| Patent application number | Description | Published |
|---|
| 20080240440 | SYNCHRONIZATION TEST FOR DEVICE AUTHENTICATION - Device authentication is based on the ability of a human to synchronize the movements of his or her fingers. A pairing procedure for two wireless devices may thus involve a synchronization test that is based on the relative timing of actuations of input devices on each of the wireless devices. In some aspects a synchronization test involves determining whether actuations of user input devices on two different wireless devices occurred within a defined time interval. In some aspects a synchronization test involves comparing time intervals defined by multiple actuations of user input devices on two wireless devices. | 10-02-2008 |
| 20080263117 | INITIAL SEED MANAGEMENT FOR PSEUDORANDOM NUMBER GENERATOR - A secure seeding and reseeding scheme is provided for pseudorandom number generators by using a pre-stored initialization seed. This scheme initializes a pseudorandom number generator into an unknown state even when entropy collection is unavailable. A primary seed file and a shadow seed file are maintained with initialization seed information in a secure file system. If the primary seed file is corrupted, the pseudorandom number generator is seeded with the content of the shadow seed file. Additionally, a trusted timer or clock may be mixed with the pre-stored initialization seed to add entropy even when the pre-stored seed information has been compromised. | 10-23-2008 |
| 20090003597 | Small Public-Key Based Digital Signatures for Authentication - Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated. | 01-01-2009 |
| 20090005140 | REAL WORLD GAMING FRAMEWORK - A virtual environment and real world environment are combined into a framework that facilitates large-scale social interaction in multi-player fantasy games played in both the real world and/or a virtual world. Such combination of real and virtual world features may blend geo-caching, orienteering, and other virtual gaming features to enable players to interact across the real and virtual environments. A real world player is also mapped into the virtual environment, thereby inserting the player's movements and actions into the virtual environment. Additionally, this feature enables interaction between players located in a real environment with characters found in a virtual environment. A player may use a mobile device that is configured to recognize the geo-location and orientation of the player and display a corresponding view of the virtual environment gaming landscape for the player. | 01-01-2009 |
| 20090282243 | PUZZLE-BASED AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A puzzle-based protocol is provided that allows a token and verifier to agree on a secure symmetric key for authentication between the token and verifier. A token stores a secret key and one or more puzzle-generating algorithms. The verifier independently obtains a plurality of puzzles associated with the token, pseudorandomly selects at least one of the puzzles, and solves it to obtain a puzzle secret and a puzzle identifier. The verifier generates a verifier key based on the puzzle secret. The verifier sends the puzzle identifier and an encoded version of the verifier key to the token. The token regenerates the puzzle secret using its puzzle-generating algorithms and the puzzle identifier. The token sends an encoded response to the verifier indicating that it knows the verifier key. The token and verifier may use the verifier key as a symmetric key for subsequent authentications. | 11-12-2009 |
| 20090282253 | NETWORK HELPER FOR AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A network helper is provided that assists verifiers in executing a puzzle-based protocol for authentication of a token. A token stores a secret key and one or more puzzle-generating algorithms. The helper stores a plurality of puzzles associated with a particular token. When requested to do so by a verifier, the helper provides a plurality of pseudorandomly selected puzzles for the token to a verifier. The puzzles are encoded with information that is used between the verifier and token to establish a secured symmetric key. The verifier selects one or a few of the encoded puzzles and breaks them by a brute force attack. Because the helper does not know which puzzles have been selected, it has to break all puzzles to attempt to figure out the symmetric key. However, if a large number of puzzles are utilized, say millions, then breaking all of them becomes a computationally prohibitive task. | 11-12-2009 |
| 20090307766 | METHOD AND APPARATUS FOR VERIFYING DATA PACKET INTEGRITY IN A STREAMING DATA CHANNEL - Disclosed is a method for verifying data packet integrity in a streaming-data channel. In the method, data packets are received from the streaming-data channel. Each data packet includes a data payload and a corresponding message integrity code. The received data packets are processed in a first processing mode, wherein the received data packets are forwarded to an application module before checking the integrity of the data packets using the respective message integrity codes. An integrity-check-failure measurement is generated for monitoring an integrity-check-failure rate in the first processing mode. If the integrity-check-failure measurement exceeds an integrity-check threshold, then the method transitions to a second processing mode. A received data packet is forwarded to the application module in the second processing mode only after passing the integrity check. | 12-10-2009 |
| 20100049615 | MOBILE COMMERCE AUTHENTICATION AND AUTHORIZATION SYSTEM - The mobile commerce authentication and authorization system disclosed, illustrated, and claimed allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the user of the mobile wireless communications instrument is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A transaction matching subsystem located in a wireless customer server hub may assist in processing the location data and the payment sum amount across the wireless communications network. | 02-25-2010 |
| 20100098242 | APPARATUS AND METHOD FOR EVALUATING A CIPHER STRUCTURE'S RESISTANCE TO CRYPTANALYSIS - Disclosed is a method for evaluating resistance to cryptanalysis of a cipher structure having a diffusion element including a linear transformation placed between differently-sized confusion elements at an input and an output of the diffusion element. A generalized minimum number of non-zero symbols at the diffusion element's input and output is determined. The diffusion element's input is divided into subset inputs, each having a size corresponding to the size of each confusion element at the diffusion element input. For each subset input, a subset number of non-zero symbols at the subset input and the diffusion element output is determined. Each subset number is summed to generate a summed subset number. The summed subset number is subtracted from the generalized minimum number to generate a worst-case number. An upper bound of a maximum differential characteristic probability is calculated and used to evaluate the cipher structure. | 04-22-2010 |
| 20100100933 | APPARATUS AND METHOD FOR TRANSITIONING ACCESS RIGHTS FOR ROLE-BASED ACCESS CONTROL COMPATIBILIITY - Disclosed is a method for transitioning access rights, in a remote station with role-based access control, for an unknown role having access rights defined by a central access control management module. In the method, a role capability table is maintained in the remote station specifying centrally-defined access rights of roles that are interpretable in the remote station. An access request associated with an unknown role that is not interpretable in the remote station is received. The access request includes a role transition list that relates the unknown role to other centrally-defined roles. At least one of the other centrally-defined roles is interpretable in the remote station. A role is selected, from the role transition list, that is interpretable in the remote station for interpreting the unknown role of the access request. Access is granted based on the access request associated with the unknown role using the access rights of the interpretable role selected from the role transition table. | 04-22-2010 |
| 20100115286 | LOW LATENCY BLOCK CIPHER - A block cipher is provided that secures data by encrypting it based on the memory address where it is to be stored. When encrypting data for storage in the memory address, the memory address is encrypted in a first plurality of block cipher rounds. Data round keys are generated using information from the first plurality of block cipher rounds. Data to be stored is combined with the encrypted memory address and encrypted in a second plurality of block cipher rounds using the data round keys. The encrypted data is then stored in the memory location. When decrypting data, the memory address is again encrypted as before while the encrypted stored data is decrypted in a second plurality of the block cipher rounds using the data round keys to obtain a partially decrypted data. The partially decrypted data is combined with the encrypted memory address to obtain fully decrypted data. | 05-06-2010 |
| 20100174907 | SECURE BOOTSTRAPPING FOR WIRELESS COMMUNICATIONS - A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT. | 07-08-2010 |
| 20100198733 | Enabling Payment Using Paperless Image Of A Check - Payment or financial transactions are facilitated between two parties by utilizing mobile devices. A payor's mobile device may be adapted to generate an electronic/paperless version or image of a check. The payor may make the paperless image of a check out to a particular payee so that it can be cashed from the payor's checking account. The electronically-generated check may be in the form of an image than can be transmitted by the payor's mobile device to the recipient's mobile device. The payee then submits the received check, electronically or in paper form, to a financial institution for redemption. | 08-05-2010 |
| 20100246824 | APPARATUS AND METHOD FOR VIRTUAL PAIRING USING AN EXISTING WIRELESS CONNECTION KEY - Disclosed is a method for virtual pairing of a first peer device with a second peer device. In the method, a nonce is generated at the first peer device for use in virtually pairing the first and second peer devices to establish a first-type wireless connection. The nonce is forwarded from the first peer device to the second peer device over an already established second-type wireless connection between the first and second peer devices. At least one new key is generated from the nonce and a shared key for the already established second-type wireless connection. The first peer device is virtually paired with the second peer device using the at least one new key to establish the first-type wireless connection between the first and second peer devices. | 09-30-2010 |
| 20110107107 | Multisigning - A Protocol For Robust Multiple Party Digital Signatures - Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key. | 05-05-2011 |
| 20110119492 | Apparatus and Method for Over-the-Air (OTA) Provisioning of Authentication and Key Agreement (AKA) Credentials Between Two Access Systems - A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters. | 05-19-2011 |
| 20110131104 | Mobile Commerce Authentication And Authorization Systems - Mobile commerce authentication and authorization systems enable currently existing point-of-sale devices that are neither structurally nor systemically altered to conduct financial transactions with a customer using an access terminal across a wireless communications system. The point-of-sale devices receive an input from a payment instrument replacement, which identifies the transaction to the point-of-sale device as a transaction including an access terminal. Authentication of the user of the access terminal is achieved at least by application of position and/or location determinable features of the access terminal, the position and/or location of a point-of-sale device of a vendor or merchant where the customer seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A payment matching server may assist in processing the location data and the payment sum amount across communications network. | 06-02-2011 |
