Patent application number | Description | Published |
20090003597 | Small Public-Key Based Digital Signatures for Authentication - Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated. | 01-01-2009 |
20090005140 | REAL WORLD GAMING FRAMEWORK - A virtual environment and real world environment are combined into a framework that facilitates large-scale social interaction in multi-player fantasy games played in both the real world and/or a virtual world. Such combination of real and virtual world features may blend geo-caching, orienteering, and other virtual gaming features to enable players to interact across the real and virtual environments. A real world player is also mapped into the virtual environment, thereby inserting the player's movements and actions into the virtual environment. Additionally, this feature enables interaction between players located in a real environment with characters found in a virtual environment. A player may use a mobile device that is configured to recognize the geo-location and orientation of the player and display a corresponding view of the virtual environment gaming landscape for the player. | 01-01-2009 |
20090282243 | PUZZLE-BASED AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A puzzle-based protocol is provided that allows a token and verifier to agree on a secure symmetric key for authentication between the token and verifier. A token stores a secret key and one or more puzzle-generating algorithms. The verifier independently obtains a plurality of puzzles associated with the token, pseudorandomly selects at least one of the puzzles, and solves it to obtain a puzzle secret and a puzzle identifier. The verifier generates a verifier key based on the puzzle secret. The verifier sends the puzzle identifier and an encoded version of the verifier key to the token. The token regenerates the puzzle secret using its puzzle-generating algorithms and the puzzle identifier. The token sends an encoded response to the verifier indicating that it knows the verifier key. The token and verifier may use the verifier key as a symmetric key for subsequent authentications. | 11-12-2009 |
20090282253 | NETWORK HELPER FOR AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A network helper is provided that assists verifiers in executing a puzzle-based protocol for authentication of a token. A token stores a secret key and one or more puzzle-generating algorithms. The helper stores a plurality of puzzles associated with a particular token. When requested to do so by a verifier, the helper provides a plurality of pseudorandomly selected puzzles for the token to a verifier. The puzzles are encoded with information that is used between the verifier and token to establish a secured symmetric key. The verifier selects one or a few of the encoded puzzles and breaks them by a brute force attack. Because the helper does not know which puzzles have been selected, it has to break all puzzles to attempt to figure out the symmetric key. However, if a large number of puzzles are utilized, say millions, then breaking all of them becomes a computationally prohibitive task. | 11-12-2009 |
20090319792 | RESYNCHRONIZATION FOR PUSH MESSAGE SECURITY USING SECRET KEYS - A method for a server to initiate resynchronization with an access terminal, when synchronization has been lost, that cannot be exploited by attackers is provided. The server may provide the access terminal with a secret key that is only known to the access terminal and the server. The access terminal may store the secret key in a secure storage device to prevent the secret key from being hacked. If the server determines that synchronization has been lost, the server may send a resynchronization message to the access terminal with the secret key attached. The access terminal retrieves the stored secret key from the secure memory device and compares it to the secret key attached to the resynchronization message. If there is a match, the access terminal may initiate a secure communication link with the server to reestablish synchronization. | 12-24-2009 |
20100002870 | PARTIAL ENCRYPTION AND FULL AUTHENTICATION OF MESSAGE BLOCKS - Methods and apparatus are presented for encrypting and authenticating data, wherein some data is encrypted and some data is not encrypted, but all of the data is authenticated. Masking modules ( | 01-07-2010 |
20100098242 | APPARATUS AND METHOD FOR EVALUATING A CIPHER STRUCTURE'S RESISTANCE TO CRYPTANALYSIS - Disclosed is a method for evaluating resistance to cryptanalysis of a cipher structure having a diffusion element including a linear transformation placed between differently-sized confusion elements at an input and an output of the diffusion element. A generalized minimum number of non-zero symbols at the diffusion element's input and output is determined. The diffusion element's input is divided into subset inputs, each having a size corresponding to the size of each confusion element at the diffusion element input. For each subset input, a subset number of non-zero symbols at the subset input and the diffusion element output is determined. Each subset number is summed to generate a summed subset number. The summed subset number is subtracted from the generalized minimum number to generate a worst-case number. An upper bound of a maximum differential characteristic probability is calculated and used to evaluate the cipher structure. | 04-22-2010 |
20100115286 | LOW LATENCY BLOCK CIPHER - A block cipher is provided that secures data by encrypting it based on the memory address where it is to be stored. When encrypting data for storage in the memory address, the memory address is encrypted in a first plurality of block cipher rounds. Data round keys are generated using information from the first plurality of block cipher rounds. Data to be stored is combined with the encrypted memory address and encrypted in a second plurality of block cipher rounds using the data round keys. The encrypted data is then stored in the memory location. When decrypting data, the memory address is again encrypted as before while the encrypted stored data is decrypted in a second plurality of the block cipher rounds using the data round keys to obtain a partially decrypted data. The partially decrypted data is combined with the encrypted memory address to obtain fully decrypted data. | 05-06-2010 |
20100250835 | METHOD FOR PROTECTING SENSITIVE DATA ON A STORAGE DEVICE HAVING WEAR LEVELING - Disclosed is a method for protecting sensitive data in a storage device having wear leveling. In the method, a write command, with an associated sensitive write signal indicating that sensitive data is associated with the write command, is received. The sensitive data is further associated with at least one address pointing to a storage location within an initial physical storage block. The write command is executed by writing to at least one storage location within an available physical storage block, pointing the at least one address to the at least one storage location within the available physical storage block, and erasing the initial physical storage block to complete execution of the write command. | 09-30-2010 |
20100306538 | Trust Establishment from Forward Link Only to Non-Forward Link Only Devices - A method, apparatus, and/or system are provided for establishing trust between an accessory device and a host device, using a global key known to both the host device and the accessory device, so that content protection for subscriber-based mobile broadcast services is provided. A secure link may be established between the accessory device and the host device so that when the accessory device receives encrypted content via a secured forward link only network, the accessory device may decrypt the content at the forward link only stack. The content is then re-encrypted/re-secured using one or more derived encryption keys and then sent to the host device where it may be decrypted and played back. A global key, unique to the particular device type of the host device, is employed to ultimately derive the session encryption keys used to re-encrypt/re-secure the content conveyed from the accessory device to the host device. | 12-02-2010 |
20120042374 | EFFICIENT CLASSIFICATION OF NETWORK PACKETS - Embodiments describe a system and/or method for efficient classification of network packets. According to an aspect a method includes describing a packet as a feature vector and mapping the feature vector to a feature space. The method can further include defining a feature prism, classifying the packet relative to the feature prism, and determining if the feature vector matches the feature prism. If the feature vector matches the feature prism the packet is passed to a data recipient, if not, the packet is blocked. Another embodiment is an apparatus that includes an identification component that defines at least one feature of a packet and a classification component that classifies the packet based at least in part upon the at least one defined feature. | 02-16-2012 |
20120115430 | Mobile Device Having An Emergency Mode - Disclosed is an apparatus and method to locate a mobile device in an emergency situation. The mobile device includes a display device, a user interface to receive an emergency mode request from a user, and a processor. The processor may be configured to execute instructions to implement an emergency mode process based upon the receipt of the emergency mode request from the user. The emergency mode process is implemented to: monitor received signals to locate a base station, wherein, once a base station is located, a short emergency message is transmitted to the base station including the location of the mobile device. The emergency mode process is further implemented to: monitor received signals to receive an acknowledgement signal from the base station; and reduce a plurality of first non-essential functions of the mobile device to reduce power consumption. | 05-10-2012 |
20120202517 | Methods and Apparatus for Identifying and Authorizing Location Servers and Location Services - Techniques are provided which may be implemented in various methods, apparatus, and/or articles of manufacture to allow a mobile device to obtain certain location service(s) and/or the like from one or more computing devices that have been authorized for use. For example, in certain implementations, an authorizing location server may obtain a first message from a mobile device indicating a first set of location servers, determine a second set of location servers based, at least in part, on the first set of location servers, and transmit a second message to the mobile device indicating that the second set of location servers are authorized for location service related access by the mobile device. | 08-09-2012 |
20130067552 | AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS - A particular method includes storing, at a mobile device, at least one security credential that is specific to the mobile device. The method also includes transmitting the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier. | 03-14-2013 |
20130217359 | AUTOMATIC CONFIGURATION OF A WIRELESS DEVICE - A method of automatically configuring a wireless device includes receiving programming credentials from a server at a programming module and authenticating the wireless device based on the programming credentials. The method includes programming the wireless device with access credentials of an access point of a network to enable the wireless device to communicate, via the access point, with one or more devices outside of the network. | 08-22-2013 |
20130223626 | VERIFYING GENERIC BROADCAST OF LOCATION ASSISTANCE DATA - Various techniques are provided for Location Services (LCS) Assistance Data broadcast, for example for implementation in LTE and LTE-A systems. The embodiments described herein may use the LPP/LPPe positioning protocol, by making use of existing unsolicited Provide Assistance Data (PAD) messages. Embodiments avoid the need to define and implement a separate broadcast Assistance Data protocol. Additional exemplary embodiments for scheduling and verifying of the broadcast Assistance Data messages are described herein. | 08-29-2013 |
20130227297 | Small public-key based digital signatures for authentication - Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated. | 08-29-2013 |
20130243194 | SYSTEMS AND METHODS FOR ENCODING EXCHANGES WITH A SET OF SHARED EPHEMERAL KEY DATA - A method includes generating a shared master secret. The method also includes generating a set of shared ephemeral key data. The set of shared ephemeral key data is generated independent of the shared master secret. A validity duration of the set of shared ephemeral key data is less than a validity duration of the shared master secret. The method further includes encrypting at least one message that is to be transmitted to at least one station based on at least the shared master secret and the set of shared ephemeral key data. | 09-19-2013 |
20130247150 | WIRELESS COMMUNICATION USING CONCURRENT RE-AUTHENTICATION AND CONNECTION SETUP - A method includes generating at least one of a re-authorization request or a re-authentication with an extensible authentication protocol. The method also includes generating an upper layer message. The method further includes bundling the upper layer message and the least one of the re-authorization request or the re-authentication request as an association request. The method further includes transmitting the association request to an access point. | 09-19-2013 |
20130263223 | SYSTEMS AND METHODS OF PERFORMING LINK SETUP AND AUTHENTICATION - Systems and methods of performing link setup and authentication are disclosed. A first method utilizes an unprotected association request and an association response that includes an access point nonce (ANonce). A second method includes receiving, during a first link setup using a first ANonce, a second ANonce for use in a second link setup. A third method utilizes a temporary key to protect an association request. A fourth method includes generating an ANonce at a mobile device based on an ANonce-seed received from an access point. | 10-03-2013 |
20130283352 | METHODS, APPARATUSES AND ARTICLES FOR IDENTIFYING AND AUTHORIZING LOCATION SERVERS AND LOCATION SERVICES USING A PROXY LOCATION SERVER - Techniques are provided which may be implemented in various methods, apparatus, and/or articles of manufacture to allow a mobile device to obtain certain location service(s) and/or the like from one or more computing devices that have been authorized for use. For example, in certain implementations, a location server may comprise a proxy location server for an authorizing location server and may indicate one or more other location servers as being authorized for location service related access by a mobile device. | 10-24-2013 |
20140032424 | Method and apparatus for determining and utilizing value of digital assets - Systems and methods for protecting digital assets associated with a computing device are described herein. An example of a method according to the disclosure includes assigning at least one asset worth value to respective digital assets associated with a device, computing at least one device worth value using the at least one asset worth value assigned to the digital assets associated with the device, identifying at least one device worth value threshold, performing a comparison of the at least one device worth value to the at least one worth value threshold, and initiating at least one action with respect to the digital assets associated with the device based on the comparison. | 01-30-2014 |
20140093081 | AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS - A particular method includes receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device; determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server; in response to determining whether the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device, or determining whether the SUPL server supports a certificate-based authentication method; and in response to determining that the SUPL server supports the certificate-based authentication method, performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device. | 04-03-2014 |
20140094147 | AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS - A particular method includes generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including: a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device. The method also includes receiving a reply from the mobile device that includes a device certificate of the mobile device; and authenticating the mobile device as associated with a SUPL user based on the device certificate. | 04-03-2014 |
20140162606 | SYSTEMS AND METHODS OF PERFORMING LINK SETUP AND AUTHENTICATION - Systems and methods of performing link setup and authentication are disclosed. A method includes, at an access point, receiving an unprotected authentication request from a mobile device. The method also includes extracting an initiate message from the unprotected authentication request and sending the initiate message to an authentication server. The method further includes receiving an answer message from the authentication server, where the answer message includes a re-authentication master session key (rMSK). The method includes generating an access point nonce (ANonce) and sending an authentication response to the mobile device, where the authentication response includes the ANonce. | 06-12-2014 |
20140164763 | SYSTEMS AND METHODS OF PERFORMING LINK SETUP AND AUTHENTICATION - Systems and methods of performing link setup and authentication are disclosed. A method includes receiving, at a mobile device, a first access point nonce (ANonce) from an access point and generating a first pairwise transient key (PTK) using the first ANonce. The mobile device sends an authentication request including a station nonce (SNonce) to the access point, where the authentication request is protected using the first PTK. The mobile device receives an authentication response including a second ANonce from the access point, where the authentication response is protected using a second PTK. The mobile device generates the second PTK using the second ANonce and the SNonce and uses the second PTK to protect at least one subsequent message to be sent from the mobile device to the access point. | 06-12-2014 |
20140221019 | METHODS AND APPARATUS FOR IDENTIFYING AND AUTHORIZING LOCATION SERVERS AND LOCATION SERVICES - Techniques are provided which may be implemented in various methods, apparatus, and/or articles of manufacture to allow a mobile device to obtain certain location service(s) and/or the like from one or more computing devices that have been authorized for use. For example, in certain implementations, an authorizing location server may obtain a first message from a mobile device indicating a first set of location servers, determine a second set of location servers based, at least in part, on the first set of location servers, and transmit a second message to the mobile device indicating that the second set of location servers are authorized for location service related access by the mobile device. | 08-07-2014 |
20140232560 | Facilitating vehicle merging utilizing road markers - Disclosed is an apparatus, system, and method to utilize a plurality of road markers to aid a vehicle in merging into a lane. The lane that the merging vehicle desires to merge into is determined. Further, the position of the merging vehicle is determined. Target vehicles are then notified about the merging vehicle utilizing the plurality of road markers. | 08-21-2014 |
20140233425 | AUTOMATIC CONFIGURATION OF A WIRELESS DEVICE - A method of automatically configuring a wireless device includes performing service discovery by the wireless device to identify a programming module and sending to the programming module a probe request including a first device public key. The method includes receiving from the programming module a probe response including an indication of a match between the first device public key and a second device public key. | 08-21-2014 |
20150016416 | SYSTEMS AND METHODS FOR REDUCED LATENCY DURING INITIAL LINK SETUP - A method of operation of a mobile device to reduce link setup time includes initiating a link setup procedure with a first access point. The link setup procedure includes receiving dynamic host configuration protocol (DHCP) information via the first access point. The method further includes communicating with the first access point using the DHCP information and initiating communication with a second access point after communicating with the first access point. The method further includes receiving an indication from the second access point identifying whether the mobile device is able to communicate with the second access point using the DHCP information. A value of the indication identifies whether the mobile device is able to reduce link setup time with the second access point by avoiding DHCP reconfiguration with the second access point. | 01-15-2015 |