with the capabilities of the device, and provides the interface to the device in a format corresponding to the capabilities, accesses the service application responsive to the request, processes the request, and returns a response, via the interface, to the device responsive to the processing.11-08-2012
20120284511Method and Apparatus for Transmitting Bulk Emergency Data while Preserving User Privacy - Systems and methods are described for performing bulk transmissions of information (e.g., emergency information, etc.) while preserving user privacy. An example mobile device described herein includes an information aggregation module configured to compile first information associated with the device, the first information including location-related information, an encryption module communicatively coupled to the information aggregation module and configured to encrypt the first information using at least one session key, and a transmitter communicatively coupled to the encryption module and configured to transmit encrypted first information to at least one receiver prior to a triggering event and to transmit the at least one session key to the at least one receiver after the triggering event.11-08-2012
20130185556SYSTEM AND METHOD FOR SECURE COMMUNICATION - A system and methods for secure communication are disclosed. A network packet comprising encrypted network address comprising an unencrypted network address encrypted by a first GPS time and a first pseudo random number is received. The encrypted network address is decrypted using the first GPS time and the first pseudo random number to provide the unencrypted network address. The network packet is transmitted based on the unencrypted network address.07-18-2013
20130185558System and Method for Enabling Seamless Transfer of a Secure Session - An information handling system includes a memory and a processor to execute instructions stored in the memory, which causes the processor to at least: send identification information to a second information handling system in response to an identification request broadcast from the second information handling system via a short-range communication; receive first authentication information for a local application and a remote service from the second information handling system; receive a copy of the local application; authenticate a user for the copy of the local application and for the remote service prior to the user logging on to the information handling system; receive second authentication information from the user to access the information handling system; authenticate the user to the information handling system; and automatically initiate a secure session between the copy of the local application and the remote service when the user is authenticated to the information handling system.07-18-2013
20130159714MEASUREMENT PROBE SYSTEMS FOR CO-ORDINATE POSITIONING APPARATUS - A measurement probe, such as a touch trigger measurement probe, is described that comprises a measurement portion for measuring an object and a data transfer portion for receiving data from and/or transmitting data to an associated unit. The measurement device also comprises an authentication module for verifying the authenticity of the associated unit. The authentication module may include a processor for running a one-way hash algorithm. Authenticity may be established using a challenge and response authentication process.06-20-2013
20130159713AUTHENTICATION METHOD - An authentication method of a first module by a second module includes the steps of generating a first random datum by the second module to be sent to the first module, generating a first number by the first module starting from the first datum and by way of a private key, and generating a second number by the second module to be compared with the first number, so as to authenticate the first module. The step of generating the second number is performed starting from public parameters and is independent of the step of generating the first number.06-20-2013
20130159712SYSTEM AND METHOD FOR VERIFYING AND MANAGING DISTRIBUTION OF PRODUCTS - A system and method for verifying, validating and otherwise managing distribution of products and medicines reduces the instances of counterfeit medicines. A pharmaceutical company typically provides medicines/products to users either directly or through representatives for the pharmaceutical company. The products have associated identifying or authentication codes that are used to authenticate the validity of the medicine/product. The system encrypts and decrypts code data employing appropriate client- and server-based applications to securely manage and print the authenticating code data. A covert identification technique, such as a special ink or material can provide an additional level of security in authenticating the medicine to ensure it is not counterfeit. The special ink or material can be tested locally by the user or sent to a remote location for testing to ensure accuracy of the medicine/product.06-20-2013
20130159711Communication System and Method - Data can be transmitted from a user terminal to a decryption component over a network in a limited connectivity environment At the user terminal, the data can be received from a user. If it is determined that the data is sensitive data, the data is encrypted using a secure encryption key. A packet is generated based on a tunneling protocol. The packet includes command data and encrypted sensitive data. The command data includes an address of a network component, command and command identifier. The command identifies that the secure encryption key has been used to encrypt the sensitive data. At the network component identified in the address, the packet is received at a first port; the command is read; the packet is forwarded via a second port to the decryption component for decryption; and a response packet is forwarded, including a response and the command identifier, to the user terminal.06-20-2013
20130159710SYSTEM AND METHOD FOR KEY MANAGEMENT FOR ISSUER SECURITY DOMAIN USING GLOBAL PLATFORM SPECIFICATIONS - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key management for Issuer Security Domain (ISD) using GlobalPlatform Specifications. A client receives from a server an authorization to update a first ISD keyset. The client encrypts, via a client-side secure element, a second ISD keyset with a server public key. The client sends the encrypted second ISD keyset to the server for updating the first ISD keyset with the encrypted second ISD keyset. Prior to updating, the client generates the first ISD keyset at a vendor and sends the first ISD keyset to the client-side secure element and sends the first ISD keyset encrypted with the server public key to the server. The disclosed method allows for updating of an ISD keyset of which only the client-side secure element and a server have knowledge.06-20-2013
20130159709SESSION COMPLETION THROUGH CO-BROWSING - A method, system and computer program product for session completion through co-browsing is claimed. The method can include establishing a content browsing session between a first computing device and a content server serving access to content to the first computing device and maintaining state data for the content browsing session. A co-browsing arrangement of the content can be created as between the first computing device and a second computing device and at least a subset of the state data can be cloned for use by the second computing device during co-browsing of the content. Thereafter, a modified form of the subset of the state data can be received from the second computing device resulting from the co-browsing of the content by the second computing device and the modified form of the subset of the state data can be provided to the first computing device for use during the content browsing session.06-20-2013
20130185557Detection of Invalid Escrow Keys - A secure hash, such as a Hash-based Message Authentication Code (“HMAC”), is generated using a piece of secret information (e.g., a secret key) and a piece of public information specific to each escrow key (e.g., a certificate hash or public key). Using the secret key ensures that escrow key validation data can only be generated by knowing the secret key, which prevents an attacker from generating the appropriate escrow key validation data. Using the certificate hash as the public data ties each escrow key validation data to a particular certificate, thereby preventing the attacker from simply copying the validation data from another escrow key. Any escrow key that is found to be invalid may be removed from the file container and a system audit log may be generated so that a company, individual, or other entity can be aware of the possible attempt at a security breach.07-18-2013
20130185559SECURE COMMUNICATIONS BETWEEN DEVICES - A method of establishing secure communication between a first mobile computing device and a second mobile computing device includes generating a first self-signed key at the first mobile computing device, pairing the first device with a second device, the pairing including receiving user input of a passcode and after receiving the user input sending the first public key to the second mobile computing device and receiving a second public key from the second mobile computing device, storing the second public key in a database of trusted devices, the database of trusted devices being stored in the first mobile computing device, receiving in the first mobile computing device a list of mobile computing devices connected to a mobile network, matching the list of mobile computing device against the database of trusted devices, and establishing secure communication between the first mobile computing device and the second mobile computing device.07-18-2013
20130185560METHOD AND ARRANGEMENT FOR PROVISIONING AND MANAGING A DEVICE - A method, arrangement, and provisioning server in a Selected Home Operator (SHO) network for downloading a new Downloadable Universal Subscriber Identity Module (DLUSIM) to a communication device when the communication device changes from a first operator network to the SHO network. A manager of the communication device registers with the SHO network and transfers K07-18-2013
20110314283E-MAIL CERTIFICATION SERVICE - A method is provided to handle an electronic mail message such that the receiver of the e-mail message can verify the integrity of the message. A request is provided from a sender's side to a service. The request includes information regarding the e-mail message. The service processes at least a portion of the request to generate a result. For example, the service may encrypt the portion of the request, according to a public/private key encryption scheme, to generate a digital signature as the result. The service provides the result to the sender's side. At the sender's side, the result is incorporated into the e-mail message and the result-incorporated message is transmitted via an e-mail system. At the receiver's side, the result-incorporated e-mail message is processed to assess the integrity of the received e-mail message.12-22-2011
20110314282CONTENT TRANSMISSION APPARATUS, CONTENT RECEPTION APPARATUS AND CONTENT TRANSMISSION METHOD - A content transmission apparatus including: an authenticator configured (i) to perform authentication, (ii) to share an authentication key, (iii) to request transmission range acknowledgement and authentication information, (iv) to receive a response, and (v) to share an exchange key; an encryptor to encrypt based on the exchange key; and a timer measuring a time interval between transmission of said request for transmission range acknowledgement and reception of a response; wherein, said authenticator measures said time interval using said timer, and if a time measurement value exceeds a predetermined value, said authenticator does not share said exchange key; and wherein, said response of said request for transmission range acknowledgement includes a data generated based on said authentication information and said authentication key, and if said data is incorrect, said authenticator does not share said exchange key.12-22-2011
20110314281METHOD AND SYSTEM FOR SECURING COMMUNICATION - A method for securing communication among members of a group. The method includes a first member obtaining a first secret. An n-bit generator executing on the first member generates a first message digest using the first secret. The first member extracts a first encryption solution and a second encryption solution, at least in part, from the first message digest, encrypts a first communication using the first encryption solution to obtain a first encrypted communication, and sends, to a second member of the group, the first encrypted communication. The first member further receives, from the second member, a second encrypted communication, and decrypts the second encrypted communication using the second encryption solution to obtain a second communication.12-22-2011
20110314280HEALTH CARE SYSTEM - A measurement device (12-22-2011
20130191636STORAGE DEVICE, HOST DEVICE, AND INFORMATION PROCESSING METHOD - A storage device includes a storage module, an authentication process execution module, an encryption processor and a security setting module. The storage module stores an encryption key, a flag indicating whether the encryption key can be used, a password used for authentication associated with the encryption key and the flag, and user data. The authentication process execution module uses a password to authenticate a connected host device. The encryption processor uses an encryption key stored being associated with a flag indicating permission to use the encryption key in accordance with an instruction from the host device, and encrypts user data received from the host device or decrypts the user data stored in the storage module. On encryption or decryption, the security setting module changes the setting of a flag stored being associated with the encryption key used for the encryption or the decryption.07-25-2013
20130191635WIRELESS AUTHENTICATION TERMINAL - A wireless authentication terminal that connects to a network via a wireless base station, the wireless authentication terminal comprises a communication unit that performs communication compliant with IEEE802.15.4, an authentication processing unit that transmits and receives communication messages and performs authentication processing for connecting to a network, a filter processing unit that changes the communication messages allowed to pass through between the communication unit and the authentication processing unit, an encryption level determination unit that determines a level at which the communication unit encrypts the communication message, and a control unit that controls an operation state of the filter processing unit and the encryption level determination unit based on the phase of the authentication processing in the authentication processing unit.07-25-2013
20130191637METHOD AND APPARATUS FOR AUTHENTICATED ENCRYPTION OF AUDIO - The invention provides for a method of encoding data and a method for decoding encrypted and authenticity protected data. Furthermore, the invention provides for an encoding and a decoding equipment. For encoding the data is encrypted by using AES encryption (07-25-2013
20130191638SYSTEM AND METHOD FOR SECURE TWO-FACTOR AUTHENTICATED ID-BASED KEY EXCHANGE AND REMOTE LOGIN USING AN INSECURE TOKEN AND SIMPLE SECOND-FACTOR SUCH AS A PIN NUMBER - A system and method of authenticated ID-based key exchange and remote login with insecure token and PIN number can provide an authenticated key agreement protocol based on an elliptic curve bilinear type-3 pairing. A server acts as an Authentication Service to Clients and a Trusted Authority (TA) issues identity based secret numbers to Clients and Authentication Services. Included in the system and method is the capability for the Client to split their secret number into two parts, a Client selected PIN number, and the larger number, the Token.07-25-2013
20110320812INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device includes: a memory having a protected area which is a data recording area in which access restriction is set; and a data processing unit that determines accessibility in response to a request for accessing the protected area from an access requesting device, wherein the data processing unit verifies a device certificate received from the access requesting device and determines accessibility to the protected area based on access control information recorded in the device certificate.12-29-2011
20120005479GROUP BASED COMPLETE AND INCREMENTAL COMPUTER FILE BACKUP SYSTEM, PROCESS AND APPARATUS - The present invention is capable of determining the rights to a file based on providing a descriptor. The descriptor can be calculated using an algorithm, which may be cryptographic and/or non-cryptographic. The descriptor may further be based on the file contents, metadata of the file, other file data, or any combination thereof to uniquely identify the file in a shared file repository. Since the descriptor is generated based on file data it will be the same regardless of which user generates it. Accordingly, only one copy of the file needs to be maintained in the shared file repository, thereby reducing the amount of network bandwidth required to assure the file is backed up and further reducing the amount of storage required to backup the files. This results in a vastly more efficient method of backup in terms of processing time, network bandwidth, and storage requirements.01-05-2012
20120011362System and Method for Performing Device Authentication Using Key Agreement - A system and method are provided which employs a key agreement scheme, wherein the agreed-upon-shared key is used in a protocol message in the authentication rather than being employed as a session key.01-12-2012
20120023331MECHANISM FOR INTERNAL PROCESSING OF CONTENT THROUGH PARTIAL AUTHENTICATION ON SECONDARY CHANNEL - Embodiments of the invention are generally directed to performing processing of content through partial authentication of secondary channel. An embodiment of a method includes performing a first authentication between a source transmitting device and a sink receiving device for communication of data streams, and performing a second authentication between the source transmitting device and a bridge device such that the second authentication is independent of the first authentication and the sink receiving device remains uninfluenced by the second authentication. The bridge device includes an intermediate carrier device coupled to the source transmitting device and the sink receiving device. The method further includes transmitting a data stream having encrypted content from the source transmitting device to the bridge device.01-26-2012
20120030466RELAY DEVICE, WIRELESS COMMUNICATIONS DEVICE, NETWORK SYSTEM, PROGRAM STORAGE MEDIUM, AND METHOD - A relay device first uses latest authentication data to determine whether request-authentication data transmitted from a wireless communications device is valid. If the latest authentication data is used to determine that the request-authentication data is valid, the relay device carries out relayed communications with the wireless communications device. If the latest authentication data is used to determine that the request-authentication data is invalid, the relay device next uses a former authentication data to determine whether the request-authentication data is valid. If the former authentication data is used to determine that the request-authentication data is valid, the relay device provides the wireless communications device with the latest authentication data to update authentication data in the wireless communications device.02-02-2012
20120030465Indirect Pairing of Communication Devices - A method for establishing a communication link between two devices, the communication link employing a protocol that provides for link establishment information sufficient for establishing a link between two devices to be negotiated between those devices; the method comprising: establishing communication links between each of the two devices and one or more further devices; transmitting from the one or more further devices to each of the two devices information that defines link establishment parameters for a link between the two devices; and establishing the link between the two devices using the defined link establishment parameters.02-02-2012
20130198516METHODS AND SYSTEMS FOR PAIRING DEVICES - A method of pairing an unregistered device with a virtual identity may include, at a first repository: receiving a request from the unregistered device, sending a pairing code and an identifier to the unregistered device, receiving the pairing code from a registered device, and sending the identifier to the registered device. The method may also include, at a second repository, receiving the pairing code and secret information from the registered device, receiving the pairing code in a transmission associated with the unregistered device, associating the unregistered device with the virtual identity using the pairing code, and sending the secret information to the unregistered device.08-01-2013
20130198515INFORMATION PROCESSING DEVICE, COMPUTER PROGRAM, AND INFORMATION PROCESSING SYSTEM - An information processing device including a receiving unit that receives a first random number from another information processing device; a generating unit that generates a second random number; a time-variant-key generating unit that generates a time variant key for encryption according to the second random number; an encrypting unit that encrypts the first random number with the time variant key; and a transmitting unit that transmits the first random number encrypted by the time variant key and the second random number to the other information processing device.08-01-2013
20130198517Enabling Ad Hoc Trusted Connections Among Enclaved Communication Communities - The present invention is directed to systems and methods for establishing an electronic communications connection between secure communities. A secure community includes a collection of communication resources having an administrator that maintains control over the secure community. In an embodiment, a system for establishing an electronic communications connection between two or more secure communities includes a community gateway controller, an identification module, a secure community database configured to store secure community information, and an encryption compatibility module configured to determine a media transmission encryption scheme for a connection between a host secure community and a second secure community. Upon receipt of a request to establish the connection between secure communities, the community gateway controller determines whether to grant the request based on information stored in the secure community database and assigns a media transmission encryption scheme for the connection based on the determination made by the encryption compatibility module.08-01-2013
20130198513ENCRYPTION METHOD AND SYSTEM FOR NETWORK COMMUNICATION - Provided are devices and methods for data encryption and securely transmitting data over a network. The methods can include receiving a request to retrieve a message encrypted with an object key, which is encrypted with a public key from a public/private key pair associated with the recipient, decrypting the encrypted message by decrypting the object key with the private key, and delivering or displaying the message to the recipient.08-01-2013
20130198514SECURE NETWORK ACCESS - The present invention relates to a system and method for facilitating access to secure network sites, such as sites providing secure financial information. An active software agent is utilized to fetch passwords and user identifiers from a user computing system and to use the passwords and identifiers to extract required information from the secure site. The password sites and identifiers are encrypted and an encryption key is stored at a network mode remote from the user's computer and is fetched in order to enable the passwords and identifiers to be decrypted so that the active agent can use them to obtain the required information.08-01-2013
20120036359THIRD PARTY VPN CERTIFICATION - A virtual private network (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices.02-09-2012
20120066497METHOD AND DEVICE FOR ENABLING PORTABLE USER REPUTATION - The present invention relates to a method and a device adapted to determine at a party whether a set comprising at least one user pseudonym is associated with a user, wherein each of the user pseudonyms in the set is associated with the user at a service portal. At the party, for each of the user pseudonyms comprised in the set, a publicly available first coded string associated with the user pseudonym is retrieved from the service portal associated with the user pseudonym, wherein each of the first coded strings has been generated on the basis of a first secret unique to said first coded string. The user's knowledge of the first secrets associated with the respective first coded strings is verified by means of a first cryptographic protocol for interacting with the user, wherein the first protocol is adapted to utilize the first coded strings.03-15-2012
20120066496Sending Protected Data in a Communication Network - A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data.03-15-2012
20120066495MOBILE CONTENT DELIVERY OPTIMIZATION - A device receives, from a target user device, a request for encrypted content, where the request is sent via a wireless access network. The device identifies a donor user device that is available to provide the encrypted content via a local wireless network connection, where the donor user device has previously downloaded the encrypted content. The device sends, to the target user device and/or the donor user device, instructions to establish a peer-to-peer connection, via the local wireless network, to provide the encrypted content to the target user device, where the encrypted content is decrypted by the target user device using a license key provided over a different network than the local wireless connection.03-15-2012
20130205136METHODS AND SYSTEMS FOR SECURE IDENTITY MANAGEMENT - A method for authorizing a virtual identity using an access device may include sending, from an access device, a request to a resource through a network. The method may also include accessing a resource challenge that is acceptable to the resource and sending the resource challenge to an identity repository. The method may additionally include receiving, from the identity repository, a first signed resource challenge and signing the resource challenge to generate a second signed resource challenge. The method may further include sending an authorization for the virtual identity to the resource through the network. The authorization may include the first signed resource challenge and the second signed resource challenge.08-08-2013
20130205137ZERO-KNOWLEDGE BASED AUTHENTICATION METHOD, SYSTEM, AND APPARATUS - In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host.08-08-2013
20120079273Biometric Key - A biometric key (03-29-2012
20120303955Security Association Management - A method and system for managing IPsec Security Associations in a Security Association Database (SADB) in an IP network is described. At a key management application, a domain extension header is inserted into a PF_KEY message containing instructions to a key engine unit. The domain extension header identifies a domain within the Security Association Database. The PF_KEY message is sent to the key engine unit, which carries out the instructions only for Security Associations in the domain of the Security Association Database indicated by the domain extension header.11-29-2012
20090144547AUTHENTICATION PROTOCOL - The invention relates to an authentication protocol for increasing safety against a man-in-the-middle (MITM) access attack for point-to-point communication (06-04-2009
20080263357Identity-based-encryption extensions formed using multiple instances of an identity based encryption scheme - IBE extensions to IBE schemes may be provided by creating multiple instances of the same IBE scheme, where each instance has an associated IBE master key and corresponding IBE public parameters. During encryption, an IBE extension identity for each instance of the IBE scheme may be mapped to a corresponding component identity. A message may be encrypted using the component identities to create multiple ciphertexts. The ciphertexts can be combined and sent to a recipient. The recipient can request a private key. The private key may be generated by mapping the IBE extension identity into a component identity in each instance, by extracting private keys for each of the component identities, and by combining the private keys into a single IBE extension private key.10-23-2008
20120089835System and Method for Automatic Authentication of an Item - A system, apparatus and method automatically authenticating an item. The media device includes a housing, a processor disposed within the housing, the item disposed within or attached to the housing, and a memory disposed within the housing. The memory stores computer readable instructions that when executed by the processor causes the processor to perform the steps: (a) obtaining the one or more identifiers from the item wherein the one or more identifiers includes a serial number or code; (b) transmitting the obtained identifier(s) to a server device for authentication; (c) receiving an authentication message from the server device; (d) continuing operation of the media device whenever the authentication message from the server device indicates that the item is authentic; and (e) performing one or more actions based on the authentication message whenever the authentication message from the server device indicates that the item is not authentic or cannot be verified.04-12-2012
20120096265Method and apparatus for communicating information between a security panel and a security server - A security panel includes a processor, memory, and a network interface having a unique MAC address, and is configured to communicate over a network with a server. A method for registering the security panel with the server includes contacting the server utilizing a network address stored in the memory. A dealer ID, a line number, and a unique account number is sent to the server. The dealer ID, the line number, and the unique account number are stored in the memory. An encryption key is received for encryption of additional communication between the security panel and the server. The unique MAC address is sent to the server in an encrypted session to verify the security panel to the server.04-19-2012
20120096264JAVA STORE TELEVISION - A non-transitory computer readable storage medium including computer readable code that, when executed by a processor, is configured to receive, from a user network device, a first request to execute an application on the user network device. The first request includes a user identification, routing information, and requested application information, encrypted using a public key. The user network device is configured to display the application on a television display device. The code is further configured to decrypt the routing information and requested application information using a private key, send a second request for subscription information to a service provider, receive the subscription information from the service provider, and determine that a license corresponding to the application is associated with the user. The code is further configured to generate and send an application package configured to deploy the application using a Java Runtime Environment on the user network device.04-19-2012
20120096263Security service control method and wireless local area network terminal - A security service control method and a WLAN terminal are provided, and the method includes: stopping a WPI service between a WLAN terminal and an AP when the WLAN terminal creates a security service of an IP layer and/or a layer above the IP layer, wherein the WPI service comprises: encrypting a data link layer message to be transmitted, and decrypting a received data link layer message. After the WPI service is stopped, when the WLAN terminal cancels the security service of the IP layer and/or the layer above the IP layer, the WLAN terminal completes processes of removing association, association, user authentication and key negotiation in turn with the WLAN AP, and uses a session key obtained through the key negotiation to recover the WPI service. The calculating resources can be saved by using the present invention.04-19-2012
20120096262System and method of generating encryption/decryption keys and encrypting/decrypting a derivative work - A derivative work is encrypted using master keys generated from source data extracted from digital sources used to create the derivative work. A software application permits a mix artist to encrypt and stream a derivative work to a worldwide web server, where it is made available to consumers. A software application permits the consumers to acquire and decrypt an encrypted derivative work if the consumer has possession of a corresponding digital source for each of the digital sources used to encrypt the derivative work.04-19-2012
20120096261METHOD AND APPARATUS FOR CONTROLLING ACCESS TO ENCRYPTED NETWORK COMMUNICATION CHANNELS - An apparatus and method are described for performing content filtering of encrypted network transactions. For example, in one embodiment, for an encrypted Internet transaction (such as an HTTPS transaction), a local cache lookup is performed using the network address of the requested Internet transaction to determine if name resolution data associated with the transaction is stored in a name resolution data cache. If name resolution data associated with the transaction is stored in the name resolution data cache, then the name resolution data is compared with a whitelist of acceptable Internet names. The requested Internet transaction is allowed only if a match is found between the name resolution data and one of the Internet names on the whitelist.04-19-2012
20130212390METHOD AND SYSTEM FOR AUTHENTICATING ENTITY BASED ON SYMMETRIC ENCRYPTION ALGORITHM - A method and a system for authenticating an entity based on a symmetric encryption algorithm are provided. The method includes the following steps: 1) an entity A sends an authentication request message to an entity B; 2) after receiving the authentication request message, the entity B sends an authentication response message to the entity A; 3) the entity A determines the validity of the entity B according to the received authentication response message. The implementation cost of the system can be reduced by using the authentication according to the invention.08-15-2013
20130212385UTILIZATION OF A PROTECTED MODULE TO PREVENT OFFLINE DICTIONARY ATTACKS - Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module.08-15-2013
20130212386Storage Access Authentication Mechanism - In embodiments according to the present invention an encryption switch is used to authorize access to LUNs from client VMs present in the cloud provider network. The encryption switch includes responder side software for an authentication protocol and an agent in the client VM includes the requestor side of the authentication protocol. The certificate of the client is securely provided to the encryption switch, which associates the client VM with the LUN. The client private key is securely provided to the client VM, which retains it only non-persistently. The client VM requests LUN access and performs an authentication handshake with the encryption switch. If successful the client VM than has access to the LUN. As the original certificate is linked to the client, if the client is itself a VM, should the client be moved to a different host, the certificate moves with it and LUN accessibility is maintained.08-15-2013
20130212387SYSTEM AND METHOD FOR DELIVERING A CHALLENGE RESPONSE IN AN AUTHENTICATION PROTOCOL - A system and method for authenticating a user that includes receiving an access-request of a network protocol at a challenge-response server; determining if an access-challenge message is required; delivering an active script component through a parameter of an access-challenge message of the network protocol when an access-challenge is required; receiving a challenge-response of a user; validating the challenge-response; and selectively sending an access-accept response for a valid challenge-response and sending an access-denied response for an invalid challenge-response.08-15-2013
20130212389ENTERPRISE COMPUTER INVESTIGATION SYSTEM - A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.08-15-2013