Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Mutual entity authentication

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

713168000 - Particular communication authentication technique

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20110179275TOOLS FOR GENERATING PKI EMAIL ACCOUNTS - The present invention provides systems and methods for allowing an Email User to create a Public Key Infrastructure (PKI) Email Account and thereafter to digitally sign, send, verify and receive PKI encrypted emails over a computer network, such as the Internet. The systems and methods preferably include a Web-based Email System and a Certificate Authority that coordinate their actions to make the process of creating, maintaining and using the PKI Account as easy as possible for the Email User. In a preferred embodiment, a Keystore System may also be used to enhance the management and use of digital keypairs.07-21-2011
20100058058Certificate Handling Method and System for Ensuring Secure Identification of Identities of Multiple Electronic Devices - The present invention relates to a certificate handling method and system for ensuring secure identification of multiple electronic devices and especially to a method and a system for autonomously creating, transferring, verifying, issuing and status checking (e.g. revocation status) of digital certificates for electronic communication. The present invention provides a certificate handling method, wherein the electronic devices can mutually authenticate each others identity without the use of a certificate authority and the identities of a first electronic device and a second electronic device are mutually authenticated using a personal area network to establish a trust relationship between the first electronic device and the second electronic device.03-04-2010
20100077213TRUSTED NETWORK CONNECT SYSTEM BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect (TNC) system based on tri-element peer authentication (TePA) is provided. An network access requestor (NAR) of an access requestor (AR) is connected to a TNC client (TNCC), and the TNCC is connected to and integrity measurement collector (IMC03-25-2010
20100042840CONTENT SHARING SYSTEM AND METHOD - According to an aspect of the invention, there is provided a content sharing system including a first device configured to acquire a right object; a second device configured to acquire a content of the right object from the first device; a session key generation unit provided in the first device and the second device and configured to generate a session key based on mutual authentication; a temporary right object generation unit provided in the first device and configured to generate a temporary right object from the right object by using the session key to supply the generated temporary right to the second device; and a content play unit provided in the second device and configured to receive the temporary right object to play the content of the right object acquired from the first device by using the temporary right object.02-18-2010
20100042839REDUCED COMPUTATION FOR BIT-BY-BIT PASSWORD VERIFICATION IN MUTUAL AUTHENTICATION - Authentication methods are provided that allow for superior security, power consumption, and resource utilization over existing authentication methods. By computing only two hashes of a shared secret password for each protocol run, the methods described in this disclosure dramatically reduce the computational power needed to perform authentication. Similarly, by exchanging these hashes bitwise or piecewise for verification, rather than performing new hashes including each bit of the password separately, the methods described in this disclosure reveal less information about the password being authenticated than existing methods. The methods described in this disclosure also allow for authentication using fewer messages and with lower latency, reducing the amount of operational power used in the authentication process.02-18-2010
20100042838Public Key Out-of-Band Transfer for Mutual Authentication - Methods for key exchange and mutual authentication are provided that allow for inherent authentication and secret key derivation of parties communicating through an unsecured medium. These methods allow for greater security than existing key exchange and authentication methods while requiring little or no additional energy or time compared with a basic Diffie-Hellman key exchange. These methods allow for secure communication with small, low-power devices and greater security for any devices communicating through an unsecured medium.02-18-2010
20100070767Method and system of secured direct link set-up (DLS) for wireless networks - Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key.03-18-2010
20090307492METHOD,SYSTEM AND NETWORK DEVICE FOR BIDIRECTIONAL AUTHENTICATION - A bidirectional authentication method, a system, and a network device, that relates to network information security are provided. The method may include: a network device configured to generate an inspection parameter according to a public key of the peer network device and a private key of the network device, the public key and the private key of the network device being generated according to an identifier of the network device. The network device may perform reciprocal authentication according to the inspection parameter generated by the network device and an inspection parameter sent by the peer network device. A system and a network device for bidirectional authentication are also provided herein. As such, extra calculation caused by certificate authentication may be reduced, and thus provide a more secure and reliable system having a simplified key management.12-10-2009
20090271624Authentication method, system, server, and user node - The embodiments of the present disclosure disclose an authentication method, a system, a server, and a user node are disclosed herein. The method includes: generating, by a server, a server session key according to the identity information, at least one login information parameter, and the validity period included in the login information, generating at least one session key parameter of a user node according to the generator point of the algebraic curve, and sending at least one session key parameter of the user node to the user node; generating, by the user node, a user node session key according to at least one session key parameter of the user node; performing, by the server and the user node, mutual authentication according to the session keys. The authentication solution under the present disclosure is simple and practicable, and is also applicable to authenticating the user node in a grid computing platform.10-29-2009
20090235074SYSTEM AND METHOD FOR PERFORMING A TRANSACTION - A system for performing a transaction comprises a terminal adapted to perform a transaction required by a user, user authentication means and a transaction server adapted to communicate with the terminal. The user authentication means comprise a first and a second authentication device adapted to communicate with the terminal through respectively a first communication channel and second communication channel and comprise storage means for storing respective first and second user authentication keys. The transaction server comprises storage means for storing, for each of the authentication devices, respective first and second server authentication keys. In particular, the first authentication keys are distinct from the second authentication keys.09-17-2009
20090235073Authentication method and communications system used for authentication - An authentication method authenticates between subscribers of a communications system using an asymmetric elliptic curve encryption algorithm. The method involves providing a first and at least one second subscriber having a first or second secret key known only to the respective subscriber and a public key; authenticating an inquiry transmitted by the first subscriber with respect to the validity of the first certificate contained therein and associated with the first subscriber; calculating the response of the second subscriber associated with the inquiry; randomized encryption of the calculated response and a second certificate associated with the second subscriber using the public key; decryption and authentication of the response transmitted by the second subscriber with respect to the validity of the second certificate contained therein.09-17-2009
20090013184Method, System And Apparatus For Protecting A BSF Entity From Attack - A method, system and apparatus for protecting a bootstrapping service function (BSF) entity from attack includes: obtaining a first temporary identity and a second temporary identity after a user equipment (UE) performing mutual authentication with the BSF entity, where the first temporary identity is different from the second temporary identity; by the UE, originating a re-authentication request to the BSF entity through the first temporary identity; and originating a service request to a NAF entity through the second temporary identity. The present disclosure prevents attackers from intercepting the temporary identity at the Ua interface and using the temporary identity to originate a re-authentication request at the Ub interface, thus protecting the BSF entity from attack and avoiding unnecessary load on the BSF entity and saving resources.01-08-2009
20090006850Computer system for authenticating a computing device - A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.01-01-2009
20080294898Mobile Terminal for Secure Electronic Transactions and Secure Electronic Transaction System - The present invention relates to a roaming electronic transaction terminal. It also relates to a secure system for electronic transactions comprising one or more roaming terminals. The terminal (11-27-2008
20110035593ESTABLISHING SECURE MUTUAL TRUST USING AN INSECURE PASSWORD - A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device's authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.02-10-2011
20100268951METHOD OF HANDOVER - A method for quickly performing a handover in a wireless access system is disclosed. The method for quickly performing a handover includes transmitting a handover request message to a serving base station (SBS), receiving a handover response message from the serving base station (SBS), and transmitting an uplink sequence generated by authentication-associated information of the serving base station (SBS) to a target base station (TBS). Therefore, a mobile station (MS) can complete the handover without exchanging a ranging message with the target base station (TBS), such that a communication interruption time can be minimized.10-21-2010
20100281259KEY AGREEMENT AND TRANSPORT PROTOCOL WITH IMPLICIT SIGNATURES - A key establishment protocol between a pair of correspondents includes the generation by each correspondent of respective signatures. The signatures are derived from information that is private to the correspondent and information that is public. After exchange of signatures, the integrity of exchange messages can be verified by extracting the public information contained in the signature and comparing it with information used to generate the signature. A common session key may then be generated from the public and private information of respective ones of the correspondents.11-04-2010
20100023766Computer Program Product and Computer System for Peer-to-Peer Communications - A protocol for secure peer-to-peer communications is established based on existing cryptographic techniques and encryption algorithms. The peers (01-28-2010
20100169644Message authentication code with elliptic polynomial hopping - The message authentication code with elliptic polynomial hopping provides methods for the generation of message authentication codes (MACs) utilizing elliptic curves, which are based on the elliptic curve discrete logarithm problem. The elliptic curve discrete logarithm problem is well known to be a computationally “difficult” or “hard” problem, thus providing enhanced security for the MACs. Different elliptic polynomials are used for different blocks of the same plaintext, each elliptic polynomial for each message block being selected at random using an initial secret key and a random number generator.07-01-2010
20100115276SYSTEM AND METHOD FOR DERIVATING DETERMINISTIC BINARY VALUES - Disclosed herein are systems, computer-implemented methods, and computer-readable media for deriving a deterministic binary value. The method consists of generating a graph from multiple inputs, formalizing the graph, calculating paths between starting and ending nodes in the graph using a shortest path algorithm and performing a digest operation based on the derived paths to generate a deterministic binary value. In another aspect of this disclosure, authentication is performed utilizing deterministic binary values and a graph-merging function. This method allows for diversity in complexity, thus maintaining security on different computer platforms.05-06-2010
20090150670Communication node authentication system and method, and communication node authentication program - [Problems] When two communication nodes communicate with each other they more reliably confirm that the communication party is a correct one.06-11-2009
20090319791ELECTRONIC APPARATUS AND COPYRIGHT-PROTECTED CHIP - According to one embodiment, a copyright-protected chip includes a selector which connects a host controller to a circuit in the copyright-protected chip, a second register in which a encrypted content key, decryption key generation information, and shared classified information stored in a storage device are stored, and a communication circuit which communicates with the host controller and transmits the encrypted content key and the decryption key generation information stored in the register to the host controller when an access module accesses content obtained by decrypting the encrypted content stored in a hard disk.12-24-2009
20110145578Actor node, sensor node, coverage block change method, parameter change method, program, and information processing system - An actor node according to the present invention includes a dynamic change unit for temporarily changing a coverage block in which data are obtained from a sensor node and temporarily causing another actor node to obtain, on behalf of the actor node, data from the sensor node arranged in a partial region of at least a portion of the coverage blocks. The dynamic change unit obtains identification information unique to the another actor node from the another actor node. The dynamic change unit notifies, to the sensor node arranged in the partial region, the obtained identification information. The dynamic change unit notifies, to the another actor node, a portion of the hash chain and a temporary key generated using the obtained identification information and the key used for communication with the sensor node arranged in the partial region.06-16-2011
20110252240Mobile Device Management - Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.10-13-2011
20090307491INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, PROGRAM AND COMMUNICATION SYSTEM - An information processing device includes: a data storage portion that can store user data used in a particular non-contact communication service and management information to manage the user data in different storage areas corresponding to different encryption methods and that has a first storage area storing management information corresponding to a first encryption method; an issuing information receiver that receives issuing information encrypted with the first encryption method from an issuing device delivering the issuing information to issue management information corresponding to a second encryption method; an issuing information decryption portion that decrypts the received issuing information with the first encryption method, based on the management information corresponding to the first encryption method stored in the first storage area; and a management information issuing portion that, based on the decrypted issuing information, issues the management information corresponding to the second encryption method and stores it in a second storage area.12-10-2009
20090132820Content data management system and method - Embodiments of the present invention provide a simplified authentication transaction for reconnecting a storage device to a host apparatus that has completed authentication in the past. According to one embodiment, an authentication log is recorded in the host. Plural units of this log information are recorded in the storage device. At the time of transferring a content decryption key and usage rules between the host and the storage device, the decryption key and usage rules are recorded into the host as a log for the transfer. The used authentication log is recorded into the storage device as RAPDI. If RAPDI indicates the authentication log in the simplified authentication transaction, recovery transaction is permitted. The host device deletes/invalidates or holds the log for the transfer in accordance with non-permission/permission. In the case of permission, the key and usage rules are recovered by using a log for the transfer prior to the simplified authentication transaction.05-21-2009
20080209216METHOD AND SYSTEM FOR AUTOMATED AUTHENTICATION OF A DEVICE TO A MANAGEMENT NODE OF A COMPUTER NETWORK - A first computer-based device is authenticated at a second computer-based device communicatively coupled thereto through use of a unique identifier and an encrypted token, each received from the first device. Following the authentication, configuration information for the first device is sent from the second device to the first device and the first device authorized to join a network that includes the second device. Further, permissions related to the network may be granted to the first device.08-28-2008
20080209215Method of Physical Authentication and an Electronic Device - The present invention relates to a method of physical authentication and an electronic device for implementing the method. According to the method of the present invention, using an operation control list stored in an electronic device, a valid user authenticates the operation implemented by the electronic device in a physical mode, by which a binding relationship is established between a valid user and the electronic device. The establishment of the binding relationship resolves not only the problem of identity authentication and exchange authentication in network exchange but also that of anti-virus of data storage device, thus the security of the user data is ensured. The method of the present invention comprises setting a corresponding relationship between the operation command and a physical authentication mode and using the physical authentication mode to implement an authentication when the operation command is performed. The electronic device comprises a microprocessor, an operation communication interface, a smartcard chip and an authentication implementing mechanism.08-28-2008
20080209214Method of Authentication Based on Polyomials - There is provided an authentication method for a system (08-28-2008
20110173448AUTHORIZATION OF SERVER OPERATIONS - An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.07-14-2011
20100005297MASHSSL: A NOVEL MULTI PARTY AUTHENTICATION AND KEY EXCHANGE MECHANISM BASED ON SSL - The present invention provides a method that allows three parties to mutually authenticate each other and share an encrypted channel. The invention is based on a novel twist to the widely used two party transport level SSL protocol. One party, typically a user at a browser, acts as a man in the middle between the other two parties, typically two web servers with regular SSL credentials. The two web servers establish a standard mutually authenticated SSL connection via the user's browser, using a novel variation of the SSL handshake that guarantees that a legitimate user is in the middle.01-07-2010
20100146276METHOD OF RECOVERING AND MANAGING SECURITY-RELATED INFORMATION FOR DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - A method of managing security-related information in a Downloadable Conditional Access System (DCAS) is provided. The method of managing security-related information in the DCAS, the method including: receiving a request for storage of identification information and security-related information from a target server, the security-related information being required to be securely maintained; transmitting a recovery key to the target server in preparation for a loss of the security-related information in the target server; receiving a request for recovery of the security-related information from the target server, when the security-related information is lost; encrypting the security-related information of the target server using the recovery key; and transmitting the encrypted security-related information to the target server.06-10-2010
20080276090System for Allocating a Chip Card to a Network Operator - A chip card needs to be allocated in a secured manner to a network operator via a personalization center in order to determine a final authentication key which is attributed to a subscriber of the operator without its being transmitted via a network. The following is loaded into a card by a module: an algorithm and an allocation key; an algorithm for determination of the authentication key and at least one intermediate authentication key. A module transmits an allocation message which includes a final identity number, a random number and an allocation signature from the center to the card. The card authenticates the message by means of the allocation algorithm as a function of the allocation key and the allocation signature, and determines the final authentication key as a function of the intermediate key and the random number.11-06-2008
20110208967MANAGEMENT APPARATUS AND COPYING APPARATUS - The management apparatus 10508-25-2011
20090150672METHOD AND APPARATUS FOR MUTUAL AUTHENTICATION IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed.06-11-2009
20090265556METHOD AND TERMINAL FOR AUTHENTICATING BETWEEN DRM AGENTS FOR MOVING RO - A digital Rights Management (DRM), and particularly an apparatus and method of authentication between DRM agents for moving Rights Object (RO) is provided, whereby RO and contents can be moved between DRM agents after a simple authentication therebetween using specific authentication information received from a Rights Issuer (RI), in case where the RO is moved in a user domain or among a plurality of DRM agents.10-22-2009
20120297193MTC DEVICE AUTHENTICATION METHOD, MTC GATEWAY, AND RELATED DEVICE - Embodiments of the present invention provide an MTC device authentication method, an MTC gateway, and a related device, which are used to solve a problem that direct interaction between a large quantity of MTC devices and a network side brings a heavy load to a network when the MTC devices are authenticated in the prior art. The method includes: performing, by an MTC gateway, mutual authentication with a core network node; performing, by the MTC gateway, mutual authentication with an MTC device; reporting, by the MTC gateway, a result of the mutual authentication with the MTC device to the core network node; and providing, by the MTC gateway, a non access stratum link protection key K between the MTC device and the core network node according to a key K11-22-2012
20100146275AUTHENTICATING A DEVICE WITH A SERVER OVER A NETWORK - The authentication of a device with a server over a network includes authenticating, by the device, the server so as to establish a secure connection with the server. The device communicates identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The server determines the credibility of the device using the identification information communicated by the device. In a case where the server determines that the device is credible, the server creates a first authentication token for the device, stores the first authentication token, and transfers the first authentication token to the device using the secure connection, and the device stores the first authentication token. The server authenticates the device using the first authentication token.06-10-2010
20080250245Biometric-based document security - Embodiments of methods and systems for securely transmitting electronic data are disclosed. One embodiment of a method includes a security server authenticating the identity of a sender utilizing a collection of biometric data obtained from the sender. A sender client encrypts electronic data with an encryption key obtained from the security server upon successful authentication. A data transmission server transmits the encrypted electronic data from the sender client to a receiver client. The document security server authenticates the identity of a receiver utilizing a collection of biometric data obtained from the receiver. The security server sends encryption information related to the encryption key to the receiver client upon successful authentication of the receiver. Finally, the receiver client decrypts the encrypted electronic data utilizing the encryption information.10-09-2008
20080270796SYSTEM AND METHOD FOR PROVIDING PROGRAM INFORMATION, AND RECORDING MEDIUM USED THEREFOR - A system for providing program information has a user terminal, a recording medium capable of reading information therefrom and writing information thereto through a command issued by the user terminal, and a server connected to the user terminal via a network, and provides program information from the server to the recording medium. The recording medium has a first control unit that performs a first mutual authentication operation with a first storage unit capable of writing program information thereto and the user terminal, and that executes a command to write program information to the first storage unit only if the first mutual authentication operation is successful. The user terminal performs a second mutual authentication operation with the server, obtains program information transmitted from the server if the second mutual authentication operation is successful, and issues a command to write the program information to the first storage unit of the recording medium.10-30-2008
20100146277SEMICONDUCTOR INTEGRATED CIRCUIT - The present invention aims to avoid a needless increase in cable wiring when a cipher key is shared between other electronic devices upon encrypted wireless communication. A semiconductor integrated circuit comprises a wireless communication control circuit for the encrypted wireless communication, a processing unit for managing the cipher key, and a power line communication circuit. The semiconductor integrated circuit is operated by a power supply voltage supplied externally to the power line communication circuit via a power line. The power line communication circuit is coupled to other electronic devices via the power line. The wireless communication control circuit communicates with the other electronic devices by the encrypted wireless communication. Before the semiconductor integrated circuit performs encrypted wireless communication with other electronic devices using the wireless communication control circuit, the semiconductor integrated circuit supplies information about the cipher key to other electronic devices via the power line communication circuit.06-10-2010
20100138657System and method for authenticating an end user - A method for authenticating an end user. The method starts by generating a first pattern in response to receiving an authentication request from the end user. Next, the method continues by generating a second pattern in response to receiving confirmation that the end user received the first pattern; the second pattern comprising multiple colored nodes. Then the method determines the authenticity status of the end user by comparing data sent by the end user with the second pattern. The end user having generated the data by overlaying a transparent credit card on top of the second pattern and selecting at least one node which displays a color other than black. Finally, the method sends the determined authenticity status to the end user via an output device.06-03-2010
20090164785METHOD FOR AUTHENTICATION IN A COMMUNICATION NETWORK - A method authenticates a first node to a communication network that includes a second node to which the first node desires to mutually authenticate. The method includes detecting a broadcast message from the second node and determining whether mutual authentication can be performed directly with the second node. When the first node is unable to mutually authenticate to the second node directly, the first node locates a node that can serve as an authentication bridge to authenticate the first node to the communication network.06-25-2009
20090144549COPYRIGHT PROTECTION PROCESSING APPARATUS AND COPYRIGHT PROTECTION PROCESSING METHOD - According to one embodiment, a copyright protection processing apparatus is provided in a source device containing content items that are objects of copyright protection. The apparatus includes a network interface which is connected to a sink device which utilizes the content items, and a protection process section which executes mutual authentication for exchanging keys requested by the sink device in a state where a network connection is established with the sink device via the network interface and performs a protection process of encrypting the content items by the secret key shared as a result of successful mutual authentication and transmitting the encrypted content items to the sink device. A content list process section adds an item of error information to the content list to be transmitted to the sink device, upon failure in the mutual authentication.06-04-2009
20090292920Device authentication in a PKI - A method for establishing a link key between correspondents in a public key cryptographic scheme, one of the correspondents being an authenticating device and the other being an authenticated device. The method also provides a means for mutual authentication of the devices. The authenticating device may be a personalized device, such as a mobile phone, and the authenticated device may be a headset. The method for establishing the link key includes the step of introducing the first correspondent and the second correspondent within a predetermined distance, establishing a key agreement and implementing challenge-response routine for authentication. Advantageously, main-in-the middle attacks are minimized.11-26-2009
20090259850Information Processing Device and Method, Recording Medium, Program and Information Processing System - An information processing device regarding which access to data held by the information processing device itself, in multiple regions, is requested from another information processing device, includes: an authenticating unit to perform authenticating processing of the other information processing device; a receiving unit to receive an access license ticket including an access code and a check digit; an access license ticket generating key generating unit to generate an access license ticket generating key, which is key information for computing a check digit using data held beforehand, a root key, an access control key, and other key information which is key information to manage data of a region other than the predetermined region, corresponding to an access code; check digit computing unit to compute a check digit corresponding to the access code described in the access license ticket; and access license ticket validating unit to validate the access license ticket.10-15-2009
20090259849Methods and Apparatus for Authenticated User-Access to Kerberos-Enabled Applications Based on an Authentication and Key Agreement (AKA) Mechanism - Methods and apparatus are provided for authenticated user-access to Kerberos-enabled applications based on an Authentication and Key Agreement mechanism. A user is first authenticated using an Authentication and Key Agreement mechanism based on a bootstrapping protocol that mutually authenticates the user and one or more servers; and, once the user is authenticated, the user is enabled to derive a session key and is provided with a first ticket to a Ticket Granting Server. The first ticket can establish an identity of the user and include the session key. The bootstrapping protocol can be based on a Generic Bootstrapping Architecture10-15-2009
20090144548AUTHENTICATION WHILE EXCHANGING DATA IN A COMMUNICATION SYSTEM - An apparatus and method is described for authentication while exchanging data in a communication system includes deriving (06-04-2009
20090013183Confidential Information Processing Method, Confidential Information Processor, and Content Data Playback System - In order to maintain the confidentiality of information at a high level even in cases where a confidential information processor in which multiple types of decryption sequences are applicable is used, decryption is performed according to the value of content decryption information 01-08-2009
20120079274Key Agreement and Transport Protocol with Implicit Signatures - A key establishment protocol between a pair of correspondents includes the generation by each correspondent of respective signatures. The signatures are derived from information that is private to the correspondent and information that is public. After exchange of signatures, the integrity of exchange messages can be verified by extracting the public information contained in the signature and comparing it with information used to generate the signature. A common session key may then be generated from the public and private information of respective ones of the correspondents.03-29-2012
20110145579PASSWORD AUTHENTICATION METHOD - There is provided an authentication method which is secure against various attacks such as a KCI attack on a public network, and can reduce a required calculation amount compared to a conventional method. In this authentication method, a mutual authentication processing technique using Diffie-Hellman type key exchange is modified to compute a master secret Ks in a server by Ks=g06-16-2011
20090249069CREDENTIAL GENERATION SYSTEM AND METHOD FOR COMMUNICATIONS DEVICES AND DEVICE MANAGEMENT SERVERS - Systems and methods are described for establishing credentials at a device and at a device management server for the purpose of exchanging secure credentials in order to mutually authenticate the device and the server. A credential generation algorithm is described which uses a plurality of seeds, including the hardware identity of the device, the server identity, and a shared private key, to generate two sets of credentials, one to be used by the device and the other to be used by the device management server. The credentials are exchanged between the device and the server during any session, thereby assuring mutual authentication.10-01-2009
20090222662CARD ISSUING SYSTEM, CARD ISSUING SERVER, CARD ISSUING METHOD AND PROGRAM - The present invention provides a service providing server including an authentication ticket creating unit for encrypting access authentication information and creating an authentication ticket, and an authentication ticket transmitting unit for transmitting the authentication ticket to a card issuing server; where the card issuing server includes an authentication ticket verifying unit for decrypting the authentication ticket and verifying the authentication ticket, a verification result notifying unit for notifying the verification result of the authentication ticket to the service providing server, a connection information transmitting unit for transmitting connection information for connecting to the card issuing server to the service providing server along with the verification result of the authentication ticket, and an authentication information verifying unit for comparing and verifying the access authentication information of the authentication ticket and access authentication information stored in the IC chip of the information processing terminal.09-03-2009
20090254749COOPERATION METHOD AND SYSTEM OF HARDWARE SECURE UNITS, AND APPLICATION DEVICE - The present invention provides a cooperation method of a mobile hardware secure unit and a fixed hardware secure unit, comprising: providing user's identification information of a mobile hardware secure unit; providing platform's identification information of a computer-based or other-device-based fixed hardware secure unit; establishing a bidirectional communication pipe between the mobile and fixed hardware secure unit; and binding the mobile and fixed hardware secure units through interaction of the user's identification information and the platform's identification information. The present invention further provides a cooperation system of a mobile hardware secure unit and a fixed hardware secure unit as well as a computer device, with which the security solution based on a fixed hardware secure unit can be combined with a mobile hardware secure unit securing a user's identity.10-08-2009
20100161987DOWNLOADABLE CONDITIONAL ACCESS SYSTEM SERVICE PROVIDING APPARATUS AND METHOD - Provided is a Downloadable Conditional Access System (DCAS) service providing method where a mutual authentication with respect to a DCAS host and an Authentication Proxy (AP) server is performed, operating environment information and host identification information, which are extracted by the AP server, are transmitted by the AP server to a Personalization Server (PS), image information is selected by referring to the host identification information, the operating environment information, and policy information agreed to by a Conditional Access System (CAS) server and the PS, the image information being transmitted by the PS to a code download server, and the image information is transmitted to the DCAS host, when access information of the image information is transmitted to the DCAS host through the PS and the AP server.06-24-2010
20100153724SYSTEM AND METHOD FOR A KEY BLOCK BASED AUTHENTICATION - The present invention relates to a system (06-17-2010
20100262825SECURITY METHOD OF MOBILE INTERNET PROTOCOL BASED SERVER - A security method in a server-based mobile IP system is provided. Specifically, in the security method, general data is securely exchanged in addition to a control message that is exchanged between a mobile node and a server or between mobile nodes. Specifically, provided is a method of securely exchanging data by using a mobile node including an mPAK execution module generating necessary keys by exchanging key information with the server while performing a mutual authentication process and negotiating the security policy; and a security module setting a security policy that is negotiated with the corresponding node and applying the security policy to data according to the set security policy when transmitting the data.10-14-2010
20100191967CLIENT APPARATUS, SERVER APPARATUS, AND PROGRAM - A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.07-29-2010
20100180118Information Processing Apparatus, Method for Switching Cipher and Program - An information processing apparatus is provided which includes a plurality of encryption algorithm units which are respectively capable of performing mutual authentication with an external device by respectively using an encryption method or a cipher key being different from one another; and a data memory unit which stores a plurality of cipher-specific information being provided to each of the encryption algorithm units and including a cipher type which specifies an encryption method used by each of the encryption algorithm units and disabling control information for disabling at least one encryption algorithm unit among the plurality of encryption algorithm units; wherein at least a first encryption algorithm unit among the plurality of encryption algorithm units disables another encryption algorithm unit in accordance with the disabling control information which is stored at the data memory unit when a mutual authentication with an external device succeeds.07-15-2010
20100241858Downloadable Conditional Access System, Secure Micro, and Transport Processor, and Security Authentication Method Using the Same - A downloadable conditional access system (DCAS), a secure micro (SM), and a transport processor (TP), and a security authentication method using the same are provided. The DCAS provides a safe security environment through a security protocol which enables mutual authentication and secure channel establishment between the SM and the TP.09-23-2010
20100217985Authenticated Communication Between Security Devices - Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid.08-26-2010
20090150671COMMUNICATION SYSTEM AND COMMUNICATION TERMINAL DEVICE - There is provided a communication terminal device configured to include: a mutual authentication unit that performs mutual authentication with a service providing server; an obtaining unit that obtains biometric information of an authentication target associated with an encryption key common to the service providing server, which is obtained as a successful result of the mutual authentication performed by the mutual authentication unit; a biometric authentication unit that performs biometric authentication by using the biometric information of the authentication target, which has been obtained by the obtaining unit, and biometric information of a registration target; and a notification unit that encrypts a message indicating that the biometric authentication has succeeded, by using the encryption key and notifies the service providing server of the message, if the biometric authentication of the biometric authentication unit succeeds.06-11-2009
20100235640INFORMATION PROCESSING APPARATUS, METHOD OF MUTUAL AUTHENTICATION, MUTUAL AUTHENTICATION PROGRAM, AND STORAGE MEDIUM - An information processing apparatus and a counterpart apparatus supporting data communications are devised. The information processing apparatus is connected to the counterpart apparatus via a communication network. The information processing apparatus and the counterpart apparatus supporting data communications use mutual authentication using a certificate file. The information processing apparatus includes a certificate management unit, a verification information obtaining unit, and a security key generation unit. The certificate management unit encrypts and decrypts the certificate file using a security key. The verification information obtaining unit obtains verification information of the information processing apparatus. The verification information enables identification of the information processing apparatus as a unique physical entity. The security key generation unit generates the security key by conducting a non-reversible transformation of the verification information obtained by the verification information obtaining unit. The verification information is used as source data.09-16-2010
20100211786METHOD FOR GENERATING AUTHORIZATION KEY AND METHOD FOR NEGOTIATING AUTHORIZATION IN COMMUNICATION SYSTEM BASED ON FREQUENCY OVERLAY - A method for a terminal including a first media access control (MAC) layer and a second MAC layer to create an authorization key includes performing a first network entry process to a base station through the first MAC layer, and performing a second network entry process for a frequency overlay to the base station through the second MAC layer. In this instance, the first network entry process includes acquiring a key for generating an authorization key through an authentication process according to an authentication method negotiated with the base station, and generating a first authorization key through the key for generating the authorization key. The second network entry process includes generating a second authorization key by using the key generated in the first network entry process for generating the authorization key.08-19-2010
20120144197POINT-TO-POINT COMMUNICATION METHOD IN A WIRELESS SENSOR NETWORK AND METHODS OF DRIVING COORDINATORS AND COMMUNICATION DEVICES IN THE WIRELESS SENSOR NETWORK - The present invention relates to a point-to-point communication method that performs mutual authentication and creates link keys without using a master key. The point-to-point communication method can include authentication by exchanging authentication information between a first node and a second node from among the plural nodes; and having each of the first node and the second node create a link key, after the authentication is completed. During the authentication, the authentication information uses a secret key of a corresponding coordinator (node).06-07-2012
20100125733DOWNLOADABLE CONDITIONAL ACCESS SYSTEM, CHANNEL SETTING METHOD AND MESSAGE STRUCTURE FOR 2-WAY COMMUNICATION BETWEEN TERMINAL AND AUTHENTICATION SERVER IN THE DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - Provided are a Downloadable Conditional Access System (DCAS), and a channel setting method and a message format for a 2-way communication between a terminal and an authentication server in the DCAS. The DCAS may include: a verification unit to verify an electronic signature and an integrity with respect to a message received from the authentication server; an extraction unit to extract network access information of the authentication server from the message in which the electronic signature and the integrity are verified; and a channel setting unit to set a communication channel with the authentication server based on the extracted network access information.05-20-2010
20100049977ELECTRONIC APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - The present invention relates to an electronic apparatus, an information processing method, and a program that allow a provision server of an application to be capable of easily causing an electronic apparatus having an IC chip to manage data. When a service-issuing command transmitted from a service-issuing terminal 02-25-2010
20090327725Content object management method, right object providing method, content object revocation method based thereon, and device using the same - A device for managing a rights object and revoking a content object. The device includes a content/rights object storage unit for storing at least one content object, and a rights object corresponding to each content object. An authentication module performs mutual authentication between devices giving and taking a rights object, and when a revocation notification of a rights object among the stored rights object is received, authenticates whether an author having transferred the revocation notification is an author having a revocation right. A content object checking unit checks if the content object is valid before the content object is executed. A rights object management module searches for a rights object corresponding to a content object to be executed, and deletes a rights object corresponding to the revocation notification when the author is an author having the revocation right. A controller controls the modules and the units.12-31-2009
20090327724TWO-WAY AUTHENTICATION BETWEEN TWO COMMUNICATION ENDPOINTS USING A ONE-WAY OUT-OF-BAND (OOB) CHANNEL - Techniques for two-way authentication between two communication endpoints (e.g., two devices) using a one-way out-of-band (OOB) channel are presented. Here, in embodiments, both communication endpoints may be securely authenticated as long as the one-way OOB channel is tamper-proof. Embodiments of the invention do not require the one-way OOB channel to be private to ensure that both endpoints are securely authenticated. Since providing a two-way or private OOB channel adds to the cost of a platform, embodiments of the invention provide for a simple and secure method for two-way authentication that uses only a non-private one-way OOB channel and thus helping to reduce platform cost. Other embodiments may be described and claimed.12-31-2009
20100332832TWO-FACTOR AUTHENTICATION METHOD AND SYSTEM FOR SECURING ONLINE TRANSACTIONS - A two-factor authentication system is provided for securing online transactions. In the two-factor authentication system, a transaction server provides online transaction services. A mobile communication device receives short messages. A client computing device applies a first authentication function to communicate with the transaction server, receives, via short messages, a first authentication code used to authenticate the transaction server, and applies a second authentication function to generate a second authentication code. Next, the transaction server authenticates the client computing device with the second authentication function and second authentication code.12-30-2010
20100332833LINK KEY INJECTION MECHANISM FOR PERSONAL AREA NETWORKS - According to one embodiment, a method is disclosed. The method includes generating a link key at a secure component within a first personal area network device and injecting the link key into a protocol stack component database within the first device. The link key may further be transmitted to a second device. Other embodiments are described and claimed.12-30-2010
20100185860METHOD FOR AUTHENTICATING A COMMUNICATION CHANNEL BETWEEN A CLIENT AND A SERVER - A method for authenticating a communication channel between a client and server has been disclosed. The method employs a mutual authentication payload (MAP) protocol that enables mutual authentication between a client and server system in a convenient user-friendly manner while providing seamless and automated portability to the clients, In the process of mutual authentication, the client verifies that the server entity is indeed the intended entity and is trusted. Likewise, the server verifies if the client entity initiating the exchange is indeed the intended entity and is trusted. Accordingly, this verification process involves multi-factor authentication factors contained within the MAP protocol.07-22-2010
20110035592AUTHENTICATION METHOD SELECTION USING A HOME ENHANCED NODE B PROFILE - An authentication method selection using a home enhanced Node B (H(e)NB) profile is disclosed. A method for selecting an H(e)NB authentication method includes authenticating at least one of the device or the hosting party module by a security gateway (SeGW). The SeGW receives a request from the H(e)NB to start the authentication process. Based on information received from the H(e)NB and an authentication information server, the SeGW determines how to authenticate the H(e)NB. The possible authentication methods include device authentication only, device authentication and hosting party module authentication, requesting the H(e)NB to perform authentication using Extensible Authentication Protocol-Authentication and Key Agreement, or authentication of both the H(e)NB and one or more WTRUs connected to or attempting to connect to the H(e)NB.02-10-2011
20110119489NETWORK AND METHOD FOR ESTABLISHING A SECURE NETWORK - The invention relates to a network with a first node (05-19-2011
20110213975SECRET INTEREST GROUPS IN ONLINE SOCIAL NETWORKS - Described herein are methods and systems for creating a framework that allows the creation of Secret Interest Groups (SIGs) in Online Social Networks. SIGs are self-managed groups formed outside of the social network, around secret, sensitive, or private topics. A set of cryptographic algorithms are used for the framework implementation.09-01-2011
20100125734ENCRYPTED IMAGE WITH MATRYOSHKA STRUCTURE AND MUTUAL AGREEMENT AUTHENTICATION SYSTEM AND METHOD USING THE SAME - The present invention relates to an encrypted image with a matryoshka structure and a mutual agreement authentication system and method using the same. The encrypted image with a matryoshka structure is used in authentication in an authentication system having a plurality of layers and comprises: a first encrypted image which can be opened by only a server of any one layer of the authentication system; and a second encrypted image which can be opened by only a server of another layer distinguished from the any one layer, wherein any one sealed encrypted image of the first and second encrypted images is embedded and sealed in the other encrypted image.05-20-2010
20100131761DOWNLOADABLE CONDITIONAL ACCESS SYSTEM AND METHOD OF SESSION CONTROL FOR SECURED 2-WAY COMMUNICATION BETWEEN AUTHENTICATION SERVER AND HOST DEVICE IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - Disclosed is a downloadable conditional access system (DCAS) including a key request unit to transmit a key request message to an authentication server, an authentication request unit to request authentication from the authentication server based on a key response message received from the authentication server in response to the key request message, and a session establishment unit to establish a session with the authentication server, based on an authentication response message received in response to the authentication request.05-27-2010
20090327726INFORMATION RECORDING/REPRODUCTION APPARATUS AND SYSTEM - According to one embodiment, a data transmission control section ends transmission of a title without copyright protection at time t12-31-2009
20090313470Using a Portable Computing Device as a Smart Key Device - A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system.12-17-2009
20100037053Mobile station authentication in tetra networks - A method in a communication system. The mobile station is provided with two or more separate subscriber modules having separate authentication identities. The modules are authenticated and a session key is established between these subscriber modules using the system as a trusted party. The invention improves the ability of the communication system to adjust to the varying operational conditions of the users, and user organizations.02-11-2010
20120303960Systems and Methods for Mutual Authentication Using One Time Codes - Methods and systems for mutual authentication and personalizing a transaction device, such as a payment, transaction, or identity card. Successively generated one time codes are calculated by a first and second entity. One of the codes is transmitted to the second entity, which verifies the code is proper, then encrypts a second one time code using a third one time code and transmits the encrypted data to the first entity. The first entity decrypts the data using the third one time code, verifies the encrypted second one time code is proper, thereby mutually authenticating, and establishing a shared encryption key for subsequent communications, including transmission of personalization data.11-29-2012
20110078443METHOD AND SYSTEM FOR SECURE COMMUNICATIONS ON A MANAGED NETWORK - A system and method for discovery and/or authentication of clients to a network, particularly a managed network, substantially without requiring the client and/or access device to transmit an unencrypted address or identification.03-31-2011
20090024848Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium - A terminal identification method is provided which enables two-way communications between terminals and a network while identifying terminal IDs and protecting privacy. Also, authentication method and system are provided which require no complicated calculating process, less steps and smaller amount for wireless communications, and less power consumption. A server and terminal share a hash function and an initial value determined for each terminal, calculate the same temporary ID by hashing the initial value the same number of times with the hash function, and identify the terminal using the calculated temporary ID. The server and the terminal also hold a common hash function and authentication information, acquire an authenticating communication parameter from communication parameters temporarily common during communication, and generate an authentication key using the authentication information, the authenticating communication parameter, and the hash function. Then at least one of the server and terminal performs authentication using the generated authentication key.01-22-2009
20110258451METHOD FOR UPDATING MOBILE TERMINAL SOFTWARE AND MOBILE TERMINAL - Disclosed are a method for updating mobile terminal software and a mobile terminal. The method comprises the following steps: the mobile terminal software and/or the tool software used for updating the mobile terminal software perform hand-shaking according to encrypted hand-shaking data sent by the other party; wherein in the case that said hand-shaking is successful, the mobile terminal software or the tool software carries out verification of new mobile terminal software according to the pre-encrypted feature identifier of the mobile terminal software and the feature identifier of the new mobile terminal software, and determines whether the update is allowable according to the verification result. By introducing the two authentications of both the handshaking data and of the feature identifier, this invention greatly eliminates the possibility that the terminal may be modified by a software, avoids terminal unlocking and modification of language in the relevant technology, overcomes the deficiencies of the prior art in preventing such unlocking and language modification, ensures to the largest extend the terminal security, and effectively protects the interests of providers.10-20-2011
20090240941METHOD AND APPARATUS FOR AUTHENTICATING DEVICE IN MULTI DOMAIN HOME NETWORK ENVIRONMENT - A device authentication method and device authentication apparatus in a multi domain home network environment are provided. The method includes registering a new device in each local domain and issuing a local domain certificate; making an agreement between local domains in order to authenticate a device registered to another local domain; when the device registered to the home local domain or another local domain requests a service, authenticating the device via communication inside the local domains, thereby minimizing a user's intervention, making it easier to use the apparatus, reducing a device operation with regard to a device having limited performance, and making it easier to extend the apparatus.09-24-2009
20110213974IDENTIFYING RELATIONSHIPS BETWEEN USERS OF A COMMUNICATIONS DOMAIN - The invention enables identifying relationships between users of a online communications domain such as a social networking website. First identification tokens 09-01-2011
20080229104MUTUAL AUTHENTICATION METHOD BETWEEN DEVICES USING MEDIATION MODULE AND SYSTEM THEREFOR - A mutual authentication method using a mediation module and a system therefor are provided. The method includes: storing a first partial private key obtained by dividing a first private key of a device; storing a second partial private key obtained by dividing a second private key of a host device; receiving unique identifiers (IDs) and random numbers for the device and the host device from the device and determining whether the unique IDs are valid; and generating a first signature value by using the first partial private key and a second signature value by using the second partial private key if the unique IDs are valid, and transmitting the generated first and second signature values to the device09-18-2008
20080229105Efficient Method for Providing Secure Remote Access - A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password.09-18-2008
20110055567Secure Key Management in Multimedia Communication System - Principles of the invention provide one or more secure key management protocols for use in communication environments such as a media plane of a multimedia communication system. For example, a method for performing an authenticated key agreement protocol, in accordance with a multimedia communication system, between a first party and a second party comprises, at the first party, the following steps. Note that encryption/decryption is performed in accordance with an identity based encryption operation. At least one private key for the first party is obtained from a key service. A first message comprising an encrypted first random key component is sent from the first party to the second party, the first random key component having been computed at the first party, and the first message having been encrypted using a public key of the second party. A second message comprising an encrypted random key component pair is received at the first party from the second party, the random key component pair having been formed from the first random key component and a second random key component computed at the second party, and the second message having been encrypted at the second party using a public key of the first party. The second message is decrypted by the first party using the private key obtained by the first party from the key service to obtain the second random key component. A third message comprising the second random key component is sent from the first party to the second party, the third message having been encrypted using the public key of the second party. The first party computes a secure key based on the second random key component, the secure key being used for conducting at least one call session with the second party via a media plane of the multimedia communication system.03-03-2011
20110016317Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method, and program - Provided is a key storage device including a receiving unit for receiving package data that includes a template key for decrypting an encrypted template and an authentication key that is used for authentication performed with a terminal that uses the template key and the package data being in a data format that allows restoration only by the key storage device, a key information storage unit for restoring the template key and the authentication key, and for storing the template key and the authentication key in a tamper resistant non-volatile memory, a authentication unit for performing, in case a request for use of the template key is received from the terminal, authentication with the terminal by using authentication information that is based on the authentication key, and a key state management unit for placing, in case the authentication succeeds, the template key in a state usable by the terminal.01-20-2011
20110022843SECURITY IN A MOBILE COMMUNICATION SYSTEM - When a mobile terminal (01-27-2011
20110179274Shared secret verification method and system - Method for shared secret verification e.g. to be applied in secure data exchange, in which at least two parties, hereinafter indicated as Alice and Bob, each have a secret while their challenge is to find out whether they share the same secret or not, however, without disclosing the secret itself to each other or to any third party. The method comprises the following steps. In step 1, Alice picks a random number RA, encrypts it using Bob's public key PUB, adds the value of her secret SA, and sends the result K to Bob. In step 2 Bob receives K, subtracts his secret SB, and performs a decryption using his own private key PRB. In step 3 Bob performs the one-way function H on L and sends the result M to Alice. In step 4 Alice receives M, takes her original random number RA, performs the same one-way function H and verifies whether the result equals the received M. In step 5 Alice sends her original random number RA to Bob. In step 6 Bob receives RA and verifies whether it equals to his earlier result L and concluding that, if the answer is “no”, Alice knows that Bob has the same secret and that, if the answer is “yes” Bob knows Alice doesn't have the same secret. Instead of performing the steps 6 and 7, Alice and Bob may repeat steps 1 to 5 where it is Bob who starts the exchange.07-21-2011
20110072266INFORMATION PROCESSING DEVICE, AUTHENTICATION SYSTEM, AUTHENTICATION DEVICE, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM, RECORDING MEDIUM, AND INTEGRATED CIRCUIT - The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A03-24-2011
20100293380QUANTUM CRYPTOGRAPHY APPARATUS - The method involves exchange of a quantum signal between a first quantum node and a second quantum node as is usual in known quantum key distribution (QKD) scheme. The first quantum node communicates details of the quantum signal it sent or received with a first remote node. The first remote node thus has all the information to required to take the place of the first quantum node in the key agreement step with the second quantum node. The first quantum node may be arranged to transmit the quantum signal to the second quantum node, in which ease the invention provides a distributed quantum transmitter with the control logic in the first remote node being distributed remotely from the actual quantum transmitter in the first quantum node. Communications between the first remote node and first quantum node may comprise or be protected by a quantum key derived by conventional QKD.11-18-2010
20100293379 METHOD FOR SECURE DATA TRANSMISSION IN WIRELESS SENSOR NETWORK - A method for secure data transmission in wireless sensor network includes that: the network user determines a master key and inputs it into a central node and a device node; after the central node and the device node have authorized each other, the central node generates a new session key and sends it to the device node; while the central node and the device node communicate with each other, the data sending party uses the new session key to encrypt the data for transmission and verify the integrity of the data, and the data receiving party uses the session key to decrypt the data and verify the integrity of the data. The advantages of the present invention are that: the consumption of computation resource and the communication overhead are greatly reduced without affecting the security performance of the network, the problem of the authorization between the central node and the device node is solved, and the method for generating, transmitting and updating the key realizes the encryption of the data for transmission and the verification of the data integrity, and thus it ensures the security of the data transmission in wireless sensor network.11-18-2010
20110119490Controlling Communications - A gateway, program and method for use in a packet-based communication system. The gateway comprises: a connection to a public packet-based network comprising a public-network server and a plurality of public-network user terminals; a connection to a private packet-based network comprising a private-network server and a plurality of private-network user terminals each installed with a public-network communication client; a processing device arranged to receive a login request from a public-network client of a private-network user terminal, and in response to initiate both a private-network authentication procedure involving the private-network server and a public-network authentication procedure involving the public-network server, so as subject to both authentication procedures to enable establishment of a communication channel between one of the public-network user terminals and the public-network client of the private-network user terminal; wherein the processing device is further configured to apply a control policy to communications occurring over said channel.05-19-2011
20110138183METHOD FOR ENSURING SECURITY AND PRIVACY IN A WIRELESS COGNITIVE NETWORK - In some embodiments, authentication, confidentiality, and privacy are enhanced for a wireless network of cognitive radios by encryption of network management and control messages as well as data traffic, thereby protecting information pertaining to node identification, node location, node-sensed incumbent transmissions, CRN frequency channel selections, and such like. During initial network registration, a temporary ID can be issued to a node, and then replaced once encrypted communication has been established. This prevents association of initial, clear-text messages with later encrypted transmissions. Elliptic curve cryptography can be used for mutual authentication between subscribers and the base station. ECC-based implicit digital certificates can be embedded in co-existence beacons used by CRN nodes to coordinate use of frequency channels, thereby preventing denial of service attacks due to transmitting of falsified beacons. Similar certificates can be embedded within identity beacons used to protect certain incumbents from interference by the CRN.06-09-2011
20120311334METHOD AND APPARATUS FOR SECURE COMMUNICATIONS AND RESOURCE SHARING BETWEEN ANONYMOUS NON-TRUSTING PARTIES WITH NO CENTRAL ADMINISTRATION - A unifying network model with a structure and architecture configured to address security, interoperability, mobility, and resource management, including priority and quality of services is provided. The network of the network model is structured as a hierarchical mesh network, with dynamically generated routing tables. The configuration of the network model optimizes routing and distributes communication load. Every device on the network is capable of being both an endpoint and a forwarder of communications. The network model may include underlying networks that are represented with one of two models, the link model or the star model. The nodes are organized in a hierarchical relationship structure to optimizes throughput. The model may include a cryptographic method of dynamically assigning local network addresses.12-06-2012
20110093710LOW-LATENCY PEER SESSION ESTABLISHMENT - A source device and a target device may endeavor to form a secure communication session whereby encrypted messages may be transmitted over an untrusted network, such as the internet. However, the exchange of many messages in the establishment of the communication session may involve considerable latency and computational resources, particularly in scenarios featuring many communication sessions (e.g., peer-to-peer communication sessions.) Techniques for initiating a communication session may be devised that enables the initiation of a communication session with only two exchanged messages, or even with a single message transmitted from the source device to the target device. Some embodiments of these techniques may also permit the inclusion of advantageous security features, such as authentication via public certificate to detect man-in-the-middle attacks and the inclusion of nonces to detect replay attacks, without increasing the number of messages involved in the initiation of the communication session.04-21-2011
20110093711METHOD AND SYSTEM FOR ENCRYPTING DATA IN A WIRELESS COMMUNICATION SYSTEM - A method and system for encrypting data in a wireless communication system are provided. The system includes a first node for generating a first encryption key using a plurality of encryption key parameters when performing authentication with a second node, for changing a second parameter among the plurality of encryption key parameters to generate a second encryption key being identical to the first encryption key, if a first parameter among the plurality of encryption key parameters is changed during re-authentication between the first node and the second node, for generating the second encryption key using the changed first parameter and the changed second parameter, and for encrypting data to be transmitted to the second node using the second encryption key.04-21-2011
20100250936INTEGRATED CIRCUIT, ENCRYPTION COMMUNICATION APPARATUS, ENCRYPTION COMMUNICATION SYSTEM, INFORMATION PROCESSING METHOD AND ENCRYPTION COMMUNICATION METHOD - There is provided an integrated circuit includes an arithmetic circuit having input/output characteristics determined by element-specific physical characteristics; a storage unit having cipher text obtained by performing encryption processing on predetermined secret information using an output value output from the arithmetic circuit with respect to input of a predetermined value and the predetermined value input into the arithmetic circuit stored therein; and a decryption unit that restores the predetermined secret information by inputting the predetermined value stored in the storage unit into the arithmetic circuit and decrypting the cipher text stored in the storage unit using the output value output from the arithmetic circuit when the predetermined secret information is used.09-30-2010
20100082983SECURE DEVICE ASSOCIATION - Secure device association is generally described. In one example, a secure device association system comprises a first device comprising a mechanical actuator and a second device comprising a microphone, the mechanical actuator of the first device and the microphone of the second device to form an out-of-band (OOB) channel for secure association between the first device and the second device.04-01-2010
20090292921METHOD FOR THE ENCRYPTED DATA EXCHANGE AND COMMUNICATION SYSTEM - The embodiments relate to a method for the encrypted data exchange between subscribers of a communication system using cryptography based on elliptical curves, wherein upon a query by a first subscriber a scalar multiplication is calculated by the second subscriber, wherein merely part of the result of the scalar multiplication is returned to the first subscriber as a response. The invention relates to a communication system.11-26-2009
20090292922SYSTEM AND METHOD FOR EXCHANGING SECURE INFORMATION BETWEEN SECURE REMOVABLE MEDIA (SRM) DEVICES - A system and method for exchanging secure information between Secure Removable Media (SRM) devices. An initialization operation is performed between the SRM devices. After a mutual authentication operation is performed between the SRM devices, a secret key is exchanged for secure information exchange. An installation setup operation is then performed to establish an environment for moving rights between the SRM devices, and the rights information can be directly exchanged between the SRM devices by performing a rights installation operation between the SRM devices.11-26-2009
20090172401METHOD AND SYSTEM FOR CONTROLLING A DEVICE - A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted.07-02-2009
20090172400DIGITAL CONTENT DISTRIBUTION AND CONSUMPTION - Digital content distribution and consumption that provides the advantages of digital content being locally stored under user control while concurrently having the widest acceptance by legacy players/platforms (i.e., no need to perform complex software integration) while still remaining compatible with state of the art security in order to satisfy content provider requirements.07-02-2009
20110167268NETWORK DEVICE AUTHENTICATION - In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network.07-07-2011
20110167269NETWORK DEVICE AUTHENTICATION - In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network.07-07-2011
20120023334METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).01-26-2012
20120159171METHOD AND SYSTEM FOR ACTIVATING A PORTABLE DATA CARRIER - The invention relates to a method for activating a portable data carrier (06-21-2012
20120159170METHOD OF AUTHENTICATING VEHICLE COMMUNICATION - A vehicle communication authentication system performs mutual authentication with an authentication subject by performing a user subscriber identify module (USIM)-based authentication protocol in a wireless network, mounts a USIM card in which mutual authentication is succeeded in a vehicle terminal, and performs authentication of vehicle communication with a server that provides a vehicle service.06-21-2012
20110107099PRE-AUTHENTICATION METHOD, AUTHENTICATION SYSTEM AND AUTHENTICATION APPARATUS - A pre-authentication method and an authentication system related to the mobile communications field are disclosed. The pre-authentication method includes: when a mobile node (MN) enters a visited network other than a home network, the MN obtains the identity information of the visited network, selects, according to the identity information of the visited network, a first pre-auth-key-file corresponding to the visited network and a first ticket corresponding to the visited network, where the first ticket carries the first pre-auth-key-file, and authenticates the visited authentication, authorization and accounting (VAAA) server according to the first pre-auth-key-file.05-05-2011
20090132819SYSTEM FOR SELF-SERVICE RECHARGING AND METHOD FOR THE SAME - The present invention discloses a method for self-service recharging and a system for the same, relating to the security communications of online banking. The system comprises a client and a server. The method mainly comprises the steps of: 1) establishing a data security channel between the client and the server; 2) inputting an identifier by a user to a secure transaction device; 3) determining whether the identifier is legitimate; and if legitimate allowing the user to input a recharging operation message; 4) connecting to the server and transmitting a recharging operation request packet after receiving the recharging operation message; 5) verifying whether the secure transaction device is legitimate by the server according to information in a database stored natively, and if legitimate, deducting a recharging amount from a user account, recording an operation log, and transmitting a recharging permission command packet to the secure transaction device; and 6) conducting a recharging operation by the secure transaction device and recording an operation log. The present invention provides a way to conveniently and rapidly recharge.05-21-2009
20090132818CONTENT SERVER APPARATUS, ON-VEHICLE PLAYER APPARATUS, SYSTEM, METHOD, AND PROGRAM - A content server apparatus (05-21-2009
20120166801MUTUAL AUTHENTICATION SYSTEM AND METHOD FOR MOBILE TERMINALS - Provided is a technique for mutual authentication between different kinds of objects (devices, apparatuses, users, etc.) by expanding the kinds of objects that are subject to authentication, such as authentication between users, authentication between users and an apparatuses (devices, equipment, terminals, etc.), and authentication between apparatuses (devices, equipment, terminals, etc.).06-28-2012
20100205440INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROVIDING MEDIUM, INFORMATION DECRYPTION APPARATUS, AND INFORMATION RECORDING MEDIUM - An information processing apparatus, an information processing method, and an information providing medium are provided. Encrypted information, an encrypted first key for decrypting the encrypted information, and a second key for decrypting the first key are processed to store the information in a storage medium. To be more specific, cross certification is executed with the storage medium, the first key is decrypted by the second key, the decrypted first key is encrypted, and the decrypted first key and the encrypted information are stored in the storage medium. The novel constitution prevents unauthorized replication of information by use of a low-cost, general-purpose semiconductor memory.08-12-2010
20100205438Authenticating method for short-distance radio devices and a short-distance radio device - The invention provides a method for making mutual authentication between short-distance radio devices automatically or after confirmation by users, and a short-distance radio device for realizing the method. In a condition where a plurality of radio devices exist, each of the radio devices comprising a data communicating unit for performing short-distance radio communication and an authenticating unit for performing authentication of the radio device, the authenticating unit performs mutual authentication between two radio devices automatically or after confirmation by users of the radio devices when the two radio devices come closer to each other to such an extent that coverage areas of radio waves generated by the radio devices overlap with each other.08-12-2010
20100205439METHOD AND TERMINAL FOR RECEIVING RIGHTS OBJECT FOR CONTENT ON BEHALF OF MEMORY CARD - Disclosed is a method of receiving by a terminal a rights object (RO) from a rights issuer (RI) on behalf of a memory card, the method including, receiving, by the terminal, a trigger message for RO acquisition from the rights issuing server, comparing, by the terminal, trust anchor and ID of the memory card in a list included in the trigger message with a trust anchor and ID of the memory card within a context of the terminal, transmitting, by the terminal, a RO request message to the rights issuing server if the trust anchor and the ID of the memory card within the context are consistent with those within the list according to the comparison result, and receiving, by the terminal, a RO response message including a protected RO from the rights issuing server.08-12-2010
20100174907SECURE BOOTSTRAPPING FOR WIRELESS COMMUNICATIONS - A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT.07-08-2010
20120173877METHOD AND APPARATUS FOR BUILDING A HARDWARE ROOT OF TRUST AND PROVIDING PROTECTED CONTENT PROCESSING WITHIN AN OPEN COMPUTING PLATFORM - A system architecture provides a hardware-based root of trust solution for supporting distribution and playback of premium digital content. In an embodiment, hardware root of trust for digital content and services is a solution where the basis of trust for security purposes is rooted in hardware and firmware mechanisms in a client computing system, rather than in software. From this root of trust, the client computing system constructs an entire media processing pipeline that is protected for content authorization and playback. In embodiments of the present invention, the security of the client computing system for content processing is not dependent on the operating system (OS), basic input/output system (BIOS), media player application, or other host software.07-05-2012
20100275019SERVICE PROVIDING METHOD AND INTEGRATED CIRCUIT - An application program relating to a process of an integrated circuit 10-28-2010
20100031042Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS) - The inventive system for providing strong security for UDP communications in networks comprises a server, a client, and a secure communication protocol wherein authentication of client and server, either unilaterally or mutually, is performed using identity based encryption, the secure communication protocol preserves privacy of the client, achieves significant bandwidth savings, and eliminates overheads associated with certificate management. VDTLS also enables session mobility across multiple IP domains through its session resumption capability.02-04-2010
20080301444Apparatus and Method for Providing Personal Information Sharing Service Using Signed Callback Url Message - An apparatus and method for providing a service that securely and easily shares personal information using a signed callback uniform resource locator (URL) message in a mobile terminal environment are provided. The mobile terminal providing a personal information sharing service using a signed URL message includes; a personal information sharing service module which receives a message that includes a first callback URL and a personal information sharing request and is signed using a private key of a server, and creates a second callback URL by adding a user response result in response to the personal information sharing request to the first callback URL; and an authentication module which verifies a signature of the message using a public key of the server, and signs the second callback URL using a user private key.12-04-2008
20110047381SAFEMASHUPS CLOUD TRUST BROKER - The present invention provides a new method for policy enforcement in a virtualized or cloud environment. We break down the environment into layers, which are further sub-divided into security units. Each security unit has a security profile based on its own security properties and those of the layers below. The security profile also reflects the floor, ceiling and wall security properties. Each security unit has an agent which is used to establish communications with other security units. Such communication is mediated by a cloud trust broker which determines if the communication is permitted based on access control list or else retrieves the security profiles and applies pre-defined rules. If the communications are allowed the cloud trust broker runs a mutual authentication and key distribution protocol that results in the two security units obtaining a session key which they can then use for further communications which can proceed directly.02-24-2011
20120324225CERTIFICATE-BASED MUTUAL AUTHENTICATION FOR DATA SECURITY - Systems and methods for maintaining data security using client roles, API keys, and certificate-based mutual authentication are presented. A method of protecting sensitive data includes both client authorization techniques and the mutual exchange and verification of certificates between client and server. In one embodiment, access by a client to a server is further limited by temporal constraints, volume constraints, and an end user identity filter.12-20-2012
20110213976METHOD FOR DOWNLOADING CONDITIONAL ACCESS SYSTEM FOR DIGITAL BROADCASTING - The present invention relates to a method of downloading a conditional access system (CAS) for digital broadcasting in a digital broadcasting system. More specifically, the present invention includes a transmitter which includes a DCAS authentication proxy (AP), a personalization server, a DCAS provisioning server, and a head-end, and a set-top box as a receiver, which includes a DCAS host. In particular, a mutual authentication occurs between the DCAS AP and the DCAS host and key distribution, between the personalization server and the DCAS host and key distribution, and between the DCAS provisioning server and the DCAS host and key distribution in order to protecting a conditional access system that descrambles scrambled broadcasting contents when broadcasting contents are downloaded from an IP-TV broadcasting system and viewed.09-01-2011
20110238994MANAGEMENT OF SECRET DATA ITEMS USED FOR SERVER AUTHENTICATION - A security device (09-29-2011
20120089837KEYLESS CHALLENGE AND RESPONSE SYSTEM - A confidential information exchange between a sender and a receiver may be conducted without the use of encryption keys. The information is coded with a Challenge-Response Table that is shared between the sender and the receiver. Rather than sending a challenge and then waiting for a response, the challenge and response are both sent by the sender of the information. The information sent comprises an index with a challenge and a response from the Challenge-Response Table. Upon receiving the coded information, the receiver uses the Challenge-Response Table to decode the information by using the index to locate the challenge and its valid response. Upon determining that the challenge and the response are correct, a first decoded answer is determined. Upon determining that either the challenge or the response, or both, are incorrect, a second decoded answer is determined.04-12-2012
20120096267CREDENTIAL GENERATION SYSTEM AND METHOD FOR COMMUNICATIONS DEVICES AND DEVICE MANAGEMENT SERVERS - Systems and methods are described for establishing credentials at a device and at a device management server for the purpose of exchanging secure credentials in order to mutually authenticate the device and the server. A credential generation algorithm is described which uses a plurality of seeds, including the hardware identity of the device, the server identity, and a shared private key, to generate two sets of credentials, one to be used by the device and the other to be used by the device management server. The credentials are exchanged between the device and the server during any session, thereby assuring mutual authentication.04-19-2012
20120331295METHOD FOR KEY GENERATION, MEMBER AUTHENTICATION, AND COMMUNICATION SECURITY IN DYNAMIC GROUP - The present invention provides a method for keys generation, member authentication and communication security in a dynamic group, which comprises steps: assigning each member an identification vector containing common group identification vector elements and an individual identification vector element, and generating an authentication vector and an access control vector for each member according to the identification vector; using the identification vector elements to generate public key elements and establish an authentication public key and an access control public key; and using a polynomial and the identification vector to generate a private key. The present invention uses these public keys and private keys, which are generated from the identification vectors, to implement serverless member authentication and data access control, whereby is protected privacy of members and promoted security of communication.12-27-2012
20100161986Method for Verifying the Authenticity of Messages Exchanged According to a Mobile Internet Protocol - Messages exchanged between a mobile node and a home agent according to a mobile Internet protocol are authenticated using cryptographic methods applied to the messages and which have been agreed on between the mobile node and the home agent.06-24-2010
20130024692METHOD AND APPARATUS FOR LOCAL AREA NETWORKS - A mechanism for segregating traffic amongst STAs that are associated with a bridge, referred to herein as the personal virtual bridged local area network (personal VLAN), is based upon the use of a VLAN to segregate traffic. The IEEE 802.1Q-1998 (virtual bridged LANs) protocol provides a mechanism that is extended by the invention to partition a LAN segment logically into multiple VLANs. In the preferred embodiment, a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong. One embodiment of the invention extends the standard VLAN bridge model to provide a mechanism that is suitable for use within an AP. In a preferred embodiment, the Personal VLAN bridge extends the standard VLAN bridge in at least any of the following ways: VLAN discovery in which a personal VLAN bridge provides a protocol for VLAN discovery; VLAN extension in which a Personal VLAN allows a station to create a new port that serves a new VLAN, or to join an existing VLAN via an authentication protocol; Logical ports in which a Personal VLAN bridge can maintain more than one logical port per physical port, and bridges between ports of any kind; and cryptographic VLAN separation.01-24-2013
20130091358FACILITATING SECURE ONLINE TRANSACTIONS - A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.04-11-2013
20130124865COMMUNICATION SYSTEM, COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND COMPUTER PROGRAM - Content is transmitted within a range of the user's legitimate use while limiting the number of equipment to which the content is transmitted at the same time.05-16-2013
20110219232CONTROLLER TO BE INCORPORATED IN STORAGE MEDIUM DEVICE, STORAGE MEDIUM DEVICE, SYSTEM FOR MANUFACTURING STORAGE MEDIUM DEVICE, AND METHOD FOR MANUFACTURING STORAGE MEDIUM DEVICE - The present invention is a controller capable of preventing card makers from conducting unauthorized acts. The controller includes: a controller key storage unit 09-08-2011
20120284517WIRELESS AUTHENTICATION USING BEACON MESSAGES - Systems, methods, and other embodiments associated with wireless authentication using beacon messages are described. According to one embodiment, an access point controller includes a transmitter configured to wirelessly transmit a beacon message. The beacon message is configured to announce to a remote device that a wireless access point is available to provide access to a network. The beacon message includes a security identifier that identifies a public key for the wireless access point.11-08-2012
20110314284METHOD FOR SECURING TRANSMISSION DATA AND SECURITY SYSTEM FOR IMPLEMENTING THE SAME - A method for securing transmission data is to be implemented by a security system including first and second security modules. The first security module provides a first public key to the second security module. The second security module encrypts a second public key and second verification data associated therewith using the first public key, and provides the encrypted second public key and the encrypted second verification data to the first security module. The first security module decrypts the encrypted second public key using a first private key, encrypts first verification data associated therewith using the second public key, and provides the encrypted first verification data to the second security module. The first and second security modules verify each other using the encrypted second and first verification data, respectively. The security system allows data transmission through the first and second security modules when verification is successfully completed.12-22-2011
20120030467METHODS AND SYSTEMS FOR FACILITATING COMMUNICATIONS BETWEEN VEHICLES AND SERVICE PROVIDERS - Methods and systems for facilitating communications between a vehicle and a service provider are provided. A first address of a vehicle communication device and a second address of a service provider communication device are obtained at a remote location that is remote to both the vehicle and the service provider. A set of keys, including a first key and a second key, is generated at the remote server. The first key is for use by the vehicle in establishing communications with the service provider, and the second key is for use by the service provider in establishing communications with the vehicle. The first key is provided to the vehicle, and the second key is provided to the service provider.02-02-2012

Patent applications in class Mutual entity authentication