Entries |
Document | Title | Date |
20080201576 | Information Processing Server And Information Processing Method - An information-processing server ( | 08-21-2008 |
20080201577 | AUTHENTICATION DEVICE AND METHOD - An apparatus for generating intermediate cryptogram data corresponding to a dynamic password for a first cryptographic scheme, the intermediate cryptogram data being suitable for display using a device designed for a second, different cryptographic scheme, the apparatus including: a communications interface for communicating with a said device; and a processor coupled to a memory, the memory storing processor control code to control the processor, when running, to: generate a dynamic password according to the first cryptographic scheme; and generate intermediate cryptogram data corresponding to said dynamic password, the intermediate cryptogram data being suitable for outputting to the said device so that, when the said device processes said intermediate cryptogram data according to the second cryptographic scheme, the said device generates data suitable for displaying said dynamic password. | 08-21-2008 |
20080209213 | AUTHORIZING SECURE RESOURCES - A system receives a request to access a secure resource and a verification telephone number from a first device, establishes a secure session with a second device associated with the verification telephone number, requests an authentication mechanism from the second device to verify the secure resource request, verifies the received authentication mechanism if the requested authentication mechanism is received from the second device, and determines whether to grant or deny the first device access to the secure resource based on the verification of the received authentication mechanism. | 08-28-2008 |
20080215884 | Communication Terminal and Communication Method Thereof - A communication terminal capable of helping make communication with the other end more active and of enabling even elder people or the like, who are unaccustomed to operating information devices, to have telephone conversation, while readily displaying various video information through simple operation, thereby furthering warm communication. In this apparatus, an information storage processing part ( | 09-04-2008 |
20080222415 | AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities. | 09-11-2008 |
20080229101 | AUTHENTICATED CORRESPONDENT DATABASE - A system that can intelligently drive down false positive rates with regard to identification and/or classification of spam correspondence is disclosed. Authentication information from sending domains can be stored and used to establish confidence and drive down the false positives related to acceptance and/or classification of communications. A correspondent database of known correspondents can be constructed using the authenticated information. Accordingly, decisions (e.g., white and black list) can be better informed by employing relationship and correspondent communication pattern data which is maintained within the correspondent database. | 09-18-2008 |
20080229102 | System and method for platform activation - A platform discrimination indication register is stored in a wireless network card. This register holds a platform discrimination indication that indicates whether the wireless network card can be used to transfer data with notebook computers or whether the wireless network card is restricted to transferring data from a personal digital assistant or defined set of restricted devices. The platform discrimination indication can be upgraded using a key value obtained from at Internet site. This key value is limited to a specific wireless network card because of the use of a unique electronic I.D. An Internet site encrypts the electronic I.D. to produce the first key, such as a platform activation key (PAK). This first key is then decrypted at the personal data device in order to obtain a unique calculated I.D. value. If the calculated I.D. value matches the electronic I.D. value on the wireless network card, then the platform discrimination indication is altered (upgraded), allowing the operation of the wireless network card with notebook computers. | 09-18-2008 |
20080229103 | Private entity authentication for pervasive computing environments - A method is provided for authenticating an entity having a plurality of keys in a digital form residing on a claimant computing device. The method comprises: generating a first code word by applying a hash function to a first key residing on the claimant computing device; encoding the first code word into an array of bits having a Bloom filter format; generating a second code word by applying a hash function to a second key residing on the claimant computing device; encoding the second code word into the array of bits; and broadcasting an authentication message having the array of bits therein from the claimant computing device. | 09-18-2008 |
20080250243 | Method and System for Secure Position Determination - A system and method of security for navigation, positioning, and localization systems, and applications of cryptography thereto are provided. The security can be applied to navigation, aircraft landing guidance, air traffic control, location-based access control, the prevention of relay attacks against financial and legal transaction protocols and protection of other data transmissions. | 10-09-2008 |
20080250244 | SYSTEM AND METHOD FOR DISTRIBUTION OF CREDENTIALS - The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key. | 10-09-2008 |
20080263356 | SECURITY ENFORCEMENT POINT INSPECTION OF ENCRYPTED DATA IN AN ENCRYPTED END-TO-END COMMUNICATIONS PATH - Embodiments of the present invention address deficiencies of the art in respect to security function processing of encrypted data in a security enforcement point and provide a method, system and computer program product for security enforcement point inspection of a traversing encrypted data in a secure, end-to-end communications path. In an embodiment of the invention, a method for security enforcement point inspection of encrypted data in a secure, end-to-end communications path can be provided. The method can include establishing a persistent secure session with a key server holding an SA for an end-to-end secure communications path between endpoints, receiving the SA for the end-to-end secure communications path over the persistent secure session, decrypting an encrypted payload for the end-to-end secure communications path using session key data in the SA, and performing a security function on the decrypted payload. | 10-23-2008 |
20080263357 | Identity-based-encryption extensions formed using multiple instances of an identity based encryption scheme - IBE extensions to IBE schemes may be provided by creating multiple instances of the same IBE scheme, where each instance has an associated IBE master key and corresponding IBE public parameters. During encryption, an IBE extension identity for each instance of the IBE scheme may be mapped to a corresponding component identity. A message may be encrypted using the component identities to create multiple ciphertexts. The ciphertexts can be combined and sent to a recipient. The recipient can request a private key. The private key may be generated by mapping the IBE extension identity into a component identity in each instance, by extracting private keys for each of the component identities, and by combining the private keys into a single IBE extension private key. | 10-23-2008 |
20080270793 | Communication Protocol and Electronic Communication System, in Particular Authentication Control System, as Well as Corresponding Method - In order to provide a communication protocol for cryptographic authentication on the basis of at least one cryptographic algorithm, in particular according to the A[dvanced]E[ncryption]S[tandard], by
| 10-30-2008 |
20080270794 | Method and Server for Providing Mobility Key - After a radio link is established between a mobile subscriber terminal and an access network, to authenticate the subscriber an authentication proxy server of an intermediate network forwards at least one authentication message containing a subscriber identification between the access network and a home network of the subscriber. If authentication is given by an authentication server of the home network, the authentication proxy server of the intermediate network stores the subscriber identification. The home agent receives a registration request message originating from the subscriber terminal and containing a subscriber identification; the home agent transmits a key request message, containing the subscriber identification, for a mobile key to the relevant authentication proxy server. The authentication proxy server provides a mobile key for the home agent, if the subscriber identification contained in the key request message matches one of the subscriber identifications that has been stored by the authentication proxy server. | 10-30-2008 |
20080270795 | METHOD TO CREATE AN OSI NETWORK LAYER 3 VIRTUAL PRIVATE NETWORK (VPN) USING AN HTTP/S TUNNEL - A method of creating and using a virtual private network (VPN) client encrypts network communications to server/gateways using strong algorithms to ensure data integrity and privacy during transport. Transport uses standard HTTP packets. Encryption and integrity are provided by using Secure Socket Layer (SSL, sometimes referred to as TLS). This invention is compatible and portable to different computer operating systems and mobile devices, and is also lightweight, allowing for ‘clientless’ installation and removal or small-footprint (thin) client software installations. The invention can also secure mobile user communication links over public wireless hotspots or wired Internet links. | 10-30-2008 |
20080276087 | Peripheral Device for Programmable Logic Controller - The invention aims to provide, in order to prevent dishonest operations associated with leakage of authentication data, and leakage of data that is information assets, a peripheral device for a programmable logic controller, that does not require to give out the content of data and authentication data to a user of the peripheral device. | 11-06-2008 |
20080276088 | Continuous isochronous read access and measurement of data stored in non-volatile memory - A measurement and authentication engine in a nonvolatile memory computes an original hash value on data read from the nonvolatile memory. A measurement and authentication engine in a host processor recomputes the hash value on the data received from nonvolatile memory and checks that the computed hash value matches the hash value generated and transferred from the nonvolatile memory. | 11-06-2008 |
20080276089 | Content Authentication and Recovery Using Digital Watermarks - The disclosure describes methods for using digital watermarking to authenticate digital media signals, such as images, audio and video signals. It also describes techniques for using embedded watermarks to repair altered parts of a media signal when alteration is detected. Alteration is detected using hashes, digital watermarks, and a combination of hashes and digital watermarks. | 11-06-2008 |
20080288776 | Security method using virtual keyboard - The present invention relates to a security method using a virtual keyboard, and more specifically, to a security method using a virtual keyboard, in which a user may input information through the virtual keyboard using a mouse when the user logs into a web server by inputting an identification (ID) and a password, and the inputted password is transmitted to the web server after being encrypted, so that personal information is prevented from being leaked by a hacking program and a safe connection is established. According to the present invention, risk of personal information leakage that can be occurred when an ID and a password are inputted through a keyboard may be greatly reduced, and it is effective in that even when a symmetric key is leaked, which is least expected, decipher of data is prevented by maintaining security of a private key. | 11-20-2008 |
20080294894 | Binding Content Licenses to Portable Storage Devices - Systems, methods, and/or techniques (“tools”) for binding content licenses to portable storage devices are described. In connection with binding the content licenses to the portable storage devices (“stores”), a host may perform authentication protocols that include generating a nonce, sending the nonce to a store, and receiving a session key from the store, with the session key being generated using the nonce. The store may perform authentication protocols that include receiving the nonce from the host, generating a random session key based on the nonce, and sending the session key to the host. | 11-27-2008 |
20080294895 | Disaggregation/reassembly method system for information rights management of secure documents - The present invention pertains to a computerized system and method that provides for the secure storage and retrieval of electronic digital information; and, more particularly, to such a computerized system and method that provides for multiple access levels of such secure information; provides for secure access to portions of secure information dependent upon access privileges of the authorized user; provides virtually limitless data expansion capabilities; and provides for rapid access to such secure information by authorized users. | 11-27-2008 |
20080294896 | Method and System for Transmitting and Receiving User's Personal Information Using Agent - A method and system for transmitting and receiving user's personal information using an agent are provided. An information management server managing user's personal information provides an agent including user's personal information in response to a user's personal information request message from a client. A client receives the agent and requests user's personal information from the agent. Then, the agent determines whether the client is authorized and provides the user's personal information to the client when it is determined that the client is authorized. Accordingly, the user's personal information is safely managed and transmitted. | 11-27-2008 |
20080294897 | METHOD AND APPARATUS FOR EFFICIENT SUPPORT FOR MULTIPLE AUTHENTICATIONS - Disclosed is a method for multiple EAP-based authentications in a wireless communication system. In the method, a first master session key (MSK) is generated in a first EAP-based authentication for a first-type access. A first temporal session key (TSK) is generated from the first master session key (MSK). A second EAP-based authentication is performed, using the first temporal session key (TSK), for a second-type access. First-type access and second-type access are provided after the first and second EAP-based authentications are successfully completed. | 11-27-2008 |
20080301441 | Secure Channel For Image Transmission - Systems, devices, and methods for establishing a secure session for the transmission of data from an input device to a remote server device is disclosed. The input device may be an electronic check scanner attached to a banking customer's home personal computer. The customer may visit a bank's Internet website using the web browser or other application on their personal computer, and then submit scanned images of check to the bank. The bank, however, to ensure security and prevent fraud, may wish to establish a secure session between the devices and components in the system before the image data may be scanned and transmitted. | 12-04-2008 |
20080301442 | Method and Apparatus for Local Area Networks - A mechanism for segregating traffic amongst STAs that are associated with a bridge, referred to herein as the personal virtual bridged local area network (personal VLAN), is based upon the use of a VLAN to segregate traffic. The IEEE 802.1Q-1998 (virtual bridged LANs) protocol provides a mechanism that is extended by the invention to partition a LAN segment logically into multiple VLANs. In the preferred embodiment, a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong. One embodiment of the invention extends the standard VLAN bridge model to provide a mechanism that is suitable for use within an AP. In a preferred embodiment, the Personal VLAN bridge extends the standard VLAN bridge in at least any of the following ways: VLAN discovery in which a personal VLAN bridge provides a protocol for VLAN discovery; VLAN extension in which a Personal VLAN allows a station to create a new port that serves a new VLAN, or to join an existing VLAN via an authentication protocol; Logical ports in which a Personal VLAN bridge can maintain more than one logical port per physical port, and bridges between ports of any kind; and cryptographic VLAN separation. | 12-04-2008 |
20080301443 | MOBILITY DEVICE PLATFORM - A mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device. Further, the mobility device management server is operable to perform one or more mobility device management functions to provide encryption keys to cooperating mobility devices and to authenticate and verify cooperating mobility devices requesting web services from the mobility device management server. The mobility device management server and mobility device may further operate to perform authentication and verification using user identification and password information. | 12-04-2008 |
20080307224 | Removable Secure Portable Electronic Entity Including Means for Authorizing Deferred Retransmission - A removable secure portable electronic entity includes elements for receiving a broadcast digital content, elements for sending the received broadcast digital content, secure elements for deferred retransmission of the received digital content adapted to prohibit reproduction of the received digital content prior to sending it and to instigate the deferred sending of the received digital content by the sending elements, the elements being adapted to operate in parallel mode or in quasi-parallel mode. In variants, the secure deferred retransmission elements include a unit for storing the received digital content, for example a non-volatile memory. In variants, the secure deferred retransmission elements include members for authentication of a user. | 12-11-2008 |
20080313460 | SYSTEM AND METHOD FOR GUARANTEEING SOFTWARE INTEGRITY VIA COMBINED HARDWARE AND SOFTWARE AUTHENTICATION - A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted. | 12-18-2008 |
20080320305 | METHOD AND APPARATUS FOR SECURE COMMUNICATIONS AND RESOURCE SHARING BETWEEN ANONYMOUS NON-TRUSTING PARTIES WITH NO CENTRAL ADMINISTRATION - A unifying network model with a structure and architecture configured to address security, interoperability, mobility, and resource management, including priority and quality of services is provided. The network of the network model is structured as a hierarchical mesh network, with dynamically generated routing tables. The configuration of the network model optimizes routing and distributes communication load. Every device on the network is capable of being both an endpoint and a forwarder of communications. The network model may include underlying networks that are represented with one of two models, the link model or the star model. The nodes are organized in a hierarchical relationship structure to optimizes throughput. The model may include a cryptographic method of dynamically assigning local network addresses. | 12-25-2008 |
20080320306 | Tag authentication system - An authentication method is disclosed that makes the identification information of an object public and performs authentication in referring, from the identification information, to the information of the object corresponding to the identification information. The method includes generating a third value through a predetermined operation of a temporary first value generated every time the identification information is referred to and a temporary second value generated for a referrer to the identification information; encrypting the third value by first and second different encryption methods; decrypting the third value encrypted by the first encryption method in a tag device attached to the object; and decrypting the third value encrypted by the second encryption method in an apparatus managing the information of the object, and comparing the third value decrypted in the apparatus with the third value decrypted in the tag device, thereby verifying the relationship between the object and the referrer thereto. | 12-25-2008 |
20090006848 | Secure credential management - Apparatus and methods associated with providing secure credential management are described. One apparatus embodiment includes a data store to store authentication data and an authentication supplicant (AS) logic to provide a response to an authentication communication (ACM) received from an authentication process. An authentication management (AM) logic may receive the ACM from a connection management (CM) logic associated with a host operating system (HOS), provide the ACM to the AS logic, and provide the response back to the CM logic. The apparatus may include a device management (DM) client logic to provide a secure connection to an operator DM server associated with the authentication process and to store authentication data provided by the operator DM server in the data store. The AS logic, AM logic, and DM logic may reside in firmware that is not accessible to the HOS. | 01-01-2009 |
20090006849 | PEER-TO-PEER NAME RESOLUTION PROTOCOL (PNRP) SECURITY INFRASTRUCTURE AND METHOD - A security infrastructure and methods are presented that inhibit the ability of a malicious node from disrupting the normal operations of a peer-to-peer network. The methods of the invention allow both secure and insecure identities to be used by nodes by making them self-verifying. When necessary or opportunistic, ID ownership is validated by piggybacking the validation on existing messages. The probability of connecting initially to a malicious node is reduced by randomly selecting to which node to connect. Further, information from malicious nodes is identified and can be disregarded by maintaining information about prior communications that will require a future response. Denial of service attacks are inhibited by allowing the node to disregard requests when its resource utilization exceeds a predetermined limit. The ability for a malicious node to remove a valid node is reduced by requiring that revocation certificates be signed by the node to be removed. | 01-01-2009 |
20090013180 | Method and Apparatus for Ensuring the Security of an Electronic Certificate Tool - The present invention discloses a method and apparatus for ensuring the security of an electronic certificate tool, the method comprising: A: inputting business information by using the input or confirmation function set up in the electronic certificate tool; and step B: encrypting, attaching signature to or/and authenticating the inputted business information by the electronic certificate tool and sending the processed business information over the Internet via a computed connected to the Internet to make business dealing or/and payment. The method and apparatus ensure the security of the electronic certificate tool and are convenient and easy to use. | 01-08-2009 |
20090013181 | METHOD AND ATTESTATION SYSTEM FOR PREVENTING ATTESTATION REPLAY ATTACK - Provided are a method and an attestation system for preventing an attestation replay attack. The method for preventing an attestation replay attack in an attestation system including an attestation target system and an attestation request system, the method including: measuring associated components when an event that affects the integrity of the attestation target system occurs; perceiving own identity information and verifying the perceived identity information; extending the measured component and the identity information into a register and logging the measured component and the identity information; generating an attestation response message including values of the log and the register when an attestation request message is received from the attestation request system; and transmitting the generated attestation response message to the attestation request system. Therefore, the method and an attestation system may be useful to provide an additional simple mathematical operation in verifying an attestation message by preventing an attestation replay attack, and thus to minimize performance degradation in the attestation system, compared to the conventional attestation processing mechanisms. | 01-08-2009 |
20090013182 | Centralized Identification and Authentication System and Method - A method and system is provided by a Central-Entity, for identification and authorization of users over a communication network such as Internet. Central-Entity centralizes users personal and financial information in a secure environment in order to prevent the distribution of user's information in e-commerce. This information is then used to create digital identity for the users. The digital identity of each user is dynamic, non predictable and time dependable, because it is a combination of user name and a dynamic, non predictable and time dependable secure code that will be provided to the user for his identification. The user will provide his digital identity to an External-Entity such as merchant or service provider. The External-Entity is dependent on Central-Entity to identify the user based on the digital identity given by the user. The External-Entity forwards user's digital identity to the Central-Entity for identification and authentication of the user and the transaction. The identification and authentication system provided by the Central-Entity, determines whether the user is an authorized user by checking whether the digital identity provided by the user to the External-Entity, corresponds to the digital identity being held for the user by the authentication system. If they correspond, then the authentication system identifies the user as an authorized user, and sends an approval identification and authorization message to the External-Entity, otherwise the authentication system will not identify the user as an authorized user and sends a denial identification and authorization message to the External-Entity. | 01-08-2009 |
20090019282 | Anonymous authentication method based on an asymmetic cryptographic algorithm - A method for authenticating at least one client entity (A) by means of an authentication entity (B) based on a public key encryption (ASYM(PB,R))/decryption (ASYM(SB,R′)) algorithm, implemented on the client entity side and authentication entity side, respectively, including, on the client entity side:
| 01-15-2009 |
20090019283 | System and method for a secure multi-level network access mechanism using virtual service set identifier broadcast - A method, system, and computer program product for network management, including masking a true service set identifier (SSID) in beacon frame; and broadcasting the beacon frame with the masked true SSID, whereby an authorized device retrieve the true SSID from the broadcast beacon frame. | 01-15-2009 |
20090031129 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF UNWANTED E-MAIL | 01-29-2009 |
20090037731 | Architecture and Design for Central Authentication and Authorization in an On-Demand Utility Environment Using a Secured Global Hashtable - A Centralized Authentication & Authorization (CAA) system that prevents unauthorized access to client data using a secure global hashtable residing in the application server in a web services environment. CAA comprises a Service Request Filter (SRF) and Security Program (SP). The SRF intercepts service requests, extracts the service client's identifier from a digital certificate attached to the request, and stores the identifier in memory accessible to service providers. The client identifier is secured by the SP using a key unique to the client identifier. When the web services manager requests the client identifier, the web services manager must present the key to the SP in order to access the client identifier. Thus, the present invention prevents a malicious user from attempting to obtain sensitive data within the application server once the malicious user has gained access past the firewall. | 02-05-2009 |
20090037732 | TETHERED DEVICE SYSTEMS AND METHODS - Systems and methods are described for applying digital rights management techniques to tethered devices. In one embodiment, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device. In another embodiment, a method of using extended SCSI commands to communicate over a USB connection is provided. | 02-05-2009 |
20090037733 | Method for Recording and Distributing Digital Data and Related Device - The invention relates to a method for burning digital data onto a blank disk by a client device, the digital data being transmitted to the client device by a remote content server. The method comprises the following steps carried out by the client device: setting up a secure authenticated channel with the content server; receiving the digital data transmitted by the content server; verifying the existence of the secure authenticated channel and authorizing the burning of the digital data received only during the existence of the secure authenticated channel; and burning onto the blank disk the digital data received. The invention also relates to a client device and a method for distributing digital data. | 02-05-2009 |
20090037734 | DEVICE AUTHENTICATION SYSTEM, MOBILE TERMINAL DEVICE, INFORMATION DEVICE, DEVICE AUTHENTICATING SERVER, AND DEVICE AUTHENTICATING METHOD - According to a device authentication system ( | 02-05-2009 |
20090044011 | Systems, Devices and Methods for Managing Cryptographic Authorizations - Certain exemplary embodiments can provide a method that includes a proof of authorization for any number of activities within an organization, where the proof of authorization associates a specific set of rights, privileges, permissions and/or powers with a collection of entities, each of which has a distinct digital identity. The proof of authorization allows any entity within the collection of entities to interface with or access one or more specific categories of information and/or one or more physical resources within an organization, according to the set of rights privileges, permissions and/or powers established by the authorization proof. The authorization proof may further include references to authorization proofs issued by other organizations in a federation of organizations. | 02-12-2009 |
20090044012 | RF TRANSACTION AUTHENTICATION USING A RANDOM NUMBER - A system and method for securing Radio Frequency Identification (RFID) transactions is provided. An exemplary method includes using a random number in an authentication tag and authorizing an RF transaction in response to verifying the authentication tag. The method may also involve variously validating an RFID device authentication tag and an RFID reader authentication tag. Additionally, a system and method is disclosed for verifying an RFID transaction device and RFID reader operable with an RF transaction system. The method involves presenting an RFID device to an RFID reader, receiving a random number, creating an RFID transaction device authentication tag using the random number and a counter value, providing the RFID transaction device authentication tag to an RFID reader, creating an RFID reader authentication tag using the counter, random number, and RFID authentication tag, and providing the RFID reader authentication tag and RFID transaction device authentication tag for authentication. | 02-12-2009 |
20090049297 | SYSTEMS AND METHODS FOR VERIFYING THE AUTHENTICITY OF A REMOTE DEVICE - Some embodiments of the invention are directed to, among other things, systems, computer readable media, methods and any other means for verifying the authenticity of a client device. In some embodiments, a token is issued by one or more remote media servers that allows the client device to download video, media or other data from one or more remote media servers. | 02-19-2009 |
20090055645 | METHOD AND APPARATUS FOR CHECKING ROUND TRIP TIME BASED ON CHALLENGE RESPONSE, AND COMPUTER READABLE MEDIUM HAVING RECORDED THEREON PROGRAM FOR THE METHOD - An apparatus and method of checking adjacency between devices are provided. A challenge response based round trip time (RTT) checking method includes: generating a random number; encrypting the random number using a symmetrical key; transmitting a challenge request message including the encrypted random number to a device; receiving a challenge response message including the random number from the device which received the challenge request message and decrypted the encrypted random number using the symmetrical key, from the device; and determining an RTT based on a time when the challenge response message is received and a time when the challenge request message is transmitted. | 02-26-2009 |
20090055646 | DISTRIBUTED MANAGEMENT OF CRYPTO MODULE WHITE LISTS - An apparatus and method for managing the distribution and expansion of public keys held by a group or array of systems in white lists. The addition of a new system to the array entails a manual input to authorize the introduction of the new system to one trusted system in the array. After the introduction the new system is trusted by the one member and the white list of the one member is loaded into the white list of the new system. The new system then requests joining each of the other systems in the array. For each system in the array asked by the new system, the systems in the array ask if any other systems in the array already trust the new member. In response, a system of the array that trusts the new system responds by sending its white list (containing the public key of the new system) to the requesting system. Eventually the public key of the new system is in the white lists of all the systems in the array. In practice this trusts expansion occurs in the background with respect to running applications. | 02-26-2009 |
20090055647 | Auxiliary display system, device and method - The present invention provides an auxiliary display system, device and method. The auxiliary display system includes a client and a server. The client includes an auxiliary display unit which further includes a security module. The server generates information to be shown in the auxiliary display unit, and uses a shared encryption key of the auxiliary display unit to encrypt the information. The security module uses the shared encryption key to verify validity of encrypted information from the server, and decrypts the encrypted information so that the decrypted information will be shown in the auxiliary display unit. The present invention can prevent from forging the auxiliary display information by malicious programs and provide users with reliable information display, and improve experience of the users. | 02-26-2009 |
20090063858 | Systems, methods, and media for retransmitting data using the secure real-time transport protocol - Systems, methods, and media for retransmitting data using the SRTP are provided. In some embodiments, methods for retransmitting data using the SRTP are provided. The methods include: receiving at least one data unit associated with a media session; determining the index of the at least one data unit; determining the session key of the media session using the index; authenticating the at least one data unit using the session key; and retransmitting the at least one data unit. | 03-05-2009 |
20090063859 | CONTENT DISTRIBUTION SERVER AND CONTENT DISTRIBUTION SYSTEM USING THE SAME - The present invention relates to a content distribution server or the like, capable of more surely preventing an unauthorized use of a content. Content distribution servers | 03-05-2009 |
20090070581 | SYSTEM AND METHOD FOR CENTRALIZED USER IDENTIFICATION FOR NETWORKED DOCUMENT PROCESSING DEVICES - The subject application is directed to a system and method for centralized user identification for networked document processing devices. A secure communications channel is first established between a document processing device designated as an authentication device and at least one additional document processing device of a plurality of document processing devices. The authentication device then communicates address data to each additional document processing device. Credential data associated with a user of a document processing device is then received. The received credential data is communicated from the document processing device to the authentication device. The user of the document processing is then authenticated in accordance with the received credential data. Authorization data representing the authorization of the user to perform a document processing operation on the document processing device is then communicated to the document processing device from the authentication device according to the completed authentication of the user. | 03-12-2009 |
20090070582 | Secure Network Location Awareness - Secure network location awareness is provided whereby a client is able to use appropriate settings when communicating with an access node of a communications network. In an embodiment a client receives a signed message from the access node, the signed message comprising at least a certificate chain having a public key. In some embodiments the certificate chain may be only a self-signed certificate and in other embodiments the certificate chain is two or more certificates in length. The client validates the certificate chain and verifies the signature of the signed message. If this is successful the client accesses stored settings for use with the access node. The stored settings are accessed at least using information about the public key. In another embodiment the signed message also comprises a location identifier which is, for example, a domain name system (DNS) suffix of the access node. | 03-12-2009 |
20090070583 | SYSTEM AND METHOD FOR SECURE TRANSACTION - Systems and methods for performing a secure transaction provided. In one embodiment, the method includes: reading data on a command token, reading data on a token; encrypting the token data with a key; encrypting an authentication data with a clear text token data; and transmitting the encrypted authentication data with the encrypted token data to a remote device. | 03-12-2009 |
20090070584 | Method for Providing, Distributing and Engraving Digital Data and Associated Distribution Server - The invention relates to a method for engraving digital data received from a remote server. The inventive method consists in acquiring an identifier of a secured disc used for receiving digital data, in transmitting the identifier and a digital data loading instruction to the remote server, in receiving digital date scrambled by at least one second encryption key and second encryption keys by a first encryption key and in engraving scrambled digital data and the second encryption keys on the secured disc. A providing and distributing methods and a distribution server are also disclosed. | 03-12-2009 |
20090070585 | Measurement probe systems for co-ordinate positioning apparatus - A measurement probe, such as a touch trigger measurement probe, is described that comprises a measurement portion for measuring an object and a data transfer portion for receiving data from and/or transmitting data to an associated unit. The measurement device also comprises an authentication module for verifying the authenticity of the associated unit. The authentication module may include a processor for running a one-way hash algorithm. Authenticity may be established using a challenge and response authentication process. | 03-12-2009 |
20090083542 | METHOD AND SYSTEM FOR CONTROLLED DISTRIBUTION OF APPLICATION CODE AND CONTENT DATA WITHIN A COMPUTER NETWORK - A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server's private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server. | 03-26-2009 |
20090089580 | WIRELESS COMMUNICATION DEVICE, PORTABLE TERMINAL, COMMUNICATION CONTROL PROGRAM AND COMMUNICATION SYSTEM - A wireless communication device, comprising: a wireless communication unit which communicates with other communication device located at a prescribed range; a first identification information generator which generates first identification information including a service name of available service and inherent information; an encryption unit configured to encrypt said first identification information by using a prescribed encryption key to generate encryption data; a second identification information generator which generates second identification information including the service name, the inherent information and the encryption data; and an inherent information transmitter which transmits the second identification information for an other communication device which has requested transmission of the inherent information. | 04-02-2009 |
20090089581 | System and Method for Securing Data Through a PDA Portal - Consumers may utilize computing devices to assist in the purchase and/or loyalty process, and in particular, the consumer may utilize a PDA to facilitate the purchase and/or loyalty process. During the purchase and/or loyalty process, the consumer may need to insure that any content downloaded or used in association with the PDA is secure in how it is collected, assembled, and delivered to the PDA device. This system and method secures the data from its source to when it is actually viewed or used by the authorized user. The PDA may have direct access to an Internet web site portal that offers secure personal content from a content provider, such as, for example, an on-line banking or financial institution. Using the web site portal, the content provider may offer personal or confidential data, such as financial information, to PDA users in a secure (e.g., encrypted) environment. The exemplary system and method may establish a PDA portal link to the web site for collecting specified information for a user and transmitting the information to the remote device. To receive the information, the PDA contacts the portal and establishes a connection, authenticates itself to the network and allows the user to complete secured transactions or transmissions over the network. | 04-02-2009 |
20090094456 | METHOD FOR PROTECTION AGAINST ADULTERATION OF WEB PAGES - The method verifies the integrity and authenticity of a page received by the browser client ( | 04-09-2009 |
20090094457 | SYSTEM FOR REGISTRATION OF SENSING DEVICE WITH PRINTER - A system is provided having a sensing device for sensing coded data printed on a print media surface which is installed with a secret key and a first identifier which uniquely identifies the sensing device, a printer installed with a second identifier which uniquely identifies the printer, and a server installed with the first and second identifiers. The printer obtains the first identifier from the sensing device and communicates the first and second identifiers to the server. The server determines from the received first and second identifiers whether the sensing device should be registered with the printer and if so, authenticates the sensing device by verifying an encryption from the sensing device, using the secret key, of a challenge message. Upon successful authentication, the sensing device is registered in the server so as to be associated with the printer. | 04-09-2009 |
20090106553 | METHOD AND SYSTEM UTILIZING QUANTUM AUTHENTICATION - A system and a method with quantum cryptography authentication. The system includes an optical link connecting a sender and a receiver. The sender transmitting a first optical pulse and a second optical pulse having a defined time delay therebetween. The first pulse is modulated with a first authentication phase shift; and the second pulse is modulated with phases selected from one basis of two non-orthogonal bases, and encoded with one of two orthogonal states within the one basis based on an information of the sender, and with a second authentication phase shift. The receiver includes a splitter receiving and splitting the first and the second pulse into pulses of interest. The split pulses of interest are modulated with the first authentication phase shift; and the second authentication phase shift, respectively. The receiver includes a second coupler whereby the split pulses of interest arrive at the second coupler simultaneously. The receiver includes a first set of detectors receiving the combined pulses, which determine the one basis of the two non-orthogonal bases; and a second set of detectors receiving the combined pulses, and determine the one of the two orthogonal states within the basis and thereby decoding the information of the sender. | 04-23-2009 |
20090125718 | DOMAIN UPGRADE METHOD IN DIGITAL RIGHTS MANAGEMENT - Disclosed is domain upgrade method in Digital Rights Management (DRM) capable of reducing network resources by simplifying signal procedures at the time of transferring changed domain keys. A device joining after domain upgrade is provided with only a domain key of a domain generation after the domain upgrade, but is not provided with a domain key of the previous domain generation. Accordingly, even if the joining device is mal-operated or is hacked, contents before upgrade are prevented from being illegally used or leaking out. | 05-14-2009 |
20090132817 | METHOD, SYSTEM AND DEVICE FOR DETERMINING A MOBILE IP KEY, NOTIFYING A MOBILE IP TYPE - The present invention relates to a wireless communication technology field. A method for determining a mobile IP key of a mobile terminal is provided, which includes: receiving a mobile IP registration request message of a mobile terminal, in which the mobile IP registration request message includes a key material field; and reporting material information for determining a key according to the key material field. A method for determining a mobile IP key of a mobile terminal, a mobile IP agent device, a system for obtaining a mobile IP type, and a mobile terminal are also provided. With the technical solutions provided in the present invention, the mobile IP keys and/or the mobile IP type of the mobile terminal can be correctly determined, thus achieving a fast and correct access of the mobile terminal. | 05-21-2009 |
20090138707 | Method for Fast Pre-Authentication by Distance Recognition - A method of pre-authentication of a first entity ( | 05-28-2009 |
20090138708 | CRYPTOGRAPHIC MODULE DISTRIBUTION SYSTEM, APPARATUS, AND PROGRAM - In a cryptographic module distribution system, a cryptographic management server apparatus encrypts a cryptographic module using a key shared by a cryptographic apparatus, and transmits the encrypted cryptographic module to a client apparatus. The client apparatus transmits the encrypted cryptographic module to a cryptographic apparatus. The cryptographic apparatus decrypts the encrypted cryptographic module using the key shared by the cryptographic management server apparatus, and transmits the decrypted cryptographic module to the client apparatus. The client apparatus stores the received cryptographic module. | 05-28-2009 |
20090138709 | OPTICAL TRANSCEIVER WITH VENDOR AUTHENTICATION - An optical receiver comprising at least one processor and a memory including at least one of an encryption key or a decryption key and at least one of encryption microcode or decryption microcode that includes processor-executable instructions that, when executed by the at least one processor, cause the optical transceiver to perform the following: an act of performing an encryption or decryption operation on data received from a host computing system to thereby authenticate the optical transceiver. | 05-28-2009 |
20090144546 | APPLICATION CONTROLLED ENCRYPTION OF WEB BROWSER DATA - A browser cache-securing component facilitates online communication of confidential data, such as for financial information, purchasing transactions, or user identification. Caching webpages for subsequent presentation enhances user productivity and efficiency while reducing burdens on network resources. Yet, the security risks of intrusions into cache memory are mitigated by retaining encrypted data in cache memory without prior decryption. A modest overhead in decrypting when and if the webpage is to be presented again gains a security and privacy advantage without taking away functionality. Decrypted versions of confidential data can thereby be relegated to volatile memory. Upon termination of a session, a session key shared by a network server is deleted, preventing subsequent decryption. Executing the browser cache-securing component in a virtual machine environment allows multiple browser types to benefit from the security feature. | 06-04-2009 |
20090144547 | AUTHENTICATION PROTOCOL - The invention relates to an authentication protocol for increasing safety against a man-in-the-middle (MITM) access attack for point-to-point communication ( | 06-04-2009 |
20090150669 | METHOD AND APPARATUS FOR PROVIDING DOWNLOADABLE CONDITIONAL ACCESS SERVICE USING DISTRIBUTION KEY - An apparatus and a method for providing a downloadable conditional access service using a distribution key are provided. With regard to the apparatus for providing the downloadable conditional access service using the distribution key, a subscriber authorization system transmits a target entitlement management massage being encoded with a target distribution key to a host, and the host decodes the encoded target entitlement management message being encoded with the target distribution key included in a target secure micro client. | 06-11-2009 |
20090158038 | UNIVERSAL AUTHENTICATION METHOD - The present invention is directed to a universal authentication method that is more secure than conventional methods found on most electronic systems. The universal authentication method does not send passwords over hard wires or wireless systems. Consequently, it is difficult for would be password thief to intersect password data. It can also provide a further layer of security by providing rotating passwords. | 06-18-2009 |
20090158039 | DEVICE PAIRING USING "HUMAN-COMPARABLE" SYNCHRONIZED AUDIBLE AND/OR VISUAL PATTERNS - A first device may authenticate a key of a second device (after discovering the second device, and executing a pairing protocol with the second device, wherein a result of the pairing protocol is a bit string) by encoding the bit string, transmitting a human-perceptible representation of the encoded bit string, transmitting a human-perceptible distinctive end of string indicator, receiving human feedback and determining whether or not a key of the second device is authentic based on the received human feedback. At the first device, wireless communications with the second device may be controlled based on the determination of whether or not the key of the second device is authentic. | 06-18-2009 |
20090164782 | METHOD AND APPARATUS FOR AUTHENTICATION OF SERVICE APPLICATION PROCESSES IN HIGH AVAILABILITY CLUSTERS - A method and communication node that for generate a unique service application process biometric identifier for a service application service application process requesting resources and services to another service application service application process in a High Availability (HA) cluster. The method and communication node further authenticate the requesting service application service application process using the unique service application process biometric identifier and thus allowing communication between the first service application process and the second service application process. | 06-25-2009 |
20090164783 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATION OF FRAGMENTS USING HASH TREES - An apparatus for authentication of fragments using hash trees may include a processor. The processor may be configured to provide one or more data fragments and a hash tree representing the one or more fragments, send at least one first fragment accompanied by any nodes of the hash tree necessary to authenticate the one or more first sent fragments, and send one or more subsequent fragments accompanied by only some, but not all, of the nodes of the hash tree necessary to authenticate the one or more subsequent fragments with the other nodes that are not sent but are necessary for authentication having been previously sent in conjunction with a prior fragment. | 06-25-2009 |
20090164784 | SECURE PEER-TO-PEER MESSAGING INVITATION ARCHITECTURE - A system and methods providing immediate peer-to-peer messaging between mobile devices in a wireless system. An invitation architecture is disclosed which enables the exchange of personal identification numbers (PINs) without requiring a user to directly access or provide his or her PIN. A messaging application encrypts its associated PIN before providing it to a messaging application on another mobile device through an existing communication application. An invitation process for exchanging encrypted PINs involves receiving an invitation containing a question, obtaining user input of an answer, and transmitting the answer back to the sender with an encrypted PIN. The sender confirms the received answer is correct and replies with its encrypted PIN. | 06-25-2009 |
20090172395 | System and Method for Service Virtualization Using a MQ Proxy Network - A system, method, and computer program product for transmitting message traffic encapsulating a MQ network having a plurality of MQ clients coupled to a MQ queue via at least one MQ queue manager and at least one MQ proxy server coupled to the plurality of MQ clients. The at least one MQ proxy server retrieves a message from a first MQ client coupled thereto, evaluates the message content and forwards the message to the MQ queue via a designated MQ queue manager. If the destination MQ client is served by a second MQ proxy server the originating MQ proxy server notifies the second MQ proxy server coupled to the second MQ client. The second MQ proxy server retrieves the message from the MQ queue thru the designated MQ queue manager, evaluates the message content and forwards the message to the second MQ client. If the first MQ client and the second or destination MQ client are served by the same MQ proxy server, then the MQ proxy server will just retrieve the message from the MQ queue through the designated MQ queue manager and forward the message to the second MQ client. | 07-02-2009 |
20090172396 | SECURE INPUT - In some embodiments input information received at an input device is encrypted before it is sent to a computer to be coupled to the input device. Other embodiments are described and claimed. | 07-02-2009 |
20090172397 | IMS Security for Femtocells - A mobile station can be authenticated by, for example, sending a challenge to a mobile station, and receiving a first authentication response from the mobile station through a wireless link, the first authentication response being generated based on the challenge and an authentication key stored at the mobile station. A second authentication response is generated based on the first authentication response. The second authentication response is provided to an IMS network for authenticating the mobile station to enable the mobile station to access the IMS network. In some examples, an authentication response of the mobile station is carried in an SIP message sent from the femtocell to a server that can authenticate the mobile station or forward the authentication response to another server that can authenticate the mobile station. Authentication of the mobile station can be performed as an integrated part of or separate from a registration process. | 07-02-2009 |
20090172398 | Method and Arrangement for Providing a Wireless Mesh Network - Provided are a method and an arrangement for creating a wireless mesh network in which a new node is provided that is connected between mesh nodes and an AAA server located in an infrastructure network. Based on basic encoding data that is available to the new node following successful initial authentication of a first mesh node, the new node performs the authentication similar to a proxy server instead of an AAA server, particularly for a limited time, during subsequent authentication attempts. | 07-02-2009 |
20090172399 | Communication System For Providing The Delivery of E-Mail Message - A communication system comprising a sender unit, a recipient unit and a control unit, wherein the sender unit is adapted to generate an electronic message, to send the electronic message directly to the recipient unit, and to send a sending information message to the control unit indicating that the sender unit has sent the electronic message to the recipient unit, wherein the recipient unit is adapted to receive the electronic message directly from the sender unit and to send a receipt information message to the control unit, the receipt information message indicating that a user of the recipient unit has received the electronic message. | 07-02-2009 |
20090177884 | DIGITAL CONTENT SECURITY SYSTEM, PORTABLE STEERING DEVICE AND METHOD OF SECURING DIGITAL CONTENTS - The present invention discloses a digital content security system and a method that combines information provided by both of a content provider server and a portable steering device to establish multi-way protections of the digital content from reproduction and/or playing of other unauthorized device and hacked intercept of a private key for decrypting the digital content. In application, the portable steering device has a higher compatibility with various network platforms including, for example, any common computer using a Window media player built therein. | 07-09-2009 |
20090177885 | METHOD AND APPARATUS FOR ENCRYPTED AUTHENTICATION - A sink device including a first data processing unit and a second data processing unit authenticates the processing units, when turned on, to generate first authentication keys having the same data. When a data request is issued from the sink device to the source device, device authentication is made between the source device and the first data processing unit to generate second authentication keys having the same data. The source device encrypts an exchange key using the second authentication key, and sends the encrypted exchange key to the first data processing unit. The first data processing unit decrypts the encrypted exchange key using the second authentication key, encrypts the decrypted exchange key using the first authentication key, and sends the encrypted exchange key to the second data processing unit. The second data processing unit decrypts the encrypted exchange key using the first authentication key to obtain an exchange key. | 07-09-2009 |
20090177886 | Storage Apparatus, Method for Validating Encrypted Content and Terminal Apparatus - A user can watch desired content among a plurality of encrypted contents recorded in a storage apparatus having a large capacity recording medium when the user wants to watch. Usage Pass (UP) necessary for watching content and encrypted content are recorded in a rental storage apparatus. The UP is in an invalid state when the storage apparatus is rented, and processing for validating the corresponding UP is executed between the storage apparatus and a host apparatus through which content is watched to thereby make content watchable. A history that processing for validating the UP is executed is recorded in the storage apparatus. A service provider bills a content use fee to the user based on the history of the storage apparatus. | 07-09-2009 |
20090183003 | Authentication in data communication - Method of authenticating a client comprising the steps of sending a subscriber identity to an authentication server; obtaining at least one challenge and at least one first secret to the authentication server based on a client's secret specific to the client; forming first credentials; forming a first authentication key using the at least one first secret; encrypting the first credentials using the first authentication key; sending the at least one challenge and the encrypted first credentials to the client; forming an own version of the first authentication key at the client; decrypting the encrypted first credentials using the own version of the first authentication key. In the method, the encrypted credentials are sent together with the at least one challenge to the client so that the client can proceed authentication only if it can derive the first secret from the at least one challenge. | 07-16-2009 |
20090183004 | CONDITIONAL ACCESS SYSTEM - The invention provides an improved conditional access system with efficient bandwidth usage on the interface between a receiver and a conditional access module. The conditional access system has a receiver, a selection module, a conditional access module and possibly a terminal. The conditional access module has a first memory for storing service identifiers of services and transmits one or more service identifiers to the selection module. The selection module receives an input signal from the receiver and selects from the input signal those sub-signals as identified by the service identifiers and transmits the sub-signals to the conditional access module. | 07-16-2009 |
20090204815 | System and method for wireless device based user authentication - An automated system and method for authenticating entities or individuals attempting to access a computer application, network, system or device using a wireless device is provided. The system employs one or more short-range wireless interfaces (e.g. BLUETOOTH or Wi-Fi) or long-range wireless interfaces (e.g. cellular or WiMAX) to detect the presence or location of the wireless device and it's proximity to the secure system to be accessed. The wireless device incorporates a unique identifier and secure authentication key information associated with the user of the wireless device. An authentication result is generated and may be used for a variety of applications. The application may process the result and determine the degree of access for which the entity or individual is allowed. | 08-13-2009 |
20090204816 | Method Of Authorizing Network Publishing - A method of authorizing printing of a publication at a printer by a publisher in a network is provided, in which an alias identity of a user is created from both a sensing device identity and an application identity when the user interacts with a printed application tag associated with the publication using the sensing device, the publication is addressed to the user by the alias identity, the publication is signed using a private key of the publisher, the signed publication is sent to the printer, and it is confirmed that the signed publication may be printed at the printer by verifying the private key signature. | 08-13-2009 |
20090210706 | METHODS AND APPARATUS FOR CONDITIONAL ACCESS OF NON REAL-TIME CONTENT IN A DISTRIBUTION SYSTEM - Methods and apparatus for conditional access of non real-time (NRT) content in a distribution system. A method includes encrypting NRT content with a control word (CW) to generate encrypted NRT content, providing the CW to entitlement control message (ECM) generators, receiving ECMs from the ECM generators, wherein each ECM comprises a unique encryption of the CW to provide conditional access to the CW, and providing the encrypted NRT content and the ECMs for transmission over a distribution network. An apparatus includes a synchronizer configured to provide a CW to ECM generators and receive ECMs from the ECM generators, wherein each ECM comprises a unique encryption of the CW to provide conditional access to the CW, and a management module configured to encrypt the NRT content with the CW to generate encrypted NRT content and provide the encrypted NRT content and the ECMs for transmission over the distribution network. | 08-20-2009 |
20090217035 | Bilaterally Generated Encryption Key System - Bilaterally Generated Encryption Key System is a variable password based computationally non intensive symmetric encryption key system dispensing with memorization and exchange of keys, capable of providing one encryption key for each object exchanged between two parties, two different encryption keys per transaction and a plurality of encryption keys for a session, integrating authentication and securing transactions preventing breaking attempts. The Password/Encryption Key is a random permutation of Character Units of Variable Character Set System of authentication devices {FIG. | 08-27-2009 |
20090217036 | DIGITAL RIGHTS MANAGEMENT - In a digital rights management (DRM) scheme a mobile terminal ( | 08-27-2009 |
20090217037 | Method and Devices for Secure Measurements of Time-Based Distance Between Two Devices - In order to provide a secure measurement of Round Trip Time (RTT), the calculation of RTT and the authentication data are separated. A device A sends a message to device B to start the method. Both devices generate a random number and device A waits for device B to finish. Device A sends its random number to B, which answers with its own random number, and device A calculates the RTT. If the RTT is below a certain limit, device A then requires authentication data, which is calculated by device B and sent to device A that verifies the authentication data. The RTT can thus be securely calculated regardless of the calculating resources of device B. Alternate embodiments, a system and devices are also provided. | 08-27-2009 |
20090217038 | Methods and Apparatus for Locating a Device Registration Server in a Wireless Network - Methods and apparatus for locating and accessing a data server in a wireless network are disclosed. The disclosed techniques may be used to allow a wireless device provided with temporary credentials to access a wireless network and obtain a network address for a data server for downloading subscription credentials. An exemplary wireless device comprises a processing unit configured to send an access authentication request to a wireless network, and to receive an authentication challenge value from the wireless network in response. The processing unit is further configured to generate a cryptographic response from the authentication challenge value and to send the cryptographic response to the wireless network, and to also derive a data server address from the authentication challenge value. Thus, the authentication challenge value serves two purposes—as a challenge key for use in a network access authentication procedure, and as a carrier for data server address information. | 08-27-2009 |
20090217039 | System, Method and Apparatus for Authenticating Calls - The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification. | 08-27-2009 |
20090217040 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER READABLE RECORDING MEDIUM - An information processing apparatus for collecting apparatus data from an apparatus connected through a network and sending the apparatus data to a server connected through the network includes a recording unit storing a secret key and a public key certificate which are encrypted by key data and commonly distributed; an obtaining unit for obtaining, from the information processing apparatus, individual identification data by which the information processing apparatus can be uniquely identified, sending a request to provide the predetermined key data through the network to the server by specifying the individual identification data, and receiving the key data encrypted by the individual identification data from the server; and a decoder for obtaining the individual identification data from the information processing apparatus, decoding the key data by using the individual identification data, and decoding the common public key certificate and the secret key by using the decoded key data. | 08-27-2009 |
20090217041 | PROVISIONAL SIGNATURE SCHEMES - A method and apparatus for implementing portions of a provisional signature scheme are disclosed. In one embodiment, the method comprises creating a provisional signature by performing an operation on a message and completing the provisional signature to create a final signature on the message. Such a scheme may be used for server assisted signature schemes, designated confirmer signature schemes and blind signature schemes. | 08-27-2009 |
20090217042 | PROVISIONAL SIGNATURE SCHEMES - A method and apparatus for implementing portions of a provisional signature scheme are disclosed. In one embodiment, the method comprises creating a provisional signature by performing an operation on a message and completing the provisional signature to create a final signature on the message. Such a scheme may be used for server assisted signature schemes, designated confirmer signature schemes and blind signature schemes. | 08-27-2009 |
20090222660 | Method and device for end-user verification of an electronic transaction - The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication. | 09-03-2009 |
20090222661 | Mechanism for securely ordered message exchange - In one embodiment, a mechanism for securely ordered message exchange is disclosed. In one embodiment, a method includes associating sequence numbers with each of a plurality of messages that are part of a transmission from a broadcaster to an intended recipient, and for each message of the plurality of messages, calculating a unique message authentication code (MAC) using as inputs the message, a shared secret key, and the associated sequence number. The method also includes sending to the intended recipient the plurality of messages each with the associated calculated MAC attached to the message. | 09-03-2009 |
20090235072 | SYSTEM, TERMINAL, METHOD, AND SOFTWARE FOR COMMUNICATING MESSAGES - A system for secure communication of a message from a first terminal to a second terminal being operatively coupled by means of a communication network comprising an authenticating station for obtaining a random seed and for obtaining a masked seed by applying a masking function to the seed by encrypting the message using the masked seed for transmitting the seed and the encrypted message to the authenticating station; the authenticating station comprising further means for obtaining a further random seed for receiving the seed and the encrypted message for recovering the further masked seed by applying the masking function to the seed by decrypting the encrypted message using the recovered masked seed and by applying a masking function to the further seed by encrypting the recovered message using the further masked seed for transmitting the further seed and the further encrypted message to the second terminal; the second terminal comprising receiving means for receiving the further seed and the further encrypted message for recovering the further masked seed by applying the masking function to the further seed by decrypting the further encrypted message using the recovered further masked seed. | 09-17-2009 |
20090240938 | Device, System and Method for Service Delivery with Anti-Emulation Mechanism - A method for service delivery to a client, in which the client selects a service, and establishes a connection with a system server to which it sends an identity associated with the client and an identifier of the service. The system server verifies that the client is authorised to access to the service and that the client is non-emulated. If this is verified, the service is provided to the client. In a preferred embodiment, the service is scrambled content and the system server provides a descrambling key to the client, and instructs a content server to provide the scrambled content to the client. Also claimed are a device, a system, and a system server. | 09-24-2009 |
20090240939 | SYSTEM AND METHOD FOR AUTHENTICATION IN WIRELESS NETWORKS BY MEANS OF ONE-TIME PASSWORDS - The present invention is directed to perform high-reliable authentication using a one-way function that a communication is a communication which was performed with the same apparatus to be authenticated by storing a password only in an apparatus to be authenticated (it is unnecessary to store a password in both of an authentication apparatus and an apparatus to be authenticated) without transmitting a challenge code. When a setting is updated in a setting management server, authentication is performed by using a one-time password obtained last time. A sound communication terminal performs a process using a hash function once on a one-time password transmitted this time, and performs authentication by determining whether the processed one-time password matches a one-time password obtained last time or not. Whether the information at the time of the change in the setting is proper or not is determined by a sound terminal. | 09-24-2009 |
20090240940 | POSITION BASED ENHANCED SECURITY OF WIRELESS COMMUNICATIONS - The convenience of a wireless network is tempered by the concern that a rogue device can listen in on the wireless communications. Determining the position of the home device and other devices within range allows the user of the home device to choose the specific wireless devices with which to communicate. The distance to the other devices within wireless communications range is helpful and allows the user to sort between safe and unsafe or rogue devices. Distance can be determined by a variety of methods including use of trusted references, signal strength, and error rate. Once the safe device is selected, the system will then establish a communications path with that device. | 09-24-2009 |
20090249068 | CONTENT PROTECTION INFORMATION USING FAMILY OF QUADRATIC MULTIVARIATE POLYNOMIAL MAPS - A computer based method and apparatus to tie content protection information to recipient devices via a family of deterministic permutations of quadratic multivariate polynomial maps used for computing an HMAC (Hash Message Authentication Code) or a signed digest. This allows digital rights management (DRM) systems to customize the protection information (such as an HMAC or signed digest) for audio and video content, whereby such protection information for a piece of content differs for different recipient devices or for types of recipient devices. | 10-01-2009 |
20090254746 | COMMUNICATION RELAY DEVICE, INFORMATION PROCESSING SYSTEM, CONTROL METHOD AND PROGRAM - A relay adapter, a method for processing communication data through use of a relay adapter, and a process for leasing the relay adapter to a user by a service provider. The relay adapter includes: an authentication information storage section that stores authentication information of the relay adapter; a power plug; a power socket; and a push switch within the power plug or power socket. The push switch may be depressed. The power plug is detected to be plugged into a power socket of the user. The power socket is connected to a control server by a power line carrying a power signal. Responsive to ascertaining that the push switch is not depressed, mutual authentication is enabled between the relay adapter and the control server. After the mutual authentication, communication data is relayed from an information processing device of the user to a service provider server via the control server. | 10-08-2009 |
20090254747 | METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR PROVIDING E-TOKEN BASED ACCESS CONTROL FOR VIRTUAL WORLD SPACES - A method for providing e-token based access control to virtual world (VW) spaces includes intercepting a request from a first VW member to invite a second VW member to a VW space within a VW network, the request intercepted outside of the VW network. The access controls also include using a secret code associated with the first member to generate an e-token that includes an identifier of the second member and the space. The access controls further include sending the e-token inside the network. In response to a request for access to the space, the access controls include sending the e-token outside of the network for verification. Upon successful verification of the e-token, the access controls include accessing the network and controlling a guard bot inside the network to grant access for the second member to the space. The guard bot adds the second member to an access control list. | 10-08-2009 |
20090254748 | ELECTRONIC MAIL GATEWAY APPARATUS - An e-mail gateway apparatus is configured to delete unnecessary e-mails that are on an e-mail server apparatus. When the S/MIME gateway apparatus fails to receive an e-mail from the e-mail server apparatus, a main control unit of the S/MIME gateway apparatus distributes to a client PC an error notification mail indicating the failure. When a deletion request signal requesting deletion of the reception-failed e-mail is received from the client PC, the main control unit of the S/MIME gateway apparatus requests the e-mail server apparatus to delete the e-mail. | 10-08-2009 |
20090259847 | Security protocols for hybrid peer-to-peer file sharing networks - In a hybrid peer-to-peer file sharing network including a receiver peer and a provider peer, the receiver sends the provider a ticket [ | 10-15-2009 |
20090259848 | OUT OF BAND SYSTEM AND METHOD FOR AUTHENTICATION - A method and system for out of band authentication for ensuring a user is in possession of a device. | 10-15-2009 |
20090265550 | Method and arrangement for transmitting data in a communication system that employs a multi-hop method - In a multi-hop network, packets are classified into header and user data for coded distribution. The header information, especially the multi-hop information, is separated in a coded manner from the user data, such that each network node need only decode the header in order to forward the packet. The header and the user data are guided, independently from each other, to the hardware of the respective device for separate coding, as if they were complete packets. A hardware accelerated coding of header and user data is possible using different keys. The header also contains integrity protection. | 10-22-2009 |
20090265551 | System and Methods for Access Control Based on a User Identity - System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list. | 10-22-2009 |
20090265552 | SYSTEMS AND METHODS FOR SECURE SHORT MESSAGING SERVICE AND MULTIMEDIA MESSAGING SERVICE - Systems and methods for managing (for example, creating, transmitting, delivering, encrypting, storing, and the like) secure SMS (short message service) and secure MMS (multimedia messaging service) communications are disclosed. | 10-22-2009 |
20090265553 | Multipoint Server for Providing Secure, Scaleable Connections Between a Plurality of Network Devices - A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established. | 10-22-2009 |
20090265554 | MEANS AND METHOD FOR SINGLE SIGN-ON ACCESS TO A SERVICE NETWORK THROUGH AN ACCESS NETWORK - The present invention provides means and method for Single Sign-On authentication of a user accessing a service network through an access network when the user has been already authenticated by a core network where the user holds a subscription. Therefore, a number of means are provided in different entities distributed between the core network and the service network, as well as in the user's equipment, for carrying out the proposed method. The Single Sign-On authentication takes place upon matching in the service network a shared key for the user submitted from the core network with another shared key for the user derived at the user's equipment. | 10-22-2009 |
20090265555 | METHODS AND APPARATUS FOR CREDENTIAL VALIDATION - A secure credential validation compares stored and received modified credentials, e.g., biometric credentials, such that the validating system does not have access to the unmodified credentials. A capture system and a credential validation system are operatively coupled to a network (e.g., the Internet). The credential validation system is configured to store a set of modified stored credentials associated with the principal, receive a set of modified received credentials, and perform a credential validation procedure to validate the modified received credentials, wherein the credential validation procedure performs a one-way consistency test to compare the modified stored credentials and the modified received credentials. The credential validation procedure employs one or more similarity measures, e.g., a weighted quorum of exact matches, a discrete N-ball (or “N-shell”) intersection, or a client-based algorithm with encryption. | 10-22-2009 |
20090271621 | SIMPLIFIED LOGIN FOR MOBILE DEVICES - Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials. | 10-29-2009 |
20090271622 | Securing Wireless Body Sensor Networks Using Physiological Values for Nonces - A key establishment protocol for securing wireless body sensor networks using environmental data for nonce values. To establish a secure communication between sensors in a sensor network using environmental data, the protocol measures a first environmental value at a first sensor and a trusted third party. A second environmental value is measured at a second sensor and the trusted third party. The trusted third party then sends to the second sensor a first authentication construct comprising the second environmental value, wherein the second environmental value is used by the second sensor to prevent replay attacks of messages between the trusted third party and second sensor. The trusted third party also sends to the first sensor a second authentication construct comprising the first environmental value, wherein the first environmental value is used by the first sensor to prevent replay attacks of messages between the trusted third party and first sensor. | 10-29-2009 |
20090271623 | Intersystem mobility security context handling between different radio access networks - A method and apparatus for intersystem mobility security context handling between different radio access networks which can include a receiver configured to receive a tracking area update message from a user terminal. The message can include a first key identifier configured to identify a mapped security context and a second key identifier configured to identify a cached security context. A verifier can be configured to verify the tracking area update message with a key identified by the first or second key identifier. | 10-29-2009 |
20090276625 | HIERARCHICAL BROWSING MANAGEMENT METHOD AND SYSTEM FOR DIGITAL CONTENT - A hierarchical browsing management method and system for a digital content are described, in which a client decrypts a part of an encrypted content corresponding to an user permission of the client according to a different decryption key. The hierarchical browsing management method includes the following steps. A document fetching unit fetches a digital content, and then loads and stores the digital content to a document server. A client sends a request for transferring the digital content to another client to the document server. A key server executes a content encryption procedure, assigns a corresponding user permission to each content object, and generates encrypted objects. The content encryption procedure is executed to generate encrypted objects and a corresponding encrypted content according to the corresponding user permission assigned to each content object. The client receives the encrypted content, executes a decryption procedure for the encrypted objects, and outputs a decrypted content. | 11-05-2009 |
20090276626 | PORTABLE SMART CARD READER HAVING SECURE WIRELESS COMMUNICATIONS CAPABILITY - A reader device includes a housing for receiving a smart card, a processor in electronic communication with an integrated circuit chip of the smart card when the smart card is received in the housing, a wireless communications device in electronic communication with the processor for enabling the reader device to transmit first encrypted information wirelessly and to receive second encrypted information wirelessly, and a memory in electronic communication with the processor that includes one or more routines executable by the processor. The one or more routines include a cryptographic module adapted to encrypt first information to create the first encrypted information and decrypt the second encrypted information to obtain second information. In addition, a communication system that includes the reader device and a computing device, wherein the reader device and computing device are able to wirelessly exchange information in a secure manner. | 11-05-2009 |
20090276627 | DIGITAL CONTENT DECRYPTING APPARATUS AND OPERATING METHOD THEREOF - A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device, wherein the source device is configured to perform an authenticating operation with the target device by using an identifier (ID) associated with at least one of the target device and a storage medium of the target device; performing an addition operation by using a target internal key and the ID, the target internal key being associated with the target device; generating a target encryption key based on an output of the addition operation; and decrypting the encrypted digital content by using the target encryption key. | 11-05-2009 |
20090276628 | DIGITAL CONTENT DECRYPTING APPARATUS AND OPERATING METHOD THEREOF - A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device, wherein the source device is configured to perform an authenticating operation with the target device by using an identifier (ID) associated with at least one of the target device and a storage medium of the target device; performing a first addition operation by using a first target internal key and the ID; generating a target encryption key based on an output of the first addition operation and a second target internal key by using a predetermined encryption algorithm; and decrypting the encrypted digital content using the target encryption key. | 11-05-2009 |
20090282244 | MEDICAL DEVICE RIGHTS AND RECALL MANAGEMENT SYSTEM - The embodiments provide systems and methods for medical device rights and recall management system. A digital IP rights and recall management device activates a central key server to authenticate software contents and services operated on a microprocessor based medical devices through a coding key that may be embedded in a medical device or in a service provider server or in an end user computer. The recall management server unlocks the software content transmitted from or to a value-added service provider and selectively recall the value-added software component without requiring any physical recall of the medical device. The system maintains a virtual device master record which enables quality control and recall capability for software elements independent of any physical hardware recall. | 11-12-2009 |
20090282245 | SECURITY METHOD AND SYSTEM FOR MEDIA PLAYBACK DEVICES - A Digital Rights Management (DRM) system for distribution of digital content such as audio or video uses a method to enhance security of the content from unauthorized access and use, including access by unauthorized players. The method does not necessarily require a token exchange and thereby minimizes storage demands on the server which distributes the digital content. The system generates and distributes keys for decryption of the digital content whereby the keys are unique to a specific player and user account. | 11-12-2009 |
20090282246 | Method and system for continuously transmitting encrypted data of a broadcast service to a mobile terminal - In service access networks having different key hierarchies that provide broadcast service to a mobile terminal, when switching from a first service access network, from which the mobile terminal receives the data of the broadcast service in an encrypted manner by a first data content encryption key, to a second service access network, from which the mobile terminal receives the data of the same broadcast service in an encrypted manner by a second data content encryption key, the mobile terminal receives a key of the hierarchy of the second service access network which is encrypted by a user-specific key of the first service access network. | 11-12-2009 |
20090282247 | METHOD, SYSTEM AND DEVICE FOR AUTHENTICATING A USER - Embodiments described herein relate to a method and device for authenticating a user of a computer and a corresponding system using the method and device. The device is a handheld electronic device configured to receive a first authentication code and to generate a secure identification token. If the received first authentication code and the generated token match, a second authentication code is transmitted to a computer to unlock the computer. | 11-12-2009 |
20090287926 | PROVING APPARATUS AND VERIFICATION APPARATUS APPLIED TO DENIABLE ZERO-KNOWLEDGE INTERACTIVE PROOF - The present invention enables deniable zero-knowledge interactive proof to be performed with low amounts of communications and calculations by utilizing a method of a special honest verifier zero-knowledge interactive proof when such method is given. The verification apparatus generates a commitment of a challenge value with respect to a predetermined relationship and transmits the commitment of the challenge value to the proving apparatus, which determines whether or not a required relationship using the commitment of the challenge value holds, and stops its operation if such relationship does not hold. The proving apparatus causes the proof commitment generation apparatus to generate a proof commitment and transmits the proof commitment to the verification apparatus, which transmits a challenge value and a random number to the proving apparatus. The ladder transmits a response to the verification apparatus which determines acceptance or non-acceptance of the proof through communications with the interactive proof verification apparatus. | 11-19-2009 |
20090287927 | SECURE AUTHENTICATED DISTANCE MEASUREMENT - The invention relates to a method for a first communication device to performing authenticated distance measurement between said first communication device and a second communication device, wherein the first and the second communication device share a common secret and said common secret is used for performing the distance measurement between said first and said second communication device. The invention also relates to a method of determining whether data stored on a first communication device are to be accessed by a second communication device. Moreover, the invention relates to a communication device for performing authenticated distance measurement to a second communication device. The invention also relates to an apparatus for playing back multimedia content comprising a communication device. | 11-19-2009 |
20090292918 | AUTHENTICATION SYSTEM AND AUTHENTICATION DEVICE - An authentication system is provided with a server device for generating a random number used for authentication and check data obtained by encrypting the random number using an encryption key, an authentication device for authenticating a device to be authenticated by transmitting the random number transmitted from the server device to the device to be authenticated and comparing reply data transmitted from the device to be authenticated with check data transmitted from the server device, and the device to be authenticated for encrypting the random number transmitted from the authentication device using the encryption key and transmitting the encrypted random number as reply data. | 11-26-2009 |
20090292919 | SECURE EXECUTION ENVIRONMENT ON EXTERNAL DEVICE - A device, such as a smartcard, may be externally-connected to a host platform and may be used to enhance or extend security services provided by the host platform's Trusted Platform Module (TPM). The device and the platform exchange keys in order to facilitate reliable identification of the platform by the device and vice versa, and to support cryptographic tunneling. A proxy component on the host device tunnels information between the platform and the device, and also provides the device with access to the TPM's services such as sealing and attestation. The device can provide secure services to the platform, and may condition provision of these services on conditions such as confirming the platform's identity through the exchanged keys, or platform state measurements reported by the TPM. | 11-26-2009 |
20090300352 | Secure session identifiers - An apparatus and a method for an authentication protocol. In one embodiment, a server generates a sequence number, and a server message authentication code based on a server secret key. The server sends the sequence number, an account identifier, and the server message authentication code to the client. The client generates a client message authentication code over the sequence number, a request specific data, and a shared secret key between the client and the server. The client sends a request to the server. The request includes the sequence number, the account identifier, the server message authentication code, the request specific data, and the client message authentication code. The server determines the validity of the client request with the shared secret key. | 12-03-2009 |
20090300353 | TRUSTED NETWORK INTERFACE - Systems and methods for combating and thwarting attacks by cybercriminals are provided. Network security appliances interposed between computer systems and public networks, such as the Internet, are configured to perform defensive and/or offensive actions against botnets and/or other cyber threats. According to some embodiments, network security appliances may be configured to perform coordinated defensive and/or offensive actions with other network security appliances. | 12-03-2009 |
20090300354 | METHOD AND APPARATUS FOR PREVENTING REPLAY ATTACK IN WIRELESS NETWORK ENVIRONMENT - A method for preventing a replay attack is provided. A prime number is mutually exchanged between a main node and children nodes. The main node generates a Prime Sequence Code Matrix (PSCM) corresponding to the prime number, notifies the children nodes of sequence orders corresponding to the children nodes. The main node selects an arbitrary value of a Prime Sequence Code-1 (PSC1) among a series of values corresponding to an arbitrary node in the PSCM. The arbitrary node computes a Prime Sequence Code-2 (PSC2) subsequent to receiving the PSC1 using a sequence order received from the main node and the prime number. The PSC2 is transmitted to the main node. The main node compares the received PSC2 with the PSCM. The method can be easily applied by supplementing a weakness for a replay attack on the basis of an IEEE 802.15-4-2006 standard and minimizing system load. | 12-03-2009 |
20090300355 | Information Sharing Method and Apparatus - Embodiments of the present invention relate to methods and apparatus for sharing information with third parties and providing mechanisms whereby those third parties may legitimately pass the personal information on to other, for example affiliated, third parties. In one example of information sharing, information is shared electronically between an information provider and an information requester, the information provider storing a body of information and associated sharing criteria provided by an originator, receiving a first information request from a first requestor and revealing the information and the sharing criteria to the first requestor if the first request is authorised by the originator, receiving a second information request from a second requestor and revealing the information to the second requestor if the second request contains an information identifier obtained from the first requester and the sharing criteria so permits, and storing evidence of information requests. | 12-03-2009 |
20090307488 | HEALTH KEYSET MANAGEMENT - Systems and methodologies that facilitate delegation of keyset management to a platform presenting a centralized health-related data repository are provided. Effectively, a central keyset manager is provided that generates, manages and distributes key material to client applications and servers deploying the platform. Thus, communications with the platform storing sensitive health-related data can be secured without incurring the costs associated with implementing and enforcing policies associated with key generation and expiration among a plurality of servers and client applications. Additionally, the innovation can scale keyset management to meet short term demand needs. | 12-10-2009 |
20090307489 | Mobile Communication Equipment and Method of Controlling Same - The present invention provides mobile communication equipment ( | 12-10-2009 |
20090307490 | ELECTRONIC DATA COMMUNICATION SYSTEM - There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message. In this way, although the trusted third party has access to the private key of the user, the trusted third party does not have access to any decrypted message. In another aspect, in order to digitally sign a message, the sender applies a hash function to the message to generate a hash value, and then sends the hash value to the trusted third party server where it is encrypted using the private key associated with the sender in order to generate the digital signature, which is then returned to the sender. | 12-10-2009 |
20090319788 | ENHANCED SHARED SECRET PROVISIONING PROTOCOL - An Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched at two network devices together within a predetermined time interval. These two devices then automatically register with each other. When two devices running ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. With ESSPP, two ESSPP devices that are attempting to register with each other will only provision a key when they detect that they are the only two ESSPP devices on the wireless network running ESSPP. If additional devices running ESSPP are detected, the ESSPP protocol is either terminated or suspended. | 12-24-2009 |
20090319789 | Encrypted portable medical history system - The invention consists of a system of integrated components comprised of at least one portable data storage device, a secure server based system to warehouse data within a database and an image of the computer readable media on the portable data storage device, and a user interface to the secure server. It is contemplated that access to the secure server can be accomplished through a browser via the internet, an intranet, or an extranet. It is further contemplated that a secure client/server arrangement could permit direct access to the database. A client/server arrangement could be of a thin-client or fat-client type architecture. Users would require only a minimal amount of interaction with the system for the purpose of editing information and uploading files, while health care providers would require greater access and reporting for the purpose of facilitating the delivery of appropriate care. | 12-24-2009 |
20090319790 | MASKED DIGITAL SIGNATURES - The present invention relates to digital signature operations using public key schemes in a secure communications system and in particular for use with processors having limited computing power such as ‘smart cards’. This invention describes a method for creating and authenticating a digital signature comprising the steps of selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system computing a recovered second signature component s′ by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature. Verifying these signature components as in a usual ElGamal or ECDSA type signature verification. | 12-24-2009 |
20090327713 | SYSTEM AND METHOD FOR ESTABLISHING BEARER-INDEPENDENT AND SECURE CONNECTIONS - A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established. | 12-31-2009 |
20090327714 | System and Method for End-to-End Electronic Mail-Encryption - The present disclosure provides a system and method for end-to-end electronic mail encryption. In one embodiment, the sender contacts a payload-encryption-packet creation server which receives the message the sender would like to encrypt, generates an encrypted message and a payload-encryption-packet, and returns both to the sender. The sender then uses his regular email infrastructure to transmit to the recipient the encrypted message and the payload-encryption-packet as a single email. Upon receiving the sender's email, the recipient contacts a payload-encryption-packet processing server and sends it the payload-encryption-packet and authorization information. Depending on the validity of the authorization information, said server processes the payload-encryption-packet and provides the recipient with information usable for extracting the original message from the encrypted message. | 12-31-2009 |
20090327715 | System and Method for Cryptographic Identification of Interchangeable Parts - An anti-counterfeiting identification system for a medical tubing system, including a tubing assembly having upstream and downstream tubing portions removably connected to one another in a mechanically coupled state and a mechanically uncoupled state. The mechanically coupled state is a reliable fluid tight connection of the upstream and downstream portions for fluids passing there through from the upstream portion to the downstream portion. A two-part encrypted identification assembly has a first part connected to the upstream portion and a second part connected to the downstream portion. The first and second parts are electrically connected only through one lead and ground and are electrically connected to one another only in the mechanically coupled state. Also provided are methods for identification, anti-piracy, and inventory. | 12-31-2009 |
20090327716 | Verifying a Cipher-Based Message Authentication Code - A system for verifying a cipher-based message authentication code (CMAC), including a reception (RX) module logically residing between a physical layer controller (PHY) and a media access controller (MAC) processor, such that the RX module is configured to receive one or more portions of the CMAC with one or more bursts, process the one or more bursts, and write the one or more portions of the CMAC to one or more memory locations in a memory. The system also includes a transmission (TX) module logically residing between the PHY and the MAC processor, such that the TX module configured to verify the CMAC concurrently as the RX module processes the one ore more bursts. | 12-31-2009 |
20090327717 | SYSTEM, METHOD, AND SERVICE FOR TRACING TRAITORS FROM CONTENT PROTECTION CIRCUMVENTION DEVICES - A traitor tracing system generates a hypothesized model of the circumvention device that models a hypothesized set of device keys compromised by the circumvention device. The system iteratively invokes a subset tracing system to identify a compromised device key until substantially all the compromised device keys in the set of compromised device keys are identified so as to disable the circumvention device. A subset tracing system generates a circumvention device model that models behavior of a circumvention device using prior knowledge and The system iteratively selects and applies to the circumvention device a test based on the hypothesized model and the circumvention device model and receives a response from the circumvention device indicating a success of the test in playing protected content on the circumvention device. The system updates the hypothesized model using the received response, the selected test, a current version of the hypothesized model, and a current version of the circumvention device model to focus the test selecting process in determining the device keys obtained from the traitor. | 12-31-2009 |
20090327718 | Content data mangement system and method - Embodiments of the present invention allow encrypted data to restrict unlimited output of content data recorded in an area where reading can be performed by standard commands. According to one embodiment, a data storage area of a storage device is provided with an accessible area which can be accessed from the outside of an interface by specifying an address, and a hidden access area which can be accessed from the outside only in a specified case where an authentication condition is satisfied. In the hidden area, a table is recorded in which one entry includes an entry number and a field of a content identifier. An expansion area is provided in each sector of the accessible area, and data output control information and an entry number are recorded. The data output control information indicates information of one of (1) output is allowed only when there is information capable of decrypting the data, and (2) output is allowed without limitation. In the case where data recorded in the accessible area is read by a standard read command, output of content data recorded in the storage device is controlled based on the data output control information recorded in the expansion area. | 12-31-2009 |
20090327719 | COMMUNICATION AUTHENTICATION - Systems and methods that establish trust between a receiver (e.g., a user) and a sender of a message by authenticating such sender through demonstration of knowledge for a shared secret—yet without revealing such secret. A messaging component can convey messages as directed by the shared secret to communication systems that are under control of the user. Accordingly, the user can readily determine that the sender of the message is what such sender claims to be, since the sender has demonstrated a knowledge of the shared secret by sending the message to the communication system as determined by the user. Moreover, by not actually revealing the shared secret during communication, robustness of the secret is typically ensured. | 12-31-2009 |
20090327720 | Secure access to encrypted information - A method of using a mini filter driver to secure access to encrypted information stored on a removable storage device. The method comprises receiving a request to read information from the removable storage device. The mini filter driver ascertains if the request originated from an authorized client. The mini filter driver receives encrypted information read from the removable storage device, and decrypts the encrypted information in the event that the request originated from an authorized client. The decrypted information can then be conveyed to the authorized client. If the client is not authorized, then the mini filter driver does not decrypt the information. | 12-31-2009 |
20090327721 | Method and Apparatuses for Securing Communications Between a User Terminal and a SIP Proxy Using IPSEC Security Association - A method and user terminal for securing communications between the user terminal and a SIP proxy. The user terminal performs a full authentication procedure with a first SIP proxy to generate an IPSec Security Association, wherein signaling is exchanged between the user terminal and a home network. In response to a change of location of the user terminal or to a handover of the user terminal to a second SIP proxy, a local re-authentication of the user terminal is performed at the first SIP proxy, or at the second SIP proxy in the case of a handover, based upon the pre-existing Security Association in order to establish a new Security Association. | 12-31-2009 |
20090327722 | Transient Protection Key Derivation in a Computing Device - A computing device is arranged to use any possible permutation of methods available to it to authenticate a user, without needing to persistently store any unencrypted data that can be used in authentication, such data only ever being held in transient memory. A user of the device is provided with their own unique common protection key (CPK) which can be used to guard or encrypt sensitive data and functionality. Each authentication method is guaranteed to return a unique consistent identification sequence (CIS) each time it is employed by any specific user. When a user registers on the device, the CIS from each authentication method is used to generate a key which in turn is used to encrypt the CPK; this E(CPK) is then stored in a table indexed by user and authentication method. Neither the CPK nor any CIS are ever kept on the device except in transient memory. When authentication is sought, the CIS for each requested method is obtained and is used to regenerate the key that can be used to decrypt the E(CPK). All the CPKs thus decrypted must match for authentication to be granted. | 12-31-2009 |
20090327723 | SECURE TRANSFER OF DIGITAL OBJECTS - Transferring a digital object, comprising: receiving a digital object; validating the received digital object according to predefined rules; building a description of the validated digital object; providing access to the description to select the validated, described digital object for transfer; and transferring the validated, described digital object. | 12-31-2009 |
20100005294 | Security in Wireless Environments Using Out-Of-Band Channel Communication - A methodology of using an (preferably uni-directional) out-of-band channel for secure information transmission between two devices capable for LPRF communication is provided. Information, which is intended for secure transmission from one of the devices to the other device, is encoded into a time dependent visual sequence. The visual sequence may comprise one or more visual signals, in particular lighted-up and dark states. The visual sequence is emitted in a time-dependent visual signal by a light emitter of the one device and the emitted signal is detected by a light sensor of the other device on the basis of the detected signal. The time-dependent signal especially timely varies in the light intensity. The light sensor generates a (time-dependent) sequence of detection signals. These detection signals are decoded to reconstruct the information intended for secure transmission. The out-of-band channel transmission of the information being separate from the LPRF communication enables to transmit a shared secret. The shared secret is required for secure authentication of the devices during initialization of the LPRF communication. | 01-07-2010 |
20100005295 | SYSTEM AND METHOD FOR PROVIDING UNIQUE ENCRYPTION KEY - A system and method for providing a unique encryption key including a receiver, at a Voice over Internet Protocol (VoIP) adapter, configured to receive a configuration file, a processor, at the VoIP adapter, configured to decrypt the configuration file using a default key stored in the VoIP adapter, update one or more profile parameters of the configuration file, and install an encryption key at the VoIP adapter using the configuration file, and a transmitter, at the VoIP adapter, configured to register, with a network element, for network service using the updated configuration file such that the receiver is configured to receive network service from the network element when the updated configuration file is authenticated by the network element. | 01-07-2010 |
20100005296 | Systems and Methods for Controlling Access to Encrypted Data Stored on a Mobile Device - Encrypted data on mobile devices is protected by remotely storing a decryption key. In order to decrypt the encrypted data on the mobile device, the mobile device obtains the decryption key from an access control system that is remote from the mobile device. The access control system can control access to the encrypted data by controlling access to the decryption key. For example, the access control system can implement user authentication as a condition for providing the decryption key. Access to the encrypted data can also be controlled by withholding the decryption key where, for instance, a mobile device has been reported to be lost or stolen, or once an individual's access privilege has been revoked, or at certain times of the day. | 01-07-2010 |
20100011211 | Radio Frequency Identification (RFID) Based Authentication System and Methodology - Disclosed are embodiments of a radio frequency identification (RFID) authentication system and an associated authentication methodology. The embodiments incorporate an identification device (e.g., an identification badge, a key fob, etc.) with an embedded RFID tag. The embedded RFID tag is associated with a specific user and stores a private key generated as part of a public key-private key encryption scheme. The private key is read by an RFID reader and used to decode public key encrypted data stored within or accessible by a computer system (e.g., a desktop computer system, a laptop computer system, a personal digital assistant (PDA), a digital fax machine, wireless telephone, etc.). Thus, the embodiments provide a portable way to use public key-private key encryption scheme data anywhere using RFID technology. | 01-14-2010 |
20100017601 | Method and Server for Providing a Mobility Key - A method and authentication server provide a mobile key. According to the method, upon receipt of an authentication message (access authentication) that is transmitted when a subscriber logs on to the network, the authentication server extracts a subscriber identification contained in said message and generates a corresponding mobile key, which is stored together with the respective extracted subscriber identification. Upon subsequent receipt of a key request message (key request) that is transmitted when a subscriber registers, the authentication server extracts a mobile identification of the subscriber contained in said message and searches for an identical mobile identification, which can be derived in accordance with a configurable derivation function from a subscriber identification that is stored in the authentication server. Once a derived mobile identification that is identical or can be uniquely assigned to the extracted mobile identification has been found, the authentication server provides the stored corresponding mobile key that has been generated, to cryptographically protect the mobile signaling messages of the registered subscriber. | 01-21-2010 |
20100017602 | Ad-Hoc Trust Establishment Using Visual Verification - Methods for ad-hoc trust establishment using visual verification are described. In a first embodiment, a visual representation of a shared data is generated on two or more devices and the visual representations generated can be visually compared by a user. This method can be used to verify that the correct devices are involved in a negotiation, when pre-existing trust relationships do not exist between the devices. The visual representation may, for example, comprise a picture with a number of different elements, each representing a part of the shared data. In another embodiment, a method of secure key exchange is described in which, before sharing the keys, the parties exchange information which encapsulates the key. This information can be used subsequently to check that a party has not changed the key that they are using and prevents a man in the middle attack. | 01-21-2010 |
20100017603 | Extensible Authentication Protocol Authentication and Key Agreement (EAP-AKA) Optimization - Systems and methods are described for improved authentication of subscribers wishing to connect to a wireless network using the EAP-AKA protocol. Embodiments exploit the requirement that the client store and transmit the Pseudonym and Fast Re-authentication Identities upon request. By using the Fast Re-authentication Identity to store session state key information, the need for the AAA server to store and replicate the EAP-AKA key information for every session is eliminated. | 01-21-2010 |
20100017604 | METHOD, SYSTEM AND DEVICE FOR SYNCHRONIZING BETWEEN SERVER AND MOBILE DEVICE - An arrangement and corresponding method for authentication synchronizing cryptographic key information between a server and a client device, via data signals, where the client device at least comprises one client. The server is at least configured to generate and send to the client device a current encryption key and a next encryption key. The client device is at least configured to encrypt information on the client device using the next encryption key and the client device is at least configured to return a correct One Time Password using the current encryption key. As a consequence of the received correct One Time Password the server then knows that the client has received the current encryption key, used it and stored the information with the next encryption key. | 01-21-2010 |
20100017605 | METHOD OF DETECTING AN ABNORMAL USE OF A SECURITY PROCESSOR - The invention relates to a method of detecting an abnormal use of a security processor invoked by at least one receiving terminal in order to control access to a scrambled digital content supplied by at least one operator to said receiving terminal. | 01-21-2010 |
20100017606 | Interoperable systems and methods for peer-to-peer service orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PAs. | 01-21-2010 |
20100017607 | METHODS AND SYSTEMS TO RESOLVE MESSAGE GROUP - A method and system for resolving addresses of a message including looking up, from a source directory, a group name associated with a message address of the message, looking up through a cache of user names mapped to user addresses, a user address for each of the looked up user names and returning an associated user address, and addressing the message to each looked up user addresses. Expanding group address by looking up user name in for group from source directory, looking up user address for each user name from user cache, addressing message to looked up user, address, and transmitting message to looked up user address. | 01-21-2010 |
20100017608 | Distributed Network Management Hierarchy in a Multi-Station Communication Network - The invention relates to a network and to a method of operating a network. The network comprises a plurality of stations each able to transmit and receive data so that the network can transmit data between stations via at least one selected intermediate station. The network further comprises a plurality of levels of stations including a first level comprising user and/or seed stations, a second level comprising auxiliary stations providing access to auxiliary networks, a third level comprising at least one location management station, and a fourth level comprising at least one authentication station. The method comprises transmitting, from or on behalf of a station on the first level requiring authentication, to an authentication station via one or more stations, an authentication request message. In response, the authentication station transmits authentication data via one or more stations to the station on the first level to authenticate the station on the first level. The authentication station maintains a record of each authenticated station on the first level. A location management station monitors the location of each authenticated station on the first level with respect to its connectivity, whether directly or indirectly, with one or more stations on the second level. Where a station on the first level attempts to communicate with another station on any level and is assisted by a station on another level, the assisting station transmits connectivity data directly, or indirectly via other stations, to the station on the first level and/or to an intermediate station. | 01-21-2010 |
20100017609 | METHOD AND DEVICE FOR CONTROLLING AND MANAGING COMPRESSED AND FREELY DOWNLOADED MULTIMEDIA FILES - The present invention relates to a method for controlling the distribution and use of digital multimedia files composed of binary data blocks according to an original format, and separated into at least two parts, characterised in that it includes a step of transmission, from a server of utilisation conditions, of the preferred parameters for the reconstruction of the whole or a part of said original file on a terminal. | 01-21-2010 |
20100017610 | Authentication system - An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one. | 01-21-2010 |
20100017611 | Authentication system - An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one. | 01-21-2010 |
20100023762 | HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT - Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch processor that is used to validate authentication and authorization data that is valid only for an epoch. The epoch processor can maintain a public key that can be used to decrypt the authentication and authorization data during the epoch that the key is valid. The epoch processor can receive a new public key during each epoch. The epoch processor can also determine if the authentication or authorization data was fraudulently generated based on the contents of the data, and verifying whether the data is valid for the epoch in which it was decrypted. | 01-28-2010 |
20100023763 | MULTI-INTERFACE MOBILITY CLIENT - A mobile node comprises: a plurality of network interfaces, each with a respective device driver; a network layer; a multi-interface driver capable of communication with each network interface by way of the respective device driver for that network interface, the multi-interface driver handling communications from the network layer to any of the network interfaces; the multi-interface driver switching from a first one of the network interfaces to a second one of the network interfaces by changing the one of the plurality of network interfaces with which the multi-interface driver communicates, while hiding the switching from the network layer. | 01-28-2010 |
20100023764 | SYSTEM AND METHOD FOR AUTHENTICATING COMPONENTS IN WIRELESS HOME ENTERTAINMENT SYSTEM - Configuration information is exchanged between a home entertainment system server and various wireless components by pushing a button on the server and a random button on a remote control device as it is pointed at the devices sought to be authenticated. | 01-28-2010 |
20100023765 | METHOD FOR UPDATING A ROUTING ENTRY - The present invention concerns method for updating a routing entry BC for a communication partner node CN communicating with a communication originating node MN via a network containing at least one routing node HA, the method comprising the steps of: requesting 1. a routing entry update from said communication originating node MN to said communication partner node CN, wherein said update request contains at least an identification BUIN of the request, submitting 2. request verification information, associated to said identification BUIN of the update request, from said communication originating node MN to said at least one routing node, requesting 4. verification of said routing entry update by said communication partner node CN to said routing node HA using said identification BUIN of the update request, retrieving 5. said request verification information from said routing node based on said identification BUIN of the update request. | 01-28-2010 |
20100031036 | SECURE WIRELESS COMMUNICATIONS SYSTEM AND RELATED METHOD - A wireless communications system may include wireless communications devices with each including a wireless transceiver and a processor coupled thereto for transmitting and receiving communications and using a challenge-response authentication protocol. The wireless communications devices may also include a master wireless communications device and a slave wireless communications device. The master wireless communications device may transmit a polling message including an unencrypted portion and an initial encrypted challenge portion. The slave wireless communications device may transmit a polling reply message including an unencrypted portion and an initial encrypted response portion based upon receiving the polling message from the master wireless communications device. | 02-04-2010 |
20100031037 | SYSTEM AND METHOD FOR EXPORTING INDIVIDUAL DOCUMENT PROCESSING DEVICE TRUST RELATIONSHIPS - The subject application is directed to a system and method for exporting individual document processing device trust relationships. User data tokens are first stored in memory associated with a primary document processing device, with each token corresponding to access settings of a document processing device configured for the user associated with the token. Each of the tokens also includes user identification data, user role data, and user permission data. Selection data of one or more user data tokens is then received. An encrypted user data token is then generated, and device selection data corresponding to the identity of a second document processing device is received. Each of the encrypted user data tokens is then output to the second document processing device based upon the received device selection data. | 02-04-2010 |
20100031038 | METHOD TO ALLOW SECURE COMMUNICATIONS AMONG COMMUNICATION UNITS - A first communication unit receives an encrypted transmission from a second communication unit. The encrypted transmission was encrypted by the second communication unit using a first encryption key. The first communication unit compares the first encryption key to an encryption key associated with the first communication unit. If the first encryption key matches the encryption key associated with the first communication unit, the first communication unit processes the encrypted transmission further. If the first encryption key does not match the encryption key associated with the first communication unit, the first communication unit compares the first encryption key to an encryption key associated with the second communication unit. If the first encryption key matches the encryption key associated with the second communication unit, the first communication unit processes the encrypted transmission further; otherwise, the first communication unit does not process the encrypted transmission further. | 02-04-2010 |
20100031039 | METHOD AND APPARATUS FOR DATA PROTECTION SYSTEM USING GEOMETRY OF FRACTALS OR OTHER CHAOTIC SYSTEMS - In computer based data security systems which involve entity authenticating or document time stamping or other cases where data is to be derived from a previous state, the necessary linking values are calculated using recursive chaos based equations such as the type used in fractal theory (the Mandelbrot set) or the Lorentz attractor or other similar approaches. In each case a value in each step is calculated using these equations so that each authentication or timestamp or other data derivation is linked to the previous one in a chaotic way. This makes it impossible to calculate any one value in the link series without having the previous value, due to the chaos aspect thereby enhancing security. | 02-04-2010 |
20100031040 | Information Communication System - An information communication system comprises: a one-way channel ( | 02-04-2010 |
20100031041 | Method and system for securing internet communication from hacking attacks - The present invention is directed to a method of authenticating internet communication using at least one reference URL along with associated, approved digital certificates. The method includes the use of a URL verification module for verifying communication from a source URL. Communications from the source URL are intercepted and comparison made with approved digital certificates to determine if communication is authorized. | 02-04-2010 |
20100037052 | Network Binding - In a communication network comprised of a central management entity and plurality of terminals, methods and systems for remotely binding terminals to the network and for unbinding already bind terminals when necessary. Once bind to a network, a terminal may not operate in another network, unless the two networks share a secret. | 02-11-2010 |
20100042833 | DATA ANONYMITY SYSTEM - A method and system for providing data anonymously is provided. The method involves receiving an encrypted operator match ID by a client device from a first entity, where the encrypted operator match ID is encrypted using a first encryption key; decrypting the encrypted operator match ID using a first decryption key, associated with the first encryption key, by the client device to obtain a decrypted operator match ID; encrypting the decrypted operator match ID using a second encryption key by the client device to obtain a re-encrypted operator match ID; and sending the client device usage information with the re-encrypted operator match ID by the client device to a second entity through an anonymous channel, where the second entity decrypts the re-encrypted operator match ID using a second decryption key, associated with the second encryption key, to obtain the operator match ID. | 02-18-2010 |
20100042834 | SYSTEMS AND METHODS FOR PROVISIONING NETWORK DEVICES - A method performed by a network device may include generating and storing a first public key and a first private key in a first device, transmitting a serial number and the first public key from the first device to a second device, generating, by the second device, a second public key and a second private key, transmitting the second public key from the second device to the first device and transmitting the serial number, the first public key, the second public key and the second private key to a third device, establishing and authenticating a connection between the first device and the third device using the first public key and the second public key and transmitting encrypted configuration information with the two key pairs from the third device to the first device. | 02-18-2010 |
20100042835 | SYSTEM AND METHOD FOR PERMISSION CONFIRMATION BY TRANSMITTING A SECURE REQUEST THROUGH A CENTRAL SERVER TO A MOBILE BIOMETRIC DEVICE - A system for permission confirmation incorporates a terminal device for transmitting an authorization request on a network. The terminal device includes capability for encryption of the request and for decryption of a response. A request arbitrating server (RAS) is connected to the network for receiving the authorization request from the terminal device. The RAS incorporates capability for decryption of the request from the terminal display and determines an authorizing party responsive to the request. The RAS then has capability for encryption of a request to an authorizing party for transmission on the network, and, for decryption of a response and biometric data from the authorizing party. The RAS has capability to confirm biometric data received and encrypt a response to the terminal device. A user biometric device (UBD) is connected to the network having capability for receiving an authorization request from the RAS and decrypting the request. A display for the decrypted request and a sensor for entry of biometric data along with an input device for entry of a response to the request is incorporated in the UBD. The UBD provides capability for encrypting the biometric data and response and transmission of the encrypted biometric data and response to the network for receipt by the RAS. | 02-18-2010 |
20100042836 | METHOD FOR SECURELY TRANSMITTING DEVICE MANAGEMENT MESSAGE VIA BROADCAST CHANNEL AND SERVER AND TERMINAL THEREOF - A secure transmission of a device management message via a broadcast (BCAST) channel, by which a BCAST server can securely transmit a device management message including an authentication value to a plurality of terminals via a one way BCAST channel, and accordingly the terminals is not required to use a separate channel for authenticating the device management message received from the BCAST server. | 02-18-2010 |
20100042837 | METHOD AND DEVICE FOR SERVICE TRACKING - A service tracking method includes that after receiving a service tracking identification and a service request message, recording interaction information of the service if a tracking judging unit judges that the service identified by the service tracking identification corresponds to the service requested by the service request message; and uploading service tracking information to an upload address contained in the service tracking identification, the service tracking information containing the interaction information. A network device, Operation and Maintenance (O&M) controller, and service requesting device provided in embodiments of the present invention may achieve or assist in achieving the service tracking method provided in embodiments of the present invention. With the present invention, information including but not limited to the service tracking information may be uploaded to the O&M controller, thereby improving the flexibility in service tracking, enabling the service tracking information to be managed in a distributed manner and facilitating trouble location and detection. | 02-18-2010 |
20100049975 | Method and apparatus for secure online transactions - Phishing attacks succeed by exploiting a user's inability to distinguish legitimate websites from spoofed websites. Most prior work focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process enhances security and eliminates many forms of fraud. We disclose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware. | 02-25-2010 |
20100049976 | ADAPTIVE DATA VERIFICATION FOR RESOURCE-CONSTRAINED SYSTEMS - A system and method for adaptively verifying data in resource constrain systems. The adaptive data verification mechanism employs the proper mode of verification adaptively to balance cost/performance requirements plus security requirements. The algorithm uses a belief level for the validity of a received message, and assigns the belief level to a scale between a bona fide message at one end of the scale and a malicious message at an opposite end of the scale. Depending where on the scale the belief level falls determines which validation mode will be used to authenticate the message. In an alternate embodiment, the belief level relative to a scale and the amount of data waiting to be processed in a buffer are both used to determine which mode will be used to validate the message. | 02-25-2010 |
20100058056 | Display system with security enhancement function - An exemplary display system includes a flat panel display and a host connectable to the flat panel display. The flat panel display includes a first storage unit including a first security code stored therein, a register, and a micro processing unit. The host includes a second storage unit including a second security code stored therein, and a central processing unit. The central processing unit is configured for converting the second security code to a digital signal and sending the digital signal to the register. The micro processing unit is configured to read and compare the first security code with the digital signal in the register, and output a control signal according to a result of said comparison. | 03-04-2010 |
20100058057 | REMOTE COMPUTER MANAGEMENT WHEN A PROXY SERVER IS PRESENT AT THE SITE OF A MANAGED COMPUTER - The invention facilitates remote management of a computer via a network. Remote computer management in which communication between a managed computer and a remote computer management server is initiated by the managed computer is implemented so that the presence of a proxy server at the site at which the managed computer is located can be detected, and communication from the managed computer to the remote computer management server is routed to a communication port assigned for communication with the proxy server, with instructions to then send the communication to the remote computer management server. | 03-04-2010 |
20100064136 | METHOD AND SYSTEM FOR ELECTRONIC VEHICLE DOCUMENT DISPLAY - A method and system for automatically displaying electronic documents on a vehicle display screen, is provided. One implementation involves transferring an encrypted digital certificate to a control module in a vehicle, the vehicle including a display screen embedded in a window area of the vehicle, wherein the control module is configured for connection to the display screen; storing the digital certificate in a memory unit of the control module; automatically displaying information on the display screen by: retrieving the digital certificate from the memory unit of the control module; and upon validating the digital certificate in the control module, displaying said information associated with the digital certificate on the display screen. | 03-11-2010 |
20100064137 | Inspection and rewriting of cryptographically protected data from group VPNs - Systems, methods, and other embodiments associated with processing secure network traffic are described. One example method includes determining whether a device is a preconfigured member of a group key system. If the device is not a preconfigured member then the method selectively establishes membership in the group key system by requesting membership from a group controller. The example method may also include receiving a set of keys from the group controller and being assigned a role by the group controller. The method may further include processing secure network traffic as an inspection point, a rewriting point, and/or a validation point based on the received set of keys and the assigned role(s). | 03-11-2010 |
20100064138 | APPARATUS AND METHOD FOR PROVIDING SECURITY SERVICE OF USER INTERFACE - An apparatus and method for providing a security service for UI applications in a network system. In a network supporting a user interface, encryption-unneeded data is distinguished from data in which security identifier is specified, that indicates a need for security between a server and a communication device, and the distinguished data is transmitted over a security channel and a general channel separately. | 03-11-2010 |
20100070764 | TRANSFER DATA MANAGEMENT SYSTEM FOR INTERNET BACKUP - Erroneous deletion of data due to a collision of digest information during data de-duplication using digest information is prevented. When backup data is stored on a backup server | 03-18-2010 |
20100070765 | SECURE AND RECOVERABLE DATABASE FOR ON-LINE VALUE-BEARING ITEM SYSTEM - An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a secure database is disclosed. The secure database includes account balances and other information for all of the on-line value-bearing item system customers and is capable of preventing access by unauthorized users. Also, a secure communication network is in operation to prevent unauthorized access to the users' data stored in the database. | 03-18-2010 |
20100070766 | Authentication Method, Client, Server And System - An authentication method, which includes: a server sends a challenge to a client; the client obtains a first key performs a transformation on the first key utilizing a local hash function to obtain a third key, encrypts the first key and the challenge utilizing the third key to obtain a ciphertext, and sends the ciphertext to the server; the server decrypts the ciphertext utilizing a second key stored locally, obtains a decrypted first key and a decrypted challenge if the second key is the same as the third key, performs a transformation on the decrypted first key utilizing a local hash function to obtain a fourth key, the client passes the authentication if the decrypted challenge and the fourth key are respectively the same as the challenge sent by the server and the second key stored locally by the server. | 03-18-2010 |
20100077209 | GENERATING HARD INSTANCES OF CAPTCHAS - Methods and systems are described for enhancing the difficulty of captchas and enlarging a core of available captchas that are hard for an automated or robotic user to crack. | 03-25-2010 |
20100077210 | CAPTCHA IMAGE GENERATION - Methods and systems are described for generating captchas and enlarging a core of available captchas that are hard for an automated or robotic user to crack. | 03-25-2010 |
20100077211 | BIT-ERROR RATE TESTER WITH PATTERN GENERATION - Identical random, or pseudorandom, test patterns in a peripheral device (“receiver”) to be tested, and in a transmitter that sends the test pattern to the receiver, are generated by using pattern generation circuitry in both the transmitter and the receiver that operates identically based on a pattern input value, or seed. The same seed is input to both the transmitter and the receiver. The pattern generation circuitry can be a linear-feedback shift register (“LFSR”), which generates pseudorandom numbers, and identical LFSRs in both the transmitter and the receiver are provided with the same seed. The LFSR may be reseeded periodically. The new seed can be an output of the LFSR itself, or a second LFSR is provided whose output is used to determine the new seed for the first LFSR. Alternatively, cryptographic modules are used in the transmitter and the receiver to generate the test pattern based on identical keys. | 03-25-2010 |
20100077212 | On-Demand Protection And Authorization Of Playback Of Media Assets - On-demand protection and authorization of playback of media assets includes receiving digital media at a server computer, storing intermediary data in a data store, and receiving a request from a client for the digital media. The method also includes generating a protected copy of the digital media from the digital media and the intermediary data. The method also includes storing a description of the protected copy in a database and sending the protected copy to the client. The method also includes receiving a request from the client to access the digital media and reading the description from the database based on information in the request. The method also includes sending a response to the client, the response indicating whether the client is authorized to access the digital media, and the response including cryptographic data to decrypt the protected digital media if the client is authorized to access the digital media. | 03-25-2010 |
20100082978 | Wireless Communication Device, Method for Wireless Connection, and Computer Usable Medium Therefor - A wireless communication device to be wirelessly connected to a wireless network is provided. The wireless communication device includes an encryption examiner to examine as to whether communication in the wireless network is encrypted, a password obtainer to obtain a password designated by a user for connecting the wireless communication device to the wireless network if the encryption examiner determines that the communication in the wireless network is encrypted, and a wireless connector to connect the wireless communication device to the wireless network with the use of the obtained password. The wireless connector sequentially selects one set from a plurality of sets, and sequentially attempts to connect the wireless communication device to the wireless network with the use of the sequentially selected one set. Each set of the plurality of sets has an authorization method and an encryption method. | 04-01-2010 |
20100082979 | METHOD FOR THE PROVISION OF A NETWORK SERVICE - Methods and systems provide for sharing information between computer networks in which the information to be shared is required at one location (e.g. for the provision of a data-processing service) but is only available at a separate location. The information may be deliberately absent (e.g. for privacy reasons) or may be unavailable as an artifact of the computer network(s) involved. For the provision of a data-processing service, where several different devices on one network may service contiguous requests from a client device on another network according to a load-balancing strategy, data is propagated once only through the service network. Network communication software is subsequently amended to provide the minimal information necessary for a device on the service network to retrieve the information pertinent to the client device and necessary for its service. Therefore, a web-based single sign-on scheme can operate over HTTP to authorize data-processing services, such as web-filtering services. | 04-01-2010 |
20100082980 | METHOD TO CONNECT WIRELESS COMMUNICATION DEVICE, WIRELESS COMMUNICATION DEVICE, AND COMPUTER USABLE MEDIUM THEREFOR - A method to connect a wireless communication device to an intended wireless network is provided. The method includes a first step, in which options of authorization methods are presented to be selectable to a user, a second step, in which a first authorization method is automatically selected if an option of a third authorization item is selected, a third step, in which options of encryption methods corresponding to the selected first authorization method are presented to be selectable to the user, a fourth step, in which a first encryption method is automatically selected if a third encryption item is selected, and a fifth step, in which establishment of the connection is attempted by use of the selected first authorization method and the selected first encryption method. | 04-01-2010 |
20100082981 | ELECTRONIC BUSINESS POSTAL SYSTEM - An electronic business postal system collects, clears and delivers electronic business mail through a closed access, secure messaging system. A collection subsystem consists of access portals that are associated with secured system nodes. The access portals provide authenticated users access to the system to send and retrieve electronic business mail that includes postal system electronic delivery addresses, physical delivery addresses, or both. Secured message servers that are associated with the respective access portals process the electronic business mail into uniquely identified messages for delivery over the system nodes and also process received messages to provide the corresponding electronic business mail to the intended recipients through associated access portals. A delivery subsystem directs the messages through the system nodes associated with the senders' access portals to the system nodes associated with the recipients' access portals. A clearance subsystem confirms the integrity of both the messages and their delivery and ensures that each message is delivered once and intact. | 04-01-2010 |
20100082982 | Service control system and service control method - In a safety determining system, an information processing apparatus performs authentication of biometrical information and gathers corresponding environment information (apparatus information, software, peripheral devices, location information). Then, the information processing apparatus sends the gathered environment information and service information of a target service to a central server. Based on the environment information, the service information, and information stored in an environment information DB, the central server determines whether it is safe to provide a service to the information processing apparatus. Based on that determination result, a service terminal provides a service to the information processing apparatus. | 04-01-2010 |
20100088512 | Method and Apparatus for Automatically Publishing Content Based Identifiers - A method and apparatus for automatically publishing content based identifiers are described. In one embodiment, the method comprises accessing an electronic communication to obtain a content based identifier (CBI) contained in the electronic communication. In one embodiment, the method may also comprise using the CBI to validate integrity of a hash chained log. | 04-08-2010 |
20100088513 | NETWORK SECURITY METHOD - This invention provides a method for allowing the recipient of a message | 04-08-2010 |
20100088514 | Method and device for authorising access to data - The present invention is related to a device for authorising access to data content protected by a control signal (CW) and delivered to a terminal over a network comprising an access network. The device is arranged for receiving a version of the control signal and further comprises processing means for processing the received version of the control signal and arranged for sending to the terminal an output signal derived from that processed version of the control signal. Said output signal enables the terminal to get access to the delivered data content protected by the control signal. The device is characterised in that it is operable in the access network. | 04-08-2010 |
20100088515 | SCRAMBLE KEY MANAGEMENT UNIT, SCRAMBLE KEY MANAGEMENT INFORMATION TRANSMITTING UNIT, METHOD FOR SCRAMBLE KEY OUTPUT MANAGEMENT, SCRAMBLE KEY MANAGEMENT PROGRAM, LICENSE INFORMATION MANAGEMENT UNIT, LICENSE MANAGEMENT INFORMATION TRANSMITTING UNIT, METHOD FOR LICENSE INFORMATION OUTPUT MANAGEMENT, AND LICENSE INFORMATION MANAGEMENT PROGRAM - A low cost scramble key management apparatus which enables to manage a scramble key based on individual contract information and to ensure security in narrow band broadcasting. The scramble key management apparatus | 04-08-2010 |
20100088516 | Systems and Methods For Providing Security to Different Functions - Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function. | 04-08-2010 |
20100095116 | Method and System for Secure Collaboration Using Slepian-Wolf Codes - A method and system provide for secure sharing of arbitrary data between users with limited mutual trust. A user can encode its information by using a Slepian-Wolf code at a rate which enables a second user to correctly decode only if the side-information it has satisfies a conditional entropy constraint. The key advantages are as follows. Firstly, it is very flexible, in that it enables secure sharing for general data including multimedia data. Secondly, by appropriate Slepian-Wolf code selection, it enables compression in conjunction with security. Thirdly, it can be used for the case where the data model is imperfectly known and trust is to be built up incrementally. | 04-15-2010 |
20100095117 | SECURE AND POSITIVE AUTHENTICATION ACROSS A NETWORK - One embodiment takes the form of a method for authenticating an identity of a first party to a second party, without any prior contact between the parties. Further, the first party may authenticate its identity to the second party while eliminating the ability of the second party to steal the first party's identity. A trusted authority may facilitate authenticating the identity of two or more communicating parties. In one embodiment, the authority may ensure the validity of the identification of a number of parties talking over a communications network. The parties communicating over the secure network trust what the authority states concerning the identities of the other parties in the network. Another embodiment may prevent the authority from monitoring which two parties are communicating to each other through the network. | 04-15-2010 |
20100095118 | CRYPTOGRAPHIC KEY MANAGEMENT SYSTEM FACILITATING SECURE ACCESS OF DATA PORTIONS TO CORRESPONDING GROUPS OF USERS - Cryptographic Key Management System facilitating secure access of data portions to corresponding groups of users. In an embodiment, corresponding group key (asymmetric key pair) is provided for each group, with the private key being stored in a secure format requiring the user credentials for decryption. In addition, a data key required to decrypt a data portion of interest is encrypted using the group public key. Thus, when a user attempts to access a data portion, the user credentials are used to decrypt the group private key, which is then used to decrypt the data key. The data key is then used to decrypt the data portion of interest. | 04-15-2010 |
20100095119 | COMMUNICATION APPARATUS, AND METHOD FOR CONTROLLING COMMUNICATION APPARATUS - A communication apparatus is provided that encrypts content data that is to be uploaded to a server by using a first encryption key used in a process for sharing a communication parameter for communicating with other communication apparatus via a wireless network or a second encryption key based on the communication parameter shared in the sharing process. Consequently, the content data can be viewed only by a specific communication apparatus. | 04-15-2010 |
20100100733 | System and Method for Secure Provisioning of an Information Handling System - Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key. | 04-22-2010 |
20100100734 | DIGITAL RADIOLOGY SYSTEM AND METHOD FOR IMPLEMENTING THE RADIOLOGY SYSTEM - The invention relates to a digital radiology system and a method of implementing the radiology system. The radiology system includes a mobile cassette and a fixed base station, the cassette including an X-ray image acquisition device to which the cassette is exposed, the system also including a communication interface between the cassette and the base station to enable transfer data such as the image between the cassette and the base station. The communication interface includes a removable wired link and a wireless link, both capable of transferring data and the system includes a circuit to deactivate the wireless link as soon as the wired link is set up. The method includes setting up as a priority a data interchange over the wireless link and switching the exchange over to the wired link as soon as the latter is set up. | 04-22-2010 |
20100100735 | APPARATUS AND METHOD FOR PROVIDING A PORTABLE BROADBAND SERVICE USING A WIRELESS CONVERGENCE PLATFORM - An apparatus and method for providing a portable broadband service, the method comprising enabling a first connectivity between a wireless convergence platform and an Internet gateway; enabling a second connectivity between the wireless convergence platform and at least one device; obtaining an application service through the Internet gateway using the first connectivity; and relaying the application service through the second connectivity to the at least one device. | 04-22-2010 |
20100100736 | METHOD AND SYSTEM FOR SECURE COMMUNICATION - A method and system for secure communication is provided. The method for secure communication with devices includes: obtaining a parameter for protecting a content; authenticating each other by exchanging a certificate with the device; and exchanging a key with the device using a key authenticated through the certificate to establish a secure authenticated channel with the device. Accordingly, it is possible to establish the secure authenticated channel and perform secure communication by computing a secure authenticated channel key. | 04-22-2010 |
20100100737 | SYSTEM AND METHOD FOR GENERATING A NON-REPUDIATABLE RECORD OF A DATA STREAM - A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream. | 04-22-2010 |
20100100738 | METHOD FOR ESTABLISHING A SECURE AD HOC WIRELESS LAN - Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate. | 04-22-2010 |
20100106969 | DYNAMIC FOREIGN AGENT-HOME SECURITY ASSOCIATION ALLOCATION FOR IP MOBILITY SYSTEMS - The present invention utilizes the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association. | 04-29-2010 |
20100106970 | DEVICE AUTHENTICATION - Authentication of two devices in communication with a third device is achieved where the first and second devices each possess a shared secret value. The authentication includes communication of authentication values from the first device to the second device using the third device. Similarly, there is communication of values from the second device to the first device using the third device. The third device retains the communicated values. The values are calculated to permit the third device to authenticate the first and second devices without the third device receiving the shared secret value. The authentication may be used to establish a communications channel between the first and the second devices. | 04-29-2010 |
20100115274 | Conditional access system and method - The present invention relates to methods of and systems for providing conditional access to electronic content. Electronic content is provided to a user along with authorization information. The electronic content may be transmitted to the user, and the user may use the authorization information to access the electronic content. An authorization code may be provided to the user such that the user may be granted access to the content based on a comparison of the provided authorization code and a second authorization code transmitted with the electronic content, and transmission of the second authorization code may be controlled by a content provider to control access by the user. | 05-06-2010 |
20100115275 | SECURITY SYSTEM AND METHOD FOR WIRELESS COMMUNICATION SYSTEM - A security system processing method of a User Equipment (UE) and a security system for a wireless communication system are provided. The security processing method of the UE includes transmitting a Layer 3 message including a UE security capability to a Mobility Management Entity (MME) and the eNB, receiving a Access Stratum Security Mode Command (AS SMC) including a AS security algorithm selected by the eNB, as a result of verification of the UE security capability and information received from the MME, and a AS Message Authentication Code (MAC), transmitting a AS security mode complete message including the AS SMC to the eNB after verification of integrity of the AS SMC using the AS MAC, and transmitting, when receiving a Non Access Stratum (NAS) SMC including the UE security capability, a NAS security mode complete message to the MME after verification of integrity of the NAS SMC. | 05-06-2010 |
20100122087 | METHOD AND APPARATUS FOR LOGGING IN A HEALTH INFORMATION TELE-MONITORING DEVICE BY USING A PERSONAL PORTABLE DEVICE - A method of logging in a health information tele-monitoring device by using a personal portable device. The method includes issuing a security key embedded in a health information tele-monitoring device to a personal portable device, storing the security key issued by the health information tele-monitoring device in the user's personal portable device; requesting the user's personal portable device to authenticate the health information tele-monitoring device in order to connect the health information tele-monitoring device to a healthcare server; and authorizing access of the health information tele-monitoring device to the healthcare server. | 05-13-2010 |
20100122088 | METHOD AND SYSTEM FOR CONTROL OF CODE EXECUTION ON A GENERAL PURPOSE COMPUTING DEVICE AND CONTROL OF CODE EXECUTION IN A RECURSIVE SECURITY PROTOCOL - Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained. | 05-13-2010 |
20100122089 | SYSTEM AND METHOD FOR COMPRESSING SECURE E-MAIL FOR EXCHANGE WITH A MOBILE DATA COMMUNICATION DEVICE - A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device: the message is processed so as to modify the message with respect to encryption and/or authentication aspect. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a remote system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the remote system to one or more receivers. | 05-13-2010 |
20100122090 | Secure Bytecode Instrumentation Facility - A secure bytecode instrumentation facility, wherein a new code fragment is registered in an encrypted registry by first extracting a digital certificate from a specified code fragment location. A certification authority (CA) in the digital certificate is compared against a list of registered trusted certification authorities in the registry. If the CA is in the registry list, the code fragment origin in the digital certificate is compared against a list of registered trusted origins in the registry. If the code fragment origin is in the registry list, a determination is made as to whether the code fragment is authentic. If so, the information of the code fragment is recorded into the registry. The injection of code fragments may begin upon the initialization of the instrumentation facility if the encrypted registry has not been corrupted since last accessed, and if the code fragment content matches code fragment information in the registry. | 05-13-2010 |
20100131759 | METHOD AND SYSTEM FOR AUTHENTICATING SENDERS AND RECIPIENTS IN A CARRIER SYSTEM AND PROVIDING RECEIPT OF SPECIFIED CONTENT BY A RECIPIENT - Methods and systems for authenticating senders and recipients in a carrier system and providing receipt of specified content by a recipient are provided. A one-time recipient identification code is generated that can be entered into the delivery agent's portable terminal. Data is protected against eavesdropping by encryption and by splitting cipher text and an encryption key into two parts that are not accessible to any single party except at the moment of the mail unit delivery. | 05-27-2010 |
20100131760 | CONTENT USING SYSTEM AND CONTENT USING METHOD - For an audio-visual terminal that reproduces content, anonymity of a user is ensured while enabling reproduction of the content. A content using system of the present invention includes a communication terminal, an audio-visual terminal and a license server. The communication terminal generates an electronic ticket by providing a group sign to license information obtained from the license server. The audio-visual terminal, after verifying the group sign of the electronic ticket obtained from the communication terminal, transmits the electronic ticket to the license server. The license server judges whether or not the electronic ticket is usable, which is transmitted from the audio-visual terminal and assigns a license of the content to the audio-visual terminal when the electronic ticket is judged to be usable. The audio-visual terminal decrypts the content which is encrypted, by using a decryption key obtained based on the license, and reproduces the content. | 05-27-2010 |
20100138654 | SYSTEM AND METHOD FOR AUTHENTICATION BASED ON PARTICLE GUN EMISSIONS - A system, method and computer readable medium are disclosed for authentication. The method includes generating a challenge on a sender based on physical emission properties of a particle gun; transmitting the challenge from the sender to a receiver; receiving the challenge on the receiver; and verifying the authenticity of an entity, such as data, an object or a person, at the receiver by comparing the challenge with a value generated at the receiver. The process of generating the challenge and value is such that it is difficult to retrieve details of the input data based on the output data. | 06-03-2010 |
20100138655 | TERMINAL APPARATUS AND OPERATION INFORMATION COLLECTING SYSTEM - A terminal apparatus includes a receiving unit for receiving content data having definition information containing information regarding collection of operation information and information limiting a destination of the operation information; a playback processing unit for playing back the content data; a separating unit for separating the definition information from the content data, an operation-log collecting unit for collecting an operation log based on the information regarding the collection of the operation information; an operation-information generating unit for generating operation information from the operation log; a transmission enabling/disabling determining unit for determining whether or not transmission of the operation information is enabled, and a transmitting unit for transmitting the operation information to an information collecting server in response to a user operation that causes data communication, when the transmission enabling/disabling determining unit determines that transmission of the operation information is enabled. | 06-03-2010 |
20100138656 | Shielding a Sensitive File - Embodiments of the invention provide for shielding a sensitive file on a computer that can connect to a server computer via a network. The computer may determine whether it complies with security compliance requirements sent from another computer or not in response to a read instruction or a write instruction of the sensitive file by application software, and encrypt the sensitive file with an encryption key. | 06-03-2010 |
20100146272 | METHOD OF CONTROLLING INFORMATION REQUESTS - A method controls information requests in a system operating in an unauthorised, unassociated mode. The system includes at least one user device and an access point. The method involves receiving at the access point a first information request from a user device and a user device identifier. A utilization indicator is set. At the access point a second information request is received from a user device. A check is performed to determine whether the timer has expired; and if so, processing the second information request for response. | 06-10-2010 |
20100146273 | METHOD FOR PASSIVE RFID SECURITY ACCORDING TO SECURITY MODE - Provided are a method for passive radio frequency identification (RFID) security according to a security mode. An RFID tag transmits its own current security mode to a reader and the reader drives a security protocol depending on the current security mode of the RFID tag. Also, the reader grasps the ability of the tag and then the reader drive a protocol suitable for the ability through the security mode. | 06-10-2010 |
20100146274 | SECURITY FOR SOFTWARE DEFINED RADIO TERMINALS | 06-10-2010 |
20100153717 | Security device and building block functions - A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described. | 06-17-2010 |
20100153718 | METHOD AND SYSTEM USING A PORTABLE OBJECT FOR PROVIDING AN EXTENSION TO A SERVER - The present invention concerns a method and a system for extending a server connected with at least one client(s), characterized in that it consists in providing said extension on the client side by means of a portable object which is connected to said client and which performs at least one of the server's operation(s) in part or entirely. | 06-17-2010 |
20100153719 | Lightweight Authentication Method and System for Low-Cost Devices Without Pseudorandom Number Generator - An algorithm or an authentication system for a low-cost authenticating device such as a radio frequency identification (RFID) tag, or a sensor node are provided, by which authentication is processed efficiently without requiring a random number. A claimant entity attempting to be authenticated and a verifying entity to authenticate the claimant entity, share a plurality of secret keys so that authentication is processed as the claimant entity responds to a challenge by the verifying entity. The verifying entity and the claimant entity perform authentication using Learning Parity with Noise (LPN) problem. The claimant entity may generate an encrypted value for use in the authentication, using a basic Boolean Exclusive OR and a logical AND operations. | 06-17-2010 |
20100153720 | MOBILE SYSTEM, SERVICE SYSTEM, AND SERVICE PROVIDING METHOD TO SECURELY TRANSMIT PRIVATE INFORMATION FOR USE IN SERVICE - A mobile system, a service system, and a service providing method for securely transmitting private information for use in a service are provided. The mobile system maintains at least one user data and identification data with respect to the user data used for processing at least one service, sets a session key for the service system, and encrypts service data identified based on the identification data to transmit to the service system. | 06-17-2010 |
20100153721 | Portable Electronic Devices, Systems, Methods and Computer Program Products for Accessing Remote Secure Elements - Portable electronic devices are provided including a virtual secure element module configured to access a remote secure element server. The virtual secure element module being configured to access the remote secure element server from the portable electronic device to provide a predetermined level of security for secure transactions. Related systems, methods and computer program products are also provided. | 06-17-2010 |
20100153722 | METHOD AND SYSTEM TO PROVE IDENTITY OF OWNER OF AN AVATAR IN VIRTUAL WORLD - The present application provides an method and system for verifying a user's identity within a virtual world environment. The verification is to be in real-time and avoids the possibility of providing credential (e.g., biometric information) that were previously authentication, by sending to the user a time-sensitive challenge and requiring the user to provide the requested credentials (e.g., biometric information) within a predetermined time period. Therefore, the present invention is best positioned for environments where trusted identification of a user is needed online to facilitate secure transactions. | 06-17-2010 |
20100153723 | METHOD AND SYSTEM FOR ENCRYPTION OF DATA - A method for transmitting a message securely between two entities, a sender and a receiver remotely located from each other and a system for carrying out the method is disclosed. The method includes using an array containing numbers based on the infinite sequence of value of ‘pi’; selecting a pattern and tracing and extracting the selected pattern along the numbers in the array sequentially to form a decimal number string. The decimal string is partitioned and converted to binary which is used as a cipher for coding the message by XORing. | 06-17-2010 |
20100161979 | PORTABLE ELECTRONIC ENTITY FOR SETTING UP SECURED VOICE OVER IP COMMUNICATION - A portable electronic entity includes an interface ( | 06-24-2010 |
20100161980 | APPARATUS AND METHOD OF SECURITY IDENTITY CHECKER - A method and apparatus that establish secure communications between two stations. The apparatus includes a low power communication processor and a host processor in a sleep mode. The low power communication processor receives a protocol message to initiate a communication. The protocol message includes an encrypted cryptographic identity token and triggers a wake-up event in order to wake up the host processor according to a result of identity a freshness checks performed by the low power communication processor. | 06-24-2010 |
20100161981 | STORAGE COMMUNITIES OF INTEREST USING CRYPTOGRAPHIC SPLITTING - Methods and systems of managing access to data in a secure data storage network are disclosed. One such method includes associating a storage resource with a community of interest, the community of interest associated with a workgroup key providing access to a virtual disk, the virtual disk allowing access to a volume comprising a plurality of shares stored on a plurality of physical storage devices. The method also includes, upon determining a user of a client device is a member of the community of interest, providing access to the storage resource to the user, whereby the storage resource is associated with the workgroup key. | 06-24-2010 |
20100161982 | HOME NETWORK SYSTEM - A home network system includes: a plurality of wireless devices cooperated with a home network, each device having a tag attached thereto to identify it; a tag reader for reading tag information from the tag of each wireless device; and a network manager for storing a shared key and identifying each wireless device connected to the home network using the tag information and supporting information exchange between the wireless devices by using the shared key. | 06-24-2010 |
20100161983 | DIGITAL CONTENTS REPRODUCING TERMINAL AND DIGITAL CONTENTS TRANSMISSION/RECEPTION METHOD THEREOF - A terminal for reproducing a digital content in support of transmitting/receiving the digital content to/from another terminal includes: an encryption unit configured to encrypt the digital content to produce encrypted digital content; a use scope determining unit configured to determine a use scope of a target terminal to which the digital content is to be transmitted; a personal-use authentication information generation unit configured to transform encryption information of the digital content according to a determination result of the use scope determining unit and generate personal-use authentication information; and a communication unit configured to transmit the encrypted digital content and the personal-use authentication information to the target terminal. | 06-24-2010 |
20100161984 | SECURE MESSAGE SYSTEM WITH REMOTE DECRYPTION SERVICE - Systems and methods for secure messaging are provided. A sender may encrypt content and send the encrypted content to a recipient over a communications network. The encrypted content may be decrypted for the recipient using a remote decryption service. Encrypted message content may be placed into a markup language form. Encrypted content may be incorporated into the form as a hidden form element. Form elements for collecting recipient credential information such as username and password information may also be incorporated into the form. At the recipient, the recipient may use the form to provide recipient credential information to the remote decryption service. The recipient may also use the form to upload the encrypted content from the form to the decryption service. The decryption service may provide the recipient with access to a decrypted version of the uploaded content over the communications network. | 06-24-2010 |
20100161985 | Methods and Systems for Protecting Media Content - Various embodiments provide methods and systems that utilize a protocol which enables media content protection by establishing a secure communication channel and, in some embodiments, a secure data channel, between a device such as a computing device running a protected content playback application, and a downstream component such as an associated driver, such as a graphics driver, of an associated display device such as a monitor, flat panel LCD, television and the like. | 06-24-2010 |
20100169643 | PROOF VERIFICATION SYSTEM, PROVING DEVICE, VERIFYING DEVICE, PROOF VERIFICATION METHOD, AND PROGRAM - The proof verification system of the present invention is composed of a proving device ( | 07-01-2010 |
20100174903 | SECURE LOGIN PROTOCOL - The present invention provides a method for generating a secret to be used in an authentication of a user before a server. Using a data association between two data sets, the association being created by the server, the user can provide a secret using an algorithm based on a pin number and a selection of a group of elements from one of the data sets, the selected group of data elements having counterpart group of elements from the other data set by virtue of the data association. The secret is transmitted to the server. The server performs a similar secret provision, and if the secret from the client is identical to the secret provided by the server, the user is authorized to access information on the server. | 07-08-2010 |
20100174904 | USE OF MODULAR ROOTS TO PERFORM AUTHENTICATION INCLUDING, BUT NOT LIMITED TO, AUTHENTICATION OF VALIDITY OF DIGITAL CERTIFICATES - Authentication of elements (e.g. digital certificates 140) as possessing a pre-specified property (e.g. being valid) or not possessing the property is performed by ( | 07-08-2010 |
20100174905 | Communication Between Call Controllers By Amending Call Processing Messages - Call Control entities in a network communicate between themselves by amending call processing messages to include encrypted network information. As such, a call may be established whose path through the network is dependent on the paths of other calls. Information of a scope larger than a Call Controller normally possesses can, as a result of this communication, be made available to Call Controllers for constraining call establishment. This information could relate to other calls and connections associated with those other calls. The information may also relate to gateways in and to adjacent networks and the Call Controllers in the adjacent networks that are related to the current Call Controller. | 07-08-2010 |
20100174906 | Method, system and equipment for key distribution - A method, system and equipment for key distribution are disclosed. During the course of computing a shared key Kab between a client node and a third party equipment, a serial number is introduced into keying materials to compute the Kab, instead of just using constant parameter, thus once the Kab is leaked, the Kab can be simply and duly updated by updating the variable parameter, and hence the security of message transmission is improved. Furthermore, in the implementations, methods for security protection and security verification for message are used, so as to effectively prevent threats to message security such as message forgery or replay attack, and hence further improve the security of message transmission. | 07-08-2010 |
20100180115 | METHOD AND SYSTEM FOR DETECTING SUCCESSFUL AUTHENTICATION OF MULTIPLE PORTS IN A TIME-BASED ROVING ARCHITECTURE - In one embodiment of the present invention, a method includes authenticating an HDCP transmitting device at a first port of an HDCP receiving device. A port of the HDCP receiving device is connected to a pipe of an HDCP architecture of the HDCP receiving device at a first time. A synchronization signal is received from the HDCP transmitting device at the port of the HDCP receiving device at a second time. A loss of synchronization between the HDCP transmitting device and the HDCP receiving device is detected when the time-span between the first time and the second time is not greater than the period of time between synchronization signals sent from the HDCP transmitting device. A re-authentication is initiated between the HDCP transmitting device and the HDCP receiving device in response to detecting the loss of synchronization. | 07-15-2010 |
20100180116 | INTRUSION-TOLERANT GROUP MANAGEMENT FOR MOBILE AD-HOC NETWORKS - An inventive system and method for intrusion-tolerant group management for a network is presented. The method comprises a client broadcasting a message request to controllers and validating the rekey messages received from the controllers, and controllers validating the client's broadcast message request and broadcasting proposals, collecting proposals, constructing threshold-signed proofs, updating the view umber, performing the client's message request, generating the rekey based on the valid proposals and transmitting the rekey to the client. Simultaneously, controllers send reconciliation messages to all controllers, based on which the membership state is updated. The client updates a shared key when a predetermined number of valid rekey messages are received. The controllers can communicate via a byzantine fault-tolerant agreement. The client can use its public key to decrypt the rekey and perform validation. The client's message request can be a join or a leave. | 07-15-2010 |
20100180117 | RANDOM SIGNAL GENERATOR - A random signal generator uses a folded MOS transistor, whose drain-source current includes a random component, as an electronic noise source. The random signal generator generates a random binary signal from the random component. The invention may be applied, in particular, to smart cards. | 07-15-2010 |
20100185856 | Stateless Agent - Secure and stateless data transfer between a source agent at a first computer system and a destination agent at a second computer system is provided. A first list of labels of content structures is generated at the first computer system. During a first data transfer session, the first list, authentication information, at least one object included in the content structures, and file identifiers for one or more files included in the content structures are transferred from the first computer system to the second computer system. A second list is generated at the second computer system and received at the first computer system. The second list lists at least one requested file identified by the transmitted file identifier(s). During a second data transfer session, authentication information, the first list, the at least one object, and the requested file(s) are transferred from the first computer system to the second computer system. | 07-22-2010 |
20100185857 | REMOVABLE SECURITY MODULES AND RELATED METHODS - Example removable security modules for use with process control devices and related methods are disclosed. An example removable security module includes a body configured to be removably coupled to the process control device and a memory disposed in the body with a shared secret stored in the memory. The example removable security module also includes a processing unit disposed in the body, coupled to the memory and configured to read information from the process control device, compare the information to the shared secret and authenticate the process control device based on the comparison. | 07-22-2010 |
20100185858 | Image Forming System - A Multi-Function peripheral (MFP), a server apparatus, and a client apparatus for generating image output data from document data and transmitting the image output data to the server apparatus are each connected to a network. In the server apparatus, an output data management unit stores the received image output data in an output data storage unit. Upon receiving user authentication information that is input with a user operation on the MFP, the server apparatus determines whether the user authentication information is valid. When the user authentication information is determined to be valid, the server apparatus transmits to the MFP one or more among the stored image output data associated with the user authentication information. | 07-22-2010 |
20100185859 | SOFTWARE UPDATE SYSTEM, MANAGEMENT APPARATUS, RECORDING MEDIUM, AND INTEGRATED CIRCUIT - An update server | 07-22-2010 |
20100191963 | Method for transmission of dhcp messages - The invention describes a method for transmission of a DHCP message between a telecommunication network, especially a telecommunication network according to the WiMAX-standard, and an Internet Protocol (IP) subscriber (SS/MS; MN) to the telecommunication network. Therein, an information secured with an encryption key is added to the DHCP message. The encryption key is derived from a basic key being provided by a network component of the telecommunication network. | 07-29-2010 |
20100191964 | COMMUNICATIONS METHODS AND APPARATUS FOR USE IN COMMUNICATING WITH COMMUNICATIONS PEERS - Methods and apparatus related to the determination of the trustworthiness of information communicated in a message and/or the exchange of trust information are described. Various described methods and apparatus are well suited to peer to peer wireless communications in an ad-hoc network. At a given time, a communications device may have a trust relationship with a first set of devices. A first communications device determines trustworthiness of a received message from a second device, which is not a member of the first set of devices, based on information received from a third device which is a member of the first set of devices. The first communications device makes an informed decision as to whether or not to act upon the first message based upon its trustworthiness determination. | 07-29-2010 |
20100191965 | VERIFICATION OF SYSTEM INFORMATION IN WIRELESS COMMUNICATION SYSTEM - The present invention relates to a method for communicating between a network and a mobile terminal. The method comprises possessing at least one configuration parameter, and transmitting a message to the network, wherein the message includes information for verifying the authenticity of the at least one configuration parameter to the network, and wherein the information for verifying the authenticity of the at least one configuration parameter is calculated using an integrity key. | 07-29-2010 |
20100191966 | Method for checking the integrity of data, system and mobile terminal - The invention relates to a method for checking the integrity of a message transmitted between a sender in a transmitting end and a recipient in a receiving end, in which method an authentication value is calculated for the first message and a random string is generated. | 07-29-2010 |
20100199089 | CENTRALIZED AUTHENTICATION SYSTEM WITH SAFE PRIVATE DATA STORAGE AND METHOD - A token-based centralized authentication method for providing access to a service provider to user information associated with a user's relationship with the service provider includes the steps of: authenticating a user presenting a user token at a user terminal, the user token having stored thereon a user ID; deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information; retrieving the user information from the storage network using the resource identifier; and providing the retrieved user information to the service provider. | 08-05-2010 |
20100199090 | Secure Communication Between An Electronic Label And A Reader - The invention relates to a secure communication between an electronic label (A) and a reader (B), in particular for the authentication of the label by the reader, in which: the reader ( | 08-05-2010 |
20100199091 | Authentication and Encryption for Secure Data Transmission - A system and method for authenticating and encrypting messages for secure transmission is disclosed. A frame to be transmitted between devices comprises a frame header and a frame body. The frame body includes a security sequence number (SSN), frame payload, and message integrity code (MIC). The SSN is incremented by one for each frame transmitted using a same pairwise temporal key (PTK). A nonce is formed using the frame header and the SSN. Counter blocks Ctr | 08-05-2010 |
20100205434 | DOWNLOAD SECURITY SYSTEM - A download security system ( | 08-12-2010 |
20100205435 | METHOD FOR IMPLEMENTING LOCATION BASED SERVICES, METHOD FOR BROADCASTING GEOGRAPHIC LOCATION INFORMATION OF BASE STATION, AND DEVICE THEREOF - A method and device for broadcasting geographic location information of a base station (BS) and relates to radio communication technologies is disclosed. The purpose is to improve the security of the world interoperability for microwave access (WiMAX) network in the provisioning of location based services (LBS) in the prior art. A method for implementing LBSs includes: In a WiMAX system providing LBSs, the system obtains an encryption key for encrypting the geographic location information of the BS; and encrypts the broadcasted geographic location information of the BS based on the obtained key. The technical solution of the disclosure may be applied in the WiMAX system. | 08-12-2010 |
20100205436 | Mobile Terminal System - A system, apparatus and method for enabling interaction between a mobile device and a dynamic list of remotely hosted applications. A mobile device is provided with a removable module implementing a virtual machine defined by a set of instructions. The mobile device requests an initial application from an application server. The application server generates a message, including a set of commands and any parametric information, such as text to be displayed, which is then compiled into executable code. The executable code is then forwarded to the mobile device for execution. The mobile device interprets the executable code and runs it, possibly causing text or a menu to be displayed. In a first embodiment, the mobile device requests a list of currently available applications and is provided with such a list by a first application server. The user is then able to select from the list of applications, some which can be located on other servers. In another embodiment, an application server initiates a communication by transmitting a set of commands causing one or more actions on the mobile device, such as the sounding of an audio alarm, the displaying of text, etc. | 08-12-2010 |
20100205437 | Protection method and device for a mobile IPV6 fast handover - A protection method for a mobile IPv6 fast handover is provided, which includes the following steps: generating a fast-handover signaling protection key by using a key which is shared with a network side device; generating an authentication code according to the protection key; adding the authentication code to the fast-handover signaling and transmitting the fast-handover signaling to a router. A protection device for a mobile IPv6 fast handover is also provided. By using the method, the shared key between the mobile node and the network side device is used to derive the fast-handover signaling protection key to protect the fast-handover signaling, which solves the security problem of the fast-handover message during a mobile IPv6 fast handover, decreases overhead during storing and calculating regarding the mobile node, and can be used to protect the downward fast-handover signaling of the SeND protocol that cannot be supported by the mobile node. | 08-12-2010 |
20100211779 | Identity Based Authenticated Key Agreement Protocol - A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is sent to the second party, the first random key component being encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted random key component pair is received from the second party, the random key component pair being formed from the first random key component and a second random key component computed at the second party, and encrypted at the second party using a public key of the first party in accordance with the identity based encryption operation. The second random key component, in encrypted form, is sent to the second party, the second random key component being encrypted using the public key of the second party. A key for use in subsequent communications between the first party and the second party is computable at the first party based on the second random key component. The key may be computed at the second party based on the first random key component. | 08-19-2010 |
20100211780 | SECURE NETWORK COMMUNICATIONS - Apparatus, systems, and methods may operate to establish a secure communications tunnel between a server node and a client node, and to receive user requests from the client node at the server node via the secure communications tunnel. The user requests may be received in conjunction with a device verification token derived from nonces generated by the server node and transmitted to the client node as part of keep-alive response messages. The nonces may change according to a period of time established by the server node. Additional apparatus, systems, and methods are disclosed. | 08-19-2010 |
20100211781 | TRUSTED CLOUD COMPUTING AND SERVICES FRAMEWORK - A digital escrow pattern is provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially (encrypted) to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber. | 08-19-2010 |
20100211782 | TRUSTED CLOUD COMPUTING AND SERVICES FRAMEWORK - A digital escrow pattern is provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially (encrypted) to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber. | 08-19-2010 |
20100211783 | Method And System Of Transferring Electronic Messages - The invention relates to a method and system of transferring internet electronic messages (e-mails). The method comprises the steps of creating a first e-mail by sender's mail user agent ( | 08-19-2010 |
20100211784 | METHOD FOR ACCESSING A PORTABLE DEVICE, CORRESPONDING PORTABLE DEVICE, HOST DEVICE AND SYSTEM - The invention relates to a method for accessing a portable device, the portable device being connected to a host device. According to the invention, the host device, as a client, opens a communication channel to the portable device, as a server, according to a first network communication protocol, and the portable device, as a client, uses the communication channel to transport data to the host device, as a server, according to a second network communication protocol, without the implementation of any complex infrastructure. The invention relates also to a corresponding system for accessing a portable device, a corresponding portable device accessible from outside and a corresponding host device for accessing a portable device. | 08-19-2010 |
20100211785 | SYSTEM AND METHOD FOR AUTOMATIC WIRELESS CONNECTION BETWEEN A PORTABLE TERMINAL AND A DIGITAL DEVICE - A method and system are provided for automatic wireless connection to a digital device in a portable terminal, wherein information about the portable terminal is acquired. The information about the portable terminal is commonly used for automatic wireless connection to the digital device. A state of a Wireless Local Area Network (WLAN) is checked and activated, and the WLAN is set to an Ad-hoc mode. A Service Set Identifier (SSID) of the WLAN is set using the acquired portable terminal information, a security key of the WLAN is set using the acquired portable terminal information, and an Internet Protocol (IP) address of the WLAN is automatically set using the acquired portable terminal information. | 08-19-2010 |
20100217978 | Method for sharing secret information among cooperating parties - A method and system for distributing a secret to a plurality of computing systems. In one embodiment, the method determines the number (n) of shares to generate and a threshold number (k) of the shares from which the secret can be reconstructed. The method further chooses n coprime random bit strings in any one of general rings as moduli, the general rings including one or more non-integer rings. The secret is then embedded in a bit string which is at least one bit longer than the product of any k−1 moduli and at least one bit shorter than the product of any k moduli. The method further computes shares of the bit string for distribution to n computing systems, each share including one of the moduli and a corresponding remainder. | 08-26-2010 |
20100217979 | System and Method for Providing Certified Proof of Delivery Receipts for Electronic Mail - The present disclosure provides a system and method for certifying the delivery of electronic mail messages. In one embodiment, the sender contacts a proof-of-delivery-request creation server which receives the message the sender would like to obtain a proof-of-delivery for, generates a processed message and a proof-of-delivery-request, and returns both to the sender. The sender then uses his regular email infrastructure to transmit to the recipient the processed message and the proof-of-delivery-request as a single email. Upon receiving the sender's email, the recipient contacts a proof-of-delivery-request processing server operated by a trusted-third-party and sends it the proof-of-delivery-request. Said server processes the proof-of-delivery-request, notifies the sender that the recipient has received the message and provides the recipient with information usable for extracting the original message from the processed message. | 08-26-2010 |
20100217980 | Communication Control System, Mobile Communication Terminal and Computer Program - In order to reduce the registration time of a Mobile IP/Simple IP and an SIP, an AAA ( | 08-26-2010 |
20100217981 | METHOD AND APPARATUS FOR PERFORMING SECURITY COMMUNICATION - Provided is a method of performing secured communication. In the method, a secured communication request for performing secured communication is received from the second device, a security key required for the secured communication is randomly generated and output, and a plurality of pieces of data encrypted using the security key are transmitted and received to and from the second device. | 08-26-2010 |
20100217982 | METHOD AND SYSTEM FOR REGISTERING A PRESENCE USER WITH A PRESENCE SERVICE - A method, performed by a registrar of a presence service, for registering a user with a presence service. The method entails negotiating a key with a client device operated by the user in order to establish an encrypted communications channel between the client device and the registrar via a proxy node, authenticating the user by exchanging messages through the encrypted communications channel and through a separate e-mail channel, binding a universally unique identifier identifying the user with one particular function node that is interposed between the proxy node and a publish-subscribe subsystem of the presence service and creating a user profile for the user and storing the user profile in a persistent data store. | 08-26-2010 |
20100217983 | Archive system, management apparatus, and control method - A user terminal reads out an encrypted content that is an authentication target from an encrypted content memory medium that stores the encrypted content in association with management information, assigns data forming the read encrypted content to the same hash function as that of a management apparatus, and computes a first hash value. The management apparatus acquires the computed first hash value and management information from the user terminal, reads out, from a management information memory unit that stores a second hash value that is a hash value previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function in association with the management information, the corresponding second hash value by using the acquired management information as a retrieval key, authenticates whether the acquired first hash value and the second hash value are identical to each other, and permits a decryption process when the authentication result is an authentication success indicating that the first hash value and the second hash value are identical to each other. | 08-26-2010 |
20100217984 | METHODS AND APPARATUS FOR ENCRYPTING AND DECRYPTING EMAIL MESSAGES - An e-mail encryption method the sender embeds commands and optionally, parameters relating to the commands in an e-mail message. A domain suffix associated with an encryption e-mail server is appended to the recipient e-mail address before sending the e-mail message. The e-mail message is sent and delivered to the encryption e-mail server. The encryption e-mail server parses the e-mail message and executes any commands, optionally executing the commands based on submitted parameters. The encryption e-mail server encrypts the message and forwards the encryption message, or alternatively, a link to a memory location in the encryption email server where the encryption e-mail message is stored. The recipient receives an email notifying them of the encrypted message. The recipient is prompted for a password. The password is validated. If valid and no limits on the e-mail are exceeded, the contents of the encrypted e-mail message are decrypted and displayed for the recipient. | 08-26-2010 |
20100223463 | COMMUNICATION SYSTEM, KEY MANAGING/DISTRIBUTING SERVER, TERMINAL APPARATUS, AND DATA COMMUNICATION METHOD USED THEREFOR, AND PROGRAM - To provide a mobile communication system that can prevent unauthorized use of an encryption key otherwise caused by loss thereof and that can securely perform a direct communication between terminals using the encryption key. A portable terminal apparatus | 09-02-2010 |
20100223464 | PUBLIC KEY BASED DEVICE AUTHENTICATION SYSTEM AND METHOD - Provided is a public key based device authentication server including a server authenticator identifying a device in which a service list is registered and acquiring a certificate of the device issued by a certificate authority (CA); and an encryption key generator generating a public key and a private key for the device and transmitting to the device the public key, the private key and the certificate of the device. | 09-02-2010 |
20100223465 | METHOD FOR LENDING OUT ELECTRONIC KEY AND COMMUNICATION TERMINAL - The present invention aims at providing an electronic key lending method capable of ensuring the high security by a relatively easy method. An electronic key lending method of the present invention of lending an electronic key ( | 09-02-2010 |
20100223466 | SHARED SCALABLE SERVER TO CONTROL CONFIDENTAL EVENT TRAFFIC AMONG RECORDATION TERMINALS, ANALYSIS ENGINES, AND A STORAGE FARM COUPLED VIA A PUBLIC NETWORK - A highly secure event server receiving and storing encrypted assets and references to those assets over a public wide area network. A system for selectively decrypting and transmitting references to analysis clients such as authenticated mutually unconscious users, and retrieving, decrypting and transmitting certain assets from high-volume storage, distributed storage, or in transit. A method for controlling a plurality of event recordation clients and a plurality of analysis clients transmitting policies and commands requesting upload of assets and obtaining status solely by receiving client initiated sessions. | 09-02-2010 |
20100223467 | Methods and Systems for Sharing Database Content - Mechanisms and methods for sharing database content stored by a first organization with a third party are provided. A network address is provided to the third party, which can enable control of the access to the content and tracking of the views of the content. For example, the network address can include an encrypted key that contains information about the organization that created content and the specific distribution ID for delivering the content when requested by the third party using the address. A distribution can be created in numerous ways, with various restrictions on the access to the document of a distribution. | 09-02-2010 |
20100223468 | METHOD AND DEVICE FOR AUTHENTICATING REQUEST MESSAGE - A method for authenticating request messages is disclosed. An authentication service device performs centralized allocation and management for authentication random numbers; when a User Equipment (UE) uses a protected service, the key negotiation process needs to be performed only once, whereupon the authentication is performed with multiple Application Servers (ASs) in turn according to the policy of using an authentication random number. Further, the corresponding authentication service device, AS, and UE are disclosed. | 09-02-2010 |
20100228973 | ELECTRONIC DATA COMMUNICATION SYSTEM - There is described a key server which is connected to a local area network, and an encryption authority transfers private keys for clients of the local area network to the key server. In an embodiment, the key server encrypts outgoing emails using public keys for the recipients and decrypts internal emails using private keys for the recipients. In another embodiment, the clients of the local area network download their respective private keys from the key server so that encryption operations may be performed by client software. | 09-09-2010 |
20100228974 | VLAN TAGGING OVER IPSec TUNNELS - In accordance with a nonlimiting example, a network device transfers communications data along a communications channel within an Internet Protocol (IP) network. A communications module includes a signal input connected to the communications channel of the IP network and receives an Ethernet packet having an Ethernet header and IP data. A processor is coupled to the communications module and processes the Ethernet packet. It removes the Ethernet header and adds Virtual Local Area Network (VLAN) tagging information to a padding section in the packet. In one aspect, the processor includes an encryption module that encrypts the VLAN tagging information along with the IP data. The network device includes a signal output through which the packet is transferred to a destination within the IP network over the communications channel as an IPSec tunnel. | 09-09-2010 |
20100228975 | METHOD, SYSTEM AND SOFTWARE PRODUCT FOR TRANSFERRING CONTENT TO A REMOTE DEVICE - The present invention relates to a method for transferring content to a device, the method including the steps of: receiving a request for content from the device; delivering a uniquely identifiable, ephemeral player to the device; and transferring content to the device, for presentation on the device by the player. The invention has particular application to digital rights management in respect of the distribution of audiovisual content such as film and television programs, advertisements and live event broadcasts over communication networks such as the Internet. | 09-09-2010 |
20100228976 | METHOD AND APPARATUS FOR PROVIDING SECURED NETWORK ROBOT SERVICES - At least one client robot in a domain are connected to a domain security management unit and a root security management unit is connected to at least one external server outside the domain and the domain security management unit via a network. A method for providing secured network robot services includes generating, at the domain security management unit, a shared key between the client robot and the external server when the client robot requests key distribution; generating, at the domain security management unit, a key distribution request message containing the shared key; and transmitting, at the domain security management unit, the key distribution request message to the external server. | 09-09-2010 |
20100228977 | Communications Hub for Use in Life Critical Network - Secured communications between patient portable communicators (PPC) and a central authority (CA) via an unsecured network are implemented using software implemented by a communications device. The communications device provides for detecting, using a multiplicity of disparate communication protocols, presence of entities requesting a network connection and determining whether or not each of the entities is a PPC, establishing, only for the entities determined to be PPCs, a connection to the CA via the unsecured network using the disparate communication protocols, authenticating only the PPCs to the CA, and facilitating communication of PPC data between the PPCs and the CA via the communications device and the unsecured network upon successful PPC authentication. The PPC data comprises at least some patient implantable medical device data acquired by the PPCs. | 09-09-2010 |
20100228978 | Terminal Device, System, Connection Management Server, and Computer Readable Medium - A second terminal device is used in a system including a connection management server, a first terminal device, and the second terminal device. The second terminal device includes: a local address obtaining unit configured to obtain a first local IP address and first authentication information of the first terminal device from the connection management server, if a first global IP address matches a second global IP address; a determination unit configured to determine, by using of the obtained first authentication information, whether a first particular terminal device with which the second terminal device can communicate by use of the first local IP address is the first terminal device; and a target data communication unit configured to communicate first data with the first terminal device by using the first local IP address, if the first particular terminal device is determined to be the first terminal device. | 09-09-2010 |
20100228979 | Terminal Device, System and Computer Readable Medium - A second terminal device is used in a system including a server, a first terminal device, and the second terminal device. The second terminal device includes: a first command transmission unit configured to transmit a first command to the first terminal device via the server; a storage control unit configured to hold a first address and first authentication information of the first terminal device; a second command transmission unit configured to transmit a second command to the first address; a determination unit configured to determine whether a terminal device as a destination of the second command is the first terminal device, by using first response data from the terminal device and the first authentication information; and a third command transmission unit configured to transmit a third command to the first address if the terminal device is determined to be the first terminal device. | 09-09-2010 |
20100235634 | SECURITY CONSIDERATIONS FOR THE LTE OF UMTS - A method for providing message protection includes generating a ciphered message based upon a first counter, a message, and a ciphering key. The method further includes generating an unciphered message authentication code (MAC) based upon the first counter, an integrity protection key, and either the message or the ciphered message, and transmitting security protected data, which includes the MAC and the ciphered message, over a transmission medium. | 09-16-2010 |
20100235635 | Methods, Systems And Computer Program Products For Authenticating Computer Processing Devices And Transferring Both Encrypted And Unencrypted Data Therebetween - Methods for transferring a set of data from a first processing device to a second processing device are provided. Pursuant to these methods a secure shell (“SSH”) authentication is performed to authenticate a first user that is logged onto the first processing device to a second user that is logged onto the second processing device. The set of data is divided into a first data subset and a second data subset. The first data subset is encrypted to provide an encrypted data set. The encrypted data set is transferred from the first processing device to the second processing device. The second data subset is also transferred from the first processing device to the second processing device, but without encrypting the second data subset. Related data transfer systems and computer program products are also provided. | 09-16-2010 |
20100235636 | Method for delivering web content and applications to the user via email or other communication channels - A method of enabling enriched content of an electronic message including embedding instructions within the electronic message for rendering the content of the message correctly on a recipient system. That may be protected by a firewall, anti virus or anti-spam program, the method comprising the steps of transforming the message content including the embedded instructions into data, in accordance with an algorithm; transmitting the data to the recipient system; receiving the data by recipient system, inverse transforming the data to regenerate the message and the embedded instructions, and executing the embedded instructions to correctly display the enriched content. | 09-16-2010 |
20100235637 | Method of Preventing Web Browser Extensions from Hijacking User Information - The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser. | 09-16-2010 |
20100235638 | IDENTIFICATION AND AUTHENTICATION OF DEVICES IN A NETWORK - A method of distributing a network access key to devices in a network comprises the steps of generating a network access key, and generating a plurality of distinct key shares for the network access key. A device requires a predetermined number of distinct key shares to generate the network access key. Key shares are distributed to devices in the network, such that at least one device receives a plurality of distinct key shares. | 09-16-2010 |
20100235639 | INFORMATION PROCESSING APPARATUS, COMMUNICATION SYSTEM, METHOD OF CONTROLLING THEM, AND STORAGE MEDIUM - An information processing apparatus connected to a network via a network interface device and capable of performing encrypted communication with an external apparatus on the network. When the information processing apparatus is operating in a normal power mode, a sleep control module thereof detects whether a condition under which the apparatus shifts to an energy saving mode in which power consumption is smaller than in the normal power mode is satisfied. When the condition is detected to be satisfied, a proxy response registration module of the apparatus instructs an IPSec module of the same to request the external apparatus not to perform encrypted communication. | 09-16-2010 |
20100241853 | SYSTEM AND METHOD FOR GENERATING A PLAINTEXT / CYPHERTEXT DATABASE FOR USE IN DEVICE AUTHENTICATION - Plaintext/cyphertext pairs are generated for use in authenticating a device. The device performs a secure authentication algorithm on a secure authentication image file and a received plaintext challenge, and outputs a cyphertext response. If the cyphertext response matches a pre-stored cyphertext string associated with the plaintext challenge, then the device is authenticated. A master processor manages the generation of the plaintext/cyphertext pairs. Plaintext challenges are generated in the master processor using a binary counter and an n-bit key. Each plaintext challenge is transmitted to a first processor and a second processor. The first processor executes the secure authentication algorithm on each plaintext challenge and outputs a cyphertext response associated with each plaintext challenge. The second processor executes the secure authentication algorithm on each plaintext challenge and outputs a second cyphertext response associated with each plaintext challenge. The master processor receives the first and second cyphertext responses for each plaintext challenge. If the first cyphertext response matches the second cyphertext response, then the master processor stores each plaintext challenge and the associated cyphertext response as a vector pair in a database. | 09-23-2010 |
20100241854 | Method and apparatus for low-power ap-assisted fast wireless roaming using optimized neighbor graphs - An embodiment of the present invention provides a method, comprising using optimized neighbor graphs for low-power access point assisted fast wireless roaming by a wireless station (STA) operating in a wireless network. | 09-23-2010 |
20100241855 | Systems and Methods for Secure Execution of Code Using a Hardware Protection Module - Systems and methods for securely executing digital rights management software comprising content code are described. One method comprises receiving encrypted multimedia content and content code from a storage medium by a host processor, wherein the content code provides restricted content distribution by examining an environment in which a player application resides. Based on functions defined within the content code, the host processor partitions the content code into portions. Based on whether the functions corresponding to the portions are related to computations involving confidential data, commands and parameters related to the portions of the content code are generated and forwarded to a secure processor for decrypting the encrypted multimedia content. | 09-23-2010 |
20100241856 | COMMUNICATION DEVICES AND METHODS - A communication device, method and network are provided. The communication method comprises generating a first registration packet including first bio data, sending the first registration packet to a network, generating a content packet having second bio data and content data and sending the content packet to the network. The other communication method comprises receiving a first registration packet including first bio data, storing the first bio data together with a device identification, receiving a content packet including second bio data, extracting the second bio data from the content packet, comparing the first bio data with the second bio data and authorizing communication when the first bio data matches the second bio data. | 09-23-2010 |
20100241857 | AUTHENTICATION METHOD, AUTHENTICATION SYSTEM, IN-VEHICLE DEVICE, AND AUTHENTICATION APPARATUS - An authentication system is configured such that: an in-vehicle device generates an authentication key, and displays on a display unit, a two-dimensional code including the generated authentication key and a URL indicating a predetermined WEB page on a network; and a portable terminal device acquires the authentication key and the URL from the two-dimensional code by reading the two-dimensional code via an imaging unit, downloads a communication program for communicating with the in-vehicle device from the WEB page indicated by the URL, and transmits the authentication key to the in-vehicle device by causing the downloaded communication program to operate. | 09-23-2010 |
20100250928 | CONTENT DATA, TRANSMITTING APPARATUS, RECEIVING APPARATUS AND DECODING METHOD - A transmitting apparatus | 09-30-2010 |
20100250929 | METHOD AND APPARATUS FOR EMAIL COMMUNICATION - According to a first aspect of the present invention there is provided a method of verifying to a recipient of an email that a sender of the email possesses a mobile telecommunications device associated with a specific telephone number. The method comprises at the sender, sending an identifier of the email content and the telephone number to a server via the Internet (A | 09-30-2010 |
20100250930 | METHOD AND APPARATUS FOR PROTECTING THE ROUTING OF DATA PACKETS - A method and apparatus for protecting the routing of data packets in a packet data network. When a first end-host sends an address query to a DNS server system regarding a second end-host, the DNS server system responds by providing a destination parameter containing an encrypted destination address associated with the second end-host. Thereby, the first end-host is able to get across data packets to the second end-host by attaching the destination parameter to each transmitted data packet. A router in the packet data network admits a received packet if a destination parameter is attached to the pocket including a valid destination address encrypted by a key dependent on a distributed master encryption key. Otherwise, the router discards the packet if no such valid destination address can be derived from the packet by applying decryption to the destination parameter. | 09-30-2010 |
20100250931 | DECRYPTION OF ELECTRONIC COMMUNICATION IN AN ELECTRONIC DISCOVERY ENTERPRISE SYSTEM - Apparatus, methods and computer program products are described herein for automatically decrypting electronic communication that is harvested from custodians in an enterprise-wide electronic discovery system. Automatic decryption provides for electronic communication that is encrypted to be decrypted, even in instances in which the system is not provided the password and/or decryption key(s) from the encrypting custodian. The automatic decryption process, which ensues prior to delivering data to the third party data analysis provider or the requesting party, allows for data that may otherwise be unavailable or incomprehensible to the third party or requester to be readily accessible. Thus, decryption of such data in a relatively efficient and automated manner is highly beneficial. | 09-30-2010 |
20100250932 | METHOD AND APPARATUS FOR SIMULATING A WORKFLOW AND ANALYZING THE BEHAVIOR OF INFORMATION ASSURANCE ATTRIBUTES THROUGH A DATA PROVIDENCE ARCHITECTURE - A method and apparatus that simulates a workflow and analyzes the behavior of information assurance attributes through a data providence architecture is disclosed. The method may include injecting one or more faults into a simulated workflow, receiving a message in the simulated workflow having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, analyzing the calculated degree of trust with respect to the one or more injected faults and the information assurance attributes, and outputting the analysis to a user. | 09-30-2010 |
20100250933 | COMMUNICATION APPARATUS - A communication apparatus including: a communication module configured to establish communication with a counterpart device and receive and transmit a content from and to the counterpart device; a storage configured to store the content; a first processor configured to perform decryption and encryption on the content using a first key that is unique to the communication apparatus; a second processor configured to perform decryption and encryption on the content using a second key that is unique to the content; and a controller configured to control the second processor to perform the encryption on the content stored in the storage when transmitting the content to the counterpart device, and to control the first processor to perform the encryption on the content received from the counterpart device and decrypted by the second processor when storing the content in the storage. | 09-30-2010 |
20100250934 | CONTENT PROTECTION DEVICE AND CONTENT PROTECTION METHOD - According to one embodiment, a content protection device includes a writing module configured to write protection information into file management information item in order to protect a content which is specified to be protected, wherein the writing module is configured to write the protection information corresponding to sectors which stores content key management information file includes content key link information item includes content key position information item of encrypted content key corresponding to content which is specified to be protected, or to write protection information corresponding to at least part of a sectors which stores content key management file includes encrypted content key corresponding to content which is specified to be protected. | 09-30-2010 |
20100250935 | Systems and Methods for Secure Transaction Management and Electronic Rights Protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.” | 09-30-2010 |
20100262824 | System and Method for Software Protection and Secure Software Distribution - The various embodiments of the present invention provide a secure software distribution and execution method. According to the method, a server receives software from service provider for downloading to a client and identifies the sections for encoding. APIs are inserted in the identified sections. A unique ID is created based on the identity of the each client to generate an encryption algorithm, decryption key and decryption algorithm. The identified sections are encrypted with the generated encryption algorithm. The encrypted application along with encryption algorithm, decryption key and decryption algorithm are downloaded to the driver of the client machine. The API makes call to the driver by sending the encrypted segment when the encrypted portion is reached during the execution of software in the client machine so that the driver decrypts the encoded portion using the received key and the decryption algorithm to enable the continuous execution of the downloaded software. | 10-14-2010 |
20100268946 | SYSTEM AND METHOD FOR GENERATING SECURED AUTHENTICATION IMAGE FILES FOR USE IN DEVICE AUTHENTICATION - A secure authentication image file is generated for use in authenticating a device. The device performs a secure authentication algorithm on the secure authentication image file and a received plaintext challenge, and outputs a cyphertext response. If the cyphertext response matches a pre-stored cyphertext string associated with the plaintext challenge, then the device is authenticated. The secure authentication image file is pre-generated in a secure environment. A plurality of key address locations are reserved in a raw memory image file. A key merger application merges the secure key data into the raw memory image file to generate a secure authentication image file. A test set of plaintext/cyphertext pairs are generated using the newly created secure authentication image file. To maintain security of the secure authentication image file, the secure key data and the raw memory image file are erased from a working memory. The test set of plaintext/cyphertext pairs are used to verify a production device containing the secure authentication image file. | 10-21-2010 |
20100268947 | SYSTEMS AND METHODS FOR REGISTERING A CLIENT DEVICE IN A DATA COMMUNICATION SYSTEM - A two-way wireless communication system comprises a central authority in communication with a plurality of client devices via both a circuit switched data communication system and a packet switched data communication system. The packet switched communication system can assign packet switched network addresses to the client devices dynamically. Therefore, the central authority can be configured to send a circuit switched message, through the circuit switched data network, to a client device requesting the client device to register with the central authority through the packet switched data network | 10-21-2010 |
20100268948 | RECORDING DEVICE AND CONTENT-DATA DISTRIBUTION SYSTEM - A recording device comprises a memory unit configured to be communicationable with an external device and to record key data for encryption of content data through an authentication process, and a controller which controls the memory unit. The memory unit comprises a normal recording unit which is accessible from the exterior through the controller without an authentication process, a protected recording unit which is accessible from the external device when authentication of a first authentication process completes, and a writing restricted/protected recording unit which is accessible from the external device when authentication of a second authentication completes and is unwritable and unaccessible from the external device when authentication of only the first authentication process completes. | 10-21-2010 |
20100268949 | METHOD FOR PROTECTING A SENSOR AND DATA OF THE SENSOR FROM MANIPULATION AND A SENSOR TO THAT END - A method for protecting a sensor and data of the sensor from manipulation, as well as a sensor to that end; in the course of the authentication, a random number being sent by a control unit to the sensor; in order to recognize manipulation of the sensor data, the sensor data from the sensor to the control unit being provided with a cryptographic integrity protection; and to prevent replay attacks, additional time-variant parameters being added to the sensor data, the sensor data, together with the integrity protection and the added time-variant parameters, being sent by the sensor to the control unit. In this context, after the authentication of the sensor, the random number or a part of the random number or a number obtained from the random number by a function is utilized for the time-variant parameters. | 10-21-2010 |
20100268950 | DEVICE AND METHOD FOR DIGITAL RIGHT MANAGEMENT - The present invention provides a method for authenticating the copy right of a device by an offline way, a digital right protection system, and a method for providing digital contents, which mainly includes embedding an authentication agent into the digital content, said authentication agent, instead of the copyright issuer at the server side, authenticates the rendering qualification of the device before rendering the digital content. If the device is a non-compliant device, the authentication agent will not permit the device to render the digital content. The technique of the invention realizes offline digital right management, so it is not restricted by the network condition and can be applied widely in various environments. | 10-21-2010 |
20100275018 | SYSTEM AND METHOD FOR CONVERSION AND DISTRIBUTION OF GRAPHICAL OBJECTS - A system for converting a first digital representation of a graphical object defined in two dimensions, such as a floor plan of a building such as a house or an apartment, into a second digital representation of said graphical object, said second digital representation defined in three dimensions, said system comprising means for converting the first digital representation into a vector based representation by means of an computer implemented algorithm, and means for converting said vector based representation of the first digital representation into a three dimensional representation of the graphical object. Furthermore the invention relates to a system for secure administration and/or provision of protected data files in a computer network, such as the Internet or a local LAN, said computer network comprising at least one server and a plurality of clients. Finally the invention relates to a system that allows 3 | 10-28-2010 |
20100281256 | HASH FUNCTION USING A PILING-UP PROCESS - In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of randomness exhibited by well known tetromino stacking games. Computation of the hash value (digest) is the result of executing such a “piling on” (tetromino stacking game) algorithm using the message as an input (a seed) to a pseudo random number generator which generates the game pieces (shapes) from the resulting random numbers, then executing the game algorithm. | 11-04-2010 |
20100281257 | CONFIDENTIAL COMMUNICATION METHOD - It is an object of the present invention to solve a problem included in the onion routing which is used as a confidential communication method, that if a system down occurs in a computer within a communication route, connection is not made to further components at all, or a problem that the system and the traffic become slow by using multiplexed encryption. It is a communication method in which a client of an information providing source encrypts random numbers and calculates its hash value using respective public keys of an information server to which it connects, a function server of a destination to be sent, and an information server to which the function server connects, respective servers decrypt the encrypted random number using their own secret keys to compare the random number with the hash value, and thus, the client determines whether or not the route is related to the client. In such a way, information can be provided as an information providing source and an information provided destination are hidden, and as a response to provided contents from the function server which is the information provided source can also be kept anonymous. | 11-04-2010 |
20100281258 | SECURED PRESENTATION LAYER VIRTUALIZATION FOR WIRELESS HANDHELD COMMUNICATION DEVICE - The connectivity and security of wireless handheld devices (HDs) can be leveraged to provide a presentation appliance (PA) such as a laptop with an ability to securely communicate with an enterprise's private network. A split-proxy server, with part of it executing on the HD and a part executing on the PA, implements a full HTTP | 11-04-2010 |
20100287372 | MAIL SERVER AND METHOD FOR SENDING E-MAILS TO THEIR RECIPIENTS - The present invention relates to a mail server for a network. The mail server has a sender part arranged to receive outgoing e-mails from users of the network and to send the received e-mails to their recipients. The sending part is arranged to copy at least some of the contents in the received e-mail to a storage. The sending part provides an amended e-mail based on the received e-mail, said amended e-mail comprising at least one pointer substituting the contents copied to the storage, said pointer pointing at said contents in said storage. | 11-11-2010 |
20100293372 | ASYMMETRIC CRYPTOGRAPHY FOR WIRELESS SYSTEMS - A method for authenticating messages in a communication network includes forming a super message having a plurality of individual messages such that at least two of the individual messages are intended for separate receiving entities. The method further includes creating a message authentication code (MAC) using a private key, such that the MAC is configured to permit authentication of the super message using a public key. | 11-18-2010 |
20100293373 | INTEGRITY SERVICE USING REGENERATED TRUST INTEGRITY GATHER PROGRAM - An approach is provided to receive a request at a first computer system from a second system. The first system generates an encryption key, modifies retrieved source code by inserting the generated encryption key into the source code, and compiles the modified source code into an executable. A hash value of the executable program is calculated and is stored along with the encryption key in a memory area. The executable and the hash value are sent to the second system over a network. The executable is executed and it generates an encrypted result using the hash value and the embedded encryption key. The encrypted result is sent back to the first system where it is authenticated using the stored encryption key and hash value. | 11-18-2010 |
20100293374 | Secure Portable Memory Storage Device - A wireless secure authentication system for portable memory storage devices to prevent unauthorized transfer of stored data. The system includes a memory device such as a USB storage device that is capable of data storage. A wireless receiver and/or transmitter on the device receives and/or transmits an external signal from and/or to an external remote device, such as RFID card, bluetooth receiver, cellular telephone or any other wireless device. The device does not allow data to be accessed in the memory of the device until it receives an appropriate signal from the external device. Once the appropriate signal has been received, data transfer is allowed. In the event that the signal is lost, the data transfer is terminated and access to the data is not permitted. Examples of the system includes a USB memory device that requires a RFID card with an encrypted signal to be within a dedicated perimeter from the device. | 11-18-2010 |
20100293375 | METHOD FOR THE REMOTE ANALYSIS OF A COOKING APPLIANCE, AND A COOKING APPLICATION FOR CONDUCTING SAID METHOD - The invention relates to a method for storing data in a memory of a cooking appliance and/or for reading data from the memory of the cooking appliance, wherein the cooking appliance comprises at least one interface to a server. In a first step, data of the cooking appliance is stored in the memory, and in a second step, following authentication by the server in relation to the cooking appliance, data is read from the memory by the server via encoded data transmission. The invention further relates to a cooking appliance, comprising at least one memory, a user interface, and at least one interface to at least one server in order to carry out such a method for the purpose of transmitting data between the memory and at least the server. | 11-18-2010 |
20100293376 | METHOD FOR AUTHENTICATING A CLENT MOBILE TERMINAL WITH A REMOTE SERVER - The disclosure relates to a method and a device for authenticating a client mobile terminal on a remote server of said terminal, with said server sending a challenge to said mobile terminal in advance, said mobile terminal having to respond to the challenge, to authenticate at the same time, by transmitting a response consisting in encoding said challenge combined with a secret key known to said terminal and the same time to the server, wherein the secret key is hidden in a media file recorded in the mobile terminal using steganography. | 11-18-2010 |
20100293377 | Methods and Apparatus for Performing Authentication and Decryption - Methods and apparatus are provided for performing authentication and decryption operations. A record including multiple encrypted blocks is received. An encrypted block in the record is extracted and decrypted first in order to obtain context information for performing authentication operations. Each remaining block is then decrypted and authenticated by using the available context information. Authentication operations can be performed without having to wait for the decryption of all of the blocks in the record. | 11-18-2010 |
20100293378 | METHOD, DEVICE AND SYSTEM OF ID BASED WIRELESS MULTI-HOP NETWORK AUTHENTICATION ACCESS - A method, device and system of ID based wireless multi-hop network authentication access are provided, which are used for security application protocol when the WAPI frame method (TePA, Triple-Element and Peer Authentication based access control method) is applied over the specific network including the wireless LAN, wireless WAN and wireless private network. The method includes the following steps: defining non-controlled port and controlled port; the coordinator broadcasts the beacon frame, the terminal device sends the connection request command; the coordinator and the terminal device perform the authentication procedure; the coordinator opens the controlled port and sends the connection response command at the same time if the authentication is successful; the terminal device receives the connection response command and opens the controlled port in order to access the network. The method of the present invention solves the technical problem of the presence of the security trouble in the present wireless multi-hop network authentication access method, improves the security and performance of accessing the wireless multi-hop network from the terminal device, and ensures the communication safety between the terminal device and the coordinator. | 11-18-2010 |
20100299521 | KEY MANAGEMENT SYSTEM, KEY MANAGEMENT METHOD, SERVER APPARATUS AND PROGRAM - Disclosed is a key management system including plural terminal devices and a server. Each of the terminal devices includes: authentication means for authenticating a user and acquiring user information; delivery key registration means for registering a delivery key linked to the user information based on corresponding information, transmitted from the server, between the user information and the delivery key; encryption key receiving means for receiving an encryption key using the delivery key. The server includes terminal information storage means for storing the terminal identification information, user information on the user utilizing the terminal device and the delivery key, wherein the terminal identification information, the user information and the delivery key are linked to each other; and encryption key delivering means for transmitting the encryption key using the delivery key linked to the user information on the user performing secret communication. | 11-25-2010 |
20100299522 | Content Sharing Systems and Methods - Systems and methods are described for peer-to-peer sharing of electronic content. In one embodiment, if a license associated with a content item permits a sharing peer to share the content item with a receiving peer, the sharing peer rebinds a cryptographic key associated with the content item to the receiving peer and generates a sharing license for the content item. The sharing peer sends the sharing license and the content item to the receiving peer for consumption. | 11-25-2010 |
20100299523 | MOBILE HOST USING A VIRTUAL SINGLE ACCOUNT CLIENT AND SERVER SYSTEM FOR NETWORK ACCESS AND MANAGEMENT - A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network. | 11-25-2010 |
20100299524 | METHOD, APPARATUS, AND SYSTEM FOR CONFIGURING KEY - A method, an apparatus, and a system for configuring a key are provided. The method includes the following steps. A mobile node (MN) and an authentication authorization accounting home server (AAAH) generate a domain specific root key (DSRK) of a visited domain respectively. The AAAH sends the DSRK to an AAA visited server (AAAV). The MN and the AAAV generate a domain specific media independent handover service root key (DS-MIHS-RK) by using the DSRK respectively. The AAAV sends the DS-MIHS-RK to a visited domain media independent handover (MIH) authenticator. Thus, cumbersomeness and risks of errors in configuring and authenticating a password manually are avoided, so that large-scale and secure deployment of the MIH service becomes possible. | 11-25-2010 |
20100306535 | Business To Business Secure Mail - Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users. | 12-02-2010 |
20100306536 | SYSTEM AND METHOD FOR ROUTING MESSAGES BETWEEN APPLICATIONS - A system and method for enabling the interchange of enterprise data through an open platform is disclosed. This open platform can be based on a standardized interface that enables parties to easily connect to and use the network. Services operating as senders, recipients, and in-transit parties can therefore leverage a framework that overlays a public network. | 12-02-2010 |
20100306537 | SECURE MESSAGING - A method for securely transmitting a message to a recipient whilst allowing subsequent access to the message content, wherein at least part of the message is encrypted, comprising the steps of: (a) encrypting a first piece of content with an encryption key; (b) providing a decryption engine at an address on a recipient accessible server; (c) incorporating the address of the recipient accessible server within the message, together with the first piece of encrypted content; (d) transmitting the first piece of encrypted content together with the address of the recipient accessible server to the recipient, such that the recipient is able to decrypt the first piece of content by uploading it to the decryption engine, and (e) authenticating the sender to the recipient. | 12-02-2010 |
20100306538 | Trust Establishment from Forward Link Only to Non-Forward Link Only Devices - A method, apparatus, and/or system are provided for establishing trust between an accessory device and a host device, using a global key known to both the host device and the accessory device, so that content protection for subscriber-based mobile broadcast services is provided. A secure link may be established between the accessory device and the host device so that when the accessory device receives encrypted content via a secured forward link only network, the accessory device may decrypt the content at the forward link only stack. The content is then re-encrypted/re-secured using one or more derived encryption keys and then sent to the host device where it may be decrypted and played back. A global key, unique to the particular device type of the host device, is employed to ultimately derive the session encryption keys used to re-encrypt/re-secure the content conveyed from the accessory device to the host device. | 12-02-2010 |
20100306539 | METHOD AND SYSTEM FOR CONTENT DELIVERY CONTROL USING A PARALLEL NETWORK - A method and system for controlling distribution of content through a communications network uses a second, parallel network for delivery of a transaction indicia to a requesting party. The use of the parallel network enables the transaction indicia to be forwarded to the party independently of the communications network, thereby reducing the probability of a party fraudulently obtaining delivery of the content. Additionally, information associated with the parallel network can be used to restrict distribution of the content to parties within a predetermined domain, such as, for example, a geographical region. The content may be delivered to the party in an encrypted form, preferably using an encryption algorithm and key designed to enable decryption of the content on only the content delivery device from which the request for the content was originated. | 12-02-2010 |
20100306540 | ENCRYPTION PROCESSING METHOD AND ENCRYPTION PROCESSING DEVICE - Provided is an encryption processing device which can effectively improve an encryption processing performance of a secure multi-media communication. The encryption processing device ( | 12-02-2010 |
20100313017 | IDENTIFICATION-DEPENDENT COMMUNICATION BETWEEN VEHICLES - A method and assistance system drawn to identification-dependent communication that takes place between vehicles. The messages to be transmitted are encrypted by cryptographic methods, wherein the necessary keys for the cryptographic methods are stored in vehicle components which are protected from unauthorized removal and installation by means of protection mechanisms. The method and system make it possible to limit standardized broadcasts to a particular group of users. | 12-09-2010 |
20100313018 | METHOD AND SYSTEM FOR BACKUP AND RESTORATION OF COMPUTER AND USER INFORMATION - A method for performing backup of computer specific information from a computer is disclosed. The method includes receiving, at a remote server, user authentication data obtainable from a user of the computer; in response to a positive authentication based on the user authentication data, the remote server establishing a communication channel between the computer and the remote server; authenticating, via the communication channel, the computer for use with the server; sending, via the communication channel, a computer specific information collect request from the server to the computer; collecting computer specific information at the computer; encrypting the computer specific information; and sending, via the communication channel, the encrypted computer specific information to the remote server. | 12-09-2010 |
20100313019 | METHOD AND SYSTEM FOR MANAGING A SOFTWARE APPLICATION ON A MOBILE COMPUTING DEVICE - A method of and system for managing a one time password security software application employed on a mobile computing device ( | 12-09-2010 |
20100313020 | METHODS AND APPARATUS FOR USE IN FACILITATING THE COMMUNICATION OF NEIGHBORING NETWORK INFORMATION TO A MOBILE TERMINAL WITH USE OF A RADIUS COMPATIBLE PROTOCOL - A disclosed example method for requesting neighboring network information from a device involves encoding a request for neighboring network information and sending the request to an authentication server to obtain the neighboring network information. The example method also involves receiving a response to the request, retrieving the neighboring network information contained in the response, and decoding the neighboring network information. The decoded neighboring network information is stored. | 12-09-2010 |
20100318795 | BLOOM FILTER BASED DEVICE DISCOVERY - Aspects describe enabling two peers that have already paired together under some circumstances to re-identify themselves under different circumstances so that the peers can bypass performing another pairing only to discover that they are already paired. A Bloom filter is constructed from an available pool of locally selected identifiers and is sent to a peer node in a first message. Upon receiving the message with the Bloom filter, peer node checks all its known identifiers. If peer node finds that one of its identifiers is a member of the Bloom filter, peer node sends a reply in order to achieve a mutual identification. | 12-16-2010 |
20100318796 | METHOD AND SYSTEM FOR SECURING WIRELESS COMMUNICATIONS - A method for transmitting an encrypted signal to a wireless transmit/receive unit (WTRU) such that decryption of the encrypted signal depends on a trust zone associated with the WTRU is disclosed. The encryption may be performed using hierarchical modulation, scrambling, authentication, location validation, or a combination thereof. The size of a trust zone may also be adjusted. | 12-16-2010 |
20100318797 | SECURE DATA GATHERING FROM RENDERED DOCUMENTS - A facility for securing text captured from a rendered document is described. The facility receives data including an encryption of text captured from a rendered document. The facility decrypts the captured text included in the received data. | 12-16-2010 |
20100325432 | COUNTERFEIT PREVENTION STRATEGY FOR PLUGGABLE MODULES - A method is provided, including (a) upon a standard small form-factor pluggable (SFP) module being inserted into an SFP jack on a network host device, determining if the SFP module is a legacy device or a smart device, (b) upon determining that the SFP module is a legacy device, receiving a magic code from the SFP module and determining if the magic code is a valid magic code, and (c) upon determining that the SFP module is a smart device, performing a smart authentication process with the SFP module. Associated apparatuses and additional methods are also provided. | 12-23-2010 |
20100325433 | LOGIN SYSTEM - A method for secure log on to a server is provided. The method includes: providing a first user name and a first password from a client to the server; determining if the first user name and first password correspond to a registered user; providing a first data set from the server to the client if the outcome of the determination step is positive; providing a second user name and a second password from the client to a trusted third party; determining if the second user name and second password correspond to a user registered at the trusted third party; providing the first data set from the client to the trusted third party if the outcome of the determination step is positive; providing the first data set from the trusted third party to the server; providing a second data set from the server to the trusted third party if the first data set received from the trusted third party corresponds to the first data set provided to the client; providing the second data set from the trusted third party to the client; providing the second data set from the client to the server; log on the client at the server if the second data set received from the client corresponds to the second data set provided to the trusted third party. | 12-23-2010 |
20100325434 | REAL-TIME DELIVERY OF LICENSE FOR PREVIOUSLY STORED ENCRYPTED CONTENT - Content is stored as ClearText by a content provider within a trusted area. Specific content is requested by an end user, preferably via a service provider, and the requested content is encrypted and then delivered over a secure communications channel to a home server system. While the encrypted content is stored on the home server system, the associated encryption keys are stored as a license with the content provider. When a playback device on the home server system is instructed to play back the encrypted content, the encrypted content is streamed from local storage within the home server system while the associated encrypted keys are simultaneously streamed from the content provider to the playback device. | 12-23-2010 |
20100332827 | CREATING AND USING SECURE COMMUNICATIONS CHANNELS FOR VIRTUAL UNIVERSES - A system and method provides secure channels for communication in a virtual universe by employing a packet interception layer for incoming and outgoing data packets. A data path is defined and is sequentially encrypted with the public keys of servers in the path. Decryption and identification of the next server occurs in a sequential manner in which the path is known only to the sender. | 12-30-2010 |
20100332828 | APPARATUS AND METHOD FOR SHARING OF AN ENCRYPTION KEY IN AN AD-HOC NETWORK - It is so arranged that an encryption key can be shared with a communication apparatus that participates in a network anew, even in an ad-hoc-mode type of environment. In order to achieve this, a communication apparatus determines whether it possesses an encryption key shared with another communication apparatus and, in accordance with the result of the determination, initiates sharing process for sharing the encryption key with a first communication apparatus from the communication apparatus after the sharing process for sharing the encryption key has been initiated from the first communication apparatus. | 12-30-2010 |
20100332829 | Method for detecting the use of a cloned user unit communicating with a server - A method to prevent, detect and fight against cloning attacks by using payload keys to encrypt request and response messages exchanged between user units and server. In an initialization phase, the user unit generates locally an initial payload key and sends to the server in a secure way a request comprising a unique identifier of the user unit, check data, the initial payload key and a request instruction encrypted with a payload key retrieved from the memory of the user unit. Each time the server receives a request from a user unit; it will retrieve the payload key by searching in its memory according to the unique identifier of the user unit. The obtained payload key is then used to decrypt the request instruction. The server then generates a derivation key as response key which will be used by the user unit to compute a new payload key. Doing this way, the payload key is modified preferably during each data exchange between user unit and server, allowing thus the server to check in the next incoming request from the same user unit if the payload key is the expected one. The server also stores a fallback payload key, which is the last one used by the user unit. By checking a status parameter at decryption with the expected payload key or with the fallback key, the server can, by applying predefined business rules, distinguish correct behaviors or authorized user units from unexpected system failures (network, storage, interferences, application software crash, etc.) and from true cloning attacks. | 12-30-2010 |
20100332830 | SYSTEM AND METHOD FOR MUTUAL AUTHENTICATION BETWEEN NODE AND SINK IN SENSOR NETWORK - Disclosed a system and method for mutual authentication between a node and a sink in a sensor network. At least one sink periodically creates a neighboring sink list including information on at least one adjacent sink, and the sink requests node authentication to a base station when receiving an authentication request from the node and transmits its own neighboring sink list to the node when the node authentication has been completed. When the node moves and requests authentication to another sink, the another sink stores a neighboring sink list received from the node, determines if a node-authenticable sink exists in its own neighboring sink list according to the authentication request, and requests re-authentication of the node to the node-authenticable sink when the node-authenticable sink exists, so that re-authentication between the node and the sink is easily performed. | 12-30-2010 |
20100332831 | METHOD AND APPARATUS FOR AUTHENTICATING A SENSOR NODE IN A SENSOR NETWORK - A method and apparatus for authenticating a sensor node in a sensor network. The method for authenticating a sensor node by a first sink node in a sensor network includes receiving an authentication request using an authentication ticket from the sensor node, identifying a second sink node which has issued the authentication ticket, decoding the authentication ticket using a group key, which is previously stored in correspondence to the second sink node to confirm the validity of the authentication ticket, when the second sink node is included in a neighboring node list, normally processing authentication for the sensor node, generating an authentication ticket using a group key of the first sink node, and transmitting the generated authentication ticket to the sensor node. | 12-30-2010 |
20110004754 | Method And Apparatuses For Authentication And Reauthentication Of A User With First And Second Authentication Procedures - A method of authenticating a user to a network, the user being in possession of first and second authentication credentials associated respectively with first and second authentication procedures. The method comprises sending a challenge from the network to the user according to said second authentication procedure, receiving the challenge at the user and computing a response using said first credential or keying material obtained during an earlier running of said first authentication procedure, and said second credential, sending the response from the user to the network, and receiving the response within the network and using the response to authenticate the user according to said second authentication procedure. | 01-06-2011 |
20110004755 | User information providing system - In the system, when the service providing apparatus is used through the multi-functional peripheral, user authentication is performed and user information is provided to the service providing apparatus, and the authenticating apparatus holds authentication information and user information associating each information with identification information of a user, performs user authentication based on the input of the authentication information of the user for the multi-functional peripheral, transmits the identification information of the user to the multi-functional peripheral by authentication, and is allowed access to the service providing apparatus through the multi-functional peripheral by receiving the identification information, and the service providing apparatus, by receiving a service request from the multi-functional peripheral and the identification information, transmits the identification information to the authenticating apparatus, and thereby obtains user information transmitted from the authenticating apparatus. | 01-06-2011 |
20110004756 | GPS-BASED PROVISIONING FOR MOBILE TERMINALS - A computing device to enable a feature thereof according to a current location and a control method thereof, the computing device including: a location unit to determine the current location of the computing device; and a licensing unit to determine whether the current location corresponds to a predetermined authorized location, and to enable the feature if the current location corresponds to the authorized location. Accordingly, a permission to use a software feature or a hardware feature of the computing device can be controlled according to the current location of the computing device. | 01-06-2011 |
20110004757 | Apparatus, Method, System and Program for Secure Communication - Embodiments provide an apparatus, method, product and storage medium for secure communication, wherein a message is sent over a secure signalling path to a recipient, the message including a value indicating a key for encrypting or decrypting information for secure communication, or a key derivation value for deriving a key. The message further includes an indication indicating the type of usage of the value. The receiver of the message may return a message which also includes a key or key derivation value and an indication indicating the type of key or type of usage of the value. | 01-06-2011 |
20110004758 | Application Specific Master Key Selection in Evolved Networks - An authentication method comprises providing a set of N plural number of master keys both to a user terminal ( | 01-06-2011 |
20110004759 | MASS SUBSCRIBER MANAGEMENT - An authentication and mass subscriber management technique is provided by employing a key table derived as a subset of a larger key pool, a network edge device, and authentication tokens attached on both the network edge device and on a subscriber's computing device. The network edge device and subscriber's computing device are provided with secure, tamper-resistant network keys for encrypting all transactions across the wired/wireless segment between supplicant (subscriber) and authenticator (network edge device). In an embodiment of the invention, a secure, secret user key is shared between a number of subscribers based upon commonalities between serial numbers of those subscribers' tokens. In another embodiment of the invention, a unique session key is generated for each subscriber even though multiple subscribers connected to the same network connection point might have identical pre-stored secret keys. | 01-06-2011 |
20110010542 | METHOD AND APPARATUS FOR COMMUNICATION, AND METHOD AND APPARATUS FOR CONTROLLING COMMUNICATION - Method and apparatus for communication between client and service provider using external server, and a method and apparatus for controlling communication between a client and a service provider are provided. The method includes: receiving from the service provider a first authentication token indicating that the service provider has authenticated communication with the client by logging on the service provider; storing, in the external server, authentication information containing the first authentication token and additional information relating to communication with the service provider; receiving, when there is a request to access the service provider, authentication information corresponding to the request from the external server; and communicating with the service provider using the received authentication information. It is possible to alleviate the burden on a user to enter his or her ID and password, and to remove necessity for a user to enter the ID and password after registration has been performed once. | 01-13-2011 |
20110010543 | PLATFORM VALIDATION AND MANAGEMENT OF WIRELESS DEVICES - Methods, components and apparatus for implementing platform validation and management (PVM) are disclosed. PVM provides the functionality and operations of a platform validation entity with remote management of devices by device management components and systems such as a home node-B management system or component. Example PVM operations bring devices into a secure target state before allowing connectivity and access to a core network. | 01-13-2011 |
20110010544 | PROCESS DISTRIBUTION SYSTEM, AUTHENTICATION SERVER, DISTRIBUTION SERVER, AND PROCESS DISTRIBUTION METHOD - In an authentication server performing an authentication process to authenticate a user using a terminal with the terminal by means of a TLS authentication in tunnel using a TLS parameter having preliminarily been acquired, user identification information and the TLS parameter are included in a transfer request signal, and transmitted to a distribution server, when user identification information transmitted from the terminal does not exist in an authentication database. A search is conducted in a distribution server database for authentication server identification information associated with the user identification information included in the transfer request signal. The user identification information and the TLS parameter are transmitted to the authentication server assigned with the authentication server identification information that has been searched for. | 01-13-2011 |
20110010545 | PROCESSING RECORDABLE CONTENT IN A STREAM - Methods and a systems are described for processing recordable content in a broadcast stream sent to a receiver, wherein said broadcast stream is protected in accordance with a conditional access system and wherein said receiver is configured for storing and consuming content in said broadcast stream in accordance with a digital rights management system. In this methods and systems recording information is sent in one or more entitlement control messages over a broadcast network to a receiver. Using the recording information in the entitlement control messages the receiver is able to store recordable events in a broadcast stream on a storage medium and to consume said recorded events in accordance with a digital rights management system. | 01-13-2011 |
20110010546 | INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING MEDIUM AND PROGRAM - The present invention relates to an information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner. | 01-13-2011 |
20110010547 | SERVER AUTHENTICATION SYSTEM, SERVER AUTHENTICATION METHOD, AND PROGRAM FOR SERVER AUTHENTICATION - In order to complete an authentication process in shorter time in a case where there is a large number of clients which concurrently authenticate a server, the server in a server authentication system includes an address key allocation means for generating an identifier to identify each of the clients by a combination of addresses on a plurality of address spaces and allocating address keys to the respective addresses configuring the generated identifier, and a message authentication code generation means for generating message authentication codes corresponding to a message by using the address keys allocated by the address key allocation means. Each of the clients includes a server authentication means for authenticating the server based on the message authentication codes generated by the message authentication code generation means. | 01-13-2011 |
20110016314 | METHODS AND ENTITIES USING IPSec ESP TO SUPPORT SECURITY FUNCTIONALITY FOR UDP-BASED OMA ENABLES - Methods in OMA SEC_CF for providing security services to traffic over UDP between a client and a server and the relevant entities are provided. A pre-shared key is pre-shared between the client and the server. A pair of IPSec ESP SAs between the client and the server is established without shared key negotiation, wherein traffic data cryptographic algorithms are determined. Traffic data security keys are derived from the pre-shared key via the determined traffic data cryptographic algorithms. Then, data of the traffic can be provided with security services with the traffic data security keys through use of IPSec ESP. | 01-20-2011 |
20110016315 | METHOD AND SYSTEM FOR MULTIMEDIA TAGS - A multimedia data construct called a tag (FIG. | 01-20-2011 |
20110016316 | AUTHENTICATED ADVERSARIAL ROUTING - A routing protocol is used to transmit messages from a sender to a receiver over a network of nodes, where adversaries can control links between the nodes and can also control the behavior of a large number of nodes. Various techniques can be used, along or in combination, to combat these effects. In one approach, certain trigger conditions are identified, the occurrence of which signals malicious behavior within the network. When signaled, the sender requests status reports from the intermediate nodes in an effort to determine which nodes are malicious. The information for the status reports is generated by nodes as packets are passed from one node to the next. | 01-20-2011 |
20110022841 | AUTHENTICATION SYSTEMS AND METHODS USING A PACKET TELEPHONY DEVICE - Authentication systems and methods for increasing the security of online account access and transactions by leveraging the use of customer equipment provided by VoIP service providers. A method includes registering a packet telephony device with a packet telephony service provider for subsequent packet telephony communication, where the registration is based at least on an encoded encryption key. On a subsequent request to access an account, instructions are transmitted which require physical access to the packet telephony device to perform. Upon receipt of an indication that the instructions were successfully performed, the request is authenticated and access to the account is granted. Authentication may require a secure connection be automatically established between a web-enabled device and a packet telephony device. The instant disclosure leverages the security in the customer equipment hardware such as a Terminal adaptor (TA) or router so that a compromised account may be recovered. | 01-27-2011 |
20110022842 | CONTENTS TRANSMITTER APPARATUS, CONTENTS RECEIVER APPARATUS AND CONTENTS TRANSMITTING METHOD - For achieving the protection of copyright, by suppressing illegal copy production thereof, in particular, when transmitting contents with using a wired or wireless LAN, as well as, for preventing the transmission of contents from deviating from a range of a personal use thereof, a contents transmitter apparatus and a contents receiver apparatus make an authentication, mutually, before transmitting contents therebetween. At the time when conducting this authentication, measurement is made upon a time-period up to arrival of a receipt confirmation responding to the transmission of an authentication request or a response to the authentication; then, only in the case when this value measured does not exceed a predetermined upper value, the transmission is conducted on the contents encrypted, and at the same time, address information and equipment information unique to the apparatus are registered, thereby conducting the transmission of encrypted contents, but without conducting the time-measurement thereon, when transmitting the contents, again. Also, while conducting the time-measurement periodically, dynamic management is made on the registration information, so that the contents thereof are suitable for the network structure at the present. | 01-27-2011 |
20110029773 | Optical Network Terminal Management Control Interface-Based Passive Optical Network Security Enhancement - A network component comprising at least one processor coupled to a memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the attributes provide security features for the ONU and an optical line terminal (OLT). Also included is an apparatus comprising an ONU configured to couple to an OLT and comprising an OMCI ME, wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, and wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT. | 02-03-2011 |
20110029774 | SECURE COMMUNICATION BETWEEN A HARDWARE DEVICE AND A COMPUTER - A group of secret sets is provided, each set including a key and an assigned identifier. The sets are stored in a secure hardware device that can retrieve the key of any of the sets using the key's corresponding identifier. A set is stored in an application, and the application is executed on a computer coupled to the secure device. The application defines a session key, encrypts the session key using the key from the set stored in the application, generates session data including the stored set's identifier and the encrypted session key, and sends the session data to the secure device. The secure device obtains from the session data the encrypted session key and the identifier, retrieves the key corresponding to the identifier, and uses the retrieved key to decrypt the session key. The session key is then used to encrypt and decrypt communications between the secure device and the computer. | 02-03-2011 |
20110035588 | Encoding Method and Device for Securing a Counter Meter Reading Against Subsequential Manipulations, an Inspection Method and Device for Verifying the Authenticity a Counter Meter Reading - The invention relates to an encoding method for identifying a subsequential manipulation of a counter meter reading consisting, when the counter reading is increased or decreased, in activating the computation of a new encoded meter reading and in calculating a new encoded meter reading by applying a forward chain one-way function to the encoded meter reading, wherein a complex variable domain of said forward chain one-way function is included into the antecedent domain thereof. The invention also relates to a method for verifying the authenticity of a counter meter reading consisting in subtracting test meter readings based on the meter reading for obtaining the number of tests, in producing an encoded test meter reading by applying the chain one-way function to the encoded meter reading, in applying the chain one-way function with the number of tests and in comparing the test meter reading with the final encoded meter reading and, if the test meter reading defers from the final encoded meter reading, a negative status signal is emitted. An encoding system for carrying out said encoding method and a verification system for carrying out the verification method are also disclosed. | 02-10-2011 |
20110035589 | Content usage monitor - A trusted content usage monitor for monitoring content usage is provided. A unique identifier generation unit generates a unique identifier indicative of content being rendered and a packet generator generates a trusted packet comprising the unique identifier. The trusted packet is trust signed by the trusted content usage monitor, so that it can be trusted by its recipient. The trusted content usage monitor has at least one mode of operation in which content rendering cannot be decoupled from operation of the unique identifier generation unit, so that generated packets can be trusted as truly indicative of content usage. | 02-10-2011 |
20110035590 | Method and Apparatus for Connecting a Network of Electronic Signs - A method and apparatus allows owners of electronic signs, such as retailers, real estate owners, other space owners, and content providers, such as advertisers, entertainment producers, event promoters, visual artists, and the general community to participate in an open content network, in which electronic signs are universally uniquely identified and then added to a network in a distributed fashion, after which content is selectively downloaded to the electronic signs. The times at which the content is presented are determined collaboratively by the owners of the electronic signs and the content providers. A mechanism that verifies whether the content is actually presented on the electronic signs is also disclosed. | 02-10-2011 |
20110035591 | ENTERPRISE INSTANT MESSAGE AGGREGATOR - A disclosed enterprise instant messaging (IM) service aggregator enables validation of mobile stations and/or users for enterprise IM service through a wireless communication network; and in the examples, the enterprise IM service provides a secure messaging environment that allows IM traffic to/from wireless mobile stations. The security offered may be unique to and controlled by each enterprise, for example, by enabling each enterprise to generate its own encryption key for distribution through the aggregator and by allowing mobile stations to generate their own keys for distribution back through the aggregator to the enterprise IM servers. As disclosed, the login credentials are encrypted from the mobile station to the enterprise IM server. The use of standard encryption methods within the call flows allows a simple method of ensuring that only authorized users can access the enterprise servers and that the messages will be encrypted by the strongest possible means. | 02-10-2011 |
20110040969 | METHOD AND SYSTEM FOR DYNAMIC SERVICE NEGOTIATION WITH A UNIFORM SECURITY CONTROL PLANE IN A WIRELESS NETWORK - A method and system to facilitate dynamic service negotiation with a uniform and persistent security control plane in a wireless network. In one embodiment of the invention, a node in the wireless network determines each capability provided by each of one or more virtual nodes that it supports and transmits a frame that has information of each capability provided by each of the one or more virtual nodes. By combining all the information of each capability provided by each of the one or more virtual nodes into one frame, the node reduces the volume of management traffic required and increases the available usable channel bandwidth in one embodiment of the invention. | 02-17-2011 |
20110040970 | METHOD FOR VERIFYING THE CERTIFICATION OF A RECORDING APPARATUS - A method for verifying the certification of a recording apparatus ( | 02-17-2011 |
20110040971 | PORTABLE SYSTEM AND METHOD FOR REMOTELY ACCESSING DATA - Embodiments of the present invention provide a portable system and method for accessing data remotely. The system and method include a first module and a second module, each of the modules being associated with the host system, wherein the first module is capable of being connected to the host system and the second module, and the second module is capable of being connected to the remote system to establish a secure communication channel between the first and second modules across the data link to access the data. | 02-17-2011 |
20110040972 | TERMINAL FOR STRONG AUTHENTICATION OF A USER - The invention relates to a terminal ( | 02-17-2011 |
20110047377 | SECURE DIGITAL COMMUNICATIONS VIA BIOMETRIC KEY GENERATION - Systems and methods for secure communications in a communications network ( | 02-24-2011 |
20110047378 | SYSTEM AND METHOD FOR IDENTIFYING ACCOUNT AND PERIPHERAL DEVICE THEREOF - An account identification system, an account identification method, and a peripheral device thereof are provided, wherein the peripheral device has a private key. When a user is about to log into an identification server, besides identifying an account and a password of the user, the identification server further authenticates the peripheral device used by the user so as to identify the user and prevent the user's account from being misappropriated. | 02-24-2011 |
20110047379 | APPARATUS AND METHOD FOR TRANSMITTING DIGITAL MULTIMEDIA BROADCASTING DATA, AND METHOD AND APPARATUS FOR RECEIVING DIGITAL MULTIMEDIA BROADCASTING DATA - Provided are a method and apparatus for transmitting digital multimedia broadcasting data, and a method and apparatus for receiving digital multimedia broadcasting data. A basic audio signal and a multichannel audio signal are encoded to generate a basic audio stream and a multichannel audio stream, and a first data stream describing property and position data of the basic audio stream and a second data stream describing property and position data of the multichannel audio stream are transmitted as independent streams. According to the performance of the receiving apparatus, an audio signal may be decoded by using just the first data stream only or both the first data stream and the second stream. | 02-24-2011 |
20110047380 | PEER-TO-PEER NETWORK INFORMATION STORAGE - In a typical peer-to-peer network, any user of the peer-to-peer network may request a lookup of a key and its associated value. To limit access to a stored key-value pair, a user node may register a key-value pair in a peer-to-peer network associated with an access list listing those user nodes which are authorized to access the key-value pair. The access list may include one or more retrieval identifiers. To further secure the information, the retrieval identifiers and/or the payload may be encrypted. To allow the retrieving user to decrypt an encrypted payload, the payload may be encrypted using a group key associated with the stored key-value pair. The group key may be encrypted using a key known to the retrieving user. | 02-24-2011 |
20110055561 | ACCESS AUTHENTICATION METHOD SUITABLE FOR THE WIRE-LINE AND WIRELESS NETWORK - An access authentication method includes pre-establishing a security channel between the authentication server of the access point and the authentication server of the user terminal and performing the authentication process at user terminal and access point. The authentication process includes 1) the access point sending the authentication_activating message; 2) the user terminal sending the authentication server of user terminal request message; 3) the authentication server of the user terminal sending to the user terminal response message; and 4) completing the authentication. | 03-03-2011 |
20110055562 | PUBLIC KEY CERTIFICATE BASED SOCIAL WEBSITE ACCOUNT AUTHENTICATION - Methods of the present inventions allow for verifying the authenticity of social website accounts. An example embodiment of a public key certificate based social website account authentication method may comprise the steps of receiving a request (that may include a business name and a business email address) to verify the authenticity of a social website account and determining whether a public key certificate has been issued for the domain name used by the business email address. If a public key certificate has been issued, the method may further comprise determining whether the public key certificate identifies the business name and/or domain name provided in the original request. If so, the method may further comprise determining whether the business email address is under the control of the business and, if so, certifying the authenticity of the social website account. | 03-03-2011 |
20110055563 | ENCRYPTION OF SECURITY-SENSITIVE DATA BY RE-USING A CONNECTION - Techniques are provided for processing data. Connections having different security properties are stored, wherein each of the connections allows applications at the client computer to access data sources at a server computer. A request is received from an application to access a data source, wherein the request has associated security properties. In response to the client computer requesting establishment of a connection on behalf of the application, it is determined whether there is a stored connection that used a same set of security properties as are associated with the request from the application and that connected to the data source that the application requests access to. In response to determining that there is a stored connection that used the same set of security properties and that connected to the data source, the connection and an associated client encryption seed, client encryption token, server encryption seed, and server encryption token are re-used. In response to determining that there is not a connection that used the same set of security properties and that connected to the data source, a new client connection key, client encryption seed, client encryption token, sever connection key, server encryption seed, and server encryption token are generated. | 03-03-2011 |
20110055564 | METHOD AND DEVICE FOR TRANSMITTING MESSAGES IN REAL TIME - A method and system for transmitting a message in real time between users in a closed network of a vehicle ( | 03-03-2011 |
20110055565 | IMS USER EQUIPMENT, CONTROL METHOD THEREOF, HOST DEVICE, AND CONTROL METHOD THEREOF. - An IMS User Equipment (UE) is provided. The IMS UE comprises: searching means for searching, based on UPnP technology, a UPnP network for a host device that has IMS subscription information, establishing means for establishing a session with the host device discovered by the searching means, subscription retrieving means for retrieving, from the host device via the session, the IMS subscription information, registering means for registering with the IMS network using the IMS subscription information, key retrieving means for retrieving, from the host device via the session, a first encryption key shared with an IMS application server (AS) in an IMS network by sending identity of the IMS AS to the host device via the session, and communicating means for performing encrypted communication with the IMS AS using the first encryption key. | 03-03-2011 |
20110055566 | Verifying a Message in a Communication Network - A method and apparatus for verifying a request for service in a communication network. An authentication node generates a secret and transmits the secret to a node providing a service. The authentication node then receives a request for authentication from a requesting node, and once the requesting node is authenticated, the authorisation node sends an identifier for the requesting node and a first token, which is derived using the secret and the identifier. A service providing node subsequently receives a request for service from the requesting node, the request including the identifier for the requesting node and the first token. The service providing node derives a second token using the identifier and the secret. If the first token and the second token match, then the service providing node allows the request, and if the first token and the second token do not match, then the request is refused. | 03-03-2011 |
20110060906 | PROCEDE ET DISPOSITIF DE SECURISATION DE TRANSFERTS DE DONNEES - The method of securing data transfer comprises: a step of attempting to transmit a document from a document sender to at least one document recipient, by implementing at least one transmission attribute and for at least one step of attempted transmission, a step of evaluating the value of at least one transmission attribute and a step of making the evaluation of the value of the transmission attribute available to the sender. Preferably, in the course of the evaluating step, the evaluation is dependent on the anomalies of correspondence that are observed for each attempted transmission. Preferably, in the course of the evaluating step, the evaluation is, moreover, dependent on the elements provided by the recipient in the course of a step of registering with an electronic document transmission service. | 03-10-2011 |
20110060907 | METHOD FOR ANALYZING SIMULTANEOUSLY TRANSMITTED, ENCODED DATA STREAMS - In a data stream individually encoded data stream (ds | 03-10-2011 |
20110060908 | BIOMETRIC AUTHENTICATION SYSTEM FOR ENHANCING NETWORK SECURITY - A network-based biometric authentication system includes a client computer ( | 03-10-2011 |
20110066852 | DOCUMENT MANAGEMENT SYSTEM, DOCUMENT MANIPULATION APPARATUS, AND COMPUTER READABLE MEDIUM - According to an aspect of the invention, a document management system includes a protection policy storage unit, a correspondence storage unit, an embedding unit, a portable identification unit, a storage control unit, and a document manipulation unit. The document manipulation unit executes a user manipulation specified by the certain user based on a communication between the portable identification unit and the document manipulation unit. | 03-17-2011 |
20110066853 | SYSTEM AND METHOD FOR SECURELY IDENTIFYING AND AUTHENTICATING DEVICES IN A SYMMETRIC ENCRYPTION SYSTEM - The present invention describes a system and method for securely identifying and authenticating devices in a symmetric encryption system. An RFID tag can generate indicators using encryption state variables and a symmetric key. An RFID reader, after receiving the encryption state variables from the tag, may identify the tag by performing an exhaustive key search in a key database. Each key in the database may be tested by using the key and encryption state variables to perform an encryption operation similar to that performed by the tag. The result is then compared with the received tag indicators to determine if the tag has been identified. A rotor-based encryption scheme provides for a low cost key search while providing resilience against cloning, tracking, tampering and replay attacks. | 03-17-2011 |
20110066854 | METHOD FOR SECURE DYNAMIC BANDWIDTH ALLOCATION IN A TT ETHERNET - A communication method for transmitting TT Ethernet messages is a distributed real-time system, including a plurality of node computers. Each node computer has an Ethernet controller, which by way of a data line is directly connected to a port of a TTE star coupler, said port being uniquely associated with the node computer. A plurality of TTE star couplers are connected among each other by way of one or more data lines to form a TTE network. A TTE message scheduler dynamically calculates the conflict-free schedules for a number of time-controlled messages and signs the schedule provided for each node with a secret part of a public-key signature before it transmits said schedule to the corresponding node computer. Each node computer integrates the signed periodic schedule, which is transmitted to the node computer in the form of a TTE message header of an ETE message, into each dynamically calculated TTE message. The TTE star couplers check whether each dynamically calculated TTE message contains an authentically signed schedule. | 03-17-2011 |
20110066855 | AUTHENTICATION FOR DEVICES LOCATED IN CABLE NETWORKS - An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices. | 03-17-2011 |
20110072262 | System and Method for Identifying Security Breach Attempts of a Website - The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on. | 03-24-2011 |
20110072263 | Device Pairing Based on Graphically Encoded Data - In a computing device, both an address of a first device and a secret are graphically encoded to generate one or more images that can be captured by a second device. The second device captures and decodes the one or more images, and sends a communication initiation request to the address of the first device. The communication initiation request includes the address of the second device and identifies the secret. Communication between the first and second device continues only if the first device verifies, based on the communication initiation request, that the second device knows the secret. | 03-24-2011 |
20110072264 | Secure information storage and retrieval apparatus and method - A user using a client computer registers with a server computer over a computer network by submitting a biometric scan of a body part of the user. The user commands the client computer to encrypt an electronic file. The client computer generates a private key, encrypts the electronic file and transmits the key to the server computer. The client computer saves the encrypted file. The encrypted file and the key are saved at different physical locations. The owner of the file is able to grant permission to other registered users to unlock the encrypted file. | 03-24-2011 |
20110072265 | System And Method Of Non-Centralized Zero Knowledge Authentication For A Computer Network - Zero-knowledge authentication proves identity without revealing information about a secret that is used to prove that identity. An authentication agent performs authentication of a prover agent without knowledge or transfer of the secret. A non-centralized zero-knowledge authentication system contains multiple authentication agents, for access by multiple computers seeking access on a computer network through local prover agents. Once authenticated, those multiple computers may also implement authentication agents. The secret may periodically expire by publishing a new encrypted secret by a trusted source, thwarting attempts to factor or guess information about the secret. | 03-24-2011 |
20110078440 | METHOD AND APPARATUS TO IMPLEMENT VALID MOBILE TICKET TRANSFER - Computer-implemented methods and apparatus to perform a valid transfer of an electronic mobile ticket on a mobile device by a ticketing application system of a ticket processing center. One method includes: receiving a first electronic message from a first user, where the first message includes an encrypted electronic mobile ticket and a mobile device number of a second user, and where the electronic mobile ticket is encrypted with a key shared between the first user and the ticketing application system; decrypting the encrypted electronic mobile ticket; generating an electronic mobile ticket encrypted with a key shared by the ticketing application system and the second user; and transmitting a second electronic message that includes the electronic mobile ticket encrypted with the key shared between the ticketing application system and the second user to a mobile device of the second user. | 03-31-2011 |
20110078441 | SYSTEMS AND METHODS FOR WIRELESS PROCESSING AND MEDICAL DEVICE MONITORING VIA REMOTE COMMAND EXECUTION - A method according to the present invention includes receiving data wirelessly from a medical device, transmitting the data to an intermediary device, formatting a message including the received data for transmission to a medical data server, and receiving a command from the medical data server. Commands from the medical data server can be used for the authentication, configuration, and control of the medical device, intermediary device or another device operating in conjunction with the present invention, as well as to achieve other purposes. This method can be practiced automatically to allow a medical device for a patient or other subject to be monitored without requiring the patient to manually enter information. | 03-31-2011 |
20110078442 | METHOD, DEVICE, SYSTEM AND SERVER FOR NETWORK AUTHENTICATION - A method, a device, a system and a server for network authentication are provided. The method includes: receiving a user authentication request forwarded by a second Access Management Functional Entity (AM-FE) when a user is attached to the second AM-FE from a first AM-FE; obtaining an authentication key of a security domain of the second AM-FE according to the user authentication request; and authenticating the user by using the authentication key. The following problems are solved: packets of user services are lost and even services are temporarily interrupted because of long time consumption and poor security during intra-domain or inter-domain handover of the user. Therefore, the safe authentication of the user's intra-domain or inter-domain roaming is achieved, and thus the security and reliability of user authentication are improved. | 03-31-2011 |
20110083013 | PRIVACY VAULT FOR MAINTAINING THE PRIVACY OF USER PROFILES - Methods, systems, and computer-readable media for facilitating personalization of web content is provided, while protecting the privacy of the user data utilized to personalize the user's experience. A privacy vault may collect user data including user activity data, demographic data, and user interests submitted by a user. In one embodiment, the privacy vault operates on a user client device. The privacy vault sends the user data to a community vault that collects user data from multiple users. The community vault generates segment rules that whether a user belongs to a user segment, which expresses a user's interest. The segment rules are then communicated back to the privacy vault, which assigns one or more user segments to the user based on the user data available to the privacy vault and the segment rules. The privacy vault may communicate user segments to one or more content providers that supply personalized content that is selected based on the user segments provided. | 04-07-2011 |
20110083014 | METHOD AND APPARATUS FOR GENERATING TEMPORARY GRUU IN IMS SYSTEM - There is provided a method and apparatus for generating a temporary Globally Routable User Agent URI (GRUU) in an IP Multimedia Subsystem (IMS) system. The method and apparatus can generate a temporary GRUU without the need to generate and manage a separate database (DB). Since the previously registered user's aor and Instance Id cannot be found if a DB managing an I value I_i and an aor-Instance Id pair is lost, the method generates a temporary GRUU based on the current timestamp, an Address Of Record (aor) and an Instance Id (or Private User Identity). | 04-07-2011 |
20110087884 | Methods and Systems for Improving the Security of Password-Based Authentication Protocols for IEEE 802.11 Networks - A password element is generated for a station running an Elliptic Curve Cryptography (ECC) or a Finite Field Cryptography (FFC) group based password authenticated protocol. A password element is multiplied by a cofactor to generate a modified password element for the ECC group. The station verifies that the modified password element is not equal to a point at infinity for the ECC group. A password element is generated by exponentiating a password value to a power t, where t=(p−1)/r, p and r are primes, and r has a bit length of at least 160 bits for the FFC group. A commit-element parameter is generated using a temporary secret value and the ECC modified password element or the FFC password element, and is then transmitted to another station in a commit message. The receiving station checks if the received commit-element parameter has desired properties before continuing with the protocol. | 04-14-2011 |
20110087885 | METHOD AND APPARATUS FOR EFFICIENT AND SECURE CREATING, TRANSFERRING, AND REVEALING OF MESSAGES OVER A NETWORK - An encryption based method of enabling a plurality of parties to share, create, hide, or reveal message or token information over a network includes a commutative group cipher (CGC), where the underlying CGC is secure against ciphertext-only attack (COA) and plaintext attacks (KPA), and is deterministic. The protocols doe not require a trusted third party (TTP), and execute rapidly enough on ordinary consumer computers as to be effective for realtime play among more than two players. Protocols are defined which include VSM-L-OL, VSM-VL, VSM-VPUM, and VSM-VL-VUM, wherein the letters V, O, SM, P, and UM represent, respectively, Verified, Locking Round, Open, Shuffle-Masking Round, Partial, and Unmasking Round. | 04-14-2011 |
20110093702 | IMAGE FORMING APPARATUS - An image forming apparatus includes a main controller unit provided in a main body of the image forming apparatus. The main controller includes a replacement component management memory to store lifespan information of a replacement component is provided in An authentication operation is performed with respect to the replacement component management memory, and the lifespan information of the replacement component is encrypted and stored in the replacement component management memory. Accordingly, the security of the main controller unit may be enhanced and illegal use of the replacement component may be prevented. | 04-21-2011 |
20110093703 | Authentication of Computing and Communications Hardware - A method for authenticating a computing device or hardware component includes computer-implemented process steps for assigning a unique identifier to the hardware component, generating a baseline fingerprint for the hardware component using algorithm-processing characteristic configuration data determined from the hardware component as input, wherein the baseline fingerprint is capable of being regenerated from the hardware component so long as configuration of the hardware component is not changed, transmitting the identifier in association with the baseline fingerprint for storage in a computer-readable data structure, and generating a data signal, in response to a query comprising the assigned identifier, indicating whether the stored baseline fingerprint for the assigned identifier matches a second fingerprint regenerated from the hardware component at a time after the baseline fingerprint is generated. | 04-21-2011 |
20110093704 | METHOD AND APPARATUS FOR PROVIDING SERVICE USING PERSONAL NETWORK - A method and apparatus in which a device capable of near-field communication receives a service from an external network using a communication function of a device capable of accessing the external network. A personal network is formed with devices having different users, and subscriber information for each user is safely acquired and authenticated, making it possible to provide a service received from the external network to the devices included in the personal network more conveniently. | 04-21-2011 |
20110093705 | METHOD, DEVICE, AND SYSTEM FOR REGISTERING USER GENERATED CONTENT - A method, a device, and a system for registering user generated content (UGC) are provided. The method for registering UGC includes the following steps. A content registration request is received, in which the content registration request carries a UGC and a guarantee credential corresponding to the UGC, and the guarantee credential is generated by a third party network entity. The UGC is registered according to the guarantee credential. The device and the system correspond to the method. Therefore, the registration of UGC is realized with a simple, feasible, and diversified registration method. | 04-21-2011 |
20110093706 | ENCRYPTION DEVICE, KEY DISTRIBUTION DEVICE AND KEY DISTRIBUTION SYSTEM - A key distribution system distributes key data for using content to a second encryption device that has been legitimately outsourced processing by a first encryption device. The first encryption device acquires permission information indicating that the first encryption device has permission to use the content, generates certification information by making an irreversible alteration the to permission information, and transmits the permission information and the certification information to the second encryption device. The second encryption device receives the permission information and the certification information, sends them to a key distribution device, and acquires the key data from the key distribution device. The key distribution device receives the permission information and the certification information, judges whether or not the certification information was generated by the by the first encryption device, and if judging in the affirmative, transmits the key data to the second encryption device. | 04-21-2011 |
20110093707 | TECHNIQUES FOR SECURING CONTENT IN AN UNTRUSTED ENVIRONMENT - Techniques for securing content in an untrusted environment are provided. Content is encrypted and stored with a content delivery service in an encrypted format. Encrypted versions of a content encryption/decryption key and a first key are also housed and distributed by the content delivery service. The first key is used to decrypt the encrypted version of the content encryption/decryption key. The content delivery service is unaware of the content encryption/decryption key and the first key; and the content held by the content delivery service is encrypted with the content encryption/decryption key. Principals securely share, create, manage, and retrieve the encrypted versions of the content encryption/decryption key and the first key from the content delivery service using secure communications. The encrypted content is obtainable via insecure communications from the content delivery service. | 04-21-2011 |
20110093708 | METHOD FOR PERSONALIZING AN AUTHENTICATION TOKEN - An authentication token using a smart card that an organisation would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. The smart card co-operates with an interface device for inputting the user input and displaying the one-time password. The authentication token may be used in combination with a remote authentication server for validation of the password and hence authentication of the user. | 04-21-2011 |
20110093709 | Providing Social-Network Information to Third-Party Systems - Particular embodiments receive, at a first computing device associated with a social-networking system and from a second computing device associated with a third-party system, a query comprising a first identifier corresponding to a user of the third-party system, wherein the first identifier is computed by applying a hash algorithm to a user credential associated with the user of the third-party system; determine, by the first computing device, whether the user of the third-party system matches any member of the social-networking system; and if the second identifier corresponding to a member of the social-networking system matches the first identifier, then send, by the first computing device to the second computing device, social-network information of the member of the social-networking system in response to the query. | 04-21-2011 |
20110099371 | AERONAUTICAL SECURITY MANAGEMENT OVER BROADBAND AIR/GROUND NETWORK - A method to facilitate securing of air-to-ground communications for an aircraft is provided. The method includes receiving security management information at the aircraft via at least one broadband data link prior to takeoff of the aircraft. The security management information is received for ground entities that can be communicatively coupled with the aircraft traveling on a flight path. The method of securing avionics also includes validating the security management information for the ground entities, and storing the validated security management information for the ground entities in the aircraft. The validating and storing of security management information occur prior to takeoff of the aircraft. | 04-28-2011 |
20110099372 | METHOD AND SYSTEM FOR PROVIDING PEER-TO-PEER VIDEO ON DEMAND - A method in which user generated video content is distributed over a peer to peer network as video on demand. Video is rendered during download and a user may request a specific point in the video content and that point and all subsequent video content will be downloaded and rendered first via the peer to peer network. | 04-28-2011 |
20110099373 | Digital Broadcasting System and Method of Processing Data in Digital Broadcasting System - A digital broadcasting system and a method for processing data in the same are disclosed. A method for controlling a digital television (DTV) located in one independent space among a plurality of independent spaces physically separated from one another is disclosed. The DTV includes an access point (AP) card. The method includes receiving independent space identification information recorded in a storage area of a compact wireless device and a wired equivalent privacy (WEP) key value of the AP card, receiving the WEP key value corresponding to the AP card of the DTV from a management server, comparing the WEP key value received from the compact wireless device with the WEP key value received from the management server, receiving first checklist information associated with the use of the independent space from the management server, if the WEP key values are identical to each other, displaying the received first checklist information, and transmitting second checklist information, in which one or more elements of the displayed first checklist information is marked, to the management server. | 04-28-2011 |
20110099374 | AUTHENTICATION OF A SECURE VIRTUAL NETWORK COMPUTING (VNC) CONNECTION - A secure Virtual Network Computing (VNC) connection between a server and a client is authenticated using a series of message exchanges. A server receives a request from a client to establish a VNC connection. If the request indicates that the client supports an encryption scheme, the server provides a first set of mechanisms for a subsequent authentication process. If the request indicates that the client does not support the encryption scheme, the server provides the client a second set of mechanisms for the subsequent authentication process. The second set contains fewer mechanisms than the first set. The client chooses an authentication mechanism from the first set or the second set provided by the server. The server and the client then perform the subsequent authentication process, using the authentication mechanism chosen by the client, with a series of message exchanges. | 04-28-2011 |
20110099375 | System and Method for Managing Security Testing - The subject matter relates generally to a system and method for managing security testing. Particularly, this invention relates to maintaining a security database by correlating multiple sources of vulnerability data and also to managing security testing from plural vendors. This invention also relates to providing secure session tracking by performing plural authentications of a user. | 04-28-2011 |
20110107091 | Secure communication between client device and server device - A user is enabled to select one or more client devices from a number of client devices and to select one or more server devices from a number of server devices. Secure communication is to occur between each selected client device and each selected server device. For each unique pair of a selected client device and a selected server device, a validation of a security configuration of the selected client device and a security configuration of the selected server device is performed, to determine whether secure communication can occur between the selected client device and the selected server device. Where the validation has failed, reconfiguration of one or more of the selected client device and the selected server device is performed so that secure communication can occur between the selected client device and the selected server device. | 05-05-2011 |
20110107092 | PERFORMANCE BASED AUTHENTICATION METHOD AND APPARATUS FOR SECURE COMMUNICATION - An apparatus includes a first module and a second module. The first module provides a challenge. The second module performs a signature function in response to the challenge. The first module authenticates the second module based on a time required by the second module to complete the signature function and/or an amount of power consumed by the second module to complete the signature function. | 05-05-2011 |
20110107093 | System and Method for Providing an User's Security when Setting-up a Connection Over Insecure Networks - A method for setting up a secure communication line between a user and a service provider using non-secure communication channels within an insecure network, comprising the steps of transmitting an identity token from a user station to a service provider station both coupled to the insecure network; upon reception of the identity token, triggering the creation of a secret URL by the service provider station; transmitting the secret URL within a secure side channel to the user station; obtaining, within the user station, the secret URL, and setting-up a new communication path in the insecure network linking the user and the service provider station based on said secret URL. Beside discarding a man-in-the-middle by denying him access to the data flow it is also possible to stop him through denying him access to the content of the data flow. Such access can be denied through use of a one-time codebook with semantics only known to the User and the authentication service provider. | 05-05-2011 |
20110107094 | DISTRIBUTED STORAGE NETWORK EMPLOYING MULTIPLE ENCODING LAYERS IN DATA ROUTING - A distributed storage processing unit creates multiple different data slices from the same data object, and generates a message including one or more of the different data slices. The distributed storage processing unit identifies a chain of distributed storage units, and encrypts the message into multiple nested layers using, for example, public keys of public/private key pairs associated with each of the storage units in the chain. The distributed storage processing unit sends the layered, encrypted message to the first storage unit in the chain, which decodes and removes the outermost layer, and forwards the message to the next storage unit in the chain. This process continues until the message reaches the endpoint distributed storage unit, which decodes the innermost layer and stores the data slice encoded in the message. | 05-05-2011 |
20110107095 | SYSTEM AND METHOD FOR OBTAINING AN AUTHORIZATION KEY TO USE A PRODUCT - A system and method for obtaining an authorization key to use a product utilizes a secured product identification code, which includes a serial number and at least one code that is generated based on a cryptographic algorithm. | 05-05-2011 |
20110107096 | Method, apparatus and system for managing DRM content - A method and an apparatus manages DRM (digital rights management) content with a forward lock so that the DRM content can also be used in other devices. The method comprises receiving DRM content with a forward lock from a content provider server. The DRM content is encoded by using an encoding key based on a user input such that the encoded DRM content cannot be decoded by another device without the encoding key. The encoded DRM content is transmitted to another mobile device after establishing a communication channel with the other mobile device. | 05-05-2011 |
20110107097 | METHOD FOR ENCODED DATA EXCHANGE AND COMMUNICATION SYSTEM - In a system and method for encrypted data exchange between entities (users) of a communication system using cryptography based on elliptic curves, in response to a challenge of a first user a scalar multiplication is calculated by the second user, wherein only part of the result of the scalar multiplication is sent back as response to the first user. | 05-05-2011 |
20110107098 | Methods and Systems for Controlling Traffic on a Communication Network - Methods and systems for controlling traffic on a communication network are provided. In accordance with some embodiments, methods for controlling traffic on a communication network are provided, the methods comprising—receiving, at a processor in a receiver, a query message for permission to send a data flow to the receiver; sending a permission message from the receiver; defecting that at least one of a message and a data packet being sent to the receiver has been dropped; and causing the path for sending the data flow to be changed. | 05-05-2011 |
20110113244 | STATELESS CRYPTOGRAPHIC PROTOCOL-BASED HARDWARE ACCELERATION - According to one embodiment of the invention, a network device comprises a first processing element and a second processing element. The first processing element is adapted to handle an authentication handshaking protocol, such as the SSL/TLS Handshake, and upon receipt of a Client Key Exchange message, passes control of the authentication handshaking protocol to the second processing element. The second processing element completes the authentication handshaking protocol. | 05-12-2011 |
20110113245 | ONE TIME PIN GENERATION - A method and system is provided for generating a one-time passcode (OTP) configured for use as a personal identification number (PIN) for a user account from a user device. The OTP may be generated using an OTP generator which may include an algorithm an user account-specific OTP key. The OTP key may be camouflaged by encryption, obfuscation or cryptographic camouflaging using a PIN or a unique machine identifier defined by the user device. Obtaining an OTP from the user device may require inputting a data element which may be one of a PIN, a character string, an image, a biometric parameter, a user device identifier such as an machine effective speed calibration (MESC), or other datum. The OTP may be used for any transaction requiring a user PIN input, including ATM and debit card transactions, secure access and online transactions. | 05-12-2011 |
20110113246 | SECURE DATA TRANSFER USING AN EMBEDDED SYSTEM - A method and device for securing data transmission via an embedded system that is operationally coupled to a local device and a remote computing system using a network is provided. The method includes, determining if data received from the remote computing system is secured, handshaking with the remote computing system if the data received is from a new connection; decrypting the secured data; and transmitting the decrypted data to the local device. The method also includes, determining if the data received from the local device is from a new connection, handshaking with the remote computing system if the data received is from a new connection; encrypting the data; and transmitting the encrypted data to the remote computing system. A receiving module determines whether input data needs to be encrypted or decrypted; a processing module for encrypting and/or decrypting input data; and an output module for transmitting encrypted and/decrypted data. | 05-12-2011 |
20110113247 | AUTOMATICALLY RECONNECTING A CLIENT ACROSS RELIABLE AND PERSISTENT COMMUNICATION SESSIONS - The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. The method includes providing a first connection between a client and first protocol service and a second connection between the first protocol service and a host service. The first protocol service detects a disruption in the first connection. The client re-establishes the first connection between the client and the first protocol service while maintaining the second connection between the first protocol service and the host service. The first protocol service receives a ticket associated with the client and validates the ticket. The first protocol service links the re-established first connection to the maintained second connection after the ticket is validated. | 05-12-2011 |
20110113248 | Leak-Resistant Cryptographic Token - Chip cards are used to secure credit and debit payment transaction. To prevent fraudulent transaction, the card must protect cryptographic keys used to authenticate transactions. In particular, cards should resist differential power analysis and/or other attacks. To address security risks posed by leakage of partial information about keys during cryptographic transactions, cards may be configured to perform periodic cryptographic key update operations. The key update transformation prevents adversaries from exploiting partial information that may have been leaked about the card's keys. Update operations based on a hierarchical structure can enable efficient transaction verification by allowing a verifying party (e.g., an issuer) to derive a card's current state from a transaction counter and its initial state by performing one operation per level in the hierarchy, instead of progressing through all update operations performed by the card. | 05-12-2011 |
20110119488 | METHOD AND SYSTEM FOR FACILITATING THROTTLING OF INTERPOLATION-BASED AUTHENTICATION - One embodiment provides a system that facilitates throttling of interpolation-based authentication at a client. During operation, the system receives data points encrypted with a public key associated with a throttle server. The system then applies offsets to the data points, wherein a respective offset for a data point is associated with a user input. The system blinds the offset data points, and sends to the throttle server the blinded offset data points, thereby allowing the throttle server to perform an interpolation on the blinded offset data points and maintain a count of interpolation attempts from the client. Subsequently, the system receives from the throttle server an evaluation point based at least on the interpolation. In response, the system unblinds the evaluation point, and uses the unblinded evaluation point as a secret for a subsequent authentication process. | 05-19-2011 |
20110126009 | Event Triggered Pairing of Wireless Communication Devices Based on Time Measurements - An event-triggered pairing mechanism allows pairing wireless devices having short range interfaces (e.g., Bluetooth devices) by bumping the wireless devices together. A wireless device being paired with a connecting device detects a bump event; exchanges time information about the bump event with the connecting device; authenticates the connecting device based on the exchanged time information; and allows exchange of user data with the connecting device based on verification of the exchanged time information. Once the devices are paired, user content can be securely exchanged between the devices. | 05-26-2011 |
20110126010 | SERVER, SYSTEM AND METHOD FOR MANAGING IDENTITY - Disclosed herein is a system and method for managing identity. The system includes a mobile terminal, a web server, and a service terminal. The mobile terminal includes a smart card on which a management server for managing user identity is mounted. The web server generates the user identity and provides the generated identity to the management server over a wired/wireless network. The service terminal receives a required identity from the mobile terminal using Near Field Communication (NFC). | 05-26-2011 |
20110126011 | METHOD OF USER-AUTHENTICATED QUANTUM KEY DISTRIBUTION - A method of user-authenticated quantum key distribution according to the present invention shares a position having the same basis without making public basis information using previously shared secret keys and authenticates a quantum channel by confirming whether there is the same measured outcome at that position, in order to secure unconditional security of BB84 quantum key distribution (QKD) protocols vulnerable to man-in-the-middle attack. | 05-26-2011 |
20110126012 | METHOD AND SYSTEM FOR SECURE DATA COLLECTION AND DISTRIBUTION - A data provider generates a data encryption key and an identifier, uses the data encryption key to encrypt data, sends the encrypted data and the identifier to a data requestor, and sends the data encryption key and the identifier to a crypto information server. The data requestor sends the identifier to the crypto information server to request the encryption key. The crypto information server authenticates the data requestor and, contingent on that authentication, sends the data encryption key to the data requestor. If a plurality of data instances are captured, then for each instance, a respective data encryption key and identifier are generated. | 05-26-2011 |
20110126013 | Systems and Methods to Securely Generate Shared Keys - A method for secure bidirectional communication between two systems is described. A first key pair and a second key pair are generated, the latter including a second public key that is generated based upon a shared secret. First and second public keys are sent to a second system, and third and fourth public keys are received from the second system. The fourth public key is generated based upon the shared secret. A master key for encrypting messages is calculated based upon a first private key, a second private key, the third public key and the fourth public key. For re-keying, a new second key pair having a new second public key and a new second private key is generated, and a new fourth public key is received. A new master key is calculated using elliptic curve calculations using the new second private key and the new fourth public key. | 05-26-2011 |
20110131411 | Secure content based routing in mobile ad hoc networks - The present invention describes methods and systems for information dissemination in mobile ad hoc networks founded on Content Based Routing. The method comprises generating a first data packet at a source node, encoding, via an encoding logic within the source node, a plurality of information categories associated with the first data packet in a header of the first data packet, encrypting the first data packet with an encryption key unique to the plurality of information categories, generating a second data packet having a unique dissemination group identity in its header and the encrypted first data packet as a payload of the second data packet, disseminating the second data packet across a dissemination mesh, and receiving the second data packet at a destination node. The system comprises a host within the source node that generates a first data packet comprising a first packet header and the content within a first payload of the first data packet, an identity generator within the source node to receive the first data packet and to generate a dissemination group identity for a dissemination group, an encoding unit to encode within the first packet header a plurality of information categories associated with the content, an encryption unit for encrypting the first data packet with an encryption key unique to the dissemination group identity, such that a second data packet is formed, the second data packet having in a second header the dissemination group identity and in a second payload the encrypted first data packet, and a routing unit to disseminate the second data packet to the dissemination mesh. | 06-02-2011 |
20110131412 | HTTP HEADER COMPRESSION - Techniques for HTTP header compression are described herein. In an implementation, an electronic device may be configured to enable compression/decompression of HTTP messages, including compression/decompression of information in the headers of the messages. A HTTP message is generated that contains at least a header and a body. The HTTP message is reformatted to place at least some of the header information into the body. Then, the body of the reformatted message having the header information is compressed to form a compressed HTTP message. Decompression may be applied by a recipient of the compressed HTTP message to reconstruct the original HTTP message. | 06-02-2011 |
20110131413 | APPARATUS AND METHOD FOR DYNAMIC UPDATE OF SOFTWARE-BASED IPTV CONDITIONAL ACCESS SYSTEM - The apparatus for dynamic update of a software-based IPTV conditional access system includes: a server master key manager managing a master key and encrypting a conditional access code ID; a conditional access server manager generating and managing a server list, linking and storing an update policy with the conditional access server IDs included in the server list, and controlling execution of the conditional access server; and a conditional access code download server generating an ID map of set of conditional access codes by combining the plurality of conditional access codes and the plurality of conditional access code IDs that are encrypted, and transmitting the ID map of set of conditional access codes and the conditional access code to a receiver. | 06-02-2011 |
20110138175 | MANAGED VIRTUAL POINT TO POINT COMMUNICATION SERVICE HAVING VERIFIED DIRECTORY, SECURE TRANSMISSION AND CONTROLLED DELIVERY - A system for providing a managed virtual point to point communication service having a verified directory and providing secure transmission and controlled delivery of electronic document images may include a memory, an interface, and a processor. The memory may store a verified directory of users. The interface may communicate with devices of sending and receiving users in the verified directory. The processor may be operative to receive a request to deliver an electronic document image from a sending user to a receiving user. The processor may provide secure access to the electronic document image to the receiving user. The processor may provide a delivery confirmation to the sending device of the sending user upon determining that the electronic document image was securely accessed by the receiving user. The delivery confirmation may indicate that the electronic document image was securely transmitted to the receiving user. | 06-09-2011 |
20110138176 | SYSTEMS AND METHODS FOR FACILITATING USER IDENTITY VERIFICATION OVER A NETWORK - In accordance with embodiments of the present disclosure, systems and methods for facilitating network transactions including user identity verification over a network provide strong mutual authentication of client web application to server side application server, provide session encryption key negotiation after authentication to continue encryption during communication, and provide a high-level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm. In various implementations, the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password) with something the user Has (e.g., a biometric signature) to create a stronger identity authentication proof for access to a mobile device and applications running on that device. | 06-09-2011 |
20110138177 | ONLINE PUBLIC KEY INFRASTRUCTURE (PKI) SYSTEM - A method is provided for updating network-enabled devices with new identity data. The method includes requesting new identity data for a plurality of network-enabled devices and receiving notification that the new identity data is ready to be delivered to the plurality of network-enabled devices. A software object is delivered to the plurality of network-enabled devices over a first communications network. Each of the software objects is configured to cause the network-enabled devices to download the new identity data to the respective network-enabled device over a second communications network and install the new identity data at a time based at least in part on information included with the software object. | 06-09-2011 |
20110138178 | SYSTEM AND METHOD FOR CONTROLLING DATA COMMUNICATIONS BETWEEN A SERVER AND A CLIENT DEVICE - A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form. | 06-09-2011 |
20110138179 | Scalable Session Management - Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers. | 06-09-2011 |
20110138180 | SECURE METHOD OF TERMINATION OF SERVICE NOTIFICATION - A method for notifying a client device of termination of at least one service provided to the client device by a server system within an enterprise network is disclosed. The method includes the step of establishing authentication data and notification data, where the authentication data is related to the notification data, and sending the authentication data to the client device for storage during a provisioning operation. When the server system identifies a termination of service, it sends the notification data to the client device, which may then authenticate the received notification data using the authentication data. | 06-09-2011 |
20110138181 | MULTI-PARTY ENCRYPTION SYSTEMS AND METHODS - A cryptographic communication system and method having a first plurality of stations, each of the first plurality of stations having at least one encryption key K | 06-09-2011 |
20110138182 | Method for Generating a Cipher-based Message Authentication Code - In a method for generating a cipher-based message authentication code, a state array ( | 06-09-2011 |
20110145575 | Secure Bootstrapping Architecture Method Based on Password-Based Digest Authentication - The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server. | 06-16-2011 |
20110145576 | Secure method of data transmission and encryption and decryption system allowing such transmission - A secure transmission is performed between at least one sender and one recipient, a method of which includes: a step of authenticating the sender to a trusted network to request the encryption of the data; a step of encryption of the data by the trusted network with the aid of an encryption key; a step of slicing the encryption key into arbitrary blocks; a step of storing the blocks in a memory space; a step of generation of an index including the sequence of addresses of the blocks in the memory space; a step of delivery, by the trusted network, of the encrypted data and of the index to the sender; the encrypted data and the index being transmitted to the recipient via a network, the recipient being able to authenticate himself with the trusted network to provide it with the encrypted data and the index, the trusted network reconstructing the encryption key on the basis of the index to decrypt the encrypted data and restoring the decrypted data to the recipient. | 06-16-2011 |
20110145577 | System and Method for a Variable Key Ladder - A method and apparatus is described that may receive a data message and storing configuration data. The method and apparatus may also select between a first device key and a second device key depending upon the configuration data and decrypt at least a portion of the data message using a key ladder that includes the selected first or second device key. | 06-16-2011 |
20110154033 | ONLINE STORAGE SERVICE SYSTEM AND ITS DATA CONTROL METHOD - A WEB service providing server can execute WEB service processing using data provided by an online storage service providing server, and leaking of data at the WEB service providing server can be prevented. | 06-23-2011 |
20110154034 | DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTIONS - A secure mobile financial transaction is provided by receiving a list of protection methods from an external terminal over a communication network. A matrix of protection methods corresponding to the external terminal is created based on the identified protection methods. Security-related information is received from one or more trust mediator agents over the communication network. Rules corresponding to the received security related information are retrieved, and at least one protection method is selected from the matrix of protection methods based on the retrieved rules. The selected protection method is transmitted to the trust mediator agents for implementation. | 06-23-2011 |
20110154035 | Method and apparatus for client-driven profile update in an enterprise wireless network - A technique for allowing client-driven profile updates in a wireless network uses a shared character password and a shared image that is known by both a client device and a network server. In some embodiments, a random character table is generated by a client device and is used, along with the shared character password and shared image, to calculate a one-time password (OTP). The OTP is then used to both encrypt and sign a new security profile to be delivered to the network server in a profile update request. The server may then generate the same OTP using information within the request and the shared character password and shared image. The new profile may then be decrypted and validated within the server. | 06-23-2011 |
20110154036 | Method For Implementing Encryption And Transmission of Information and System Thereof - The invention discloses a method for implementing encryption and tranmission information and system thereof. The method comprises the following steps when a sender sends information to a receiver: a client of the sender encrypts the information by using a unique identifier of a receiver identity as a public key; the sender sends the encrypted information to the receiver; the receiver receives the encrypted information, and a client of the receiver performs decryption by using a user private key; wherein the client of the receiver obtains the user private key by one-off registration and the user private key matches with the unique identifier of the receiver identity. The system comprises an information transmission platform, a sender and a receiver connected to each other by the information transmission platform, clients provided in the sender and the receiver, and a registration component. According to the present invention, secure communication between the sender and the receiver is realized without a process of establishing any initial key, and the negotiation process between the sender and the receiver before encryption/decryption and the interactions with any other entities during every encryption/decryption procedure are avoided. | 06-23-2011 |
20110154037 | SECURE DIGITAL COMMUNICATIONS - There is disclosed a method in a communications system for enabling authentication of a sender device and a receiver device in the communication system, wherein the sender device is associated with a self-generated first identity and a first master device, the receiver device is associated with a self-generated second identity and a second master device and wherein the authentication is enabled by utilizing the first master device and the second master device for the sender device and the receiver device to verify the identities of each other. In one embodiment, both the sender device and the receiver device are also associated with a third device ant the third device is used in addition to the master devices for verifying said identities. There is also disclosed a method In a sender device, a method in a receiver device, a method in a third device, a sender device, a receiver device, a third device, and a computer program product for the same. | 06-23-2011 |
20110161667 | TRUSTED GRAPHICS RENDERING FOR SAFER BROWSING ON MOBILE DEVICES - The present disclosure describes a method and apparatus for determining a safety level of a requested uniform resource locator (URL) on a mobile device. Secure memory may be configured to host at least one database comprising a plurality of uniform resource locators (URLs) and to also host information representing at least one logo indicative of a safety level of the URLs in the database. Secure circuitry may be configured to compare a requested URL with the database to determine if the requested URL corresponds to one of the URLs of the database and to select an appropriate logo stored in the secure memory. The secure circuitry may be further configured to direct overlay circuitry to blend the appropriate logo onto rendered data from a frame buffer video memory for display to a user. | 06-30-2011 |
20110161668 | METHOD AND DEVICES FOR DISTRIBUTING MEDIA CONTENTS AND RELATED COMPUTER PROGRAM PRODUCT - A method of distributing media content over networks where content is shared includes coupling downloading metadata, which is accessed to start downloading media contents from the network, with semantic metadata representative of the semantic information associated with at least one of the content, and with source metadata indicative of the source of the media content. At least one of the semantic and the source metadata may be made accessible without downloading, even partially, the media content. A digital signature may also be applied to the metadata to enable the verification that, at reception, the metadata is intact and has not been subjected to malicious tampering. | 06-30-2011 |
20110161669 | System and Method for Enabling Device Dependent Rights Protection - A system and method for enhancing the protection of digital properties while also increasing the flexibility of distribution of the digital properties. In one embodiment, the digital property is protected through the binding of at least one unique client device identifier with the digital property prior to distribution. Decryption at a client device would therefore be dependent on a comparison of the unique client device identifier that is extracted from the encrypted digital property with a unique client device identifier of the device that is seeking to access the digital property. | 06-30-2011 |
20110167262 | IDENTIFICATION AND AUTHORIZATION OF COMMUNICATION DEVICES - A method implemented by a wearable wireless communication device (“WWCD”) includes detecting a connection between the WWCD and an accessory device. The WWCD accesses a memory location in the accessory device, the memory location being designated for storing brand data indicating a brand identity associated with the accessory device. The WWCD determines a brand status of the accessory device based on data, if any, accessed from the memory location in the accessory device. The WWCD also determines one or more interactions permitted between the WWCD and the accessory device based at least in part on the brand status of the accessory device. | 07-07-2011 |
20110167263 | WIRELESS CONNECTIONS TO A WIRELESS ACCESS POINT - A method and apparatus for establishing a wireless connection. A digital certificate having a second name is obtained by a processor unit in response to receiving a selection of a network using a first name broadcast by a wireless access point. A determination is made by the processor unit as to whether the digital certificate is valid. A determination is made by the processor unit as to whether the second name in the digital certificate matches the first name broadcast by the wireless access point. The processor unit establishes the wireless connection to the wireless access point in response to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point. | 07-07-2011 |
20110167264 | DECRYPTION-KEY DISTRIBUTION METHOD AND AUTHENTICATION APPARATUS - A decryption key for decrypting data from an access node is distributed to an access terminal intending to receive the data. An authentication unit receives a message for terminal authentication including a terminal identifier from the terminal and authenticates the terminal. The authentication unit refers to a content registration table having stored in advance the content type of a content which the terminal can receive, in association with the terminal identifier, according to the received terminal identifier to obtain a corresponding content type. The authentication unit refers to a decryption data base having stored in advance a decryption key and its valid period in association with a content type, according to the obtained content type to obtain a corresponding decryption key and valid period. The authentication unit sends an authentication result and the decryption key and valid period to the terminal or to a packet control unit. | 07-07-2011 |
20110167265 | CRYPTOGRAPHIC POLICY ENFORCEMENT - Objects can be extracted from data flows captured by a capture device. In one embodiment, the invention includes assigning to each captured object a cryptographic status based on whether the captured object is encrypted. In one embodiment, the invention further includes determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object. | 07-07-2011 |
20110167266 | SYSTEMS AND METHODS FOR DOCUMENT CONTROL USING PUBLIC KEY ENCRYPTION - Systems and methods for document control using public key encryption are provided. An interface program serves as a software interface between user applications used to create and access documents and a data storage system that stores the documents in an encrypted form. When a document is saved for the first time, information corresponding to the destruction of that document is obtained either from a user or in accordance with predefined criteria. The document is encrypted and stored with a pointer to an encryption key on a token/key server. When the document is subsequently accessed, the interface program will read the pointer and attempt to retrieve the key. If the key has expired in accordance with the destruction policy, the document is inaccessible. Otherwise, the document is decrypted using the key. Multiple documents may be saved according to the same destruction policy and even the same key, thereby greatly enhancing the ability to “destroy” documents regardless of their location with minimal process. | 07-07-2011 |
20110167267 | SYSTEM AND METHOD FOR TOY ADOPTION AND MARKETING - Provided are a method and computer system for providing a virtual world. The computer system includes a virtual product interface system, which includes a server system with an encrypted part, a non-encrypted part, and a computer-readable memory for storing an encryption key. The server system includes a network connection and sends the encryption key over the network connection addressed to a client via a secured protocol. The non-encrypted part of the server system sends multimedia information addressed to the client over the network via a non-secure protocol. The encrypted part controls adopting a virtual product by receiving a code that is indicative of a virtual product to be virtually adopted by a user and confirming the code. A communication indicative of a specific product that has been registered is carried out using the encryption key, and communication indicative of the multimedia information is carried out unencrypted, without using the encryption key. | 07-07-2011 |
20110173447 | MASTER UNIT AND SLAVE UNIT - Provided is a communication device which securely registers a slave unit. A secret address generation and setup section generates a secret address generator, and a secret address of the slave unit used temporarily instead of a unique address of the slave unit based on the secret address generator and identification information of the slave unit. A second communication section transmits to the slave unit a registration start notice containing the secret address generator by broadcast. A registration process section generates a registration authentication key; generates a unique key of the slave unit by transmitting/receiving, to/from the slave unit, unique key generation information encrypted using the registration authentication key; receives, from the slave unit, the unique address of the slave unit encrypted using the registration authentication key; and stores the identification information in association with the unique address and the unique key of the slave unit in the registration information storing section. | 07-14-2011 |
20110179272 | Method for Forming an Electronic Group - Method for managing an electronic group comprising two or more group members ( | 07-21-2011 |
20110179273 | Application Server, Control Method Thereof, Program, and Computer-Readable Storage Medium - An application server ( | 07-21-2011 |
20110185173 | Method for Implementing Encryption and Device Thereof - The present invention provides an encryption method in which the encryption device stores data to be encrypted received via the input/output interface in its own memory, converts the data to be encrypted in the memory into a format required by the output device and transmits the converted data to the output device via the management interface, and the output device outputs the received information. The present invention also provides an encryption device for implementing the above method. The encryption device determines whether confirmation information has been received from a management interface, encrypts the data to be encrypted in the memory if the answer is positive, while performs no encryption or prompts to input correct confirmation information if the answer is negative. With the present invention, the user is allowed to view the contents to be actually encrypted, thereby avoiding such a case as signature counterfeiting or tampering. | 07-28-2011 |
20110185174 | System and Method for Providing a One-Time Key for Identification - A server includes a key generator and an authenticator. The key generator is configured to receive a request for a first key from a worker device, to create the first key that is associated with a worker, and to transmit the first key to the worker device. The authenticator is in communication with the key generator, the authenticator is configured to receive a second key and identification details from a customer device, to transmit the identification details to the worker device, to receive acknowledgment of the identification details from the worker device, and to authenticate the second key and the identification details with the customer device. | 07-28-2011 |
20110185175 | Authentication Method and System for Online Gaming - Embodiments of an authentication technique for online gaming are provided. In one aspect, an authentication method for online gaming includes storing a user identity of a user in a portable data storage device; providing access to the user identity for an authentication server to authenticate the user such that the authentication server allows the user to participate in online gaming when the user is authenticated; and when the online gaming continues, providing access to the user identity for the authentication server to validate the authenticity of the user at a first threshold time after the user identity is accessed previously. | 07-28-2011 |
20110185176 | BIOMETRIC AUTHENTICATION METHOD AND SYSTEM - At a registration time, a feature data array for registration is generated from biometric information acquired by a client, and a position correction template and a comparison template obtained by converting the feature data array for registration are registered in a server. | 07-28-2011 |
20110191586 | METHOD AND APPARATUS FOR AUTHENTICATING PUBLIC KEY WITHOUT AUTHENTICATION SERVER - Provided is a method in which a first device authenticates a public key of a second device. The method includes: receiving a first value generated based on the public key of the second device and a password displayed on a screen of the second device and the public key of the second device, from the second device; generating a second value based on the public key of the second device and a password input to the first device by a user of the first device according to the password displayed on the screen of the second device; and authenticating the public key of the second device based on the first value and the second value. | 08-04-2011 |
20110191587 | Media Processing Devices With Joint Encryption-Compression, Joint Decryption-Decompression, And Methods Thereof - In one embodiment, a method of adaptive media streaming includes receiving a cipher media stream at a media device. The cipher media stream is compliant with a media compression standard. The cipher media stream is decrypted and decoded using an inverse stream cipher algorithm and a compressed media stream is generated by combining the cipher media stream with a keystream. | 08-04-2011 |
20110197063 | NEAR FIELD REGISTRATION OF HOME SYSTEM AUDIO-VIDEO DEVICE - A near field communication (NFC) sticker which stores a key is attached to a new client device. A remote commander in a home network reads the key using a NFC interface and IR-transmits it to a home network server. Once the client is connected to the network, it encrypts its own device information with the key and sends the encrypted information to the server, which decrypts the data with the key sent from the remote commander. In this way, client device registration is executed easily and securely. | 08-11-2011 |
20110197064 | METHOD FOR OPERATING A NETWORK, A SYSTEM MANAGEMENT DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR - The present invention relates to a method for operating a network comprising communicating devices representing nodes of the network. More precisely, the invention relates to a method for operating a network ( | 08-11-2011 |
20110202765 | SECURELY MOVE VIRTUAL MACHINES BETWEEN HOST SERVERS - A virtual hard drive is moved as an at least partially encrypted file to a different computing device. A key is provided to the different computing device in a protected form and a user on the different computing device can access the protected key by authentication. For example, the user may be authenticated to a server. Because the guest operating system is encrypted by an encryption device on a source computing device, the virtual hard disk drive can be decrypted with a copy of the key. | 08-18-2011 |
20110202766 | METHOD AND APPARATUS FOR EFFICIENT AND SECURE CREATING, TRANSFERRING, AND REVEALING OF MESSAGES OVER A NETWORK - An encryption based method of enabling a plurality of parties to share, create, hide, or reveal message or token information over a network includes a commutative group cipher (CGC), where the underlying CGC is secure against ciphertext-only attack (COA) and plaintext attacks (KPA), and is deterministic. The protocols do not require a trusted third party (TTP), and execute rapidly enough on ordinary consumer computers as to be effective for realtime play among more than two players. Protocols are defined which include VSM-L-OL, VSM-VL, VSM-VPUM, and VSM-VL-VUM, wherein the letters V, O, SM, P, and UM represent, respectively, Verified, Locking Round, Open, Shuffle-Masking Round, Partial, and Unmasking Round. | 08-18-2011 |
20110202767 | METHOD AND APPARATUS FOR PSEUDONYM GENERATION AND AUTHENTICATION - The invention provides a method and apparatus for pseudonym generation and authentication. The method comprises the steps of: transmitting a user identity ID | 08-18-2011 |
20110202768 | APPARATUS FOR MANAGING IDENTITY DATA AND METHOD THEREOF - An apparatus and a method for managing identity data are disclosed, which can recover lost or deleted ID data stored in a user terminal and prevent a malicious user to plagiarize a user's ID. The apparatus includes a user ID management device ( | 08-18-2011 |
20110208963 | SECURED KVM SYSTEM HAVING REMOTE CONTROLLER-INDICATOR - Organizations often defend against security threats by physically isolate their internal classified networks from external networks attached to the internet. To enable easy user's access to several networks many organizations are using KVM (Keyboard Video Mouse) devices attached to multiple PCs or thin-clients, each attached to a different network. As KVMs may be abused by attackers to bridge or leak between isolated networks, Secure KVM typically used having isolated circuitry for each computer channel to reduce its vulnerability to leakages between channels. To enable remote installation of a KVM with isolated computers a remote Controller-Indicator is needed in order to present to the user the KVM front panel indications and to enable certain control functions. The current invention provides a KVM switch capable of providing secure remote extension of KVM control and indication functions. Another object of the present invention is to provide a KVM switch having secure remote extension of the complete user console with support of: remote keyboard, mouse, one or more displays, smart-card reader, audio devices, KVM control and KVM monitoring. | 08-25-2011 |
20110208964 | METHOD AND APPARATUS FOR APPLYING A PARTIAL PASSWORD IN A MULTI-FACTOR AUTHENTICATION SCHEME - A method includes receiving, via a server, a User ID and Password from a client device, and generating a Secret PIN (SPIN). Values for a Partial Password and an encrypted version of the SPIN (ESPIN) are determined. The method includes challenging a user of the client device with a challenge that prompts the user to enter the Partial Password and an ESPIN. An Additional Factor, e.g., a One-Time Password from a Shared Secret, is locked using the SPIN. The Partial Password and challenge unlock the Additional Factor. The method includes authenticating the identity using the unlocked Additional Factor. A system includes a server in communication with a client device, and a non-transitory memory device on which is recorded process instructions for authenticating the identity of a user of the client device. The server executes the instructions to thereby authenticate the identity of the user using the unlocked Additional Factor. | 08-25-2011 |
20110208965 | METHOD AND SYSTEM FOR SECURE COMMUNICATION - A system and method for secure communication is provided. Outgoing messages to another computing device are encrypted using a first shared key shared with said other computing device, and a first counter, said first shared key and said first counter being stored in storage of a computing device. Incoming messages from said other computing device are decrypted using said first shared key and a second counter stored in said storage of said computing device. | 08-25-2011 |
20110208966 | INTEGRATED CIRCUIT FOR AUTHENTICATION OF CONSUMABLE STORAGE DEVICE - An integrated circuit is provided for the authentication of a consumable storage device by an apparatus. The integrated circuit has a memory space which contains encrypted data defined by a message authentication code (MAC) applied to data relating to a consumable stored by the device. The MAC is a construction of an asymmetric cryptographic function whereby a public key K | 08-25-2011 |
20110213972 | METHOD OF EXECUTING A CRYPTOGRAPHIC CALCULATION - A cryptographic calculation is executed in an electronic component, according to a cryptographic algorithm including at least one application of a one-way function which is disabled upon an intrusion into the electronic component. The one-way function is based on a first affine operation corresponding to a first secret key. The one-way function is applied, by obtaining ( | 09-01-2011 |
20110213973 | IC CARD FOR ENCRYPTION OR DECRYPTION PROCESS AND ENCRYPTED COMMUNICATION SYSTEM AND ENCRYPTED COMMUNICATION METHOD USING THE SAME - It is possible to perform encrypted communication between members of a group while assuring a sufficient security compatible with a change of the members. An IC card having the same fixed code F(a) is distributed to all the staffs of company A. When communication is performed between a staff α and a staff β belonging to the same project group, α of the transmission side writes an arbitrary variable code V( | 09-01-2011 |
20110219229 | APPARATUS AND METHODS FOR RIGHTS-MANAGED CONTENT AND DATA DELIVERY - Methods and apparatus for providing access to content across a plurality of devices and environments. In one embodiment, a downloadable rights profile is utilized in order for a user device to determine whether to provide content to a subscriber. The user device is first registered to content delivery the network; the device then requests a rights profile indicating the rights of the subscriber associated with the device to access content. The rights profile is transmitted to the device. The rights profile may be configured to be valid only for a pre-determined time, thus enabling a subscriber's rights to be updated (including revoked). Security mechanisms may also be utilized to ensure access to content is limited only to authorized subscribers. In another embodiment, a user-based authentication procedure is utilized, thereby making the rights determination and content provision process completely agnostic to the underlying hardware. | 09-08-2011 |
20110219230 | SYSTEM AND METHOD OF NOTIFYING MOBILE DEVICES TO COMPLETE TRANSACTIONS - A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator. | 09-08-2011 |
20110219231 | METHOD AND APPARATUS FOR IDENTIFYING CGA PUBLIC KEY, AND METHOD, APPARATUS, AND SYSTEM FOR DETERMINING CGA PUBLIC KEY - A method and an apparatus for identifying a Cryptographically Generated Address (CGA) public key, and a method, an apparatus, and a system for determining a CGA public key are disclosed. The method for identifying a CGA public key includes: receiving, by a receiving node, a first message protected using a public key from a sending node; obtaining a type of the public key according to the first message. The method for determining a CGA public key includes: receiving, by a receiving node, a first message protected using a public key from a sending node; obtaining, a type of the public key to be determined according to the first message; and judging whether the public key to be determined is supported by the receiving node according to the type of the public key to be determined; and, if the public key to be determined is supported by the receiving node, determining the public key as a public key supported by the receiving node. The embodiments of the present invention implement identification and determining of public keys in the process of CGA that supports multiple public keys. | 09-08-2011 |
20110225422 | METHOD AND APPARATUS FOR REPORTING AUDIENCE MEASUREMENT IN CONTENT TRANSMISSION SYSTEM - A method and apparatus for reporting a consumption time of a service or content in Audience Measurement (AM), which measures a user consumption pattern of the service or the content is provided. A method for reporting a consumption time of the service or the content in a terminal of a content transmission system includes receiving an encryption key for encrypting the service or the content from a broadcasting server and transmitting a message requesting interpretation of the encryption key to a smart card. The message includes consumption time information of the service or the content. | 09-15-2011 |
20110231659 | Out-of-Band Session Key Information Exchange - A source device that plans to participate in one or more encrypted communication sessions with a destination device sends a discovery message towards the destination device. An intermediary device that processes this discovery message requests a master key from the source device. The source verifies that the intermediary device is a trusted device and then sends the intermediary device the requested master key. Prior to transmitting encrypted messages to the destination device, the source device sends session key information, encrypted using the master key, to the intermediary device. The intermediary device uses this session key information to decrypt and process encrypted messages sent as part of the encrypted communication session between the source device and the destination device. | 09-22-2011 |
20110231660 | SYSTEMS AND METHODS FOR SECURELY STREAMING MEDIA CONTENT - Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content. | 09-22-2011 |
20110238985 | METHOD AND APPARATUS FOR FACILITATING PROVISION OF CONTENT PROTECTED BY IDENTITY-BASED ENCRYPTION - An approach is provided for reducing communication traffic/cost and protecting content. A criterion application causes, at least in part, reception at a first recipient one or more first data encrypted with one or more first recipient criteria as a public key of identity-based encryption, the first data including one or more first instructions. The criterion application matches one or more second recipient criteria corresponding to the first recipient against the first recipient criteria that encrypted the first data. The criterion application decrypts with a first decryption key one or more of the first data corresponding to at least a matched one of the first recipient criteria, when one or more of the second recipient criteria match the at least one of the first recipient criteria. The criterion application executes automatically or on demand at the first recipient one or more of the first instructions included in decrypted first data. | 09-29-2011 |
20110238986 | ADAPTIVE CERTIFICATE DISTRIBUTION MECHANISM IN VEHICULAR NETWORKS USING VARIABLE INTER-CERTIFICATE REFRESH PERIOD - A method for improving the reliability and performance of Vehicle-to-Vehicle (V2V) networks where digital certificates are necessary for message authentication and some messages may be lost in transmission. The method uses a variable inter-certificate refresh period to optimize communications throughput based on network conditions such as node density and bandwidth saturation. In some network conditions, the inter-certificate refresh period may be increased, such that more certificate digests are sent between full digital certificates, to decrease average message size. In other network conditions, the inter-certificate refresh period may be decreased, to allow for more frequent message authentication by receiving nodes. Empirical data and an adaptive controller are used to select the refresh period which will provide the best performance based on network conditions. | 09-29-2011 |
20110238987 | ADAPTIVE CERTIFICATE DISTRIBUTION MECHANISM IN VEHICULAR NETWORKS USING FORWARD ERROR CORRECTING CODES - A method for improving the reliability and performance of Vehicle-to-Vehicle (V2V) networks where digital certificates are necessary for message authentication and some messages may be lost in transmission. The method uses Forward Error Correcting (FEC) codes to encode a digital certificate into multiple segments, and attaches one or more segment to each message transmitted. Nodes receiving the messages can reconstruct the certificate as long as they successfully receive a minimum number of the transmitted messages, where the minimum number is less than the total number of messages transmitted. This allows message authentication to continue uninterrupted, even in a network environment where some messages are lost in transmission. Two different types of FEC codes are described, and adaptive schemes are included to optimize message throughput based on such network conditions as node density. | 09-29-2011 |
20110238988 | APPLIANCE AUTHENTICATION SYSTEM, AND METHOD OF CONTROLLING POWER SUPPLY - Provided is a method where a power management apparatus (a) acquires, from a server managed by a manufacturer of an electronic appliance, a public key paired with a secret key that the electronic appliance and the server hold, (b) generates a ciphertext by generating a random number and encrypting the random number by the public key, and (c) transmits the ciphertext to the electronic appliance and the server, where the electronic appliance (d) restores the random number by decrypting the ciphertext transmitted in (c), (e) causes an electrical part to operate, based on the random number, and (f) transmits to the server the value of current flowing through the electrical part, and where the server (g) restores the random number by decrypting the ciphertext transmitted in (c), (h) calculates the value of current to flow through the electrical part based on the random number, and (i) compares values of current. | 09-29-2011 |
20110238989 | METHOD AND SYSTEM FOR SECURE COMMUNICATION USING HASH-BASED MESSAGE AUTHENTICATION CODES - A system and method for secure communication is provided. A first hash-based message authentication code is generated from a shared secret and a first counter value stored in storage of a computing device. A second hash-based message authentication code is generated from such shared secret and a second counter value. An encryption key is derived from a function of the first hash-based message authentication code and the second hash-based message authentication code. A message is encrypted using the encryption key, and communicated via a network interface of the computing device. | 09-29-2011 |
20110238990 | SYSTEM AND METHOD FOR SECURE AND/OR INTERACTIVE DISSEMINATION OF INFORMATION - An interactive information dissemination system includes a media server ( | 09-29-2011 |
20110238991 | CONTENT DECRYPTION DEVICE AND ENCRYPTION SYSTEM USING AN ADDITIONAL KEY LAYER - Various embodiments relate to a content decryption device for receiving a signal comprising encrypted content data and conditional access data. The conditional access data comprises one or more first keys. The content data is encrypted under one or more second keys. The device is configured for communicating with a secure module. The device comprises a signal input for receiving the signal from a head-end system and is configured for providing at least a portion of the conditional access data to the secure module to obtain the one or more first keys from the conditional access data. The device also has a decrypter, preferably a hardware descrambler, comprising a signal input for receiving at least the encrypted content data. The decrypter is configured for decrypting the encrypted content data under the one or more second keys to provide decrypted content data. A key provider, preferably a hardware component, is provided in the device configured for receiving the one or more first keys from the secure module and for providing the one or more second keys to the decrypter using the one or more first keys. | 09-29-2011 |
20110238992 | APPLICATION CONTROLLED ENCRYPTION OF WEB BROWSER CACHED DATA - A browser cache-securing component facilitates online communication of confidential data, such as for financial information, purchasing transactions, or user identification. Caching webpages for subsequent presentation enhances user productivity and efficiency while reducing burdens on network resources. Yet, the security risks of intrusions into cache memory are mitigated by retaining encrypted data in cache memory without prior decryption. A modest overhead in decrypting when and if the webpage is to be presented again gains a security and privacy advantage without taking away functionality. Decrypted versions of confidential data can thereby be relegated to volatile memory. Upon termination of a session, a session key shared by a network server is deleted, preventing subsequent decryption. Executing the browser cache-securing component in a virtual machine environment allows multiple browser types to benefit from the security feature. | 09-29-2011 |
20110238993 | Agile Network Protocol For Secure Communications With Assured System Availability - A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. | 09-29-2011 |
20110246769 | SUBSYSTEM AUTHENTICITY AND INTEGRITY VERIFICATION (SAIV) - Systems and methods are disclosed for enhancing anti-terrorism public safety measures, by more securely determining whether explosives or other contraband have been inserted into notebook computer batteries or other large, replaceable subsystems of electronic devices. Because notebook computers typically require large, heavy batteries, they present attractive containers for smugglers and terrorists attempting to bring explosives onto an airplane. The disclosed security testing system provides more reliable results than many current tests, and does not require that the device under test be powered on. The systems and methods disclosed use out-of-band authentication for added security. | 10-06-2011 |
20110246770 | AUTHENTICATION METHOD, AUTHENTICATION SYSTEM, SERVER TERMINAL, CLIENT TERMINAL AND COMPUTER PROGRAMS THEREFOR - An authentication method between a client ( | 10-06-2011 |
20110246771 | CONTENT REPRODUCING APPARATUS AND PROGRAM OF THE SAME - When continuously reproducing a plurality of contents, a content reproducing apparatus determines whether or not a remaining time of an expiration date of a session key is shorter than a total reproduction time of the plurality of contents to be continuously content. When it is determined that the remaining time of the expiration date of the session key is shorter than the total reproduction time of the plurality of contents to be continuously reproduced, a new session key is acquired from a server, and then the plurality of contents are continuously reproduced, using the new session key. When it is determined that the remaining time of the expiration date of the session key is not shorter than the total reproduction time of the plurality of contents to be continuously reproduced, the plurality of contents are continuously reproduced, using the current session key without acquiring the new session key from the server. This can prevent the continuous reproduction of the plurality of contents from being stopped due to the acquisition processing of the session key when the plurality of contents are continuously reproduced. | 10-06-2011 |
20110246772 | Secure client-side communication between multiple domains - Methods and systems for secure client-side communication between multiple domains is provided. Such methods and systems can provide for decreased communication latency particularly effective for dynamic multi-domain and/or multi-tenant environments while allowing for granular security or specific security of messages and operations with regard to users, user sessions, groups, organizations, permissions sets, applications, or any other logical delineation. Such methods and systems may involve a variety of security components, for example, at least one set of instructions including a plurality of defined instruction to be utilized by users of the set of instructions to communicate, and cryptographic construct data in order to verify the data integrity and the authenticity of messages sent and received using the secure client-side communication between multiple domains. | 10-06-2011 |
20110246773 | SYSTEM AND METHOD FOR UNATTENDED COMPUTER SYSTEM ACCESS - A secure access system, method and patch management system for access to a remote computer system is disclosed. The remote computer system requires local authentication to boot an operating system. A client module is arranged to be executed on the remote computer system upon booting of the computer system and is arranged upon execution to obtain access data over a network from an authentication system for access to the computer system and to use said access data to perform said local authentication at the remote computer system and boot said operating system. The authentication system being arranged to said store access data for the remote computer system in a data repository and being responsive to provide said access data to said client module over the network upon authentication of a request from the client module. | 10-06-2011 |
20110246774 | SECURING DIGITAL CONTENT SYSTEM AND METHOD - A system and method of encrypting digital content in a digital container and securely locking the encrypted content to a particular user and/or computer or other computing device is provided. The system uses a token-based authentication and authorization procedure and involves the use of an authentication/authorization server. This system provides a high level of encryption security equivalent to that provided by public key/asymmetric cryptography without the complexity and expense of the associated PKI infrastructure. The system enjoys the simplicity and ease of use of single key/symmetric cryptography without the risk inherent in passing unsecured hidden keys. The secured digital container when locked to a user or user's device may not open or permit access to the contents if the digital container is transferred to another user's device. The digital container provides a secure technique of distributing electronic content such as videos, text, data, photos, financial data, sales solicitations, or the like. | 10-06-2011 |
20110246775 | System and Method For Providing Unique Encryption Key - A system and method for providing a unique encryption key including a receiver, at a Voice over Internet Protocol (VoIP) adapter, configured to receive a configuration file, a processor, at the VoIP adapter, configured to decrypt the configuration file using a default key stored in the VoIP adapter, update one or more profile parameters of the configuration file, and install an encryption key at the VoIP adapter using the configuration file, and a transmitter, at the VoIP adapter, configured to register, with a network element, for network service using the updated configuration file such that the receiver is configured to receive network service from the network element when the updated configuration file is authenticated by the network element. | 10-06-2011 |
20110246776 | Method and Apparatus for Secure Key Delivery for Decrypting Bulk Digital Content Files at an Unsecure Site - Rather than downloading each content document on demand from the publisher location to the user site, at the publisher location, each content document is encrypted and then multiple encrypted documents are assembled into a distribution archive that is itself encrypted with a scheduled key. The distribution archive is then downloaded into a content server at the user site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents. The scheduled key used to decrypt an archive file is included with an archive file that was sent previously to the user site in accordance with the subscription service. The scheduled key to decrypt the first archive file sent to the user is sent from the publisher to the user over a communication channel different from the communication channel used to send the archive file from the publisher to the user. | 10-06-2011 |
20110252235 | Method of machine-to-machine communication - In one embodiment, the method includes encrypting, at a device, data with a first key, and forming a message that includes a device identifier and the encrypted data. The device identifier identifies the device. A signaling message is formed that includes a class identifier, the message and an action code. The class identifier identifies a group of devices to which one or more devices belong. The action code indicates the type of data, and may be part of the message. The signaling message is sent to a network, for example, a wireless network. The wireless network identifies and routes the message portion of the signaling message based on the class identifier. And, using the class identifier and perhaps a device identifier, the wireless network may signal the device to change an operating parameter. | 10-13-2011 |
20110252236 | SYSTEM AND METHOD FOR SYNCHRONIZING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating data synchronization between devices. The method includes sending a host identifier and pairing record to a second device having a file system encrypted on a per file and on a per class basis for a set of classes, receiving from the second device a sync ticket containing encryption keys for the set of classes, and storing the sync ticket. Also disclosed is a method for synchronizing encrypted data between devices. This method includes receiving, at a first device having a file system encrypted on a per file and on a per class basis, a sync ticket containing encryption keys from a second device, retrieving an escrow key bag containing protection class keys, decrypting protection class keys based on the sync ticket, and synchronizing data with the second device based on the decrypted protection class keys. | 10-13-2011 |
20110252237 | Authorizing Remote Access Points - Authorizing remote access points for use in a network: A remote access point contains identity information established during manufacturing; this identity information may be in the nature of a digital certificate which can be used to establish a secure connection between networked entities. After the remote access point is provisioned to communicate securely to a controller using its TCP/IP address provided by a user, the remote access point is put into an un-authorized state by the controller pending further authorization. The user is presented with a secure captive portal page authenticating the end-user. This authorization may be through entering a user name and password, through presenting a certificate, through two-factor methods, or other methods known to the art. User's authentication credentials are verified by the controller. Optionally this verification can be performed using a per-user certificate. After the remote access point has been authorized, the controller marks it verified as a fully functional node, and saves this state. The user performing the authorization is associated with the remote access point, and may be used to monitor the usage and potentially revoke the authorization. The remote access point is provisioned with the current provisioning parameters for the remote access point as configured by the IT administrator for the end user, so that each remote access point can have unique per-user configuration applied. | 10-13-2011 |
20110252238 | Apparatus and Method for Efficiently and Securely Exchanging Connection Data - An apparatus, method, and machine-readable medium are described for securely and efficiently exchanging connection data for a peer-to-peer (“P2P”) session on a network comprising. For example, in one embodiment, a connection data exchange (“CDX”) service can perform the function of a central exchange point for connection data. In one embodiment, the CDX service can perform the operations of receiving a connection data structure, sometimes referred to herein as a “ticket,” created by a matchmaker or an invitation service in response to requests from a group of mobile computing devices attempting to establish peer-to-peer (“P2P”) connections. The ticket can identify each of the group of mobile computing devices and can include encrypted NAT hole punch data associated with each of the mobile computing devices. The CDX service can authenticate the ticket and decrypt the NAT hole punch data contained in the ticket using a CDX ticket key used by the matchmaker service or the invitation service to encrypt the ticket. Once the ticket is authenticated and the hole punch data retrieved, the CDX service can send connection data to each of the mobile computing devices residing behind NAT devices using the NAT hole punch data. | 10-13-2011 |
20110252239 | METHOD FOR PROTECTING THE FIRST MESSAGE OF SECURITY PROTOCOL - The present invention provides a method for protecting the first message of a security protocol and the method includes the following steps: 1) initialization step; 2) the initiating side sends the first message; 3) the responding side receives the first message. The method for protecting the first message of the security protocol provided by the present invention can implement that: 1) Pre-Shared Master Key (PSMK), which is shared by the initiating side and responding side, and the security parameter in the first message are bound by using computation function of Message Integrality Code (MIC) or Message Authentication Code (MAC), and thus the fabrication attack of the first message in the security protocol is avoided effectively; 2) during computing the MIC or MAC of the first message, only PSMK and the security parameter of the first message are selected to be computed, and thus the computation load of the initiating side and the responding side is effectively reduced and the computation resource is saved. | 10-13-2011 |
20110258440 | SYSTEM AND METHOD OF ENCRYPTING A DERIVATIVE WORK USING A CIPHER CREATED FROM ITS SOURCE - A derivative work is encrypted using a cipher created from digital sources used to create the derivative work. A software application made available for download permits a mix artist to generate a derivative-encrypted work from a derivative work that the mix artist has created using one or more of the digital sources. The derivative-encrypted work is streamed to a worldwide web server, where it is made available for download by consumers for a fee. The software application is also available for download by the consumers and permits the consumers to purchase and download any available derivative-encrypted work. However, the derivative-encrypted works can only be decrypted if the consumer has possession of a digital source for each of the source art works associated with the digital sources used to create the derivative work. | 10-20-2011 |
20110258441 | Secure Access to a Virtual Machine - A method for providing secure access to a virtual machine includes dispensing an image corresponding to a virtual machine from a management appliance to a distributed computing system such that the virtual machine is implemented by at least one of a plurality of interconnected physical computing devices in the distributed computing system; establishing a trusted relationship between the management appliance and the virtual machine; and providing a user with access to the virtual machine from the management appliance without further authentication credentials from the user. | 10-20-2011 |
20110258442 | System and method for secured peer-to-peer broadcast of instantaneous testimony in text format - A method and apparatus for securely broadcasting an instantaneous deposition testimony is provided. The method includes capturing a witness's testimony, authenticating the testimony, transmitting the testimony in instantaneous to authorized subscribers, viewers and participants remotely located from the deposition through a peer-to-peer network connection using the Internet. Accordingly, the invention allows subscribing attorneys to interactively access and save the textual deposition documents, while also allowing interactive communication between the deposing attorney and attorneys or colleagues at the home-office or other remote locations, during the deposition. | 10-20-2011 |
20110258443 | USER AUTHENTICATION IN A TAG-BASED SERVICE - There is provided an exemplary method for accessing a personalized tag-based service using a mobile communication device. The service may be provided by an application server. The exemplary method comprises capturing the tag using a reader unit of the mobile communication device and passing information included in the tag to an application. The exemplary method also comprises generating a service request based on the information with the application, and adding to the service request a security feature, the security feature being generated using information uniquely assigned to a user of the mobile communication device. The service request may be transmitted from the mobile communication device to a certification unit. The exemplary method additionally comprises verifying with the certification unit the security feature included in the service request and confirming the authenticity of the service request to the application server in response to a successful verification of the security feature. | 10-20-2011 |
20110258444 | Network Controller Decryption - A system for selectively transmitting packets involves marking a plurality of packets coming into a transmit queue with an indicator of a packet type. Some packet types may take longer to process than others. For example, packets associated with security protocols may take a longer time to process than those that do not involve security processing. A dispatcher may determine based on the marking of the packet whether it is a security or a non-security packet and may determine when to transmit the packet based on that information. | 10-20-2011 |
20110258445 | Apparatus and method for signaling enhanced security context for session encryption and integrity keys - Disclosed is a method for establishing an enhanced security context between a remote station and a serving network. In the method, the remote station forwards a first message to the serving network, wherein the first message includes an information element signaling that the remote station supports an enhanced security context. The remote station generates at least one session key, in accordance with the enhanced security context, using the information element. The remote station receives, in response to the first message, a second message having an indication that the serving network supports the enhanced security context. The remote station, in response to the second message, has wireless communications protected by the at least one session key. | 10-20-2011 |
20110258446 | SYSTEMS AND METHODS FOR SERVER AIDED PROCESSING OF A SIGNED RECEIPT - A method for processing security communication protocol compliant signed receipts at a mobile communication device linked to a host system is provided. The host system receives an email message linked to a digital signature, and a signed receipt. The host system redirects the signed receipt to the mobile communication device. The host system determines if the email message is available at the mobile communication device, and if not, the host system retrieves the email message and redirects the email message to the mobile communication device. The mobile communication device can then verify the signed receipt based on the email message. Optionally, rather than the email message, the host system retrieves and/or recalculates data elements associated with the email message and required to verify the signed receipt, and redirects these data elements to the mobile communication device. A related system is provided, as well as server computer program for the host system, and device computer program for the mobile communication device. | 10-20-2011 |
20110258447 | METHOD, SYSTEM AND AUTHENTICATION CENTRE FOR AUTHENTICATING IN END-TO-END COMMUNICATIONS BASED ON A MOBILE NETWORK - The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service. | 10-20-2011 |
20110258448 | METHOD AND SYSTEM OF SECURED DIRECT LINK SET-UP (DLS) FOR WIRELESS NETWORKS - Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. | 10-20-2011 |
20110258449 | SECURE PROXIMITY VERIFICATION OF A NODE ON A NETWORK - A system and method determines the proximity of the target node to the source node from the time required to communicate messages within the node-verification protocol. The node-verification protocol includes a query-response sequence, wherein the source node communicates a query to the target node, and the target node communicates a corresponding response to the source node. The target node is configured to communicate two responses to the query: a first response that is transmitted immediately upon receipt of the query, and a second response based on the contents of the query. The communication time is determined based on the time duration between the transmission of the query and receipt of the first response at the source node and the second response is compared for correspondence to the query, to verify the authenticity of the target node. | 10-20-2011 |
20110258450 | METHOD FOR TRANSMITTING SYNCML SYNCHRONIZATION DATA - The present invention provides methods for transmitting SyncML synchronization data. One is that the originator constructs a SyncML message after encrypting the user data to be transmitted and then transmits the data in an existing transmission way; the user data includes, but is not confined to, authentication information, terminal capability information and the data to be synchronized; the other method is that the originator encrypts the SyncML message in the transport layer before transmitting the message, and the recipient deciphers the received SyncML message from transport layer and processes the message subsequently. The two methods can be used either separately or together. If they are used together, the transmission of SyncML synchronization data is provided with double safety insurance. By using the present invention, user data can be transmitted safely without being intercepted by the third party. | 10-20-2011 |
20110264912 | MANAGED SERVICES ENVIRONMENT PORTABILITY - A device and method for forming a portable network environment outside a managed network environment for sharing content is provided. A portable network device enables authorized consumption of content outside a managed environment. The portable network device may have an internal rechargeable battery and support wireless protocols such as Wi-Fi. The portable network device may act as a Wi-Fi base station allowing access to authorized Wi-Fi clients via a mesh network. | 10-27-2011 |
20110264913 | METHOD AND APPARATUS FOR INTERWORKING WITH SINGLE SIGN-ON AUTHENTICATION ARCHITECTURE - A method is provided for use in interworking a single sign-on authentication architecture and a further authentication architecture in a split terminal scenario. The split terminal scenario is one in which authentication under the single sign-on authentication architecture is required of a browsing agent ( | 10-27-2011 |
20110271104 | Security device and building block functions - A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described. | 11-03-2011 |
20110271105 | METHOD AND APPARATUS FOR IMPLEMENTING A NOVEL ONE-WAY HASH FUNCTION ON HIGHLY CONSTRAINED DEVICES SUCH AS RFID TAGS - A method and apparatus for implementing a novel one-way hash function with provable security properties for authentication and non-authentication applications on highly constrained devices, with particular application to RFID tags. | 11-03-2011 |
20110271106 | Communication Channel of a Device - A method including transferring a device ID through a first communication channel between a device and a transaction device, configuring the device to send secured information in response to receiving a transaction request and sending user information to a service provider through a second communication channel in response to receiving a request to authenticate the secured information. | 11-03-2011 |
20110271107 | System and Method for Comparing Private Data - The present disclosure is directed to systems and methods including accessing a first private value, generating a first intermediate value based on the first private value, receiving a second intermediate value that is based on a second private value, generating a first comparison value based on the second intermediate value, receiving over the network a second comparison value that is based on the first intermediate value, comparing the first comparison value and the second comparison value to generate a result, and displaying the result, the result indicating that the first private is greater than the second private value when the first comparison value is less than the second comparison value, and the result indicating that the first private value is less than or equal to the second private value when the first comparison value is greater than the second comparison value. | 11-03-2011 |
20110271108 | METHOD AND SYSTEM FOR SECURE EXCHANGE AND USE OF ELECTRONIC BUSINESS CARDS - Some embodiments provide a system that facilitates the use of an electronic business card. During operation, the system obtains one or more permissions for the electronic business card. Next, the system manages use of the electronic business card by a recipient of the electronic business card based on the permissions. | 11-03-2011 |
20110271109 | SYSTEMS AND METHODS OF REMOTE DEVICE AUTHENTICATION - Methods and systems are provided herein that allow for a first device to remotely authenticate a particular software or hardware feature of a second device with which the first device is communicating. More specifically, the teachings herein allow for a server to verify that a particular application running on a client machine is an authentic application, as opposed to an application developed by a rogue element disguising itself as a authentic application. In a broader sense the teachings herein allow a server to initiate a sequence of instructions on the remote machine, and for which assurance is needed that the intended instructions were executed on the remote machine. Additionally methods and systems are provided that generate and update client registration certificates that are tightly bound to both client and server. | 11-03-2011 |
20110271110 | KEY MANAGEMENT DEVICE, SYSTEM AND METHOD HAVING A REKEY MECHANISM - According to some embodiments, a key management apparatus for deploying in a smart grid system adapted to receive metering data from smart meters connected to at least one relay via a network, includes: a key control mechanism that derives a key array of individual purpose specific keys from one master key such that the purpose specific key in the key array are each independent cryptographic keys for each specific usage in an application or for each application if there is only one specific usage in an application. | 11-03-2011 |
20110271111 | Systems and Methods For Providing Security to Different Functions - Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function. | 11-03-2011 |
20110271112 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR FACILITATING RANDOMIZED PORT ALLOCATION - A method, apparatus, and computer program product are provided for facilitating randomized port allocation. An apparatus may include a processor configured to receive a port allocation message from a network management entity. The port allocation message may comprise an encryption key, an initial input value, and a value indicating a number of ports allocated to the apparatus for communication on a network. The processor may be further configured to calculate at least one port allocated to the apparatus with an encryption function based at least in part upon the encryption key and initial input value. Corresponding methods and computer program products are also provided. | 11-03-2011 |
20110271113 | SECURE STREAMING CONTAINER - A system and method for securely streaming encrypted digital media content out of a digital container to a user's media player. This streaming occurs after the digital container has been delivered to the user's machine and after the user has been authorized to access the encrypted content. The user's operating system and media player treat the data stream as if it were a being delivered over the Internet (or other network) from a streaming web server. However, no Internet connection is required after the container has been delivered to the user and the data stream suffers no quality loss due to network traffic or web server access problems. In this process of the invention, the encrypted content files are decrypted and fed to the user's media player in real time and are never written to the user's hard drive or storage device. This process makes unauthorized copying of the digital content contained in the digital container virtually impossible. | 11-03-2011 |
20110271114 | SYSTEM AND METHOD FOR AUTHENTICATING REMOTE SERVER ACCESS - A system and method for providing secure authentication for website access or other secure transaction. In one embodiment, when a user accesses a website, the web server identifies the user, and sends an authentication request to the user's mobile device. The mobile device receives the authentication requests and sends back authentication key to the web server. Upon verifying the authentication key, the web server grants access to the user. | 11-03-2011 |
20110276801 | COMMUNICATING ADMISSION DECISIONS AND STATUS INFORMATION TO A CLIENT - In an example embodiment, a technique that employs a SAP/SDP packet to communicate data to a client device when a request for a multicast stream, such as a video stream, is denied. Rather than announcing a program, the SAP/SDP packet reports a status to the client device. The SAP/SDP packet may suitably comprise data representative of the video name, and a reason code, enabling the client device to provide an output, e.g. a text string, to a user associated with the client device indicating the reason for the denial. In addition, contact information such as an email address and a uniform resource locator (URL) pointing to a predetermined web page may also be included in the SAP/SDP packet that can inform the associated user of the client device where additional information can be obtained for the denial. | 11-10-2011 |
20110283104 | Domain Access System - A domain access system may include a connection package for a remote device. The connection package may be installed and used to connect to a domain without having to be physically attached to the domain. The connection package may include a domain identifier and a machine name, as well as certificates used to authenticate the device to the domain, group policies, and other components and configuration information. An installation program may configure the remote device with the various components and certificates so that the remote device may connect to the domain. | 11-17-2011 |
20110283105 | METHOD OF DISTRIBUTING A DECRYPTION KEY IN FIXED-CONTENT DATA - Secondary content in encrypted for distribution to client terminals by selecting at least a portion of raw encrypted audio-video data (REAVD) that is provided on a media article as an encryption key, encrypting secondary content using the encryption key, and storing encrypted secondary content at a remotely located host. The media article can then be used for providing access to the encrypted secondary content to client terminals by receiving encrypted secondary content at a client terminal, extracting a decryption key from a media article encoded with REAVD, the decryption key being determined by at least a portion of the REAVD, using the decryption key to decrypt the secondary content, and outputting the decrypted secondary content from the client terminal. | 11-17-2011 |
20110283106 | METHOD FOR REALIZING AUTHENTICATION CENTER AND AUTHENTICATION SYSTEM - A method for realizing an authentication center (AC) and an authentication system are disclosed. The method comprises: a UE sends an authentication request to an AC and applies for temporary authentication information, the AC assigns a first authentication random code to the UE, then the UE calculates a first response code and sends it to the AC, the AC assigns the temporary authentication information to the UE after authentication and authorization; the UE sends a login request to the application system (AS) which assigns a second authentication random code to the UE, and the UE uses it and the temporary authentication information to calculate a second response code, and sends this code to the AS; the AS sends the second response code to the AC for authentication and authorization; the AC returns the authentication result to the AS which in turn returns the authentication result to the UE. | 11-17-2011 |
20110283107 | METHOD FOR ESTABLISHING A SECURED COMMUNICATION WITHOUT PRELIMINARY INFORMATION SHARE - The invention relates to a method for generating a session key between two communicating electronic devices not requiring any prerecorded information in one of the two devices and enabling the authentication of one of said devices. The method uses a close collaboration between a symmetrical algorithm and an asymmetrical algorithm. | 11-17-2011 |
20110289316 | USER AUTHENTICATION - Embodiments of the present invention relate to a method and system in which a URI is signed using a private key (PKI), and the signed URI is sent to a second server where the signature is validated using the public key. | 11-24-2011 |
20110289317 | METHOD AND APPARATUS FOR PROVIDING CONTENT AGGREGATION IN SUPPORT OF VIRTUAL CHANNELS - An approach is provided for content aggregation in support of virtual channels. Query information and authentication information of a user are received from a media application associated with a set-top box. A query request is generated for media content from a content provider using the query information, the authentication information, and an identifier of a service provider. Transmission of the query request is initiated to the content provider system. One or more search results are received in response to the query request. Transmission of the one or more search results is initiated to the media application. | 11-24-2011 |
20110296177 | METHOD AND SYSTEM FOR MICROLOCKING WEB CONTENT - A method and system for ensuring the authenticity of server returned information displayed at a client browser is provided. The method comprises receiving the server returned information at a client computer; storing a copy of the server returned information at the client computer; inspecting the server returned information for one or more locked objects; allowing the client browser to operate one or more client installed scripts; inspecting the server returned information for any modifications to the one or more locked objects; and in response to determining that the one or more client installed scripts have made modifications to the one or more locked objects, replacing the modified locked objects with unmodified versions of the locked objects from the stored copy of the server returned information. | 12-01-2011 |
20110296178 | Auto Provisioning Method in Wireless Communication Network - A method for auto provisioning for a communication device in a wireless communication network comprises the steps of: receiving a request from a station; determining the validity of the request according to a verification code carried by the request; sending a response to the station; receiving a security message from the station; retrieving a security key carried by the security message; and executing network provisioning according to the security key. | 12-01-2011 |
20110296179 | Encryption System using Web Browsers and Untrusted Web Servers - In one embodiment of the present invention, a first user—the creator—uses a web browser to encrypt some information. The web browser provides to the creator a URL which contains the key used for encryption, such as in the form of an anchor embedded within a URL. The web browser also provides a hash of the cryptographic key and the encrypted information to a web server. The creator transmits the URL to a second user—the viewer—who provides the URL to a web browser, thereby causing the web browser to navigate to a decryption web page maintained by the web server, but without transmitting the cryptographic key to the web server. The viewer's web browser hashes the cryptographic key and sends the hash to the web server, which uses the hash to identify and return the encrypted information to the viewer's web browser, which in turn uses the encryption key to decrypt the message and display the decrypted message to the viewer. | 12-01-2011 |
20110296180 | MOTOR VEHICLE DISPLAY DEVICE, MOTOR VEHICLE ELECTRONIC SYSTEM, MOTOR VEHICLE, METHOD FOR DISPLAYING DATA AND A COMPUTER PROGRAM PRODUCT - The invention relates to a motor vehicle display apparatus having an electronic appliance containing:
| 12-01-2011 |
20110296181 | Apparatuses and a Method for Protecting a Bootstrap Message in a Network - The embodiments of the present invention relate to apparatuses in the form of a first network unit and a device, and also relates to a method for enabling protection of a bootstrap message in a device management network system. The method comprises: receiving at the first network unit, a request to bootstrap the device; transmit a request for a bootstrap key, to a second network unit; receiving a message comprising the bootstrap key and further comprises trigger information and transmitting the trigger information to the device to trigger generation of the bootstrap key internally in the device. Thereafter a protected bootstrap message can be transmitted to the device from the first network unit, and when the device verifies and/or decrypts the bootstrap message, device management (DM) sessions can start between the device and the first network unit. | 12-01-2011 |
20110296182 | System and method for downloading application - A method for downloading an application is disclosed by the present invention which is implemented based on an application downloading system including a smart card, a mobile terminal, an Over The Air (OTA) server and an outside-card entity management platform. The outside-card entity management platform establishes a connection with the smart card through the OTA server and mobile terminal, selects a security domain for application downloading in the smart card after receiving an application downloading request from the smart card, establishes a security channel with the smart card, and downloads the application to the smart card based on the security channel. By using the system and method for downloading an application of the present invention, the application may be downloaded to the smart card over a mobile communication network at a high speed, in real time, conveniently and safely, with user experience being improved. | 12-01-2011 |
20110302414 | REMOTE CONTROL OF MEDICAL DEVICES USING INSTANT MESSAGING INFRASTRUCTURE - Systems and methods for remote control and management of medical workstations using an instant messaging infrastructure. A remote client, such as a mobile phone, laptop, tablet, or other computing device, is used to generate instructions or information requests in one or more data packets. The remote client sends the one or more data packets using the instant messaging infrastructure to a medical workstation at another location. A service application in communication with the medical workstation receives the data packets and causes the medical workstation to retrieve the requested information or execute the instruction. The communications between the remote client and the service application are encrypted and signed to ensure secure communications. | 12-08-2011 |
20110302415 | SECURING CUSTOMER VIRTUAL MACHINES IN A MULTI-TENANT CLOUD - A trusted virtualization platform protects sensitive customer data during operation of virtual machines in a multi-tenant cloud computing center. The trusted virtualization platform limits administrator access to the data and state of the virtual machines running thereon, reports any changes made thereto, and requires keys provided by the customer or a trusted third party of the customer to perform management operations on the virtual machines. By requiring cloud computing centers to use such trusted virtualization platforms, customers uploading their virtual machines into the cloud computing center can be assured that cloud administrators will not be able to access or tamper with their private data. Furthermore, customers can directly audit all important state or configuration changes for their virtual machines as the trusted virtualization platform can be configured to report all such changes according to a security policy set by the customer. | 12-08-2011 |
20110302416 | METHOD AND SYSTEM FOR SECURED COMMUNICATION IN A NON-CTMS ENVIRONMENT - A method for bypassing a Cable Modem Termination System (CMTS), the method includes: receiving, by a session manager, an encrypted Security Association Identifier (SAID) and an encrypted Traffic Encryption Key (TEK) that are associated with unicast transmission from the CMTS to a cable modem. The encrypted SAID and the encrypted TEK are upstream transmitted from the cable modem. Providing to an edge device, over a secured link a representation of the SAID and a representation of the TEK. Receiving by the edge device information that is associated with the SAID and should be downstream transmitted to the cable modem. Encrypting, by the edge device, the information by the TEK to provide encrypted information. Transmitting, by the edge device, the encrypted information to the cable modem while bypassing the CMTS. | 12-08-2011 |
20110302417 | IMPARTING CRYPTOGRAPHIC INFORMATION IN NETWORK COMMUNICATIONS - This specification describes technologies relating to imparting cryptographic information in network communications. In general, aspects of the subject matter described in this specification can be embodied in methods that include identifying a location in a pre-defined portion of a network communication to be sent in a client-server environment, wherein the pre-defined portion is reserved for random data, inserting cryptographic information into the pre-defined portion of the network communication at the location, and sending the network communication in the client-server environment to facilitate modifying interactions in the client-server environment based at least in part on a result of processing of the cryptographic information; and on a receiving side, receiving cryptographic information inserted into the pre-defined portion of the network communication in the client-server environment, identifying the location, processing the cryptographic information, and modifying interactions in the client-server environment based at least in part on a result of the processing. | 12-08-2011 |
20110307696 | MONITOR PORTAL, MONITOR SYSTEM, TERMINAL AND COMPUTER READABLE MEDIUM THEREOF - A monitor portal includes: a position information acquisition unit that acquires position information representing a position of a terminal connected to a communication network on the communication network; a command unit that commands a virtual server control unit that generate a plurality of virtual servers from at least one physical server connected to the communication network and control the virtual servers to generate the virtual servers based on the position information; and a transmission unit that transmits a program for causing the virtual server to function as a monitor unit for acquiring a state signal from the terminal based on the position information to the virtual server so that the virtual server executes the program. | 12-15-2011 |
20110307697 | INFORMATION PROTECTION APPARATUS, INFORMATION PROTECTION METHOD, AND STORAGE MEDIUM - An apparatus for protecting information includes a hash value generating unit configured to identify a program file of a requester requesting information encrypted using a first hash value and to generate a second hash value of the identified program file, and a decryption unit configured to decrypt the information using the second hash value and if the information is successfully decrypted, to return the decrypted information to the requester. | 12-15-2011 |
20110314280 | HEALTH CARE SYSTEM - A measurement device ( | 12-22-2011 |
20110314281 | METHOD AND SYSTEM FOR SECURING COMMUNICATION - A method for securing communication among members of a group. The method includes a first member obtaining a first secret. An n-bit generator executing on the first member generates a first message digest using the first secret. The first member extracts a first encryption solution and a second encryption solution, at least in part, from the first message digest, encrypts a first communication using the first encryption solution to obtain a first encrypted communication, and sends, to a second member of the group, the first encrypted communication. The first member further receives, from the second member, a second encrypted communication, and decrypts the second encrypted communication using the second encryption solution to obtain a second communication. | 12-22-2011 |
20110314282 | CONTENT TRANSMISSION APPARATUS, CONTENT RECEPTION APPARATUS AND CONTENT TRANSMISSION METHOD - A content transmission apparatus including: an authenticator configured (i) to perform authentication, (ii) to share an authentication key, (iii) to request transmission range acknowledgement and authentication information, (iv) to receive a response, and (v) to share an exchange key; an encryptor to encrypt based on the exchange key; and a timer measuring a time interval between transmission of said request for transmission range acknowledgement and reception of a response; wherein, said authenticator measures said time interval using said timer, and if a time measurement value exceeds a predetermined value, said authenticator does not share said exchange key; and wherein, said response of said request for transmission range acknowledgement includes a data generated based on said authentication information and said authentication key, and if said data is incorrect, said authenticator does not share said exchange key. | 12-22-2011 |
20110314283 | E-MAIL CERTIFICATION SERVICE - A method is provided to handle an electronic mail message such that the receiver of the e-mail message can verify the integrity of the message. A request is provided from a sender's side to a service. The request includes information regarding the e-mail message. The service processes at least a portion of the request to generate a result. For example, the service may encrypt the portion of the request, according to a public/private key encryption scheme, to generate a digital signature as the result. The service provides the result to the sender's side. At the sender's side, the result is incorporated into the e-mail message and the result-incorporated message is transmitted via an e-mail system. At the receiver's side, the result-incorporated e-mail message is processed to assess the integrity of the received e-mail message. | 12-22-2011 |
20110320812 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device includes: a memory having a protected area which is a data recording area in which access restriction is set; and a data processing unit that determines accessibility in response to a request for accessing the protected area from an access requesting device, wherein the data processing unit verifies a device certificate received from the access requesting device and determines accessibility to the protected area based on access control information recorded in the device certificate. | 12-29-2011 |
20110320813 | Network system and authentication method thereof - A management server includes an encryption processor for individually scrambling a control program and authentication information in response to a transmission request from a terminal, a merging unit for merging the control program and the authentication information subsequent to scrambling, a communication control unit for transmitting the merge information to the terminal, and a permission signal generator for checking decrypted authentication information from the terminal against the original authentication information, and generating a permission signal that permits the control program to be installed if the decrypted authentication signal matches the original authentication signal. The terminal includes a communication control unit for transmitting the transmission request to the management server, a decryption processor unit for separating the control program and the authentication information from the merge signal from the management server, and individually decrypting the control program and the authentication information, the communication control unit for returning the decrypted authentication information to the management server, and an installation processor unit for starting installing the control program in response to a reception of the permission signal from the management server. | 12-29-2011 |
20110320814 | SYSTEM AND METHOD OF AUTHENTICATION - Disclosed herein are systems, methods and computer readable media for performing authentication. The proposed scheme utilizes new algorithms that introduce randomness using a physical value for authentication. An exemplary method includes sharing an initial state value S(0) with a sender and a receiver, generating a sender S(t, v) based on a parameter t and an identifier v and based at least in part on the value S(0). The method includes generating a receiver S(t, v) from S(0) based on the parameter t and the identifier v wherein the parameter t is related to a physical value in authenticating the identifier v based on a comparison of the sender S(t, v) and the receiver S(t, v). The process of generating the sender S(t, v) and the receiver S(t, v) includes a random variable generated by a process such as by a random number generator, the Brownian Motion or Wiener Process. Other embodiments do not use the physical value for authentication. | 12-29-2011 |
20110320815 | Key Sharing System, Communication Terminal, Management Device, Key Sharing Method, and Computer Program - In a case where another user's communication terminal (nTE | 12-29-2011 |
20120005478 | AUTOMATIC CONFIGURATION OF DEVICES UPON INTRODUCTION INTO A NETWORKED ENVIRONMENT - Automatic configuration of devices upon introduction into a networked environment, can be implemented, for example, by having a device randomly generate a series of letters and/or numbers, e.g., generate a PIN (Personal Identification Number) that encodes temporary credentials that, in addition to proving ownership and/or control over the device by virtue of having access to the PIN, also allows creating a temporary secure communication channel based on the PIN over which permanent security credentials may be transferred to the device to facilitate provisioning it to securely communicate in the networked environment. In a wireless scenario, a unique SSID and encryption key (WEP or WPA) may be determined as a function of the PIN, where both the device and its access point utilize the PIN to establish a temporary secure communication channel. Various techniques may be used to establish ownership and/or control over the device to prevent inadvertent association of the device with a wrong networked environment. | 01-05-2012 |
20120005479 | GROUP BASED COMPLETE AND INCREMENTAL COMPUTER FILE BACKUP SYSTEM, PROCESS AND APPARATUS - The present invention is capable of determining the rights to a file based on providing a descriptor. The descriptor can be calculated using an algorithm, which may be cryptographic and/or non-cryptographic. The descriptor may further be based on the file contents, metadata of the file, other file data, or any combination thereof to uniquely identify the file in a shared file repository. Since the descriptor is generated based on file data it will be the same regardless of which user generates it. Accordingly, only one copy of the file needs to be maintained in the shared file repository, thereby reducing the amount of network bandwidth required to assure the file is backed up and further reducing the amount of storage required to backup the files. This results in a vastly more efficient method of backup in terms of processing time, network bandwidth, and storage requirements. | 01-05-2012 |
20120011361 | PROTECTING SENSITIVE EMAIL - According to one embodiment, a plurality of components are located within an appliance configured to send and receive email. The appliance receives an email and selects one or more policies to apply based on a designation indicating that the email communicates sensitive information. The policies determine whether to allow or block the email according to rules for assuring email. If the email is allowed, the appliance directs the email to one or more recipients. | 01-12-2012 |
20120011362 | System and Method for Performing Device Authentication Using Key Agreement - A system and method are provided which employs a key agreement scheme, wherein the agreed-upon-shared key is used in a protocol message in the authentication rather than being employed as a session key. | 01-12-2012 |
20120011363 | METHOD OF GENERATING A VIRTUAL PRIVATE COMMUNITY AND NETWORK USING THE VIRTUAL PRIVATE COMMUNITY - Provided is a method of generating a user-oriented virtual private community without the need for a server. The method includes generating a first virtual private community for a predetermined user including at least one communication device of the predetermined user. | 01-12-2012 |
20120011364 | METHOD FOR SECURE REMOTE BACKUP - The present invention is directed to an architecture and mechanism for securely backing up files and directories on a local machine onto untrusted servers over an insecure network. | 01-12-2012 |
20120011365 | Method and Apparatus for Reliable Communications in Underground and Hazardous Areas - A method and apparatus for reliable wireless voice, data and location communication for deployment in underground, industrial and other hazardous environments using a wireless mesh network. The network includes protocol for dispatch operation, emergency operation, remote supervision, remote status, asset control, machine state of health and operational management. The architecture is based on localized clusters of autonomous nodes capable of ad hoc interconnection with nearby nodes and connection to gateway nodes. The resulting network is an ad hoc mesh topology comprised of fixed mesh nodes with approximately 50% coverage overlap between nodes. This provides a reliable communication network for mobile nodes carried by personnel and sensor nodes that are fixed or mobile that supports voice, data and tracking/situation awareness. Each cluster of nodes transfers digital voice and data to gateway nodes either directly or through multi-hop transactions. | 01-12-2012 |
20120017085 | TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT - Techniques for providing identity-enabled interfaces for deployment are presented. Specifically, an agent of an enterprise infrastructure authenticates and acquires an agent identity for interacting with a cloud processing environment. Once the agent is deployed in the cloud processing environment, enterprise policy can be enforced within the cloud processing environment on actions occurring within the cloud. The agent acts as an Application Programming Interface between the enterprise and the cloud processing environment. The reverse is also achievable, where a cloud deploys an agent to the enterprise to deploy a cloud interface within the enterprise for policy enforcement. | 01-19-2012 |
20120023331 | MECHANISM FOR INTERNAL PROCESSING OF CONTENT THROUGH PARTIAL AUTHENTICATION ON SECONDARY CHANNEL - Embodiments of the invention are generally directed to performing processing of content through partial authentication of secondary channel. An embodiment of a method includes performing a first authentication between a source transmitting device and a sink receiving device for communication of data streams, and performing a second authentication between the source transmitting device and a bridge device such that the second authentication is independent of the first authentication and the sink receiving device remains uninfluenced by the second authentication. The bridge device includes an intermediate carrier device coupled to the source transmitting device and the sink receiving device. The method further includes transmitting a data stream having encrypted content from the source transmitting device to the bridge device. | 01-26-2012 |
20120023332 | SYSTEM AND METHOD FOR PRIVATE SOCIAL NETWORKING - System protects user's data on social networking websites by creating a data filter, which operates between the user and the social networks accessed by the user. The filter may be deployed as a user's web browser plug-in and operates in the following way. First, the filter encrypts all or some information that is posted by the user on a social network using SSL encryption technology. Second, to enable select other users of the social networking site to view the encrypted information, the instances of the filter executing on the accessing users' computers verify whether these users have access permission from the owner of the content and, if so, use the decryption key to decrypt the private data and enable the users to view it. The decryption key may be automatically passed to the instances of the filter running on the accessing users' computers. In an alternative implementation, the encryption and access control may be performed by a security/privacy mediator deployed on the network. | 01-26-2012 |
20120023333 | INFORMATION TERMINAL APPARATUS, INFORMATION PROCESSING APPARATUS AND INFORMATION COMMUNICATION SYSTEM - When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. | 01-26-2012 |
20120030465 | Indirect Pairing of Communication Devices - A method for establishing a communication link between two devices, the communication link employing a protocol that provides for link establishment information sufficient for establishing a link between two devices to be negotiated between those devices; the method comprising: establishing communication links between each of the two devices and one or more further devices; transmitting from the one or more further devices to each of the two devices information that defines link establishment parameters for a link between the two devices; and establishing the link between the two devices using the defined link establishment parameters. | 02-02-2012 |
20120030466 | RELAY DEVICE, WIRELESS COMMUNICATIONS DEVICE, NETWORK SYSTEM, PROGRAM STORAGE MEDIUM, AND METHOD - A relay device first uses latest authentication data to determine whether request-authentication data transmitted from a wireless communications device is valid. If the latest authentication data is used to determine that the request-authentication data is valid, the relay device carries out relayed communications with the wireless communications device. If the latest authentication data is used to determine that the request-authentication data is invalid, the relay device next uses a former authentication data to determine whether the request-authentication data is valid. If the former authentication data is used to determine that the request-authentication data is valid, the relay device provides the wireless communications device with the latest authentication data to update authentication data in the wireless communications device. | 02-02-2012 |
20120036358 | Document encryption and decryption - A document encryption and decryption system for selectively encrypting and decrypting files and any other items and method for same to protect or secure its contents by helping to prevent unauthorized individuals from viewing data in human-perceivable or readable form. The encryption system includes remote authentication to verify a user's credentials stored on a remote database hosted by a web server. The encryption system further includes remote delete to automatically delete encrypted items stored on the user's computer, handheld or portable device, smartphone, and any other computing device of any kind when it logs onto a network if the user's computer or computing device is reported lost, stolen, or otherwise compromised. Decryption keys allow selective decryption of encrypted items that are on the computer or computing device of any kind. A Windows Communication Foundation service helps with authenticating the users with the encryption key and login process stored and processed by the web server. | 02-09-2012 |
20120036359 | THIRD PARTY VPN CERTIFICATION - A virtual private network (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices. | 02-09-2012 |
20120036360 | SYSTEM AND METHOD ESTABLISHING TRUSTED RELATIONSHIPS TO ENABLE SECURE EXCHANGE OF PRIVATE INFORMATION - The invention disclosed here is aimed at enabling a trusted third party to manage user opt-ins which would enable growth of personalized information services, that is, enabling trusted business relationships between three types of entities—an end-user, an information source/provider, and an application service provider/developer—so that they can have a controlled, secure and private exchange of sensitive and/or confidential information. The inventive system has modes of operation recommended based on various conditions, enabling a secure exchange of private information between personal information repository owners and application services providers to enable deliver of personalized services. One mode is Durable Subscription Management, which is used when per transaction approval is not needed, that is, when an end-user has given permission to access data for a given or predefined period of time. A second mode is Per-Transaction Subscription Management Without Logs and a third mode is Per-Transaction Subscription Management With Logs. | 02-09-2012 |
20120036361 | METHOD AND SYSTEM FOR ESTABLISHING A SERVICE RELATIONSHIP BETWEEN A MOBILE COMMUNICATION DEVICE AND A MOBILE DATA SERVER FOR CONNECTING TO A WIRELESS NETWORK - A method and system for establishing a service relationship between a mobile communication device and a mobile data server for connecting to a wireless network are disclosed. In accordance with one embodiment, an Internet browser receives a request to establish a service relationship between a mobile communication device and a mobile data server. A device identifier and device capability data is received from the mobile communication device. Service data for the mobile communication device is received from a mobile data administration server in accordance with the device identifier and device capability data, which is then stored in a memory of the mobile communication device. | 02-09-2012 |
20120042163 | SECURELY IDENTIFYING HOST SYSTEMS - Embodiments of the present invention allow for “end-user” provisioned instances to securely identify themselves beyond a simple user ID and password. Specifically, embodiments of the present invention use a multi-part security approach that includes (among other things): an identifying key (e.g., a shared private key) known by the cloud security system and the instance; and at least one additional security factor such as an identifier found in TCP/IP packets (e.g., an internet protocol address). In a typical embodiment, a request for an instance (e.g., a virtual machine) is received, and a template (e.g., an image) corresponding to the requested instance is identified. From this template, the instance is provisioned. Under the embodiments of the present invention, the instance will be provisioned to include a security key. When a request is thereafter received from the instance, the request is validated using the security key and the additional security factor(s). | 02-16-2012 |
20120042164 | MONITORING BASED ON CLIENT PERSPECTIVE - According to one general aspect, a method may include establishing a network tap point near, in a network topology sense, an intranet/internet access point device. The network tap point may provide a substantially non-intrusive means of viewing network communication through the intranet/internet access point. The method may include monitoring, via the network tap point, at least partially encrypted network communication between a client computing device that is within the intranet and server computing device that is within the internet. The method may also include analyzing the monitored at least partially encrypted network communication to generate at least one set of metrics regarding the performance of the network communication between the client computing device and server computing device. | 02-16-2012 |
20120042165 | METHOD FOR PROVIDING DATA ON MOBILE TERMINALS AND MOBILE TERMINAL FOR PERFORMING THE METHOD - A method for providing data on mobile terminals is provided. The method comprising the following steps: providing a continuous network connectivity of the plurality of mobile terminals of different users executing a local application on one of the terminals, which leads to a creation or a change of a data set and automatically providing the created or changed data set on the other terminals. The created or changed data set is automatically provided on the other terminals in that the created or changed data set is transmitted to the other terminals by means of a push service and the created or changed data set is transparently integrated into the corresponding local application on the other terminals. | 02-16-2012 |
20120047365 | SECURE, AUDITABLE FILE EXCHANGE SYSTEM AND METHOD - Secure and auditable file exchange between a professional and a client, patient, colleague, or other associate of the professional may be achieved via a file exchange service that automatically verifies the professional's professional status and identity and provides applications and/or tools to accept files for transfer to the verified professional. The files are stored in encrypted form, along with cryptographic integrity codes. After the files have been transferred to the professional, the cryptographic integrity codes may be used to verify that the professional received a correct copy of the file that was originally provided. | 02-23-2012 |
20120060031 | SECURE VIDEO CONTENT PROVISIONING USING DIGITAL RIGHTS MANAGEMENT - A method that includes receiving a first request for video content from a user of a user device; retrieving an identifier for the user device using an application programming interface; sending a second request to receive the video content that includes the identifier; receiving an instruction to provide payment to rent or purchase the video content; sending the payment in response to the instruction; receiving the video content and a token, where the video content is encrypted based on a key and where the token indicates that the payment was processed; sending a third request to obtain a license associated with the video content that includes the token and the identifier; receiving the license, which includes the key and terms under which the video content is to be processed; decrypting the video content, using the key, when the decrypting is performed in a manner permitted by the terms; and playing the decrypted video content. | 03-08-2012 |
20120060032 | SYSTEM, METHOD AND COMPUTER PRODUCT FOR SENDING ENCRYPTED MESSAGES TO RECIPIENTS WHERE THE SENDER DOES NOT POSSESS THE CREDENTIALS OF THE RECIPIENT - A system for encrypting and decrypting messages using a browser in either a web or wireless device or secure message client software for transmission to or from a web server on the Internet connected to an email server or message server for the situation where the sender does not possess the credentials and public key of the recipients. The encryption and decryption is conducted using a standard web browser on a personal computer or a mini browser on a wireless device, or message client software on either a personal computer or wireless devices such that messages transmitted to the web or wireless browser or message client software can be completed and encrypted and signed by the user such that encrypted and signed data does not require credentials and public key of the recipients. A method for delivering and using private keys to ensure that such keys are destroyed after use is also provided. A method of transmitting encrypted messages to a web or wireless browser or message client and decrypting and verifying such messages by recipients who do not possess or who are not enrolled in a PKI and do not have private keys. A method for authenticating the sender/user of the browser, and a method for accessing or generating public and private keys for encrypting and decrypting messages for recipients who are not enrolled in a public key infrastructure. | 03-08-2012 |
20120060033 | SPLIT KEY SECURE ACCESS SYSTEM - The present invention is a secure access system whereby the key that facilitates entrance to electronic data is split into at least two segments. Electronic data may be accessed by the application of the key segments in combination. A server may be used to derive key segments by way of algorithms, in a manner that improves the bit security of the key. Bit strings generated by the present invention may be concatenated to form data blocks whereby plaintext may be encrypted or ciphertext decrypted. The concatenation of the unique bit string variables and the generation of bit strings of specific sizes, as may occur through padding of blocks, work to provide a secure means of encrypting a key. A different bit string may be generated for each encryption/decryption transmission which limits the opportunity for an adversary to decrypt the plaintext. | 03-08-2012 |
20120066495 | MOBILE CONTENT DELIVERY OPTIMIZATION - A device receives, from a target user device, a request for encrypted content, where the request is sent via a wireless access network. The device identifies a donor user device that is available to provide the encrypted content via a local wireless network connection, where the donor user device has previously downloaded the encrypted content. The device sends, to the target user device and/or the donor user device, instructions to establish a peer-to-peer connection, via the local wireless network, to provide the encrypted content to the target user device, where the encrypted content is decrypted by the target user device using a license key provided over a different network than the local wireless connection. | 03-15-2012 |
20120066496 | Sending Protected Data in a Communication Network - A method and apparatus for sending protected data from a sender unit to a receiver unit via an intermediate unit. A Transfer Init message that contains a ticket associated with the receiver unit is sent from the intermediate unit to the sender unit. The intermediate unit then receives a transfer response message from the sender unit, and also data which has been protected using at least one security key associated with the ticket and obtained from a Key Management Server. A message is sent to the receiver unit, the message including information required for security processing of the protected data. The protected data is then sent to the receiver unit, allowing the receiver unit to access the protected data. | 03-15-2012 |
20120066497 | METHOD AND DEVICE FOR ENABLING PORTABLE USER REPUTATION - The present invention relates to a method and a device adapted to determine at a party whether a set comprising at least one user pseudonym is associated with a user, wherein each of the user pseudonyms in the set is associated with the user at a service portal. At the party, for each of the user pseudonyms comprised in the set, a publicly available first coded string associated with the user pseudonym is retrieved from the service portal associated with the user pseudonym, wherein each of the first coded strings has been generated on the basis of a first secret unique to said first coded string. The user's knowledge of the first secrets associated with the respective first coded strings is verified by means of a first cryptographic protocol for interacting with the user, wherein the first protocol is adapted to utilize the first coded strings. | 03-15-2012 |
20120072727 | MULTI-ISP CONTROLLED ACCESS TO IP NETWORKS, BASED ON THIRD-PARTY OPERATED UNTRUSTED ACCESS STATIONS - A mechanism that allows sharing of an existing infrastructure for access to public or private IP networks, such as the public Internet or private LANs is provided. Specifically, infrastructure owners lease the infrastructure resources on a short-term basis to different Internet Service Providers (ISPs). An ISP uses these resources to provide Internet services to subscribing customers or users. The ISP controls all aspects of the Internet service provided to the subscriber, including billing, bandwidth management, and e-mail. The ISP also ensures privacy for the subscriber by means of encryption. Leasing network resources from an existing network infrastructure frees the ISP from building an expensive access infrastructure itself while the infrastructure owner is given an opportunity to generate additional revenue from infrastructure. Importantly, neither the user, nor the ISP need to trust the access station (i.e.: the access station is untrusted) through which the access to the IP network is accomplished. | 03-22-2012 |
20120079272 | ONE-TIME USE AUTHORIZATION CODES WITH ENCRYPTED DATA PAYLOADS FOR USE WITH DIAGNOSTIC CONTENT SUPPORTED VIA ELECTRONIC COMMUNICATIONS - In one embodiment, a computing apparatus that receives respective unique identifiers corresponding to a machine and a diagnostic tool and a requested parameter setting for configuring a machine component residing in the machine, and provides an authorization code with a payload comprising the requested parameter setting, the payload encrypted based on the unique identifiers. | 03-29-2012 |
20120079273 | Biometric Key - A biometric key ( | 03-29-2012 |
20120084561 | TOKEN-BASED AUTHENTICATION USING MIDDLE TIER - An intermediary system that facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request. | 04-05-2012 |
20120084562 | METHODS AND SYSTEMS FOR UPDATING A SECURE BOOT DEVICE USING CRYPTOGRAPHICALLY SECURED COMMUNICATIONS ACROSS UNSECURED NETWORKS - Methods and systems for updating a virtual terminal associated with a secure network are disclosed. One method includes validating at a service enclave an identity of a user of a virtual terminal. The service enclave includes an authorization server, and the virtual terminal is generated from a trusted set of processing modules executing from a secure boot device at a client computing device. The method further includes authorizing the user of the virtual terminal to access a customer enclave and an update enclave based on security credentials received from the virtual terminal. The method also includes, while the user of the virtual terminal establishes a secure connection between the client computing device and the customer enclave, transmitting updates from the update enclave to the client computing device, thereby updating the trusted set of processing modules. | 04-05-2012 |
20120084563 | Systems and methods for multi-factor remote user authentication - What is disclosed is a handheld multi-factor remote user authentication card device in the form factor of a prior art one factor of “what you have” security card. The handheld multifactor card-device has innovative features that enable this single card device itself to function and accomplish a multifactor remote user authentication of “what you know”, “what you have”, “where you are” and “what you are”, factors to a network. The authentication logic dynamically adjusts what factors are applicable for specific security application enabling a universal remote authentication card-device. | 04-05-2012 |
20120084564 | SECURITY OPERATION METHOD AND SYSTEM FOR ACCESS POINT - A system and a method of operating a security for an Access Point (AP) are provided. The method includes sending, by a mobile terminal, a key code conversion request message to the AP, generating, by the AP, a conversion key code in response to the key code conversion request message, sending, by the AP, the generated conversion key code to the mobile terminal, and accessing, by the mobile terminal, the AP based on the received conversion key code. | 04-05-2012 |
20120089833 | SECURE DEPLOYMENT OF PROVABLE IDENTITY FOR DYNAMIC APPLICATION ENVIRONMENTS - An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have. | 04-12-2012 |
20120089834 | ESTABLISHMENT METHOD AND DEVICE FOR LINK BETWEEN ACCESS POINT AND REPEATER IN WIRELESS DISTRIBUTION SYSTEM - The present invention provides an establishment method and device for a link between an access point and a repeater in a wireless distribution system. The method comprises: starting the access point and the repeater in the wireless distribution system; the access point and the repeater transmitting an interactive message to each other, and obtaining channel information, channel encryption mode, cipher key information, and address information of an opposite end about the link between the access point and the repeater from the interactive message; the access point and the repeater establishing the link between the access point and the repeater according to the channel information, the channel encryption mode, the cipher key information, and the address information of the opposite end. The device comprises: a starting module, an interactive module, and an establishment module. The present invention overcomes the problem of the establishment method for a link between the access point and the repeater in a wireless distribution system, that is, it needs a user's manual input to determine the channel of the WDS link establishment, which causes the procedure of the link establishment is relatively troublesome. Furthermore, the present invention achieves the automatic optimal configurations on the channel of the WDS link, such that the operation of the user is more convenient and quicker, and the quality and the rate of the link are increased | 04-12-2012 |
20120089835 | System and Method for Automatic Authentication of an Item - A system, apparatus and method automatically authenticating an item. The media device includes a housing, a processor disposed within the housing, the item disposed within or attached to the housing, and a memory disposed within the housing. The memory stores computer readable instructions that when executed by the processor causes the processor to perform the steps: (a) obtaining the one or more identifiers from the item wherein the one or more identifiers includes a serial number or code; (b) transmitting the obtained identifier(s) to a server device for authentication; (c) receiving an authentication message from the server device; (d) continuing operation of the media device whenever the authentication message from the server device indicates that the item is authentic; and (e) performing one or more actions based on the authentication message whenever the authentication message from the server device indicates that the item is not authentic or cannot be verified. | 04-12-2012 |
20120089836 | OBJECT DELIVERY AUTHENTICATION - A method and system for authenticating delivery including the steps of receiving by a receiver a delivery information package from a deliverer over a network during a communication between the receiver and the deliverer, wherein the delivery package includes deliverer identity information, sending an authentication request of the received delivery package from the receiver to an authentication module having a hardware processor, over at least one of a call network and an additional network, and authenticating the received delivery package using the deliverer identity information. | 04-12-2012 |
20120096261 | METHOD AND APPARATUS FOR CONTROLLING ACCESS TO ENCRYPTED NETWORK COMMUNICATION CHANNELS - An apparatus and method are described for performing content filtering of encrypted network transactions. For example, in one embodiment, for an encrypted Internet transaction (such as an HTTPS transaction), a local cache lookup is performed using the network address of the requested Internet transaction to determine if name resolution data associated with the transaction is stored in a name resolution data cache. If name resolution data associated with the transaction is stored in the name resolution data cache, then the name resolution data is compared with a whitelist of acceptable Internet names. The requested Internet transaction is allowed only if a match is found between the name resolution data and one of the Internet names on the whitelist. | 04-19-2012 |
20120096262 | System and method of generating encryption/decryption keys and encrypting/decrypting a derivative work - A derivative work is encrypted using master keys generated from source data extracted from digital sources used to create the derivative work. A software application permits a mix artist to encrypt and stream a derivative work to a worldwide web server, where it is made available to consumers. A software application permits the consumers to acquire and decrypt an encrypted derivative work if the consumer has possession of a corresponding digital source for each of the digital sources used to encrypt the derivative work. | 04-19-2012 |
20120096263 | Security service control method and wireless local area network terminal - A security service control method and a WLAN terminal are provided, and the method includes: stopping a WPI service between a WLAN terminal and an AP when the WLAN terminal creates a security service of an IP layer and/or a layer above the IP layer, wherein the WPI service comprises: encrypting a data link layer message to be transmitted, and decrypting a received data link layer message. After the WPI service is stopped, when the WLAN terminal cancels the security service of the IP layer and/or the layer above the IP layer, the WLAN terminal completes processes of removing association, association, user authentication and key negotiation in turn with the WLAN AP, and uses a session key obtained through the key negotiation to recover the WPI service. The calculating resources can be saved by using the present invention. | 04-19-2012 |
20120096264 | JAVA STORE TELEVISION - A non-transitory computer readable storage medium including computer readable code that, when executed by a processor, is configured to receive, from a user network device, a first request to execute an application on the user network device. The first request includes a user identification, routing information, and requested application information, encrypted using a public key. The user network device is configured to display the application on a television display device. The code is further configured to decrypt the routing information and requested application information using a private key, send a second request for subscription information to a service provider, receive the subscription information from the service provider, and determine that a license corresponding to the application is associated with the user. The code is further configured to generate and send an application package configured to deploy the application using a Java Runtime Environment on the user network device. | 04-19-2012 |
20120096265 | Method and apparatus for communicating information between a security panel and a security server - A security panel includes a processor, memory, and a network interface having a unique MAC address, and is configured to communicate over a network with a server. A method for registering the security panel with the server includes contacting the server utilizing a network address stored in the memory. A dealer ID, a line number, and a unique account number is sent to the server. The dealer ID, the line number, and the unique account number are stored in the memory. An encryption key is received for encryption of additional communication between the security panel and the server. The unique MAC address is sent to the server in an encrypted session to verify the security panel to the server. | 04-19-2012 |
20120096266 | AUTHENTICATION SYSTEM - The authentication system includes a user node, a plurality of service nodes, an authentication database storage unit, an authentication unit, a user info nation database storage unit, and a key distribution unit. Each service node is configured to provide a service corresponding to its domain. The authentication database storage unit is configured to store a secret key of the user node for each domain. The user information database storage unit is configured to store an account used for associating a domain with the user node. The key distribution unit is configured to, upon receiving a domain change request from the user node and then confirming that the user information database stores the account associating the user node with a desired domain to which the user node intends to belong, obtain the secret key of the user node associated with the desired domain from the authentication database storage unit, and send the obtained secret key to the user node. The authentication unit is configured to create a session key, and encrypt the created session key with the secret key corresponding to the desired domain, and send the encrypted session key to the user node. | 04-19-2012 |
20120102322 | PROCESSING OF COMMUNICATION DEVICE SIGNATURES FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS - A method for execution in a communication device, which comprises receiving a first data set and a second data set over a first communication path; receiving a series of requests over local communication path different from the first communication path; responding to a first one of the requests by releasing a first response including the first data set over the local communication path; and responding to a second one of the requests by releasing a second response including the second data set over the second communication path. | 04-26-2012 |
20120102323 | DATA SECURITY PROTECTION METHOD - A data security protection method generates dynamic encryption keys and dynamic decryption keys for a host and a client during data transmission between the host and the client. The host stores a host initial key K | 04-26-2012 |
20120102324 | REMOTE VERIFICATION OF USER PRESENCE AND IDENTITY - A system for verifying presence and identity of a user on a remote computer comprises a server connected to a networked communication system; a remote computer including an interface for a digital key, wherein the remote computer is connected to the networked communication system; a digital key that connects to the remote computer via the interface, wherein the digital key contains an encrypted key; a processor on the remote computer for reading digital key from the digital key and transmitting the encrypted key to the server over the networked communications system; and a computer program executing on the remote computer that captures behavioral data of the user and transmits the behavioral data to the server over the networked communications system. | 04-26-2012 |
20120102325 | Methods And Apparatus For Protecting Digital Content - A processing system to serve as a source device for protected digital content comprises a processor and control logic. When used by the processor, the control logic causes the processing system to receive a digital certificate from a presentation device. The processing system then uses public key infrastructure (PKI) to determine whether the presentation device has been authorized by a certificate authority (CA) to receive protected content. The processing system may also generate a session key and use the session key to encrypt data. The processing system may transmit the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content. Presentation devices and repeaters may perform corresponding operations, thereby allowing content to be transmitted and presented in a protected manner. Other embodiments are described and claimed. | 04-26-2012 |
20120102326 | Facilitating Secure Communications - The claimed subject matter provides systems and methods for facilitating secure communications. The disclosed systems and methods can include components for receiving and processing user authentication information from users or other systems to selectively provide access to stored information. The stored information may be displayed on or accessed via interfaces that interact with components of the system. An embodiment provides for generating a message request based at least in part on at least one received user input, transmitting the message request to a server device, and receiving a message representation associated with the at least one user input that contains at least one resource identifier. | 04-26-2012 |
20120102327 | METHOD AND DEVICE FOR AUTHENTICATING COMPONENTS WITHIN AN AUTOMATIC TELLER MACHINE - The invention relates to a device and a method for authenticating components of an self-service automatic teller machine, wherein the components comprise unambiguous identification information that can be exchanged among the components, wherein an authentication of the components and/or the information exchanged between the components is carried out by the encryption and/or signature of the information on basis of identity based encryption (IBE) that uses the identification information of the components. | 04-26-2012 |
20120110329 | TECHNIQUES FOR MOBILE DEVICE AUTHENTICATION - A user authenticates a mobile device (MD) to a network-based service (NBS) for initial authentication. Policy is pushed from the NBS to the MD and the MD automatically obtains details about devices and attributes that are near or accessible to the MD in accordance with the policy. The details are pushed as a packet from the MD to the NBS and multifactor authentication is performed based on the details and the policy. If the multifactor authentication is successful, access privileges are set for the MD for accessing the NBS and perhaps for accessing local resources of the MD. | 05-03-2012 |
20120110330 | AUTOMATIC USER CREDENTIALS FOR REMOTE SUPPORT - Various embodiments herein include at least one of systems, methods, and software to receive and process credential requests for remote support of computer applications. One embodiment includes receiving a credentials request in a first environment from a second environment in response to an incident in the first environment. This embodiment further includes processing the received credentials request within the first environment by approving the request, activating credentials, and sending the credentials to the second environment. This embodiment may further include receiving, within the first environment, a message indicating the incident is resolved and deactivating the credentials. | 05-03-2012 |
20120110331 | METHOD FOR ACTIVATING A NETWORK NODE - In a method for activating a destination network node (SN) to be woken up in a wireless network ( | 05-03-2012 |
20120117385 | METHOD AND APPARATUS FOR DATA ENCRYPTION - Embodiments of the invention relate to message based encryption and authentication to support secure communication of a message. A time stamp embedded within the message is evaluated to ensure that a received message has not been subject to a significant time delay. More specifically, tools are employed to evaluate the authenticity of the message subject to the characteristics of the embedded time stamp. A message subject to a time delay is considered to be tainted and is not authenticated for receipt by a target device. | 05-10-2012 |
20120124373 | METHOD AND APPARATUS FOR AUTHENTICATIING A NETWORK DEVICE - A trust centre ( | 05-17-2012 |
20120124374 | SECURED ACKNOWLEDGE PROTOCOL FOR AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS AND FOR NETWORKED SENSOR DEVICES - A method for generating a secure acknowledgment message that involves constructing a plaintext of the acknowledgment message, computing a cyclic redundancy check (CRC) value for the plaintext of the acknowledgment message, encrypting the plaintext of the acknowledgment message to obtain a ciphertext of the acknowledgment message, computing a secure check (CHK) value from the ciphertext using bits of the cyclic redundancy check value (CRC) and then appending the secure check value (CHK) to the plaintext of the acknowledgment message. | 05-17-2012 |
20120124375 | APPARATUS, SYSTEM AND METHOD FOR VERIFYING SERVER CERTIFICATES - A device and method are provided for a device that authenticates a server over a network. The device and method are operable to contact the server to initiate a handshaking operation. The device receives certificate information and handshaking information from the server. The device completes the handshaking operations to establish the connection with the server. The device downloads the content from the server through the connection before authenticating the server to establish a secure connection. In some aspects, the device may display a portion of the downloaded content before the server is authenticated. | 05-17-2012 |
20120124376 | Information Processing System Using Nucleotide Sequence-Related Information - The present invention provides a highly-safe information processing system that is capable of effectively using nucleotide sequence information differences between individual organisms to offer semantic information useful for each individual organism while properly preventing leakage and illegal use of nucleotide sequence information. | 05-17-2012 |
20120124377 | PROCESS AND STREAMING SERVER FOR ENCRYPTING A DATA STREAM WITH BANDWIDTH BASED VARIATION - There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet-type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to affect the inventive process. | 05-17-2012 |
20120131337 | DEVICE ARCHIVING OF PAST CLUSTER BINDING INFORMATION ON A BROADCAST ENCRYPTION-BASED NETWORK - Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content. | 05-24-2012 |
20120131338 | AUTHENTICATION AND AUTHORIZATION OF A DEVICE BY A SERVICE USING BROADCAST ENCRYPTION - Provided are techniques to enable a device that provides a service to authorize a second device for receiving the service and the delivery of the service to the second device and other devices within a trusted network. A signed Management Key Block (MKB) is generated and transmitted over a network. Devices authorized to access a particular service parse the MKB and transmit a request. A server associated with the service determines whether or not the device is authorized to access the service based upon data included in the request. The first device may issue a challenge to the second device for authentication purposes. If service is approved, service is initiated, either from the first device or another authorized device. Devices may be organized into classes such that devices of a specific class are authorized to access the service. | 05-24-2012 |
20120131339 | SYSTEM AND METHOD FOR SECURE BI-DIRECTIONAL COMMUNICATION - An aspect of the present invention provides a method of communicating within a system having a first device, a second device, a key distribution device and an interactive service portal device. The method includes: storing a tag within the interactive service portal device; associating the tag with the first device; registering the first device with the key distribution device; associating, by way of the key distribution device, an encryption key with the first device; accessing, by way of the second device, the tag; providing information to the second device; and establishing secure bi-directional interactive communication, corresponding to the tag, between the first device and the second device based on a relationship between the information and the encryption key. | 05-24-2012 |
20120131340 | Enrollment of Physically Unclonable Functions - Aspects of the present disclosure are directed toward a method that includes a physically-unclonable function (PUF) device that receives a communication that includes a first challenge value, a second challenge value and a remote message authenticity value. The method includes the generation of additional challenge-response pairs in a secure manner. The additional challenge-response pairs are securely communicated between the PUF device and an authenticating server or other device for subsequent use in authentication. | 05-24-2012 |
20120131341 | METHOD AND SYSTEM FOR IMPROVING STORAGE SECURITY IN A CLOUD COMPUTING ENVIRONMENT - A method of improving storage security in a cloud environment includes interfacing a secure microcontroller with a storage controller associated with a client device in the cloud environment to authenticate a platform associated with the storage controller and registering the storage controller with an authentication server configured to be set up in the cloud environment. The method also includes authenticating the storage controller based on a communication protocol between the client device, the authentication server and the storage controller, and obtaining, at the client device, a signature data of the storage controller following the authentication thereof. The signature data is configured to be stored in the secure microcontroller interfaced with the storage controller. | 05-24-2012 |
20120131342 | METHOD AND APPARATUS FOR CONTROLLING ACCESS TO DATA BASED ON LAYER - Disclosed is an access control apparatus and method for giving access authority with respect to data. The access control apparatus may encrypt, using a Public Key (PK) of a terminal, a Node Key (NK) of a target layer in which the access authority is to be granted to the terminal, and produce an Access Control List (ACL) of the target layer based on the encrypted NK and ID information of the terminal. Also, the access control apparatus may produce a copy of the ACL based on the produced ACL, and store the produced copy of the ACL in a lower layer. | 05-24-2012 |
20120131343 | SERVER FOR SINGLE SIGN ON, DEVICE ACCESSING SERVER AND CONTROL METHOD THEREOF - Disclosed are a server, a device accessing the server and a control method thereof, the server for single sign on including: a storage unit which stores user information of a second device; and a controller which identifies a second device which is accessed by a same user as a user of a first device and which stores account information, if the first device requests the account information for a content provider. With this configuration, there are provided a server which shares account information for a content provider, a device accessing the server and a control method thereof. | 05-24-2012 |
20120137131 | AUTHENTICATION METHOD, SYSTEM, AND DEVICE - The present invention provides an authentication method, an authentication system, and an authentication device, which is in information security field. The method includes that a service side receives a username and a first value from a client side, searches a seed of a dynamic password token, and generates a first dynamic password according to the first value and the seed, converts the first dynamic password to the first authentication password and the second authentication password, and sends the first authentication password to the user; the dynamic password token generates a second dynamic password and sends the first authentication password to a user; the dynamic password token generates a second dynamic password and converts the second dynamic password to a third authentication password and a fourth authentication password; the user compares the first authentication password and the third authentication password to determine that they are identical, so as to confirm that the user is legal or the transaction is permissible. The invention prevents malicious attack and operation of illegal users, which improves the security of information and property of the users. | 05-31-2012 |
20120144193 | Open protocol for authentication and key establishment with privacy - A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications. | 06-07-2012 |
20120144194 | Service providing client, wireless terminal and method for implementing binding - The disclosure discloses a service providing client, a wireless terminal and a method for implementing binding. The service providing client comprises a transmission module, which is configured to transmit authentication information to the wireless terminal ( | 06-07-2012 |
20120144195 | METHOD AND SYSTEM FOR UNIFIED MOBILE CONTENT PROTECTION - Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control. | 06-07-2012 |
20120144196 | System and Method for Secure Control of Resources of Wireless Mobile Communication Devices - Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles. | 06-07-2012 |
20120151210 | EXTENDED SECURITY FOR WIRELESS DEVICE HANDSET AUTHENTICATION - A mobile device is related to a user account. An agent implemented as processor instructions on a computing device sends login information to a service provider server. The service provider server compares the login information to the user account, performs a proximity check of the mobile device and the computing device, and sends authorization to the agent to approve an exchange of data with an application on the computing device. | 06-14-2012 |
20120151211 | SYSTEMS, METHODS AND APPARATUS TO APPLY PERMISSIONS TO APPLICATIONS - Methods and apparatus are disclosed to apply permissions to applications. A disclosed example method includes navigating to a first network address of a first network entity and downloading an application from the first network entity, disabling all network address communication except for the first network address, sending an authorization request to a second network entity via the first network address, and authorizing the application to execute when an indication of authentication is received from the second network entity via the first network address. | 06-14-2012 |
20120151212 | Securing home agent to mobile node communication with HA-MN key - The invention is a new protocol for securing the communication link between the Home Agent and the Mobile Node. A cipher key and an integrity key are generated at a home AAA server and are also generated independently at the Mobile Node. The two keys generated at the home AAA server are transmitted to the Home Agent to secure information packets transmitted between the Mobile Node and the Home Agent. The cipher key and integrity key are used to establish a security association used for information packet transmissions. The cipher key is used to encrypt the information packets, and the integrity key is used to ensure that the contents of the encrypted message are not altered. | 06-14-2012 |
20120151213 | Method and System for Managing Home Gateway Digital Certifications - The present invention discloses a method and system for managing digital certificates in a home gateway, the method comprising: a network management server sending certificate management information to the home gateway via the Technical Report-069.CPE WAN Management Protocol (TR069) packet, and remotely managing the digital certificates in the home gateway; after the home gateway receives the TR069 packet, it manages the digital certificates according to the certificate management information in the packet as follows: add digital certificates, update digital certificates, or delete digital certificates. With the technical solution of the present invention, the remote management for digital certificates in the home gateway can be achieved. | 06-14-2012 |
20120159159 | SYSTEM AND METHOD FOR SECURE COMMUNICATIONS IN A COMMUNICATION SYSTEM - A system and method for secure communications in a communication system, wherein the system programs a computer to perform the method, which includes: receiving at least one authentication key, without an encryption key, from a key-management server; receiving a packet, which is encrypted, from a source device; authenticating the packet, using the at least one authentication key, without cryptographically altering the packet; and forwarding the authenticated packet to a destination device of the packet. | 06-21-2012 |
20120159160 | HIGH SECURITY DISPLAY OF PRIVATE DATA - A device, method, and computer-readable medium are disclosed. In one embodiment, the device includes an inbound port to receive information from an information retrieval peripheral. The device also includes an outbound port to send information to a local computing device. The device includes masking logic to cause the local computing device to recognize the portable security device as at least one of a plurality of endpoint devices. The device also includes data obfuscation logic that is capable of obfuscating simple data format data, received from the information retrieval peripheral, obfuscating that data into a non-simple data format, and sending the obfuscated data to the local computing device. The non-simple data format includes at least one frame of video. | 06-21-2012 |
20120159161 | AUTHENTICATION APPARATUS AND METHOD FOR NON-REAL-TIME IPTV SYSTEM - An authentication apparatus for a non-real-time IPTV system decrypts a first encrypted value included in a contents request message received from a device using a preset session key, and then verifies the validity of the contents request message. If the verification results of the contents request message are valid, the authentication apparatus encrypts a variation between timestamps of the authentication apparatus and the device using the session key, and then generates a second encrypted value. After verification information by which the device is capable of verifying the authentication apparatus has been generated using the second encrypted value, the authentication apparatus sends verification information, together with contents corresponding to the contents request message, to the device. | 06-21-2012 |
20120159162 | PREVENTING RACE CONDITIONS IN SECURE TOKEN EXCHANGE - The present invention relates to methods and systems for preventing race conditions in secure token conversations. The method includes generating a message from a client application to a server application, determining that a first secure conversation token (SCT) exists, and using the first SCT to encrypt the message. The method further includes sending the encrypted message to the server, receiving an indication that the first SCT has expired, and initiating an SCT renew request. The method includes storing the first SCT, receiving a second SCT in response to the SCT renew request, and storing the second SCT in addition to the first SCT. The method further includes retrieving an encrypted message, determining that the encrypted message has been encrypted using the first SCT, in response to the determination, using the first SCT to decrypt the message, and generating a response from the server to the client. | 06-21-2012 |
20120159163 | LOCAL TRUSTED SERVICES MANAGER FOR A CONTACTLESS SMART CARD - Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes. | 06-21-2012 |
20120159164 | MESSAGE-HANDLING SERVER AND METHOD FOR HANDLING SECURE MESSAGE ATTACHMENTS FOR A MOBILE DEVICE - A secure message that includes an attachment is received at a server. The secure message may have a secure layer that indicates that the secure message is at least digitally signed. The secure message may be provided without the attachment to the mobile device over a wireless network. A request may be received from the mobile device to access the attachment. The request may include an attachment identifier (ID) that identifies the attachment in accordance with a message-attachment indexing system. In response to the request to access the attachment, the server may perform an index lookup to find the attachment based upon the attachment ID, may look through the secure layer of the secure message in order to locate the attachment within the secure message, and may render at least an initial portion of the attachment by the server in a format for viewing by the mobile device. | 06-21-2012 |
20120159165 | Protecting Computers Using an Identity-Based Router - A router is placed between a protected computer and devices with which the computer communicates, including peripherals and other computers. The router includes a list of authorized devices that are permitted to send data to the protected computer, against which requests to send data are checked. The router also communicates with a remote authentication service to authenticate devices requesting such permission. The authentication service may be a cloud-based identity service. | 06-21-2012 |
20120159166 | METHOD OF VERIFYING KEY VALIDITY AND SERVER FOR PERFORMING THE SAME - Disclosed herein is a method of verifying key validity and a server for performing the method. The method is configured such that a service provision server verifies key validity in an anonymous service for providing local linkability. The service provision server receives a revocation list. A local revocation list is generated using the received revocation list and a secret key. A virtual index of a service user required to verify key validity is calculated. Whether a key of the service user is valid is verified, based on whether the virtual index is included in the local revocation list. | 06-21-2012 |
20120159167 | METHOD AND APPARATUS FOR AUTHENTICATING PER M2M DEVICE BETWEEN SERVICE PROVIDER AND MOBILE NETWORK OPERATOR - A system is capable of authenticating a service per Machine to Machine (M2M) device between an M2M service provider and a mobile communication operator. The system includes an authentication server for generating an M2M device IDentifier (ID), a first authentication key, and an M2M service provider ID per M2M device, The authentication server also generates a second authentication key, a first hash function value, and a first random variable based on the M2M device ID, the first authentication key, and the M2M service provider ID. and transmitting the second authentication key, the first hash function, and the first random variable to an M2M agent to an M2M agent. | 06-21-2012 |
20120159168 | AUTHENTICATED COMMUNICATION ASSOCIATION - A computer based system enables secure communication between children. A first child requests to form a buddy association with another child using a computer connected to a server using a network. The server provides the first child with a passcode, which the first child gives a second child, in person. The second child then completes the request on a computer connected to the server, and provides the passcode to form the association. Parents or guardians are notified that the children have formed an association, and may thereafter supervise the association. | 06-21-2012 |
20120159169 | BIDIRECTIONAL ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY - An entity bidirectional authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message | 06-21-2012 |
20120166798 | METHOD AND SYSTEM FOR USING NEIGHBOR DISCOVERY UNSPECIFIED SOLICITATION TO OBTAIN LINK LOCAL ADDRESS - A system that facilitates enhancing security for a computer device by obtaining a link layer address of an IPv6 IPsec address. The system including a computer device having a software module, which performs the following steps: capturing multicast addresses and solicited multicast addresses for one or more IPv6 IPsec addresses; calculating the computer device identifier from the one or more multicast addresses and solicited multicast addresses; storing the computer device identifier for the one or more multicast addresses and solicited multicast addresses; sending a neighbor solicitation to one or more of the IPv6 IPsec addresses as a tentative target address simulating double address detection; capturing the neighbor advertisement response from the one or more IPv6 IPsec addresses and calculating a link-layer identifier; generating a neighbor cache with the link-layer identifier; and enabling IPv6 IPsec communication with the one or more IPv6 IPsec addresses using the link-layer identifier. | 06-28-2012 |
20120166799 | SYSTEM AND METHOD FOR SECURELY MOVING CONTENT - A domain controller is provided for use with a content source and a media device. The content source can provide encrypted content and rights data corresponding to the encrypted content. The media device can provide a request for the encrypted content and the rights data. The domain controller includes a communication portion, a digital rights management portion and a memory portion. The communication portion can engage in a first bi-directional communication with the content source and can engage in a second bi-directional communication with the media device. The digital rights management portion can receive the rights data. The memory portion can store the encrypted content. The second bi-directional communication includes an authorization and authentication communication between the communication portion and the media device, a secure move message exchange between the communication portion and the media device and a content download from the communication portion to the media device. | 06-28-2012 |
20120166800 | PROCESS AND DEVICE FOR AUTHENTICATION - The authentication process comprises:
| 06-28-2012 |
20120173875 | METHOD AND APPARATUS FOR PROVIDING SECURE COMMUNICATION IN A SELF-ORGANIZING NETWORK - A communication system provides secure communication between two nodes in a self-organizing network without the need for a centralized security or control device. A first node of the two nodes is provisioned with one or more security profiles, auto-discovers a second node of the two nodes, authenticates the second node based on a security profile of the one or more security profiles, selects a security profile of the one or more security profiles to encrypt a communication session between the two nodes, and encrypts the communication session between the two nodes based on the selected security profile. The second node also is provisioned with the same one or more security profiles, authenticates the first node based on a same security profile as is used to authenticate the second node, and encrypts the communication session based on the same security profile as is used for encryption by the first node. | 07-05-2012 |
20120173876 | KEYLESS CHALLENGE AND RESPONSE SYSTEM - A confidential information exchange between a sender and a receiver may be conducted without the use of encryption keys. The information is coded with a Challenge-Response Table that is shared between the sender and the receiver. Rather than sending a challenge and then waiting for a response, the challenge and response are both sent by the sender of the information. The information sent comprises an index with a challenge and a response from the Challenge-Response Table. Upon receiving the coded information, the receiver uses the Challenge-Response Table to decode the information by using the index to locate the challenge and its valid response. Upon determining that the challenge and the response are correct, a first decoded answer is determined. Upon determining that either the challenge or the response, or both, are incorrect, a second decoded answer is determined. | 07-05-2012 |
20120179911 | CRYPTOGRAPHIC KEY BACKUP AND ESCROW SYSTEM - A system for securely storing application keys is comprised of a database system, a peripheral hardware security module and cryptographic keys, wherein cryptographic keys comprise application keys, intermediate keys and a master key. Application keys are grouped according to characteristic and are associated with a particular intermediate key, which is utilized to scramble and descramble application keys within the associated group. Intermediate keys are associated with the master key, which is utilized to scramble and descramble the intermediate keys. Scrambling and descrambling of keys is performed within the peripheral hardware security module. | 07-12-2012 |
20120179912 | Method and System for Generating Ciphertext and Message Authentication Codes Utilizing Shared Hardware - A method and system for generating ciphertext and message authentication codes utilizing shared hardware are disclosed. According to one embodiment, a method is provided of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware. In the described embodiment, plaintext message data is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules. Thereafter, a first message authentication code (MAC) associated with a first authenticated encryption mode and a second MAC associated with a second authenticated encryption mode are generated. More specifically, the first MAC is generated utilizing the plaintext message data and first authenticated encryption hardware module and ciphertext message data and the second MAC are generated utilizing the plaintext message data and second authenticated encryption hardware module. | 07-12-2012 |
20120185693 | SECURE PROGRESSIVE DOWNLOAD FOR MEDIA CONTENT PLAYBACK - In embodiments of secure progressive download for media content playback, a client device ( | 07-19-2012 |
20120185694 | INFORMATION PROCESSING APPARATUS, A SERVER APPARATUS, A METHOD OF AN INFORMATION PROCESSING APPARATUS, A METHOD OF A SERVER APPARATUS, AND AN APPARATUS EXECUTABLE PROGRAM - To provide an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program. | 07-19-2012 |
20120191973 | ONLINE PRESENCE OF USERS - The invention concerns presence of users, such as online presence in a broadcast domain. First one-way encrypted (e.g. hashed) presence information of multiple users is received ( | 07-26-2012 |
20120191974 | CONTENT DISTRIBUTION SYSTEM, MOBILE COMMUNICATION TERMINAL DEVICE, AND COMPUTER READABLE MEDIUM - A content distribution system includes a management device and a viewing device. The management device manages encrypted content information. The viewing device acquires the encrypted content information from the management device, decodes the encrypted content information, and allows the decoded content information to be viewed. The management device includes a view control information issuing unit. Upon receipt of a request from the viewing device to issue view control information, the view control information issuing unit issues view control information including decryption key information corresponding to an (i)-th random number corresponding to an ordinal number (i) among plural random numbers and period-of-validity information about a period of validity. The plural random numbers are shared between the management device and the viewing device. The viewing device includes a storage unit, a counting unit, a holding unit, a request unit, a calculation unit, a display controller, an update unit, and a deletion unit. | 07-26-2012 |
20120191975 | CRITICAL SECURITY PARAMETER GENERATION AND EXCHANGE SYSTEM AND METHOD FOR SMART-CARD MEMORY MODULES - A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form. | 07-26-2012 |
20120191976 | SYSTEM AND METHOD FOR SCHEDULING AND EXECUTING SECURE ELECTRONIC CORRESPONDENCE OPERATIONS - A secure electronic correspondence method and system based on a principle relating to the uniqueness of the originals of the correspondences. The archiving thereof is certified by a certification service provider and performed by an archive operator in an electronic safe box. The main steps of the processes for processing said correspondences are the subject of a report confirming the correct execution thereof, including the return of a certification token by the operator responsible for the step to the managers of the trust chain. In a variant, correspondences belonging to a document management series can only be sent if they meet management rules set for the series. In a privileged mode, functions of the electronic correspondence operators that do not necessarily have to meet user proximity requirements can be grouped together into shared service centers within which the communications are reduced without negatively affecting the reliability of the process. | 07-26-2012 |
20120198232 | GENERALIZED POLICY SERVER - A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control database to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. | 08-02-2012 |
20120198233 | METHOD FOR RECALLING A MESSAGE AND DEVICES THEREOF - A method for recalling a message and a device thereof are provided, thereby efficiently satisfying a message recall demand, and improving a service quality of a message service. The method includes: sending a message recall request to a message receiving device, in which the message recall request carries a message identifier of the message to be recalled and a message authentication header field, and the message authentication header field includes an encryption algorithm and a random number generated by encrypting a random number for authenticating the message through the encryption algorithm, so that the message receiving device determines the message to be recalled according to the message ID and the message authentication header field, and disposes the message to be recalled according to a local policy and a delivery status of the message to be recalled; and receiving a message recall disposition result returned by the message receiving device. | 08-02-2012 |
20120204029 | METHOD AND SYSTEM FOR CONDUCTING AN ATTORNEY CLIENT PRIVILEGED CONFERENCE WITH THE LAWYER AT AN INDEPENDENT LOCATION - The present invention relates to a secure system for video conference between an attorney and their incarcerated inmate client. Client is positioned at a video conference terminal and attorney at their computer and the conference scheduled, confirmed and completed over the internet in a secure manner. | 08-09-2012 |
20120204030 | METHOD AND SYSTEM FOR CLOUD BASED STORAGE - A method is disclosed wherein a first virtual machine is provided in execution. A storage area network for storing of data of the first virtual machine is also provided. A second virtual machine is executed for receiving first data from the first virtual machine for storage within the storage area network and for securing the first data to form secured first data and for storing the secured first data within the storage area network. | 08-09-2012 |
20120204031 | SYSTEM AND METHOD FOR DISTRIBUTING KEYS IN A WIRELESS NETWORK - A technique for improving authentication speed when a client roams from a first authentication domain to a second authentication domain involves coupling authenticators associated with the first and second authentication domains to an authentication server. A system according to the technique may include, for example, a first authenticator using an encryption key to ensure secure network communication, a second authenticator using the same encryption key to ensure secure network communication, and a server coupled to the first authenticator and the second authenticator wherein the server distributes, to the first authenticator and the second authenticator, information to extract the encryption key from messages that a client sends to the first authenticator and the second authenticator. | 08-09-2012 |
20120210127 | AUTHENTICATION DEVICE USING TRUE RANDOM NUMBER GENERATING ELEMENT OR PSEUDO-RANDOM NUMBER GENERATING ELEMENT, AUTHENTICATION APPARATUS, AND AUTHENTICATION METHOD - Provided are an authentication device using a true random number generating element or a pseudo-random number generating element, for example, a USB token, an authentication apparatus using the same, an authentication method, an authentication system and the like. In the authentication system, the authentication device is prepared on a user side, and one code generated in the authentication device is used to encrypt another code. The authentication apparatus registers the codes and decrypts the encrypted code sent from the authentication device by using the registered codes to perform an authentication. | 08-16-2012 |
20120210128 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - An information processing apparatus includes: a data processing unit generates contents to be provided to a client, extracts plural blocks as content configuration data from an original content, sets patterns including block rows of the extracted blocks, generates encrypted blocks applying block keys which are different according to respective patterns and respective blocks, selects encrypted blocks from the patterns at random in each content delivery, generates individually-encrypted portions by encrypting part of configuration data of the selected blocks by applying an individual key corresponding to a client as a content delivery destination, and generates encrypted content including encrypted blocks on which encryption processing by the block keys is performed and individually-encrypted portions on which encryption processing by the individual key is performed as the content to be provided to the client. | 08-16-2012 |
20120210129 | METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) - A method for external organization path length (EOPL) validation is provided. A relying party node of an organization receives an authentication request from a subject node of an external organization. The relying party node then obtains and evaluates certificates from a chain of certificates that link the subject node to a trust anchor of the relying party node wherein, at least one certificate from the chain of certificates comprises an enabled external organization flag (EOF) and/or an external organization path length constraint (EOPLC). The relying party node invalidates authentication of the subject node when the relying party node determines that a total number of enabled EOFs from certificates in the chain of certificates exceeds the lowest EOPLC value from certificates in the chain of certificates. | 08-16-2012 |
20120210130 | User Authentication System - Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials. | 08-16-2012 |
20120210131 | SECURE METHOD OF SYNCHRONIZING CACHE CONTENTS OF A MOBILE BROWSER WITH A SERVER - A method of securely synchronizing cache contents of a mobile browser with a server includes initiating a session between the browser and server, including transmission of browser state information regarding the cache contents and an authentication key to the server; maintaining a record of data sent from the server to the browser for storage in the cache; maintaining a record of the state information regarding the cache contents transmitted from the browser to the server; and transmitting data requests from the browser to the server, in response to which the server uses the key as a seed generation function and accesses each the record of data and returns only data that does not already form part of the cache contents, and wherein the data includes a result of a hash of data generated by the generation function for authentication by the browser before updating the cache contents with the data. | 08-16-2012 |
20120210132 | METHOD AND APPARATUS FOR SECURING DEVICES IN A NETWORK - An access point receives a notification (or advertisement) from a device, which lacks a service. The access point adds the service to the notification, and forwards the notification to other devices on the network. Upon receiving from a control point a request to use the added service, the access point provides the service on behalf of the device. | 08-16-2012 |
20120210133 | DATA PROCESSING APPARATUS - In the configuration performing a data processing by a hardware processing circuit (accelerator), to provide a technology capable of improving a poorness of processing efficiency by multiple accesses to the data, the following solving means are provided. A network data processing accelerator of the present network data processing apparatus comprises processing units corresponding to each processing of an encryption/decryption, a message authentication, and a checksum, and in the data processing including a combination of each processing, accesses for the same data of the memory and the like through a bus I/F unit and the like is collected together into one time, and a pipeline processing is performed using the least common multiple of the data processing unit of each processing. | 08-16-2012 |
20120216037 | METHODS AND SYSTEMS FOR ACCESS SECURITY FOR DATALOADING - Systems and methods for access security for dataloading are provided. In one implementation, a system comprises a first computer that transmits a packet, the first computer comprising: an authentication code memory that stores an authentication code for the packet; a first processing unit that executes communication instructions in a first memory, the communication instructions attaching the authentication code to the packet; and a first communication port that transmits the packet. The system also comprises a second computer that receives the packet, the second computer comprising: a second communication port that receives the packet; a verification code memory that stores a verification code for verifying the packet's authentication code; and a second processing unit that executes verification instructions in a second memory, the verification instructions comparing the verification code against the authentication code, wherein the second computer rejects the packet if the verification code does not match the authentication code. | 08-23-2012 |
20120216038 | UNIFIED VIDEO DELIVERY SYSTEM FOR SUPPORTING IP VIDEO STEAMING SERVICE - A home gateway may be used to handle at least a portion of processing of content obtained for consumption by client devices serviced via the home gateway. The home gateway may receive a single copy of content having a first format, and may convert the received content to one or more other formats suitable for presentation by at least one of the client devices based on knowledge of the client devices. The home gateway may maintain secure and/or protected access of the content handled via the home gateway. During protected access the home gateway may partition the content into a plurality of encrypted segments that are forwarded separately to the client devices. The client devices may utilize a corresponding plurality of encryption keys for decrypting the encrypted segments. The encryption keys may be obtained from an external key server. The home gateway may also generate the encryption keys. | 08-23-2012 |
20120216039 | Method and Apparatus for Source Identification for Key Handling Following a Han-Dover Failure - A method of enabling key handling for a handover between different domains may include determining whether an indication of a potential key mismatch is present responsive to an attempt to conduct a handover between a first domain and a second domain, and defining validity of a most recent key set used for ciphering communication between a mobile terminal and a network device based on a result of the determining. | 08-23-2012 |
20120221857 | System And Method For Securing And Tracking Files - A method, system and computer program product for securing and tracking restricted files stored in a data processing system is provided. The data processing system is connected to a server for sharing information. An entity requesting to access a restricted file is authenticated, based on certain policies defined by a system administrator. Further, the system maintains a log of operations executed on the restricted file, and sends a record of the log to the server. | 08-30-2012 |
20120226905 | Method and System for Discovering, Authenticating and Accessing Multiple Computing Devices - The system and methods disclosed allows devices, possibly on different networks, to discover, access and authenticate one another. When the target device is on the same network as the source device (or is otherwise directly addressable by the source device), the system provides a mechanism by which the source device can connect directly to the target device; otherwise, the system provides a mechanism by which the source and target devices may communication with one another using a commonly accessible computing device as a proxy. In the latter case, the mechanism is such that it is not technologically feasible for the proxy device to decipher communications between the source and target devices. The system accommodates dynamic change in network location (e.g. IP address) without requiring reconfiguration by the user, and mitigates problems introduced by the existence of firewalls. | 09-06-2012 |
20120226906 | Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP - A method of authenticating and encrypting a client-server communication is provided. Two one-time passwords (OTP | 09-06-2012 |
20120226907 | Method and Apparatus For Article Authentication - An authentication method for authenticating an article in a device includes the steps of (a) reading an identification number stored on the article, (b) reading an authentication number stored on the article, (c) determining an input number based at least in part on the identification number, (d) applying an authentication function to the input number to calculate an output number, (e) determining that the article is authentic only if the authentication number corresponds to the output number, and (f) permitting use of the article in the device if the article is authentic, and disabling use of the article in the device if the article is not authentic. | 09-06-2012 |
20120226908 | System and Methods for Web-Application Communication - A system for providing communication between one or more clients ( | 09-06-2012 |
20120233460 | SERVER-AIDED MULTI-PARTY PROTOCOLS - The disclosed architecture employs techniques that make secure multi-party computation (MPC) practical and scalable. In support of utilizing cloud computing, for example, for evaluating functionality, a third party server can be employed which does not have any input to the computation and does not receive any output from the computation, yet has a vast amount of computational resources. Accordingly, the secure MPC architecture can outsource as much as possible of the computation and communications burden of the parties without the server(s) learning any information about the party inputs. | 09-13-2012 |
20120233461 | DATA TRANSMITTING APPARATUS AND DATA AUTHENTICATING METHOD - According to an aspect of the present invention, there is provided a data transmitting apparatus including an authenticator generating unit and a communicating unit. The authenticator generating unit generates a first authenticator by using a first encryption key and generates a second authenticator including a first to an n-th fragment information items by using a second encryption key. The communicating unit transmits a first packet including the first authenticator and the first fragment information item to a destination device and, after the first packet is transmitted, if a response indicating successful authentication is not received from the destination device within a certain period, sequentially transmits an i-th packet (i is an integer being 2 or more and n or less) including the i-th fragment information item to the destination device. | 09-13-2012 |
20120233462 | METHOD AND SYSTEM FOR AUTOMATICALLY LOGGING IN A CLIENT - A method and system for automatically logging in a client is disclosed in the present invention, mainly comprising: use encrypted ICCID for the authentification of user's identity during automatic login; when authentification is passed, determine the account information corresponding to the identification of the client to be logged in currently by the user, and log in the client automatically with the determined account information, so that the user can conveniently manage the account information corresponding to each client when he guarantees the security of the account information simultaneously, avoiding the troublesome inputting of username and password of the account and achieving the purpose of automatically logging in a client. | 09-13-2012 |
20120233463 | Cluster Federation and Trust - An improved scalable object storage system allows multiple clusters to work together. In one embodiment, a trust and federation relationship is established between a first cluster and a second cluster. This is done by designating a first cluster as a trust root. The trust root receives contact from another cluster, and the two clusters exchange cryptographic credentials. The two clusters mutually authenticate each other based upon the credentials, and optionally relative to a third information service, and establish a service connection. Services from the remote cluster are registered as being available to the cluster designated as the trust root. Multi-cluster gateways can also be designated as the trust root, and joined clusters can be mutually untrusting. Two one-way trust and federation relationships can be set up to form a trusted bidirectional channel. | 09-13-2012 |
20120233464 | PCI DSS COMPLIANT PROXY SERVICE - The innovation includes systems and methods of facilitating electronic commerce (e-commerce) via a proxy service. Such a method can include the acts of receiving a hypertext transfer protocol with secure socket layer (HTTPS) request from a client application and translating the HTTPS request to a format appropriate for an e-commerce web application. Additionally, such a method can include the steps of sending the translated request to the e-commerce web application via HTTPS and receiving a response based at least in part on the translated HTTPS request. The method can also include the acts of translating the HTTPS response to a format appropriate for the client application and sending the translated response to the client application via HTTPS. Secure information can be encrypted and stored at the client application separately from the encryption key, which can be stored by the proxy service. | 09-13-2012 |
20120233465 | Distribution of Credentials - The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key. | 09-13-2012 |
20120239928 | Online Security Systems and Methods - Described are a system and method for securing an online transaction. A request is output from an electronic device to a verification server to perform an online transaction. The verification server generates a challenge request. The challenge request is encrypted with a private key of a pair of cryptographic keys. The encrypted challenge request is decrypted with a public key of the pair of cryptographic keys. The decrypted challenge request and the challenge request generated by the verification server are compared. A verification result is generated in response to the comparison. | 09-20-2012 |
20120239929 | HYBRID NETWORKING MASTER PASSPHRASE - A method and apparatus for providing a passphrase-based security setup for a hybrid network including multiple network interfaces configured for communicating over one or more communication media are provided. The method includes receiving a passphrase from a user at a network interface of the multiple network interfaces. The received passphrase is then used for authenticating the device for one or more network interfaces. The authentication can be performed irrespective of a communication medium used by the network interfaces. | 09-20-2012 |
20120239930 | Keyed PV Signatures - A system and method enabling a recipient correspondent of a keyed PV signature to convert it to a signature with properties similar to a traditional signature (i.e., where the message is public and may be verified by anyone), removing the keyed aspect of the signature. The recipient correspondent may transfer the converted signature to a third party and provide the third party with a proof of knowledge such that the third party may be convinced that the originator of the signature signed the message. | 09-20-2012 |
20120246473 | ENCRYPTION INFORMATION TRANSMITTING TERMINAL - The communication unit transmits and receives a communication message. The authentication processor performs an authentication process for establishing the network connection by transmitting and receiving an authentication message to and from an authentication server through the communication unit. The encryption information generator generates an encryption key shared with the authentication server when the authentication process is successfully completed. The first message generator generates a first communication message instructing the destination device to acquire the encryption key from the authentication server. The second message generator generates a second communication message including data to be transmitted to the destination device. The communication unit transmits the first communication message to the destination device, encrypts the second communication message with the encryption key, and transmits an encrypted second communication message to the destination device. | 09-27-2012 |
20120246474 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PRODUCT LICENSE MANAGEMENT - According to one aspect of the present disclosure, a method and technique for product license management for a clustered environment having a plurality of nodes is disclosed. The method includes unlocking a product on a first node of the plurality of clustered nodes; responsive to unlocking the product on the first node, indicating an unlocked status of the product on a shared storage device accessible to the plurality of clustered nodes; and transmitting a self-unlock message from the first node to remaining nodes of the cluster to enable the remaining nodes of the cluster to self-unlock the product on the respective remaining nodes based on the status indication of the shared storage device. | 09-27-2012 |
20120246475 | CENTRAL AND IMPLICIT CERTIFICATE MANAGEMENT - Facilitating management of digital certificates is addressed. More specifically, digital certificates as well as public and private keys can be stored in a centrally accessible location and dynamically acquired from the location as needed. Additionally, binding of digital certificates and associated keys can be implicit and determined as a function of a host name provided during protocol negotiation, for example. | 09-27-2012 |
20120246476 | MULTI-APPLICATION SMART CARD, AND SYSTEM AND METHOD FOR MULTI-APPLICATION MANAGEMENT OF SMART CARD - A multi-application smart card and a multi-application management system and method for the smart card are provided. The multi-application smart card comprises a management device for the application security domain, and the management device is use to manage and maintain the application security domains in the multi-application smart card, and the application security domains comprise a plurality of issuer application security domains which share the control right of the multi-application smart card. Optionally, the application security domains also comprise at least one cardholder application security domain which is subordinate to the issuer application security domain that creates the cardholder application security domain, and wherein the at least one cardholder application security domain is used to manage and maintain the applications created by the cardholder. | 09-27-2012 |
20120246477 | Method for Validating a Road Traffic Control Transaction - A method for validating a road traffic control transaction. The method includes: storing a cryptographic key assigned to a transaction receiver, in the transaction receiver; recording an image of a vehicle; reading an identification of the vehicle in the recorded image by OCR and generating a control transaction thereof in the control station; generating a random key and encrypting the recorded image into authentication data with the random key and the cryptographic key in the control station; transmitting the recorded image, the control transaction, the random key and the authentication data to the transaction receiver; in the transaction receiver, encrypting the received recorded image into nominal authentication data with the received random key and the stored cryptographic key; and comparing the received authentication data with the nominal authentication data. The received control transaction is then validated when the received authentication data and the nominal authentication data are identical. | 09-27-2012 |
20120246478 | INFORMATION SHARING SYSTEM, COMPUTER, PROJECT MANAGING SERVER, AND INFOMATION SHARING METHOD USED IN THEM - A project managing unit | 09-27-2012 |
20120246479 | PRIMITIVE FUNCTIONS FOR USE IN REMOTE COMPUTER MANAGEMENT - The invention facilitates remote management of a computer via a network. Remote computer management capability can be expanded beyond that previously available through the addition of one or more new primitive functions that can be performed on a managed computer. | 09-27-2012 |
20120246480 | Method and Arrangement for Enabling Play-Out of Media - Methods and arrangements for enabling the use of a first device ( | 09-27-2012 |
20120254612 | Privacy-Preserving Probabilistic Inference Based on Hidden Markov Models - A probability of an observation sequence stored at a client is evaluated securely with respect to a hidden Markov model (HMM) stored at a server. The server determines, for each state of the HMM, an encryption of a log-probability of a current element of the observation sequence. Determines, for each state of the HMM, an encryption of a log-summation of a product of a likelihood of the observation sequence based on a previous element of the observation sequence and a transition probability to the state of the HMM. Determines an encryption of a log-likelihood of the observation sequence for each state as a product of the encryption of a log-summation and an encryption of a corresponding log-probability of the current element of the observation sequence; and determines an encryption of the log-probability of the observation sequence based on the log-likelihood of the observation sequence for each state. | 10-04-2012 |
20120254613 | INFORMATION PROCESSING APPARATUS AND AUTHENTICATION BYPASSING METHOD - In an information processing apparatus, when a command does not include information relating to whether to perform or not to perform authentication of firmware or a first control unit, authentication or authentication bypassing is performed based on a power state and an operation table, and when the command does include the information, the authentication or the authentication bypassing is performed based on the command. | 10-04-2012 |
20120254614 | NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM, INFORMATION COMMUNICATION DEVICE AND METHOD - A program causes a PC | 10-04-2012 |
20120260090 | APPARATUS AND METHODS FOR STORING ELECTRONIC ACCESS CLIENTS - Apparatus and methods for storing and controlling access control clients. In one embodiment, transmitting and receiving devices ensure that only one copy of an eSIM is active at any time. Specifically, each transferred eSIM is encrypted for the destination device; the eSIM from the source device is deleted, deactivated, or otherwise rendered unusable. Various aspects of network infrastructure are also described, including electronic Universal Integrated Circuit Card (eUICC) appliances, and mobile devices. Various scenarios for transfer of eSIMs are also disclosed. | 10-11-2012 |
20120260091 | Methods and Apparatus for Authenticating Data as Originating from a Storage and Processing Device and for Securing Software and Data Stored on the Storage and Processing Device - Techniques are described for using unique features of a storage medium for authentication of data as originating from the storage medium, and also for installing software and data to a storage medium in a way which inhibits unauthorized copying of the software and data to another storage medium. Cryptoprocessing keys are created using unique features of the storage medium such as location information related to storage of selected elements of a software installation on the storage medium, or alternatively defective block information relating to the storage medium. The cryptoprocessing keys are used to encrypt data for transmission to a remote server. The remote server uses the cryptoprocessing keys to decrypt the data and authenticates the data as having been encrypted with the correct keys. | 10-11-2012 |
20120260092 | METHOD FOR SUPPORTING A REPUTATION MECHANISM IN A NETWORK AND NETWORK - Method for supporting a reputation mechanism in a network including one or more domains with one or more users being connected to the domains, one or more Identity Providers that manage identity information, and at least one entity that functions as Web Service Consumer for the users. When a user requests a Web Service Consumer of one of the domains for a web service provided by a Web Service Provider, the requested Web Service Consumer requests its known Identity Providers regarding a recommendation of the Web Service Provider. The Identity Providers function as recommendation aggregators by collecting reputation assessments of the Web Service Provider from entities registered on the Identity Providers who return an aggregated recommendation to the requested Web Service Consumer that determines a trust assessment about the Web Service Provider. A privacy homomorphism is employed for providing an encrypted exchange of recommendation related information. | 10-11-2012 |
20120265989 | SECURE LOGIN METHOD - The present invention provides a secure login method, including connecting a user end to a server end via internet and accessing user end information by the server end; generating or selecting an algorithm corresponding to the user end information by the user end according to a predetermined rule; and providing a website page to the user end by the server end, and encrypting information entered into the website page by the algorithm provided via the website page and to storing the encrypted information in the user end. While the user end is re-connected to the server end and logins the server end, the website provided to the user end uses the algorithm to decrypt the encrypted information stored in the user end, and the decrypted information is entered into the website page. Accordingly, the present invention prevents hackers from stealing others' cookies, so as to secure the user's information. | 10-18-2012 |
20120265990 | AUTHENTICATION SYSTEM, METHOD AND DEVICE - An authentication system, method and device are provided in the present application. The authentication system includes an Application Server (AS) for providing non Internet protocol Multimedia Subsystem (IMS) service, an authentication gateway and an IMS terminal. The AS forwards a connection request message sent by the IMS terminal to said authentication gateway, the authentication gateway sends a obtained first random number to said IMS terminal through the AS, the IMS terminal generates a first Response (RES) value according to the first random number and sends the generated first RES value to the authentication gateway through the AS, and if the received first response value and an obtained Expected Response (XRES) value is found coincident after being compared by the authentication gateway, the authentication gateway determines that the authentication to the IMS terminal is passed, and indicates the AS to provide non IMS service for the IMS terminal. By using the technical solutions of the present application, solved is the problem existed in prior art that non IMS AS needs to authenticate each of IMS terminals respectively for obtaining non IMS service and thus reducing the service processing efficiency of the AS. | 10-18-2012 |
20120265991 | SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING - A method for enabling efficient SSL handshakes through pre-computing of handshake messages, the method includes: receiving, by an appliance, a server certificate identifying a server; generating, by the appliance, at least one of: (i) an SSL server certificate message comprising the received server certificate, (ii) an SSL client certificate request message, and (iii) an SSL hello done message; storing, by the appliance, the generated messages; receiving, by the appliance from a client, an SSL client hello message identifying the server; and transmitting, by the appliance to the client, an SSL server hello message and at least one of the stored messages. Corresponding systems are also described. | 10-18-2012 |
20120278618 | METHODS OF AUTHORIZING A COMPUTER LICENSE - A system and method of authorizing a product including transmitting from an end user device a character string, including a Transaction ID, to a licensing authority. The licensing authority encrypts the Transaction ID using an encryption key associated with a product for which the end user is seeking authorization to produce an Authorization number. Each product is associated with a different encryption key resulting in a different Authorization number being produced for each product based on the same Transaction ID. The licensing authority then returns the Authorization number to the end user device. A decryption processor associated with the end user device decrypts the Authorization number using an unchangeable decryption key and compares the decrypted Authorization number with the Transaction ID. If the decrypted Authorization number matches the Transaction ID the product is authorized. | 11-01-2012 |
20120278619 | STREAMING VIDEO SERVER WITH VIRTUAL FILE SYSTEM AND METHODS FOR USE THEREWITH - A streaming video server generates a virtual file system that includes virtual addresses of a plurality of encrypted segments of a plurality of video programs at each of a plurality of bitrates, without storing the plurality of encrypted segments in persistent storage. A request is received from a client device to access a selected one of the plurality of video programs via a request to access the virtual file system. The plurality of encrypted segments of the selected one of the plurality of video programs are generated at a selected bitrate, in response to the request. | 11-01-2012 |
20120278620 | Forwarding E-Mail From A Wireless Device - A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients. | 11-01-2012 |
20120278621 | SYSTEM AND METHOD OF DATA INTERCEPTION AND CONVERSION IN A PROXY - An intercepting proxy server processes traffic between an enterprise user and a cloud application which provides Software as a Service (SaaS). The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating information by encrypting individual real data elements without disturbing the validity of the application protocol. To the processing cloud application real data are only visible as encrypted tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding sensitive real data. In this way, the enterprise is able to enjoy the benefits of the cloud application, while protecting the privacy of real data. | 11-01-2012 |
20120278622 | METHOD AND SYSTEM FOR ELECTRONIC CONTENT STORAGE AND RETRIEVAL WITH GALOIS FIELDS ON CLOUD COMPUTING NETWORKS - A method and system for electronic content storage and retrieval with Galois Fields on cloud computing networks. The electronic content is divided into plural portions and stored in plural cloud storage objects. Storage locations for the plural cloud storage objects are selected using a Galois field and the plural cloud storage objects are distributed across the cloud network. When the electronic content is requested, the plural portions are retrieved and transparently combined back into the original electronic content. No server network devices or target network devices can individually determine locations of all portions of the electronic content on the cloud communications network, thereby providing layers of security and privacy for the electronic content on the cloud communications network. | 11-01-2012 |
20120278623 | METHOD AND SYSTEM FOR SECRET COMMUNICATION BETWEEN NODES - The present invention discloses a method and system for secret communication between nodes in a wired Local Area Network (LAN). The method of secret communication between nodes in the wired LAN includes the following steps: 1) a sharing key is established; 2) the route probe is exchanged; 3) the data communication is classified; 4) the secret communication is processed among the nodes. According to the different communication situations among the nodes, the method of secret communication between nodes provided in the present invention can process the classification and select an appropriate secret communication strategy; compared with per-hop encryption, the calculation load of the exchange equipment is reduced, and the transmission delay of data packets is shortened; compared with the method that inter-station keys are established in pairs of nodes in order to protect the communication secret, the key number is reduced, and the key management is simplified. | 11-01-2012 |
20120278624 | INFORMATION PROCESSING APPARATUS, PRINT CONTROL APPARATUS, PRINT CONTROL SYSTEM, STORAGE MEDIUM OF STORING COMPUTER-READABLE PROGRAM, AND PROGRAM - An information processing apparatus, which encrypts print data (PDL), receives a personal identification code (PIN) input by a user, generates a random number (rnd), encrypts the generated random number by using the personal identification code or an encryption key generated based on the personal identification code, converts the personal identification code by using a predetermined function, and encrypts print data by using the random number as an encryption key, thereby maintaining security in the printing. | 11-01-2012 |
20120284511 | Method and Apparatus for Transmitting Bulk Emergency Data while Preserving User Privacy - Systems and methods are described for performing bulk transmissions of information (e.g., emergency information, etc.) while preserving user privacy. An example mobile device described herein includes an information aggregation module configured to compile first information associated with the device, the first information including location-related information, an encryption module communicatively coupled to the information aggregation module and configured to encrypt the first information using at least one session key, and a transmitter communicatively coupled to the encryption module and configured to transmit encrypted first information to at least one receiver prior to a triggering event and to transmit the at least one session key to the at least one receiver after the triggering event. | 11-08-2012 |
20120284512 | RURAL SERVICES PLATFORM - A middleware platform is executable by a computer to receive a request for a service, the service provided by a service application in communication with the middleware platform. The middleware platform determines, via a device adaptation component of the middleware platform, capabilities of a device subject to the request. The middleware platform selects an interface having a format that is compatible with the capabilities of the device, and provides the interface to the device in a format corresponding to the capabilities, accesses the service application responsive to the request, processes the request, and returns a response, via the interface, to the device responsive to the processing. | 11-08-2012 |
20120284513 | RENDER SERVICE FOR REMOTE ACCESS TO APPLICATIONS - The present disclosure relates to providing remote access to applications with an increased level of security. A server for providing access to applications is provided, as well as a method therefor, comprising an input channel and an output channel to connect a client with said server, an interface coupled to said input channel and an application, said interface to receive input data from said client via said input channel and to communicate said received input data to the application, and a renderer coupled to said output channel and said application, said renderer to render the output of said application into a data stream to be transferred via the output channel to the client, wherein the input data and the data stream are both encrypted. | 11-08-2012 |
20120284514 | MANAGING DATA FOR AUTHENTICATION DEVICES - Methods, systems, and computer programs for managing authentication data for an authentication device are disclosed. An authentication device may be included, for example, in a mobile device battery so that the battery can be authenticated by a mobile device. In some implementations, encrypted certificate data are stored on an authentication device. The encrypted certificate data are accessed, and unencrypted certificate data are generated by decrypting the encrypted certificate data. The unencrypted certificate data are stored on the authentication device. The unencrypted certificate data enable the authentication device to provide a valid reply message, for example, in response to receiving an interrogation message from an interrogation device. In some implementations, the reply message includes the unencrypted certificate data and a response value generated by the authentication device based on a secret value. | 11-08-2012 |
20120284515 | COPYRIGHT PROTECTION DATA PROCESSING SYSTEM AND REPRODUCTION DEVICE - A content protection data processing system and a playback device determine whether to permit playback of a content recorded in a recording medium, based on a type of the recording medium and a signature type of a signature attached to a program. Additionally, the content protection data processing system and the playback device switch a procedure relating to a digital signature for each signature type of the digital signature, which enables both the protection of the copyright of the content and the efficient manufacturing of commercial ROM media. | 11-08-2012 |
20120284516 | CROSS-DOMAIN COLLABORATIVE SYSTEMS AND METHODS - The present disclosure relates to systems and methods for secure and authentic electronic cross domain collaboration between a plurality of users using a combination of biometric security, a separate and secure network infrastructure, management processes, encrypted electronic storage, and collaborative templates. In an exemplary embodiment, an cross domain collaboration system includes a server including a network interface connected to the Internet, a data store including electronic data storage, and a processor, wherein each of the network interface, the data store and the processor are communicatively coupled, and wherein the network interface, the data store and the processor are collectively configured to: biometrically authenticate a plurality of users, wherein each of the plurality of users comprises a security level and a domain; and enable cross domain collaboration between the plurality of users based on the security level of each of the plurality of users. | 11-08-2012 |
20120290838 | System and Method for Web-Based Security Authentication - A security authentication method comprises establishing a user account associated with a login credential, generating an encryption salt, generating graphical key images of a plurality of sequences of values each beginning at a random point, generating encrypted key values by encrypting each value in the plurality of sequences using the generated encryption salt, incorporating the graphical key images and encrypted key values into a displayable input form, receiving user input including a plurality of encrypted key values, generating decrypted key values by decrypting the encrypted key values of the user input using the encryption salt, and verifying that the decrypted key values match the login credential. | 11-15-2012 |
20120290839 | METHOD AND SYSTEM OF COMMUNICATING INFORMATION DISPLAYED AT A PUBLISHER DEVICE WITH A RECEIVER DEVICE - The invention provides a method of communicating a display of information at a publisher device with a receiver device for display at the receiver device, the method including receiving a push-through packet from the publisher device at a connect server, including data entered at the publisher device and a key, receiving a key from the receiver device, comparing the keys received from the publisher and receiver devices to determine if a match exists and transmitting a push-through packet, including the data, from the connect server to the receiver device if a match exists between the keys received from the publisher and receiver devices. | 11-15-2012 |
20120290840 | PIER-TO-PIER EVENT-TIME SECURED LINK ESTABLISHMENT - A method establishes a secure authenticated connection between two devices. The method includes (A) obtaining data related to a tapping event between a first device and a second device, the data including time data of the tapping event; (B) selecting, by the first device, a target device; (C) establishing a non-authenticated secure communication link between the first device and the target device; (D) sending, by the first device, a challenge communication to the target device, the challenge communication including a request for a further data related to the tapping event; (E) receiving, by the first device, a response communication in response to the challenge communication, the response including the further data; (F) determining if the target device is the second device by matching the data with the further data; (G) if the target device is the second device, establishing a secure authenticated communication link between the first and second devices. | 11-15-2012 |
20120290841 | Unique identifier, method for providing the unique identifier and use of the unique identifier - A unique identifier which substantially prevents product counterfeiting, wherein the unique identifier can be produced in a very cost-effective manner. The unique identifier is suitable not only for use as a product identifier but also for authorization, for example for securing physical or electronic accesses, such as doors, computer programs or the like. | 11-15-2012 |
20120290842 | METHOD FOR SECURELY DOWNLOADING FROM DISTRIBUTED DOWNLOAD SOURCES - The present invention deals with a method for securely downloading from distributed download sources. The greatest possible download security with a simultaneously minimized server load is achieved in this case. The object of the present invention was to provide an improved download method which also allows simple servers, without the possibility of setting up a secure connection, to be used as download servers and allows the total CPU load on the servers involved to be minimized, wherein the data transmission security can he kept the same, in comparison with a download from a single server, via a secure connection. This object is achieved by the method according to the invention for securely downloading from distributed download sources according to the main claim with the aid of a secure database server, a secure main server and 1 to n non-secure download servers, wherein the non-secure download servers newly encrypt the symmetrically encrypted download packets at predefined intervals of time independently of the secure main server. | 11-15-2012 |
20120290843 | Privacy-Aware Content Protection System - A method and system are disclosed for preventing rendering of content at overlapping time periods on more rendering devices than permitted by a license associated with the content. | 11-15-2012 |
20120290844 | SYSTEM AND METHOD FOR CONTROLLING MESSAGE ATTACHMENT HANDLING FUNCTIONS ON A MOBILE DEVICE - A system and method for controlling message attachment handling functions on a mobile device is described herein. An attachment handling control can be set to identify one of a number of selected attachment handling control modes. Depending on the attachment handling control mode identified, a request for the attachment structure that includes a decrypted session key for an encrypted message received at the mobile device may or may not be automatically sent to a remote server. This may provide the user with increased control over the content of an encrypted message that the remote server may access when determining the attachment structure for a message. | 11-15-2012 |
20120297190 | USABLE SECURITY OF ONLINE PASSWORD MANAGEMENT WITH SENSOR-BASED AUTHENTICATION - A multi-party security protocol that incorporates biometric-based authentication and withstands attacks against any single party (e.g., mobile phone, cloud, or the user). The protocol involves the function split between mobile and cloud and the mechanisms to chain-hold the secrets. A key generation mechanisms binds secrets to a specific device or URL (uniform resource locator) by adding salt to a master credential. An inline CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) handling mechanism uses the same sensor modality as the authentication process, which not only improves the usability, but also facilitates the authentication process. This architecture further enhances existing overall system security (e.g., handling untrusted or compromised cloud service, phone being lost, impersonation, etc.) and also improves the usability by automatically handling the CAPTCHA. | 11-22-2012 |
20120297191 | SYSTEM AND METHOD FOR SECURE DISTRIBUTION AND/OR STORAGE OF DATA FILES WITH LONG TERM FILE INTEGRITY VERIFICATION - Systems and methods for securely uploading, distributing, managing and/or storing any type of data file within a subscriber-based system maintained by a third party administrator are disclosed. The subscriber-based system acts as an electronic repository to ensure that data files remain intact, secure, and unaltered from their original form. Systems and methods for long term verification of data file integrity using checksum records stored in a public checksum directory are also disclosed. | 11-22-2012 |
20120297192 | CONTENT DELIVERY NETWORK ENCRYPTION - A system and method for delivering content to end users encrypted within a content delivery network (CDN) for content originators is disclosed. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for the content object, which is encrypted in the CDN. | 11-22-2012 |
20120303955 | Security Association Management - A method and system for managing IPsec Security Associations in a Security Association Database (SADB) in an IP network is described. At a key management application, a domain extension header is inserted into a PF_KEY message containing instructions to a key engine unit. The domain extension header identifies a domain within the Security Association Database. The PF_KEY message is sent to the key engine unit, which carries out the instructions only for Security Associations in the domain of the Security Association Database indicated by the domain extension header. | 11-29-2012 |
20120303956 | SYSTEM AND METHOD FOR VERIFYING DELIVERY AND INTEGRITY OF ELECTRONIC MESSAGES - A server transmits a message from a sender to a destination address. During transmission, the server and the destination address have a dialog constituting an attachment, via a particular one of SMTP and ESMTP protocols, concerning the message, the server and the destination address. The message passes through servers between the server and the destination address. This passage is included in the attachment. Verifiers are provided for the message and for the attachments. The verifiers may constitute encrypted hashes of the message and of the attachment. The sender receives the message, the attachments and the verifications from the server before authentication and transmits the message, the attachments and the verifiers to the server to obtain authentication by the server. The server operates on the message and the message verifier to authenticate the message and operates on the attachments and the attachments' verifier to verify the attachments. | 11-29-2012 |
20120303957 | SOURCE-OF-LEAKAGE DETECTABLE E-MAIL ADDRESS FORMING, SENDING AND DETECTION - Provides e-mail address forming methods to know with certainty whether or not an e-mail address was leaked. A method includes: sending a receiver's identifier and a sender's identifier to a receiver's mail server; computing a value which is encrypted by the mail server with a secret key, the secret key being only possessed by the mail server, from the receiver's identifier, the sender's identifier, and a nonce issued by the mail server, and sending the value to a receiver; and forming an e-mail address (LD address) to be used by a sender who sends a mail to a receiver, by attaching a receiver's domain name to the encrypted value. Furthermore, the present invention has an e-mail address sending method, and en e-mail sending system which uses the e-mail address forming method to know with certainty whether or not the user of an e-mail address leaked the e-mail address. | 11-29-2012 |
20120303958 | SOURCE-OF-LEAKAGE DETECTABLE E-MAIL ADDRESS FORMING, SENDING AND DETECTION - Provides e-mail address forming methods to know with certainty whether or not an e-mail address was leaked. A method includes: sending a receiver's identifier and a sender's identifier to a receiver's mail server; computing a value which is encrypted by the mail server with a secret key, the secret key being only possessed by the mail server, from the receiver's identifier, the sender's identifier, and a nonce issued by the mail server, and sending the value to a receiver; and forming an e-mail address (LD address) to be used by a sender who sends a mail to a receiver, by attaching a receiver's domain name to the encrypted value. Furthermore, the present invention has an e-mail address sending method, and en e-mail sending system which uses the e-mail address forming method to know with certainty whether or not the user of an e-mail address leaked the e-mail address. | 11-29-2012 |
20120303959 | SOURCE-OF-LEAKAGE DETECTABLE E-MAIL ADDRESS FORMING, SENDING AND DETECTION - Provides e-mail address forming methods to know with certainty whether or not an e-mail address was leaked. A method includes: sending a receiver's identifier and a sender's identifier to a receiver's mail server; computing a value which is encrypted by the mail server with a secret key, the secret key being only possessed by the mail server, from the receiver's identifier, the sender's identifier, and a nonce issued by the mail server, and sending the value to a receiver; and forming an e-mail address (LD address) to be used by a sender who sends a mail to a receiver, by attaching a receiver's domain name to the encrypted value. Furthermore, the present invention has an e-mail address sending method, and en e-mail sending system which uses the e-mail address forming method to know with certainty whether or not the user of an e-mail address leaked the e-mail address. | 11-29-2012 |
20120311328 | PROBE RESPONSE SUPPORTED WIRELESS AUTOCONNECTION - Computing devices can autoconnect to access points even if they have not previously received authentication information for those access points. A computing device broadcasts a probe request, comprising a request for authentication information. An access point receiving such a probe request generates a probe response that provides authentication information that the computing device can then utilize to establish a useful communication connection to the access point. The provided authentication information can be either encrypted or unencrypted, and can be encrypted for specific users or specific computing devices. Dedicated application programs can decrypt encrypted authentication information, thereby enabling autoconnecting, while also delivering targeted information to users of the autoconnecting computing devices from a retailer hosting the access point. Authentication information for a “landing page” can be provided to a web browser to enable autoconnection. | 12-06-2012 |
20120311329 | SYSTEM AND METHOD FOR SECURE INSTANT MESSAGING - A system and method for secure instant messaging are described. For example, in one embodiment, a first user identifies a second user for an instant messaging session with the ID code of the second user. The first user is provided with network information for the second user and a public key associated with the second user. The first user encrypts an instant message using the public key of the second user and a private key. In one embodiment, the first user encrypts the content of the instant message (e.g., any text and/or attachments) using the public key of the second user and signs the content using the private key of the first user. The encrypted message is transmitted from the first user to the second user. The second user decrypts the instant message using the second user's private key and verifies the signature with the first user's public key. | 12-06-2012 |
20120311330 | METHOD AND SYSTEM FOR SINGLE SIGN-ON - A method and a system for single sign-on are provided by the present invention, wherein the method comprises: a terminal sending an authentication request carrying a user identity identification to an RP and the RP redirecting the authentication request to an authentication center; the authentication center authenticating the terminal by means of SIP Digest and redirecting the authentication result to the RP via the terminal; and the RP providing services for the terminal according to an authentication result. By the present invention, the resources required by the operators to deploy GBAs are reduced, at the same time the requirement of non-UICC terminals accessing IMS network can be met, and the relevant application services of the IMS network can be accessed by means of SSO. | 12-06-2012 |
20120311331 | LOGON VERIFICATION APPARATUS, SYSTEM AND METHOD FOR PERFORMING LOGON VERIFICATION - An apparatus for performing logon verification comprising: an obtaining device configured to obtain from a user certificate, for a first logon verification, first encryption information, second encryption information, and first decryption data in first decryption information associated with the first logon verification, the first and second encryption information are obtained by encrypting unique identification of the user according to first and second encryption method, respectively; a decrypting device configured to decrypt, based on second decryption information associated with the first logon verification and the first decryption data, the second encryption information according to a decryption method corresponding to the second encryption method to obtain the identification; an encrypting device configured to encrypt the obtained identification according to the first encryption method to obtain third encryption information; and a verifying device configured to confirms the first logon verification successful if the first and third encryption information are identical. | 12-06-2012 |
20120311332 | SYSTEM AND METHOD FOR PROVIDING SECURE SUBNET MANAGEMENT AGENT (SMA) IN AN INFINIBAND (IB) NETWORK - A system and method can provide a secure subnet management agent (SMA) in an Infiniband (IB) network. The system can comprise a host channel adapter (HCA) associated with a host, wherein the HCA operates to implement a SMA in its embedded firmware. The HCA can prevent a host administrator or software with root access to the host from changing the embedded firmware on the HCA and modifying one or more states associated with the SMA without being endorsed by a site administrator. Additionally, the SMA is associated with a management key, and the host is not allowed to observe the management key without being endorsed by a site administrator. | 12-06-2012 |
20120311333 | SYSTEM AND METHOD FOR AUTHENTICATING IDENTITY OF DISCOVERED COMPONENT IN AN INFINIBAND (IB) NETWORK - A system and method can verify trustfulness of a fabric component in an InfiniBand (IB) fabric. A subnet manager that is responsible for authenticating the fabric component using private/public key pairs. The subnet manager can first send a first encrypted message to a fabric component in the IB fabric, wherein the first encrypted message contains a token and is encrypted using a public key associated with the fabric component. Then, the fabric component is allowed to decode the first encrypted message using a private key associated with the fabric component, and to send a second encrypted message back to the subnet manager. Finally, the subnet manager can authenticate the fabric component if the second encrypted message contains correct information. | 12-06-2012 |
20120317416 | Imparting Real-Time Priority-Based Network Communications In An Encrypted Communication Session - This specification describes technologies relating to imparting real-time priority-based network communications in an encrypted session. In general, aspects of the subject matter described can be embodied in methods that include establishing, based on cryptographic information in a reserved, random-data portion of a handshake communication, a session, receiving parameter values relating to a sub media stream, included in a header of a network communication, storing the parameter values, obtaining state information and a data payload included in a second network communication, identifying, from the state information, a purpose of the second network communication, and whether a header of the second network communication includes one or more new values corresponding to one or more of the parameters, updating one or more of the stored values based on the one or more new values, and processing the data payload based on the identified purpose and the stored parameter values. | 12-13-2012 |
20120324223 | SYSTEMS AND METHODS FOR MAINTAINING DATA SECURITY ACROSS MULTIPLE ACTIVE DOMAINS - Systems and methods for maintaining data security across multiple active domains are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The primary domain includes a centralized key manager. In one embodiment, each domain includes its own local data vault and a replica of each data vault associated with every remote domain. Any domain can access the data vaults (local and replica) and retrieve a token created by any other domain. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found in the data vaults. | 12-20-2012 |
20120324224 | STATELESS HUMAN DETECTION FOR REAL-TIME MESSAGING SYSTEMS - Stateless human detection for real-time systems allows a real-time message system to challenge incoming messages suspected of being generated by an automated application. When a suspect message is detected, a challenge is presented to a sender of the message. The challenge is designed to require human intervention to provide a correct answer to the challenge. A challenge packet is sent with the challenge and includes a challenge answer and, possibly, a server identifier, a challenge identifier and/or a time stamp that can be used to prevent attacks on the challenge. The challenge packet is encrypted so that the sender cannot access the contents thereof. When the sender provides a response to the challenge, the sender returns the challenge packet. The challenge packet is decrypted and the challenge answer is compared to a sender answer. If the answers match, the sender is allowed subsequent access to the messaging system. | 12-20-2012 |
20120331290 | Method and Apparatus for Establishing Trusted Communication With External Real-Time Clock - Embodiments of the present invention provide systems and methods to enable secure communication between a host processor and external real time counter (RTC) logic. In an embodiment, the host processor generates a message including a command to an external device containing the RTC. The external device verifies a Message Authentication Code (MAC) included in the message and responds to the command. Embodiments of the present invention advantageously provide a dedicated power domain for the external RTC logic while guarding against third party attacks on the RTC logic and the communication between the RTC logic and the host processor. | 12-27-2012 |
20120331291 | MULTIMEDIA PROCESSING APPARATUS - According to one embodiment, a multimedia processing apparatus includes one or more first module, a second module, and a third module. The first module is configured to realize a function involved with a multimedia processing. The second module is configured to manage the first module. The third module is configured to control the first module or to perform a state transition of the first module through the second module. One of two modules out of the first to third modules holds a certificate that provides its personal identification. When a first processing is executed between the two modules, the other one of the two modules authenticates the one module by using the certificate held by the one module, and then, the two modules start the first processing. | 12-27-2012 |
20120331292 | ELECTRONIC ACCESS CLIENT DISTRIBUTION APPARATUS AND METHODS - Apparatus and methods for distributing access control clients. In one exemplary embodiment, a network infrastructure is disclosed that enables delivery of electronic subscriber identity modules (eSIMs) to secure elements (e.g., electronic Universal Integrated Circuit Cards (eUICCs), etc.) The network architecture includes one or more of: (i) eSIM appliances, (ii) secure eSIM storages, (iii) eSIM managers, (iv) eUICC appliances, (v) eUICC managers, (vi) service provider consoles, (vii) account managers, (viii) Mobile Network Operator (MNO) systems, (ix) eUICCs that are local to one or more devices, and (x) depots. Moreover, each depot may include: (xi) eSIM inventory managers, (xii) system directory services, (xiii) communications managers, and/or (xiv) pending eSIM storages. Functions of the disclosed infrastructure can be flexibly partitioned and/or adapted such that individual parties can host portions of the infrastructure. Exemplary embodiments of the present invention can provide redundancy, thus ensuring maximal uptime for the overall network (or the portion thereof). | 12-27-2012 |
20120331293 | METHOD AND SYSTEM FOR SECURE OVER-THE-TOP LIVE VIDEO DELIVERY - A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method. | 12-27-2012 |
20120331294 | METHOD FOR SECURE REMOTE BACKUP - The present invention is directed to an architecture and mechanism for securely backing up files and directories on a local machine onto untrusted servers over an insecure network. | 12-27-2012 |
20130007449 | Privacy Protected Interactions with Third Parties - Various embodiments are directed to computer-implemented methods and systems for a site to facilitate privacy protected interactions between users of a site and a third party utility. For example, a computer may receiving from a user selected from the users of the site, a request to interact with the third party utility. The computer may also encrypt an identification of the user to generate an encrypted user identification associated with the third party utility; and provide the encrypted user identification and the request to the third party utility. | 01-03-2013 |
20130007450 | SYSTEM, APPARATUS, AND METHOD FOR DIGITAL DISTRIBUTION - An apparatus for encrypting content to be played on another device is provided. The apparatus includes a processor and memory that includes a set of instructions. The set of instructions is configured to cause the processor to receive a selection of content from a user accessing the apparatus, and determine whether the user is authorized to receive the content. The set of instructions is further configured to cause the processor to transfer content along with an encrypted key associated with the user when the user is authorized to receive the selected content. | 01-03-2013 |
20130007451 | METHODS AND APPARATUSES FOR SECONDARY CONDITIONAL ACCESS SERVER - Conditional access to media content of primary security systems on a secondary networked environment. In one embodiment, a conditional access server is used to provide services to secondary CA clients (e.g., a bridge, a renderer, a storage, or their different combinations) through network connections. Containing data representing the subscriber, a conditional access server recovers entitlement data and/or decryption keys of a primary security system for the conditional access protected content, such as service keys and control words, and/or enforces conditional access to the content by secondary CA clients according to the authorization of the primary security system for the secondary CA clients. In one embodiment, a conditional access system provides delayed authorization for use so that the content can be recorded for later use when authorized and broadcasts rights for use on multiple secondary CA clients. | 01-03-2013 |
20130007452 | METHOD AND SYSTEM FOR COMMAND AUTHENTICATION TO ACHIEVE A SECURE INTERFACE - Aspects of a method and system for command authentication to achieve a secure interface are provided. Command authentication between a host and a slave device in a multimedia system may be achieved by on-the-fly pairing or by an automatic one-time-programming via a security processor. In an on-the-fly pairing scheme, the host may generate a host key based on a host root key and host control words while the slave may generate slave key based the host key, a slave root key and slave control words. The slave key may be stored and later retrieved by the slave device to obtain the host key for authenticating host commands. The host may be disabled from generating and/or passing the host key to the slave. In an automatic one-time programming scheme, the security processor may burn a random number onto a onetime-programmable memory in the host and slave devices for command authentication. | 01-03-2013 |
20130013920 | DYNAMIC DATA-PROTECTION POLICIES WITHIN A REQUEST-REPLY MESSAGE QUEUING ENVIRONMENT - A request to process a request message using a request queue within a request-reply messaging environment is detected at a dynamic data protection module. At least one authorized sender module and a sole authorized recipient module of a response message to the request message is identified using a request queue policy of the request queue. A reply queue policy is dynamically created to process the response message using the identified at least one authorized sender module and the sole authorized recipient module of the response message. The dynamically-created reply queue policy is associated with a reply queue. The response message is processed responsive to a request to process the response message using the dynamically-created reply queue policy and the associated reply queue. | 01-10-2013 |
20130013921 | Methods and apparatus for secure data sharing - This disclosure relates to methods and apparatus for securely and easily sharing data over a communications network. As communications services on a communications network are continuously becoming cheaper, faster, and easier to use, more users are becoming receptive to the idea of sharing data over the communications network. However, although E-mails and web folders, to a certain degree, provide easy-to-use or secure data sharing mechanisms, none of the existing data sharing methods is both easy-to-use and highly secure. This disclosure provides methods and apparatus for easily and securely sharing data over a communications network. | 01-10-2013 |
20130013922 | SECURE DISSEMINATION OF EVENTS IN A PUBLISH/SUBSCRIBE NETWORK - Various embodiments of systems and methods to securely disseminate events in publish/subscribe network are described herein. One or more subscribers are authorized to receive events from a publisher through an authorize protocol carried out between the publisher, a trusted party and the one or more subscribers. A security token specific to a product associated with an event is provided, by the publisher, to the authorized one or more subscribers. Further, the event is encrypted using a public key of the trusted party, a security key of the publisher and a secret key of the publisher. The encrypted event is disseminated, by the publisher, in a publish/subscribe network. Furthermore, the encrypted event is received by the authorized one or more subscribers. The encrypted event is decrypted using the security token and an authorization key by the authorized one or more subscribers. | 01-10-2013 |
20130013923 | METHODS FOR OBTAINING AUTHENTICATION CREDENTIALS FOR ATTACHING A WIRELESS DEVICE TO A FOREIGN 3GPP WIRELESS DOMAIN - A method for obtaining authentication credentials for attaching a wireless device to a foreign wireless domain in a 3rd Generation Partnership Project (3GPP) communication system, which includes: receiving an attach request message from the wireless device; and responsive to the attach request message, authenticating the wireless device and retrieving a set of authentication vectors, wherein the authentication vectors are for authenticating the wireless device to the foreign wireless domain. The method further includes encrypting the set of authentication vectors using a first security key of a home wireless domain of the wireless device. In addition, the method includes encrypting the first security key using a second security key of the foreign wireless domain and sending the encrypted set of authentication vectors and the encrypted first security key to the wireless device. | 01-10-2013 |
20130013924 | DYNAMIC DATA-PROTECTION POLICIES WITHIN A REQUEST-REPLY MESSAGE QUEUING ENVIRONMENT - A request to process a request message using a request queue within a request-reply messaging environment is detected at a dynamic data protection module. At least one authorized sender module and a sole authorized recipient module of a response message to the request message is identified using a request queue policy of the request queue. A reply queue policy is dynamically created to process the response message using the identified at least one authorized sender module and the sole authorized recipient module of the response message. The dynamically-created reply queue policy is associated with a reply queue. The response message is processed responsive to a request to process the response message using the dynamically-created reply queue policy and the associated reply queue. | 01-10-2013 |
20130013925 | System and Method for Authentication via a Proximate Device - Techniques are provided to authenticate components in a system. Users may enter credentials into an input device and the credentials may be authenticated and/or securely transmitted to the components. The components may then provide the credentials to a server in the system. Strong authentication may thus be provided to the effect that credentials associated with specific users have been received from specific components in the system. The server may then enable the components to access selected services. | 01-10-2013 |
20130019096 | SYSTEM AND METHOD FOR COMMUNICATING BETWEEN DIFFERENT ENTITIES USING DIFFERENT DATA PORTIONS FOR DIFFERENT CHANNELS - A first entity for communicating with a second entity and a third entity includes a data subdivider for subdividing a data entity into a first data portion and a second data portion. The data portions are processed by an output interface for transmitting a first message to the third entity and the second message to the second entity. In the third entity, the data portion directly received from the first entity and the other data portion received via the second entity are reassembled. | 01-17-2013 |
20130019097 | Method and Apparatus for Securing Communication Between a Mobile Node and a Network - In accordance with the teachings of the present invention, a method and apparatus is presented for securely negotiating a session key between a mobile node and a network node, such as a first hop IP router. A session key is encoded using asymmetric encryption. The encrypted session key is then communicated to the first hop IP router for later use. In accordance with another teaching of the present invention, the session key is then used by the mobile node and a first hop IP router to authenticate a message. Lastly, in accordance with the third teaching of the present invention, a standardized protocol is used to securely negotiate the session key between the mobile node and the first hop IP router. | 01-17-2013 |
20130024688 | METHODS OF PROVIDING AN INTEGRATED AND MUTUAL AUTHENTICATION IN A COMMUNICATION NETWORK - A service ticket request is transmitted to a key distribution center in response to providing the security credential. In response to the transmitting, a session key encrypted with a TGT session key shared between a SIP client and a Kerberos authentication server, and a service ticket encrypted with a SIP service key shared between a SIP server and the Kerberos authentication server are received. The service ticket includes the session key. The session key, encrypted with the SIP session key shared between the SIP client and the Kerberos authentication server, is decrypted by the SIP client. The service ticket is transmitted to a SIP server. The SIP server decrypts the service ticket using the SIP service key shared between the SIP server and the Kerberos authentication server and stores the session key. The session key is utilized for mutual digest authentication between the SIP client and the SIP server. | 01-24-2013 |
20130024689 | Method and System for Providing Secret-Less Application Framework - In one embodiment, providing, by a client device, device information and key data over a network to a server device, the device information uniquely identifying the client device; generating a device key, by a device key generation logic, at the server device based on the device information; receiving a module from the server device, the module comprising a bound content key and the device key generation logic, wherein the bound content key is encrypted by the device key at the server device; and processing protected content using the module. | 01-24-2013 |
20130024690 | CENTRALIZED SERVICE FOR DISTRIBUTED SERVICE DEPLOYMENTS - A centralized service communicatively links an application provider to a plurality of different message forwarding services. The centralized service receives a request and authenticates the application provider associated with the request. Further, the centralized service delivers a message embodied by the request to a first message forwarding service with a first protocol and/or to a second message forwarding service with a second protocol different than the first protocol. | 01-24-2013 |
20130024691 | Method and Apparatus for Securing Communication Between a Mobile Node and a Network - In accordance with the teachings of the present invention, a method and apparatus is presented for securely negotiating a session key between a mobile node and a network node, such as a first hop IP router. A session key is encoded using asymmetric encryption. The encrypted session key is then communicated to the first hop IP router for later use. In accordance with another teaching of the present invention, the session key is then used by the mobile node and a first hop IP router to authenticate a message. Lastly, in accordance with the third teaching of the present invention, a standardized protocol is used to securely negotiate the session key between the mobile node and the first hop IP router. | 01-24-2013 |
20130031366 | MANAGING ACCESS TO A SECURE CONTENT-PART OF A PPCD FOLLOWING INTRODUCTION OF THE PPCD INTO A WORKFLOW - In a method for managing access to a secure content-part of a PPCD following introduction of the PPCD into a workflow among a plurality of workflow participants, in a secure content manager, from a workflow participant of the plurality of workflow participants, a key-map file for a subsequent workflow participant that is to receive the key-map file is received, wherein the key-map file comprises a set of keys to enable the subsequent workflow participant to access the content-part in the PPCD. In addition, authenticity of the received key-map file is verified, the subsequent workflow participant to receive the PPCD is identified and authenticated, a public key of the subsequent workflow participant is accessed, the key map file or a symmetric key used to encrypt the key-map file prior to receipt of the key-map file by the secure content manager is encrypted using the public key of the subsequent workflow participant, and the encrypted key-map file is sent to the subsequent workflow participant. | 01-31-2013 |
20130031367 | Facilitating access control in peer-to-peer overlay networks - Methods and apparatuses are provided for facilitating access controls for digital objects stored within a peer-to-peer overlay network. A privacy-preserving method is provided for matching identities between a first peer node and a second peer node in a peer-to-peer network. Such identity matching may be used, for example, to ascertain whether the first peer node should provide access to certain digital object stored in the peer-to-peer overlay network. Rather than providing its identities in an unprotected format, the second peer may provide its identities to the first peer node in a concealed representation so as to prevent the first peer from learning about non-matching identities. Such concealed representation may be a data structure that cryptographically conceals one or more identities of the second peer node or a user of the second peer node within a shared data space of the data structure. | 01-31-2013 |
20130031368 | REMOTE COMPUTER MANAGEMENT WHEN A PROXY SERVER IS PRESENT AT THE SITE OF A MANAGED COMPUTER - The invention facilitates remote management of a computer via a network. Remote computer management in which communication between a managed computer and a remote computer management server is initiated by the managed computer is implemented so that the presence of a proxy server at the site at which the managed computer is located can be detected, and communication from the managed computer to the remote computer management server is routed to a communication port assigned for communication with the proxy server, with instructions to then send the communication to the remote computer management server. | 01-31-2013 |
20130036304 | Share cookie on native platform in mobile device without having to ask for the user's login information - Methods, apparatuses, and computer-readable media for obtaining a limited ID cookie for ad targeting are disclosed. A client requests a limited ID cookie from a cookie making module (CMM), which sends a personal cookie to a verification module for verification. After verification, verification module sends a user ID with user information to CMM. CMM creates the limited ID cookie, and the limited ID cookie is sent to the client. The limited ID cookie is sent to an ads server which utilizes the limited ID cookie to target ads towards the user. | 02-07-2013 |
20130036305 | Group Key Management and Authentication Schemes for Mesh Networks - According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device. | 02-07-2013 |
20130036306 | METHOD AND SYSTEM FOR HANDLING DEFINED AREAS WITHIN AN ELECTRONIC DOCUMENT - A method is provided for handling defined areas within an electronic document, which includes: marking at least one area in an electronic source document as indecomposable area which can be processed as a whole content only; generating signature data for the indecomposable area; assigning the signature data to the indecomposable area to create an indecomposable area object; storing the indecomposable object; encrypting and transmitting the indecomposable area object in response to a request of an enhanced content reader application, where the enhanced content reader application decrypts the indecomposable area object and processes the indecomposable area in an electronic target document; and generating and transmitting a protected version of the indecomposable area in response to a request of a regular content reader application, where the regular content reader application outputs the protected version of the indecomposable area in an electronic target document. | 02-07-2013 |
20130042108 | PRIVATE ACCESS TO HASH TABLES - A server and a client mutually exclusively execute server-side and client-side commutative cryptographic processes and server-side and client-side commutative permutation processes. The server has access to a hash table, while the client does not. The server and client perform a method including: encrypting and reordering the hash table using the server; communicating the encrypted and reordered hash table to the client; further encrypting and further reordering the hash table using the client; communicating the further encrypted and further reordered hash table back to the server; and partially decrypting and partially undoing the reordering using the server to generate a double-blind hash table. To read an entry, the client hashes and permute an index key and communicates same to the server which retrieves an item from the double-blind hash table using the hashed and permuted index key and sends it back to the client which decrypts the retrieved item. | 02-14-2013 |
20130042109 | METHOD FOR PRODUCING ACKNOWLEDGED TRANSACTION DATA AND CORRESPONDING DEVICE - A method and a display preparation unit are proposed for the execution of a transaction during which transaction data are processed which have to be confirmed by a user. The display preparation unit has a converter unit which converts transaction data to be interpreted into pixel values and displays them on a monitor, an interface of its own for directly attaching an input unit via which a user confirms displayed transaction data, as well as a crypto unit for generating a signature for a record of confirmed transaction data. In a variant the confirmation can be effected by the crypto unit generating and displaying a random number which has to be inputted by the user via a conventionally attached input unit. | 02-14-2013 |
20130042110 | CENTRALIZED AUTHENTICATION SYSTEM WITH SAFE PRIVATE DATA STORAGE AND METHOD - A token-based centralized authentication method for providing access to a service provider to user information associated with a user's relationship with the service provider includes the steps of: authenticating a user presenting a user token at a user terminal, the user token having stored thereon a user ID; deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information; retrieving the user information from the storage network using the resource identifier; and providing the retrieved user information to the service provider. | 02-14-2013 |
20130046976 | System and Method for Accessing Private Networks - A system and method are provided for using a mobile device to authenticate access to a private network. The mobile device may operate to receive a challenge from an authentication server, the challenge having being generated according to a request to access a private network; obtain a private value; use the private value, the challenge, and a private key to generate a response to the challenge; and send the response to the authentication server. An authentication server may operate to generate a challenge; send the challenge to a mobile device; receive a response from the mobile device, the response having been generated by the mobile device using a private value, the challenge, and a private key; verify the response; and confirm verification of the response with a VPN gateway to permit a computing device to access a private network. | 02-21-2013 |
20130046977 | SECURE STREAMING CONTAINER - A system and method for securely streaming encrypted digital media content out of a digital container to a user's media player. This streaming occurs after the digital container has been delivered to the user's machine and after the user has been authorized to access the encrypted content. The user's operating system and media player treat the data stream as if it were a being delivered over the Internet (or other network) from a streaming web server. However, no Internet connection is required after the container has been delivered to the user and the data stream suffers no quality loss due to network traffic or web server access problems. Encrypted content files are decrypted and fed to the user's media player in real time and are never written to the user's storage device. This process makes unauthorized copying of the digital content contained in the digital container virtually impossible. | 02-21-2013 |
20130046978 | REPLICATION SERVER SELECTION METHOD - A method for a client computer to find a network address of a server computer by searching for the network address using at a backup search procedure if the address of the server computer cannot be identified using a primary search procedure. The primary and backup search procedures can be performed in parallel and multiple backup search procedures can be performed to identify the address of the server computer. Alternatively, the primary and backup search procedures can be performed in serial wherein the backup search procedure is performed only when the primary search procedure does not identify the address of the server computer. | 02-21-2013 |
20130046979 | PROTECTING THE INFORMATION ENCODED IN A BLOOM FILTER USING ENCODED BITS OF DATA - Illustrated is a system and method that includes identifying data stored as an entry in a list. The system and method also includes truncating the entry to create a truncated entry. It further includes transforming the truncated entry into a hash, the hash used to set an index position value within a Bloom filter. The system and method also includes an interface module to transmit the Bloom filter. | 02-21-2013 |
20130046980 | HOME NODE-B APPARATUS AND SECURITY PROTOCOLS - A method for authenticating a home nodeB/home evolved node B (H(e)NB) with a network is disclosed. The method includes securely storing H(e)NB location information in a Trusted Environment (TrE); and securely sending the stored H(e)NB location information to the network via the TrE | 02-21-2013 |
20130054966 | SYSTEMS AND METHODS FOR PROVIDING SECURE MULTICAST INTRA-CLUSTER COMMUNICATION - Systems and methods which facilitate secure multicast communications between any valid node of a cluster using authentication between a node joining the cluster and any single node which is validly part of the cluster are disclosed. In accordance with embodiments, a cluster key is utilized to provide security with respect to intra-cluster communications. The cluster key of embodiments is shared by a node which is already part of the cluster with a node joining the cluster only after these two nodes mutually authenticate one another. The mutual authentication handshake of embodiments implements a protocol in which a session key is calculated by both nodes, thereby providing a secure means by which a cluster key may be shared. Having the cluster key, each node of the cluster is enabled to securely communicate with any other node of the cluster, whether individually (e.g., unicast) or collectively (e.g., multicast), according to embodiments. | 02-28-2013 |
20130054967 | Reoccuring Keying System - A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communicate with the security management, and this regular communication can be further used to implement key renewal and/or rollover procedures. | 02-28-2013 |
20130054968 | METHODS AND SYSTEMS OF DATA SECURITY IN BROWSER STORAGE - Mechanisms and methods are provided for managing OAuth access in a database network system, and extending the OAuth flow of authentication to securely store the OAuth encrypted refresh token in the storage available with current browsers or any other non-secure storage on user system. | 02-28-2013 |
20130061050 | Computational systems and methods for linking users of devices - Methods, apparatuses, computer program products, devices and systems are described that carry out accepting device-identifier data corresponding to at least one communication device; accepting network-participation identifier data associated with a verified real-world user associated with the at least one communication device; and assigning a unique identifier at least partly based on the device-identifier data and the network-participation identifier data. | 03-07-2013 |
20130061051 | METHOD FOR AUTHENTICATING ELECTRONIC TRANSACTION, SERVER, AND TERMINAL - A method for authenticating an electronic transaction includes: transmitting first authentication data to a first terminal and transmitting second authentication data to a second terminal; receiving first encryption data from the first terminal and receiving second encryption data from the second terminal, the first encryption data corresponding to the first authentication data and the second encryption data corresponding to the second authentication data; storing the first encryption data and the second encryption data; and authenticating the first terminal and the second terminal according to the first authentication data and the second authentication data. The first encryption data is encrypted by a first internal key of the first terminal, and the second encryption data is encrypted by a second internal key of the second terminal. | 03-07-2013 |
20130061052 | SYSTEM AND METHOD FOR AUTHENTICATION IN WIRELESS NETWORKS BY MEANS OF ONE-TIME PASSWORDS - The present invention is directed to perform high-reliable authentication using a one-way function that a communication is a communication which was performed with the same apparatus to be authenticated by storing a password only in an apparatus to be authenticated (it is unnecessary to store a password in both of an authentication apparatus and an apparatus to be authenticated) without transmitting a challenge code. When a setting is updated in a setting management server, authentication is performed by using a one-time password obtained last time. A sound communication terminal performs a process using a hash function once on a one-time password transmitted this time, and performs authentication by determining whether the processed one-time password matches a one-time password obtained last time or not. Whether the information at the time of the change in the setting is proper or not is determined by a sound terminal. | 03-07-2013 |
20130067226 | SECURE WILDCAD SEARCHABLE DATABASE - A system and method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database is disclosed. A representation of at least some of the data from the database in unencrypted form is stored in volatile memory associated with the server. The wildcard search is performed on the representation. Search results are displayed to the user to allow the user to select database contents to be retrieved. The user's selection is retrieved from the database and decrypted. Finally, the unencrypted selection results are provided to the user. | 03-14-2013 |
20130067227 | System and Method for Anonymous Digital Communication - A system and method for anonymous email, text messaging and social network communication between an initiator and one or more recipients. The system includes conversation tool which presents a menu page in which the initiator's telephone number, email address, social network identifier is submitted along with the recipient's telephone number, email address, or social network identifier, and a text message. The system includes a conversation server coupled to the communication network that receives the information from the menu page and forwards the text message to the desired number, address or identity. The conversation server includes an encryption/decryption engine that combines the initiator's number, address or network identity with the timestamp and then encrypts and embeds it into the text message. The reply containing the encrypted information is decrypted and routed by the conversation server. The communication tool hides the identities of the recipients from the initiator and the other recipients. | 03-14-2013 |
20130073850 | HYBRID ENCRYPTION SCHEMES - Methods, systems, and computer programs for using hybrid encryption schemes are disclosed. In some implementations, a random value is obtained by a pseudorandom generator. A symmetric key is generated based on the random value. A public component is also generated based on the random value. Additionally, an initialization vector is generated based on the random value. The symmetric key and the initialization vector are used to generate an encrypted message based on an input message. The encrypted message and the public component are transmitted to an entity. At least one of the public component or the symmetric key is generated based additionally on a public key of the entity. | 03-21-2013 |
20130073851 | CONTROL DEVICE AND COMPUTER READABLE MEDIUM - A control device includes: a random number generating unit that generates a random number; a first setting unit that sets the random number in a first storage; a message creating unit that encrypts the random number using a public key of the administrative server and to create a request message to be transmitted to the administrative server; a timer starting unit that starts a timer; an activation unit that activates the system software; a timer canceling unit that accepts an interruption from the system software and cancels the timer; a message verifying unit that verifies the notification message from the administrative server using the public key and the random number; and a restart unit that restarts the system software while limiting the functions, in the case where the timer expires time or the verification fails. | 03-21-2013 |
20130073852 | COMMUNICATION APPARATUS AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication apparatus establishes communication with an external apparatus through a higher-level device. The communication apparatus includes a main processor and a key generator. The main processor receives a data authentication request including data to be authenticated, a first key specification, and a message authentication algorithm identifier from the higher-level device. The key generator retains a key hierarchy used by an authentication protocol that is used between the higher-level device and the external apparatus, and to generate a first key by use of the key hierarchy and the first key specification. The main processor generates a message authentication code for the data to be authenticated by use of the message authentication algorithm, which is identified by the message authentication algorithm identifier, and the first key, and transmits a data authentication response including the message authentication code to the higher-level device. | 03-21-2013 |
20130073853 | METHODS AND APPARATUS FOR VALIDATING COMMUNICATIONS IN AN OPEN ARCHITECTURE SYSTEM - A system, methods, and apparatus for validating communications in an open architecture system are disclosed. In an example embodiment, a method includes selecting transactional information to transmit from a server to a communicatively coupled client device based on a request from the client device, selecting presentation information corresponding to the transactional information to transmit from the server to the client device, transmitting at least one message including the presentation and transactional information from the server to the client device, determining a prediction as to how the client device will render the transactional information based on the presentation information, receiving a response message from the client, and responsive to information in the response message not matching the prediction, providing an indication there is a malicious application affecting communications between the server and the client device. | 03-21-2013 |
20130080774 | Two-stage Anonymization of Mobile Network Subscriber Personal Information - A two-stage anonymization process is applied to monitored network traffic in which unique user identifiers, such as the MSISDN (Mobile Station International Subscriber Directory Number), are extracted from the traffic and anonymized to generate an ASI (anonymized subscriber identifier). A strictly random RSI (random subscriber identifier) is generated and used to replace the ASI. The RSI is generated upon a first occurrence of an ASI and stored in a lookup table for utilization upon subsequent ASI occurrences. Use of the strictly random RSI enables various studies and analyses of user behavior to be performed at a heightened level of privacy protection as compared with conventional anonymization schemes that do not utilize strictly random identifiers. | 03-28-2013 |
20130080775 | SECURING EMAIL CONVERSATIONS - At least a portion of a transmission of an outgoing first email from a first email account to at least a second email account is encrypted. Second email address data is changed corresponding to the second email account to cause replies to the first email intended for the second email account to be sent to an intermediate device prior to being routed to the second email account. Replies to the first email are then sent to the intermediate device and sent over one or more encrypted channels. Replies to the first email including the changed email address data are decoded to identify the second email address data associated with the second email account. A reply to the first email is then sent to the second email account based on the identified second email address data. | 03-28-2013 |
20130080776 | Secure Document Collaboration - The present invention provides a secure method for a trusted group of users, researchers and/or collaborators to share, comment, enter into an electronic chat about, and/or make revisions to electronic information/documents while maintaining confidentiality of the material and fostering a related collaborative discussions and forum. The invention creates a dynamic work share environment where the ideas that are exchanged are protected from unwelcomed and uninvited participants. Disclosed is a method and system for secure, multi-user document discussions and/or document collaboration through a cellular/mobile network or the Internet particularly through a computer application or smart phone that may occur in real-time. | 03-28-2013 |
20130080777 | Delivering A Content Item From A Server To A Device - Methods and systems for delivering a segmented content item from a server to a first and second device are provided. A first key is used to encrypt the segmented content item into a first plurality of encrypted segments and a second key is used to encrypt the segmented content item into a second plurality of encrypted segments. The first and second keys are different. The first plurality of encrypted segments is delivered to the first device, and the second plurality of encrypted segments is delivered to the second device. | 03-28-2013 |
20130080778 | METHOD AND SYSTEM FOR PROVIDING PROGRAM GUIDE DATA FROM A CONTENT PROVIDER TO A USER DEVICE THROUGH A PARTNER SERVICE PROVIDER BASED UPON USER ATTRIBUTES - A method and system for providing program guide data to a user network device associated with a user identifier includes a partner service provider in communication with the user network device and a primary service provider in communication with the partner service provider authenticating the user network device provider using the user identifier. The user network device generates a request for program guide data and communicates the user identifier and the request to the partner service provider. The partner service provider or the primary service provider communicates program guide data to the user network device based on the identifier data. The user network device displays the program guide data on a display device. | 03-28-2013 |
20130080779 | INDENTIFIERS IN A COMMUNICATION SYSTEM - A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment. | 03-28-2013 |
20130080780 | METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION BETWEEN A SENDING UNIT AND A RECIPIENT BASED ON CHALLENGE USAGE DATA - A method, apparatus and/or system generates a challenge for user authentication, having a challenge data element from a stored pool of challenge data elements. The challenge is based on rule data and stored usage data associated with at least some of the challenge data elements in the stored pool of challenge data elements. The generated challenge is sent for use in an authentication of a user to a sender. A method, apparatus and/or system also generates sender authentication and corresponding location information, having a data element from a stored pool of challenge data elements. Selection of the data elements is based on rule data and stored usage data associated with at least some of the data elements in the stored pool of data elements. | 03-28-2013 |
20130086380 | SYSTEM AND METHOD FOR FACILITATING COMMUNICATIONS BASED ON TRUSTED RELATIONSHIPS - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for facilitating communications based on a trusted relationships. A system configured to practice the method first receives a communication request from a second communication device for a specific resource, wherein the communication request is based, at least in part, on trust information generated by a previously established trusted relationship. The system confirms, via an access to a trust database and using the trust information, (1) an identity of a sender of the communication request and (2) access permissions for a requested resource. Then, if the identity and the access permissions are confirmed, the system establishes communications between the first communications device and the second communications device in response to the communication request according to the specific resource. The trust information can include a trust user ID and a trust key. | 04-04-2013 |
20130086381 | MULTI-SERVER AUTHENTICATION TOKEN DATA EXCHANGE - A client is authenticated by a server receiving an initial request from the client at the beginning of a session. The server receiving the initial request generates an authentication token and returns the authentication token to the client in response to the client being authenticated. The user's credentials used to authenticate the client are stored in the authentication token along with other information. After receiving the authentication token from the server that generated the authentication token, the client passes the authentication token with each of the future requests to the pool of servers. Using the client to pass the transferrable authentication token, the servers share the user's identity/credentials in a decentralized manner. Any server from the shared pool of servers that receives a subsequent client request is able to decrypt the token and re-authenticate the user without having to prompt the client for authentication credentials again. | 04-04-2013 |
20130086382 | SYSTEMS AND METHODS FOR SECURELY TRANSFERRING PERSONAL IDENTIFIERS - A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI. | 04-04-2013 |
20130091355 | Techniques to Prevent Mapping of Internal Services in a Federated Environment - Techniques are provided for securely providing protected information within an enterprise network to a service provider located outside of the enterprise network. An identity provider device hashes an address associated with protected information within an enterprise network to obtain a hashed address and maintains a mapping of the hashed address to the address associated with the protected information within the enterprise network. An assertion is sent to a service provider outside of the enterprise network, which contains the hashed address. The service provider receives a request, including the hashed address contained in the sent assertion, to access the protected information within the enterprise network. The service provider or other authorized party can then gain access to the protected information within the enterprise network by relating the hashed address to the address associated with the protected information within the enterprise network according to the mapping. | 04-11-2013 |
20130091356 | OPTIMIZING WEB LANDING PAGE LINK ACCESS TIMES THROUGH PRELIMINARY FUNCTIONS DURING PAGE DEPLOYMENT - Making redirection from links selected in the landing page to a selected page to a selected page or site more effective and faster by performing functions at the Web site providing the landing page during the deployment of the landing page. | 04-11-2013 |
20130091357 | DATABASE MANAGEMENT SYSTEM AND ENCRYPTION METHOD PERFORMED IN DATABASE - A database management system (DBMS) performs encryption in a DB. The system receives authentication authorization regarding a security policy of the DB from an external encryption unit that is separated from the DB and performs encryption. Important data in a column unit is selectively encrypted and an encrypted comparison code (ECC) of the important data is generated inside the DB. The encrypted important data and the corresponding ECC is generated as a single encryption data type. | 04-11-2013 |
20130097422 | METHOD AND SYSTEM FOR AUTHENTICATING PEER DEVICES USING EAP - A system and method for authenticating a peer device onto a network using Extensible Authentication Protocol (EAP). The key lifetime associated with the keying material generated in the peer device and the authentication server is communicated from the authenticator to the peer device within the EAP Success message. The peer device, having been provided with the key lifetime, can anticipate the termination of its authenticated session and initiate re-authentication prior to expiry of the key lifetime. | 04-18-2013 |
20130103942 | SYSTEM AND METHOD FOR PSEUDO-RANDOM POLYMORPHIC TREE CONSTRUCTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data via a pseudo-random polymorphic tree. A server, using a seed value shared with a client device, generates a tag stream according to a byte-string algorithm. The server passes the tag stream and the data to be transmitted to the client device through a pseudo-random polymorphic tree serializer to generate a pseudo-random polymorphic tree, which the server transmits to the client device. The client device, using the same seed and byte-string algorithm, generates the same tag stream as on the server. The client passes that tag stream and the received pseudo-random polymorphic tree through a pseudo-random polymorphic tree parser to extract the data. Data to be transmitted from the server to the client device is hidden in a block of seemingly random data, which changes for different seed values. This approach obfuscates data and has low processing overhead. | 04-25-2013 |
20130103943 | DISPLAYING PRIVATE INFORMATION USING ALTERNATE FRAME SEQUENCING - Private information can be displayed using alternate frame sequencing to prevent unauthorized viewing. The private information can be ascertained by an authorized user using an active shutter viewing device synchronized to the alternate frame sequencing display. Private information can be displayed on a portion of the display, while public information, including a basic user interface, can be displayed on a second portion visible to authorized and unauthorized users. For enhanced security, alternate frame sequencing synchronization parameters can be encrypted and exchanged between a display device and the viewing device. When and where to display private information using alternate frame sequencing can be determined using environmental sensors. A single display screen can be configured to simultaneously present private information to multiple users, each user permitted to view a portion of the private information according to the unique synchronization parameters employed by a user's viewing device. | 04-25-2013 |
20130103944 | Hypertext Link Verification In Encrypted E-Mail For Mobile Devices - A method, device and computer readable memory are provided for verifying hypertext links in an encrypted e-mail message to be sent to a mobile device to remove links that may contain malicious programs, link to a phishing website, or potentially comprise security of the mobile device or expose the user to unsafe sites or content. The hypertext links are extracted by decrypting the encrypted e-mail message. The hypertext links from the decrypted e-mail message are extracted and for each link the status is determined to verify the link. Actions can then be performed based upon the determined status of respective extracted hypertext links. | 04-25-2013 |
20130103945 | ENCRYPTING DATA OBJECTS TO BACK-UP - Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store. | 04-25-2013 |
20130103946 | Location-aware Mobile Connectivity and Information Exchange System - A computer platform and method for managing secure data transactions between user accounts on a server, based on the respective locations of mobile user devices related to the user accounts, where the user devices create a secured mobile communication cloud between themselves to ensure secure data communications. | 04-25-2013 |
20130117564 | MANAGING SECURITY FOR COMPUTER SERVICES - A system or computer usable program product for providing security for a business application including receiving a request from a server including a server public key and a security token, deploying a virtual node implementing the business application in response to the request, using the security token in a bootstrap process by the virtual node to provide authentication to the server, and authenticating a message from the server using a server public key. | 05-09-2013 |
20130117565 | Peer-to-peer device management, monitor and control - The present invention provides a method, system and program product for peer-to-peer device management, monitor and control. Communication devices connected by communication networks can manage, monitor and control each other; they can be in both managing and managed roles. In one aspect, communication devices can send request messages comprising management, monitor and control commands to peers and receive response messages comprising results and statuses to the request messages from peers. In another aspect, communication devices can send notification messages to peers for management, monitor and control when their monitored contents or states meet predefined criteria. | 05-09-2013 |
20130117566 | MEMORY SYSTEM - A memory system comprises: a memory device including an authentication data area storing authentication unit information and a verification value, and a contents data area storing contents; and a host device configured to receive the authentication unit information and the verification value from the memory device, and perform secure authentication of the memory device based on whether a result of decoding the verification value is equal to the authentication unit information. | 05-09-2013 |
20130124862 | System And Method For Digital Rights Management With Secure Application-Content Binding - Various embodiments of a system and method for digital rights management with secure application-content binding are described. Various embodiments may include a system configured to decrypt an encrypted application key with a private key. The system may also be configured to decrypt an encrypted application including a binding key with the decrypted application key. The system may also be configured to decrypt an encrypted content key with the binding key from the decrypted application. The system may be further configured to decrypt encrypted content with the decrypted content key. In various embodiments, the system may also be configured to consume the decrypted content with the decrypted application. | 05-16-2013 |
20130124863 | SYSTEMS AND METHODS FOR SECURE COMMUNICATION USING A COMMUNICATION ENCRYPTION BIOS BASED UPON A MESSAGE SPECIFIC IDENTIFIER - An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by assembling the message specific identifier from one or more attributes associated with the message and the first device. An encryption key request is transmitted to a server, wherein the encryption key request is based upon the message specific identifier. An encryption key is received from the server, wherein the encryption key is based on the message specific identifier and a random character set. The message is encrypted using the received encryption key and the encrypted message is sent to the second device. | 05-16-2013 |
20130124864 | METHOD FOR IMPORTING RIGHTS OBJECT AND RIGHTS ISSUER - A method for importing or moving a rights object (RO) is provided, a rights issuer (RI) receives a request message of importing or moving an RO to a target device, the request message including key information encapsulated by a public key of the target device; the RI generates the RO according to the request message, the RO including the key information encapsulated by the public key of the target device; and the RI provides the RO for the target device. An RI is also provided. In the present invention, the key information encapsulated by the public key of the target device is provided for the RI, and the real key is hidden from the RI, such that the un-trust RI cannot generate the illegal RO for other devices except the target device, thereby enhancing the security of importing or moving the RO through the RI. | 05-16-2013 |
20130132721 | Method and Apparatus for Providing a Key Certificate in a Tamperproof Manner - A method and a server are configured to provide, in a tamperproof manner, a key certificate for a public device key of a user device, which is installed for a user, by means of a server belonging to a service provider who provides the user with a service via the user device, wherein the server provides the user device with the key certificate if a signing request message received by the user device is successfully verified by the server using a one-time password generated for the user device by the server. | 05-23-2013 |
20130138956 | SYSTEMS AND METHODS OF AUTOMATIC MULTIMEDIA TRANSFER AND PLAYBACK - Digital rights management to protect copyrighted materials is a common element of consumers accessing content for a variety of uses including business and recreational. Such techniques have been generally deployed on small items of multimedia content such as individual tracks of music. However, at present despite the penetration of portable electronic devices for texting, telephony, email, and music their use by consumers for video, film, and large multimedia content has been limited in part due to the issues of downloading and handling individual files of hundreds or thousands of MB. It would therefore be beneficial to provide a means to download large multimedia content files and render these upon a variety of portable electronic devices whilst allowing the downloaded multimedia content to be securely stored within a portable memory device allowing the user to render the content upon their own electronic devices or other electronic devices without re-distributing the content. | 05-30-2013 |
20130138957 | MIGRATING AUTHENTICATED CONTENT TOWARDS CONTENT CONSUMER - Techniques involving migrating authenticated content on a network towards the consumer of the content. One representative technique includes a network node receiving an encrypted seed having at least a location of the user data at a network service that stores the user data, and a cryptographic key to access the user data. The seed is received in response to a user login attempt to the network service. The user data is requested from the location using at least the received cryptographic key. The method further includes receiving and storing the user data at the network node, where the network node is physically closer to a location of the user than is the location of the network service. If the user is successfully authenticated, user access is provided to the stored user data at the network node rather than from the network service. | 05-30-2013 |
20130138958 | METHOD AND APPARATUS OF MATCHING MONITORING SETS TO NETWORK DEVICES - Monitoring computer devices operating on a network is disclosed. Computer devices are all different and require monitoring settings that are tailored to their specific requirements. One example method of assigning a sample set to a network device operating on a network may include identifying the at least one network device, and identifying at least one object identifier associated with the at least one identified network device. The method may also include transmitting the at least one object identified to a memory location, and comparing the at least one object identifier to a plurality of sample sets and assigning relevancy scores to the plurality of sample sets based on the comparison. The method may also include assigning at least one sample set having a greater relevancy score than the other sample sets to the at least one network device. The sample sets may be SNMP sample sets. | 05-30-2013 |
20130138959 | Enabling Users to Select Between Secure Service Providers Using a Central Trusted Service Manager - Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element. | 05-30-2013 |
20130145160 | SYSTEM AND METHOD FOR MOUNTING ENCRYPTED DATA BASED ON AVAILABILITY OF A KEY ON A NETWORK - A system and a method are provided for retrieving decryption keys from a secure location that is separate from the encrypted data. In particular, for each decryption key, there is an associated key ID, public and private authentication key pair and a storage key. The decryption key is encrypted and can be decrypted with the storage key. A key-server securely stores the encrypted decryption key, key ID and public authentication key. A separate key-host stores the storage key, key ID and private authentication key. For the key-host to retrieve the encrypted decryption key, the key-server first authenticates the key-host using the authentication keys. Upon receipt of the encrypted decryption key, the key-host decrypts the encrypted key using the storage key. The decryption key is then used for decrypting the encrypted data. | 06-06-2013 |
20130145161 | DIGITAL RIGHTS MANAGEMENT OF STREAMING CONTENTS AND SERVICES - Managing digital rights of contents and services streamed to a client device, including: receiving and validating a certificate from the client device; enabling the client device to log into and communicate with a server using a secure protocol to establish a private relationship between the client device and the server; and transmitting a resource identifier to the client device using the secure protocol when the private relationship is established. | 06-06-2013 |
20130145162 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, a device includes first and second data generator, a one-way function processor, and a data output interface. The first data generator generates a second key by encrypting a host constant with a first key in AES operation. The second data generator generates a session key by encrypting a random number with a second key in AES operation. The one-way function processor generates authentication information by processing secret identification information with the session key in one-way function operation. The data output interface outputs the encrypted secret identification information, a family key block, and the authentication information to outside of the device. | 06-06-2013 |
20130145163 | NEAR FIELD REGISTRATION OF HOME SYSTEM AUDIO-VIDEO DEVICE - A near field communication (NFC) sticker which stores a key is attached to a new client device. A remote commander in a home network reads the key using a NFC interface and IR-transmits it to a home network server. Once the client is connected to the network, it encrypts its own device information with the key and sends the encrypted information to the server, which decrypts the data with the key sent from the remote commander. In this way, client device registration is executed easily and securely. | 06-06-2013 |
20130151851 | System, Apparatus and Method for Enabling/Disabling Display Data Channel Access to Enable/Disable High-Bandwidth Digital Content Protection - A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, the switch dynamically switches to a closed position in order to enable the at least one source to authenticate with the input card and the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the switch switches dynamically to an open position in order to disable the at least one source from authenticating with the input card, therefore the output card also does not attempt to authenticate with the at least one sink for security protocol encryption. | 06-13-2013 |
20130151852 | METHOD, DEVICE AND SYSTEM FOR AUTHENTICATING GATEWAY, NODE AND SERVER - A method, device and system for authenticating gateway, node and server are provided in this invention. The node receives a message sent by a gateway, wherein the message comprises a number T | 06-13-2013 |
20130159709 | SESSION COMPLETION THROUGH CO-BROWSING - A method, system and computer program product for session completion through co-browsing is claimed. The method can include establishing a content browsing session between a first computing device and a content server serving access to content to the first computing device and maintaining state data for the content browsing session. A co-browsing arrangement of the content can be created as between the first computing device and a second computing device and at least a subset of the state data can be cloned for use by the second computing device during co-browsing of the content. Thereafter, a modified form of the subset of the state data can be received from the second computing device resulting from the co-browsing of the content by the second computing device and the modified form of the subset of the state data can be provided to the first computing device for use during the content browsing session. | 06-20-2013 |
20130159710 | SYSTEM AND METHOD FOR KEY MANAGEMENT FOR ISSUER SECURITY DOMAIN USING GLOBAL PLATFORM SPECIFICATIONS - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key management for Issuer Security Domain (ISD) using GlobalPlatform Specifications. A client receives from a server an authorization to update a first ISD keyset. The client encrypts, via a client-side secure element, a second ISD keyset with a server public key. The client sends the encrypted second ISD keyset to the server for updating the first ISD keyset with the encrypted second ISD keyset. Prior to updating, the client generates the first ISD keyset at a vendor and sends the first ISD keyset to the client-side secure element and sends the first ISD keyset encrypted with the server public key to the server. The disclosed method allows for updating of an ISD keyset of which only the client-side secure element and a server have knowledge. | 06-20-2013 |
20130159711 | Communication System and Method - Data can be transmitted from a user terminal to a decryption component over a network in a limited connectivity environment At the user terminal, the data can be received from a user. If it is determined that the data is sensitive data, the data is encrypted using a secure encryption key. A packet is generated based on a tunneling protocol. The packet includes command data and encrypted sensitive data. The command data includes an address of a network component, command and command identifier. The command identifies that the secure encryption key has been used to encrypt the sensitive data. At the network component identified in the address, the packet is received at a first port; the command is read; the packet is forwarded via a second port to the decryption component for decryption; and a response packet is forwarded, including a response and the command identifier, to the user terminal. | 06-20-2013 |
20130159712 | SYSTEM AND METHOD FOR VERIFYING AND MANAGING DISTRIBUTION OF PRODUCTS - A system and method for verifying, validating and otherwise managing distribution of products and medicines reduces the instances of counterfeit medicines. A pharmaceutical company typically provides medicines/products to users either directly or through representatives for the pharmaceutical company. The products have associated identifying or authentication codes that are used to authenticate the validity of the medicine/product. The system encrypts and decrypts code data employing appropriate client- and server-based applications to securely manage and print the authenticating code data. A covert identification technique, such as a special ink or material can provide an additional level of security in authenticating the medicine to ensure it is not counterfeit. The special ink or material can be tested locally by the user or sent to a remote location for testing to ensure accuracy of the medicine/product. | 06-20-2013 |
20130159713 | AUTHENTICATION METHOD - An authentication method of a first module by a second module includes the steps of generating a first random datum by the second module to be sent to the first module, generating a first number by the first module starting from the first datum and by way of a private key, and generating a second number by the second module to be compared with the first number, so as to authenticate the first module. The step of generating the second number is performed starting from public parameters and is independent of the step of generating the first number. | 06-20-2013 |
20130159714 | MEASUREMENT PROBE SYSTEMS FOR CO-ORDINATE POSITIONING APPARATUS - A measurement probe, such as a touch trigger measurement probe, is described that comprises a measurement portion for measuring an object and a data transfer portion for receiving data from and/or transmitting data to an associated unit. The measurement device also comprises an authentication module for verifying the authenticity of the associated unit. The authentication module may include a processor for running a one-way hash algorithm. Authenticity may be established using a challenge and response authentication process. | 06-20-2013 |
20130166909 | Client-Side Player File and Content License Verification - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for verifying a message based on application of a hashing algorithm. In one aspect, a method includes obtaining a license, from a remote server, for a content item to be presented using a player file executed by a multimedia player on a computing device. The license includes an encryption key and an authorization to present the content item using one or more authorized player files. A particular player file is received for use in presenting the content item, and a determination is made whether the particular player file is authorized for use in presenting the content item based on the authorization. The content item is decrypted using the encryption key, and the content item is presented using the particular player file in accordance with the determination. | 06-27-2013 |
20130166910 | Revocable Security System and Method for Wireless Access Points - Disclosed are various embodiments of a wireless access point. Embodiments can include establishing a master pre-shared key associated with a wireless network, obtaining a request to establish a connection to the wireless network with a client device and generating a revocable key for the client device that is different from the pre-shared key. | 06-27-2013 |
20130166911 | IMPLEMENTATION PROCESS FOR THE USE OF CRYPTOGRAPHIC DATA OF A USER STORED IN A DATA BASE - A security module (“SM”) implements user cryptographic data by means of a user terminal. The cryptographic data is encrypted by a first encryption key established from a secret key from the terminal and the user's authentication element and by a second encryption key specific to the SM. An authentication is performed between the SM and the terminal, based on an asymmetric cryptographic protocol, and, in the event of a positive authentication of the SM and the terminal, an authentication of the SM and the user is performed. In the event of positive authentication between the SM and the terminal and between the SM and the user, the SM obtains the user's cryptographic data, and the terminal calculates the first encryption key and sends the first encryption key to the SM. The user's cryptographic data is decrypted by the SM using the second encryption key and then the first encryption key. | 06-27-2013 |
20130166912 | INFORMATION PROCESSING APPARATUS AND METHOD - In order to limit use of content, when a source receives a request for transmitting content from a sink, the source performs an authentication process. When the authentication is successful, the source transmits to the sink key information necessary for decrypting the encryption applied to the content. The sink can receive the content by receiving the key information and by decrypting the encryption applied to the content by using the key information. | 06-27-2013 |
20130173919 | Method and System for Activation of Local Content with Legacy Streaming Systems - A method and system for activation of local content with legacy streaming systems are disclosed. In one embodiment, a storage device stores encrypted content. The encrypted content can be preloaded or downloaded into the storage device. To consume the content, a host device using the storage device receives a stream of data from a network. The host device then derives a key from the received stream of data and decrypts the encrypted content using the key derived from the received stream of data. Other embodiments are possible, and each of the embodiments can be used alone or together in combination. | 07-04-2013 |
20130173920 | SYSTEM AND METHOD FOR AUTOMATICALLY VERIFYING STORAGE OF REDUNDANT CONTENTS INTO COMMUNICATION EQUIPMENTS, BY DATA COMPARISON - A method is intended for verifying storage of contents into communication equipments connected to at least one communication network. This method consists, when a first communication equipment stores a content and wants to verify that this content is still stored into a second communication equipment: i) in transmitting a first request, comprising at least an identifier of this content and first data representative of this content and requiring verification of the storage of this content into the second communication equipment, to an auxiliary communication equipment acting as an interface between the communication network and the second communication equipment, ii) in transmitting a second request, comprising at least the content identifier, to the second communication equipment, to require transmission of second data representative of the content to the auxiliary communication equipment, and in triggering a timeout having a chosen duration, and iii) if the auxiliary communication equipment has received the second data before expiration of this timeout, in comparing these received second data, possibly after having processed them, to the received first data, and in transmitting a message representative of the result of this comparison to the first communication equipment. | 07-04-2013 |
20130173921 | SYSTEM AND METHOD FOR USING A STREAMING PROTOCOL - An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream. | 07-04-2013 |
20130173922 | METHOD FOR CERTIFICATE-BASED AUTHENTICATION - A first subscriber authenticates himself to a second subscriber with a certificate associated to the first subscriber. The certificate specifies one or several characteristics, which have to be fulfilled by the second subscriber. In the course of the authentication, it is verified using the certificate whether the second subscriber fulfills the characteristics, wherein a criterion required for successful authentication is that the second subscriber fulfills the characteristics(s). Characteristics of the second subscriber are verified in the framework of the authentication process, the second subscriber representing the authenticator with respect to whom the authentication is carried out. In this way, certificates for authentication dedicated communication links between two communication partners can be determined. The method can be used for any subscribers in a communication network, e.g., representing components of an automation system, such as, for example, control devices, field devices, sensors, actuators and the like. | 07-04-2013 |
20130179685 | SECURE REMOTE PERIPHERAL ENCRYPTION TUNNEL - A Secure Remote Peripheral Encryption Tunnel (SeRPEnT) can be implemented in a portable embedded device for the Universal Serial Bus (USB) with a much more restricted attack surface than a general purpose client computer. The SeRPEnT device can comprise a small, low-power “cryptographic switchboard” that can operate in a trusted path mode and a pass-through mode. In the trusted path mode, the SeRPEnT device can tunnel connected peripherals through the client to a server with Virtual Machine (VM)-hosted applications. In the pass-through mode, the SeRPEnT device can pass-through the connected peripherals to the client system, allowing normal use of the local system by the user. SeRPEnT can also enable secure transactions between the user and server applications by only allowing input to the VMs to originate from the SeRPEnT device. | 07-11-2013 |
20130179686 | Transaction Verification on RFID Enabled Payment and Transaction Instruments - A display enabled RFID tag (DERT) receives transaction details from the reader. DERT verifies that the details match their counterparts in the reader public key certificate. The process is aborted in case of a mismatch. DERT extracts and displays user-verifiable data. It then enters a countdown stage that lasts for a predetermined duration. A user observes the transaction information and, if the transaction amount and other details are deemed correct, presses an accept button provided on the DERT before the timer runs out. DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT. | 07-11-2013 |
20130179687 | METHOD AND APPARATUS FOR AUTHENTICATING MULTICAST MESSAGES - The last link in an initialization hash chain, calculated by a transmitter based on its anchor value, is distributed as an initialization function value to a receiver in an initialization phase. Subsequently, a multicast message is received and stored by a receiver and an authentication key release message, containing a cryptographic authentication key, is received from the transmitter by the receiver. A cryptographic function value h, calculated by the receiver for the cryptographic authentication key using a prescribed cryptographic function, is compared with the initialization function value to check the validity of the cryptographic authentication key in the authentication key release message. The multicast message is authenticated by the receiver using the cryptographic authentication key which has been recognized as valid. | 07-11-2013 |
20130179688 | SYSTEM AND METHOD FOR ISSUING AN AUTHENTICATION KEY FOR AUTHENTICATING A USER IN A CPNS ENVIRONMENT - The present invention relates to a system and method for issuing an authentication key for authenticating a user in a CPNS environment. The system comprises a user terminal, a gateway and a CPNS device. The user terminal is equipped with a short-range wireless communication function, requests the gateway to register terminal information including an ID and password, encrypts the terminal information including the ID and password using the password, transmits an authentication request signal including the encrypted terminal information to the gateway, and receives an authentication key generated by a CPNS device. The CPNS device stores the terminal information, performs user authentication by decrypting the encrypted terminal information in response to the authentication request, generates an authentication key for the CPNS when a user is authenticated, encrypts the generated authentication key using the password, and transmits the encrypted authentication key to the user terminal through the gateway. | 07-11-2013 |
20130185556 | SYSTEM AND METHOD FOR SECURE COMMUNICATION - A system and methods for secure communication are disclosed. A network packet comprising encrypted network address comprising an unencrypted network address encrypted by a first GPS time and a first pseudo random number is received. The encrypted network address is decrypted using the first GPS time and the first pseudo random number to provide the unencrypted network address. The network packet is transmitted based on the unencrypted network address. | 07-18-2013 |
20130185557 | Detection of Invalid Escrow Keys - A secure hash, such as a Hash-based Message Authentication Code (“HMAC”), is generated using a piece of secret information (e.g., a secret key) and a piece of public information specific to each escrow key (e.g., a certificate hash or public key). Using the secret key ensures that escrow key validation data can only be generated by knowing the secret key, which prevents an attacker from generating the appropriate escrow key validation data. Using the certificate hash as the public data ties each escrow key validation data to a particular certificate, thereby preventing the attacker from simply copying the validation data from another escrow key. Any escrow key that is found to be invalid may be removed from the file container and a system audit log may be generated so that a company, individual, or other entity can be aware of the possible attempt at a security breach. | 07-18-2013 |
20130185558 | System and Method for Enabling Seamless Transfer of a Secure Session - An information handling system includes a memory and a processor to execute instructions stored in the memory, which causes the processor to at least: send identification information to a second information handling system in response to an identification request broadcast from the second information handling system via a short-range communication; receive first authentication information for a local application and a remote service from the second information handling system; receive a copy of the local application; authenticate a user for the copy of the local application and for the remote service prior to the user logging on to the information handling system; receive second authentication information from the user to access the information handling system; authenticate the user to the information handling system; and automatically initiate a secure session between the copy of the local application and the remote service when the user is authenticated to the information handling system. | 07-18-2013 |
20130185559 | SECURE COMMUNICATIONS BETWEEN DEVICES - A method of establishing secure communication between a first mobile computing device and a second mobile computing device includes generating a first self-signed key at the first mobile computing device, pairing the first device with a second device, the pairing including receiving user input of a passcode and after receiving the user input sending the first public key to the second mobile computing device and receiving a second public key from the second mobile computing device, storing the second public key in a database of trusted devices, the database of trusted devices being stored in the first mobile computing device, receiving in the first mobile computing device a list of mobile computing devices connected to a mobile network, matching the list of mobile computing device against the database of trusted devices, and establishing secure communication between the first mobile computing device and the second mobile computing device. | 07-18-2013 |
20130185560 | METHOD AND ARRANGEMENT FOR PROVISIONING AND MANAGING A DEVICE - A method, arrangement, and provisioning server in a Selected Home Operator (SHO) network for downloading a new Downloadable Universal Subscriber Identity Module (DLUSIM) to a communication device when the communication device changes from a first operator network to the SHO network. A manager of the communication device registers with the SHO network and transfers K | 07-18-2013 |
20130191635 | WIRELESS AUTHENTICATION TERMINAL - A wireless authentication terminal that connects to a network via a wireless base station, the wireless authentication terminal comprises a communication unit that performs communication compliant with IEEE802.15.4, an authentication processing unit that transmits and receives communication messages and performs authentication processing for connecting to a network, a filter processing unit that changes the communication messages allowed to pass through between the communication unit and the authentication processing unit, an encryption level determination unit that determines a level at which the communication unit encrypts the communication message, and a control unit that controls an operation state of the filter processing unit and the encryption level determination unit based on the phase of the authentication processing in the authentication processing unit. | 07-25-2013 |
20130191636 | STORAGE DEVICE, HOST DEVICE, AND INFORMATION PROCESSING METHOD - A storage device includes a storage module, an authentication process execution module, an encryption processor and a security setting module. The storage module stores an encryption key, a flag indicating whether the encryption key can be used, a password used for authentication associated with the encryption key and the flag, and user data. The authentication process execution module uses a password to authenticate a connected host device. The encryption processor uses an encryption key stored being associated with a flag indicating permission to use the encryption key in accordance with an instruction from the host device, and encrypts user data received from the host device or decrypts the user data stored in the storage module. On encryption or decryption, the security setting module changes the setting of a flag stored being associated with the encryption key used for the encryption or the decryption. | 07-25-2013 |
20130191637 | METHOD AND APPARATUS FOR AUTHENTICATED ENCRYPTION OF AUDIO - The invention provides for a method of encoding data and a method for decoding encrypted and authenticity protected data. Furthermore, the invention provides for an encoding and a decoding equipment. For encoding the data is encrypted by using AES encryption ( | 07-25-2013 |
20130191638 | SYSTEM AND METHOD FOR SECURE TWO-FACTOR AUTHENTICATED ID-BASED KEY EXCHANGE AND REMOTE LOGIN USING AN INSECURE TOKEN AND SIMPLE SECOND-FACTOR SUCH AS A PIN NUMBER - A system and method of authenticated ID-based key exchange and remote login with insecure token and PIN number can provide an authenticated key agreement protocol based on an elliptic curve bilinear type-3 pairing. A server acts as an Authentication Service to Clients and a Trusted Authority (TA) issues identity based secret numbers to Clients and Authentication Services. Included in the system and method is the capability for the Client to split their secret number into two parts, a Client selected PIN number, and the larger number, the Token. | 07-25-2013 |
20130198513 | ENCRYPTION METHOD AND SYSTEM FOR NETWORK COMMUNICATION - Provided are devices and methods for data encryption and securely transmitting data over a network. The methods can include receiving a request to retrieve a message encrypted with an object key, which is encrypted with a public key from a public/private key pair associated with the recipient, decrypting the encrypted message by decrypting the object key with the private key, and delivering or displaying the message to the recipient. | 08-01-2013 |
20130198514 | SECURE NETWORK ACCESS - The present invention relates to a system and method for facilitating access to secure network sites, such as sites providing secure financial information. An active software agent is utilized to fetch passwords and user identifiers from a user computing system and to use the passwords and identifiers to extract required information from the secure site. The password sites and identifiers are encrypted and an encryption key is stored at a network mode remote from the user's computer and is fetched in order to enable the passwords and identifiers to be decrypted so that the active agent can use them to obtain the required information. | 08-01-2013 |
20130198515 | INFORMATION PROCESSING DEVICE, COMPUTER PROGRAM, AND INFORMATION PROCESSING SYSTEM - An information processing device including a receiving unit that receives a first random number from another information processing device; a generating unit that generates a second random number; a time-variant-key generating unit that generates a time variant key for encryption according to the second random number; an encrypting unit that encrypts the first random number with the time variant key; and a transmitting unit that transmits the first random number encrypted by the time variant key and the second random number to the other information processing device. | 08-01-2013 |
20130198516 | METHODS AND SYSTEMS FOR PAIRING DEVICES - A method of pairing an unregistered device with a virtual identity may include, at a first repository: receiving a request from the unregistered device, sending a pairing code and an identifier to the unregistered device, receiving the pairing code from a registered device, and sending the identifier to the registered device. The method may also include, at a second repository, receiving the pairing code and secret information from the registered device, receiving the pairing code in a transmission associated with the unregistered device, associating the unregistered device with the virtual identity using the pairing code, and sending the secret information to the unregistered device. | 08-01-2013 |
20130198517 | Enabling Ad Hoc Trusted Connections Among Enclaved Communication Communities - The present invention is directed to systems and methods for establishing an electronic communications connection between secure communities. A secure community includes a collection of communication resources having an administrator that maintains control over the secure community. In an embodiment, a system for establishing an electronic communications connection between two or more secure communities includes a community gateway controller, an identification module, a secure community database configured to store secure community information, and an encryption compatibility module configured to determine a media transmission encryption scheme for a connection between a host secure community and a second secure community. Upon receipt of a request to establish the connection between secure communities, the community gateway controller determines whether to grant the request based on information stored in the secure community database and assigns a media transmission encryption scheme for the connection based on the determination made by the encryption compatibility module. | 08-01-2013 |
20130205136 | METHODS AND SYSTEMS FOR SECURE IDENTITY MANAGEMENT - A method for authorizing a virtual identity using an access device may include sending, from an access device, a request to a resource through a network. The method may also include accessing a resource challenge that is acceptable to the resource and sending the resource challenge to an identity repository. The method may additionally include receiving, from the identity repository, a first signed resource challenge and signing the resource challenge to generate a second signed resource challenge. The method may further include sending an authorization for the virtual identity to the resource through the network. The authorization may include the first signed resource challenge and the second signed resource challenge. | 08-08-2013 |
20130205137 | ZERO-KNOWLEDGE BASED AUTHENTICATION METHOD, SYSTEM, AND APPARATUS - In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host. | 08-08-2013 |
20130212385 | UTILIZATION OF A PROTECTED MODULE TO PREVENT OFFLINE DICTIONARY ATTACKS - Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module. | 08-15-2013 |
20130212386 | Storage Access Authentication Mechanism - In embodiments according to the present invention an encryption switch is used to authorize access to LUNs from client VMs present in the cloud provider network. The encryption switch includes responder side software for an authentication protocol and an agent in the client VM includes the requestor side of the authentication protocol. The certificate of the client is securely provided to the encryption switch, which associates the client VM with the LUN. The client private key is securely provided to the client VM, which retains it only non-persistently. The client VM requests LUN access and performs an authentication handshake with the encryption switch. If successful the client VM than has access to the LUN. As the original certificate is linked to the client, if the client is itself a VM, should the client be moved to a different host, the certificate moves with it and LUN accessibility is maintained. | 08-15-2013 |
20130212387 | SYSTEM AND METHOD FOR DELIVERING A CHALLENGE RESPONSE IN AN AUTHENTICATION PROTOCOL - A system and method for authenticating a user that includes receiving an access-request of a network protocol at a challenge-response server; determining if an access-challenge message is required; delivering an active script component through a parameter of an access-challenge message of the network protocol when an access-challenge is required; receiving a challenge-response of a user; validating the challenge-response; and selectively sending an access-accept response for a valid challenge-response and sending an access-denied response for an invalid challenge-response. | 08-15-2013 |
20130212388 | PROVIDING TRUSTWORTHY WORKFLOW ACROSS TRUST BOUNDARIES - Methods, systems and apparatuses for providing trustworthy workflow across trust boundaries are disclosed. One method includes a curator generating a first public key (PK | 08-15-2013 |
20130212389 | ENTERPRISE COMPUTER INVESTIGATION SYSTEM - A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims. | 08-15-2013 |
20130212390 | METHOD AND SYSTEM FOR AUTHENTICATING ENTITY BASED ON SYMMETRIC ENCRYPTION ALGORITHM - A method and a system for authenticating an entity based on a symmetric encryption algorithm are provided. The method includes the following steps: 1) an entity A sends an authentication request message to an entity B; 2) after receiving the authentication request message, the entity B sends an authentication response message to the entity A; 3) the entity A determines the validity of the entity B according to the received authentication response message. The implementation cost of the system can be reduced by using the authentication according to the invention. | 08-15-2013 |
20130219178 | Media Player Security for Full Length Episodes - A streaming video player and authentication server work in conjunction to provide secure streaming media. Player authentication is used to ensure that only users using an authorized media player authorized users can access and stream the media content. An encryption process protects unauthorized users from playing media streams that are intercepted between the content server and an authorized user. Additionally, timed tokens are used to ensure that a user authorized to access a stream during a specified time period cannot access the same stream at a later time when the user is no longer authorized. | 08-22-2013 |
20130219179 | SYSTEM AND METHOD OF SECURE ENCRYPTION FOR ELECTRONIC DATA TRANSFER - A system for secure transfer of encrypted data involves a sender client, a recipient client, a main server, and a key server. The sender client receives instructions from a first user identifying transfer data and a recipient identifier, creates a key, encodes the transfer data using the key, and communicates the key and the recipient identifier to a server. The server creates a secure package identifier and communicates such to the sender client. The recipient client receives and identifies the secure package identifier and the encoded transfer data, receives from a second user a user identifier, and communicates the user identifier and the secure package identifier to the server. The server communicates the key to the recipient client only if the secure package identifier received from the recipient client matches the secure package identifier created by the server and if the user identifier matches the recipient identifier. | 08-22-2013 |
20130227283 | APPARATUS AND METHODS FOR PROVIDING CONTENT TO AN IP-ENABLED DEVICE IN A CONTENT DISTRIBUTION NETWORK - Apparatus and methods for providing content to IP-enabled devices in a content distribution network. In one embodiment, a network architecture is disclosed which enables delivery of content to such IP-enabled devices without the use of a high-speed data connection This capability allow the managed network operator to provide content services to an IP-enabled device associated with a non-data subscriber. In one implementation, requests for content from user IP-enabled devices are received, authenticated, and content processed into a series of encrypted segments. Once the requesting user/device is authenticated, the segments are provided with a playlist. The rendering device is also provided access to a decryption key (e.g., via a URL to a managed key server). Variants providing (i) user access to the MSO distribution network via an indigenous modem or gateway; and (ii) user access to the MSO core via a gateway and a third party unmanaged network are described. | 08-29-2013 |
20130227284 | APPARATUS AND METHODS FOR CONTENT DISTRIBUTION TO PACKET-ENABLED DEVICES VIA A NETWORK BRIDGE - Apparatus and methods for providing content to packet-enabled devices in a content distribution network. In one embodiment, a network architecture is disclosed which enables delivery of content to IP-enabled devices such as mobile smartphones and tablet computers using a traditional high-speed data connection. This capability allows the managed network operator to provide content services to an IP-enabled device associated with a non-data subscriber. In one variant, a cable modem is provided which is limited to only retrieve content for delivery to the devices, yet which performs no other functions/services (including provision of high-speed data services). Alternatively, a “media server” modem is utilized to enable delivery of content from the managed network to a client or user device which is also able to obtain high-speed data service from a non-managed or third party managed network via a third-party access point. Security and authentication mechanisms for the transmitted content are also disclosed. | 08-29-2013 |
20130227285 | OWNER-CONTROLLED ACCESS CONTROL TO RELEASED DATA - Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving, from a computing device used by an authenticated user, a validation request, the validation request including a first hash value and a first validation token, the first hash value being generated based on restricted content of a workflow object and the first validation token being associated with a first state of the workflow object, and determining that the authenticated user is authorized to request validation of the workflow object and, in response: decrypting the validation token to provide a second hash value, and determining that the second hash value is equal to both the first hash value and a third hash value and, in response, transmitting a validation response to the computing device, the validation response indicating that the workflow object is valid. | 08-29-2013 |
20130227286 | Dynamic Identity Verification and Authentication, Dynamic Distributed Key Infrastructures, Dynamic Distributed Key Systems and Method for Identity Management, Authentication Servers, Data Security and Preventing Man-in-the-Middle Attacks, Side Channel Attacks, Botnet Attacks, and Credit Card and Financial Transaction Fraud, Mitigating Biometric False Positives and False Negatives, and Controlling Life of Accessible Data in the Cloud - A method of sending a secure encrypted communication between a first source computer and a second destination computer involves providing the source and destination computers each with an identical copy of a unique pre-distributed symmetric key and a first valid offset. The destination computer sends the source computer a random, previously unused token of variable length from the pre-distributed key beginning at the destination computer's last valid offset. The source computer generates the corresponding token from its last valid offset for the corresponding key in respect of the destination computer. If the source authenticates the destination computer, the source and destination computers update their offsets independently and a communication is sent encrypted by the pre-distributed key. | 08-29-2013 |
20130227287 | METHOD OF OPERATING A COMPUTING DEVICE, COMPUTING DEVICE AND COMPUTER PROGRAM - Data is stored on a computing device in encrypted form in respective digital containers. At least one data access application is stored on the computing device. A control application of the computing device connects to a remote control center. A command from the remote control center is received at the connected control application. The command contains an action to be taken in respect of at least one of the at least one data access application and the containers stored on the computing device. The command is passed from the connected control application to the data access application or container, and the data access application or container carries out the command. | 08-29-2013 |
20130227288 | METHOD AND SYSTEM FOR ESTABLISHING CRYPTOGRAPHIC COMMUNICATIONS BETWEEN A REMOTE DEVICE AND A MEDICAL DEVICE - A method and system establishing cryptographic communications between a remote device and a medical device, with the medical device having less processing power than the remote device are disclosed. The method may comprise establishing unencrypted communication between the remote device and the medical device, generating an asymmetric key pair by the remote device comprising a public key and a private key, generating a key request message and sending of the key request message together with the public key to the medical device, generating a pre-master key and encryption of the pre-master key with the received public key by the medical device, generating a key response message and sending of the key response message together with the encrypted pre-master key from the medical device to the remote device, decrypting the encrypted pre-master key with the private key by the remote device, and deriving a master key as a symmetric key from the pre-master key. | 08-29-2013 |
20130227289 | ANONYMOUS ENTITY AUTHENTICATION METHOD AND SYSTEM - An anonymous entity authentication method includes the steps of: an entity B sending RB and IGB; an entity A sending RB, R′A, IGA and IGB to a trusted third party TP, the trusted third party TP checking a group GA and a group GB against IGA and IGB for legality; the trusted third party TP returning ResGA, ResGB and a token TokenTA or returning ResGA, ResGB, TokenTA | 08-29-2013 |
20130238901 | SYSTEM FOR INTERACTIVE MATRIX MANIPULATION CONTROL OF STREAMED DATA AND MEDIA - An interactive streaming media and application service provider system can securely stream high resolution, multiple formats of video and data. Different data sets can be included in a single stream. A rights management system controls matrix manipulation and other aspects of user control of the data, including one or more of rendering in various different 2D, 3D, or other media formats, reconstruction and modeling, zooming, frame grab, print frame, parental controls, picture in picture, preventing unauthorized copying, adapting to different data transmission formats, adapting to different resolutions and screen sizes, and actively control functionality contained in embedded data, encryption/decryption. Control can be exerted by an external entity through a user-side virtual machine. Control codes can optionally be embedded in the media, embedded in the user's device, and/or sent separately to the device. | 09-12-2013 |
20130238902 | METHOD AND SYSTEM FOR CONTROL OF CODE EXECUTION ON A GENERAL PURPOSE COMPUTING DEVICE AND CONTROL OF CODE EXECUTION IN A RECURSIVE SECURITY PROTOCOL - Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained. | 09-12-2013 |
20130246789 | METHOD OF SECURING TRANSMISSION DATA - A method is provided for securing transmission data between an upload device and a download device. The upload device is configured to generate a first matrix, a second matrix and a re-encryption vector, to encrypt a plaintext data file using the first matrix to obtain a ciphertext data file, to transmit the ciphertext data file and the re-encryption vector to a server, and to transmit the second matrix to the download device. The server is configured to re-encrypt the ciphertext data file using the re-encryption vector to obtain a re-encrypted data file that can be decrypted using the second matrix to obtain a decrypted data file, and to allow the download device to download the re-encrypted data file therefrom. | 09-19-2013 |
20130246790 | STORAGE METHOD, SYSTEM AND APPARATUS - The present invention discloses a storage method, system and apparatus. The method comprises: encrypting data with a storage key to obtain encrypted data; encrypting the storage key with two different encryption methods to generate a personal key and a data key, respectively, wherein the personal key can be decrypted with a key from the user who owns the data to obtain the storage key, and the data key can be decrypted with the unencrypted data to obtain the storage key; saving the encrypted data, personal key and data key in a server. The technical scheme of the present invention can prevent saving duplicate files while ensuring that the unencrypted data cannot be accessed by any other users and storage service providers. | 09-19-2013 |
20130246791 | PRIVACY-PRESERVING PUBLISH-SUBSCRIBE PROTOCOL IN A CLOUD-ASSISTED BROADCAST MODEL - A method and system for providing privacy in a publish-subscribe protocol is provided. A server receives from a third party a topic-based key associated with a tree structure having a pseudonym of a topic as a root and at least one client as a leaf. The server encrypts a key associated with a conditional oblivious transfer protocol using the topic-based key. The server encrypts an item with the key associated with the conditional oblivious transfer protocol. The server transmits the encrypted key and the encrypted item to a plurality of clients. The encrypted item is decryptable by the at least one client with the key associated with the conditional oblivious transfer protocol when the key associated with the conditional oblivious transfer protocol is decryptable with an interest-based key associated with a tree structure having a pseudonym of an interest as a root and the at least one client as a leaf. | 09-19-2013 |
20130246792 | KEY CENTRIC IDENTITY - Aspects of the disclosure provide a method. The method includes generating an identification based on a public key of an asymmetric key pair for a device, including the identification into an information unit to identify the device as a source of the information unit and transmitting the information unit. | 09-19-2013 |
20130254541 | ACCESS CONTROL SYSTEM AND A USER TERMINAL - In a user terminal, a public key, a master key and a public parameter are generated. An ID including an identifier, an issue date and a validity period of a secret key for service is generated. The secret key is generated based on the master key and the ID. The ID and the secret key are transmitted to a service providing server. The public key and the public parameter are transmitted to a data storage device. In the service providing server, signature data is generated based on the ID and the secret key. A data request, the signature data and the ID are transmitted to the data storage device. In the data storage device, the data request is verified based on the signature data, the public key and the public parameter. When the data request is verified, measurement data of a target device is transmitted to the service providing server. | 09-26-2013 |
20130254542 | System and Method for Securing Data From a Remote Input Device - An input device with an integrated security module communicates with a processing component over an insecure medium. The insecure medium may be a wireless network, software stack, or the like. According to one embodiment, the security module is integrated into an existing chip of the input device. Data generated by the input device is encoded and/or authenticated by the security module prior its transmission to the processing device. The processing device receives the input data and processes it within its own security boundary for providing selected services or information to a user or application associated with the input device. | 09-26-2013 |
20130254543 | Systems And Methods For Providing Security To Different Functions - Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function. | 09-26-2013 |
20130262867 | METHODS AND APPARATUS FOR PROTECTING SENSITIVE DATA IN DISTRIBUTED APPLICATIONS - In some embodiments, a method includes receiving encrypted information associated with a user, and calculating a first portion of a shared secret based on the encrypted information associated with the user. The method also includes defining a completed portion of the shared secret based on the first portion of the shared secret and a second portion of the shared secret and storing the completed portion of the shared secret in a memory for a pre-defined period of time. The method includes defining a ticket based on the completed portion of the shared secret, and sending the ticket to a device associated with the user such that data associated with the ticket is accessible based on the ticket within the pre-defined period of time, and not accessible without the ticket or after the pre-defined period of time. | 10-03-2013 |
20130268757 | SECURELY PERFORMING PROGRAMMATIC CLOUD-BASED DATA ANALYSIS - A request from a client system to perform computations on encrypted data is received at a server system. A request for a data key configured to decrypt the encrypted data is sent from the server system to the client system. The data key from the client system is received at the server system. The encrypted data is accessed at the server system. The encrypted data is decrypted using the data key to generate unencrypted data at the server system. The computations are performed on the unencrypted data to generate result data at the server system. The result data is provided to the client system. | 10-10-2013 |
20130268758 | WIRELESS STORAGE DEVICE - A first computing device is detected as substantially collocated with a wireless storage device, using a short-range wireless communication network. A connection is established between the first computing device and the wireless storage device over the short-range wireless network. Data stored in memory of the wireless storage device is sent from the wireless storage device to the first computing device over the short-range wireless network for a presentation of the data using a user interface of the first computing device. The wireless storage device lacks user interfaces for the presentation of the data. In some instances, authentication of either or both of the first computing device or wireless storage device can be accomplished through communication between the first computing device and wireless storage device over the short-range wireless communication network. | 10-10-2013 |
20130268759 | DIGITAL RIGHTS MANAGEMENT SYSTEM TRANSFER OF CONTENT AND DISTRIBUTION - The present invention relates to digital rights management (DRM) for content that may be downloaded and securely transferred from one storage to another storage. The storage may be a disk drive, or network attached storage. The storage performs cryptographic operations and provides a root of trust. The DRM system enables secure copying or transfer of content from one storage device to another storage device. In this embodiment, a trusted server that is authenticated and trusted by both storage devices brokers the transfer of content. The trusted server may be a separate entity of the DRM system or may be a component or function of an existing server of the DRM system. In another embodiment, the storage devices may transfer content in a peer-to-peer fashion. The transfer of content may be authorized and controlled based on a digital certificate associated with the content. | 10-10-2013 |
20130268760 | SYSTEMS AND METHODS FOR SECURE WORKGROUP MANAGEMENT AND COMMUNICATION - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser. | 10-10-2013 |
20130275753 | SYSTEM AND METHOD FOR VERIFYING CREDENTIALS - A system and method for verifying credentials are provided. The system includes a credential verification server ( | 10-17-2013 |
20130275754 | SYSTEM AND METHOD FOR SECURE REMOTE ACCESS - System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services. | 10-17-2013 |
20130275755 | SYSTEMS, METHODS AND APPARATUSES FOR THE SECURE TRANSMISSION OF MEDIA CONTENT - The systems, methods and apparatuses described herein permit encrypted media content to be processed by a plurality of media processing blocks before being displayed on a screen. An apparatus according to the present disclosure may comprise a communication interface to receive an encrypted, encoded media stream, a first and second media processing blocks, and a screen for displaying decoded media stream. The first media processing block may decrypt the encrypted, encoded media stream to obtain the encoded media stream using a first key, decode the encoded media stream and encrypt the decoded media stream using a second key before transmitting it to the second media processing block. The second media processing block may decrypt the media stream using the second key and process the media stream using a screen controller before transmitting the media stream to the screen. | 10-17-2013 |
20130275756 | METHOD AND APPARATUS FOR APPLYING RECIPIENT CRITERIA IN IDENTITY-BASED ENCRYPTION - An approach is provided for reducing communication traffic and cost by applying recipient criteria in identity-based encryption. A recipient criterion application selects one or more recipient criteria for data, and encrypts the data using the selected one or more recipient criteria as a public key of identity-based encryption. | 10-17-2013 |
20130283050 | WIRELESS CLIENT AUTHENTICATION AND ASSIGNMENT - Methods, devices, and machine readable media are provided for wireless client authentication and assignment. Some examples can include a network device with a processing resource and a memory resource storing instructions executable by the processing resource to act as a default gateway and present a web portal for logon in response to a request from a wireless client prior to authentication of the wireless client, to send a dissociation command for the wireless client in response to an initial authentication of the wireless client, and to assign traffic to a local virtual local area network (VLAN) defined on an access point (AP) associated with the wireless client in response to a subsequent authentication of the wireless client. Some examples can include assigning the wireless client to an isolation VLAN that is tunneled via the network device prior to dissociation, where the local VLAN is not tunneled via the network device. | 10-24-2013 |
20130283051 | Persistent License for Stored Content - In an implementation, a method includes forming a request by a client for communication to a licensing server. The request is for storing encrypted content by the client. A persistent license is received at the client in response to the request. The persistent license includes a key that is encrypted. The key, when decrypted, provides access to the encrypted content. The key is configured to be decrypted by the licensing server. The client, however, is not configured to decrypt the key from the persistent license. The persistent license and the encrypted content are stored by the client. | 10-24-2013 |
20130283052 | ELECTRONIC RENTAL SERVICE SYSTEM AND METHOD FOR DIGITAL CONTENT - A system encrypts digital content data with a key of a content encryption key (CEK) pair and CEK related share data available to an end user station including a source for generating source encrypted data including content data. The share data is encrypted with a first key of a second encryption key pair associated with a targeted intermediate station including a processor receiving source encrypted data and being in data communication with a portable storage device associated with the end user station, which is associated with a third encryption key pair. The processor generates intermediate station encrypted data by decrypting encrypted share data using a key of the second key pair and encrypting resulting decrypted data using a key of the third key pair. A reconstruction processor uses an algorithm and input share data to reconstruct the CEK. A decryption processor uses the reconstructed CEK to decrypt encrypted content data. | 10-24-2013 |
20130283053 | APPARATUS AND METHOD FOR AUDIENCE MEASUREMENT IN MULTIMEDIA STREAMING SYSTEM - An apparatus and a method for performing audience measurement (AM) in a multimedia streaming system are provided. In a method for operating a terminal in the multimedia streaming system, a transmission stream including contents is received. At least one of audience measurement participation information and audience measurement execution information is obtained from at least one signaling table included in the transmission stream. | 10-24-2013 |
20130290709 | Policy-based dynamic information flow control on mobile devices - A method and system are provided for securing data on a mobile device that supports both enterprise and personal applications. According to the method, information flows and data accesses are tracked on the device at run-time to enable access control decisions to be performed based on a policy, such as an enterprise privacy policy that has been distributed to the device from an enterprise server. The policy may be updated by events at the device as well as at the enterprise server. | 10-31-2013 |
20130290710 | SYSTEM AND METHOD FOR A CLOUD-BASED ELECTRONIC COMMUNICATION VAULT - Disclosed is a system and method for securely, conveniently and effectively storing information in a secure data repository or database, and securely delivering such information to a respective user. The secure repository and database, referred to as a Vault, is a secure storage utility used for storing and safekeeping valuable personal information and documents associated with a user. The Vault can store and provide access to personal documents for a user, such as but not limited to, wills, irreplaceable pictures or video, financial documents/bills, contracts, account numbers and credit card numbers. The Vault can be provided as a service within a smart, cloud-based system, which intelligently gathers, stores and initiates actions for a variety of user documents. | 10-31-2013 |
20130290711 | PROVIDING CONTENT TO A USER ACROSS MULTIPLE DEVICES - Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, and including a method for providing content. The method comprises receiving a first login associated with a first anonymous identifier and first device, creating an associated first private-public key pair, storing a first private key locally in the first device, and publishing a first public key. The method further comprises receiving a second login from a second different device, creating a second private-public key pair, storing a second private key, publishing the second public key, creating a secret key using the first public key, and associating a second anonymous identifier with the secret key. The method further comprises subsequently receiving a login the first device, creating the secret key using the second public key, associating the first anonymous identifier with the secret key, receiving a request for content from either device, and providing content using the association. | 10-31-2013 |
20130290712 | HASHING PREFIX-FREE VALUES IN A SIGNATURE SCHEME - Methods, systems, and computer programs for producing hash values are disclosed. A prefix-free value is obtained based on input data. The prefix-free value can be based on an implicit certificate, a message to be signed, a message to be verified, or other suitable information. A hash value is obtained by applying a hash function to the prefix-free value. The hash value is used in a cryptographic scheme. In some instances, a public key or a private key is generated based on the hash value. In some instances, a digital signature is generated based on the hash value, or a digital signature is verified based on the hash value, as appropriate. | 10-31-2013 |
20130290713 | HASHING PREFIX-FREE VALUES IN A CERTIFICATE SCHEME - Methods, systems, and computer programs for producing hash values are disclosed. A prefix-free value is obtained based on input data. The prefix-free value can be based on an implicit certificate, a message to be signed, a message to be verified, or other suitable information. A hash value is obtained by applying a hash function to the prefix-free value. The hash value is used in a cryptographic scheme. In some instances, a public key or a private key is generated based on the hash value. In some instances, a digital signature is generated based on the hash value, or a digital signature is verified based on the hash value, as appropriate. | 10-31-2013 |
20130290714 | METHOD AND SYSTEM FOR ACTIVATION - An activation method includes a security module card verifying an activation server using a shared secret key and a first challenge, mediating a verification of the activation server by a mobile device, and encrypting the second challenge using a generated key to obtain an encrypted second challenge. The security module card further transmits the encrypted second challenge and a third challenge to the mobile device. The method further includes receiving an encrypted third challenge from the mobile device, decrypting the encrypted third challenge to obtain a received third challenge, verifying the mobile device based on the received third challenge being equal to the third challenge sent to the mobile device, and sending a validation of mutual trust between the security module card and the mobile device to the activation server. | 10-31-2013 |
20130290715 | TRANSMITTING A DOCUMENT - A method of transmitting a document from a computing device to a printing device using a document server comprising, at the server, receiving user credentials from a user of an authorized computing device, receiving encrypted data defining the document from the authorized computing device, receiving information indicating the intended recipients of the data, receiving user credentials from an authorized printing device, and delivering the encrypted data to an authorized recipient. | 10-31-2013 |
20130290716 | SYSTEM AND METHOD FOR SECURING USER INFORMATION ON SOCIAL NETWORKS - A computer-implemented method for securing personal information of a user on social networks. The method involves: receiving personal information from a user in an unencrypted textual form by a client computer; transmitting the received personal information via a secure virtual private network (VPN) connection to a dedicated VPN server/proxy; receiving the personal information at the dedicated VPN server/proxy; encrypting the received personal information at the dedicated VPN server/proxy using an encryption key; and transmitting the encrypted personal information from the dedicated VPN server/proxy to the social network. Other users of the social network also use the dedicated VPN server/proxy in order to decrypt (access) the personal information of the user, which has been encrypted as specified above. | 10-31-2013 |
20130290717 | METHOD AND SYSTEM FOR PROVIDING CONTINUED ACCESS TO AUTHENTICATION AND ENCRYPTION SERVICES - A system and method for providing continued access to authentication and encryption services that includes a secure key store communicably coupled to a virtual smart card server. A virtual smart card driver is also provided and is communicably coupled to a virtual smart card secure hardware server. The virtual smart card driver communicates with an authentication client to authenticate a user, and access the user's private key stored in the secure key store when the user's physical smart card is unavailable. Continued access is provided when the user has been authenticated. | 10-31-2013 |
20130290718 | MOBILE STORAGE DEVICE AND THE DATA PROCESSING SYSTEM AND METHOD BASED THEREON - The present invention relates to network security technology, and particularly relates to a mobile storage device for data processing in security, and a data processing system comprising the mobile storage device, and a data processing method using the data processing system. According to the present invention, the mobile storage device for data processing in security comprising: at least one memory for storing a secret key; an interface circuit; and a processing unit for communicating with a remote device via the interface circuit and performing security processing and application processing, the security processing including data encryption and decryption with the secret key. Compared with the prior art, the mobile storage device according to the embodiments of the present invention stores not only confidential information such as secret key and digital certificate but also applications for executing transaction processes, whereby providing security protection for the applications at the same level as the confidential information. In addition, where the mobile storage device has a capability of simulating a network interface, a client terminal, such as a personal computer, previously used for executing the applications now can function as a bridge connector between the mobile storage device and a remote server, and the packeting and unpacketing of the transaction data can be performed inside the mobile storage device. This greatly improves the security performance of the transaction processes. | 10-31-2013 |
20130290719 | SYSTEM AND METHOD FOR ACCESSING INTEGRATED APPLICATIONS IN A SINGLE SIGN-ON ENABLED ENTERPRISE SOLUTION - A method for performing access management to facilitate a user to access applications in a single sign-on enabled enterprise solution is provided. A challenge token and a response token are transmitted between a server and a client. The challenge token and response token comprises one-way hashed data. The response token is verified at the server and the client to authenticate the user. Further, a request for service token is transmitted between the server and the client. The request for service token is encrypted at the client and decrypted at the server using a unique session key negotiated between the server and client. A service token is generated and transmitted between the server and the client. The service token is encrypted and decrypted at the server using a secret key to verify the service token. Based on the verification, the requested applications are rendered on client based user interface. | 10-31-2013 |
20130297936 | METHOD, DEVICE, AND SYSTEM FOR SECURELY SHARING MEDIA CONTENT FROM A SOURCE DEVICE - A method, device, and system for sharing media content with a sink device includes performing a cryptographic key exchange with the sink device and generating an authorization key in a security engine of a system-on-a-chip (SOC) of a source device. The method may also include generating an exchange key as a function of the authorization key and a packet key as a function of the exchange key. Such key generation occurs in the security engine of the SOC, and the keys are stored in a secure memory of the security engine. | 11-07-2013 |
20130305046 | System and Method for Virtual Machine Data Protection in a Public Cloud - According to one embodiment of the present disclosure, a method includes partitioning a disk image file into a plurality of segments. The method also includes generating a unique key for each segment, storing the unique keys in an image mapping file, and transmitting the image mapping file to a particular one of a plurality of nodes on a network. The method further includes transmitting a first segment and a second segment of the plurality of segments to different nodes of the plurality of nodes. | 11-14-2013 |
20130305047 | METHOD, AND DEVICE AND SYSTEM FOR UNLOCKING TERMINAL BY OPERATOR - The disclosure provides a method, device and system for unlocking a mobile terminal by an operator. The method includes the following steps. An operator device receives an unlocking request from the mobile terminal, wherein the unlocking request carries unlocking identification information; the operator device determines to allow the mobile terminal to unlock according to the unlocking identification information, and according to the unlocking identification information, queries a cryptographic key list database pre-stored in the operator device to obtain an unlocking cryptographic key; and the operator device sends the unlocking cryptographic key to the mobile terminal to ensure that the mobile terminal carries out the unlocking according to the unlocking cryptographic key. According to the disclosure, the problem of relatively poor safety of unlocking by a mobile terminal under the control of an operator is solved. | 11-14-2013 |
20130305048 | METHODS AND APPARATUSES FOR DISTRIBUTING KEYS FOR PTP PROTOCOL - The present invention provides a solution of automatically distributing PIP keys, and on that basis, provides a new encryption method. A domain control device is proposed to verify whether a network node is an eligible node in the domain; if the network node is an eligible node in the domain, then a key for the PTP protocol is sent to the network node. The methods and apparatuses according to the present invention enable access authentication of various forms of PTP network nodes, as well as the automatic configuration and dynamic sending of PTP keys, such that the security of the keys are significantly increased. Additionally, by means of SignCryption encryption algorithm, it is enabled that for each PTP message, not only message source authentication, message integrity authentication, message confidentiality, and replay protection can be provided, but also its sending network node can be tracked. Thus, the security is significantly increased. | 11-14-2013 |
20130311776 | METHODS AND APPARATUS TO MEASURE EXPOSURE TO STREAMING MEDIA - Methods and apparatus to measure exposure to streaming media are described. An example method includes identifying metadata from media. The media is converted into converted media having a streaming format. The converted media is encrypted using an encryption key. A manifest is created in association with the converted media, the manifest identifying a first location of the encrypted media and a second location of a decryption key. | 11-21-2013 |
20130311777 | SYMMETRIC KEY DISTRIBUTION FRAMEWORK FOR THE INTERNET - A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key. | 11-21-2013 |
20130318345 | MULTI-TUNNEL VIRTUAL PRIVATE NETWORK - Systems and methods for controlling Quality-of-Service (“QoS”) in a Virtual Private Network (“VPN”) in a transport network ( | 11-28-2013 |
20130318346 | OBTAINING TARGETED SERVICES USING A UNIQUE IDENTIFICATION HEADER (UIDH) - A system is configured to receive, from a user device, a request for content; obtain, based on receiving the request, an identifier for a subscriber associated with the system and a key; encode the identifier and the key to create a unique identifier; store the unique identifier in the request to create a modified request; provide the modified request to a content provider identified by the request; receive, from the content provider, the content and targeted content, the targeted content being associated with the unique identifier and conforming to an attribute of the subscriber; and provide, to the user device, the content and the targeted content. | 11-28-2013 |
20130318347 | PRIVATE DATA SHARING SYSTEM - A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users' personal information. In this type of network, a user's personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user's friends/contacts within the system. This arrangement ensures that a user's personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data. | 11-28-2013 |
20130318348 | SYSTEM AND METHOD FOR PROCESSING TRANSACTIONS - Embodiments of the invention include methods, systems, and computer-readable media for processing transactions involving sensitive information, such as a credit card number. Embodiments include a first server authenticating a second server based on a security token and determining whether the security token is expired. Based on the results, the first server may request a transaction token associated with sensitive information. The first server may encrypt the transaction token using a public key of the second server. The first server may send the encrypted transaction token as a parameter to a URL, wherein the URL is configured to cause a browser on a client to send, to the second server, a request for the page and the encrypted transaction token. | 11-28-2013 |
20130318349 | PROCESSING OF COMMUNICATION DEVICE SIGNATURES FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS - A method for execution in a communication device, which comprises receiving a first data set and a second data set over a first communication path; receiving a series of requests over local communication path different from the first communication path; responding to a first one of the requests by releasing a first response including the first data set over the local communication path; and responding to a second one of the requests by releasing a second response including the second data set over the second communication path. | 11-28-2013 |
20130318350 | INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING MEDIUM AND PROGRAM - The present invention relates to an information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner. | 11-28-2013 |
20130318351 | SIMILARITY DEGREE CALCULATION SYSTEM, SIMILARITY DEGREE CALCULATION APPARATUS, COMPUTER PROGRAM, AND SIMILARITY DEGREE CALCULATION METHOD - Based on an encrypted feature vector (comparison ciphertext) encrypted with a public key of a decryption apparatus and an encrypted feature vector (target ciphertext) encrypted with the public key of the decryption apparatus, and a random number (temporary key) generated by a random number generation unit (temporary key generation unit), an encrypted random similarity degree calculation unit (interim similarity degree ciphertext calculation unit) performs calculation for calculating a similarity degree in a first stage, with two encrypted feature vectors kept encrypted, thereby calculating a second challenge. The decryption apparatus decrypts the second challenge with a secret key sk of the decryption apparatus, and performs calculation for calculating the similarity degree in a second stage with a result of the decryption kept encrypted with the temporary key, thereby calculating a second response. A plaintext similarity degree extraction unit (similarity degree calculation unit) decrypts the second response with the temporary key, thereby calculating a similarity degree. | 11-28-2013 |
20130326218 | TECHNIQUES FOR SECURE MESSAGE OFFLOADING - Techniques for secure message offloading are presented. An intermediary is transparently situated between a user's local messaging client and an external and remote messaging client. The user authenticates to the local client for access and the intermediary authenticates the user for access to the remote client using different credentials unknown to the user. Messages sent from the local client are transparently encrypted by the intermediary before being passed to the remote client and messages received from the remote client are transparently decrypted before being delivered to the local client. | 12-05-2013 |
20130326219 | STORED PUBLIC KEY VALIDITY REGISTERS FOR CRYPTOGRAPHIC DEVICES AND SYSTEMS - Systems and techniques for performing cryptographic operations based on public key validity registers are described. A described system includes a controller and a memory structure to store one or more public keys. The memory structure includes one or more validity registers that respectively correspond to the one or more public keys. The controller has exclusive write access to the validity register. The controller can be configured to perform an authentication of a public key, write an authentication status value to the corresponding validity register based on a result of the authentication, and perform one or more cryptographic operations using the public key that are conditional on the validity register indicating an authenticated status for the public key. | 12-05-2013 |
20130326220 | RECIPIENT BLIND CRYPTOGRAPHIC ACCESS CONTROL FOR PUBLICLY HOSTED MESSAGE AND DATA STREAMS - Private message system, method, and apparatus are described. A private message that includes encrypted data and identifying information indicating a recipient client device authorized to read the private message is stored at a server computer. Since the client devices perform all encryption and decryption processing, the server computer stores the private message in a platform agnostic manner and without performing any encryption/decryption related processes. Although any number of recipient devices can receive the private message, only a recipient client device authorized in accordance with the identifying information can read the private message. | 12-05-2013 |
20130326221 | Confidential Message Exchange Using Benign, Context-Aware Cover Message Generation - Systems and methods are disclosed permitting a sender to send a secret and secure message to a recipient. An application on a sender device interfaces with known message generating tools to permit a user to generate a message. The local application encrypts the message (and optional attachments) based on public/private key pairing negotiated with the server given the recipient device id. The sender device transmits the cipher text to the server. The server generates a benign, text-based, context-appropriate message and delivers same to a recipient device by way of a known messaging service. The benign message provides a secret clue to the recipient that an encrypted message is available. Recipient may then access and decrypt the encrypted message, such as from the server in response to a successful challenge (e.g., password request). | 12-05-2013 |
20130326222 | INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING MEDIUM AND PROGRAM - The present invention relates to an information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner. | 12-05-2013 |
20130332730 | EMBEDDED MODULE SYSTEM WITH ENCRYPTED TOKEN AUTHENTICATION SYSTEM - Method and systems for accessing and providing protected content are disclosed herein. An example system includes a client configured to access a third-party application to receive at least one piece of content associated with a first identifier; wherein the client comprises a token generator configured to generate a token requesting the at least one piece of content, the token comprising at least one private encryption key and the first identifier. The system further includes an embedded module system comprising a database of content, the content separated into a plurality of modules, the embedded module system configured to receive the token and decrypt the at least one private encryption key. The embedded module system may further authorize the client by comparing the first identifier with a second identifier stored in the database. | 12-12-2013 |
20130332731 | System for Determining Whether or Not Automaton Satisfies Context-free Grammar - A server that holds context-free grammar and is connectable to a client that holds an automaton. The server compares an edge pair with an encrypted string value such that the encrypted string value is hidden from the client. The edge pair represents a string for an encrypted value in which a nonfinal character is made to correspond to a state before and the state after held by the client and an encrypted string value represents a string for an encrypted value in which each of a plurality of nonfinal characters contained in a substituted symbol string for a production rule for the context-free grammar is given correspondence with an assigned state before and state after. The encrypted value in which in which the encrypted string value matches the edge pair has been encrypted is sent to the client along with the state before and state after that has been assigned. | 12-12-2013 |
20130332732 | SYSTEM AND METHOD FOR GENERATING AND MANAGING PRODUCT AUTHENTICATION CODES - A method for generating product authentication codes comprises allocating a lot identification value and a total lot size for an order of a plurality of product authentication codes, generating the plurality of product authentication codes based upon the lot identification value and the total lot size, and updating a counter table on an authentication server with the total lot size for the order of the authentication codes. A method for authenticating product codes comprises receiving a product code from a user of a product, decrypting the product code to obtain a sequence counter number unique to the product code and comparing the decrypted sequence counter number to a table of valid sequence counter number values to determine its authenticity. If the decrypted sequence counter number is authentic, it is added to an authentication table for future reference when operating to confirm a previous authentication of the sequence counter number. | 12-12-2013 |
20130332733 | METHOD FOR SECURE REMOTE BACKUP - The present invention is directed to an architecture and mechanism for securely backing up files and directories on a local machine onto untrusted servers over an insecure network. | 12-12-2013 |
20130332734 | PROCESS AND SYSTEM FOR DATA TRANSMISSION - In a method and a system for data transmission, authentication data and an electronic key may be generated, with the electronic key being stored as assigned to the authentication data. Data may be encrypted, such as by a central communications device, into encrypted data, using at least part of the electronic key. Based on reception of the authentication data from a communications terminal, at least a portion of the electronic key and the encrypted data may be transmitted from the central communications device to the communications terminal. | 12-12-2013 |
20130339730 | DEVICE AUTHENTICATION USING RESTRICED MEMORY - A device includes a first memory area being used to store a first key and unique secret identification information, the first memory area being restricted from being read and written from outside; a second memory area being used to store encrypted secret identification information generated by encrypting the secret identification information, the second memory area being allowed to be read-only from outside; a third memory area being readable and writable from outside; a first data generator configured to generate a second key by using the first key; a second data generator configured to generate a session key by using the second key; and a one-way function processor configured to generate an authentication information by processing the secret identification information with the session key in one-way function operation, wherein the encrypted secret identification information and the authentication information are output to outside. | 12-19-2013 |
20130339731 | DEVICE-SPECIFIC SECURE LICENSING - Device-specific secure software licensing techniques are disclosed. In various embodiments, a key/token pair associated with a client requesting license validation is received. It is determined whether the key/token pair matches an entry in a store of currently valid key/token pairs. An affirmative response is sent in the event the key/token pair matches a corresponding entry in the store of currently valid key/token pairs. | 12-19-2013 |
20130339732 | DEVICE - According to one embodiment, a device includes a cell array including an ordinary area, a hidden area, and an identification information record area in which identification information which defines a condition for accessing the hidden area is recorded. An authentication circuit performs authentication. A sensing circuit recognizes information recorded in the identification information storage area, determines the information recorded in the identification information record area when an access request selects the hidden area, validates an access to the hidden area when determined that the identification information is recorded, and invalidates an access to the hidden area when determined that the identification information is not recorded. | 12-19-2013 |
20130339733 | DEVICE - According to one embodiment, a device includes a cell array including an ordinary area, a hidden area, and an identification information record area in which identification information which defines a condition for accessing the hidden area is recorded. An authentication circuit performs authentication. A sensing circuit recognizes information recorded in the identification information storage area, determines the information recorded in the identification information record area when an access request selects the hidden area, validates an access to the hidden area when determined that the identification information is recorded, and invalidates an access to the hidden area when determined that the identification information is not recorded. | 12-19-2013 |
20130339734 | Secure Method and System for Remote Field Upgrade of Power Device Firmware - To protect software to be transferred to programmable electronic devices, a management system for programmable electronic devices includes a plurality of electronic devices, each identified by at least one unique identification parameter and containing at least one encryption key. The system also includes at least one protected site in which a protected database resides, and in which the unique identification parameter the encryption key are stored for each electronic device. A server is programmed to receive a request for transmission of software from a device and to generate an encrypted version of said software, using the encryption key associated in the database with the unique identification parameter (ID) of the device (57) that has requested the transmission of said software. | 12-19-2013 |
20130346749 | Avoiding padding oracle attacks - A method to prevent information leakage in a cryptographic protocol is implemented in a network device. The method implements an error message processing strategy to mask information otherwise useful to an attacker and that has been generated (by decryption processes) as a consequence of an attacker's exploit. The technique avoids information leakage associated with a padding oracle attack. In one aspect each error message (irrespective of its content) is replaced with a generic error message so that the attacker does not obtain the specific error message content(s) that might otherwise provide useful information. In addition to masking the error message content, the technique preferably implements a “delay” policy that delays the transmission of particular error messages (or message types) to hide (from the attacker's point-of-view) whether a particular error message is relevant to (or a consequence of) the attacker's exploit. | 12-26-2013 |
20130346750 | SYSTEM AND METHOD TO PROVIDE SECURE MULTIMEDIA MESSAGING BETWEEN PEER SYSTEMS - A lightweight solution enables the exchange of multimedia information in a secure manner. Exchanged cryptographic material can be used to encipher multimedia message-oriented communications between devices. This lightweight solution can be used by common off the shelf devices such as smartphones, tablets, feature phones, or special purpose machine to machine devices for private communications, such as command and control, location services, video, audio, electronic attachments, etc. using insecure voice or data communication paths, such as MMS. | 12-26-2013 |
20130346751 | Query Interface to Policy Server - A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter uses a local copy of an access control data base to determine whether an access request is made by a user. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to access policies which define access in terms of the user groups and information sets. The first access filter in the path performs the access check, encrypts and authenticates the request; the other access filters in the path do not repeat the access check. The interface used by applications to determine whether a user has access to an entity is now an SQL entity. The policy server assembles the information needed for the response to the query from various information sources, including source external to the policy server. | 12-26-2013 |
20130346752 | SECURE, AUDITABLE FILE EXCHANGE SYSTEM AND METHOD - Secure and auditable file exchange between a professional and a client, patient, colleague, or other associate of the professional may be achieved via a file exchange service that automatically verifies the professional's professional status and identity and provides applications and/or tools to accept files for transfer to the verified professional. The files are stored in encrypted form, along with cryptographic integrity codes. After the files have been transferred to the professional, the cryptographic integrity codes may be used to verify that the professional received a correct copy of the file that was originally provided. | 12-26-2013 |
20130346753 | AD-HOC NETWORK COMMUNICATIONS - A method of ad-hoc network communications comprises a computer server transmitting a communications session request to a primary logical communications device of a logical ad-hoc communications network. The logical ad-hoc communications network comprises the primary logical communications device and at least one secondary logical communications device that is registered to the primary logical communications device. The communications session request requests a communications session with one of the at least one secondary logical communications devices. Upon receipt of the communications session request, the primary logical communications device transmits to the one secondary logical communications device a session initiate message requesting the one secondary logical communications device initiate the communications session with the computer server. The one secondary logical communications device replies to the computer server with a communications session reply initiating the communications session and identifying the one secondary logical communications device to the computer server. | 12-26-2013 |
20140006778 | MESSAGE ORIGINATOR TOKEN VERIFICATION | 01-02-2014 |
20140006779 | METHOD AND SYSTEM FOR BACKING UP PROFILES OF AUTHENTICATION MODULE | 01-02-2014 |
20140006780 | TRANSACTION VERIFICATION | 01-02-2014 |
20140006781 | ENCAPSULATING THE COMPLEXITY OF CRYPTOGRAPHIC AUTHENTICATION IN BLACK-BOXES | 01-02-2014 |
20140006782 | DOCUMENT ENCRYPTION AND DECRYPTION | 01-02-2014 |
20140006783 | ESTABLISHING SECURE, MUTUALLY AUTHENTICATED COMMUNICATION CREDENTIALS | 01-02-2014 |
20140013114 | ISSUING, PRESENTING AND CHALLENGING MOBILE DEVICE IDENTIFICATION DOCUMENTS - Methods and systems of authenticating electronic identification (ID) documents may provide for receiving a decryption key and an encrypted ID document from a certificate authority server at a mobile device, wherein the encrypted ID document includes a read only document having a photograph of an individual. Additionally, the decryption key may be applied to the encrypted ID document to obtain a decryption result in response to a display request. The decryption result can be output via a display of the mobile device, wherein the encrypted ID document can be sent to a challenge terminal if a challenge request is received. | 01-09-2014 |
20140013115 | CONTENT ENCRYPTION - An audio/video content delivery system includes a content source linked by an internet data connection to a content receiver, the content receiver configured to receive access-controlled encoded broadcast content from a content source by a separate broadcast data path. The content source includes an encryptor sending encrypted content to the content receiver according to a content encryption key. The content receiver includes: a host module including a decryptor decrypting encrypted content received from the content source; and a removable conditional access module (CAM) including an access control unit decoding the access-controlled encoded broadcast content, the host module and removable CAM configured to provide an encrypted communication link therebetween for decoded access-controlled encoded broadcast content. The content source and the CAM are configured to communicate to establish the key required by the decryptor in the host module to decrypt the encrypted content received from the content source. | 01-09-2014 |
20140013116 | APPARATUS AND METHOD FOR PERFORMING OVER-THE-AIR IDENTITY PROVISIONING - A method for controlling access to information includes sending a request from an identity requester to an identity provider through an over-the-air (OTA) link. Data received from the identity provider in response to the request includes information used to establish a first identity of a user for a first service. The first identity information is received during a Sigma session, and a second identity of the user is established for a second service based on the received first identity information. The user may be a user of a mobile communication terminal or other device, which is to receive the first and second services. | 01-09-2014 |
20140019757 | AUTHENTICATION METHOD AND SYSTEM - An authenticating method including establishing trust between an authentication provider and service provider; establishing trust between the authentication provider and authentication application installed in a terminal. The authentication provider, for each session, receives an access code request and connection information from the terminal; generates and stores the access code; sends the access code to the terminal; receives the access code from the authentication application; indicates verification of the access code to the authentication application and terminal; receives from the authentication application a request to grant access to the terminal; instructs the service provider to grant access; and sends a confirmation of the granted access to the terminal. An authenticated session between the terminal and the service provider is setup for providing services to the terminal. | 01-16-2014 |
20140019758 | SYSTEM, METHOD AND APPARATUS FOR SECURELY DISTRIBUTING CONTENT - System, method and apparatus for securely distributing content via an encrypted file wherein a Publisher Key (PK) associated with an authorized publisher enables presentation of the content by the authorized user via a Limited Capability Viewer (LCV), the LCV lacking the capability to forward, print, copy or otherwise disseminate the content to be presented. Various embodiments provided enhanced user authentication or authorization, VPN functions, collaboration techniques, automatic distribution of licenses, watermarking of documents, rules pertaining to content transfer between secure and insecure domains and combinations thereof. | 01-16-2014 |
20140025949 | METHOD AND SYSTEM FOR BROWSER IDENTITY - A browser application programming interface is exposed to a web application to verify an identify of a user using user-specific identity information stored by the browser. Cryptographic information associated with the user is transmitted from the browser application programming interface to the web application. User-specific content is provided to the user through the web application if the web application verifies an identify of the user via the browser application programming interface using the cryptographic information. | 01-23-2014 |
20140025950 | CERTIFIED-BASED CONTROL UNIT-KEY FOB PAIRING - A key fob-control unit pairing device that includes a transceiver to transmit and receive signals, a memory to store a certificate of authenticity (CertVD) associated with the pairing device and a public key (PKVM), and a processor coupled to said transceiver and memory. The processor is to receive a public key (PKKF) from a key fob and associated with the key fob and a certificate of authenticity (CertKF) associated with the key fob, verify the CertKF with the PKVM, and transmit an encrypted PKKF to a control unit. | 01-23-2014 |
20140025951 | ID-BASED CONTROL UNIT-KEY FOB PAIRING - A key fob-control unit pairing device that includes a transceiver to transmit and receive signals, a memory to store a key fob identification (KFID) and a control unit identification (CUID), and a processor coupled to said transceiver and memory. The processor is to authenticate the key fob using identification (ID) authenticated key agreement protocol based on the KFID, and to transmit an encrypted CUID to the key fob. | 01-23-2014 |
20140025952 | HIDING CIPHERTEXT USING A LINGUISTICS ALGORITHM WITH DICTIONARIES - Encrypted communications is made to appear to be normal text so as to avoid undue attention to either the sender or recipient. Information can be hidden or embedded in innocuous documents using steganography wherein the information is masked within a larger document. Other approaches would translate the ciphertext into a form of normal looking text that would in effect be gibberish but would use normal words in at least one native language. There are many tradeoffs and benefits to be considered when attempting any form of encrypted communications. | 01-23-2014 |
20140032902 | Cryptographic binding of multiple secured connections - In some embodiments, a method includes establishing a secured connection between a client device and a subordinate web service of a single sign-on service for a user, using a shared cryptographic key in a cookie stored on the client device that was transmitted over a different secured connection by a master web service of the single sign-on service, as part of authentication of the user for the single sign-on service. | 01-30-2014 |
20140032903 | SECURE KEY DISTRIBUTION WITH GENERAL PURPOSE MOBILE DEVICE - One embodiment is directed to a method for managing cryptographic information. The method includes initiating cryptographic information loading application on a general purpose mobile device (GPMD) and establishing a connection between the GPMD and a server that includes cryptographic information. Authentication input is received from a user of the GPMD. Data identifying the GPMD and the authentication input is sent from the GPMD to the server for authentication of the GPMD and the user. The GPMD also sends data identifying an electronic device into which cryptographic information is to be loaded. In response, the GPMD receives cryptographic information for the electronic device at the GPMD from the server. The GPMD then sends the cryptographic information from the GPMD to the electronic device for loading therein. | 01-30-2014 |
20140032904 | SECURING PRIVATE INFORMATION IN PUBLIC, PRIVATE AND MOBILE DEVICES - Technologies are generally disclosed for methods and systems for securing data. An example method may include storing, by a processing device, the data in a memory. The data may be encrypted and accessible only with the use of a decryption key. The method may further include receiving, by the processing device, one or more permission requests to access the data and requesting, by the processing device, the decryption key. In response to receiving the decryption key, the method may include authenticating, by the processing device, the decryption key to verify one or more permissions, and allowing, by the processing device, access to the data in accordance with the one or more permissions. | 01-30-2014 |
20140032905 | EFFICIENT KEY DERIVATION FOR END-TO-END NETWORK SECURITY WITH TRAFFIC VISIBILITY - Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: | 01-30-2014 |
20140032906 | CRYPTOGRAPHIC AUTHENTICATION TECHNIQUES FOR MOBILE DEVICES - A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device regenerates a credential containing a key pair from a PIN and a protocredential, and authenticates cryptographically to a verifier black-box in the back-end subsystem; then the verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication, the prover black-box sends the authentication token to an application front-end in the computing device, the application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token. | 01-30-2014 |
20140032907 | PROTOCOL FOR AUTHENTICATING FUNCTIONALITY IN A PERIPHERAL DEVICE - A protocol provides authentication of peripheral devices by a computing device to which the peripheral device connects. Computing devices include a verifier with a public key that authenticates multiple associated private keys. Private keys are embedded on peripheral devices. When the verifier is able to authenticate a connected peripheral, particular functionality is enabled that may not be enabled for peripherals that do not authenticate. | 01-30-2014 |
20140032908 | METHOD FOR MANAGING REMOTE UPGRADING KEYS IN AN INFORMATION SECURITY APPARATUS - The present invention discloses a method for managing remote upgrading keys in an information security apparatus. A remote source apparatus generates key disabling data according to a divulged remote upgrading key and sends the key disabling data to the information security apparatus, and the information security apparatus performs the disabling operation on the divulged remote upgrading key according to the received key disabling data. Using the method disclosed in the present invention can prevent the information security apparatus from being maliciously attacked by malicious attackers by using the divulged remote upgrading key and through the remote upgrading process. | 01-30-2014 |
20140040616 | BROADCAST DEDUPLICATION FOR SATELLITE BROADBAND - A headend gateway can receive a data stream to forward to a client device of a broadcast network, and can determine whether the data stream includes a data block that has been recently broadcasted to any device of the broadcast network. The system can generate a new data stream that includes an identifier to any data block that has been broadcasted recently, and includes an encrypted block-decryption key that allows the recipient of the data stream to decrypt the data block. A client device of the broadcast network can receive a plurality of encrypted data blocks from the broadcast network, and can cache a subset of these encrypted data block regardless of whether or not they are intended for the local client device. The client device can access a cached data block when it receives an identifier and a block-decryption key for the data block. | 02-06-2014 |
20140040617 | METHOD FOR THE GENERATION OF A CODE, AND METHOD AND SYSTEM FOR THE AUTHORIZATION OF AN OPERATION - The present invention relates to a method for generating a code and a method comprising the authorization of an operation carried out by a client on a first server. A second server generating an authorization code according to an encoding method is involved in the authorization. The operations can be transactions, access to a web page, user-to-user payments, user-to-business payments, online user-to-business payments, cash withdrawal in automated teller machines, etc. | 02-06-2014 |
20140040618 | GALOIS/COUNTER MODE ENCRYPTION IN A WIRELESS NETWORK - A system including a nonce module and an encryption module. The nonce module is configured to generate a nonce for each packet of a plurality of packets to be encrypted using a first temporal key. Each nonce includes a packet number that is different than packet numbers associated with other nonces generated by the nonce module for the plurality of packets. The packet number is greater than N bits in length, where N is an integer greater than 40. The encryption module is configured to encrypt, without reusing a value of the packet number, more than 2 | 02-06-2014 |
20140040619 | Access control - A communication access control system ( | 02-06-2014 |
20140047236 | AUTHENTICATED FILE HANDLES FOR NETWORK FILE SYSTEMS - One or more file sharing computers receives a client request including an IP address and port number used by the client (computer). The one or more computers respond by creating an enhanced file handle from a hash on a combination of the IP address, port number, restricted key, and a standard file handle, and concatenating the hash with the standard file handle. The enhanced file handle is sent to the client and used by the client in a second request. The one or more computers uncouple the standard file handle and hash combination. Using the client IP address, port number, restricted key and standard file handle from the client second request, the one or more computers create a second combination. The second combination hash is compared to the first combination hash and in response to determining a match, the second request is accepted, and otherwise denied. | 02-13-2014 |
20140047237 | Method and System for Establishing Secure Communications Using Composite Key Cryptography - A method is disclosed for establishing a secure communication session using composite key cryptography. The method comprises generating a first plurality of secret keys all of which are known only to a first communicating party and each one of which is shared with exactly one of a plurality of stewards, and generating a second plurality of secret keys all of which are known only to a second communicating party and each one of which is shared with exactly one of the plurality of stewards. The first and second communicating parties each send information to the other through different stewards, each communication leg being encrypted using a secret key known only to the respective communicating party and steward. These communications are usable to distribute cryptographic seeds to the communicating parties for use in generating a temporary session key that can be used to encrypt direct communications between the parties. | 02-13-2014 |
20140047238 | DEVICE IDENTIFICATION USING SYNTHETIC DEVICE KEYS - A device authentication server assigns unique synthetic device attributes to a device such that the device can use actual hardware and system configuration attributes and the assigned synthetic device attributes to form a device identifier that is unique, even among homogeneous devices for which actual, accessible hardware and system configuration attributes are not distinct. | 02-13-2014 |
20140047239 | AUTHENTICATOR, AUTHENTICATEE AND AUTHENTICATION METHOD - According to one embodiment, an authenticatee includes a memory configured to store a plurality of pieces of secret information XY and a plurality of pieces of secret information XY | 02-13-2014 |
20140052985 | METHODS FOR PROVIDING REQUESTED DATA FROM A STORAGE DEVICE TO A DATA CONSUMER AND STORAGE DEVICES - According to various embodiments, a method for providing requested data from a storage device to a data consumer may be provided. The method may include: determining a helper key for the data consumer; determining encrypted data corresponding to the requested data from a memory of the storage device; determining pre-processed data based on the encrypted data and the helper key, wherein the pre-processed data is encrypted and configured to be decrypted using a private key of the data consumer; and transmitting the pre-processed data to the data consumer. | 02-20-2014 |
20140052986 | INFORMATION HANDLING DEVICE, INFORMATION OUTPUT DEVICE, AND RECORDING MEDIUM - An information handling device has a first connection unit, a Web application executing unit to generate a device operating command, a second connection unit, an application authentication processing unit to generate a platform authenticator, an application origin information attacher to attach origin information of the web application to the platform authenticator, and a third connection unit to establish a connection for transmitting the device operating command and the platform authenticator attached with the origin information to the second communication device in order to transmit the device operating command and the platform authenticator attached with the origin information. | 02-20-2014 |
20140052987 | Method and System Making it Possible to Test a Cryptographic Integrity of an Error Tolerant Data Item - A method and system for testing the cryptographic integrity of data m comprises at least the following elements: a module transmitting a message M, said module comprising a memory for storing the parameters used to execute the steps of the method, such as the key, the public data, a transmission medium, a receiver module also comprising storage means for storing at least the same parameters as in transmission. The system may comprise storage means for storing confidential data such as the secret keys, a processor suitable for executing the steps. | 02-20-2014 |
20140052988 | AUTHENTICATOR, AUTHENTICATEE AND AUTHENTICATION METHOD - According to one embodiment, an authenticatee includes, a memory configured to store secret information XYmain, XYsub, and secret information XYmain | 02-20-2014 |
20140059346 | METHOD OF LAWFUL INTERCEPTION FOR UMTS - A method of providing, to a user equipment, first information for generating a cipher key used for encryption, and for providing, to an authorized intercept device, second information for generating the cipher key, the method including determining a generator function that, based on an input state value, outputs a next cipher key and a next state value, determining an initial state value for the generator function, providing, to the authorized intercept device, the generator function and the initial state value as the second information, generating the cipher key and a state value based on the function generator and the input state value, generating a pseudo-random value based on the cipher key, and transmitting, to the user equipment, the pseudo-random value as the first information, wherein the user equipment generates the cipher key based on the pseudo-random value. | 02-27-2014 |
20140059347 | SYSTEMS AND METHODS FOR RESTRICTING ACCESS TO NETWORK RESOURCES VIA IN-LOCATION ACCESS POINT PROTOCOL - Methods and systems described herein relate to enhancing security on a mobile device. Systems and methods for mobile device security include restricting access to network resources via an in-location access point device, based on whether the mobile device is in proximity of the in-location access point device. | 02-27-2014 |
20140059348 | SYSTEM AND METHODS FOR ONLINE AUTHENTICATION - A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server. | 02-27-2014 |
20140059349 | METHOD FOR PROTECTING A RECORDED MULTIMEDIA CONTENT - A method for protecting recorded multimedia content and enabling the recorded multimedia content to be shared between recorders and readers of multimedia content connected to one another via a wide area information transmission network. | 02-27-2014 |
20140068260 | ENCRYPTED CONTENT STREAMING - Encrypted content streaming is provided by a method comprising holding an encrypted content stream that is cryptographically encrypted from a content stream with a content key, and holding an encrypted content key that is cryptographically encrypted from the content key with one or more blackout encryption keys. Each blackout encryption key is paired to a blackout decryption key corresponding to a specific audience, and each blackout decryption key is obtainable by audiences other than the specific audience corresponding to the blackout decryption key. The method further comprises serving the encrypted content stream to the plurality of different audiences. The encrypted content stream is embedded with a leaf license comprising the encrypted content key, and the encrypted content key is cryptographically decryptable by audiences having the one or more blackout decryption keys paired to the one or more blackout encryption keys. | 03-06-2014 |
20140068261 | Methods And Apparatus For Use In Sharing Credentials Amongst A Plurality Of Mobile Communication Devices - Techniques for use in sharing a plurality of credential objects of a user account amongst a plurality of mobile devices operative in a wireless network are described. In one illustrative example, a network infrastructure (e.g. a cloud) stores a plurality of encrypted credential objects in association with the user account. Each encrypted credential object is encrypted with a credential key. The network infrastructure also stores a plurality of encrypted forms of the credential key in association with the user account. Each encrypted form of the credential key is encrypted with a respective one of a plurality of device keys. Each device key is stored at respective one of the mobile devices. The network infrastructure provides, to the mobile devices, access to the encrypted credential key and the encrypted credential objects. | 03-06-2014 |
20140068262 | Secure Message Forwarding With Sender Controlled Decryption - Methods, apparatuses, and computer program products are provided for facilitating the secure transmission and storage of data. In this regard, a method is provided that comprises causing data encrypted by a sender system to be received at a service provider system; causing the data as encrypted by the sender system to be stored at the service provider system; receiving a request for the data from a recipient system; determining the recipient system is authorized to receive the data; and causing the data as encrypted to be transmitted to the sender system. | 03-06-2014 |
20140068263 | SUBSYSTEM AUTHENTICITY AND INTEGRITY VERIFICATION (SAIV) - Systems and methods are disclosed for enhancing anti-terrorism public safety measures, by more securely determining whether explosives or other contraband have been inserted into notebook computer batteries or other large, replaceable subsystems of electronic devices. Because notebook computers typically require large, heavy batteries, they present attractive containers for smugglers and terrorists attempting to bring explosives onto an airplane. The disclosed security testing system provides more reliable results than many current tests, and does not require that the device under test be powered on. The systems and methods disclosed use out-of-band authentication for added security. | 03-06-2014 |
20140068264 | SYSTEM AND METHOD FOR PROTECTING DIGITAL CONTENTS WITH DIGITAL RIGHTS MANAGEMENT (DRM) - An approach for protecting digital contents includes a content delivery phase wherein a client stores digital contents or retrieves them in streaming, transmits to a user device the digital content in a protected format along with an enabling code for enabling the user device to access or read the protected digital content. The approach includes a key generation phase in a DRM (Digital Right Management) server which derives at least one key for encrypting the digital contents. A key transmission phase involves the derived key being transmitted from the DRM server to the client. For decrypting the digital content, the user device requests the key from the DRM server, with the request including a key identification defined by the enabling code transmitted by the client to the user device which is used by the DRM server to derive the key for the user device. | 03-06-2014 |
20140075188 | TRUSTED THIRD PARTY CLIENT AUTHENTICATION - A method includes receiving, at a video service provider system, a request for an online video session from a third party device with a security markup assertion language (SAML) token as an input, decrypting a SAML assertion in the SAML token with a private key associated with the video service provider system, validating the SAML assertion based on a third party public key associated with the third party STS, and retrieving a third party account user identifier and a device type. The method also includes identifying a link time based on the third party account user identifier, identifying a password change time (PCT) stamp associated with the service provider user account, and providing the online video session to the third party device in response to determining that the PCT stamp is not later than the link time. | 03-13-2014 |
20140075189 | SYSTEMS, APPARATUS, AND METHODS FOR ASSOCIATION IN MULTI-HOP NETWORKS - Systems, methods, and devices for communicating data in a wireless communications network are described herein. One innovative aspect of the present disclosure includes a method of communicating in a wireless network. The method includes encrypting a message based, at least in part, on an original source address, and a final destination address. The method further includes transmitting the encrypted message to a relay for delivery to the final destination address. | 03-13-2014 |
20140075190 | AUTHENTICATOR, AUTHENTICATEE AND AUTHENTICATION METHOD - According to one embodiment, an authenticatee includes, a memory configured to store secret information XY, secret information XY which is created by multiply duplicating, at least twice, the secret information XY, and secret information XY | 03-13-2014 |
20140082357 | CROSS ENTERPRISE COMMUNICATION - A method provides cross enterprise communication in which intermediary communication components carry out cross enterprise communication. The method at a first sending enterprise comprises: receiving a signed encrypted message from a sender within a first enterprise; validating the sender; decrypting the message; encrypting the message for receipt by a second enterprise; signing the encrypted message by the first enterprise; and sending the re-signed re-encrypted message to a second enterprise. The method at the second receiving enterprise comprises: receiving a signed encrypted message from a first enterprise; validating that the first enterprise is the sender; decrypting the message; encrypting the message for receipt by one or more recipients at the second enterprise; signing the encrypted message by the second enterprise indicating that the message is from the first enterprise; and sending the re-signed re-encrypted message to the one or more recipients of the second enterprise. | 03-20-2014 |
20140082358 | EFFICIENT KEY GENERATOR FOR DISTRIBUTION OF SENSITIVE MATERIAL FROM MULITPLE APPLICATION SERVICE PROVIDERS TO A SECURE ELEMENT SUCH AS A UNIVERSAL INTEGRATED CIRCUIT CARD (UICC) - A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device. | 03-20-2014 |
20140082359 | EFFICIENT KEY GENERATOR FOR DISTRIBUTION OF SENSITIVE MATERIAL FROM MULTIPLE APPLICATION SERVICE PROVIDERS TO A SECURE ELEMENT SUCH AS A UNIVERSAL INTEGRATED CIRCUIT CARD (UICC) - A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device. | 03-20-2014 |
20140082360 | Security For Mobility Between MBMS Servers - In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including triggering by user terminal device a new streaming server to generate new user-specific security keys; receiving at the user terminal device from the new streaming server a new security key specific for the new streaming server; generating at the user terminal device for the streaming server user-specific security keys; and using the new user-specific security keys generated at the user terminal device with the new streaming server for a previously established streaming service. | 03-20-2014 |
20140082361 | DATA ENCRYPTION - Public key encryption methods and apparatus are provided for encrypting secret data under a public key in a data processing system ( | 03-20-2014 |
20140089663 | COMMUNICATION METHOD, APPLICATION DEVICE, PROGRAM, AND COMMUNICATION SYSTEM - According to one embodiment, a communication method including acquiring an application key from a key-sharing network, determining a key use of the application key, and performing encryption communication by using the application key according to the determined key use. | 03-27-2014 |
20140089664 | TRUSTED AND CONFIDENTIAL REMOTE TPM INITIALIZATION - Techniques are provided to allow remote initialization of a Trusted Platform Module. The results may be trusted and confidential even if the target device has malicious operating system or other software running. | 03-27-2014 |
20140095871 | Protecting Online Meeting Access Using Secure Personal Universal Resource Locators - Access to online collaborative resources such as an online meeting, web conference, online chat room, an online video conference, an online audio conference, a collaboratively edited document, a collaborative browsing session, an online social networking group, or a web site is secured by providing a first user-specific URL to a first user for addressing collaborative resource; responsive to the first user accessing the first user-specific URL, granting by a computing system access to the collaborative event to the first user; and responsive to a second user accessing the first user-specific URL, preventing by a computing system access to the collaborative event to the second user. Optionally, time criteria for accessing the first user-specific URL may be used to invalidating the first user-specific URL, wherein access to the collaborative resource is disabled. | 04-03-2014 |
20140095872 | ANALYTE DATA RETRIEVER - Methods and apparatus, including computer program products, are provided for processing analyte data. In some example implementations, a method may include receiving, at a first processing system including a user interface, an installation package including a plug-in and code configured to provide at the first processing system an interface between a sensor system configured to measure an analyte concentration level in a host and a second processing system; storing, by the first processing system, the installation package in a location based on a role of a user initiating the installation of the code; installing the plug-in for the user interface to enable the plug-in to control one or more aspects of an installation of the code; and initiating, by at least the plug-in, the installation of the code at the first processing system to provide the interface. Related systems, methods, and articles of manufacture are also disclosed. | 04-03-2014 |
20140095873 | METHOD AND SYSTEM FOR HYPERTEXT TRANSFER PROTOCOL DIGEST AUTHENTICATION - A method and system for hypertext transfer protocol digest authentication through the use of a token issuing entity trusted by both a client and a service provider. The token issuing entity may issue an encrypted token and a token secret to the client. The client may then use the token secret instead of a password for digest authentication, and provided the encrypted token along with the digest authentication response to the service provider. The service provider may decrypt the encrypted token to obtain the token secret, which may then be used for digest authentication with the client. | 04-03-2014 |
20140095874 | METHOD AND SYSTEM FOR SECURED INTER-APPLICATION COMMUNICATION IN MOBILE DEVICES - This disclosure describes a method for accessing network resources which includes receiving by a first application in a mobile computing device sign-in information from a user and enabling the user to sign in to a second application with the first application to access network resources from a resource server based on (a) a first application identification (ID) of the second application, (b) the user authorizing the second application to the resource server, and (c) receiving an authorization grant from the resource server to enable the second application to access the network resources, the mobile computing device coupled with the resource server via a network. | 04-03-2014 |
20140095875 | USE OF APPLICATION IDENTIFIER AND ENCRYPTED PASSWORD FOR APPLICATION SERVICE ACCESS - To support authentication of a mobile device, an application server obtains an application identifier and password and creates an encrypted value by encrypting a combination of the password and a lime based value. The application server transmits the application identifier and encrypted value over a communication network to the mobile device as a credential, and the mobile device sends the credential over the network to a secure server providing an application assistance service. The secure server independently computes an encrypted value by encrypting the combination of the password and the time-based value. If the encrypted value front the received credential matches the encrypted value computed by the secure server, that server grants access to the assistance service for the mobile device. | 04-03-2014 |
20140101444 | APPARATUS AND METHOD FOR TRANSMITTING DATA, AND RECORDING MEDIUM STORING PROGRAM FOR EXECUTING METHOD OF THE SAME IN COMPUTER - Disclosed are a data transmission/reception apparatus and method. A secret key generation unit uses a user ID as a public key to generate a secret key corresponding to the user ID. An encryption/decryption unit sets a user ID intended to receive data as an input value to encrypt the data using a certain method and decrypt the encrypted data using a certain method on the basis of a secret key corresponding to a user ID of a receiver generated by the secret key generation unit. The transmission apparatus and method according to the present invention allow for secure communication between terminals without server intervention by encrypting data using an ID-based encryption technique for safe data communication and then communicating the encrypted data. | 04-10-2014 |
20140101445 | Authenticated Encryption Support in ISO/IEC 23009-4 - A server apparatus supporting authenticated encryption in a network, comprising a receiver configured to receive an unencrypted segment, a processor configured to selecting an encryption key, an initialization vector, and an additional authentication data (AAD), encrypt the segment, configuring the segment for transfer in a Dynamic Adaptive Streaming over Hypertext Transfer Protocol (HTTP) (DASH) media, assign a segment number to the encrypted segment, append an authentication tag to the encrypted segment, store the encrypted segment with the appended authentication tag, and update a Media Presentation Description (MPD) associated with the encrypted segment with the appended authentication tag, wherein the MPD comprises an @aadBase attribute with an AAD base value, wherein the AAD value is the sum of the segment number and the @ aadBase attribute value, and a transmitter configured to transmit the encrypted segment with the appended authentication tag to a destination. | 04-10-2014 |
20140108799 | METHOD AND APPARATUS FOR PROVIDING SUBSCRIBER IDENTITY MODULE-BASED DATA ENCRYPTION AND REMOTE MANAGEMENT OF PORTABLE STORAGE DEVICES - Portable storage devices and methods for remotely managing such portable storage devices are disclosed. For example, a method receives a request from an endpoint device to send a command to a portable storage device. The method then authenticates the endpoint device that has sent the request. The method then transmits the command wirelessly to the portable storage device. Similarly, a portable storage device includes a processor and a computer-readable medium in communication with the processor, the computer-readable medium to store instructions. The instructions, when executed by the processor, cause the processor to perform operations that include: wirelessly receiving a command related to an access of a memory of the portable storage device, verifying an authenticity of the command and executing the command when the authenticity of the command is verified. | 04-17-2014 |
20140108800 | SYSTEM AND METHOD FOR IMPROVED GEOTHENTICATION BASED ON A HASH FUNCTION - A system and methods for time and/or location authentication are presented. A hash value is received from a client device and a hash value receiving time of the received hash value is stored. A data block is received after receiving the hash value is received, the received data block comprising alleged transmission signal data. A computed hash value of the received data block is computed, and an estimated transmission signal client receiving time by the client is calculated based on the alleged transmission signal data. A timely possession of the received data block by the client device is authenticated based on a comparison of the computed hash value to the received hash value and a comparison of the hash value receiving time to the estimated transmission signal client receiving time. | 04-17-2014 |
20140108801 | System and Method for Identity Management for Mobile Devices - Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service. | 04-17-2014 |
20140108802 | CONTENT PUBLICATION CONTROL SYSTEM - To control the publication of digital content on a web site managed by a publication server (SP) from a communication terminal (TC | 04-17-2014 |
20140115333 | SECURE INFORMATION DELIVERY - A first network device is configured to receive a request for content from a user device, determine that the user device is not authenticated, and send information to the user device that the user device requires authentication. The first network device is configured further to receive a notification that the user device is authorized to receive content from multiple content providers. The first network device is configured further to generate a secret key and authenticate the user device by using the secret key. The first network device is further configured to send the content to the user device. | 04-24-2014 |
20140115334 | RETRIEVING ACCESS INFORMATION IN A DISPERSED STORAGE NETWORK - A method begins by a processing module obtaining a set of recovered random numbers, decoding encrypted share slices to produce a set of encrypted shares, and obtaining a set of personalized authenticating values regarding user access to data. The method continues with the processing module generating a set of hidden passwords based on the set of personalized authenticating values, generating a set of blinded passwords based on the set of hidden passwords and a set of blinded random numbers, and generating a set of passkeys based on the set of blinded passwords and the set of recovered random numbers. The method continues with the processing module generating a set of decryption keys based on the set of blinded random numbers and the set of passkeys, decrypting the set of encrypted shares to produce a set of shares, and decoding the set of shares to reproduce the data. | 04-24-2014 |
20140122876 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - Portions of split data belonging to a set of data are sent over different data paths to their destinations. The data set is cryptographically spat into portions of the data set, and each portion is transported over a choice of multiple data paths to its destination. For example, a message is physically separated into portions of a message which are encrypted and sent over more than one network path to reach a destination. As a result, a snooper in a network may only be able view a partial set of random, disjoint, and incoherent portions of the message which are also encrypted. The portions of the message are split up in such a way that even if the snooper captured some of the portions of data, it would be difficult to reconstruct the message without also capturing most other partial portions of the message spread throughout the entire infrastructure of the network. | 05-01-2014 |
20140122877 | IMAGE FORMING APPARATUS, INFORMATION PROCESSING METHOD, AND CONTROL METHOD - An image forming apparatus using a service of a server apparatus decrypts encrypted common authentication information of the image forming apparatus based on secret key information for decrypting the common authentication information, and then requests encrypted individual authentication information of the image forming apparatus from the server apparatus based on decrypted common authentication information and identification information for identifying the image forming apparatus. The image forming apparatus obtains the individual authentication information from the server apparatus, requests the server apparatus for use permission information of the service based on the decrypted individual authentication information and on service use information, and obtains the use permission information from the server apparatus. | 05-01-2014 |
20140122878 | SECURITY MANAGEMENT IN M2M AREA NETWORK - The disclosure is related to a machine to machine (M2M) device and a security management method thereof. The M2M device includes an identification circuit. The identification circuit may be configured to encrypt data collected from a sensor with a device identification (ID) of the M2M device and at least one subscriber ID of the identification circuit and to generate a data packet in a predetermined communication standard format by including the encrypted data in a payload of the data packet. | 05-01-2014 |
20140122879 | SECURE COMPUTING SYSTEM - A secured computing system comprising a secure computing device capable of securing a host-computing device positioned nearby. The system further comprises a processing device, a battery charging circuit and a power measurement device, secured peripherals, radios such as 3G, 4G, Wi-Fi, Wi-Max, and LTE, a processing device to perform the required instructions and algorithms for configuring and performing security functions, processing device support components such as memory and co-processors to support the processing device. Finally, the system includes embedded software such as the source or executable files necessary to perform the instructions or algorithms to perform security functions. | 05-01-2014 |
20140122880 | System and Method for Facilitating Communications Based on Trusted Relationships - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for facilitating communications based on a trusted relationships. A system configured to practice the method first receives a communication request from a second communication device for a specific resource, wherein the communication request is based, at least in part, on trust information generated by a previously established trusted relationship. The system confirms, via an access to a trust database and using the trust information, (1) an identity of a sender of the communication request and (2) access permissions for a requested resource. Then, if the identity and the access permissions are confirmed, the system establishes communications between the first communications device and the second communications device in response to the communication request according to the specific resource. The trust information can include a trust user ID and a trust key. | 05-01-2014 |
20140129834 | Providing User Authentication - In particular embodiments, a user associated with a user account wishes to utilize their computing device to facilitate authentication of their identity. The user may provide a device key to an online system hosting the user account, wherein the device key uniquely identifies their computing device. The device key may be based on a device identifier encoded in hardware of the computing device. The online system may then store the device key in association with the user account. Subsequently, if an action related to the online system requires authentication, the user may be asked to provide authentication using their computing device. The user generates an authentication code using their device, which can be entered by the user into a user interface for comparison against an authentication code generated using the device key stored by the online system. | 05-08-2014 |
20140129835 | OPTIMIZING OFFLINE MESSAGE (NETWORK HISTORY) DELIVERY FOR USERS ACCESSING AN APPLICATION FROM A SINGLE DEVICE - Devices, systems and methods for sending messages from a web service server to a computing device shared by a current user and another offline user while maintaining privacy for the other offline user's messages and decreasing bandwidth requirements for transmission of messages may include registering the user and the offline user of the computing device with the web service server, receiving at the web service server from the computing device a login by a first user, wherein the first user is determined to be the current user, checking a database for undelivered messages for the at least one offline user who is not currently accessing the web service server, wherein any user who is not a current user is determined to be an offline user, encrypting each offline user's undelivered messages, sending the undelivered messages to the computing device, and storing offline user encrypted undelivered messages in the computing device. | 05-08-2014 |
20140129836 | INFORMATION DISTRIBUTION SYSTEM AND PROGRAM FOR THE SAME - An information distribution system described herein is capable of securely storing digitized personal information in an encrypted state in a storage section and securely transferring/disclosing the stored digitized information only to a particular third person via a network. Communication of the information is securely performed in the encrypted state between information terminals connected to the communication network. An information terminal which has created information encrypts the original information by a common key generated upon communication and stores the information in a secure storage of one of the information terminals connected to the communication network while maintaining the encrypted state. Further, the system creates a mechanism for authenticating a person having a particular authority for viewing the encrypted information and index information having an encrypted common key and link information indicating the location of the information for supply to a user. | 05-08-2014 |
20140129837 | SYSTEMS AND METHODS FOR DEVICE AND DATA AUTHENTICATION - Embodiments relate to systems and methods for authenticating devices and securing data. In embodiments, a session key for securing data between two devices can be derived as a byproduct of a challenge-response protocol for authenticating one or both of the devices. | 05-08-2014 |
20140136841 | DEVICE - According to one embodiment, a device includes a first data generator configured to generate a second key (HKey) by encrypting a host constant (HC) with the first key (NKey); a second data generator configured to generate a session key (SKey) by encrypting a random number (RN) with the second key (HKey); a one-way function processor configured to generate an authentication information (Oneway-ID) by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation; and a data output interface configured to output the encrypted secret identification information (E-SecretID) and the authentication information (Oneway-ID) to outside of the device. | 05-15-2014 |
20140136842 | METHOD AND SYSTEM FOR GENERATING A SECURE MESSAGE AS A URL MESSAGE - A method for generating and delivering a message via a web service is provided. A message for a recipient is converted to a URL and sent. A request is received from a sender to send a message to a recipient. A URL message is created in response to receiving the request to send the message to the recipient and the URL message is sent to the recipient. A URL message response is received from the recipient and a landing message is sent to the recipient in response to receiving the URL message response. The landing message includes a hint requesting an answer from the recipient. An answer is received from the recipient and the message is sent to the recipient in response to receiving the answer. | 05-15-2014 |
20140136843 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - Provided is an information processing apparatus including a message generating unit that generates a message based on a multi-order multivariate polynomial set F=(f | 05-15-2014 |
20140136844 | Method and Apparatus for Link Setup - A method for link setup includes sending a first authentication message including a user identifier to an access point (AP). A second authentication message sent by the AP according to the user identifier is received and includes an EAP method request message and a ANonce of the AP. A first PTK is generated according to the ANonce, an SNonce, and a first MSK. A third authentication message is sent to the AP. The third authentication message includes an EAP method response message, the SNonce, and a first MIC that is generated according to the first PTK. A fourth authentication message is sent by the AP when it authenticates, according to a second PTK, that the first MIC is correct. The fourth authentication message includes an EAP-Success message, configuration information configured by the AP for the terminal, and a second MIC. The second MIC is authenticated according to the first PTK. | 05-15-2014 |
20140143543 | DELEGATE AUTHORIZATION IN CLOUD-BASED STORAGE SYSTEM - At a hosted storage service, a resource and a request to store the resource are received. The request includes a location of an access control service. The access control service is separate from the hosted storage service and controls access permissions for the resource. A request to access the stored resource is received. The hosted storage service accesses metadata stored in association with the resource and determines that access permissions for the resource are controlled by the access control service. An access request is from the hosted storage service to the access control service, the access request identifying the resource and a user of the client system. | 05-22-2014 |
20140143544 | RIGHTS ENFORCEMENT AND USAGE REPORTING ON A CLIENT DEVICE - An integrity hash is obtained of rights information stored at a client device. The rights information is associated with content stored at the client device. The integrity hash is encrypted using a client device key to generate an encrypted hash. The client device key is externally inaccessible from the client device. The encrypted hash is stored on the client device. | 05-22-2014 |
20140143545 | System and Method for Securely Distributing Legal Evidence - This invention provides a system and method to search for and securely download Digital MultiMedia Evidence (DME) data from a central DME repository to portable USB, smart phone, tablet, laptop, desktop, or other data storage devices, with a clear chain of custody and access control audit trail reporting, so the DME can be used to prepare for and conduct legal proceedings. | 05-22-2014 |
20140143546 | REQUEST-SPECIFIC AUTHENTICATION FOR ACCESSING WEB SERVICE RESOURCES - Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource. | 05-22-2014 |
20140143547 | Enabling/Disabling Display Data Channel Access to Enable/Disable High-Bandwidth Digital Content Protection - A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, the switch dynamically switches to a closed position in order to enable the at least one source to authenticate with the input card and the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the switch switches dynamically to an open position in order to disable the at least one source from authenticating with the input card, therefore the output card also does not attempt to authenticate with the at least one sink for security protocol encryption. | 05-22-2014 |
20140156992 | Triggering Actions on a Computing Device - In some implementations, a computing device may download a campaign from a server. The campaign may include a trigger and one or more actions associated with the trigger. In response to detecting that the trigger occurred, the computing device may perform the one or more actions associated with the trigger. The trigger may comprise an event that occurs at the computing device or a short message service (SMS) message that originates from the server. | 06-05-2014 |
20140156993 | METHOD AND SYSTEM OF PROVIDING AUTHENTICATION OF USER ACCESS TO A COMPUTER RESOURCE VIA A MOBILE DEVICE USING MULTIPLE SEPARATE SECURITY FACTORS - A method and system of authenticating a computer resource such as an application or data on a mobile device uses a contactless token to provide multi-factor user authentication. User credentials are stored on the token in the form of private keys, and encrypted data and passwords are stored on the device. When application user requires access to the resource an encrypted password is transmitted to and decrypted on the token using a stored private key. An unencrypted data encryption key or password is then transmitted back to the device under the protection of a cryptographic session key which is generated as a result of strong mutual authentication between the device and the token. | 06-05-2014 |
20140164767 | METHODS AND APPARATUS FOR DEVICE AUTHENTICATION WITH ONE-TIME CREDENTIALS - An automated method for authenticating a proving device to a verifying device involves an elliptic curve formula (ECF) for a predetermined elliptic curve associated with a proving device. According to one example method, the prover sends the verifier a message containing a first proof value (P2). The verifier determines whether P2 is a point on the elliptic curve associated with the proving device. If P2 is not on the elliptic curve, the verifier may determine that the proving device should not be trusted. The message may further comprise a second proof value (K1), and the verifier may automatically determine whether K1 corresponds to P1, based on a previous point (P0) on the elliptic curve. If K1 does not correspond to P1, the verifier may determine that the proving device should not be trusted. Other embodiments are described and claimed. | 06-12-2014 |
20140164768 | DETECTING MATCHED CLOUD INFRASTRUCTURE CONNECTIONS FOR SECURE OFF-CHANNEL SECRET GENERATION - Technology is described for two parties, by leveraging previously established secure connections with third parties, to obtain a shared secret for generating a secure connection with each other in a way that reduces vulnerability to man-in-the-middle attacks. In some examples, the technology can include generating a session identifier; coordinating use of the session identifier by the two parties; finding an available secure communication channel to a third party; transmitting the session identifier to the third party via the available secure communication channel; receiving, via the available secure communication channel, a third party identifier and a session identifier-specific secret; sharing information about the received third party identifier; determining that the received third party identifier matches a third party identifier received by the second party; and using the session identifier-specific secret received with the matching third party identifier to generate a cryptographic key to secure communication between the two parties. | 06-12-2014 |
20140164769 | CUSTODIAN SECURING A SECRET OF A USER - Methods, systems and apparatuses for a custodian securing a secret are disclosed. One method includes receiving, by a custodian server of a first custodian, encrypted shares, wherein the encrypted share are generated based on a secret of the user, a policy, and a plurality of public keys, comprising generating a plurality of shares from the secret, and encrypting each share utilizing a corresponding one of the plurality of public keys. The method further includes verifying, by the custodian server, that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares, comprising leveraging, by the first custodian, one-way cryptographic functions, wherein the first custodian can reconstruct the secret, but cannot obtain access to the secret or any of the shares. | 06-12-2014 |
20140173278 | IMPARTING CRYPTOGRAPHIC INFORMATION IN NETWORK COMMUNICATIONS - This specification describes technologies relating to imparting cryptographic information in network communications. In general, aspects of the subject matter described in this specification can be embodied in methods that include identifying a location in a pre-defined portion of a network communication to be sent in a client-server environment, wherein the pre-defined portion is reserved for random data, inserting cryptographic information into the pre-defined portion of the network communication at the location, and sending the network communication in the client-server environment to facilitate modifying interactions in the client-server environment based at least in part on a result of processing of the cryptographic information; and on a receiving side, receiving cryptographic information inserted into the pre-defined portion of the network communication in the client-server environment, identifying the location, processing the cryptographic information, and modifying interactions in the client-server environment based at least in part on a result of the processing. | 06-19-2014 |
20140173279 | SECURELY IDENTIFYING HOST SYSTEMS - Embodiments of the present invention allow for “end-user” provisioned instances to securely identify themselves beyond a simple user ID and password. Specifically, embodiments of the present invention use a multi-part security approach that includes (among other things): an identifying key (e.g., a shared private key) known by the cloud security system and the instance; and at least one additional security factor such as an identifier found in TCP/IP packets (e.g., an internet protocol address). In a typical embodiment, a request for an instance (e.g., a virtual machine) is received, and a template (e.g., an image) corresponding to the requested instance is identified. From this template, the instance is provisioned. Under the embodiments of the present invention, the instance will be provisioned to include a security key. When a request is thereafter received from the instance, the request is validated using the security key and the additional security factor(s). | 06-19-2014 |
20140173280 | DEVICE AUTHENTICATION - An authenticatable device includes a substrate and a computing device with encryption capability affixed to the substrate. The computing device is to receive a challenge value and a first value from a host device, generate a second value based on at least the first value, and generate a response value based on the challenge value and the second value. | 06-19-2014 |
20140181513 | CENTRALIZED SECURE DEVICE PAIRING - Various embodiments are generally directed to pairing computing devices for collaborative interaction via a network through a centralized secure device pairing service. An apparatus comprises a controller processor circuit, and a controller storage communicatively coupled to the controller processor circuit to store an initial private key and to store instructions that when executed by the controller processor circuit cause the controller processor circuit to create a first signature using the initial private key, transmit the first signature to an issuing server via a network, receive a group public key and an associated member private key from the issuing server, create a second signature using the member private key, transmit the second signature to a member device via the network; receive a third signature from the member device; and authenticate the third signature using the group public key. Other embodiments are described and claimed herein. | 06-26-2014 |
20140181514 | ENCRYPTION KEY MANAGEMENT PROGRAM, DATA MANAGEMENT SYSTEM - An objective of the present invention is to ensure security of the file sharing function provided by cloud storages without significantly decreasing the convenience of cloud storages. The encryption key management program according to the present invention encrypts, using authentication information of a user, a group shared key shared in a user group and stores it as an encrypted group shared key. The encryption key management program, upon receiving a request from a user, sends the encrypted group shared key corresponding to the requesting user. | 06-26-2014 |
20140181515 | MOBILE COMMUNICATION DEVICES, WIRELESS ACCESS POINTS, AND WIRELESS LOCAL AREA NETWORK (WLAN) AUTHENTICATION METHODS THEREOF - A Wireless Access Point (WAP) including a Local Area Network (LAN) interface and a first wireless module is provided. The LAN interface is configured to provide access to the Internet. The first wireless module is configured to generate a plurality of security parameters associated with a Wireless Local Area Network (WLAN) technology, use the WLAN technology to perform an authentication procedure with a mobile communication device according to the security parameters, and after completing the authentication procedure, provide a Hotspot service of the WLAN technology to the mobile communication device via the LAN interface, wherein the security parameters are transmitted, prior to the authentication procedure, to the mobile communication device via an encrypted connection which is established using a cellular network technology. | 06-26-2014 |
20140181516 | DETECTION METHOD FOR FRAUDULENT MAIL, DETECTION PROGRAM THEREFOR, AND DETECTION DEVICE THEREFOR - Preliminarily sharing internal-transmission-secret-key-information used in e-mail addressed to an internal-network, between transmitting and receiving-terminals, and generating external-transmission-secret-key information used in an e-mail addressed to an external-network and external-transmission-public-key-information corresponding to the external-transmission-secret-key-information, in transmitting a mail, generating verification-information by encrypting first characteristic-amount-target-information including a characteristic-amount-target-item included in an outgoing-mail and adding, to the outgoing-mail header, the verification-information and characteristic-amount-target-item-information corresponding to the characteristic-amount-target-item, and, in receiving a mail, generating second characteristic-amount-target-information including a characteristic-amount-target-item indicated by the characteristic-amount-target-item-information added to the incoming-mail, decrypting the verification-information, generating third characteristic-amount-target-information, and verifying whether the second and the third coincide. | 06-26-2014 |
20140181517 | Cloud Centric Application Trust Validation - In accordance with the exemplary embodiments of the invention there is at least a method and an apparatus to perform the method of sending towards a key management device associated with an application service provider for an application, a key request for the application being booted in the cloud network; and in response to the key request, receiving an application specific key for the application, where the key is based on multiple factors associated with the application server. Further, there is at least a method and an apparatus to perform the method of receiving a key request from an application server of a cloud network for the application being booted in the cloud network; in response to the key request, authenticating the request using multiple attributes associated with the application server; and sending an application specific key for the application towards the application server. | 06-26-2014 |
20140181518 | SECURE MOBILE APP CONNECTION BUS - A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location. | 06-26-2014 |
20140181519 | SYSTEMS AND METHODS FOR SECURELY PLACE SHIFTING MEDIA CONTENT - Systems and methods are provided for securely providing a place-shifted media stream from a place shifting device to a remote player via a communications network. A request for a connection is received from the remote player at the place shifting device via the communications network. In response to the request for the connection, an authorization credential is requested from a central server via the communications network. Further, in response to the authorization credential received from the central server, the place-shifted media stream between the place shifting device and the remote player can be established over the communications network. At least a portion of the place-shifted media stream may be encrypted based upon the authorization credential. | 06-26-2014 |
20140189350 | SYSTEM AND METHOD FOR EFFICIENTLY ENROLLING, REGISTERING, AND AUTHENTICATING WITH MULTIPLE AUTHENTICATION DEVICES - A system, apparatus, method, and machine readable medium are described for multi-device operations within an authentication framework. For example, one embodiment of a method comprises: detecting N authentication devices on a client, wherein N>1; generating a N cryptographic entities, one for each of the N authentication devices; transmitting a command to the client to register each of the N cryptographic entities into each of the N authentication devices; executing the command on the client and responsively registering each of the N cryptographic entities into each of the respective N authentication devices; and subsequently using at least one of the authentication devices and its associated cryptographic entity for authenticating a user of the client over a network. | 07-03-2014 |
20140189351 | Print Release with End to End Encryption and Print Tracking - A method for encrypting print jobs that includes receiving output data, encrypting the output data with a randomly-generated symmetric session key, generating a session key header by encrypting the randomly-generated symmetric session key using an asymmetric user public key, and encrypting the session key header using a server public key. | 07-03-2014 |
20140189352 | METHOD AND SYSTEM FOR SECURED DATA STORAGE AND SHARING OVER CLOUD BASED NETWORK - The various embodiments herein provide a method and system for secure data storage and sharing over a cloud based network. The method comprises installing a client application on a user device, authenticating a client application user, extracting content from a data source, obtaining content sharing information from a content storage provider, sending a content distribution list and a content usage policy to an application server, encrypting the content by the client application, creating and sharing a secure content file, decrypting the content file, finding the content usage policy and sharing information from the content file, obtaining an updated content usage policy from the application server, authenticating the content recipient using an authentication mechanism, verifying the identity of the content recipient using an identity resolution mechanism, rendering the secure content file to the recipient, enforcing the content usage policy and sending content usage logs to the application server. | 07-03-2014 |
20140189353 | APPARATUS AND METHODS FOR PROVISIONING IN A DOWNLOAD-ENABLED SYSTEM - Apparatus and methods for provisioning of customer premise equipment (CPE) equipped with a secure microprocessor to receive e.g., digital video content by entering unique identification of the CPE at one or more servers located at the headend or other location of a content-based network. In one embodiment, the CPE comprises a download-enabled (e.g., DCAS) host with embedded cable modem and embedded set-top box functionality, and the provisioning includes enabling DOCSIS functionality of the CPE, assigning an IP address to the CPE and providing the CPE with a client image for the conditional access system chosen by the network operator. In one variant, the network operator can deactivate a provisioned device while connected to the network, as well when disconnected from the network. The network operator can also add, delete or replace conditional access client image in a provisioned device. | 07-03-2014 |
20140189354 | SYSTEMS AND METHODS FOR DIGITAL MULTIMEDIA CAPTURE USING HAPTIC CONTROL, CLOUD VOICE CHANGER, AND PROTECTING DIGITAL MULTIMEDIA PRIVACY - Provided are computer implemented methods and systems for multimedia capture and encrypting. According to the method, a first user input is received. Based on the first user input, one or more sensors are initiated to capture multimedia to obtain captured multimedia. The method further comprises receiving a second user input. Upon receiving the second user input, data associated with the first user input and the second user input are analyzed. Based on the analysis, one or more multimedia types are selected for recording from the captured multimedia based on predetermined rules. The selected one or more multimedia types are recorded to a memory. The recorded multimedia types are modified by a cloud-based voice changing unit. Furthermore, the recorded multimedia types and the modified multimedia types are encrypted to prepare the one or more multimedia types for sending to an intended recipient. | 07-03-2014 |
20140195803 | SECURE WIRELESS CHARGING - A wireless charging apparatus and method utilizing a secure element is disclosed. Illustratively, a receiver containing a secure element securely communicates with a charging pad also equipped with a secure element. The communication can be used to establish the identity of the receiver and facilitate billing for the wireless charging. The charging pad may further communicate in a secure manner with a server to authenticate the identity and other information about the receiver before providing wireless charging. Direct communication between the receiver and server is also contemplated. | 07-10-2014 |
20140195804 | TECHNIQUES FOR SECURE DATA EXCHANGE - Disclosed are various embodiments for securely sending and receiving data between one or more clients. A ciphertext key suitable for use by a first encryption algorithm is generated. Plaintext data is encrypted according to the first encryption algorithm using the first encryption key. The ciphertext key is then encrypted using a second encryption algorithm configured with a recipient key to generate a recipient wrapper. The ciphertext data and the recipient wrapper are then transmitted to a remote computing device via a network. | 07-10-2014 |
20140195805 | METHOD OF SHARING CONTENTS BY USING PERSONAL CLOUD DEVICE, AND ELECTRONIC DEVICE AND PERSONAL CLOUD SYSTEM - A method of sharing content by using a personal cloud device and an electronic device and a personal cloud system using the method are provided. The method includes connecting to a personal cloud device configured to share the content with another electronic device, if a new first content is added to a set first folder, determining an upload condition of the electronic device, and if the upload condition satisfies a set condition, transmitting the first content to the personal cloud device. Accordingly, a user is able to share contents between a plurality of electronic devices by using a personal cloud device in real time. | 07-10-2014 |
20140195806 | SECURE COMMUNICATION METHOD - A first computing device receives over a telecommunications network from a second computing device a verification message encrypted using a public key. The verification message is generated by the second computing device when initiating a call to the first computing device. The first computing device transmits to a wireless router via a wireless local area network (WLAN) created by the wireless router, the encrypted verification message. The first computing device receives from the wireless router over the WLAN, a decrypted verification message decrypted from the encrypted message by the wireless device using a private key associated with the public key. The first computing device transmits over the telecommunications network to the second computing device, the decrypted verification message. If the second computing device determines that the decrypted verification message corresponds to the encrypted verification message, the second computing device allows the call to the first computing device to proceed. | 07-10-2014 |
20140195807 | SYSTEM, DEVICE, AND METHOD OF PROVISIONING CRYPTOGRAPHIC DATA TO ELECTRONIC DEVICES - System, device, and method of provisioning cryptographic assets to devices. A method includes: (a) generating a delegation message at a first provisioning server; the delegation message indicating provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device; wherein generating the delegation message comprises at least one of: (A) inserting into the delegation message an association key unknown to the first provisioning server, encrypted using a public key of the electronic device; (B) inserting into the delegation message a public key of the second provisioning server; enabling the electronic device to locally generate the association key unknown to the first provisioning server; (b) delivering the delegation message to the electronic device; (c) at the second provisioning server, based on the delegation message, provisioning cryptographic assets to the electronic device, using the association key. | 07-10-2014 |
20140201527 | SYSTEMS AND METHODS FOR SECURE AND PRIVATE DELIVERY OF CONTENT - The present solution provides a new tool for privately and securely delivering content from a send to a recipient. Additionally, the tool provides a system and method for ensuring the content is not seen by onlookers, retransmitted, or copied. The system described herein accomplishes the protection of content by several different means. For example, the system may never store unencrypted copies of content to a local device, such that content may not be viewed by a system other than the system described herein. Additionally, the system may overlay an obfuscating layer to the content when the content is displayed on a client device. Such an obfuscating layer prevents onlookers from unintentionally viewing the content. It may also prevent a recipient from capturing a screen shot or copying the content. Furthermore, the system may also set a number of expiring timers on the content. For example, a first expiration timer may automatically delete send content from a recipient device a set time after the content has been sent. A self-destruct expiring timer may delete the content a short time after a user begins to view the content. | 07-17-2014 |
20140201528 | TECHNIQUES TO MONITOR CONNECTION PATHS ON NETWORKED DEVICES - Techniques for managing network connections are described. An apparatus may comprise a communications component operative to manage a connection for a client, the connection routed over a network and a traffic analysis component operative to determine one or more characteristics of the routing of the connection. Other embodiments are described and claimed. | 07-17-2014 |
20140201529 | Method for Communication between Gateways in Wireless Sensor Network (WSN), Initiating Party Gateway and Destination Party Gateway - The disclosure provides a method for communication between gateways in Wireless Sensor Network (WSN), comprising: in a WSN configured with a plurality of gateways, an initiating gateway determining a target gateway with which a telecommunication network communication connection is to be established; the initiating gateway and the target gateway performing authentication, after the authentication is successful, establishing the telecommunication network communication connection between the initiating gateway and the target gateway. The disclosure also discloses an initiating gateway and a target gateway in a WSN. Via solutions of the disclosure, the increase of loads of the WSN caused by communication between gateways inside the WSN can be avoided, and the security of communication between gateways is guaranteed. | 07-17-2014 |
20140208104 | ID-BASED ENCRYPTION AND SIGNATURE METHOD AND TERMINAL - Provided are an identity (ID)-based encryption and signature method and a terminal that use an ID of a transmitter or a receiver as a part of the filename or the extension of a file transmitted to the receiver by the transmitter. Accordingly, it is possible to enable a user to visually recognize that the file has been provided with security. Also, it is possible to designate an associated program for the extension, and the user can easily decrypt or verify the file through the designated associated program. | 07-24-2014 |
20140208105 | Automated Content Signing for Point-of-Sale Applications in Fuel Dispensing Environments - A system and method for obtaining manufacturer-signed content for use with manufacturer equipment is provided. Content is obtained at a merchant device for executing or presenting on manufacturer equipment. A signature is generated for the content based on a private key. The merchant device transmits the content and signature to a manufacturer server. The manufacturer server decrypts and authenticates the signature based on the private key or a corresponding public key. If authenticated, the manufacturer server re-signs the content with a manufacturer signature that allows the content to be presented or executed on manufacturer equipment. | 07-24-2014 |
20140208106 | Network-Based Service for Secure Electronic Mail Delivery On an Internet Protocol Network - A network is disclosed that includes a message originator computer and a message recipient computer, for secure electronic mail delivery. In accordance with the invention, the network includes a message delivery server that can distinguish between real and phantom messages. In operation, the message originator computer waits a random time and then transmits a first encrypted phantom message to the message delivery server. This message is to spoof an eavesdropper into believing that there is a steady stream of messages being sent from the originator computer. However, the message delivery server recognizes the message as a phantom message and discards it. When the message originator computer receives a user request to transmit a real message to the recipient computer, it waits a random time and then encrypts and transmits the real message to the message delivery server. The message delivery server recognizes the message as a real message and forwards the real message to the recipient computer. Meanwhile, the message originator computer can continue transmitting encrypted phantom messages to the message delivery server. In this manner, an eavesdropper will be tricked into believing that there is a steady stream of messages being sent from the originator computer. | 07-24-2014 |
20140208107 | SYSTEMS AND METHODS FOR IMPLEMENTING APPLICATION CONTROL SECURITY - Systems and methods for implementing application control security are disclosed. In one embodiment, a system includes a first device, a decrypted white-list, and an executable program. The first device may be in electrical communication with a memory containing an encrypted white-list. The encrypted white-list may be decrypted using an identifier of a second device. The executable program may be referenced in the decrypted white-list. | 07-24-2014 |
20140208108 | MEDIATOR UTILIZING ELECTRONIC CONTENT TO ENFORCE POLICIES TO A RESOURCE - Methods, systems and apparatuses for a mediator enforcing policies to a resource utilizing an electronic content, are disclosed. One method includes receiving, by a mediator computing device of a mediator, a second share SK | 07-24-2014 |
20140215211 | SPLIT DATA EXCHANGE PROTOCOL - Embodiments of the invention include a system to manage software and protect it from reverse engineering and intrusion prevention. A security server stores server-side software and server-side keys for various software products. Client-side software can request the server-side software and server-side key from the security server. The security server can transmit the server-side software and server-side key to the client-side software, which can then determine whether or not to assemble and execute the complete software. | 07-31-2014 |
20140215212 | ELECTRONIC DATA SHARING DEVICE AND METHOD OF USE - An electronic data sharing device for sharing user related information with users of other electronic data sharing devices, the electronic data sharing device comprising: a data exchange initiation device arranged to detect the initiation of a data exchange request; a tag generation module configured to generate a tag in preparation for the initiation of a data exchange routine, a communication module configured to exchange the tag generated on the electronic data sharing device with a tag generated by a further electronic data sharing device, wherein the exchanged tags enable user related information associated with respective users of the electronic data sharing devices to be subsequently accessed via a communication means by users who have previously initiated the data exchange request, wherein the electronic data sharing device is configured to exchange the tags in order to provide subsequent access to the user related information without requiring, before use of the device, any user related configuration or data entry associated with the device or service. | 07-31-2014 |
20140223178 | Securing Communication over a Network Using User Identity Verification - A method for securing communication over a network is disclosed. The method is performed on a server system having one or more processors and memory storing one or more programs for execution by the one or more processors. The server system receives a first encrypted user identifier from a trust broker system associated with the server system, the first encrypted user identifier including information identifying a user of a client system verified by the trust broker system. The server system receives a connection request packet from a first client system. The server system then receives a second encrypted user identifier from the first client system. The server system determines whether first encrypted user identifier matches the second encrypted user identifier. In accordance with a determination that the first encrypted user identifier matches the second encrypted user identifier, the server system establishes an encrypted connection with the first client system. | 08-07-2014 |
20140223179 | COMPUTER NETWORK SYSTEM FOR PREVENTING LOGGING OF INPUT DATA - A computer network system for preventing logging of input data has a client side host computer and a data input and encryption device linked with the host computer for data transmission. The data input and encryption device is fitted with a data input interface for inputting textual data and also encrypting them for output. The data input and encryption device is provided with either of a self-encrypting keyboard, encryption mouse, encryption touch panel or realized by downloading applications via the smart communication device. A decryption server is linked via Internet with the host computer for data transmission and enables decryption of the textual output data after encryption by the data input and encryption device. An application server, linked via Internet or private network with the decryption server for data transmission, can receive the textual data input from the data input and encryption device after decryption by the decryption server. | 08-07-2014 |
20140223180 | METHOD AND APPARATUS FOR ALLOWING SOFTWARE ACCESS TO NAVIGATIONAL DATA IN A DECRYPTED MEDIA STREAM WHILE PROTECTING STREAM PAYLOADS - A method, apparatus and system enabling software access to navigational data in a decrypted media stream while protecting stream payloads. In one embodiment, a filter may route an encrypted content stream and associated information to a secure partition having a trusted computing component for decryption. Upon decryption, the trusted computing component may store the decrypted payload of the content in a secure storage location accessible to the trusted computing component. Thereafter, the decrypted navigational header information of the content may be used to navigate to the decrypted content via a trusted component such as a trusted rendering unit in the secure partition. | 08-07-2014 |
20140223181 | MANAGEMENT OF GROUP SECRETS BY GROUP MEMBERS - A method of adding a new device ( | 08-07-2014 |
20140237236 | Mobile Security Fob - A computer-implemented method comprising: receiving, from a primary factor authentication device by one or more computer systems, a request to enroll a mobile device as a secondary factor authentication device; and
| 08-21-2014 |
20140237237 | MESSAGE AUTHENTICATION USING A UNIVERSAL HASH FUNCTION COMPUTED WITH CARRYLESS MULTIPLICATION - A method for authenticating a message by a wireless device is described. The wireless device obtains the input message. The wireless device generates a keystream. The wireless device computes a message authentication code using the keystream and a universal hash function. The universal hash function is computed using carryless multiplication. | 08-21-2014 |
20140237238 | DOCUMENT AUTHENTICATION DATA EMBEDDING METHOD AND APPARATUS - A method of embedding authentication data in an electronic document image is described. Data related to an item of information on an image of at least one page in the electronic document is acquired. The image is decomposed into a hierarchy of images having a top level and one or more lower levels each having a higher level parent, each lower level image defining a smaller region of the corresponding higher level parent image, the top level image defining a region that covers the item of information. A first secure identifier of at least the top level image is computed and arranged in a first data arrangement. A second secure identifier of the data related to the item of information is computed and arranged in a second data arrangement with the data related to the item of information. The first and second data arrangements are embedded in the electronic document. | 08-21-2014 |
20140237239 | TECHNIQUES FOR VALIDATING CRYPTOGRAPHIC APPLICATIONS - Disclosed are various embodiments for validating cryptographic applications. A cryptographic application is transmitted to a client device. Subsequently, a communication link is established with the transmitted cryptographic application as it executes in the client device. A round-trip time for communications with the transmitted cryptographic application is measured. Validation data and expected response data is generated, and the validation data is sent to the previously transmitted cryptographic application as it executes in the client device. | 08-21-2014 |
20140237240 | METHOD AND SYSTEMS FOR THE AUTHENTICATION OF A USER - A computer security system used to identify and authenticate a user. In one aspect, a method for identifying and authenticating a user is provided. The method includes establishing a trust between a server machine and an agent on a user machine. The method further includes establishing a session key to encrypt communications between the server machine and the agent. The method also includes receiving a username and password for use in validating the user. Additionally, the method includes creating an executable binary for the extraction of device data from the user machine to uniquely identify the machine. In another aspect, a computer-readable medium including a set of instructions that when executed by a processor causes the processor to identify and authenticate the user is provided. In a further aspect, a system for identifying and authenticating a user is provided. | 08-21-2014 |
20140237241 | MAPPING A GLYPH TO CHARACTER CODE IN OBFUSCATED DATA - In a font applying device on a client side in a computer system composed of the client and a server, an obfuscated font storing section stores an obfuscated font in which a character different from a character identified by the server based on a character code and having the same width of the character identified by the server is mapped to the character code. An obfuscated document receiving section receives an obfuscated document obtained by obfuscating document data as a result of converting the character code to a character code to which a character identified by the server based on the character code in the document data is mapped in the obfuscated font. A deobfuscation processing section identifies the character mapped in the obfuscated font to a character code included in the obfuscated document, and a display control section controls the display of the character. | 08-21-2014 |
20140237242 | COMPACT SECURITY DEVICE WITH TRANSACTION RISK LEVEL APPROVAL CAPABILITY - The present invention relates to the field of securing electronic transactions and more specifically to systems to indicate and verify the approval of the risk level of a transaction and to systems for generating transaction risk level approval codes. | 08-21-2014 |
20140237243 | METHOD AND SYSTEM FOR SECURE OVER-THE-TOP LIVE VIDEO DELIVERY - A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method. | 08-21-2014 |
20140245003 | Communications Method - The present application relates to a method of providing connectivity to a vehicle. The method comprises, at a first device aboard the vehicle, establishing at least one first connection with at least one first network, the at least one first connection allowing communication with a second device remote from the first device, transmitting via the at least one first connection an allocation request to the second device, receiving via the at least one first connection an allocation response from the second device, the allocation response indicating a first authentication device from a plurality of authentication devices remote from the first device, and establishing a second connection with a network and authenticating the first device on the network using the first authentication device. | 08-28-2014 |
20140245004 | RULE SETS FOR CLIENT-APPLIED ENCRYPTION IN COMMUNICATIONS NETWORKS - A rule set for client-applied encryption is created and deployed to a client device by a network device over a communications network. Encryption applied by the client in accordance with the rule set may form the basis of a secure connection in which encrypted information is encapsulated and tunneled across a network that includes a wireless or wired interface through which the client obtains network connectivity. The client may monitor operating conditions, including operating conditions of the communications network, client device, and/or service provider. The rule set includes one or more rules that may be used by the client in combination with the detected operating conditions to select the appropriate encryption protocol. The rule set may persist at the client for use over multiple sessions in which a range of communication protocols and/or access points are used by the client to obtain network connectivity. | 08-28-2014 |
20140245005 | Cryptographic processing method and system using a sensitive data item - A cryptographic processing method using a sensitive data item in a cryptographic processing system including in memory a test making it possible to tell a human and a computer apart and a reference value obtained by applying a cryptographic function to a pair of values P and R, where P is the sensitive data item and R is a solution to the memorized test, the method including the steps of: configuring the cryptographic processing system, including obtaining and memorizing the reference value in the cryptographic system; transmitting the memorized test to a user; obtaining the user's response to the transmitted test; a cryptographic processing step based on the sensitive data item, using the obtained response, the reference value and the cryptographic function. The reference value and memorized test are in the memory of the system and the solution is not in the memory of the system, during the transmission step. | 08-28-2014 |
20140245006 | CRYPTOGRAPHIC ACCUMULATORS FOR AUTHENTICATED HASH TABLES - In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree. | 08-28-2014 |
20140245007 | User Authentication System - Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials. | 08-28-2014 |
20140245008 | Systems and Methods for Controlling Email Access - Embodiments of the disclosure relate to proxying at least one email resource in transit to at least one client device from at least one email service, removing at least one URL from the email resources, and adding at least one modified URL to the email resources. | 08-28-2014 |
20140258721 | LINEAR FEEDBACK SHIFT REGISTER (LFSR) - A wireless communication device is described. The wireless communication device includes a linear feedback shift register. The linear feedback shift register is initialized. The linear feedback shift register is a word based odd characteristic linear feedback shift register. The linear feedback shift register includes multiple 64-bit registers. A feedback function output is generated using the 64-bit registers. The feedback function output is placed into a highest register of the linear feedback shift register. | 09-11-2014 |
20140258722 | Forwarding E-Mail From A Wireless Device - A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients. | 09-11-2014 |
20140258723 | METHOD AND A DEVICE OF AUTHENTICATION IN THE CONVERGED WIRELESS NETWORK - In the existing WLAN network, the authentication method using the pre-shared cipher key has low safety, and is not applicable for large scale deployment; while the authentication method based on 802.1x is very complex and needs to introduce EAP/RADIUS servers. The invention provides an authentication method and device in a converged wireless access network, wherein, the wireless access network and the UE all maintain a cipher key of a UE for accessing the first wireless access network, when the UE accessing the second wireless access network, the wireless access network and the UE implements the authentication based on the cipher key. In the invention, the UE key for accessing the first wireless access network, which has been obtained safely, is used in the authentication for the access of the UE in the second wireless access network. Compared to the traditional solution of the shared cipher key, the proposed solution ensures safety; and compared to the traditional 802.1x solution, it saves the operation of obtaining the cipher key via negotiating, and does not need to involve the network element such as key servers etc. | 09-11-2014 |
20140281522 | METHOD AND APPARATUS FOR ESTABLISHING A SECURE COMMUNICATION LINK BETWEEN A MOBILE ENDPOINT DEVICE AND A NETWORKED DEVICE - A method, non-transitory computer readable medium, and apparatus for establishing a secure communication link between a mobile endpoint device and a networked device are disclosed. For example, the method scans an optical code, wherein the optical code contains configuration information and an encryption key, configures the mobile endpoint device in accordance with the configuration information, sends a request to the networked device to establish the secure communication link, wherein the request is encrypted using the encryption key and receives a confirmation from the networked device that the secure communication link is established between the mobile endpoint device and the networked device once the networked device has authenticated the mobile endpoint device based upon the request, wherein the confirmation is encrypted using the encryption key. | 09-18-2014 |
20140281523 | System and method of secure remote authentication of acquired data - A computer-implemented method and an according system of secure remote authentication of acquired data is provided to allow a more secure and verifiable acquisition of digital data. The method may comprise exchanging between a user device and a security managing device seed information and generating synchronized random number time stamps on both devices based on the exchanged seed information, acquiring digital data using the user device, generating metadata with at least user time information upon acquisition of the digital data and providing authenticated digital data from at least the acquired digital data, the metadata and a user time stamp. Further, the method may comprise transmitting the authenticated digital data to the security managing device and verifying upon reception of the authenticated digital data, whether the user time information and the user time stamp of said authenticated digital data corresponds to verification time information and a correlating verification time stamp. | 09-18-2014 |
20140281524 | SYSTEMS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR RECORDING SERVICE STATUS OF APPLICATIONS - A method for use in a system with multiple processor-based devices, the method including: running a first application on a first processor-based device; maintaining a second application in a standby mode on the first processor-based device; and providing a service to each of the first and second applications on the first processor-based device by a service-providing application on the first processor-based device, wherein providing the service includes maintaining a record regarding service statuses of the first application and the second application in which the record stores a respective entry for each of the first and second applications to reflect an active service status for the first application and a standby service status of the second application. | 09-18-2014 |
20140281525 | MINIMAL DISCLOSURE CREDENTIAL VERIFICATION AND REVOCATION - The subject disclosure is directed towards credential verification for accessing a service provider. A user may prove to the service provider the validity of the credential by communicating a non-revocation component that is based upon a prime-order cryptographic group without a bilinear pairing. In order to authenticate the user, a verification mechanism within an identity management system applies private cryptographic data, including a verifier-designated private key to the non-revocation component, which proves that the user's identity and therefore, the credential is not revoked. The presentation proof includes a hash value that is computed using the credential's commitment and the prime-order cryptographic group. By verifying that the hash value was computed using that commitment, the verification mechanism validates the credential and permits access to the service provider. | 09-18-2014 |
20140281526 | Secure Network Storage - This invention includes apparatus, systems, and methods to secure data in a remote storage device where an end-point device does not have direct access to the storage device to secure the data, or the end-point device does not trust the storage device to adequately secure the data, comprising securing an authenticated communication between the end-point device and a synchronized storage server via a communication network. The synchronized storage server sends the end-point device a notification including the root folder list. The end-point device compares the sent root folder list to a previously stored root folder list in the end-point devices' memory. If the end-point device detects either a new root folder on the synchronized storage server, a change in an existing folder, or deleted content in a folder the end-point device will determine that a change is required to the stored data. Next the end-point device will synchronize with the synchronized storage server and create a new storage list. Finally, the synchronized storage server will send the end-point device a new encrypted folder encryption key which includes the encrypted file contents along with identifying information such as the server name and revision information. | 09-18-2014 |
20140281527 | Detecting Fraud Using Operational Parameters for a Peripheral - A secure provisioning manifest used to authenticate and securely communicate with peripherals attached to a computer is provided with techniques to withdraw the authentication and terminate the secure communications with any peripheral when operating parameters for the peripheral indicate that there is a security threat associated with the peripheral. A secure I/O module, that is separate from an operating system and transaction software executed by a processor of the computer, uses the secure provisioning manifest to establish a secure encrypted session for communicating with each peripheral attached to the computer when a peripheral is authenticated and able to establish a secure encrypted session. The secure I/O module uses current and known operating parameters for each peripheral to periodically determine if a peripheral has been compromised by a security threat. | 09-18-2014 |
20140281528 | Secure End-to-End Permitting System for Device Operations - A permitting system for controlling devices in a system includes a permit issuing agent that receives a command to be sent to a device. Based upon at least one attribute of the command, the permit issuing agent identifies one or more business logic modules that is pertinent to the command. Each business logic module has a respectively different set of business rules associated with it. Each identified business logic module determines whether the command complies with the business rules associated with that module. If the command is determined to comply with the business rules of all of the identified business logic modules, the agent issues a permit for the command, and the permit is sent to the device for execution of the command. | 09-18-2014 |
20140281529 | KEY REFRESH BETWEEN TRUSTED UNITS - Encryption logic to identify a particular session key, where the particular session key is one of a plurality of session keys for use in encrypting content to be sent from a first device. The encryption logic is to encrypt particular content with the particular session key to obtain encrypted particular content. I/O logic is provided that can cause the particular content to be sent with a key refresh structure, where the key refresh structure is to identify that the particular session key was used to encrypt the particular content. | 09-18-2014 |
20140281530 | Enhanced IPsec Anti-Replay/Anti-DDOS Performance - A method for authenticating an Internet Protocol Security (IPsec) packet, wherein the method comprises, receiving the IPsec packet via an input port, performing a Sequence-Integrity Check Value (SEQ-ICV) check that validates a sequence number within the IPsec packet, and performing an Integrity Check Value (ICV) check that validates a checksum within the IPsec packet, wherein the SEQ-ICV check is performed before the ICV check. In yet another example embodiment, an apparatus for transmitting an IPsec packet, comprising a processor, and a transmitter coupled to the processor, wherein the transmitter is configured to transmit an IPsec packet that comprises a header that comprises a sequence number field that provides a sequence number, and a payload that comprises one or more SEQ-ICV segments used to authenticate the sequence number within the IPsec packet. | 09-18-2014 |
20140281531 | TRUSTED DATA PROCESSING IN THE PUBLIC CLOUD - Generally, this disclosure describes a system and method for trusted data processing in the public cloud. A system may include a cloud server including a trusted execution environment, the cloud server one of a plurality of cloud servers, a cloud storage device coupled to the cloud server, and a RKM server including a key server module, the RKM server configured to sign the key server module using a private key and a gateway server configured to provide the signed key server module to the cloud server, the trusted execution environment configured to verify the key server module using a public key related to the private key and to launch the key server module, the key server module configured to establish a secure communication channel between the gateway server and the key server module, and the gateway server configured to provide a cryptographic key to the key server module via the secure communication channel. | 09-18-2014 |
20140281532 | INFORMATION DELIVERY SYSTEM WITH ADVERTISING MECHANISM AND METHOD OF OPERATION THEREOF - An information delivery system includes: a control unit configured to: generate an anonymous identity for concealing client information of an anonymous client from a provider, generate a comparison result for determining whether a client encryption data of the anonymous identity matches with a provider encryption data of the provider, obtain a provider notification based on the comparison result of a match for displaying on a device, and a user interface, coupled to the control unit, configured to display the provider notification. | 09-18-2014 |
20140281533 | Systems And Methods For Providing Secure Services - Systems and methods for providing one or more secure services are disclosed. One method can comprise authenticating and/or authorizing a user device to receive a security token. A request for information can be processed using the security token to facilitate the secure provision of services to the user device. | 09-18-2014 |
20140281534 | EHF Secure Communication Device - A communication device employs a contactless secure communication interface to transmit and receive data with a computing device using close proximity extremely high frequency (EHF) communication. The communication device and the computing device periodically initiate a discovery operation mode, whereby the devices periodically transmit identifying information about the respective devices and listen for identifying information from the other device. Upon completion of the discovery mode operation, the devices enter a link-training operation mode and exchange capability information about the respective devices. During transport mode operation the communication device employs methods to manage access to data stored on the communication device by encrypting the data using one or a combination of training information or capability information as a basis for generating an encryption key. | 09-18-2014 |
20140281535 | Apparatus and Method for Preventing Information from Being Extracted from a Webpage - An apparatus and method that prevents unauthorized extraction of content on a webpage is provided. The apparatus includes a server that provides data representing at least one webpage via a communication network to at least one requesting user, the data including source code, the source code having at least one attribute with an associated attribute name value. A processor is coupled to the server, analyzes the source code and selectively encrypts the attribute name value for each of the at least one attribute. The server provides a modified source code including the encrypted attribute name value to the at least one requesting user, the modified source code being able to be properly rendered on a display of the at least one requesting user and prevent unauthorized extraction of content associated with the at least one web page. | 09-18-2014 |
20140281536 | SECURED EMBEDDED DATA ENCRYPTION SYSTEMS - Devices generate security vectors based on their own attributes. A device's security vectors compose its transformation matrix. The devices securely share copies of their transformation matrices with other devices. A transmitting device adds its unique MAC to packets, encrypts those packets using its own transformation matrix, and transmits those packets. A receiving device uses its copy of the transmitting device's transformation matrix to decrypt the data in a packet, determining whether a MAC extracted from that packet matches the transmitting device's MAC. The receiving device can permit or prevent further processing of the packet's data depending on whether the MACs match. Each device can store a copy of a same program that can be used to derive derivative security vectors from existing security vectors. Each device in the network can derive the same set of derivative vectors for any selected other device in the network, thereby “evolving” the transformation matrices. | 09-18-2014 |
20140281537 | PROTECTION OF CONTROL WORDS EMPLOYED BY CONDITIONAL ACCESS SYSTEMS - In accordance with a method for communicating a control word (CW) from a client such as an encryptor to a server such as the entitlement control message generator (ECMG) of a conditional access system (CAS), communication is established between the client and server over a secure connection. A control word to be encrypted is received by the client and encrypted using a first and second key. The first key is a global secret key (GSK) that is known to the client and the server without being communicated over the secure connection. The second key is a control word encryption key (CWEK) that is derived from a locally generated client nonce (CN) and a server nonce (SN) obtained from the server over the secure connection. The encrypted control word (ECW) is sent to the server over the secure connection. | 09-18-2014 |
20140281538 | ACCELERATED SIGNATURE VERIFICATION ON AN ELLIPTIC CURVE - A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient. | 09-18-2014 |
20140281539 | Secure Mobile Framework With Operating System Integrity Checking - Systems and methods for a secure mobile framework to securely connect applications running on mobile devices to services within an enterprise are provided. Various embodiments provide mechanisms of securitizing data and communication between mobile devices and end point services accessed from a gateway of responsible authorization, authentication, anomaly detection, fraud detection, and policy management. Some embodiments provide for the integration of server and client-side security mechanisms, and for the binding of a user/application/device to an endpoint service along with multiple encryption mechanisms. For example, the secure mobile framework provides a secure container on the mobile device, secure files, a virtual file system partition, a multiple level authentication approach (e.g., to access a secure container on the mobile device and to access enterprise services), and a server side fraud detection system. In some embodiments, the multiple level authentication approach can include an operating system integrity check as part of the secure mobile framework. | 09-18-2014 |
20140289519 | ENTITIES WITH BIOMETRICALLY DERIVED KEYS - Techniques for introducing managed entities to management entities are provided. A presence notification message encrypted with a biometrically derived key may be sent by a managed entity. A management entity may receive the encrypted presence notification message and attempt to decrypt the message. The management entity may encrypt a command message with the biometrically derived key. The managed entity may decrypt the command message. | 09-25-2014 |
20140289520 | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication device is connected to a first network and a second network. The communication device includes a generating unit and a converting unit. The generating unit is configured to generate a first set of route information that is route information of the first network. The converting unit is configured to convert the first set of route information, and generate a second set of route information that is route information of the second network. | 09-25-2014 |
20140289521 | Reoccurring Keying System - A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communicate with the security management, and this regular communication can be further used to implement key renewal and/or rollover procedures. | 09-25-2014 |
20140289522 | MODULAR WIRELESS COMMUNICATOR - A wireless communicator including a housing, wireless communication functionality located within the housing, native user interface functionality cooperating with the wireless communication functionality and including user interface surfaces located on at least one outer facing surface of the housing, and pouching responsive electrical interconnection functionality responsive to pouching orientation of the housing in a pouch of an enhanced function device for automatically causing the wireless communication functionality to adapt to interoperation with parenting user interface functionality forming part of the enhanced function device at least partially instead of with the native user interface functionality. A method is also described and claimed. | 09-25-2014 |
20140289523 | SYSTEMS AND METHODS FOR AUTHENTICATING AND PROTECTING THE INTEGRITY OF DATA STREAMS AND OTHER DATA - Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file. | 09-25-2014 |
20140298014 | SYSTEMS AND METHODS FOR ESTABLISHING TRUSTED, SECURE COMMUNICATIONS FROM A MOBILE DEVICE TO A MULTI-FUNCTION DEVICE - The present invention generally relates to systems and methods for establishing trusted, secure communications from a mobile device, such as a smart phone, to an immobile device, such as a multi-function device. The disclosed techniques can include the immobile device displaying a pattern that encodes a cryptographic key. The mobile device can obtain an image of the pattern and decode it to obtain the cryptographic key. Because the mobile device obtained the image within its line-of-sight, for example, it can be assured that it communicated with the immobile device, and only the immobile device. The mobile device and the immobile device can use the cryptographic key to secure further communications. | 10-02-2014 |
20140298015 | PRIVACY SYSTEM - The disclosure relates generally to mobile device applications, and more particularly, to a privacy system for a mobile device application. In one embodiment, a computer-implemented method of sending and receiving encrypted messages between users within an associated group of users is provided. The method includes: receiving a first message from a first user within the group of users, wherein the first message includes proprietary information; encrypting the first message into ciphertext; transforming the ciphertext into a second message, wherein the second message includes quotidian information; and sending the second message to a second user within the group of users. Once the second user receives the second message, the second user will assay the second message to be an encryption of an unknown first message. The second message is received from the second user, and is decrypted into the first message, which is displayed to the second user. | 10-02-2014 |
20140298016 | METHOD AND APPARATUS FOR IDENTITY BASED TICKETING - A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator. | 10-02-2014 |
20140298017 | METHODS AND SYSTEMS FOR BROADCASTING PICTURES - A method and system for broadcasting pictures across multiple user terminals are provided. The method includes generating a user signature based on information associated with the picture, and receiving a request to broadcast the picture, the request including the user signature. The method further includes broadcasting the picture if the user signature is valid. The method and system may improve a user's online experience by eliminating unauthorized broadcasts from unauthorized users. | 10-02-2014 |
20140298018 | APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS - Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup. | 10-02-2014 |
20140298019 | METHOD AND SYSTEM FOR SECURING COMMUNICATION - A method for generating one or more secrets for use by members. The method includes sending a first request for connection with a second member, and sending a second request to connection with a third member. The method further includes receiving, by the first member from the second member, a second input after the first request is sent and after communication is initiated between the first member and the second member and receiving, by the first member from the third member, a third input after the second request is sent and after communication is initiated between the first member and the third member. The method further includes generating, using an n-bit generator executing on the first member, a message digest using a first input, the second input, and the third input, extracting a secret from the message digest, and storing the secret in a secrets repository on the first member. | 10-02-2014 |
20140298020 | RECEPTION DEVICE AND METHOD, PROGRAM, AND INFORMATION PROCESSING SYSTEM - The present technology relates to a reception device and method, a program, and an information processing system which can securely provide path information capable of equalizing a burden of a usage fee for a connection service to an external network. | 10-02-2014 |
20140298021 | METHOD AND SYSTEM FOR STORING INFORMATION BY USING TCP COMMUNICATION - The present invention relates to a method and system for storing information using TCP communication, and the method includes a communication connection request operation of transmitting, by a client, to a server a first TCP packet containing a header with a SYN field set to be active and an SEQ field in which a random number generated by the client is included, to request a TCP communication connection with the server, an encryption operation of encrypting, by the server, at least one piece of information to be stored in the first TCP packet, a communication connection confirmation operation of transmitting, by the server, to the client a second TCP packet containing a header with a SYN field set to be active, a SEQ field in which the encrypted information is stored, and an ACK field in which a value obtained by adding 1 to the random number included in the SEQ field of the first TCP packet is stored, a response operation of transmitting, by the client, to the server a third TCP packet containing a header with an ACK field set to be active, a SEQ field in which a value obtained by adding 1 to the random number stored in the SEQ field in the header of the first TCP packet is stored, and the ACK field in which a value obtained by adding 1 to the encrypted information is included, a decryption operation of decrypting, by the server, the ACK field in the header of the third TCP packet to acquire the encrypted information, and a determination operation of comparing, by the server, information stored in an IP packet residing at a lower level than the second TCP packet to a value obtained by decrypting a result of subtracting 1 from the ACK field in the header of the third TCP packet, and if they are identical, determining that the information is stored in the SEQ field of the second TCP packet and the ACK field of the third TCP packet. | 10-02-2014 |
20140298022 | MOBILE VIRTUALIZATION PLATFORM FOR THE REMOTE CONTROL OF A MEDICAL DEVICE - The invention concerns a medical assembly which insures a secured communication between a medical device (like a insulin pump) and its remote control which manages the medical device. To this effect, said assembly use an external microcontroller (MCU) which contains the secured data and uses a cryptographic mechanism to communicate with the medical device. One single external microcontroller (MCU) is paired with only one medical device in such a way the patient can change several times of remote device although aware that the re mote device, in which said external protected MCU is inserted, is the single remote device paired with the medical device. In said assembly, said medical device and said external microcontroller (MCU) comprise secured memories which contain the wireless communication configuration in such a way the devices know in advance the good configuration. | 10-02-2014 |
20140298023 | METHOD AND SYSTEM FOR ENABLING A TECHNICAL APPARATUS - A method and a system transmit data between a technical apparatus which has a reception unit, a transmission unit and a computer unit, an external device which has a reception unit, a transmission unit and a computer unit, and a mobile terminal which has a reception unit, a transmission unit and a memory unit. The method and system allow registered, authenticated users to use the mobile terminal to perform safe reservation or enabling for a technical apparatus, without requiring an online connection and check between the technical apparatus and the external device for the purpose of authorization and authentication of the user. | 10-02-2014 |
20140304508 | CONFIDENTIAL MESSAGE EXCHANGE USING BENIGN, CONTEXT-AWARE COVER MESSAGE GENERATION - Systems and methods are disclosed permitting a sender to send a secret and secure message to a recipient. An application on a sender device interfaces with known message generating tools to permit a user to generate a message. The local application encrypts the message (and optional attachments) based on public/private key pairing negotiated with the server given the recipient device id. The sender device transmits the cipher text to the server. The server generates a benign, text-based, context-appropriate message and delivers same to a recipient device by way of a known messaging service. The benign message provides a secret clue to the recipient that an encrypted message is available. Recipient may then access and decrypt the encrypted message, such as from the server in response to a successful challenge (e.g., password request). | 10-09-2014 |
20140304509 | Dual Interface Device For Access Control and a Method Therefor - The invention provides a low-cost access control device for identification and authentication in both the “digital” and “physical” worlds by contact-bound respectively contact-less interfaces and where individual users of the device can securely update access control credentials and cryptographic keys from a remote system without the need for any additional hardware or specialized software. The access control credentials and the at least one cryptographic key shall be readable by an access control system via the contact-less interface of the device, thereby enabling or denying the holder of the device access. | 10-09-2014 |
20140310522 | NETWORK APPARATUS FOR SECURE REMOTE ACCESS AND CONTROL - A network appliance is designed and configured to communicate over a data network and to provide secure on-demand remote access and control of a computing system in the context of remote support. | 10-16-2014 |
20140310523 | METHOD, APPARATUS AND SYSTEM FOR SECURE COMMUNICATION OF LOW-COST TERMINAL - Embodiments of the present invention provide a method for secure communication of a low-cost terminal, which solves a communication security problem in the low-cost terminal and on a network side. The method includes: selecting, by an access point, a ciphering algorithm and an integrity algorithm according to a security capability of the low-cost terminal after successful authentication and key negotiation between the low cost terminal and a mobility management entity, and acquiring a cipher key and an integrity key according to the ciphering algorithm and the integrity algorithm; sending, by the access point, a security mode command including the ciphering algorithm and the integrity algorithm to the low-cost terminal so that the low-cost terminal calculates the cipher key and the integrity key; and receiving, by the access point, a security mode complete response message sent by the low-cost terminal. Embodiments of the present invention apply to radio communication. | 10-16-2014 |
20140325218 | Wireless Charging System Using Secure Wireless Charging Protocols - The disclosure includes a system and method for charging a target object wirelessly. The system includes a processor and a memory storing instructions that when executed cause the system to: receive data describing a charging request from a target object; generate a challenge responsive to the charging request; send the challenge to the target object; receive a response from the target object; verify the response to determine that the response matches the challenge and a first set of secret data shared with a tagging device; determine that a location associated with the target object satisfies a safe charging range responsive to the verification of the response; and instruct a power transmitter associated with the target object to transmit power wirelessly to a power receiver associated with the target object responsive to the verification of the response and the determination that the location satisfies the safe charging range. | 10-30-2014 |
20140325219 | SECRET KEY MANAGEMENT METHOD FOR MULTI-NETWORK PLATFORM - In a secret key management method for multi-network platform, when the user logs in any network platform via arbitrary web-browser, the network platform links to the private cloud by Hypertext Transfer Protocol Daemon (HTTPD), and the private cloud shows a timeliness operational parameter on the web-browser for the user inputting personal parameters, and when the user inputs personal parameters within the predetermined time period, the private cloud then generates a pass key; the pass key generated by the private cloud is adapted to cooperate with the pass lock which is generated by the private cloud when the user registered to identify the user, and the identification result is transmitted to the network platform, and the network platform is configured to use the pass lock and pass key to identify the user. | 10-30-2014 |
20140325220 | "Unpassword": Risk Aware End-to-End Multi-Factor Authentication Via Dynamic Pairing - A method for determining an authentication score for use in exchanging information between a first and a second device. The method comprises at the first device: determining a first authentication score associated with a first information exchange session between the first and second devices; determining a second authentication score associated with a second information exchange session between the first and second devices, the second information exchange after the first information exchange; combining the first and second authentication scores to create a combined score; responsive to the first authentication score, generating an encryption key for encrypting the combined score, wherein the encryption key is known by the first and the second devices; and encrypting the combined score to generate a dynamic pairing code. | 10-30-2014 |
20140325221 | NETWORK TOKEN AUTHENTICATION SCHEME - Aspects of the disclosure relates to managed access to content and/or services. In certain aspects, tokens or other artifacts can be utilized for authentication and authorization. | 10-30-2014 |
20140325222 | PORTABLE DEVICE, A STATIONARY DEVICE, A DIGITAL DEVICE AND A METHOD FOR PERFORMING SECURE COMMUNICATION USING THEREOF - A method includes sensing an image of a portable device by using a camera unit, acquiring an orientation information estimation value of the portable device by using the sensed image, extracting key generation information for secure communication by using the orientation information estimation value, generating a secret key by using the extracted key generation information, and performing secure communication with the portable device by using the secret key. | 10-30-2014 |
20140325223 | DEVICE, SYSTEM, AND METHOD OF VISUAL LOGIN AND STOCHASTIC CRYPTOGRAPHY - Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account. | 10-30-2014 |
20140325224 | DISPERSED DATA STORAGE IN A VPN GROUP OF DEVICES - A method begins when at least a consensus threshold number of devices are active in a virtual private network (VPN) group of devices. The method continues by encoding group specific data based on a consensus threshold number of devices in the VPN group of devices and a number of devices in the VPN group of devices to produce one or more sets of encoded data slices. The method continues by sending the one or more sets of encoded data slices to at least one of: the consensus threshold number of devices or a dispersed storage network (DSN) memory for storage therein. When the at least the consensus threshold number of devices are not active in the VPN group of devices, each of the devices in the VPN group of devices are prohibited from creating the group specific data or accessing previously created group specific data. | 10-30-2014 |
20140331045 | APPARATUS, SYSTEM AND METHOD OF COMMUNICATING LOCATION-ENABLING INFORMATION FOR LOCATION ESTIMATION - Some demonstrative embodiments include apparatuses, systems and/or methods of communicating location-enabling information for location estimation. For example, an apparatus may include a location-enabling information (LEI) processor to process a location-enabling message, which is transmitted between first and second location-enabling sources and receivable by a mobile device, the location-enabling message including encrypted LEI configured for enabling estimation of a location of the mobile device at a predefined accuracy based on a cryptographic key corresponding to the first location-enabling source. | 11-06-2014 |
20140331046 | VIRTUAL DESKTOP ACCELERATOR WITH SUPPORT FOR MULTIPLE CRYPTOGRAPHIC CONTEXTS - In particular embodiments, a method includes intercepting a remote desktop connection request and connecting to a network gateway based on the remote desktop connection request. A first connection with a server is initiated via the network gateway using a first communication protocol. A plurality of cryptographic contexts are exchanged with the server. A token encrypted using one of the plurality of cryptographic contexts is received from the server. The token is sent from a client device to the server or a proxy to authenticate the client device, and a second connection is initiated with the server, via the proxy, using a second communication protocol. | 11-06-2014 |
20140331047 | SYSTEM AND METHOD FOR ENCRYPTING TRAFFIC ON A NETWORK - According to embodiments of the present invention a system and method for encrypting traffic on a network is disclosed. Encrypted data is transmitted between a first network element and a second network element by: acquiring an encryption seed at the first network element, the encryption seed being substantially similar to a decryption seed at the second network element; generating at least one encryption key from the encryption seed; receiving data; encrypting the data using the encryption key to generate encrypted data; transmitting the encrypted data from the first network element to the second network element via a network; and updating the encryption seed at the first network element in response to an event trigger | 11-06-2014 |
20140331048 | METHOD AND APPARATUS FOR MONITORING TRANSMISSION CHARACTERISTICS IN A NETWORK - A method for monitoring transmission characteristics in a network including a media client, a media server, and a data processor, the method including establishing a connection with the data processor; establishing an end-to-end encrypted channel between the media client and the data processor for exchanging streaming media content over the connection; sending a probing message to the data processor over the channel, the probing message carrying a first timestamp indicating the sending time of the probing message; receiving a response to all of the probing message from the data processor, the response carrying a second timestamp indicating the arrival time of the probing message at the data processor; and deriving latency information, including an upstream latency between the media client and the data processor, from a difference between the second timestamp and the first timestamp. | 11-06-2014 |
20140337621 | WEARABLE COMMUNICATION DEVICE, SECURITY COMPLEX AND USER INTERFACE - A wearable electronic modular computer-communicator device is described which may interact and cooperate with other wearable, vehicle-mounted, object-mounted or stationary electronic devices that are also described. | 11-13-2014 |
20140337622 | DISPERSED STORAGE NETWORK WITH ENCRYPTED PORTION WITHHOLDING AND METHODS FOR USE THEREWITH - An integrity record is appended to data slices prior to being sent to multiple slice storage units. Each of the data slices includes a different encoded version of the same data segment. An integrity indicator of each data slice is computed, and the integrity record is generated based on each of the individual integrity indicators, and may be, for example, list or a hash of the combined integrity indicators. When retrieving data slices from storage, the integrity record can be stripped off, a new integrity indicator of the data slice calculated, and a new integrity record created. The new integrity record can be compared to the original integrity record, and used to verify the integrity of the data slices. | 11-13-2014 |
20140337623 | DATA SECURITY IN A DISCONNECTED ENVIRONMENT - Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive. | 11-13-2014 |
20140337624 | SYSTEM FOR PROVIDING SESSION-BASED NETWORK PRIVACY, PRIVATE, PERSISTENT STORAGE, AND DISCRETIONARY ACCESS CONTROL FOR SHARING PRIVATE DATA - The invention provides secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user's actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user's identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (iii) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data. | 11-13-2014 |
20140337625 | COMMUNICATION SYSTEM AND COMMUNICATION METHOD - The present embodiments relate to a communication system, communication method, information processor, method, device, program, and recording medium which permit plural algorithms to be treated and which can impart expansibility to communications. | 11-13-2014 |
20140344575 | CLIENT PROXY FOR KEY EXCHANGE IN HTTP LIVE STREAMING - A client device includes a media player and a client proxy. The client proxy is to receive a first version of a playlist from a media server, the first version of the playlist including a first identifier of a cipher key to be used to decrypt at least one segment listed in the playlist. The first identifier identifies a location at the media server. The client proxy is to conduct a key exchange with the media server using the first location identifier to obtain the cipher key and store the cipher key at a local storage location at the client device. The client proxy also is to provide a second version of the playlist to the media player, the second version of the playlist including a second identifier of the cipher key, and the second identifier identifying the local storage location at the client device. | 11-20-2014 |
20140344576 | KEY VALIDATION SCHEME - A system and method for validating digital information transmitted by one correspondent to another in a data communication system. The method comprising the steps of generating a public key in accordance with a predetermined, generating a public key in accordance with a predetermined cryptographic scheme having predetermined arithmetic properties and system parameters. The verifying said public key conforms to said arithmetic properties of said scheme, transmitting said verified public key to a recipient. | 11-20-2014 |
20140344577 | System, Method and Computer Program Product for Providing Digital Rights Management of Protected Content - A system for providing digital rights management of protected content includes a client and a DRM manager. The client is capable of receiving at least one piece of content, the piece(s) of content being encrypted with at least one encryption key regardless of client user(s) authorized to access the piece(s) of encrypted content. To facilitate the client accessing one or more of the piece(s) of content, the DRM manager is capable of transferring the encryption key(s) to the client, the encryption key(s) being encrypted with a private key of a public key/private key pair unique to a client user associated with the client. The client can thereafter decrypt the encryption key(s) using the public key of the public key/private key pair unique to the client user. Then, the client can decrypt the piece(s) of content using the decrypted encryption key(s), and access the decrypted piece(s) of content. | 11-20-2014 |
20140344578 | METHOD AND APPARATUS FOR PERFORMING DISCOVERY FOR DEVICE-TO-DEVICE COMMUNICATION - A discovery method for Device-to-Device (D2D) communication is provided. A terminal transmits a discovery service request message for D2D communication including one of application information and group information for a Proximity based Service (ProSe) to a server. The terminal receives, from the server, a discovery service key delivery message including a discovery service key corresponding to the one of the application information and the group information for a ProSe. The terminal acquires the discovery service key by decrypting the discovery service key delivery message, and performs discovery by encrypting a discovery code with the acquired discovery service key. | 11-20-2014 |
20140351588 | METHOD AND SYSTEM FOR PRODUCT AUTHENTICATION - During manufacturing a unique encrypted authentication code is created for each product based upon device specific information relating to that product. The unique encrypted authentication code together with the device specific information is stored in a database, and a representation of the unique encrypted authentication code is stored on the product. To determine whether a product in question is authentic, the readable representation of the unique encrypted authentication code is read and sent to a server along with a request for product authentication. The server provides an indication of authenticity of the product in question based upon the unique encrypted authentication code received and the device specific information associated with that unique encrypted authentication code in the database. | 11-27-2014 |
20140351589 | PERFORMING CLIENT AUTHENTICATION USING ONETIME VALUES RECOVERED FROM BARCODE GRAPHICS - Techniques are disclosed for authenticating users accessing computing applications, e.g., applications hosted in a cloud environment accessed using a variety of computing systems. As disclosed, an authentication process is performed using a certificate and private key installed on a mobile device and a nonce generated on the server. To authenticate a user, a server generates a nonce, encrypts the nonce with a public key associated with the user, and encodes the encrypted nonce in a barcode graphic (e.g., a QR code). The resulting barcode graphic is displayed to the user, and a mobile device scans the barcode graphic to recover the encrypted nonce. The encrypted nonce is decrypted using a private key stored on the mobile device. The clear text nonce is then displayed on the screen of the mobile device and used as a one-time password (OTP) for authentication. | 11-27-2014 |
20140351590 | NETWORK DEVICE, IPSEC SYSTEM AND METHOD FOR ESTABLISHING IPSEC TUNNEL USING THE SAME - A network device is provided. The network device is connected to a number of slave network devices. Each slave network device communicates with the network device by using an Internet protocol (IP) address. The network device includes an Internet protocol security (IPsec) module and a network address translation (NAT) module. The IPsec module establishes an IPsec tunnel to a network gateway in the Internet and retrieves an IPsec IP address corresponding to the IPsec tunnel. The NAT module converts the IP addresses of the slave network devices to the IPsec IP address, such that the slave network devices use the IPsec IP address to communicate with the network gateway through the IPsec tunnel. | 11-27-2014 |
20140351591 | INFORMATION SETTING METHOD AND WIRELESS COMMUNICATION SYSTEM - An information setting method for a setting device includes the following processes. A first certificate and identification information are obtained from a wireless device to be caused to join a wireless network managed by a management device. The first certificate certifies that the wireless device is a formal wireless device and includes a first public key. The identification information is information that identifies the wireless device. A second certificate is obtained from the management device. The second certificate certifies that the management device is a formal management device and includes a second public key. Apparatus information required for the wireless device to join the wireless network is encoded using the first public key and is output to the wireless device. Management information including the apparatus information and the identification information associated with the apparatus information is encoded using the second public key and is output to the management device. | 11-27-2014 |
20140351592 | Machine-To-Machine Network Assisted Bootstrapping - The service layer may leverage the access network infrastructure so that applications on a device may bootstrap with a machine-to-machine server without requiring provisioning beyond what is already required by the access network. | 11-27-2014 |
20140351593 | PROCESS FOR ENCRYPTED LOGIN TO A SECURE COMPUTER NETWORK, FOR THE CREATION OF A SESSION OF ENCRYPTED COMMUNICATIONS BETWEEN COMPUTERS AND A DEVICE INCLUDING A MOBILE PHONE LOGGED INTO A NETWORK, FOR THE PERSISTENCE OF ENCRYPTED COMMUNICATIONS BETWEEN COMMUNICATION DEVICES, AND FOR THE TERMINATION OF COMMUNICATIONS - A method for users of devices including mobile phones and computers to engage in encrypted communications with other devices using asymmetrical key exchange technology, involving the user of a device first creating a password and then at a later time re-entering that password on the device, with the result that when the password is re-entered the device is able to decrypt a set of software components that are required for a fresh session of encrypted communications. | 11-27-2014 |
20140351594 | Token-Based Authentication Using Middle Tier - An intermediary system facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, which is sent from the client in conjunction with a connection request, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request for the client. | 11-27-2014 |
20140359288 | AUTHENTICATION DEVICES, KEY GENERATOR DEVICES, METHODS FOR CONTROLLING AN AUTHENTICATION DEVICE, AND METHODS FOR CONTROLLING A KEY GENERATOR - An authentication device may be provided. The authentication device may include a memory configured to store: a first public key; and first data signed using a first private key corresponding to the first public key, the signed data including a second public key. The authentication device may further include a first verification circuit configured to verify the first data using the first public key; and a second verification circuit configured to verify second data using the second public key, the second data signed using a second private key corresponding to the second public key. | 12-04-2014 |
20140359289 | METHOD FOR DERIVING A VERIFICATION TOKEN FROM A CREDENTIAL - A method for deriving a verification token from a credential may be provided. The credential may be a set of attributes certified by an issuer to a user using a public key of the issuer. The method may comprise generating the verification token out of the credential and binding the verification token to a context string, wherein the verification token may comprise at least one commitment. A commitment may be a blinded version of an attribute. The method may also comprise generating an opening key for the verification token enabling a generation of a confirmation for a validity of the attribute. | 12-04-2014 |
20140359290 | AUTHENTICATION - A method in a first entity for authenticating itself to a second entity by proving to the second entity that it is in possession of a full secret without sending the full secret to the second entity, the method comprising: receiving in the first entity an input from a user, the full secret having been divided into at least a first factor and a second factor and the input relating to the second factor of the full secret; reconstructing in the first entity the full secret from at least the first factor and the input; and carrying out a calculation in the first entity using the reconstructed full secret and sending the results of the calculation to the second entity, wherein the results provide an input to a pairing calculation in the second entity. | 12-04-2014 |
20140359291 | Registry - A system, method, server processing system, and computer program product for operating a registry. In one aspect, the server processing system is configured to: receive, from a user processing system in data communication with the server processing system, document data relating to an entity; receive, from the user processing system, access data indicative of an accessing party to be provided access to the document data if a defined trigger event occurs; store, in a data store associated with the server processing system, a registry for the entity indicative of the document data and the access data; determine that a defined trigger event has occurred; and in response to determining that that a defined trigger event has occurred, provide the accessing party read-only access to the document data via an access processing system in data communication with the server processing system. | 12-04-2014 |
20140359292 | ELECTRONIC KEY REGISTRATION METHOD AND ELECTRONIC KEY REGISTRATION SYSTEM - A method for registering a first electronic key, which is capable of controlling a communication subject, to a controller of the communication subject, the method including: performing an initial production process including storing identification information unique to the communication subject in the controller, and storing an encryption key generation code unique to the first electronic key and an encryption key that is used to verify the first electronic key in the first electronic key; and performing an initial registration process including writing the identification information stored in the controller to the first electronic key, obtaining the encryption key generation code from the first electronic key, generating the encryption key with an encryption key generation logic that uses the encryption key generation code, storing the encryption key in the controller, and storing encryption key information related to the encryption key in a database in association with the identification information. | 12-04-2014 |
20140359293 | METHOD AND DEVICE FOR SECURE NOTIFICATION OF IDENTITY - A system, methods and devices for the secure notification of an identity in a communications network. The methods include sending or receiving a communication including a hash of a certificate of a device to notify or detect the presence of the device in a network. Each certificate is associated with an identity which is excluded from the communication of the hash of the certificate. The received hash is compared to hashes of certificates stored in an electronic device to determine an identity. The identity may represent an electronic device or a user of the electronic device. | 12-04-2014 |
20140365769 | METHOD AND ARRANGEMENT FOR PROVISIONING AND MANAGING A DEVICE - A method, arrangement, and provisioning server in a Selected Home Operator (SHO) network for downloading a new Downloadable Universal Subscriber Identity Module (DLUSIM) to a communication device when the communication device changes from a first operator network to the SHO network. A manager of the communication device registers with the SHO network and transfers K | 12-11-2014 |
20140365770 | APPARATUS AND METHOD FOR EFFICIENTLY AND SECURELY EXCHANGING CONNECTION DATA - In the described embodiments, a connection data exchange (“CDX”) service serves as an exchange point for connection data for establishing peer-to-peer (“P2P”) connections between devices. During operation, the CDX service can receive a connection data structure (a “ticket”) that was created by a matchmaker or an invitation service in response to requests from devices attempting to establish P2P connections. Each ticket can identify a corresponding device and can include encrypted NAT hole-punch data associated with the corresponding device. The CDX service can authenticate each ticket and decrypt the NAT hole punch data from the ticket using a corresponding key. The CDX service can then use corresponding NAT hole punch data to send connection data to each of the devices that reside behind NAT devices. | 12-11-2014 |
20140365771 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD AND COMPUTER PROGRAM - An information processing apparatus that controls a display to display a first user interface including a first input field configured to receive identification information and a second input field configured to receive a public key; and controls transmitting identification information received at the first input field and a public key received at the second input field to another information processing apparatus for registration at the another information processing apparatus. | 12-11-2014 |
20140365772 | PRIVACY PROTECTED INTERACTIONS WITH THIRD PARTIES - Various embodiments are directed to computer-implemented methods and systems for a site to facilitate privacy protected interactions between users of a site and a third party utility. For example, a computer may receiving from a user selected from the users of the site, a request to interact with the third party utility. The computer may also encrypt an identification of the user to generate an encrypted user identification associated with the third party utility; and provide the encrypted user identification and the request to the third party utility. | 12-11-2014 |
20140365773 | SYSTEMS AND METHODS FOR CONTROLLING A LOCKING MECHANISM USING A PORTABLE ELECTRONIC DEVICE - Systems and methods are provided for operating a remotely operable lock. In an example embodiment, a method comprises receiving credentials at a web service from a portable electronic device, authenticating the credentials, and based on a successful authentication, issuing a command for receipt by the lock from the web service or the portable electronic device. | 12-11-2014 |
20140372754 | IMAGE BASED KEY DERIVATION FUNCTION - Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data. | 12-18-2014 |
20140372755 | SYSTEM AND METHOD FOR CONTROLLING LIFESPAN OF INTERACTION REQUESTS - An apparatus for controlling lifespan of interaction requests includes a processor and a memory, the memory storing instructions that when executed by the processor cause the processor to detect when an interaction request is being initiated for send from a communications appliance, server, or system, activate an interface on the appliance, server, or system for configuring a time to live (TTL) for the interaction request, cause, via the configuration, the interaction request to expire if not answered within the TTL life span, and cause, via the configuration, the TTL constraint applied to the interaction request to be lifted if the interaction is answered within the TTL life span. | 12-18-2014 |
20140372756 | SECURE DATA PARSER METHOD AND SYSTEM - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity. | 12-18-2014 |
20140372757 | PRIMITIVE FUNCTIONS FOR USE IN REMOTE COMPUTER MANAGEMENT - The invention facilitates remote management of a computer via a network. Remote computer management capability can be expanded beyond that previously available through the addition of one or more new primitive functions that can be performed on a managed computer. | 12-18-2014 |
20140380047 | SYSTEM AND METHOD FOR DELIVERING ENCRYPTED INFORMATION IN A COMMUNICATION NETWORK USING LOCATION IDENTITY AND KEY TABLES - Access to digital data is controlled by encrypting the data in such a manner that it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key. | 12-25-2014 |
20140380048 | METHOD AND A SERVER FOR PROCESSING A REQUEST FROM A TERMINAL TO ACCESS A COMPUTER RESOURCE - In one embodiment disclosed herein is a method of processing a request made by a terminal of a user to access a resource made available to a client entity by a platform of a cloud computer service supplier. | 12-25-2014 |
20140380049 | MANAGEMENT OF GROUP SECRETS BY GROUP MEMBERS - A method of adding a new device ( | 12-25-2014 |
20140380050 | MIGRATING AUTHENTICATED CONTENT TOWARDS CONTENT CONSUMER - Techniques involving migrating authenticated content on a network towards the consumer of the content. One representative technique includes a network node receiving an encrypted seed having at least a location of the user data at a network service that stores the user data, and a cryptographic key to access the user data. The seed is received in response to a user login attempt to the network service. The user data is requested from the location using at least the received cryptographic key. The method further includes receiving and storing the user data at the network node, where the network node is physically closer to a location of the user than is the location of the network service. If the user is successfully authenticated, user access is provided to the stored user data at the network node rather than from the network service. | 12-25-2014 |
20150012746 | DETECTING USER PRESENCE ON SECURE IN-BAND CHANNELS - A method for detecting a human user includes establishing a protected audio video path (PAVP) session between a client device and a server device. The method also includes encrypting the user presence object with keys associated with the PAVP session. The method further includes sending an encrypted user presence object to the client device via the PAVP session. Additionally, the method includes determining whether the human user is in proximity with the client device based on a response associated with the user presence object. | 01-08-2015 |
20150012747 | METHOD AND APPARATUS FOR APPLYING ENCRYPTION IN COMMUNICATION BETWEEN TERMINALS - A method for applying encryption in communication between terminals includes determining a security key to be used when the terminal transmits and receives data to/from another terminal, determining information for updating the security key; transmitting a signal including information related to the security key and the information for updating the security key, to the another terminal, and encrypting data to be transmitted to the another terminal or decrypting data received from the another terminal, by using the security key. A security key is configured during communication between terminals, and is updated without separate communication between the terminals. Encryption and decryption are performed during transmission and reception of data. Therefore, security can be secured at relatively low complexity during the transmission and reception of data between the terminals. Other embodiments including a terminal are also disclosed. | 01-08-2015 |
20150012748 | Method And System For Protecting Data - Disclosed are a method and a system for protecting data. The method for protecting data provided by an embodiment of the present invention comprises: in an initialization process of a device where data are located, acquiring an environmental factor according to environment information of the device in a secure environment; and encrypting sensitive data in the device by utilizing the environmental factor in the secure environment, and after determining that the encryption succeeds, destroying the environmental factor. Each time the device is started, an environmental factor is acquired according to the environment information of the device in the current environment, and then the encrypted sensitive data in the device is decrypted by utilizing the environmental factor in the current environment; when the decryption succeeds, access to the data in the device is allowed, and when the decryption fails, access to the data in the device is denied. The hardware cost required by the solution is low, and the risk of data leakage can be greatly reduced. | 01-08-2015 |
20150012749 | SECURITY IDENTITY DISCOVERY AND COMMUNICATION METHOD - The present invention provides a security identity discovery method, through hiding or omitting MAC addresses of the first station and a second station in a frame for identity discovery between the two stations, adopting identity codes to identify the identities of the two stations and authenticating the identities by using a ciphertext, improves the degree of privacy protection during identity discovery of the stations. | 01-08-2015 |
20150019864 | Secure Virtual Machine - An approach to securely distributing and running virtual machines is described that addresses the inherent insecurity of mobile virtual machines by authenticating a user before establishing a specialized virtualization runtime environment that includes a filesystem driver inserted into the host operating system to provide secure access to a virtual machine by authorized hypervisors only. Further described is the creation of a SecureVM package that includes the various components used to perform the operations of installation, user authentication and establishment of the specialized virtualization runtime environment. | 01-15-2015 |
20150019865 | SYSTEM AND METHOD FOR OBFUSCATING INITIATION VALUES OF A CRYPTOGRAPHY PROTOCOL - A computer-implemented technique for determining whether a first computing device has the correct version of a software program may be used to provide a secure approach to verifying that a client computing device has a secure and approved version of content player software implemented for consuming downloaded copyright media content. With this technique, copyright media content providers are able to ensure that only secure and approved content players are implemented to access the content. | 01-15-2015 |
20150019866 | Systems and Methods for Automatically Generating Top Level Index Files - Systems and methods for automatically generating top level index files for use in adaptive bitrate streaming in accordance with embodiments of the invention are disclosed. One embodiment of the method of the invention includes receiving a request from a playback device at a playback server, where the request identifies a piece of content, retrieving a list of assets associated with the identified piece of content using the playback server, filtering the list of assets using at least one predetermined criterion using the playback server, generating a top level index file describing each asset in the filtered list of assets using the playback server, and sending the top level index file to the playback device using the playback server. | 01-15-2015 |
20150019867 | RESYNCHRONIZATION OF PASSIVE MONITORING OF A FLOW BASED ON HOLE DETECTION - Embodiments are directed towards resynchronizing the processing of a monitored flow based on hole detection. A network monitoring device (NMD) may be employed to passively monitor flows of packets for a session between endpoints. The NMD may receive copies of the monitored flow and perform processes on the monitored flow. In some situations, some copies of packets may not be fully processed by the NMD, creating a hole in the processing. If a hole is detected in the monitored flow and the processing of the monitored flow is desynchronized, then the NMD may suspend processing until it is resynchronized or for a remainder of the session. If the processing is desynchronized, then the NMD may resynchronize the processing by resuming the processing of the monitored flow at a downstream position of the monitored flow based on the detected hole. | 01-15-2015 |
20150026464 | Steganography Detection - Systems and methods for detecting potential steganography use to hide content in computer files transmitted via electronic communications are provided. An electronic communication associated with a computer file may be identified. The communication and the computer file may be analyzed to determine whether the computer file potentially includes hidden content. To determine whether the computer file potentially includes hidden content, a set of steganographic criteria may be analyzed. If at least a portion of the steganographic criteria are satisfied, then it may be determined that the computer file potentially includes hidden content. If at least a portion of the steganographic criteria are not satisfied, then it may be determined that the computer file does not potentially include hidden content. If the computer file is determined to potentially include hidden content, an individual may be notified of the communication associated with the computer file. | 01-22-2015 |
20150026465 | Methods And Devices For Protecting Private Data - Private data in a cloud-based network may be protected by insuring that inadvertent, malicious, or suspicious access to such data is minimized. Reachability analyses may generate directed graphs that can be displayed as paths on a graphical user interface. If a displayed component of a path indicates that inadvertent, malicious or suspicious access may occur corrective action may be taken to prevent such access. | 01-22-2015 |
20150026466 | Token-Based Security for Links to Media Streams - Systems and methods of token-based protection for links to media streams are disclosed. For example, a computing device may generate a first token based on a private key and an encryption algorithm. The first token may be inserted into a link to a media stream. When the link is selected at a client device, a media request including the first token may be sent to a server. The server may generate a second token based on the private key and the encryption algorithm. The server may grant or deny the media request based on a comparison of the first token and the second token. | 01-22-2015 |
20150026467 | Methods and Apparatus for Authenticating Data as Originating from a Storage and Processing Device and for Securing Software and Data Stored on the Storage and Processing Device - Techniques are described for using unique features of a storage medium for authentication of data as originating from the storage medium, and also for installing software and data to a storage medium in a way which inhibits unauthorized copying of the software and data to another storage medium. Cryptoprocessing keys are created using unique features of the storage medium such as location information related to storage of selected elements of a software installation on the storage medium, or alternatively defective block information relating to the storage medium. The cryptoprocessing keys are used to encrypt data for transmission to a remote server. The remote server uses the cryptoprocessing keys to decrypt the data and authenticates the data as having been encrypted with the correct keys. | 01-22-2015 |
20150026468 | TOKEN-BASED SECURITY FOR LINKS TO MEDIA STREAMS - Systems and methods of token-based protection for links to media streams are disclosed. For example, a computing device may receive a media request in response to selection of a link to a media stream. The link may include a first token that is generated based on a private key and an encryption algorithm, and the media request may include the first token. The computing device may grant or deny the media request based on a comparison of the first token and a second token that is generated based on the private key and the encryption algorithm. | 01-22-2015 |
20150026469 | SYSTEM AND METHOD OF SECURE ENCRYPTION FOR ELECTRONIC DATA TRANSFER - A system for secure transfer of encrypted data involves a sender client, a recipient client, a main server, and a key server. The sender client receives instructions from a first user identifying transfer data and a recipient identifier, creates a key, encodes the transfer data using the key, and communicates the key and the recipient identifier to a server. The server creates a secure package identifier and communicates such to the sender client. The recipient client receives and identifies the secure package identifier and the encoded transfer data, receives from a second user a user identifier, and communicates the user identifier and the secure package identifier to the server. The server communicates the key to the recipient client only if the secure package identifier received from the recipient client matches the secure package identifier created by the server and if the user identifier matches the recipient identifier. | 01-22-2015 |
20150026470 | SECURED EMBEDDED DATA ENCRYPTION SYSTEMS - Devices generate security vectors based on their own attributes. A device's security vectors compose its transformation matrix. The devices securely share copies of their transformation matrices with other devices. A transmitting device adds its unique MAC to packets, encrypts those packets using its own transformation matrix, and transmits those packets. A receiving device uses its copy of the transmitting device's transformation matrix to decrypt the data in a packet, determining whether a MAC extracted from that packet matches the transmitting device's MAC. The receiving device can permit or prevent further processing of the packet's data depending on whether the MACs match. Each device can store a copy of a same program that can be used to derive derivative security vectors from existing security vectors. Each device in the network can derive the same set of derivative vectors for any selected other device in the network, thereby “evolving” the transformation matrices. | 01-22-2015 |
20150026471 | Staged Control Release in Boot Process - Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages. | 01-22-2015 |
20150026472 | SYSTEMS AND METHODS FOR IMPLEMENTING COMPUTER SECURITY - A computer system includes memory storing an operating system. An agent executive runs within the operating system. The agent executive receives an agent identity token from a grid computer system. The agent identity token includes a unique cryptographic key assigned to the agent executive. The agent executive collects information about the computer system for an evaluation of integrity of the agent executive, according to a plurality of agent self-verification factors. The agent executive encrypts the collected information using the cryptographic key and transmits the encrypted information to the grid computer system. The agent executive retrieves an encrypted set of commands from the grid computer system, which are selected by the grid computer system in response to the transmitted information. The agent executive decrypts the encrypted set of commands and executes, at the computer system, each command in the set of commands. | 01-22-2015 |
20150033014 | Compact and Efficient Communication Security through Combining Anti-Replay with Encryption - A method of providing anti-replay protection, authentication, and encryption with minimal data overhead is provided. A sender uses an arbitrary-length pseudorandom permutation to encrypt messages that include plaintext and successively increasing sequence numbers, to produce ciphertext messages. The sender transmits the ciphertext messages. A receiver receives the ciphertext messages and, for each received ciphertext message, performs the following operations. The receiver decrypts the given ciphertext message to recover plaintext and a candidate sequence number from the message. The receiver determines if the candidate sequence number is in any one of multiple acceptable sequence number windows having respective sequence number ranges that are based on at least one of a highest sequence number previously accepted and a last sequence number that was previously rejected, as established based on processing of previously received ciphertext messages. | 01-29-2015 |
20150039888 | TECHNIQUES FOR SHARING DATA - Techniques for sharing data between users in a manner that maintains anonymity of the users. Tokens are generated and provided to users for sharing data. A token comprises information encoding an identifier and an encryption key. A user may use a token to upload data that is to be shared. The data to be shared is encrypted using the encryption key associated with the token and the encrypted data is stored such that it can be accessed using the identifier associated with the token. A user may then use a token to access the shared data. The identifier associated with the token being used to access the shared data is used to access the data and the encryption key associated with the token is used to decrypt the data. Data is shared anonymously without revealing the identity of the users using the tokens. | 02-05-2015 |
20150046707 | BIOMETRIC AUTHENTICATION SYSTEM - In a system and method of completing a transaction over a network, a personal electronic device (PED) receives transaction information; captures biometric information from the PED user; and uses such information to identify if the user is an authorized user of the PED. If the captured biometric information identifies an authorized user of the PED, the PED: enables a first one of a pair of cryptographic keys stored on the PED corresponding to the identified authorized user; generates a digital signature for the transaction using the enabled first key; generates an authenticated transaction request using the received transaction information; and transmits the authenticated transaction request to a transaction approval center via the network. The transaction approval center uses the authenticated transaction request to complete the transaction; and the PED receives confirmation regarding the transaction from the transaction approval center. | 02-12-2015 |
20150046708 | INFORMATION PROCESSING TECHNIQUE FOR SECURE PATTERN MATCHING - An encrypted first polynomial that is obtained by encrypting, in a homomorphic encryption method that handles a polynomial processing, a first polynomial, is received from another computer. The first polynomial is represented by using, as coefficients, components of a first binary vector generated from first data in first order that is either ascending order or descending order with respect to degree of the first polynomial. Then, a predetermined processing in an encrypted text space is performed by using the encrypted first polynomial and an encrypted second polynomial that is obtained by encrypting a second polynomial in the homomorphic encryption method. The second polynomial is represented by using, as coefficients, components of a second binary vector generated from second data in second order that is different from the first order with respect to degree of the second polynomial. Then, a result of the predetermined processing is sent back. | 02-12-2015 |
20150046709 | Encapsulation of Secure Encrypted Data in a Deployable, Secure Communication System Allowing Benign, Secure Commercial Transport - Sensitive, Type 1 KIV-encrypted data is encapsulated into IP packets in a remotely deployed, secure communication system. The IP packets are addressed to a matching IP encapsulator/decapsulator device over the public Internet or other IP protocol network, that then passes it to a similar Type 1 KIV device for decryption. Thus, sensitive, encrypted data is made to appear as if it were any other commercial network data, cloaking it in the vast and busy world of the Internet. The present invention is embodied in a system that provides secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, to a remote user. Most importantly, the embodiment allows for the routing of bulk encrypted (i.e., secure) data over a public network, e.g., the Internet. | 02-12-2015 |
20150052355 | Method of Transmission of Encrypted Documents From An Email Application - The application discloses an improved method of transmitting encrypted emails by prompting the user to select at least one attachment for attaching with the email, prompting the user to select an encryption option from among several encryption options, causing an application to encrypt the selected attachment using the selected encryption option while retaining the original format of the attachments, attaching the encrypted attachment to the email, transmitting the email containing the encrypted attachment to at least one recipient address using the email application, and transmitting a second email containing at least one password to the recipient address using the email application. | 02-19-2015 |
20150052356 | INFORMATION PROCESSING APPARATUS AND METHOD - An information processing apparatus, including a plurality of information processing elements, includes a transmission unit, provided in a first information processing element newly connected to the information processing apparatus, that transmits identification information of the first information processing element to a second information processing element among the plurality of information processing elements; a first control unit, provided in the second information processing element, that assigns address information to identification information of the first information processing element, generates element information including address information corresponding to identification information of the first information processing element and each of already implemented information processing elements, and returns the element information to the first information processing element; and a second control unit, provided in the first information processing element, that performs communication with an already implemented information processing element by using address information included in the element information received from the second information processing element. | 02-19-2015 |
20150052357 | METHOD AND NETWORK NODE DEVICE FOR CONTROLLING THE RUN OF TECHNOLOGY SPECIFIC PUSH-BUTTON CONFIGURATION SESSIONS WITHIN A HETEROGENEOUS OR HOMOGENOUS WIRELESS NETWORK AND HETEROGENEOUS OR HOMOGENOUS WIRELESS NETWORK - A method and network node device control the run of technology specific Push-Button Configuration sessions within a heterogeneous or homogeneous wireless network as well as a heterogeneous or homogeneous wireless network detecting a session overlap within the network. The session is related to a configuration session (bootstrapping session, setup session) that establishes a security configuration for encrypted communication over a wireless link it is proposed an enhanced mechanism for controlling the run of technology specific Push Button Configuration sessions within a heterogeneous or homogeneous wireless network and a plurality of network node devices interconnected to each other via at least one interface and/or over multiple hops and authenticated or unauthenticated for the network by using a piece of information, e.g. a “Configuration Setup Session Identifier (CSSID),” for identifying a technology specific Push Button Configuration setup session. | 02-19-2015 |
20150058624 | SYSTEM AND METHOD FOR REMOTELY MANAGING SECURITY AND CONFIGURATION OF COMPUTE DEVICES - The present invention relates to a system that manages security of one or more computer systems and/or one or more different types of I/O channels such as USB, Ethernet, SATA, and SAS. According to certain aspects, the management system is distributed. That is, a central management system and computer subsystems are physically distributed within one or more geographical areas, and communicate with each other by passing messages through a computer network. According to certain additional aspects, the configuration and/or security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device. | 02-26-2015 |
20150058625 | SECURE CONTENT DELIVERY USING HASHING OF PRE-CODED PACKETS - Methods, systems, and devices are described for securing content for delivery via a communications network. The methods, systems and devices may involve coding a plurality of packets using a determined code to generate a coded set of packets. A plurality of packets of the coded set of packets may be hashed to generate a plurality of hashes. The plurality of hashes may be transmitted via the communications network to deliver the secured content. | 02-26-2015 |
20150058626 | Programming Method, Battery with an Arrangement for Carrying out the Programming Method and a Motor Vehicle Comprising said Type of Battery - A programming method includes programming of at least two second data processing modules using a first data processing module. The programming method further includes providing first authentication information messages to the first data processing module, wherein each of the first authentication information messages is generated from each of at least two second data processing modules. The programming method further includes generating second authentication information messages, wherein each of the second authentication information messages is generated from each of the first authentication information messages, wherein the second authentication information messages are transmitted jointly from the first data processing module using one-time sending to the at least two second data processing modules. | 02-26-2015 |
20150058627 | DATA DRIVEN SCHEMA FOR PATIENT DATA EXCHANGE SYSTEM - A patient data exchange system comprises at least one device. Each of the devices implements an interface. When a device in the patient data exchange system publishes patient data, the device generates a metadata envelope that encapsulates the patient data. The metadata envelope conforms to a schema that defines allowable metadata attributes of the metadata envelope. When a device in the patient data exchange system receives a metadata envelope that conforms to the schema, the device determines, based at least in part on a metadata attribute of the metadata envelope, a particular patient data handling policy to apply to patient data encapsulated by the metadata envelope. In some instances, the metadata attribute indicates that authorization is required from an authorization service to access the patient data encapsulated by the metadata envelope. | 02-26-2015 |
20150058628 | FILTERING KERNEL-MODE NETWORK COMMUNICATIONS - Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system. | 02-26-2015 |
20150067327 | METHODS, DEVICES, AND MEDIUMS FOR SECURELY SHARING RESTRICTED CONTENT - A computing device is disclosed for securely sharing restricted content. The computing device includes a memory storing computer readable instructions, and one or more processors configured to execute the computer readable instructions. The computer readable instructions configure the one or more processors to, collectively, receive a share request to share the restricted content; in response to the share request, encode a link with encrypted access information, the access information including a first password and identifying the restricted content; receive an access request for access to the restricted content from a client device executing the link, the access request including the encrypted access information; receive a second password from the client device in association with the access request; and grant the client device access to the restricted content in response to determining the first password matches the second password. A method and a computer readable medium are also disclosed. | 03-05-2015 |
20150067328 | AUTHENTICATING A USER DEVICE TO ACCESS SERVICES BASED ON A DEVICE ID - A first device may receive a first session token from a second device; determine that the first session token is expired or invalid; provide a security input to the second device to cause the second device to generate a first hash value of the security input using a key corresponding to a key identifier (ID); receive the key ID and the first hash value from the second device; generate a second hash value using the key corresponding to the key ID; determine that the first hash value matches the second hash value; and establish a session with the second device based on determining that the first hash value matches the second hash value. | 03-05-2015 |
20150067329 | METHOD AND SYSTEM FOR ESTABLISHING A SESSION KEY - A system and a method is provided for establishing a session key in a context of communications between entities, the identifiers of which are generated cryptographically and for which one of the entities is highly resource-constrained. It includes assigning to assistant entities of the resource-constrained entity, the highest-consuming asymmetric cryptography operations. | 03-05-2015 |
20150067330 | METHOD AND SYSTEM FOR NETWORK DATA ACCESS - Embodiments of the invention provide a method and system which allow for ready revocation of end user access rights by virtue of storing data in an encrypted form in a network environment, and using a trusted proxy server to re-encrypt the data itself to permit eventual decryption of the data by an authorised end user. However, if the end user's access rights are revoked then the trusted proxy does not perform the re-encryption of the data, and the end user is not then able to subsequently decrypt data stored in the network environment, even if it is able to access the data, without permission. Embodiments therefore have advantages that access control is decoupled from data confidentiality to provide scalability, and revocation of user access rights can be accomplished without requiring re-encryption of the stored data. | 03-05-2015 |
20150067331 | REMOTE DATA STORAGE - A computer-implemented method for performing remote data storage includes providing, by at least one client, files to be stored on a remote server, evaluating popularity of the files, and storing the files on the server in a form that depends on the popularity of the files. Files with a first level of popularity are stored in a deduplicated form and files with a second level of popularity are stored in an encrypted form, the first level of popularity being higher than the second level of popularity. | 03-05-2015 |
20150067332 | SYSTEM AND METHOD CAPABLE OF VERIFYING CONTACTLESS SENSOR TAG - A system and a method capable of verifying contactless sensor tag, the system comprising: a reading device, served to generate a first verification code according to a first dynamic value and generate an authority request according to an authority code; a sensor tag, used to obtain the first verification code of the reading device in a contactless way, generate a second verification code according to a second dynamic value, and process a ciphering calculation according to an identification code, the first verification code and the second verification code for generating the authority code, and send the authority code to the reading device in a contactless way; and a verifying device, used to receive the authority request of the reading device, and perform a deciphering calculation on the authority request for obtaining the first dynamic value and the second dynamic value for determining whether the sensor tag is real. | 03-05-2015 |
20150074394 | HOST DEVICE AND AUTHENTICATION METHOD FOR HOST DEVICE - A first data generation unit generates identification key information (FKey) that may be decrypted from the identification key information (IDKey) using key management information (FKB) read from an authenticatee. A decryption unit decrypts encrypted secret identification information (E-SecretID) using the identification key information (FKey) to generate secret identification information (SecretID). A second data generation unit generates a first session key (Skey) using the first key information (Hkey) and a random number. A one-way conversion unit performs a one-way conversion process on the secret identification information (SecretID) using the generated first session key (SKey) to generate first one-way conversion data (Oneway-ID). | 03-12-2015 |
20150074395 | Establishing a Trust Relationship Between Two Product Systems - A mechanism is provided for establishing a trust relationship between two products. A resource device receives a registration request from an application device to access a resource on the resource device by an application and users of the application on the application device. The resource device sends a registration response using a redirection uniform resource identifier (URI) provided with the registration request, where the registration response includes an authorization code and a symmetric key in response to authenticating the registration request. The resource device receives an access token request that includes the symmetric key, verifiable authentication data, and the redirection URI. The resource device sends an access token to the application device in response to validating the access token request, where the access token allows for access to the resource on the resource device thereby establishing the trust relationship between the resource device and the application device. | 03-12-2015 |
20150074396 | Lawful Interception of Encrypted Communications - A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication. | 03-12-2015 |
20150074397 | METHOD OF DISTRIBUTING DIGITAL PUBLICATIONS INCORPORATING USER GENERATED AND ENCRYPTED CONTENT WITH UNIQUE FINGERPRINTS - Electronic publications are increasingly replacing physical media, where standards have evolved to mimic these physical media. Accordingly it is beneficial to provide electronic publication software systems and/or software applications to enable new paradigms that provide consumers, authors, publishers, retailers, and others with a method of publishing new electronic content in a manner wherein primary and secondary electronic content may be combined from multiple sources to generate said new electronic content which may be distributed based upon rights embedded within content elements. The method further comprising the ability to support community interactions within work and private environments; to re-assign licenses and issue sub-licenses; and to distribute said new electronic content with a unique fingerprint allowing unique identification of sources of non-authorised content. | 03-12-2015 |
20150074398 | SECURITY - A method of secure information sharing between a first domain and a plurality of destination domains, the method comprising:
| 03-12-2015 |
20150074399 | PERSISTENT HOUSEHOLD KEYS FOR IN-HOME MEDIA CONTENT DISTRIBUTION - A method of enabling media recording compatibility between client devices, comprising provisioning a first client device associated with a subscriber identifier with a household key also associated with the subscriber identifier, receiving a media content stream at the first client device, the media content stream having been encrypted by a content provider, decrypting the media content stream at the first client device, creating a recording with the first client device by digitally recording a portion of the media content stream, encrypting the recording with the household key at the first client device, saving the recording to a memory device, and loading the recording onto a second client device that has also been provisioned with the household key, the second client device also being associated with the subscriber identifier, such that the second client device uses the household key to decrypt and play back the recording. | 03-12-2015 |
20150074400 | SYSTEM AND METHOD FOR OBTAINING AN AUTHORIZATION KEY TO USE A PRODUCT - A system and method for obtaining an authorization key to use a product utilizes a secured product identification code, which includes a serial number and at least one code that is generated based on a cryptographic algorithm. | 03-12-2015 |
20150074401 | CLOUD KEY ESCROW SYSTEM - Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored. | 03-12-2015 |
20150074402 | CLOUD KEY ESCROW SYSTEM - Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored. | 03-12-2015 |
20150082032 | DISTRIBUTION OF USER CREDENTIALS - A method relates to distributing user credentials in a distributed physical access control system, and more generally to distributing user credentials in a distributed system. A method may include storing a user credential database (DB), a first transformed credential DB and a second transformed credential DB for authenticating users to access a first and a second service provided by the device. The method may include generating the first transformed credential DB and the second transformed credential DB based on the user credential DB and comparing a credential received from a user to the first or the second transformed credential DB to determine whether to grant access to the first or the second service. The method may include distributing the user credential DB to a plurality of other devices connected in a network for the other devices to generate transformed credential DBs for authenticating users to access services. | 03-19-2015 |
20150082033 | ANONYMOUS DECISIONS IN AN ACCESS CONTROL SYSTEM - A controller device may correspond to a physical access controller in a distributed physical access control system. The controller device may include logic configured to obtain access to a global database that include access control information for a plurality of controller devices. The logic may be further configured to derive a local access rules table from the global database, wherein the local access rules table relates users to access rules, and wherein the local access rules table is encrypted with a local access rules key; and derive a local credentials table from the global database, wherein the local credentials table relates hashed credentials to users, wherein the local credentials table stores, for a user, the local access rules key encrypted with unhashed credentials associated with the user, wherein the unhashed credentials are not stored in the controller device. | 03-19-2015 |
20150082034 | METHOD AND APPARATUS FOR TRANSMITTING DATA USING ENCODED PATTERNS OF CHANGING COLORS - A system and method for encoding, transmitting and decoding data is described which defines a plurality of bit patterns into a predetermined color combination of RGB values. A message is formed from the plurality of bit patterns and the message is then arranged into a recognizable format with a message protocol. The message is transmitted to a decoder, which decodes the message and displays the message on a display. A use is provided to establish a two factor authentication mechanism to authenticate a user by a requester. | 03-19-2015 |
20150082035 | METHOD OF PROVISIONING PERSISTENT HOUSEHOLD KEYS FOR IN-HOME MEDIA CONTENT DISTRIBUTION - A method of providing a household key to a client device, comprising receiving a key request including a subscriber identifier at an update server from a client device, and determining whether the subscriber identifier has previously been associated with a household encryption key. The household encryption key can be configured to be used by the client device to encrypt recordings of media content it makes and/or decrypt recordings of media content it previously made or that it receives from another client device that encrypted the recording using the household key. If the subscriber identifier has previously been associated with a household encryption key, the update server retrieves the household key and sends it to the client device. If the subscriber identifier has not previously been associated with a household encryption key, the update server retrieves a new household key from a pool, associates the new household key with the subscriber identifier, and sends it to the client device. | 03-19-2015 |
20150082036 | IMAGE FORMING APPARATUS, CONTROL METHOD, AND STORAGE MEDIUM - An image forming apparatus includes a storage unit configured to store a plurality of encryption keys, wherein the plurality of encryption keys includes at least a default key, a setting unit configured to set an encryption key to be used for encryption communication according to a specific protocol, wherein the encryption key is selected from the plurality of encryption keys, an obtaining unit configured to obtain security setting information for limiting use of an encryption key, and a control unit configured to, in the case where the security setting information is obtained, determine whether or not the encryption key set by the setting unit has a predetermined encryption strength, wherein the control unit is configured to change the set encryption key to the default key in response to determining that the set encryption key has not the predetermined encryption strength. | 03-19-2015 |
20150082037 | AUTHENTICATING CREDENTIALS FOR MOBILE PLATFORMS - Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service. | 03-19-2015 |
20150089220 | Technique For Bypassing an IP PBX - The invention includes methods and systems for establishing communication between a first device and a second device. The first device forming a data packet and appending the data packet with a unique secure hash of the second device's public key. Next, the first device authenticating with a server. Next, the first device sending the appended data packet with the unique secure hash of the second device's public key to the server with the server storing it in memory. Next, the second device connecting and identifying itself to the server. Next, the second device authenticating with the server. Next, having positively confirmed the second device's identity, the server delivering all data packets with the unique secure hash of the second device's public key to the second device. Finally, the second device decrypting the data packets using the second device's private key. | 03-26-2015 |
20150089221 | Secure Near Field Communication Server Information Handling System Support - Secure NFC interactions with a server information handling system management controller, such as a baseboard management controller, are supported with an NFC application running on a mobile information handling system. A private key is applied by the mobile application to create an application hash that a baseboard management controller verifies to authorize access by the NFC application. The private key encrypts a user name and password so that the baseboard management controller decrypts the user credentials to look up access privileges in a security database. If user privileges include access to components, the baseboard management controller automatically actuates locks to provide access. | 03-26-2015 |
20150089222 | SECURELY CONNECTING CONTROL DEVICE TO TARGET DEVICE - In an approach, a target computing device receives a pairing request from a controller computing device, the pairing request including controller credentials that were previously received by the controller computing device from an authentication server computer and encrypted under a service key. The target computing device forwards the pairing request to the authentication server, the authentication server computer being configured to return a pairing response based at least in part on the controller credentials. The target computing device receives the pairing which includes a shared secret encrypted under a target device key and the same shared secret encrypted under a controller key. The target computing device decrypts the shared secret encrypted under the target device key and forwards the shared secret encrypted under the controller key to the controller device. Using the decrypted shared secret, the target computing device establishes a secure connection to the controller computing device. | 03-26-2015 |
20150089223 | PROTECTING MEMORY INTERFACE - An apparatus includes an interface and logic circuitry. The interface is configured to communicate over a communication link. The logic circuitry is configured to convert between a first stream of plaintext bits and a second stream of ciphered bits that are exchanged over the communication link, by applying a cascade of a stream ciphering operation and a mixing operation that cryptographically maps input bits to output bits. | 03-26-2015 |
20150089224 | Application Gateway Architecture with Multi-Level Security Policy and Rule Promulgations - Embodiments of an application gateway architecture may include an application gateway server computer communicatively connected to backend systems and client devices operating on different platforms. The application gateway server computer may include application programming interfaces and services configured for communicating with the backend systems and managed containers operating on the client devices. The application gateway server computer may provide applications that can be centrally managed and may extend the capabilities of the client devices, including the ability to authenticate across backend systems. A managed container may include a managed cache and may provide a secure shell for applications received from the application gateway server computer. The managed container may store the applications in the managed cache and control access to the managed cache according to rules propagated from at least one of the backend systems via the application gateway server computer. | 03-26-2015 |
20150089225 | SYSTEMS FOR PROVISIONING UNIVERSAL INTEGRATED CIRCUIT CARDS - A system that incorporates the subject disclosure may include, for example, a system for receiving a request to modify a universal integrated circuit card, generating a package comprising configuration data for modifying the universal integrated circuit card, encrypting the package with a transport key to generate an encrypted package, transmitting the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card, and providing a mobile network operator trusted service manager system information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation of the universal integrated circuit card. Other embodiments are disclosed. | 03-26-2015 |
20150089226 | METHODS AND APPARATUS TO COLLECT DISTRIBUTED USER INFORMATION FOR MEDIA IMPRESSIONS AND SEARCH TERMS - Disclosed examples involve receiving a plurality of first identifiers and a media identifier collected by a data collector installed at a mobile device in connection with an application. The first identifiers identify at least one of the mobile device or a user of the mobile device. The media identifier is indicative of media presented via the application at the mobile device. Encrypted identifiers are generated by encrypting the first identifiers. Respective ones of the encrypted identifiers are decodable by corresponding database proprietors to which the respective encrypted identifiers pertain. The encrypted identifiers are sent in association with the media identifier to an audience measurement entity. | 03-26-2015 |
20150095644 | PERFORMING TELEMETRY, DATA GATHERING, AND FAILURE ISOLATION USING NON-VOLATILE MEMORY - Methods and apparatus related to performance of telemetry, data gathering, and failure isolation using non-volatile memory are described. In one embodiment, a Non-Volatile Memory (NVM) controller logic stores data in a portion of an NVM device. The portion of the NVM device is determined based at least in part on a type or an identity of a sender of the data. Also, the data is encrypted in accordance with a public key provided by the sender. Other embodiments are also disclosed and claimed. | 04-02-2015 |
20150095645 | SYSTEM AND METHOD TO ACCESS CONTENT OF ENCRYPTED DATA ITEMS IN UNSUPPORTED DIGITAL ENVIRONMENTS - A method for accessing content of encrypted data item(s) by a terminal device operating in a digital environment, according to which before the data item is being accessed by the terminal device, it is modified after being intercepted if found to be encrypted. The wrapper of the data item is modified or replaced by embedding a URL with a unique identifier and a message into the wrapper of the data item. If a supported terminal device attempts to accesses the modified data item, the client application natively consumes the data from the modified data item and ignores its wrapper. If not, the message and the URL are displayed on the terminal device and the user browses the URL. Then after authentication, a web server locates the modified data item using the unique identifier, retrieves and decrypts the modified item and converts the decrypted modified data item to a format that can be consumed by the browser. Then, if the user has permission, he can view the data item by rendering it to the browser in his terminal device. | 04-02-2015 |
20150095646 | METHOD AND SYSTEM FOR UNIFIED MOBILE CONTENT PROTECTION - Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control. | 04-02-2015 |
20150095647 | PRIVACY SYSTEM - The disclosure relates generally to mobile device applications, and more particularly, to a privacy system for a mobile device application. In one embodiment, a computer-implemented method of sending and receiving encrypted messages between users within an associated group of users is provided. The method includes: receiving a first message from a first user within the group of users, wherein the first message includes proprietary information; encrypting the first message into ciphertext; transforming the ciphertext into a second message, wherein the second message includes quotidian information; and sending the second message to a second user within the group of users. Once the second user receives the second message, the second user will assay the second message to be an encryption of an unknown first message. The second message is received from the second user, and is decrypted into the first message, which is displayed to the second user. | 04-02-2015 |
20150100782 | METHODS AND SYSTEMS FOR SECURE COMMUNICATION BETWEEN WIRELESS ELECTRONIC DEVICES AND VEHICLES - Methods and systems are provided for communicating with a vehicle. In one embodiment, a portable communication device for communicating with a vehicle is provided. The portable communication device includes memory that stores vehicle specific information. The portable communication device further includes at least one processor that executes instructions that cause the portable communication device to enable a secure communication between a wireless end device and the vehicle based on the vehicle specific information. | 04-09-2015 |
20150100783 | METHODS AND SYSTEMS FOR SECURE COMMUNICATION BETWEEN WIRELESS ELECTRONIC DEVICES AND VEHICLES - Methods and systems are provided for communicating with a vehicle. In one embodiment, the system includes memory that stores vehicle specific information and one or more vehicle instructions. At least one processor executes instructions that cause the portable communication device to securely communicate the one or more vehicle instructions from the portable communication device to the vehicle based on the vehicle specific information. | 04-09-2015 |
20150100784 | COMMUNICATION APPARATUS AND CONTROL METHOD THEREFOR - Security parameter information for secure connection to a partner apparatus is generated. Routing information to the partner apparatus and address resolution information corresponding to the routing information are acquired, and managed in association with the security parameter information. In data transmission processing through the secure connection, validity/invalidity of the routing information or/and address resolution information associated with the security parameter information is determined. The data transmission processing is controlled based on the result of the determination processing. | 04-09-2015 |
20150100785 | METHOD FOR CIPHERING A MESSAGE VIA A KEYED HOMOMORPHIC ENCRYPTION FUNCTION, CORRESPONDING ELECTRONIC DEVICE AND COMPUTER PROGRAM PRODUCT - In one embodiment, it is proposed a method for ciphering a message by a sender device at destination to a receiver device, said method comprising using a keyed homomorphic encryption function associated with a public key of said receiver device. Such method is remarkable in that it comprises:
| 04-09-2015 |
20150100786 | Trust Information Delivery Scheme for Certificate Validation - A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically. | 04-09-2015 |
20150100787 | SYSTEMS AND DEVICES FOR ENCRYPTING, CONVERTING AND INTERACTING WITH MEDICAL IMAGES - A network device and a peripheral device for attachment with a medical imaging device provides for the encryption and conversion of a medical image into a secure and standardized image file format as well as the communication of the encrypted and/or converted image to a secure server on a remote network. The devices may monitor all medical image files generated on the medical imaging device and encrypt and convert selected medical image files for transmission to a remotely connected device on another network, such as a server or a mobile device. An encryption and conversion unit may be incorporated within the hardware and software of a medical imaging device or another network device in order to provide the capability for encrypting a medical image for transmission to a remote network and for converting the medical image to a format that is compatible with a destination device or network. | 04-09-2015 |
20150106620 | METHOD AND SYSTEM FOR PROVIDING A SECURE SECRETS PROXY - A secure secrets proxy is instantiated in a first computing environment and includes secure secrets proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache secrets data in a secure secrets cache outside the second computing environment. The secure secrets proxy requests one or more secrets to be cached and is then provided data representing the requested secrets in the secure secrets cache. The secure secrets proxy then receives secrets application request data from a second virtual asset instantiated in the first computing environment requesting one or more secrets be applied to second virtual asset data. The secure secrets proxy then obtains the required secrets from the secure secrets cache and coordinates the application of the secrets to the second virtual asset data. | 04-16-2015 |
20150106621 | Transmitter For Transmitting A Secure Access Signal - A transmitter ( | 04-16-2015 |
20150106622 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - There is provided an information processing device including a secret key generator that generates a secret key from a random number received from an external device that provides a service, and a given value, a public key generator that generates a public key on the basis of the secret key by using a function identically set in a plurality of the services, a transmitter that transmits the public key to the external device, and an authentication processor that conducts authentication with the external device using the secret key. | 04-16-2015 |
20150113271 | RE-PROGRAMMABLE SECURE CRYPTOGRAPHIC DEVICE - A re-programmable wireless cryptographic device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new cryptographic device or a new device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the cryptographic device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the cryptographic device by cross-referencing the public key received from the central server system with the public key transmitted by the cryptographic device once the communication channel is established. Upon authentication, the cryptographic device is synced with the mobile device, and the mobile device passes the program code to the cryptographic device. | 04-23-2015 |
20150113272 | METHOD AND APPARATUS FOR AUTHENTICATING AND MANAGING APPLICATION USING TRUSTED PLATFORM MODULE - Disclosed herein are authentication and management of an application using a mobile trusted module (MTM). | 04-23-2015 |
20150113273 | REMOTE VERIFICATION OF USER PRESENCE AND IDENTITY - A system for verifying the presence and identity of a user on a remote computer having a server connected to a network, the network being connected to one or more remote computers. The system further includes a microcontroller connected to the remote computer by means such as USB, and registered with the server. The USB microcontroller is authenticated upon being inserted into a remote computer and is continuously authenticated thereafter until the user disconnects the USB microcontroller from the computer. When the proper authentication is satisfied, the system runs a secure web browser that is used to access websites that may have a user's confidential and sensitive data. Upon disconnecting the USB device, the secure web browser closes and none of the session data is stored locally on the computer. | 04-23-2015 |
20150113274 | SECURITY SYSTEM AND METHOD - A method for exchanging data according to one embodiment includes transmitting a packet of data from a first device to a second device, the packet of data comprising an unencrypted command and an encrypted payload. | 04-23-2015 |
20150121071 | PROGRAMMING VEHICLE MODULES FROM REMOTE DEVICES AND RELATED METHODS AND SYSTEMS - Methods, apparatus and systems are provided for programming a vehicle module. An exemplary vehicle includes a first module, a gateway module communicatively coupled to the first module, and an update module communicatively coupled to the gateway module. The update module is configured to provide authorization information and programming data to the gateway module. The gateway module is configured to verify that programming of the first module is authorized based at least in part on the authorization information and provide the programming data to the first module after verifying that the programming of the first module is authorized. | 04-30-2015 |
20150121072 | OBJECT VERIFICATION APPARATUS AND ITS INTEGRITY AUTHENTICATION METHOD - There is provided an object verification apparatus comprising; a communication module receiving object information to verify an object and integrity of the object, and requesting original object information to an integrity authentication server in which the original object information for the object is registered and receiving the original object information from the integrity authentication server; and a control module determining whether current object information extracted from the object and the object information are identical or not, controlling the communication module according to the determined result, and comparing the original object information and the current object information to verify the final integrity of the object. | 04-30-2015 |
20150121073 | SOFTWARE FINGERPRINTING - A method of providing a receiver with a version of an initial item of software, the method comprising: for each of a plurality of sections of the initial item of software that together form the initial item of software, obtaining one or more respective versions of that section, wherein for at least one of the sections a respective plurality of different versions of that section are obtained; for each of the plurality of sections of the initial item of software, selecting a respective version of that section to be used by the receiver, said selecting being arranged so that the receiver is identifiable from the set of selected versions; and providing the receiver with a version of the initial item of software by providing the receiver with access to the selected versions of the sections of the initial item of software. | 04-30-2015 |
20150121074 | METHODS AND APPARATUS FOR PROTECTING DIGITAL CONTENT - An embodiment of the invention includes a processing system to provide protected digital content, the processing system comprising a processor and control logic which, when used by the processor, results in the processing system performing operations comprising determining first and second receivers, which are coupled to the processing system, are within a predetermined acceptable proximity to the processing system. The processing system is upstream to the first receiver and the first receiver is upstream to the second receiver. Other embodiments are provided herein. | 04-30-2015 |
20150127938 | APPARATUS AND METHOD FOR SECURE OVER THE AIR PROGRAMMING OF A COMMUNICATION DEVICE - A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that is utilizing a hypertext transfer protocol where the over-the-air programming message including programming data for use by the mobile communication device, converting the over-the-air programming message to a short message service transport protocol to generate an adjusted message that includes the programming data, and providing the adjusted message to a universal integrated circuit card of the mobile communication device via a baseband proxy operating in a device processor of the mobile communication device. Other embodiments are disclosed. | 05-07-2015 |
20150127939 | SHARING BASED ON SOCIAL NETWORK CONTACTS - Various technologies described herein pertain to sharing Wi-Fi credentials based upon relationships in a computer-implemented social network. At least one server computing device of a Wi-Fi credential sharing service receives an identifier from a mobile device and credentials for a Wi-Fi network from the mobile device. The identifier identifies a user of the mobile device. Moreover, the credentials for the Wi-Fi network are desirably shared by the user. Further, contacts of the user are retrieved from the social network. The credentials for the Wi-Fi network are retained in respective accounts of the contacts of the user from the social network. Further, an account of a contact includes credentials for Wi-Fi networks shared with the contact. | 05-07-2015 |
20150127940 | SECURE DISTRIBUTED INFORMATION AND PASSWORD MANAGEMENT - A method, performed by a computer device, may include receiving an indication that a first user has acquired rights to access a digital content; generating a key for the digital content; encrypting the digital content using the generated key to generate encrypted digital content; obtaining a first passcode; and providing the first passcode and the encrypted digital content to a user device associated with the first user. The method may further include receiving, from the user device, a request for the key, wherein the request include the first passcode; determining that the first passcode is valid; determining that the key has not expired; and providing the key to the user device, in response to determining that the first passcode is valid and that the key has not expired. | 05-07-2015 |
20150127941 | Systems and Methods for Secure File Transfers - Embodiments of the disclosure can include systems and methods for secure file transfers. The onsite monitoring system secure file transfer solution can allow for transferring operational data by an onsite system behind a firewall to a central monitoring and diagnostic infrastructure by sending asynchronous, concurrent, parallel files over a port using a previously opened connection. | 05-07-2015 |
20150127942 | SECURITY KEY DEVICE FOR SECURE CLOUD SERVICE, AND SYSTEM AND METHOD FOR PROVIDING SECURE CLOUD SERVICE - Provided are a security key device for a cloud service, and a system and a method for providing a secure cloud service. The security key device includes: an interface unit detachably connected to a user terminal, and providing an interface with the user terminal; a storage unit storing an encoded user file; and an encoding/decoding transformation supporting controller that, when receiving from the user terminal a file to upload to a cloud server, encodes the file, stores the encoded file in the storage unit, and then transmits the encoded file to the user terminal, and when receiving from the user terminal an encoded file downloaded from the cloud server, stores the encoded file in the storage unit, decodes the encoded file, and transmits the decoded file to the user terminal. | 05-07-2015 |
20150127943 | METHOD FOR IMPLEMENTING CROSS-DOMAIN JUMP, BROWSER, AND DOMAIN NAME SERVER - A method for implementing cross-domain jump includes: a second domain name server obtaining a cross-domain jump request of jumping from a first domain name to a second domain name sent by a browser, the request including a cross-domain user identifier corresponding to a first identifier of a user in the first domain name; the second domain name server obtaining a second identifier of the user in the second domain name corresponding to the user identifier, and generating a login state of the user in the second domain name according to the second identifier. The second domain name server recognizes identity of the user according to the second identifier, so that user does not need to log in while still maintaining the login state. Therefore, operation convenience of the user is improved. Further, a browser, a first domain name server and a second domain name server are provided. | 05-07-2015 |
20150134953 | METHOD AND APPARATUS FOR OFFERING CLOUD-BASED HSM SERVICES - A HSM service controller receives an administrative request to enable a cloud-based application to have access to a cloud-based HSM service. The HSM service controller segments a cloud-based HSM into a plurality of VHSMs. The HSM service controller allocates to the cloud-based application, a source VHSM from among the plurality of VHSMs. The source VHSM includes an initial set of credentials, roles and/or metadata. The HSM service controller stores a handle for the source VHSM in association with a handle for the cloud-based application. The HSM service controller routes cryptography requests between the cloud-based application and the VHSM based on the handle for the source VHSM and the handle for the cloud-based application. The HSM service controller receives one or more management requests from the cloud-based application and executes cloud administrator functions responsive to the management request. | 05-14-2015 |
20150134954 | SENSOR MANAGEMENT SYSTEM IN AN IOT NETWORK - A method for managing and reconfiguring multiple devices of a network includes registering a digital birth certificate based on a private key to a device of the plurality of devices. Authenticating and validating the device may be performed based on the private key. The device can be reconfigurable, and reconfiguration of the device includes one of a physical reconfiguration, a logical reconfiguration, or reconfiguration of a mode of operation of the device. | 05-14-2015 |
20150134955 | Method for Using Cryptography to Protect Deployable Rapid On-Site Manufacturing 3D Printing Systems and Enable a Single Time Printing Protocol - A webserver is comprised of a registry, database, web store, arbiter, and signature verifier with device public keys. An external trusted machine provides a first key pair to the server system. The database contains encrypted copies of developer software/models, using the Trusted Machine to encrypt. The Signature Verifier verifies that devices requesting code are truly safe devices provided from a third party. The Trusted Machine is an extremely secure machine with a first key pair “A” used to encrypt and decrypt entries into the database safely. A trusted module is associated with the printer which comprises a random sequence generator. The printer generates keys required for printing and authorization using a Common Access Card (CAC). Next the server would encrypt the model with the keys generated by the trusted module of the printer to allow for the printer to decrypt the keys and effectuate printing of the encrypted model. | 05-14-2015 |
20150134956 | SYSTEM AND METHOD FOR CREDENTIALED ACCESS TO A REMOTE SERVER - Credentials for an account on a remote server requiring credentialed access by a client device are created, credentials are transmitted to the remote server, and response data including the credentials is received from the remote server, while restricting access to the credentials by the client device at all times. Session data transmitted by the remote server is also restricted from the client device to prevent side loading of session secrets onto client devices that may be used to attempt to gain unauthorized access to the remote server. Cookies are used to allow the client device to access more than remote server without having to authenticate individually to each remote server. | 05-14-2015 |
20150134957 | CLOSED NETWORK PRESENTATION WITH EXTERNAL ROUTER - Systems, methods and computer readable memory devices for delivering a presentation are provided. In one example, a method includes communicatively coupling the host computing device to an external router, and establishing the closed wireless network using the router. An encrypted communication session is established via the closed wireless network with a plurality of client computing devices that each comprises a display. Each of the client computing devices is communicatively coupled to a virtual network server on the host computing device. Frame buffer data is retrieved from a storage subsystem of the host computing device. The frame buffer data is sent to each of the client computing devices to modify the display of each device. | 05-14-2015 |
20150134958 | UICCS EMBEDDED IN TERMINALS OR REMOVABLE THEREFROM - The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications. | 05-14-2015 |
20150143115 | METHOD AND APPARATUS FOR AVOIDING LICENSE STORMING DURING AN UNPLANNED REGIONAL BLACKOUT - A computer implemented method and apparatus for avoiding license storming during an unplanned regional blackout. The method comprises generating a leaf license for each geographic region of a plurality of geographic regions in a broadcast area, wherein each leaf license includes a first content encryption key for decrypting media content associated with the leaf license, and where each leaf license is bound to a root license for each geographic region in the plurality of geographic regions; and generating, in response to a blackout event, a new leaf license for each geographic region of the plurality of geographic regions that are located outside of a blackout area, wherein each new leaf license includes a second content encryption key different from the first content encryption key for decrypting protected media content, and wherein each new leaf license remains bound to the root license for each geographic region in the plurality of geographic regions. | 05-21-2015 |
20150143116 | SYSTEMS AND METHODS FOR CONVENIENT AND SECURE MOBILE TRANSACTIONS - Systems and methods for conducting convenient and secure mobile transactions between a payment terminal and a mobile device, e.g., in a fueling environment, are disclosed herein. In some embodiments, the payment terminal and the mobile device conduct a mutual authentication process that, if successful, produces a session key which can be used to encrypt sensitive data to be exchanged between the payment terminal and the mobile device. Payment and loyalty information can be securely communicated from the mobile device to the payment terminal using the session key. This can be done automatically, without waiting for the user to initiate a transaction, to shorten the overall transaction time. The transaction can also be completed without any user interaction with the mobile device, increasing the user's convenience since the mobile device can be left in the user's pocket, purse, vehicle, etc. | 05-21-2015 |
20150143117 | DATA ENCRYPTION AT THE CLIENT AND SERVER LEVEL - Embodiments of the present invention include a computer system and computer program product for implementing encryption of data. A computer system determines that a first data field of a plurality of data fields of a web form requires encryption. The computer system tags the first data field with one or more HTML encryption tags. The computer system displays the web form to a user. The computer system receives user input, wherein at least a portion of the user input is contained in the first data field of the web form. The computer system encrypts the first data field on a first computer, wherein a first user specific encryption key is associated with at least the first data field. The computer system inserts the encrypted first data field into at least one record stored on a second computer. | 05-21-2015 |
20150143118 | END-TO-END SECURE COMMUNICATION SYSTEM - The present disclosure is directed to an end-to-end secure communication system wherein, in addition to encrypting transmissions between clients, communication-related operations occurring within each client may also be secured. Each client may comprise a secure processing environment to process encrypted communication information received from other clients and locally-captured media information for transmission to other clients. The secure processing environment may include resources to decrypt received encrypted communication information and to process the communication information into media information for presentation by the client. The secure processing environment may also operate in reverse to provide locally recorded audio, image, video, etc. to other clients. Encryption protocols may be employed at various stages of information processing in the client to help ensure that information being transferred between the processing resources cannot be read, copied, altered, etc. In one example implementation, a server may manage interaction between clients, provision encryption keys, etc. | 05-21-2015 |
20150143119 | CONTENT DISTRIBUTION METHOD, CONTENT DISTRIBUTION SYSTEM, SOURCE DEVICE, AND SINK DEVICE - Provided is a content distribution method which allows a source device to safely distribute copyrighted content to a sink device in response to a request from the sink device as a trigger. The content distribution method includes a list transmission step S | 05-21-2015 |
20150143120 | Controlling Mobile Device Access to Secure Data - Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device. | 05-21-2015 |
20150149772 | SECURE ACCESS FOR ENCRYPTED DATA - Embodiments generally provide techniques for managing data security. One embodiment includes providing, at a client system, an encrypted private key that can be decrypted using a locker key. Encrypted data is received from a remote system, and embodiment determine that the received encrypted data can be decrypted using a private key recovered by decrypting the encrypted private key. A request is transmitted to the remote system for the locker key corresponding to the encrypted private key, and the requested locker key is received from the remote system. Embodiments decrypt the encrypted private key using the received locker key to recover the private key, and decrypt the encrypted data, using the private key. | 05-28-2015 |
20150149773 | AVERAGE-COMPLEXITY IDEAL-SECURITY ORDER-PRESERVING ENCRYPTION - Embodiments provide ideal security, order-preserving encryption (OPE) of data of average complexity, thereby allowing processing of the encrypted data (e.g. at a database server in response to received queries). Particular embodiments achieve high encryption efficiency by processing plaintext in the order preserved by an existing compression dictionary already available to a database. Encryption is based upon use of a binary search tree of n nodes, to construct an order-preserving encryption scheme having Ω(n) complexity and even O(n), in the average case. A probability of computationally intensive updating (which renders conventional OPE impractical for ideal security) is substantially reduced by leveraging the demonstrated tendency of a height of the binary search tree to be tightly centered around O(log n). An embodiment utilizing such an encryption scheme is described in the context of a column-store, in-memory database architecture comprising n elements. OPE according to embodiments is compatible with adjustable encryption approaches. | 05-28-2015 |
20150149774 | RIGHTS MANAGEMENT SYSTEM AND METHOD INTEGRATED WITH EMAIL TRANSMISSION OF DOCUMENTS - A rights management system and method allow users to easily associate rights management policies with documents send via email from a client (e.g. a computer or scanner). The client transmits email recipient information, including the attention type (“to,” “cc” or “bcc”) for each recipient, to a rights management server. The server stores multiple rights management policies each specifying access rights (e.g. view, edit, print) granted to specified users, and stores an attention-right rule defining a correspondence between access rights and attention types. Based on the recipient information from the client, and applying the attention-rights rule, the server selects an appropriate policy or creates a new one if an appropriate policy does not exist, and transmits the policy, a document ID and an encryption key to the client. The client encrypts the document, adds metadata to the document, and sends the email with the attached document to a mail server. | 05-28-2015 |
20150149775 | Method and System of Secure Email - A process of sending and receiving emails using uniquely associated mobile communication devices involving a sender and a recipient, both registered users in a secure email communication system. The use of uniquely associated mobile communication devices with additional user authentication in the email sending and receiving ensures the authenticity of the sender and the recipient. Furthermore, the process of sending and receiving emails through the secure email communication system includes multiple levels of encryption and decryption of emails. | 05-28-2015 |
20150295717 | AUTHENTICATION METHOD AND SYSTEM - The invention relates to a method of authentication of a user (U), comprising the steps of:
| 10-15-2015 |
20150295900 | METHOD AND OPPORTUNISTIC SENSING - A method in a first device for anonymously delivering data to a part that has initiated a task is provided. The first device and the part initiating a task are participants in opportunistic sensing. The method comprises creating a data sample and encrypting the data sample with a public key of the task initiating part. After communicating the protected sample toone or more intermediate devices, one of the one or more intermediate devices delivers the protected sample to the task initiating part, such that the task initiating part does not know the identity of the first device. The task initiating device only know the identity of the one of the one or more intermediate devices that delivered the protected sample to the task initiating part, wherein the intermediate devices are participants in the opportunistic sensing. | 10-15-2015 |
20150295901 | AUTO-USER REGISTRATION AND UNLOCKING OF A COMPUTING DEVICE - A computing device provides an indication that the computing device accepts dynamic user registration of user accounts over a wireless connection. A wireless mobile device automatically connects to the computing device, establishes an encrypted connection, and receives, over the encrypted connection, and passes an encrypted account token over the encrypted connection to the computing device, all without physical interaction with the computing device. The computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the device. | 10-15-2015 |
20150304257 | Network-Based Service for Secure Electronic Mail Delivery on an Internet Protocol Network - A network is disclosed that includes a message originator computer and a message recipient computer, for secure electronic mail delivery. In accordance with the invention, the network includes a message delivery server that can distinguish between real and phantom messages. In operation, the message originator computer waits a random time and then transmits a first encrypted phantom message to the message delivery server. This message is to spoof an eavesdropper into believing that there is a steady stream of messages being sent from the originator computer. However, the message delivery server recognizes the message as a phantom message and discards it. When the message originator computer receives a user request to transmit a real message to the recipient computer, it waits a random time and then encrypts and transmits the real message to the message delivery server. The message delivery server recognizes the message as a real message and forwards the real message to the recipient computer. Meanwhile, the message originator computer can continue transmitting encrypted phantom messages to the message delivery server. In this manner, an eavesdropper will be tricked into believing that there is a steady stream of messages being sent from the originator computer. | 10-22-2015 |
20150304284 | SECURE DELIVERY OF FILES TO AUTHORIZED RECIPIENTS - A method and system for encoding a file to be transmitted by a sender computer of a sender to a recipient computer of a recipient. The file has a name. The sender computer: encrypts the file using an encryption key; receives, from a server computer, a voiceprint identifier assigned to a voiceprint of the recipient; creates a voice check ticket by combining the received voiceprint identifier, the encryption key, and a voice check text; transmits, to the server computer, the created voice check ticket; receives an address where the transmitted voice check ticket has been stored by the server computer; encodes the received address within the name of the file, the encoding comprising renaming the file with a filename that includes the name of the file and the received address merged together; and sends, to the recipient computer, the encrypted file whose name includes the encoded address. | 10-22-2015 |
20150304285 | SECURE DELIVERY OF FILES TO AUTHORIZED RECIPIENTS - A method and system for decoding an encrypted file. A recipient computer: receives, from a sender computer, the encrypted file having a filename that includes an encoded address; parses the received filename; extracts the encoded address from the parsed filename; accesses a voice check ticket at the extracted encoded address; receives voice check text from the voice check ticket; visually displays the received voice check text on a computer display of the recipient computer; prompts the recipient to read aloud the displayed voice check text; receives an audio signal from a reading aloud, by the prompted recipient, of the displayed voice check text; transmits the received audio signal to a server computer; receives, from the server computer, an encryption key after the server computer has verified, from analysis of the audio signal, the recipient's voice; and decrypts the received encrypted file using the received encryption key. | 10-22-2015 |
20150304403 | METHOD AND SYSTEM FOR FAST ACCESS TO ADVANCED VISUALIZATION OF MEDICAL SCANS USING A DEDICATED WEB PORTAL - A system for viewing at a client device a series of three-dimensional virtual views over the Internet of a volume visualization dataset contained on centralized databases employs a transmitter for securely sending volume visualization dataset from a remote location to the centralized database, more than one central data storage medium containing the volume visualization dataset, and a plurality of servers in communication with the centralized databases to create virtual views based on client requests. A resource manager load balances the servers, a security device controls communications between the client device and server and the resource manager and central storage medium. Physically secured sites house the components. A web application accepts at the remote location user requests for a virtual view of the volume visualization dataset, transmits the request to the servers, receives the resulting virtual view from the servers, and displays the resulting virtual view to the remote user. | 10-22-2015 |
20150304452 | MAINTAINING TRIGGERED SESSION STATE IN SECURE USER PLANE LOCATION (SUPL) ENABLED SYSTEM - A method is provided for maintaining session state in a Secure User Plane Location (SUPL) enabled system during a triggered session. The method includes modifying at least one parameter of a session message to include state data indicating the session state, and transmitting a request to a SUPL Enabled Terminal (SET) to initiate the triggered session, the request comprising the session message having the at least one modified parameter to be stored at the SET. The method further includes receiving a triggered message from the SET in response to occurrence of a trigger event detected by the SET, the triggered message comprising the stored state data. The triggered session is identified using the state data received in the triggered message. | 10-22-2015 |
20150312223 | REALIZING AUTHORIZATION VIA INCORRECT FUNCTIONAL BEHAVIOR OF A WHITE-BOX IMPLEMENTATION - A method of authorization in a cryptographic system that provides separate authorization for a plurality of different input message groups using a single cryptographic key, including: receiving, by the cryptographic system, a first input message from a first input message group; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first input message group, wherein the keyed cryptographic operation does not produce a correct output when the cryptographic system is not authorized for the first input message group, and wherein each of the plurality of input message groups has an associated set of input messages wherein the sets of input messages do not overlap. | 10-29-2015 |
20150312224 | IMPLEMENTING USE-DEPENDENT SECURITY SETTINGS IN A SINGLE WHITE-BOX IMPLEMENTATION - A method of enforcing security settings in a cryptographic system, including: receiving, by the cryptographic system, a first input message associated with a first security setting of a plurality of security settings; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first security setting, wherein each of the plurality of security settings has an associated set of input messages wherein the sets of input messages do not overlap. | 10-29-2015 |
20150312225 | SECURITY PATCH WITHOUT CHANGING THE KEY - A method of patching a cryptographic implementation without changing a key in a cryptographic system, including: sending a message from a first message set to the cryptographic implementation, wherein the first message uses a first portion of the cryptographic implementation; deciding to patch the cryptographic implementation; sending a second message from a second message set to the cryptographic implementation after deciding to patch the cryptographic implementation, wherein the second message use a second portion of the cryptographic implementation that is not used for any messages in the first message set. | 10-29-2015 |
20150312226 | METHOD FOR INCLUDING AN IMPLICIT INTEGRITY OR AUTHENTICITY CHECK INTO A WHITE-BOX IMPLEMENTATION - A method of performing a cryptographic operation using a cryptographic implementation in a cryptographic system, including: receiving, by the cryptographic system, an identifying string value; receiving, by the cryptographic system, an input message; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message wherein the output message is the correct result when the indentifying string value equals a binding string value | 10-29-2015 |
20150312255 | ENCRYPTING A UNIQUE IDENTIFICATION HEADER TO CREATE DIFFERENT TRANSACTIONAL IDENTIFIERS - A system may receive a content request associated with a user device. The content request may include information that identifies a subscriber associated with the user device and information that identifies a content provider associated with the content request. The system may determine a unique identification header (UIDH), associated with the subscriber, based on the content request. The system may determine randomized information associated with encrypting the UIDH. The system may encrypt the UIDH to create a transactional identifier. The UIDH may be encrypted based on the randomized information and a shared key. The system may insert the transactional identifier and the randomized information in the content request to create a modified content request. The system may provide the modified content request including the transactional identifier and the randomized information. | 10-29-2015 |
20150319137 | TECHNIQUES TO MONITOR CONNECTION PATHS ON NETWORKED DEVICES - Techniques for managing network connections are described. An apparatus may comprise a communications component operative to manage a connection for a client, the connection routed over a network and a traffic analysis component operative to determine one or more characteristics of the routing of the connection. Other embodiments are described and claimed. | 11-05-2015 |
20150319144 | Facilitating Communication Between Mobile Applications - Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed. | 11-05-2015 |
20150319145 | Logical Partition Media Access Control Impostor Detector - Provided are techniques to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spooling LPAR. The secure signal, or “heartbeat,” may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to Whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attach is occurring. The determination is made by sending as heartbeat that is designed to fail unless the heartbeat is received by as spooling device. | 11-05-2015 |
20150326538 | CONTENT MANAGEMENT SYSTEM - Disclosed is a content management system comprising: a server; a content database, configured within the server, within which are stored one or more channels, each channel comprising one or more stories, each story comprising a title and one or more files; and one or more user devices connected to the network, each user device being associated with a user, each user device being configured to allow the associated user to view one or more stories from a channel to which the associated user has viewing rights. The title of each story and the names of the files contained in the story are stored obfuscated in the content database, and the files are stored encrypted in the content database. | 11-12-2015 |
20150326539 | INCREASED COMMUNICATION SECURITY - A method of increasing communication security may include determining whether a first computer system is authorized to communicate with a second computer system, wherein the determining is performed at a third computer system. A message may be communicated from the third computer system to the first computer system, wherein the message includes a first data portion and a second data portion, wherein the first data portion includes a first instance of a session key, and wherein the second data portion includes a second instance of the session key. The second data portion may be decrypted at the first computer system to access the second instance of the session key. Another message, including the first data portion, may be communicated from the first computer system to the second computer system. The first data portion may be decrypted at the second computer system to access the first instance of the session key. | 11-12-2015 |
20150326540 | GENERATING AND DISTRIBUTING PRE-COMPUTED DATA (PCD) ASSETS TO A TARGET DEVICE - The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device. | 11-12-2015 |
20150326541 | AUDITING AND PERMISSION PROVISIONING MECHANISMS IN A DISTRIBUTED SECURE ASSET-MANAGEMENT INFRASTRUCTURE - The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device. | 11-12-2015 |
20150326554 | COMMUNICATION BETWEEN SOCIAL NETWORK CIRCLES - A social network (SNET) is divided into one or more circles having different trust levels. Communications between the different SNET circles is bridged by an SNET device capable of communicating with devices associated with the different SNET circles, even if those devices cannot communicate directly with each other. When a communication is sent between SNET circles, the SNET device verifies the trust level associated with the communication, and bridges the communication based, at least in part, on that trust level. The SNET device can be located in a demilitarized zone associated with both the first SNET circle and the second SNET circle. Where different SNET circles use different security secrets for communications between members, the SNET device can store different keys for each of those circles in separate, restricted portions of memory. | 11-12-2015 |
20150326566 | PASSWORD SCHEME THAT CAN BE USED FOR SECURITY OF MODEMS IN AN INDEPENDENTLY OPERATED CABLE SYSTEM THAT IS SCALABLE WITH DYNAMICALLY CHANGEABLE PASSWORDS - A password scheme is provided that can be used for security of cable modems in a cable network. In the system, the password is unique to each modem, the password is not fixed for the life of the device, is not shared across cable systems, is easily recoverable after a compromise, and is changed periodically based on some type of configuration. In the system each modem creates its own random password. Then the modem encrypts the password using a public key provided by the cable system and stores the encrypted password in a Management Information Base (MIB) operated by the cable system. The MIB operator decrypts the encrypted password corresponding to the public key and recovers the password. The cable operator uses the password to log in remotely to the modem. If a compromise or change of the public key or password occurs, the password is regenerated using the same procedure. | 11-12-2015 |
20150326568 | APPARATUS AND METHODS FOR STORING ELECTRONIC ACCESS CLIENTS - Apparatus and methods for storing and controlling access control clients. In one embodiment, transmitting and receiving devices ensure that only one copy of an eSIM is active at any time. Specifically, each transferred eSIM is encrypted for the destination device; the eSIM from the source device is deleted, deactivated, or otherwise rendered unusable. Various aspects of network infrastructure are also described, including electronic Universal Integrated Circuit Card (eUICC) appliances, and mobile devices. Various scenarios for transfer of eSIMs are also disclosed. | 11-12-2015 |
20150326639 | ELECTRONIC GAMING MACHINES AS SERVICE GATEWAYS - Managing a plurality of electronic gaming machines includes receiving a designation at a first electronic gaming machine (EGM) that the first EGM is a service gateway, broadcasting to other EGMs of the plurality of EGMs that the first EGM is the service gateway, and performing at least one of: discovering the other EGMs, identifying the other EGMs as client EGMs, and obtaining data from all of the client EGMs and retrieving crash data from all of the client EGMs, and communicating with a server to request performance of the at least one of the operations on selected ones of the plurality of EGMs. | 11-12-2015 |
20150332051 | METHOD FOR DOWNLOADING AT LEAST ONE SOFTWARE COMPONENT ONTO A COMPUTING DEVICE, AND ASSOCIATED COMPUTER PROGRAM PRODUCT, COMPUTING DEVICE AND COMPUTER SYSTEM - A method for downloading at least one software component onto a computing device, and associated computer program product, computing device and computer system are disclosed. In one aspect, the method is implemented by the computer device including an information processing unit having a memory. The downloading method includes downloading to the memory of a first application from a first distribution capability and connection to a second distribution capability via the first application. The connection to the second distribution capability is performed in a secure manner using an authentication code. The downloading method further includes downloading to the memory of a second application from the second distribution capability, secure connection to a third distribution capability via the second application, and downloading to the memory of each software component from the third distribution capability. | 11-19-2015 |
20150333912 | AUTHENTICATING THE IDENTITY OF INITIATORS OF TCP CONNECTIONS - A Transmission Control Protocol (TCP) receiver receives a SYN segment from a TCP initiator that initiates a TCP handshake between the TCP initiator and a TCP server. A first value is extracted from a predefined portion of the SYN segment. A second value is computed using an authentication algorithm that includes at least using a cryptographic hash function that takes as input at least the source IP address of the encapsulating IP packet of the SYN segment and a shared secret between the TCP initiator and the TCP receiver. If the computed second value matches the extracted first value, then the TCP handshake is allowed to continue. If the computed second value does not match the extracted first value, then the TCP handshake is not allowed to continue. | 11-19-2015 |
20150333917 | SYSTEM FOR PROVIDING SESSION-BASED NETWORK PRIVACY, PRIVATE, PERSISTENT STORAGE, AND DISCRETIONARY ACCESS CONTROL FOR SHARING PRIVATE DATA - The invention provides secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user's actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user's identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (iii) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data. | 11-19-2015 |
20150334092 | INFORMATION MANAGEMENT SYSTEM, INFORMATION PROCESSING DEVICE, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information management system includes an information processing device, and an information management device that prepares log information indicating a content of communication with the information processing device. The information processing device includes a recording data acquisition unit, an encryption unit, and a transmitting unit. The recording data acquisition unit sequentially acquires recording data indicating a content of communication between the information management device and the information processing device. The encryption unit encrypts the recording data to prepare encrypted data. The transmitting unit transmits the encrypted data to the information management device. The information management device includes a log information preparation unit that prepares the log information including the encrypted data. | 11-19-2015 |
20150334113 | Vehicle Data Delivery - A system and method of delivering vehicle data. Reference data is received by a data processing system. The reference data comprises a reference identifying the vehicle data stored in a repository that is located off of a vehicle and reference authentication data identifying a source of the reference data. The data processing system uses the reference authentication data to determine whether the reference data is from an approved source for the reference data. The reference is used to retrieve the vehicle data from the repository by the data processing system when the reference data is determined to be from the approved source for the reference data. The vehicle data comprises authentication data identifying a source of the vehicle data. The data processing system uses the authentication data to determine whether the vehicle data is from an approved source for the vehicle data. | 11-19-2015 |
20150334195 | SESSION COMPLETION THROUGH CO-BROWSING - A method, system and computer program product for session completion through co-browsing is claimed. The method can include establishing a content browsing session between a first computing device and a content server serving access to content to the first computing device and maintaining state data for the content browsing session. A co-browsing arrangement of the content can be created as between the first computing device and a second computing device and at least a subset of the state data can be cloned for use by the second computing device during co-browsing of the content. Thereafter, a modified form of the subset of the state data can be received from the second computing device resulting from the co-browsing of the content by the second computing device and the modified form of the subset of the state data can be provided to the first computing device for use during the content browsing session. | 11-19-2015 |
20150341294 | Method Of Adding A Postscript Message To An Email - A system and method providing for appending of a note or instruction to the contents of an email such that the note or instructions is only appended to emails of selected recipients of a group of recipients, with only the email going to the other recipients of the group of recipients is provided. | 11-26-2015 |
20150341327 | BACK-END MATCHING METHOD SUPPORTING FRONT-END KNOWLEDGE-BASED PROBABILISTIC AUTHENTICATION SYSTEMS FOR ENHANCED CREDENTIAL SECURITY - A party can authenticate itself by interacting with multiple servers without revealing the shared secret to any of the involved parties. The stored shared secret is strengthened and broken into shares and saved on the servers. The shared secret is safe against offline brute force attack unless all servers where the shares are stored are compromised. The compromise of any single server, or multiple servers—but less than the maximum number—will not allow the attacker to do a brute force analysis on the shared secret. This back end security enhancement is suitable for probabilistic front end authentication algorithms. | 11-26-2015 |
20150341333 | METHOD, APPARATUS, AND SYSTEM FOR PROVIDING A SECURITY CHECK - Embodiments of the present application relate to a method, apparatus, and system for providing a security check. The method includes receiving a security verification request sent from a terminal, obtaining first verification element information based at least in part on the security verification request, generating a digital object unique identifier based at least in part on the first verification element information, sending the digital object unique identifier to the terminal, receiving second verification element information from the terminal, and in the event that the first verification element information and the second verification element information are consistent, sending security check pass information to the terminal. | 11-26-2015 |
20150349958 | A METHOD FOR PROVIDING SECURITY USING SECURE COMPUTATION - A method of securing data, the method comprising: dividing a secret key into a plurality of secret key shares; storing each of the plurality of secret key shares in a different server of a plurality of servers so that none of the servers has access to the secret key and to the secret key share stored in another of the servers; using a server of the plurality of servers to execute a secure computation protocol to determine a value of a function responsive to all of the plurality of secret key shares without providing any of the plurality of servers with access to the secret key and to the secret key share stored in another of the servers; and using the calculated value of the function to secure the data. | 12-03-2015 |
20150349960 | TWO FACTOR AUTHENTICATION USING A PROTECTED PIN-LIKE PASSCODE - For example, an implementation of the present invention can comprise a method for authenticating a user. The method can comprise an authentication server receiving from a user a password. The server can then hash the password such that a password hash is created. The server can then receive a second token from the user. Using the second token, the server can identify a sequence of characters associated with the second token within the password hash. The server can create an authentication token by removing the sequence of characters from the password hash. If the authentication token matches a stored value, the server can authenticate the user. | 12-03-2015 |
20150349966 | CLIENT/SERVER ACCESS AUTHENTICATION - An authentication process controls access from a client terminal | 12-03-2015 |
20150350168 | USER AND DEVICE AUTHENTICATION IN ENTERPRISE SYSTEMS - Methods and systems for authenticating users of client devices to allow access of resources and services in enterprise systems are described herein. An authentication device may validate a user based on authentication credentials received from a client device. Validation data stored by the authentication device, and a corresponding access token transmitted to the client device, may be used to authenticate the user for future resource access requests. A user secret also may be stored by the authentication device and used to validate the user for future resource access requests. Additionally, after validating a user with a first set of authentication credentials, additional sets of credentials for the user may be retrieved and stored at an access gateway for future requests to access other services or resources in an enterprise system. | 12-03-2015 |
20150350169 | METHOD FOR THE AUTHENTICATION OF APPLICATIONS - Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application. | 12-03-2015 |
20150350178 | System and Method for Secure Login, and Apparatus for Same - Disclosed is a safe log-in system and method for allowing log-in of a user in association with a plurality of devices, and an apparatus for the same. The safe log-in method for allowing a safe log-in of a communication device which accesses a web site includes, by an authentication data providing device, determining whether the authentication data providing device and the communication device are located at the same place; by the authentication data providing device, acquiring authentication-related data of the communication device when the authentication data providing device and the communication device are located at the same place as a result of the determination; and by the authentication data providing device, providing the acquired authentication-related data to the communication device or the web site. | 12-03-2015 |
20150350184 | SEAMLESS REMOTE STORAGE OF UNIFORMLY ENCRYPTED DATA FOR DIVERSE PLATFORMS AND DEVICES - A way of providing seamless remote data storage and access with a universal encryption key is provided. Data may be able to be uploaded from and/or downloaded to a variety of user devices and/or types of user devices. During transfer of data, a secure communication channel may be established between a user device and a destination storage. Data may be compressed and/or encrypted before being passed to the destination storage. Such compression and/or encryption may be performed at the user device or an intermediate processing module. Likewise, when downloading data, the data may be decompressed and/or decrypted before being made available to a destination user device. Such decompression and/or decryption may be performed at the destination device or the intermediate processing module. In any case, the universal encryption key may be utilized by all user devices to generate uniformly encrypted data. | 12-03-2015 |
20150350251 | SYSTEM AND METHOD FOR ASSIGNING SECURITY LEVELS FOR INSTANT MESSAGING CONTACTS ACROSS DEVICE PARTITIONS - A method, communication device and computer program product communicate between the communication device and a second communication device using an instant messaging application. The first device receives contact information identifying the second communication device and determines a contact type for the second communication device from the contact information. If the contact type is a first contact type, the contact information is stored in a first partition of a memory of the communication device. If the contact type is a second contact type, the contact information is stored in a second partition of the memory. The partitions may employ different encryption schemes or one partition may be is unencrypted. A third party has access and control over the second partition. The device communicates with the second communication device using a security policy associated with the contact type. | 12-03-2015 |
20150350900 | SECURE CONNECTION FOR WIRELESS DEVICES VIA NETWORK RECORDS - Technologies are generally described for a system to establish a secure connection between a wireless device and another device or a recognized service using device network records. According to some examples, the wireless device may send an authentication request to initiate a communication session with another wireless or a recognized service. The authentication request may be encrypted with a first secret, or a hash, synthesized by the device based on the network records associated with the device. The device may be authenticated using the network's copy of the network records. The network may similarly authenticate the identity of the recognized service or other device. The network may synthesize a second secret based on the network records, and may provide the second secret to the recognized service or other device to enable a communication session secured by the second secret. | 12-03-2015 |
20150350906 | SYSTEMS AND METHODS FOR SELECTIVE ASSOCIATION - A particular method includes sending, from a first device to a second device of a data link group, a path request encrypted using a group key of the data link group. The method further includes receiving, at the first device from the second device, a path reply that is responsive to the path request. The method includes selecting the second device for association based on the path reply and associating, by the first device, with the second device. | 12-03-2015 |
20150358296 | CLOUD-BASED SECURE INFORMATION STORAGE AND TRANSFER SYSTEM - A cloud based system includes a data network, a cloud host and a data center. A context database stores respective contexts of multiple virtual stores. A log database records transfers of content into and out of each virtual store. At least a portion of the context and log databases is encrypted by the data center. A transfer application executes on the cloud host and responds to a transfer request to transfer content from a virtual store by: retrieving the context of the virtual store from the context database; and forwarding the transfer request and context to the data center. The transfer application also responds to a load request to load content to a virtual store by: retrieving the context of the virtual store, and a log of transfers affecting the virtual store from the log database; and forwarding the load request, context and log to the data center. | 12-10-2015 |
20150358297 | SECURE PEER-TO-PEER DATA SYCHRONIZATION - The disclosed embodiments relate to a feature of a content-item-uploading system that facilitates secure, peer-to-peer distributed sharing of a version of a content item by a user that created the version of the content item (e.g., by modifying a previous version of the content item or by creating a new content item). During operation, the system receives a cryptographic key from the user. In response, the system provides the cryptographic key to recipients in the system. Subsequently, the recipients can use the cryptographic key for secure, peer-to-peer distributed sharing of the version of the content item among the user and the recipients in a shared network without synchronization conflicts with previous versions of the content item in the system. | 12-10-2015 |
20150365382 | METHOD AND APPARATUS FOR ENFORCING STORAGE ENCRYPTION FOR DATA STORED IN A CLOUD - In one embodiment, a method includes providing a request to store at least a first piece of data. The request to store the first piece of data is a request to store the first piece of data in a first encrypted form on a cloud associated with the cloud application provider. The method also includes determining whether the cloud application provider is capable of encrypting the first piece of data, and providing the first piece of data to the cloud application provider if it is determined that the cloud application provider is capable of encrypting the first piece of data. If it is determined that the cloud application provider is not capable of encrypting the first piece of data, the method further includes encrypting the first piece of data to create the first encrypted form and providing the first encrypted form to the cloud application provider. | 12-17-2015 |
20150365383 | ENERGY SERVICE DELIVERY PLATFORM - A resource management client apparatus ( | 12-17-2015 |
20150365473 | DATA EXCHANGE IN THE INTERNET OF THINGS - A device is configured to store a hash value and an encrypted hash value. The device may broadcast a boot label including the encrypted hash value. The device may receive an administrator label from an administrative device based on the boot label. The administrator label may include a decrypted hash value. The device may determine the decrypted hash value matches the hash value. The device may receive access information from the administrative device based on the decrypted hash value matching the hash value. The access information may associate authorization information and an access level. The access level may be associated with particular data that is permitted to be read from the device. The device may selectively provide the particular data to a control device based on the access information. | 12-17-2015 |
20150372809 | Secure Network Coding for Multi-Resolution Wireless Transmission - Described herein is a method and system for hierarchical wireless video with network coding which limits encryption operations to a critical set of network coding coefficients in combination with multi-resolution video coding. Such a method and system achieves hierarchical fidelity levels, robustness against wireless packet loss and efficient security by exploiting the algebraic structure of network coding. | 12-24-2015 |
20150372989 | METHOD FOR INTRODUCING DEPENDENCE OF WHITE-BOX IMPLEMENTATION ON A SET OF STRINGS - A method of performing a cryptographic operation using a cryptographic implementation in a cryptographic system, including: receiving, by the cryptographic system, an identifying string value; receiving, by the cryptographic system, an input message; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message wherein the output message is the correct result when the indentifying string value is one of a set of binding string values, wherein the set includes a plurality of binding string values. | 12-24-2015 |
20150372991 | METHOD AND SYSTEM FOR PROTECTING DATA USING DATA PASSPORTS - A method for transmitting data involves receiving the data, identifying, by a sender system, a first data element in the data to protect, encrypting, by the sender system, the first data element with a sender session key, generating, by the sender system, a combined key using a receiver key value and a sender compartmentalization key (SK). The method also involves encrypting, by the sender system, the sender session key using the combined key to obtain an encrypted session key, generating, by the sender system, a data passport comprising the encrypted session key, a dictionary classification key (DK) index, a SK index, and a receiver compartmentalization key (RK) index, generating, by the sender system, protected data comprising the data passport and the encrypted first data element, and transmitting, by the sender system and across a network, the protected data to a receiver system. | 12-24-2015 |
20150372992 | CONTENT REPRODUCTION SYSTEM, INFORMATION PROCESSING TERMINAL, MEDIA SERVER, SECURE DEVICE, AND SERVER SECURE DEVICE - A content reproduction system includes an information processing terminal ( | 12-24-2015 |
20150372993 | SYSTEM AND METHOD FOR PROCESSING TRANSACTIONS - Embodiments of the invention include methods, systems, and computer-readable media for processing transactions involving sensitive information, such as a credit card number. Embodiments include a first server authenticating a second server based on a security token and determining whether the security token is expired. Based on the results, the first server may request a transaction token associated with sensitive information. The first server may encrypt the transaction token using a public key of the second server. The first server may send the encrypted transaction token as a parameter to a URL, wherein the URL is configured to cause a browser on a client to send, to the second server, a request for the page and the encrypted transaction token. | 12-24-2015 |
20150372998 | SECURING COMMUNICATIONS WITH ENHANCED MEDIA PLATFORMS - Various methods and systems for securing communications with enhanced media platforms, are provided. In particular, an enhanced media platform is authenticated using a trusted location. The authenticated enhanced media platform establishes a bidirectional trust with an enhanced remote location, the enhanced media platform being stored in the enhanced remote location. Upon authentication and establishing the bidirectional trust, the enhanced media platform may securely communicate media content in a media content distribution service infrastructure while supporting custom functionality. The method for securing communications with enhanced media platforms includes communicating authentication credentials to an internal security component at the trusted location. The method further includes receiving validation credentials from the internal security component. The method also includes authenticating the enhanced remote location based on at least a portion of the validation credentials received. The method further includes establishing the bidirectional trust relationship with the enhanced remote location using the validation credentials. | 12-24-2015 |
20150373384 | SYSTEMS AND METHODS FOR SECURELY STREAMING MEDIA CONTENT - Systems and methods are provided for securely providing a media stream from a server device to a remote player via a communications network. A request for a connection is received from the remote player at the server device via the communications network. In response to the request for the connection, an authorization credential is requested from a central server via the communications network. Further, in response to the authorization credential received from the central server, the media stream between the server device and the remote player can be established over the communications network. At least a portion of the media stream may be encrypted based upon the authorization credential. | 12-24-2015 |
20150381442 | Reporting Platform Information Using A Secure Agent - In an embodiment, a processor includes at least one core to execute instructions and a system management monitor to receive a platform query request from an external system, obtain status information regarding a configuration of one or more privileged resources of the processor, and report the status information to the external system. Other embodiments are described and claimed. | 12-31-2015 |
20150381558 | NSEC3 PERFORMANCE IN DNSSEC - A method includes receiving, at a server, a request from a DNS client. The request identifies a domain name to be resolved that is not able to be resolved by the server. The method includes identifying a hash of the domain name as being part of a set of hashes. The hash of the domain name identified at the server was computed using a first cryptographic technique. However, the hash can be computed by an external system using a second cryptographic technique. The first cryptographic technique is able to compute the hash in substantially fewer or substantially less complex operations than the operations required to compute the hash using the second cryptographic technique. The method further includes returning a result indicating that the domain name cannot be resolved, including returning an indicator identifying the set of hashes. | 12-31-2015 |
20150381575 | Face Based Secure Messaging - In an embodiment, a system includes at least one core and a trusted execution environment (TEE) to conduct an identity authentication that includes a comparison of streamed video data with previously recorded image data. Responsive to establishment of a match of the streamed video data to the previously recorded image data via the comparison, the TEE is to generate an identity attestation that indicates the match. Other embodiments are described and claimed. | 12-31-2015 |
20150381576 | Multi-tenant secure separation of data in a cloud-based application - Multi-tenant and single-tenant methodologies are blended into a single solution to provide cost savings of multi-tenancy along with data security and privacy of a single-tenant environment. The cloud infrastructure is partitioned to include a first set of servers, and a second set of servers. The first set of servers are dedicated to a first operation, such as data presentation, while the second set of servers are dedicated to a second operation, such as data processing. The first set is operated in a multi-tenant operating mode, while the second set is operated in a single-tenant operating mode. Thus, the first set is available for general use, presenting data from any of the server(s) in the second set. The second set, in contrast, is dedicated to individual tenants. Preferably, each tenant has dedicated server(s) in the second set, which functions like a traditional, single-tenant environment providing inherent security and privacy guarantees. | 12-31-2015 |
20150381577 | SYSTEM FOR, AND METHOD OF, AUTHENTICATING A SUPPLICANT, AND DISTRIBUTING GROUP KEYS TO GROUP MEMBERS, IN A MULTI-HOP WIRELESS COMMUNICATIONS NETWORK WITH ENHANCED SECURITY - An authenticator receives an authentication request from a supplicant requesting access to a wireless multi-hop network, and forwards the authentication request to one or more relays operative for relaying the authentication request to an authentication server. The server generates an authenticator key known to the authenticator, generates a supplicant key known to the supplicant, encrypts the supplicant key with the authenticator key, and transmits an authentication success message with the encrypted supplicant key to the authenticator to enable the supplicant to be added to the network without any relay having knowledge of the supplicant key. Encrypted group access keys are also distributed to authenticated members of a network group. | 12-31-2015 |
20150381578 | Method and Apparatus for Differently Encrypting Data Messages for Different Logical Networks - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 12-31-2015 |
20150381579 | METHOD AND SERVER FOR HANDLING OF PERSONAL INFORMATION - The present disclosure relates to a method for facilitating handling of personal information. In particular, the present disclosure relates to a computer implemented method for segmenting personal information into encrypted personal data an unencrypted non-personal data. The disclosure also relates to a method for profile aggregation as well as a corresponding server for profile aggregation. | 12-31-2015 |
20150381580 | SYSTEM AND METHOD TO USE A CLOUD-BASED PLATFORM SUPPORTED BY AN API TO AUTHENTICATE REMOTE USERS AND TO PROVIDE PKI- AND PMI- BASED DISTRIBUTED LOCKING OF CONTENT AND DISTRIBUTED UNLOCKING OF PROTECTED CONTENT - A security system for authenticating users and protecting content that provides an application program interface (API) with a Cloud Platform integration (Platform) for use by enterprise businesses, government entities, systems integrators, independent software vendors, small business, individuals and others (“Entities”) to extend the security capabilities of PKI- and PMI-systems to authenticated external users and protected content. | 12-31-2015 |
20150381581 | CUSTOMER CONTROLLED DATA PRIVACY PROTECTION IN PUBLIC CLOUD - Techniques to protect selected data in a cloud computing environment are disclosed. In various embodiments, an indication is received that a data value to be submitted, using a browser, to a remote node is to be protected. The data value is selectively encrypted. The encrypted data is provided value to the browser to be submitted to the remote node. | 12-31-2015 |
20150381615 | MANAGING USER DATA FOR SOFTWARE SERVICES - User-specific data for use with a software service may be stored in an encrypted form, where the encryption and/or decryption keys used are associated with a user's biometric data (that the user voluntarily provides after appropriate disclosure, to protect the user's interest in privacy). When the user uses the software service on a device, the device may receive the user-specific data in an encrypted form, and then may use the biometric data to retrieve or generate the cryptographic key that is used to decrypt the user-specific data. The user-specific data is then decrypted and used on the device with the software service. | 12-31-2015 |
20150381624 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR COMBATING DEVICE THEFT WITH USER NOTARIZATION - The subject matter described herein includes methods, systems, and computer readable media for combating mobile device theft with user notarization. One method includes providing a supplicant video notarization system application executable on a supplicant device for initiating an interactive video call between a supplicant and a notary as a condition to the supplicant accessing a protected electronic resource. The method further includes providing a notary video notarization system application executable on a notary device through which the notary receives the interactive video call and interacts with the supplicant via the interactive video call to confirm the identity of the supplicant and that video of the supplicant provided in the call is live. | 12-31-2015 |
20150381634 | TRUSTED TIME SERVICE FOR OFFLINE MODE - Systems and methods for providing trusted time service for the off-line mode of operation of a processing system. An example processing system comprises: a first processing device communicatively coupled to a real-time clock, the first processing device to modify an epoch value associated with the real-time clock responsive to detecting a reset of the real-time clock; and a second processing device to execute, in a first trusted execution environment, a first application to receive, from the first processing device, a first time value outputted by the real-time clock and a first epoch value associated with the real-time clock. | 12-31-2015 |
20160006563 | ENCRYPTED DATA COMPUTATION SYSTEM, DEVICE, AND PROGRAM - According to one embodiment, an encryption device encrypts each of numerical values based on an encryption key, and generates encrypted data. On the basis of each of the encrypted data, a computation device generates a primary computation result corresponding to data in which a computation result of an expression that has added and subtracted each of the numerical values is encrypted. On the basis of the primary computation result, a secondary computation key and random numbers, a computation assist device generates a secondary computation result. The computation device generates a tertiary computation result based on the secondary computation result and a tertiary computation key, and decides the magnitude relation between a minuend and a subtrahend in the expression based on the tertiary computation result. | 01-07-2016 |
20160006701 | METHOD OF AND A DEVICE HANDLING CHARGING DATA IN AN IP-BASED NETWORK - The invention relates to a method of handling charging data in a first network entity of an IP-based network. The first network entity receives an IP communication control message comprising user identification data and an associated encryption key. Charging data associated with a communications activity related to said user identification data is encrypted using the encryption key and combined with the user identification data to obtain a charging record with encrypted charging data which charging record is transmitted to a second network entity having the role of charging gateway function. The second network entity receives the charging record with encrypted charging data and subjects the encrypted charging data to a decryption process to obtain a charging record comprising the user identification data and unencrypted charging data. | 01-07-2016 |
20160006702 | METHODS AND SYSTEMS FOR PROVIDING INFORMATION RELATING TO AN EVENT - An organizer may send information relating to an event to participants via text messaging without having participants' texting numbers. Particularly, organizer may be associated with a texting number. Organizer sets event's start/end times, and provides email addresses for event invitees. Email requests invitees' texting numbers to participate in event. Texting numbers are stored, and encrypted respectively as identifiers. Organizer's message for participants is sent as text message to participants' texting numbers between event's start/end, and may be sent as if the message originated from organizer's texting number. When event ends, participants' texting numbers are deleted unless a participant participates in organizer's later ending event. In response to invitation to organizer's later event, a received participant's texting number may be encrypted as later identifier, and compared with identifier from earlier event. If a match, organizer's text message sent to participant during prior event is included in organizer's or participant's conversational history. | 01-07-2016 |
20160006704 | COMPUTER-READABLE, NON-TRANSITORY MEDIUM STORING DIGITAL CONTENT DISTRIBUTING PROGRAM, COMPUTER-READABLE, NON-TRANSITORY MEDIUM STORING DIGITAL CONTENT PLAYBACK PROGRAM, DIGITAL CONTENT DISTRIBUTING APPARATUS AND DIGITAL CONTENT PLAYBACK APPARATUS - In digital content including; data in which digital copyrighted work is stored, and a plurality of separation data separated from the data, a header of the data stores position information for specifying a separation region in which one of the separation data is separated. Moreover each separation region in which the separation data is separated, stores position information for specifying other separation regions in an interlinked manner. Furthermore the data excluding the separation region is encrypted by a content key of the data, and the separation region of the data, and the separation data are encrypted respectively by a content key different for each separation data. Moreover, the separation data is distributed together with the content key on a route different to the data. | 01-07-2016 |
20160006705 | METHODS AND SYSTEMS OF DATA SECURITY IN BROWSER STORAGE - Mechanisms and methods are provided for managing OAuth access in a database network system, and extending the OAuth flow of authentication to securely store the OAuth encrypted refresh token in the storage available with current browsers or any other non-secure storage on user system. | 01-07-2016 |
20160006713 | Method for Enabling Lawful Interception by Providing Security Information - A method and apparatus are provided. Information associated with a lawful interception of communication data of a user equipment is received. Security information associated with the communication data of the user equipment is provided in response to the received information. The security information is based on a first secret which is shared between a communication network provider and the user equipment. | 01-07-2016 |
20160007200 | Communication Apparatus - A communication apparatus may receive a first wireless profile and a second wireless profile from an access point after a wireless connecting operation for establishing a wireless connection in accordance with a predetermined wireless connection scheme has been performed, the first wireless profile being used in a first wireless network, and the second wireless profile being used in a second wireless network; may select a particular wireless profile from among the first wireless profile and the second wireless profile, the particular wireless profile being used in a wireless network having a relatively high security level among the first wireless network and the second wireless network; and may try to establish the wireless connection with the access point using the particular wireless profile. The particular wireless connection scheme may be a scheme for establishing the wireless connection without an identifier for authentication for establishing the wireless connection being inputted. | 01-07-2016 |
20160007294 | ENERGY SAVING IN WIRELESS DEVICES - A method of authorizing a message received at a node in a wireless network is disclosed. The message from a sender device is formed by a plurality of symbols and includes a first message integrity indicator located at a predetermined distance from the start of the message such that further symbols of the message are included after the first message integrity indicator. The position of the first message integrity indicator in the message is determined, and a cryptographic operation is performed on at least some of the symbols of the message before the first message integrity indicator so as to generate a second message integrity indicator before the first message integrity indicator is received. The first and second message integrity indicators are compared, and an indication that the message is not authorized is provided if the second message integrity indicator does not match the first message integrity indicator. | 01-07-2016 |
20160013943 | VERIFICATION METHOD APPLIED TO REMOTE CONNECTION AND RELATED VERIFICATION SYSTEM AND RELATED IP CAMERA | 01-14-2016 |
20160014095 | POLICY-BASED ACCESS CONTROL IN CONTENT NETWORKS | 01-14-2016 |
20160020898 | PRIVACY-PRESERVING RIDGE REGRESSION - A hybrid approach to privacy-preserving ridge regression is presented that uses both homomorphic encryption and Yao garbled circuits. Users in the system submit their data encrypted under a linearly homomorphic encryption. The linear homomorphism is used to carry out the first phase of the algorithm that requires only linear operations. The output of this phase generates encrypted data, in a form that is independent of the number of users n. In a second phase, a Yao garbled circuit that first implements homomorphic decryption and then does the rest of the regression algorithm (as shown, an optimized realization can avoid decryption in the garbled circuit) is evaluated. For this step a Yao garbled circuit approach is much faster than current fully homomorphic encryption schemes. Thus the best of both worlds is obtained by using linear homomorphisms to handle a large data set and using garbled circuits for the heavy non-linear part of the computation. | 01-21-2016 |
20160021067 | METHODS, DEVICES AND SYSTEMS FOR ANTI-COUNTERFEITING AUTHENTICATION - An anti-counterfeiting authentication method is provided. The method includes: generating an encrypted message corresponding to an i-th authentication step, wherein the i-th authentication step is one of n authentication steps arranged in a predetermined order, and 1≦i≦n; sending the encrypted message to a terminal device; receiving, from the terminal device, a call request for initiating the i-th authentication step; executing the i-th authentication step if the request is initiated based on the encrypted message; if the i-th authentication step succeeds and i is less than n, increasing i by one and repeating the generating of an encrypted message; if the i-th authentication step fails, sending an indication to the terminal device indicating an authentication failure; and if the i-th authentication step succeeds and i equals to n, sending an indication to the terminal device indicating an authentication success. | 01-21-2016 |
20160021068 | ENCRYPTION DEVICE WITH CONFIGURABLE SECURITY FUNCTIONALITY USING NETWORK AUTHORIZATION CODE - A device and method for file encryption and decryption with a cryptographic processor reconstituting a file encryption key from a version of the key which has been shrouded with a network authorization code. This meets a need for restricted communication and data containment by limiting access to a pre-defined community-of-interest, so that no one outside of that community can decrypt encrypted content. | 01-21-2016 |
20160021069 | Geospatial Cryptagraphy - The invention includes methods for authenticating access between devices when the devices are within a geospatial boundary comprising the first step of keeping track of the physical position of the devices using both low and, or high fidelity geospatial positioning techniques. Next, a first device determines whether any nearby mobile devices have entered the geospatial boundary. Next, the first device determines if any of the mobile devices are peers eligible for cryptographic authentication. After the first device authenticates that the other device within the geospatial boundary is a trusted peer, the devices may perform various data and, or dynamic policy operations. | 01-21-2016 |
20160021073 | SECURE SPIN TORQUE TRANSFER MAGNETIC RANDOM ACCESS MEMORY (STTMRAM) - A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified. | 01-21-2016 |
20160021080 | SYSTEM FOR INTERACTIVE MATRIX MANIPULATION CONTROL OF STREAMED DATA AND MEDIA - An interactive streaming media and application service provider system can securely stream high resolution, multiple formats of video and data. Different data sets can be included in a single stream. A rights management system controls matrix manipulation and other aspects of user control of the data, including one or more of rendering in various different 2D, 3D, or other media formats, reconstruction and modeling, zooming, frame grab, print frame, parental controls, picture in picture, preventing unauthorized copying, adapting to different data transmission formats, adapting to different resolutions and screen sizes, and actively control functionality contained in embedded data, encryption/decryption. Control can be exerted by an external entity through a user-side virtual machine. Control codes can optionally be embedded in the media, embedded in the user's device, and/or sent separately to the device. | 01-21-2016 |
20160021087 | DATA CUSTODIAN AND CURATION SYSTEM - A data custodian and curation system may store data from a data supplier in encrypted form and may allow users to consume the data when the consumers obtain access to the data through an agreement. The curation system may manage access to the data, even allowing a consumer to use the data as if it were their own, but may track each usage of the data to implement a payment scheme or various usage restrictions. The curation system may encrypt downstream uses of the data and operate as a digital rights management system for the data. The custodian and curation system may operate as a cloud service that may contain encrypted data from many data providers but where the data providers may individually control access to their data in a managed system at any granular level. | 01-21-2016 |
20160021108 | RULE SETS FOR CLIENT-APPLIED ENCRYPTION IN COMMUNICATIONS NETWORKS - A rule set for client-applied encryption is created and deployed to a client device by a network device over a communications network. Encryption applied by the client in accordance with the rule set may form the basis of a secure connection in which encrypted information is encapsulated and tunneled across a network that includes a wireless or wired interface through which the client obtains network connectivity. The client may monitor operating conditions, including operating conditions of the communications network, client device, and/or service provider. The rule set includes one or more rules that may be used by the client in combination with the detected operating conditions to select the appropriate encryption protocol. The rule set may persist at the client for use over multiple sessions in which a range of communication protocols and/or access points are used by the client to obtain network connectivity. | 01-21-2016 |
20160021113 | TECHNIQUES FOR SECURE DEBUGGING AND MONITORING - Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token. | 01-21-2016 |
20160021192 | ESTABLISHING A DIRECT CONNECTION BETWEEN TWO DEVICES - In one embodiment, a method includes, by a first computing device associated with a first user, receiving a connection request from a second computing device associated with a second user. The method also includes confirming that the connection request is associated with the second user and sending to the second computing device an acceptance of the connection request in response to confirming that the connection request is associated with the second user. The method further includes receiving from the second computing device an acknowledgement of the acceptance and, in response to the acknowledgement, allowing information to be exchanged between the first and second computing devices. | 01-21-2016 |
20160028697 | METHOD, SYSTEM AND DEVICE FOR ESTABLISHING LINK - A method and device for establishing link are provided. The method for establishing link is applied to an Ad-Hoc network includes: generating, by a first electrical device, a first part of a service set identifier according to a user's name and a network-card address; generating a second part of the service set identifier according to the first part of the service set identifier, a private key and a first algorithm; generating the service set identifier according to the first part of the service set identifier and the second part of the service set identifier; generating a link password according to the service set, the private key and a second algorithm; and establishing, by a second electrical device, a link with the first electrical device according to the service set identifier, the private key, the first algorithm and the second algorithm. | 01-28-2016 |
20160028699 | ENCRYPTED NETWORK STORAGE SPACE - A unique storage space is associated with a unique identifier. A remote device (such as a server, computer, smartphone, etc.) receives from a client device the unique identifier and a user password. The remote device generates an encryption key specific to the unique storage space using the unique identifier and the user password, encrypts data received from the client device using the encryption key and stores encrypted data in the unique storage space, decrypts data requested by the client device using the encryption key and sends decrypted data to the client device, and deletes the encryption key as well as any unencrypted data and decrypted data. | 01-28-2016 |
20160028709 | SYSTEM FOR EFFICIENT GENERATION AND DISTRIBUTION OF CHALLENGE-RESPONSE PAIRS - A method for implementing response function agnostic, challenge-response authentication on a CE device includes sharing a series of proxy responses to a series of authentication challenges with a service provider, receiving an associated actual response from an initialization phase response function for each of the authentication challenges, where at least one of the initialization phase response function and a parameter required for the initialization phase response function is withheld from the service provider, encrypting each of the proxy responses with its associated actual response, thereby generating a series of encrypted proxy responses, storing the encrypted proxy responses on the CE device, receiving one of the authentication challenges from the service provider, inputting the authentication challenge to an operation phase response generator on the CE device, where the operation phase response generator is configured with the same response function used by the initialization phase response generator, and decrypting the proxy response from the encrypted proxy responses and results of the inputting, thereby producing the proxy response to the authentication challenge without sharing the at least one of the response function and a parameter required for the response function with the service provider. Related apparatus and methods are also described. | 01-28-2016 |
20160028727 | METHOD FOR CONTROLLING A DEVICE REQUIRING USER-RELATED PERMISSIONS VIA A MOBILE TERMINAL - In a method for controlling a device requiring user-related permissions via a mobile terminal using a local data connection between the mobile terminal and the device to be controlled, the control commands requiring user-related permissions for the device to be controlled are generated by means of an interaction between the mobile device and an authentication server and/or a device management server and are transferred to the device to be controlled from the authentication and/or device management server via the mobile terminal. The control commands requiring user-related permissions for the device to be controlled are received by the mobile terminal and are thereafter transferred to the device to be controlled for the purpose of controlling the same and are not stored in the mobile terminal. The control commands received by the device to be controlled are not verified as to the permission of the user to utilize these control commands. | 01-28-2016 |
20160029215 | ELECTRONIC DEVICE AND METHOD FOR DISCOVERING NETWORK IN ELECTRONIC DEVICE - An electronic device includes a memory configured to store identification information of an information server that is matched with an encryption key; and a controller configured to send, before the electronic device is connected with an external device, a request for network information of the external device to the external device in a network discovery frame encrypted using the encryption key matched with the identification information of the information server, and to receive the network information of the external device from the external device in the encrypted network discovery frame. | 01-28-2016 |
20160034707 | METHOD AND DEVICE FOR ENCRYPTING OR DECRYPTING CONTENT - A wearable device includes a user information obtainer configured to obtain user information, a controller configured to selectively generate, in response to a user being authenticated based on the user information, an encryption key for encryption of content of an external device; and a communicator configured to transmit the encryption key to the external device. | 02-04-2016 |
20160034713 | Decentralized Systems and Methods to Securely Aggregate Unstructured Personal Data on User Controlled Devices - A privacy-preserving decentralized computer-implemented system and method for securely aggregating an individual's personal data by extracting, redacting, normalizing, and linking data from a plurality of the individual's personal accounts and services. | 02-04-2016 |
20160036588 | SYSTEM AND METHOD FOR VERIFYING USER IDENTITY IN A VIRTUAL ENVIRONMENT - Systems and methods for verifying user identity in a virtual environment are provided that may include the use of a trusted third party to perform identity verification. Devices may be configured such that the device is unalterably bound to a particular user via biometric data stored on the device and/or with the third party. | 02-04-2016 |
20160036589 | Authentication Server, Authentication System, Authentication Method, and Program - In an authentication system, a mobile communication client transmits to an authentication server a bit signal that includes an image capture bit sequence obtained by capturing an image of a self-aware two-dimensional code having authentication information embedded in a correction area, and a number bit sequence that indicates a serial number of an authentication application program being stored in storage. The authentication server authenticates the user of the mobile communication client and the self-aware two-dimensional code. Subsequently, the authentication server transmits designated information expressed by the self-aware two-dimensional code to the mobile communication client, on the condition that the user and the self-aware two-dimensional code are successfully authenticated. Consequently, the mobile communication client is able to acquire the designated information expressed by the self-aware two-dimensional code. | 02-04-2016 |
20160036590 | METHODS AND SYSTEMS FOR CONTROLLING MEDICAL DEVICE USAGE - Various embodiments provide systems and methods for securely transferring data from a secured site to a medical device. Some embodiments provide systems and methods for securely uploading data from a medical device to a secured site. In some embodiments described herein, data can be downloaded from a secured site to a key and after severing communication with the secured site, key can be coupled to a device and download the data to the device, in some embodiments, a public and private key pair may be used to securely download data to a device. | 02-04-2016 |
20160036783 | CONTROL WORD AND ASSOCIATED ENTITLEMENT CONTROL MESSAGE CACHING AND REUSE - Methods, systems, computer-readable media, and apparatuses for providing control word and associated entitlement control message (ECM) functionalities are presented. In some embodiments, a computing device may cache concurrently a first set of control words and a first set of entitlement control messages (ECMs) associated with the first set of control words. The computing device may encrypt a transport stream with a particular control word of the first set of control words. The computing device may insert a particular ECM, of the first set of ECMs, corresponding to the particular control word into the transport stream sent to a device downstream from the computing device. In some embodiments, a computing device may reuse control words and associated ECMs. | 02-04-2016 |
20160036786 | SYSTEM AND METHOD FACILITATING ENHANCED INTER-OBJECT AND HUMAN-OBJECT INTERACTIVITY USING NETWORKED ELECTRONIC DEVICES - Embodiments of the present invention disclose a method for facilitating enhanced inter-object and human-object interactivity using networked electronic devices. The method comprises providing one or more passive and active objects, generating and assigning a unique, encrypted and network-based Identification (ID) code corresponding to each of the one or more passive and active objects, custom designing a physical object Identification (ID) tag corresponding to each of the one or more passive and active objects, coupling the generated unique, encrypted and network-based Identification (ID) code with the physical object Identification (ID) tag corresponding to each of the one or more passive and active objects, retrofitting the physical object Identification (ID) tag to each of the one or more passive and active objects, providing a network for facilitating inter-object interactions and human interactions therewith, and interacting with the one or more passive and active objects retrofitted with the custom designed physical object Identification (ID) tags using one or more of at least one of portable and wearable computing and communications devices via the network, thereby facilitating realization of web of everything and anything. | 02-04-2016 |
20160036788 | WIRELESS KEY MANAGEMENT FOR AUTHENTICATION - Disclosed are methods, and devices for wireless key management for authentication. One method includes receiving a lock identifier from a locking device; determining that the lock identifier is associated with a user profile, wherein a user profile is authenticated and encrypted by a server using a lock key that is stored by the server and the locking device, and wherein the user profile comprises a user key; transmitting the user profile; decrypting the user profile using the lock key; transmitting a security code; generating an encrypted command comprising the security code and encrypted using the user key; transmitting the command; validating the command. Validating the command can include decrypting using the user key; determining whether the security code is valid; and authenticating using the user key; and initiating, in response to validating, an action of the locking device as specified by the command. | 02-04-2016 |
20160036790 | SYSTEM AND METHOD FOR IDENTITY VERIFICATION ACROSS MOBILE APPLICATIONS - Embodiments are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application). | 02-04-2016 |
20160036792 | SYSTEMS, APPARATUS, AND METHODS FOR PRIVATE COMMUNICATION - Systems, apparatus, methods, etc. for private communications among trusted parties facilitated by untrusted parties. Methods are provided which comprise parameterizing a first cryptographic layer in a first peer and a corresponding layer in a second peer using a first cryptographic key. Such methods also comprise parameterizing a second cryptographic layer in the first peer and a corresponding layer in the second peer using a second cryptographic key. Methods of the current embodiment further comprise encrypting a message using the second and same cryptographic key (which differs from the first and same cryptographic parameter) and transmitting the message from the first peer whereby the second peer can decrypt the message using the second and same cryptographic key. If desired a facilitator server which is remote from the first peer facilitates peer discovery. | 02-04-2016 |
20160036803 | METHOD AND SYSTEM FOR PROCESSING OPERATION REQUEST - A method for processing an operation request includes: detecting by a terminal an operation request, and sending an operation request message to a smart card; receiving by the smart card the operation request message, storing by the smart card the operation request message, generating by the smart card a joint password, generating a signature message, sending by the smart card at least the signature message to the terminal; outputting by the smart card a prompt message about the joint password, if the smart card detects that the smart card is disconnected from the terminal after the terminal obtains the signature message; receiving by the terminal the joint password, using the joint password as a password to be verified, notifying a verification device by the terminal to verify the signature message, and triggering by the verification device a procedure responding to the operation request if the signature message is successfully verified. | 02-04-2016 |
20160037337 | OPEN AND ENCRYPTED WIRELESS NETWORK ACCESS - Embodiments of a system and method for establishing secure communications between devices via a wireless network are generally described herein. In some embodiments a device may transmit a public use credential to a second device to establish a secure device-to-device communication session. In some embodiments a device may prompt a user to provide a network-specific credential or utilize a public use credential to establish a communication session with an access point. In some embodiments a communication module in a device may automatically establish a connection with an access point utilizing a public use credential in response to a previously established relationship with the access point. In some embodiments a plurality of devices may establish unique encrypted communication connections with an access point utilizing an identical public use credential. In some embodiments an access point may provide a certificate identifying the access point to a device utilizing a public use credential. | 02-04-2016 |
20160043865 | SYSTEM AND METHOD FOR AUTHENTICATING A NETWORK TIME PROTOCOL (NTP) - System and method for determining the updating time by a server presumed to have a correct time and a client needing a correct time. The server can first transmit an unencrypted signal, which may be signed or unsigned. The server can then later encrypt or sign the same packet it transmitted with a private key and transmit it to the client. After the client receives the unencrypted packet, the client can compute a time difference. However the client doesn't update its time until a follow-up packet is received from the server. If encrypted, the packet is decoded with the server's public key, and the decoded packet is shown identical to the received packet and that the identification bits are the same. | 02-11-2016 |
20160043866 | Securing Devices to Process Control Systems - Techniques for securing a device for use in or with a process plant include provisioning the device with a key generated at least in part from data indicative of necessary conditions and/or attributes that must be met before the device is allowed access to a network of the process plant. Upon initialization, the device determines, based on the key, whether or not the necessary conditions are met, and the device isolates itself or accesses the process control network accordingly. Keys and the necessary conditions/attributes indicated therein may be based on, for example, location, time, context, customer, supplier, particular plant, manufacturer, user, data type, device type, and/or other criteria. Additionally, sub-keys associated with a key may be generated from another set of necessary conditions/attributes. Sub-keys may be provided by a different entity than the key provider entity. | 02-11-2016 |
20160043867 | A QUALIFIED ELECTRONIC SIGNATURE SYSTEM, METHOD AND MOBILE PROCESSING TERMINAL FOR QUALIFIED ELECTRONIC SIGNATURE - A Qualified Electronic Signature (QES) system configured to exchange data with first processing means of the requester configured to allow a requester to generate requests requesting a qualified electronic signature through said system to a recipient. The system comprises second processing means of the recipient configured to allow the recipient of the request to sign with his qualified electronic signature. Said second processing means comprise a mobile processing terminal for qualified electronic signature of mobile type, adapted to receive request messages at least on a wireless network able to address said messages, through proximity or remote communications, on the basis of at least one terminal identifier of said mobile processing terminal to said user recipient; said second processing means are adapted to send qualified electronic signature at least on a wireless network suitable for proximity or remote communications in order to verify the signature of the recipient through said system and perform the request. | 02-11-2016 |
20160043872 | A CHALLENGE-RESPONSE METHOD AND ASSOCIATED CLIENT DEVICE - There is described a challenge-response method for a client device. The method comprises steps of: (a) receiving challenge data, wherein the challenge data is content encrypted using an encryption key, the content including a nonce; (b) using a secured module of the client device to access the content by decrypting the challenge data using a decryption key of the secured module, the decryption key corresponding to the encryption key; (c) processing a version of the content output by the secured module so as to obtain the nonce; and (d) providing the nonce as a response. There is also described a client device for implementing the above challenge-response method. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above challenge-response method. Finally, there is described a computer readable medium storing the above-mentioned computer program. | 02-11-2016 |
20160044001 | NETWORK-ENABLED DEVICE PROVISIONING - Systems, devices, and techniques for network-enabled device provisioning are disclosed herein. In some embodiments, a network-enabled device may include: a storage device; listening logic to wirelessly receive a plurality of key fragments from a corresponding plurality of peer devices, to cause storage of the plurality of key fragments in the storage device, and to receive an encrypted provisioning message from a management device; key generation logic to generate a decryption key based on the plurality of key fragments stored in the storage device to decrypt the encrypted provisioning message, and to decrypt the encrypted provisioning message using the decryption key; and control logic to provision the network-enabled device in accordance with instructions included in the decrypted provisioning message. Other embodiments may be disclosed and/or claimed. | 02-11-2016 |
20160044002 | DATA TRANSMISSION METHOD AND APPARATUS - The present invention provides a data transmission method and apparatus, where the method includes: performing, by UE, security processing on a NAS PDU by using a security parameter and a security algorithm, where data to be transmitted is encapsulated in the NAS PDU; and sending, by the UE, the NAS PDU to a serving SGSN by using an RNC. The present invention can improve efficiency of transmitting a small data packet, and further provide a security mechanism to ensure security of transmitting the small data packet. | 02-11-2016 |
20160044004 | CONTENT DISTRIBUTION METHOD, CONTENT DISTRIBUTION SYSTEM, SOURCE DEVICE, AND SINK DEVICE - Provided is a content distribution method which allows a source device to safely distribute copyrighted content to a sink device in response to a request from the sink device as a trigger. The content distribution method includes a list transmission step S | 02-11-2016 |
20160044503 | Protecting Radio Transmitter Identity - A system and a method are disclosed for protecting the privacy of a wireless data transmission. A request is received from a client device to connect to a base station. A session identification is assigned to the client device and a set of transmission identifications are generated using a block cipher with the assigned session identification and a secret key as input. The transmission identifications identify a frequency channel and a time slot for the client device to wirelessly transmit a message to the base station. The set of transmission identifications are then encrypted and sent to the client device. | 02-11-2016 |
20160050070 | METHOD AND SYSTEM FOR ACCESSING DEVICE BY A USER - A method for accessing a device by a user connected to the device and to at least two servers in different networks includes collaboratively generating parts of an authentication ticket on the at least two servers, collaboratively generating parts of a user session key and encrypting a combined user session key, authenticating with the authentication ticket at a distributed ticket granting server by collaboratively decrypting user request information using the combined user session key and comparing its content with the authentication ticket, collaboratively generating an encrypted user-to-device ticket and an encrypted user-to-device session key, and accessing the device by the user using the encrypted user-to-device ticket and the user-to-device session key. | 02-18-2016 |
20160050122 | DATA PLANE DISTRIBUTION OF CONTROL MESSAGES - Techniques of executing commands in forwarding nodes are discussed. Control messages are recursively included within each other and distributed in a data plane formed by a network of the forwarding nodes. A given control message can include a command which is executed by a respective forwarding node. The given control message further includes a further control message to be sent to a further forwarding node by the respective forwarding node. The control messages are created by a control node which is configured for controlling operation of the network of forwarding nodes. | 02-18-2016 |
20160050185 | SYSTEMS AND METHODS FOR PROTECTING INTERNET ADVERTISING DATA - Systems and methods are disclosed for protecting user privacy in, for example, online advertising environments. The method includes receiving data related to a user in a first communication session between a host server and a client device, and generating a user profile associated with the user. The method further may include encrypting the user profile to produce encrypted user profile data and generating a decryption key for decrypting the encrypted user profile data. Thereafter, either the decryption key or a portion of the encrypted user profile data may be transmitted to the client device and then deleted from host server before ending the first communication session. The method further may include establishing a second communication session between the host server and the client device and retrieving the transmitted content. Then targeted advertising may be provided by decrypting the encrypted user profile data. | 02-18-2016 |
20160050259 | PROVIDING CUSTOMER INFORMATION OBTAINED FROM A CARRIER SYSTEM TO A CLIENT DEVICE - Methods and systems are presented for accessing customer relationship management (CRM) information stored in a carrier system associated with a user of an identified client device. A client device is identified based on client device identification information received from a carrier system. CRM information associated with the identified client device is received from the carrier system, and data corresponding to at least a subset of the CRM information is output to the client device. The client device may be configured to pre-populate data fields of a transaction based on the data corresponding to at least a subset of the CRM information. | 02-18-2016 |
20160055328 | USABLE SECURITY OF ONLINE PASSWORD MANAGMENT WITH SENSOR-BASED AUTHENTICATION - A multi-party security protocol that incorporates biometric-based authentication and withstands attacks against any single party (e.g., mobile phone, cloud, or the user). The protocol involves the function split between mobile and cloud and the mechanisms to chain-hold the secrets. A key generation mechanisms binds secrets to a specific device or URL (uniform resource locator) by adding salt to a master credential. An inline CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) handling mechanism uses the same sensor modality as the authentication process, which not only improves the usability, but also facilitates the authentication process. This architecture further enhances existing overall system security (e.g., handling untrusted or compromised cloud service, phone being lost, impersonation, etc.) and also improves the usability by automatically handling the CAPTCHA. | 02-25-2016 |
20160057112 | INFORMATION PROCESSIING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - Provided is an information processing device including: a data processing unit that performs a content playback process; and a communication unit that communicates with a server, wherein the content is content that has a segment region configured with a plurality of pieces of variation data which can be respectively decrypted by different keys, and for which a plurality of playback paths can be configured according to variation data which is selected as a playback object, wherein each piece of variation data is data for which a variation data identifier can be analyzed from decrypted data, and wherein the data processing unit receives playback path information which is allowed to be played from the server through the communication unit, and selects variation data from the segment region so as to perform content playback, according to the playback path information received from the server. | 02-25-2016 |
20160057122 | WIRELESS OUT-OF-BAND AUTHENTICATION FOR A CONTROLLER AREA NETWORK - In one embodiment, a method comprising without user intervention: receiving encrypted first information from a device over a wired medium; decrypting the encrypted first information; and communicating second information over a wireless medium based on the first information. | 02-25-2016 |
20160057125 | INFORMATION PROCESSING METHOD AND SYSTEM - Disclosed are an information processing method and system. The first terminal sends operation request information to an electronic signature token. The electronic signature token generates a joint password and a signature message, adjusts the joint password to obtain a first processing password, and sends the signature message and the first processing password to the first terminal. The first terminal notifies a first verification device to verify the signature message, and if the verification is successful, the first verification device notifies a background system server to preprocess the operation request information for obtaining preprocessed information. The electronic signature token outputs prompt information. A second terminal obtains the joint password according to the prompt information and notifies a second verification device to verify the joint password, and if the verification is successful, the second verification device triggers the background system server to perform a response process of the operation request information. | 02-25-2016 |
20160057622 | COMMUNICATION SYSTEM, RELAY APPARATUS, AND COMMUNICATION METHOD - Provided are a communication system, a relay apparatus, and a communication method capable of achieving high security in a case of controlling devices such as electric power meters and acquiring data from the devices by connecting an autonomous distributed near field communication network such as a smart utility network to a public radio communication network. A relay apparatus | 02-25-2016 |
20160063219 | OPERATING A DEVICE FOR FORWARDING PROTECTED CONTENT TO A CLIENT UNIT - The invention relates to a method of operating a device for forwarding protected content to a client unit, the device comprising at least one decryption module for decrypting protected content received in the device and at least one re-encryption module for re-encrypting the content to generate re-encrypted content to be sent to the client unit. The method comprises the steps of: (i) the decryption module authenticates the re-encryption module using authentication data transmitted from the re-encryption module to the decryption module, and (ii) the decryption module forwards decrypted content to the re-encryption module upon having successfully authenticated the re-encryption module. Moreover, the invention relates to a corresponding device. | 03-03-2016 |
20160065372 | SECURE COMMUNICATION OF DATA BETWEEN DEVICES - A capability for secure communication of data from a source device to a destination device is presented. The source device has a device identifier associated therewith. The source device stores an encrypted version of the device identifier that is encrypted based on a master key of the destination device. The source device stores an encryption key. The source device communicates data to the destination device in a secure manner by encrypting the data using the encryption key and propagating the encrypted version of the device identifier and the encrypted data to the destination device. The destination device recovers the data sent by the source device by decrypting the encrypted version of the device identifier based on the master key to determine the device identifier, determining a decryption key based on the device identifier, and decrypting the encrypted data based on the decryption key to recover the data sent by the source device. | 03-03-2016 |
20160065542 | METHODS AND SYSTEMS FOR AUTO-COMMISSIONING OF DEVICES IN A COMMUNICATION NETWORK - Devices, methods, systems, and computer-readable media for auto-commissioning of devices in a communication network are described herein. One or more embodiments include a method for auto-commissioning of a device added to a communication network, comprising: determining properties of signal transitions of the communication network via a device added to the network while the signal transitions of the communication network are passing unchanged, and processing the signal transitions of the communication network, via the device, based on the properties of the signal transitions. | 03-03-2016 |
20160065543 | COMMUNICATION SYSTEM, MANAGEMENT SERVER, SERVER, CONCENTRATOR, AND ENCRYPTION SETTING METHOD - After an IP address of a concentrator is changed by a management server (management platform), a server and the concentrator acquire the changed IP address of the concentrator at each communication, and changes encryption settings so that a set encryption key will be associated with the changed IP address. | 03-03-2016 |
20160065544 | Simple protocol for tangible security - The claimed subject matter provides systems and/or methods that effectuate a simple protocol for tangible security on mobile devices. The system can include devices that generate sets of keys and associated secret identifiers, employs the one or more keys to encrypt a secret and utilizes the identifiers and encryptions of the secret to populate a table associated with a security token device that is used in conjunction with a mobile device to release sensitive information persisted on the mobile device for user selected purposes. | 03-03-2016 |
20160065571 | SYSTEM AND METHODS FOR SECURE FILE SHARING AND ACCESS MANAGEMENT - Disclosed is a system and method for coordinating secured access to an access-controlled environment. A plurality of keys are stored, each associated with a user account and generated by executing a biometric authentication application, using identification information concerning the respective user and a component of the of the respective computing device. Access-control information identifies an access-controlled environment, and a transmission is received from a computing device that includes a respective key and an indicator indicating that the user's identity has been biometrically confirmed by the computing device. The key confirms that the user has been biometrically authenticated, and that the transmission is not a replay of a previously received transmission from the computing device. Access to the access-controlled environment is facilitated as a function of the verification, determination and confirmation. | 03-03-2016 |
20160065590 | IDENTIFICATION, AUTHENTICATION, AND AUTHORIZATION METHOD IN A LABORATORY SYSTEM - An identification, authentication and authorization method in a laboratory system is presented. The system comprises at least one laboratory device. The method comprises receiving identification data identifying a user; receiving identity confirmation data to authenticate the user; and generating authentication data upon successful authentication of the user. The authentication data is configured to enable authentication of the user based on only the identification data during a validity time period without repeated receipt of the identity confirmation data. The method further comprises receiving the identification data by an identification unit; validating the authentication data corresponding to the identification data comprising the step of verifying non-expiry of the validity time period; and granting authorization to the user for the laboratory device upon successful validation of the authentication data. | 03-03-2016 |
20160065695 | APPARATUS AND METHOD FOR SECURE OVER THE AIR PROGRAMMING OF A COMMUNICATION DEVICE - A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that is utilizing a hypertext transfer protocol where the over-the-air programming message including programming data for use by the mobile communication device, converting the over-the-air programming message to a short message service transport protocol to generate an adjusted message that includes the programming data, and providing the adjusted message to a universal integrated circuit card of the mobile communication device via a baseband proxy operating in a device processor of the mobile communication device. Other embodiments are disclosed. | 03-03-2016 |
20160072774 | Encrypted streams to receivers - Techniques to ensure that a content stream will be encrypted prior to it being served it to the stream receiver if either the stream receiver returned an initial status to the stream caster indicating that only encrypted streams will be accepted or if the user of the stream caster optioned that only encrypted streams will be cast. The invention consists of a stream casting device capable of locally sourcing and encrypting streams, a content stream server capable of sourcing encrypted streams and encrypting streams on the fly, a stream receiver device, and software applications and/or hardware devices to manage key exchanges, encryption, and decryption across the devices serving streams, and stream receiving devices. The casted streams, residing on either a content stream server or on the stream casting devices will be encrypted prior to being served. Encrypted streams can be encrypted at the time they are served to the stream receiver or may have been previously encrypted prior to a key exchange between the stream receiver and the device serving the content stream. | 03-10-2016 |
20160080152 | Mobile device-based keypad for enhanced security - An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad. | 03-17-2016 |
20160080329 | MOBILE TERMINAL AND METHOD THEREOF - The present disclosure provides a mobile terminal. The mobile terminal comprises: an encryption password setting unit configured to set an encryption password and encrypt the encryption password; an encryption password management unit configured to back up the encrypted encryption password onto a cloud or acquire the encrypted encryption password from the cloud; a storage encryption unit configured to request the encrypted encryption password from the encryption password management unit, decrypt the encrypted encryption password and encrypt data to be stored with the encryption password; and a read decryption unit configured to request the encrypted encryption password from the encryption password management unit, decrypt the encrypted encryption password and decrypt data to be read with the encryption password. Also provided is a method in a mobile terminal. With the present disclosure, it is possible to reduce the risk of leak of confidential data as a result of data protection on a mobile terminal being cracked without the user's awareness. | 03-17-2016 |
20160080331 | Server-paid internet access service - An embodiment of a system for providing Internet access free of charge to a user utilizes an Internet service provider for connecting a user to the Internet, a zone creation means, and a zone organizer. Free zones of servers are created, wherein the free zones are groups of at least one server to which at least one user can connect. The zone organizer can be in communication with the ISP. The zone organizer can be a traffic monitor, a traffic controller, an authentication protocol, a bookkeeping protocol, a fee collection and dispersal module, and/or an indexing and listing function. | 03-17-2016 |
20160080332 | Handling of Performance Monitoring Data - System, methods, nodes, and computer program for handling performance monitoring data in a communication network are described. The communication network ( | 03-17-2016 |
20160080333 | COLLATION SYSTEM, NODE, COLLATION METHOD, AND COMPUTER READABLE MEDIUM - A collation system includes a first node, a second node and a third node. The first node includes: an encryption unit; a distance calculation unit t; and a collation data generation unit. The second node includes: a key generation unit; and a collation unit. The third node includes: a storage unit; and a collation information generation unit. | 03-17-2016 |
20160080334 | SECURE DISTRIBUTED PUBLISH/SUBSCRIBE SYSTEM - A distributed event system includes a plurality of publishers, a communication infrastructure, and a key manager that manages access to publishing of events by one or more applications. An event is published, by a publisher, when the publisher determines an occurrence of an event and, in response, obtains a key from the key manager. The publisher then encrypts the event with the key to produce an encrypted event and transmits the encrypted event for consumption by a subscriber to the event. | 03-17-2016 |
20160080352 | PROVIDING LOCALIZED CONTENT DELIVERY WITH REMOTE TOKEN AUTHENTICATION - Some embodiments set forth systems and methods enabling a first network to use the resources of various second networks in order to localize delivery of the first network content from the various second networks in a secure manner. Some embodiments provide a token-based authentication scheme to ensure that any configured content access restrictions are effectuated at the first network and any of the second networks providing localized content delivery for the first network. The scheme involves a two phase user authentication, wherein the user is separately authenticated at the first network and the redirected to second network using either the same or different set of access restrictions. The first network exchanges a first encryption key with content providers for encrypting/decrypting the first access restriction and a second encryption key with a second network for encrypting/decrypting the second access restriction. | 03-17-2016 |
20160080372 | CRYPTOGRAPHIC PROTOCOL FOR PORTABLE DEVICES - Embodiments are directed towards communicating using a mobile device that performs actions including. A mobile device may be provisioned with an access point such that a provisioning key and a provisioning token for each of the provisioned access points may be stored on the mobile device. The mobile device may be determined to be in the presence of a provisioned access point based on the provisioning key and an advertising nonce. The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter. And, encrypted message packets that include a message and a message authentication tag may be communicated to the access point. | 03-17-2016 |
20160080426 | SYSTEMS AND METHODS FOR CLOUD DATA SECURITY - Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control. | 03-17-2016 |
20160080528 | SYSTEM, METHOD AND COMPUTER-ACCESSIBLE MEDIUM FOR SECURE AND COMPRESSED TRANSMISSION OF GENOMIC DATA - An exemplary system, method and computer-accessible medium can be provided for generating an encrypted reference-based secure-compression of randomly located short sequence reads from a genome(s), which can, for example, including obtaining information related to the randomly located short sequence reads, obtaining second information related to a plurality of reference sequences for the genome(s), generating third information related to a set of edit calls containing location information based on the first and second information using a base-calling procedure and an alignment procedure, and generating the encrypted reference-based secure-compression of the first information based on the third information. The exemplary system, method and computer-accessible medium can facilitate the exemplary chemistry box to generate analog information to be locally and physically separated from informatics box interpreting digital data. | 03-17-2016 |
20160080939 | AUTHENTIFICATION METHOD FOR A COMMUNICATION NETWORK - An authentication method for a communication network includes a registration step, an inquiry step, an answering step and a verification step. The authentication method further includes an emergency authentication mode if a response code is not received by a requesting end within a predetermined period of time or if a first confirmation code is verified to be incorrect by a requesting end. In another embodiment, an authentication method for a communication network includes a registration step, a first inquiry step, a second inquiry step, a first answering step, a second answering step and a verification step. The authentication method in the other embodiment also includes an emergency authentication mode if a second response code is not received by the requesting end within a predetermined period of time or if a third tested code is verified to be incorrect. | 03-17-2016 |
20160080943 | SHORT-RANGE DEVICE COMMUNICATIONS FOR SECURED RESOURCE ACCESS - Communications over short-range connections are used to facilitate whether access to resources is to be granted. For example, upon device discovery of one of an electronic user device and an electronic client device by the other device over a Bluetooth Low Energy connection, an access-enabling code associated with a user device or account can be evaluated for validity and applicability with respect to one or more particular resource specifications. User identity can be verified by comparing the user against previously obtained biometric information. | 03-17-2016 |
20160085861 | PRIVATE CLOUD API - Methods, systems, and computer program for implementing a private cloud are provided. A computer-implemented method may include registering a private cloud in a central registry; retrieving private cloud registration data from the central registry; sharing the private cloud registration data with other users; and allowing other users to connect to the private cloud using the shared private cloud registration data. | 03-24-2016 |
20160087675 | ETHERNET INTERFACE MODULE - An Ethernet interface module comprises a duplex port operable to transfer frames between said Ethernet network and a device and a path coupling a receive portion of the duplex port to a transmit portion of said first full duplex port. A queue is disposed in said first path. Evaluation apparatus is coupled to the queue and determines whether a received frame is addressed to said Ethernet interface module and whether a frame type field contains a frame type. The Ethernet interface module is operable in a first mode such that every said received frame is echoed back out the full duplex port; and is operable in a second mode such that each received frame that meets predetermined evaluation criteria is echoed back out the duplex port and those received frames that do not meet the predetermined evaluation criteria are discarded. | 03-24-2016 |
20160087789 | Cryptographic Method and Apparatus - A method of formatting data for transmission to another party including the step of incorporating in the data a flag indicative of the absence of data for authentication of the sender. An authentication tag length is also included to permit variable length tags to be used. | 03-24-2016 |
20160087944 | KEY MANAGEMENT FOR MIXED ENCRYPTED-UNENCRYPTED CONTENT - Based on a request for media content from a media client, a device identifies one or more: segments of encrypted media content; encryption keys for decrypting the segments of encrypted media content; and segments of unencrypted media content. The device determines an order for sending the one or more segments of encrypted and unencrypted media content. The device sends, to the media client, a segment of encrypted media content, according to the order for sending, along with an encryption key for decrypting the segment of encrypted media content being sent. The device sends, to the media client, a segment of unencrypted media content, according to the order for sending, along with a subsequent encryption key for decrypting a subsequent segment of encrypted media content to be sent after the segment of unencrypted content. The subsequent encryption key permits the media client to decrypt the subsequent segment of encrypted media content. | 03-24-2016 |
20160087945 | METHOD FOR ENCRYPTING DIGITAL FILE - Disclosed is a method for encrypting a digital file, comprising the following steps: generating, when a user requests to download a specified digital file, a key, according to inherent information of the user, inherent information of a client terminal used by the user, and inherent information of the specified digital file; encrypting the specified digital file according to the key that has been generated; and performing decryption according to the key and a corresponding decryption procedure, after an encrypted digital file is downloaded at the client terminal used by the user. The technical solution allows dynamic generation of one key each time the digital file is downloaded, thereby truly realizing “one user, one machine, and one copy of the digital file.” | 03-24-2016 |
20160087958 | INDUSTRIAL SECURITY AGENT PLATFORM - Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating secure communication. A system for facilitating secure communication includes an enterprise network, one or more operational technology networks, and a management server. Each of the operational technology networks can include one or more controller devices operable to control one or more operational devices, and can include a respective site security server and a respective security relay server. The security relay server can be operable to facilitate secure communication between controller devices of the operational technology network and its corresponding site security server. The management server can be a node on the enterprise network and can be operable to communicate with each site security server. | 03-24-2016 |
20160087985 | Protecting Online Meeting Access Using Secure Personal Universal Resource Locators - Access to online collaborative resources such as an online meeting, web conference, online chat room, an online video conference, an online audio conference, a collaboratively edited document, a collaborative browsing session, an online social networking group, or a web site is secured by providing a first user-specific URL to a first user for addressing collaborative resource; responsive to the first user accessing the first user-specific URL, granting by a computing system access to the collaborative event to the first user; and responsive to a second user accessing the first user-specific URL, preventing by a computing system access to the collaborative event to the second user. Optionally, time criteria for accessing the first user-specific URL may be used to invalidating the first user-specific URL, wherein access to the collaborative resource is disabled. | 03-24-2016 |
20160094347 | METHOD AND SYSTEM FOR SECURE MANAGEMENT OF COMPUTER APPLICATIONS - Processing information is disclosed including receiving an application retrieval request sent by a terminal, the application retrieval request including identifying information of the terminal, generating, based on a preset key generation technique, an encryption key based on the identifying information included in the application retrieval request, encrypting, based on the encryption key and a preset encryption technique, designated data in an application to obtain an encrypted application, and sending the encrypted application to the terminal. | 03-31-2016 |
20160098392 | SYSTEM AND METHOD FOR AUTOMATED ALERTS IN ANTICIPATION OF INAPPROPRIATE COMMUNICATION - A method for providing a sensitive text alert includes monitoring a key selected on a keyboard of a computer system. The key selected is reported to a key-logger application executing on the computer system. The reported key selected is appended to a string file. At least one portion of the string file is compared to a database of sensitive words/phrases. An alert is generated when it is determined that the compared at least one portion of the string file matches an entry in the database of sensitive words/phrases. The generated alert is superimposed on a display device of the computer system. | 04-07-2016 |
20160099807 | PROGRAM COLLATION SYSTEM, NODE, COLLATION METHOD, AND COMPUTER-READABLE MEDIUM - A collation system includes first through third nodes N | 04-07-2016 |
20160099809 | TAMPER-EVIDENT NETWORK MESSAGING METHOD AND SYSTEM, AND DEVICE CONFIGURED THEREFOR - Described are various embodiments of a tamper-evident network messaging method and system, and device configured therefor. In some embodiments, tamper-evident messaging is enabled between network-interfacing devices. In general, these devices will each comprise a hardware hasher or the like, operatively configured to compute and supply a hash value to their respective network interface via an independent path distinct from the device's one or more software-accessible paths, where it may be combined with outgoing messages to provide indication of possible code tampering, or again evaluated against incoming hash values associated with incoming messages to verify an authenticity thereof. In some embodiments, such hash values may further or alternatively be used for the encryption/decryption of intercommunicated messages to provide a similar effect. | 04-07-2016 |
20160105284 | DETECTION OF UNAUTHORIZED ENTITIES IN COMMUNICATION SYSTEMS - Methods and systems are provided for detection of unauthorized entities in communication systems. The method includes obtaining a secret string by a first network element and generating a random number by the first network element. The method also includes computing a first cryptographic result by the first network element. The first cryptographic result is based on a cryptographic function, the secret string, and the random number. The method further includes attempting to transmit, by the first network element, a first packet that includes the random number to a second network element using a layer 2 packet terminating protocol. The method includes receiving, within a configured time, a second packet including a second cryptographic result at the first network element, and terminating transmission to the second network element when a second cryptographic result is different from the first cryptographic result. | 04-14-2016 |
20160105400 | APPARATUS AND METHODS FOR DATA TRANSFER BETEWEEN A PLURALITY OF USER DEVICES - Methods and apparatus for transferring data (such as for example media or other content) between devices while maintaining protection of the content. In one embodiment, a first user device causes a network entity to generate a shared encryption key for a second user device which is to receive content. In this manner, when the content (which has been encrypted with a key that is specific to the first device) is re-encrypted using the shared key, then transferred to the second device, the second device also obtains the shared key and uses it to decrypt the content, then the second device re-encrpyts the content with a key that is specific to the second device for storage thereon. For example, within a premises network the entire contents of a first digital video recorder (DVR) may be transferred to a replacement DVR. | 04-14-2016 |
20160105403 | Authenticated Encryption Support in ISO/IEC 23009-4 - A server apparatus supporting authenticated encryption in a network, comprising a receiver configured to receive an unencrypted segment, a processor configured to selecting an encryption key, an initialization vector, and an additional authentication data (AAD), encrypt the segment, configuring the segment for transfer in a Dynamic Adaptive Streaming over Hypertext Transfer Protocol (HTTP) (DASH) media, assign a segment number to the encrypted segment, append an authentication tag to the encrypted segment, store the encrypted segment with the appended authentication tag, and update a Media Presentation Description (MPD) associated with the encrypted segment with the appended authentication tag, wherein the MPD comprises an @aadBase attribute with an AAD base value, wherein the AAD value is the sum of the segment number and the @aadBase attribute value, and a transmitter configured to transmit the encrypted segment with the appended authentication tag to a destination. | 04-14-2016 |
20160112197 | METHOD AND APPARATUS FOR STORING ENCRYPTED DATA FILES ACROSS DISTRIBUTED STORAGE MEDIA - A method for distributing data to a plurality of storage locations in a computing network is provided. The method includes receiving, at a processor in the computing network, input data and an input random cryptovariable, transforming, at the processor, the input data and the input random cryptovariable into encrypted output using Da Yen processing, and distributing the encrypted output to the plurality of storage locations. The present design further includes a method for decrypting encrypted blocks of data distributed over a plurality of storage locations in a computing network. The method includes receiving, at a processor in the computing network, a plurality of cipher/key word pairs, and transforming, at the processor, the plurality of cipher/key word pairs and a salt key word into plaintext using Da Yen processing. | 04-21-2016 |
20160112201 | DATA AUTHENTICATION DEVICE AND DATA AUTHENTICATION METHOD - For improving, when performing road-vehicle communication or vehicle-vehicle communication between a roadside device and in-vehicle devices or therebetween, efficiency of distribution information verification including digital signature verification and freshness verification, there are included a memory unit that stores, as an authentication information history, a history of second authentication information of communication data which was received in the past from another communication device and which includes first authentication information, distribution information, and the second authentication information and an authentication processing unit that verifies, on the basis of the first authentication information of new communication data being newly received communication data, authenticity of the second authentication information of the new communication data and that compares the second authentication information of the new communication data with the authentication information history stored in the memory unit to verify freshness of the new communication data. | 04-21-2016 |
20160112376 | SECURE MOBILE DATA SHARING - Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing secure mobile data sharing. Actions can include: receiving, by the one or more processors, a request for secure mobile data sharing, the request being received from a mobile device and comprising a security definition; obtaining, by the one or more processors, based at least in part on the security definition of the request: a decryption key, a recipient identifier, and a security policy; receiving, by the one or more processors, a decryption request from a third-party device, the decryption request comprising an identifier distinguishing the third-party device as a recipient of an encrypted message corresponding to the decryption key; and providing the decryption key to the third-party device in response to validating the decryption request. | 04-21-2016 |
20160112377 | METHOD OF SECURELY TRANSFERRING DATA OVER A SERVER - A method of securely transferring data over a server is provided. The method may be executed by a software program on a computer. The present invention includes using an agreed upon virtual location as a password and an encryption key for the transfer of data between individuals or groups. For example, a first user may enter the virtual location on a computer. The user may then select a second user to send data to. The computer may encrypt the data using a encryption key linked to the virtual location. The data may be sent to the second user over the server. The second user may be prompted to enter a matching virtual location. Once the second user enters the matching virtual location, the data is decrypted on the second user's computer. The second user may now have access to the data. | 04-21-2016 |
20160112459 | IMAGE PROCESSING APPARATUS THAT OPERATES ACCORDING TO SECURITY POLICIES, CONTROL METHOD THEREFOR, AND STORAGE MEDIUM - An image processing apparatus which is capable of restraining operation that does not comply with security policies even in a case where security policies are changed through setting of user modes. The security policies are set in advance in the image processing apparatus. The image processing apparatus has a UI operation unit that enables operation on the image processing apparatus. When settings of the image processing apparatus are changed via the UI operation unit, it is verified whether or not the changed settings match the security policies. Operation of the image processing apparatus is restrained until it is verified that the changed settings match the security policies. | 04-21-2016 |
20160112518 | SYSTEMS AND METHODS FOR SMART DEVICE NETWORKING - A system for smart device networking includes an endpoint that enables communication with a connected device, a bridge that communicates with the endpoint over a PAN and relays PAN communications to a WAN, and a router that connects to the bridge through the WAN and routes communication to and from the endpoint. | 04-21-2016 |
20160119140 | METHODS AND APPARATUS TO COLLECT DISTRIBUTED USER INFORMATION FOR MEDIA IMPRESSIONS AND SEARCH TERMS - An example method includes facilitating installation of a data collector on a media device; collecting, via the data collector, a media identifier indicative of media presented at the media device; encrypting a user identifier that identifies the user of the media device, the encrypting of the user identifier based on a first encryption key corresponding to a first database proprietor having first user information associated with the user identifier; encrypting a device identifier that identifies the media device, the encrypting of the device identifier based on a second encryption key corresponding to a second database proprietor having second user information associated with the device identifier; sending the media identifier to a data collection server; sending the encrypted user identifier to a second server associated with the first database proprietor; and sending the encrypted device identifier to a third server associated with the second database proprietor. | 04-28-2016 |
20160119145 | SECURE TRANSMISSION - A method for providing evidential data is disclosed. The method includes establishing one or more first secret tokens with a server; obtaining one or more data items from one or more sensors; modifying the one or more data items with at least one of the one or more first secret tokens to provide one or more modified data items; generating a respective first hash value for each of the one or more modified data items; generating a second hash value for a data set including each of the one or more data items; and transmitting the one or more data items, the one or more first hash values, and the second hash value to the server. | 04-28-2016 |
20160119293 | System and Method for Authenticating and Encrypting Data Transmitted To and From the Devices and Cloud Servers - A method is provided of authenticating and encrypting data transmitted between a user and a remote cloud server, where the method includes providing a computer user interface for the exchange and transmission of digital information between the user and the cloud server; permitting the user to establish a private user encryption key; and automatically establishing a public user encryption key; whereby the user may digitally transmit information using both the public and private keys so that the recipient of such information may only access such information if such recipient is pre-provided with both the public and private encryption keys. | 04-28-2016 |
20160119295 | SYSTEM AND METHOD FOR PROVIDING PERSONALIZED AND CONFIDENTIAL DATA MANAGEMENT AND SHARING SERVICES - A method and system for providing personalized and confidential data management and sharing services to the subscriber are disclosed. The method includes enabling an individual to register with a personalized and confidential data management and sharing system to become a subscriber. The subscriber may enter personalized and confidential data and designate recipients to receive personalized and confidential data and upload photographs of the recipients. The method includes determining the existence of the subscriber by tracking the visiting/login history of the subscriber at regular intervals, transmitting communication messages to the personalized digital account of the subscriber upon identifying the subscriber not logging in to the subscriber account and establishing a voice call with the contact number of the subscriber and/or the affiliates to confirm the demise/existence of the subscriber. The method includes confirming the demise of the subscriber and transmitting a link and password and confirming the identity of the designated recipients through video conference to view or download the data. | 04-28-2016 |
20160119296 | Token Enrollment System and Method - Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing a token service environment that allows a token requesting party (e.g. token requestor) to specify parameters for token generation for controlling and customizing the token generation process. For example, the token requesting party may specify (e.g. select from a list or provide a list of) the accounts for tokenization. The accounts may be identified by account identifiers (e.g. account numbers) or bank identification numbers (BINs). The token requesting party may also specify encryption keys for the tokens to be generated. The token requesting party may also specify additional parameters such as notification thresholds indicating when notifications associated with the tokens are to be generated. | 04-28-2016 |
20160119349 | ACCESS CONTROL FOR DATA BLOCKS IN A DISTRIBUTED FILESYSTEM - A method for access control of data in a filesystem is provided. The method includes storing a map in a server, the map coupled to an agent, the map associating access control rules, filenames in a namespace in a first filesystem, and owners of files. The method includes determining a block filename in a namespace in a second filesystem, based on an I/O request from a data node to the second filesystem regarding a data block. The method includes determining a username of the I/O request and determining a filename in the namespace in the first filesystem, based on the block filename in the namespace in the second filesystem. The method includes applying to the data block and the username an access control rule that the map associates with an owner of a file having the filename in the namespace in the first filesystem. | 04-28-2016 |
20160119354 | MULTI-TIERED AUTHENTICATION METHODS FOR FACILITATING COMMUNICATIONS AMONGST SMART HOME DEVICES AND CLOUD-BASED SERVERS - Apparatus, systems, methods, and related computer program products for synchronizing distributed states amongst a plurality of entities and authenticating devices to access information and/or services provided by a remote server. Synchronization techniques include client devices and remote servers storing buckets of information. The client device sends a subscription request to the remote serve identifying a bucket of information and, when that bucket changes, the remote server sends the change to the client device. Authentication techniques include client devices including unique default credentials that, when presented to a remote server, provide limited access to the server. The client device may obtain assigned credentials that, when presented to the remote server, provide less limited access to the server. | 04-28-2016 |
20160119412 | DISTRIBUTION OF PORTIONS OF CONTENT - Techniques for obtaining and providing a portion of content include receiving a request for the portion of the content, requesting and receiving one or more data chunks, processing the one or more data chunks, and providing one or more data blocks as the requested portion of the content. The processing may include validating, decrypting, and/or decompressing the one or more data chunks to create the one or more data blocks. Techniques for providing metadata and one or more data chunks may include receiving content and dividing the content into data blocks. Processing may then be performed on the data blocks to create data chunks, and the metadata may be generated from the processing. The metadata and one or more of the data chunks may be provided to a device. | 04-28-2016 |
20160127130 | COMPRESSING ENCRYPTED DATA WITHOUT THE ENCRYPTION KEY - A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C | 05-05-2016 |
20160127325 | SCRAMBLING BUSINESS DATA - Methods and system are disclosed that scramble business data before transferring to a test environment. In one aspect, a business data scrambling logic may detect a transfer of the business data from a proprietary database (e.g., source database) to another database (e.g., target database) in test environment. The business data scrambling logic may determine metadata associated with the business data stored in source tables in the source database. Based on the metadata, the columns in the source tables including indicia may be identified. For the identified columns, alias values and associated hash codes may be generated. In the target database, target tables may be generated upon transferring the business data from the source database to the target database. The target tables may include values (e.g. actual values) and alias values associated with the business data. The alias values may represent scrambled business data. | 05-05-2016 |
20160127327 | ROAMING CONTENT WIPE ACTIONS ACROSS DEVICES - Content on a device is encrypted and protected based on a data protection key. The protected content can then be copied to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A key used to retrieve plaintext content from the protected content is associated with an identifier of a particular device that provides the key, the device providing the key being the device that generated the key, or another managed device to which the protected content was transferred. A wipe command can similarly be transferred to the various ones of the user's devices, causing any keys associated with a particular device to be deleted from each of the various ones of the user's devices. | 05-05-2016 |
20160127328 | INVISIBLE TWO FACTOR AUTHENTICATION AND INCREMENTAL DYNAMIC DATA - In an example embodiment, invisible two factor authentication is performed by receiving, at a first machine, a registration request from a second machine, with the registration request encrypted using a common hash key. Then, in response to the receiving of the registration request, a server key is generated that is unique to the first machine and to the second machine. The registration request is responded to with the server key encrypted using the common hash key. Encrypted data is then received from the client machine, and this encrypted data is decrypted using the server key. In another example embodiment, in response to a determination that a data source has changed, incremental dynamic data processing is performed by identifying dynamic data relevant to records in the data source marked for distribution and, based on the existence of a state for each piece of dynamic data, marking the dynamic data for distribution. | 05-05-2016 |
20160127330 | RESOURCE LOCATORS WITH KEYS - Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request. | 05-05-2016 |
20160127332 | OFF-HOST AUTHENTICATION SYSTEM - An off-host authentication system includes an authentication information handling system (IHS) that is coupled to a network. The off-host authentication system also includes a host processing system. An off-host processing system in the off-host authentication system is coupled to the host processing system and is coupled to the authentication IHS through the network. The off-host processing system provides an encrypted primary authentication item to the authentication IHS through the network. The off-host processing system then receives an encrypted secondary authentication token from the authentication IHS through the network. The off-host processing system then decrypts the encrypted secondary authentication token to produce a decrypted secondary authentication token and uses the decrypted secondary authentication token to retrieve a tertiary authentication token. The off-host processing system then provides the tertiary authentication token to the host processing system for use in logging a user into a user IHS that includes the host processing system. | 05-05-2016 |
20160127348 | LINKED REGISTRATION - Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application. | 05-05-2016 |
20160127386 | Restricting Communications Between Subscriber Machines - A method of transferring information between subscribers associated with a communication service is disclosed. The method includes receiving a first handle address associated with a first subscriber device, in which the first subscriber device transfers information to a group of subscriber devices, each of the group of subscriber devices is linked to different handle addresses, and each of the different handle addresses is included in a group of handle addresses. The method also includes determining whether the first handle address is included in the group of handle addresses, transferring information from the first subscriber device to the group of subscriber devices in response to the first handle address being included in the group of handle addresses, and verifying that the transferred information was received by the group of subscriber devices. A corresponding system and computer-readable device are also disclosed. | 05-05-2016 |
20160132561 | EXPIRATION TAG OF DATA - A destination device may check an expiration tag of data received from a source device. The expiration tag may include a date. The destination device may not accept the data if the date of the expiration to is less than or equal to a current date. Further, the destination device unit may deny access to the data and/or delete the data after the data is stored at the destination device, if the date of the expiration tag is less than or equal to the current date. | 05-12-2016 |
20160134595 | Semantic Obfuscation of Data in Real Time - Systems and methods for automatically maintaining the anonymity or privacy of a stream of data as it is transmitted over a network or provided for other use, by receiving a data stream in real-time from an original source and identifying a data subset of interest within the original data stream. The data subset of interest is segregated from the data stream for either obfuscating at least a portion of the data subset in accordance with certain criteria or encrypting it. The data subset is obfuscated or encrypted for purpose of transmission over the network or for testing and reunited at a target source with the remainder of the data stream. | 05-12-2016 |
20160134597 | DECODING OF ENCRYPTED FILE - A method and system for decoding an encrypted file. A recipient computer: receives, from a sender computer, the encrypted file having a filename that includes an encoded address; parses the received filename; extracts the encoded address from the parsed filename; accesses a voice check ticket at the extracted encoded address; receives voice check text from the voice check ticket; visually displays the received voice check text on a computer display of the recipient computer; prompts the recipient to read aloud the displayed voice check text; receives an audio signal from a reading aloud, by the prompted recipient, of the displayed voice check text; transmits the received audio signal to a server computer; and decrypts the received encrypted file using an encryption key. | 05-12-2016 |
20160134598 | METHOD FOR PROVIDING LICENSE CORRESPONDING TO ENCRYPTED CONTENTS TO CLIENT APPARATUS AND DIGITAL RIGHTS MANAGEMENT CONVERSION SYSTEM USING THE METHOD - Disclosed are a method for providing a license corresponding to encrypted contents to a client apparatus, which provides a license in response to a request of the license corresponding to contents super-distributed to a third person in a DRM conversion system, and a DRM conversion system using the same. First digital rights contents type first contents and a first license corresponding to the first contents are digital rights management converted to generate second digital rights contents type second contents and a second license corresponding to the second contents. A license request corresponding to the second contents super-distributed to a third person is received. A second license corresponding to the second contents super-distributed is requested from a server corresponding to the second digital right management. The second license corresponding to the second contents super-distributed is received and transmitted to the third person. | 05-12-2016 |
20160134599 | COMPUTER-IMPLEMENTED SYSTEMS AND METHODS OF DEVICE BASED, INTERNET-CENTRIC, AUTHENTICATION - Systems and computer-implemented methods for authorizing respective access by each of a plurality of Internet users to a respective one or more Internet services provided by each of a plurality of Internet service providers. A system includes a processor, and non-transient computer readable storage media, at a single identity provider. The storage media is encoded with program code executable by the processor for requiring an identity provider application residing on each of a plurality of devices to create a respective authentication token that is specific to a respective identifier and user credential of a respective Internet user, a respective device identifier, and the respective identity provider application, and for authorizing respective access by the plurality of Internet users to a respective requested one of the Internet services provided by each Internet service provider using the respective created authentication tokens and respective identifiers for each of the respective requested Internet services. | 05-12-2016 |
20160134626 | DEVICE NOTARIZATION - Methods and systems for device notarization and verification are provided. In one implementation, various integrity values are concatenated to generate a concatenated value that is used to generate a transaction data signature (TDS). In one implementation, the concatenated value is a concatenation of a device value, an application value, an application encryption (AE) module value, and an authentication generation (AG) module value. The TDS or notarization code is generated by applying the concatenated value to the AG module. In one implementation, subsequent use of the application on the device involves generation of a new TDS, which is compared against the notarization code to determine whether use of the application on the device is authorized. In one implementation, the AE module and the AG module are seeded with a seed value which includes a device value, an application value, a user specific value, and a pseudo random number. | 05-12-2016 |
20160134629 | BINDING MOBILE DEVICE SECURE SOFTWARE COMPONENTS TO THE SIM - Various embodiments include a method for binding a secure software application to a mobile device wherein the mobile device includes a processor and a subscriber identity module (SIM) card, including transmitting, by the processor, an authentication challenge to the SIM card; receiving an authentication response from the SIM card; verifying the authentication response from the SIM card; and enabling the secure software application when the authentication response from the SIM card is verified. | 05-12-2016 |
20160134640 | SYSTEMS AND METHODS TO SECURELY INSTALL NETWORK CONTROLLERS - Multi-network systems and methods to securely install communication information on a network controller for communications between the network controller and an intelligent device over a control network are disclosed. The network controller messages devices on a home-control network and the communications between the intelligent device and the network controller over the control network permit the intelligent device to control the home-control network via the network controller. | 05-12-2016 |
20160142382 | Systems, Methods, and Media for a Cloud Based Social Media Network - System and methods for providing private social networks, which are cloud-based in some instances, are provided herein. A method includes receiving a selection of the digital data on a private user secure data storage device from a first user, receiving a selection of one or more individuals to be given access to the digital data, applying access rights for the digital data, creating a URL that points to a location within the private user secure data storage device where the digital data resides, posting the URL to a plurality of social networks using a shared message, receiving a request from a second user for the digital data when the second user clicks the URL in the shared message, and serving the digital data to the second user directly from the private user secure data storage device without storing the digital data on any of the plurality of social networks. | 05-19-2016 |
20160142383 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD, AND PROGRAM - An information processing apparatus includes first processing means for performing a setting for performing encrypted communication on the information processing apparatus in response to a command based on a first communication procedure, second processing means for performing a setting for performing encrypted communication on the information processing apparatus in response to a command based on a second communication procedure, and transmitting means for transmitting information indicating that the setting for performing the encrypted communication is made in response to the command based on the first communication procedure to a reception apparatus if the command based on the second communication procedure is received from the reception apparatus after the first processing means performs the setting for performing the encrypted communication on the information processing apparatus in response to the command based on the first communication procedure. | 05-19-2016 |
20160142385 | OFF-HOST AUTHENTICATION SYSTEM - An off-host authentication system includes a network. An off-host processing system is coupled to the network and sends an encrypted authentication item through the network in response to validating a user. An authentication information handling system (IHS) is coupled to the network and receives the encrypted authentication item from the off-host processing system through the network, decrypts the encrypted authentication item to produce a decrypted authentication item, validates the decrypted authentication item, and sends an approval message through the network. A directory system is coupled to the network and receives the approval message through the network and, in response, sends a user approval through the network. A host processing system, which is located in a user IHS that includes the off-host processing system and which is coupled to the network, logs a user into the user IHS in response to receiving the user approval through the network. | 05-19-2016 |
20160142412 | METHOD AND SYSTEM FOR PREVENTING INFORMATION LEAKAGE BASED ON TELEPHONE - The present invention relates to a method and a system for preventing an information leakage based on a telephone authentication. The present invention includes a first step in which a telephone-authentication data-loss-prevention (DLP) file policy is set by a generator as a user of a user terminal assembly including a server-connection terminal through using the server-connection terminal and the server-connection terminal sends the telephone-authentication DLP file policy and requests a generation of a telephone-authentication DLP file to a DLP server assembly through an internet network; a second step in which the DLP server assembly generates a contents identification (CID) by using information including the telephone-authentication DLP file policy and stores a telephone-authentication DLP file information including the CID and the telephone-authentication DLP file policy; and a third step in which the server-connection terminal or the DLP server assembly generates the telephone-authentication DLP file, wherein the telephone-authentication DLP file including the CID as a header of an original data file that is a general file. A telephone authentication is needed when a reader reads the generated telephone-authentication DLP file. | 05-19-2016 |
20160149699 | CLOUD FILE SYSTEM - A cloud storage system supporting user agnostic encryption and deduplication of encrypted files is described. Further the cloud storage system enables users to share a file, a group of files, or an entire file system with other users without a user sending each file to the other users. The cloud storage system further allows a client device to minimize the utilization of bandwidth by determining whether the encrypted data to transfer is already present in the cloud storage system. Further the cloud storage system comprises mechanisms for a client device to inform the cloud storage system of which data is likely to be required in the future so that the cloud storage system can make that data available with less latency one the client device requests the data. | 05-26-2016 |
20160149712 | APPLYING CIRCUIT DELAY-BASED PHYSICALLY UNCLONABLE FUNCTIONS (PUFS) FOR MASKING OPERATION OF MEMORY-BASED PUFS TO RESIST INVASIVE AND CLONE ATTACKS - An authentication device is provided that authenticates an electronic device based on the responses from distinct types of physically unclonable functions. The authentication device receives a device identifier associated with the electronic device. It then sends one or more challenges to the electronic device. In response, the authentication device receives one or more responses from the electronic device, the one or more responses including characteristic information generated from two or more distinct types of physically unclonable functions in the electronic device. | 05-26-2016 |
20160149865 | CRYPTOGRAPHIC SECURITY PROFILES - Two endpoint devices communicate with one another in a secure session by negotiating encrypted communications at initial establishment of the session. Each endpoint device communicates its available security profiles to the other endpoint. A specific security profile is then selected that defines the data encryption and authentication used during the secure session between the two endpoint devices. | 05-26-2016 |
20160149870 | Network Authentication Method using a Card Device - A network authentication method includes: by a user terminal, through execution of an application, connecting to a network server and sending a server verification request to a card device coupled to the user terminal; by the card device, generating a server dynamic link program based on a server verification code, encrypting the server dynamic link program, and transmitting the encrypted server dynamic linking program to the network server through the user terminal; by the user terminal, sending a server code data received from the network server to the card device as generated by the network server based on the server dynamic link program; and by the card device, verifying the network server based on the server code data and the server verification code. | 05-26-2016 |
20160149871 | METHOD AND APPARATUS FOR SECURE COMMUNICATION VIA MULTIPLE COMMUNICATION PATHS - A method for sending and receiving a data through multiple communication paths and an apparatus for receiving a data through multiple communication paths. A method for receiving a data through multiple communication paths by an apparatus for receiving a data includes receiving at least t (here, 005-26-2016 | |
20160149875 | PROTECTED INFORMATION SHARING - A request for sharing information of a first user to a second user is received. Responsive to the request, information of the first user is obtained. The information is encrypted using a first server key to generate first encrypted information, the first server key being unavailable to the second user. The first encrypted information is encrypted using a second user key specific to the second user to generate second encrypted information for sharing with the second user. | 05-26-2016 |
20160150047 | GATEWAY FOR CLOUD-BASED SECURE STORAGE - The systems and methods disclosed herein transparently provide an improved scalable cloud-based dynamically adjustable or configurable storage volume. In one aspect, a gateway provides a dynamically or configurably adjustable storage volume, including a local cache. The storage volume may be transparently adjusted for the amount of data that needs to be stored using available local or cloud-based storage. The gateway may use caching techniques and block clustering to provide gains in access latency compared to existing gateway systems, while providing scalable off-premises storage. | 05-26-2016 |
20160156460 | SECURE COMPUTER EVALUATION OF K-NEAREST NEIGHBOR MODELS | 06-02-2016 |
20160156594 | METHODS AND SYSTEMS FOR MANAGING CONCURRENT UNSECURED AND CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS | 06-02-2016 |
20160156595 | SECURE COMPUTER EVALUATION OF DECISION TREES | 06-02-2016 |
20160156596 | NETWORK SECURITY METHOD AND NETWORK SECURITY SERVO SYSTEM | 06-02-2016 |
20160156598 | A COMPUTER IMPLEMENTED METHOD TO IMPROVE SECURITY IN AUTHENTICATION/AUTHORIZATION SYSTEMS AND COMPUTER PROGRAMS PRODUCTS THEREOF | 06-02-2016 |
20160156599 | METHOD FOR COMMUNICATING MEDICAL DATA | 06-02-2016 |
20160156601 | DISTRIBUTED BACKUP AND RETRIEVAL SYSTEM | 06-02-2016 |
20160156602 | Systems and Methods for Application Identification | 06-02-2016 |
20160156611 | MULTIPARTY SECRET PROTECTION SYSTEM | 06-02-2016 |
20160156623 | Method and System for Transmitting and Receiving Data, Method and Device for Processing Message | 06-02-2016 |
20160156744 | VIRTUAL DESKTOP ACCELERATOR WITH SUPPORT FOR MULTIPLE CRYPTOGRAPHIC CONTEXTS | 06-02-2016 |
20160164725 | Wireless System Package and Communication Method of Wireless System Package and Communication Device - A wireless system package includes a substrate, an external non-volatile memory, a first integrated circuit, and a second integrated circuit. The first integrated circuit includes a System on Chip unit, a bus, a first clock unit, a first terminal, a second terminal, and a third terminal. The second integrated circuit includes a second heterogeneous communication module, a second clock unit, a first terminal, and a second terminal. The first integrated circuit or the second integrated circuit includes a first heterogeneous communication module for providing and processing a first wireless signal. A capacity of the external non-volatile memory is larger than a capacity of the internal non-volatile memory. | 06-09-2016 |
20160164817 | EMAIL BASED PERSISTENT AND SECURE COMMUNICATION SYSTEM FOR INTERACTING WITH DEVICES - A system includes at least one service device. Each service device has one or more processors, a service email application, and at least one service. The service email application, when executed at the one or more processors of the service device, is configured to retrieve a command email containing at least one command and having an email identifier associated with the service, extract the command from the command email, and send the extracted command to the service such that the service performs a corresponding function based on the extracted first command. | 06-09-2016 |
20160164842 | Secure Network Access - The present invention relates to a system and method for facilitating access to secure network sites, such as sites providing secure financial information. An active software agent is utilized to fetch passwords and user identifiers from a user computing system and to use the passwords and identifiers to extract required information from the secure site. The password sites and identifiers are encrypted and an encryption key is stored at a network mode remote from the user's computer and is fetched in order to enable the passwords and identifiers to be decrypted so that the active agent can use them to obtain the required information. | 06-09-2016 |
20160164843 | DATA TRANSMISSION SECURITY IMPROVEMENTS - A method of securely transmitting communication information from a first terminal operating in a first coordinate measurement domain to a second remotely-located terminal operating in a second coordinate measurement domain is described. The method comprises: combining the communication information with extraneous information to create a data signal; determining a value of an identification variable expressed with respect to the first coordinate measurement domain, the identification variable value enabling the location of the communication information concealed within the data signal to be determined; transmitting the data signal and the identification variable value from the first terminal to the second terminal; using a coordinate transform function configured to map coordinate values from the first coordinate measurement domain to the second coordinate measurement domain to calculate a value of the received identification variable expressed with respect to the second coordinate measurement domain; and extracting the information from the received data signal using the calculated identification variable value to distinguish the communication information from the extraneous information. | 06-09-2016 |
20160164844 | Remote Access System for Using Scientific Algorithms in Local Data Processing - A remote access system for processing local data with a computing algorithm stores information on various computing algorithms available via the system. A remote user at a user system can selects a computing algorithm, which is then encrypted and downloaded to the user system. The downloaded computing algorithm is decrypted and stored in host memory at the user system in a controlled manner. Alternatively, the selected computing algorithm may be offered through cloud processing, in which case the user uploads the local data for cloud processing. In this case, the system manages the cloud processing at remote providers and tracks heuristic, caching, and performance. In either case, the local data is processed with one or more input parameters from the remote user, and visual results are provided to the remote user along with a cost for storing final results of the processing. Once the remote user makes the required payment, the final results from the processing can be stored locally at the user system. | 06-09-2016 |
20160164847 | PROCESS FOR THE USER-RELATED ANSWERING OF CUSTOMER INQUIRIES IN DATA NETWORKS - A process for the processing of user inquiries in a data network saves user data anonymized at first in an independent process with an independent third-party vendor, which can then be accessed by the use of several incremental encryption and anonymization routines in such a way that, on the one hand the provider is not involved in the data exchange and in other respects even the independent third-party vendor does not have access to the user data at any time, albeit with the result that anonymized customer data, especially information about age, sex and partial postal code, can be kept ready in a database for the mobile end device being used. | 06-09-2016 |
20160164852 | SYSTEM AND METHOD FOR DEVICE AUTHENTICATION - Various aspects of a system and a method for device authentication are disclosed herein. The system comprises one or more processors in a first communication device. The one or more processors are operable to detect a second communication device within a communication range of the first communication device. The first communication device is in an unlocked state and the second communication device is in a locked state. The first communication device communicates authentication data to unlock the detected second communication device. | 06-09-2016 |
20160171189 | MULTIMEDIA NETWORK SYSTEM WITH CONTENT IMPORTATION, CONTENT EXPORTATION, AND INTEGRATED CONTENT MANAGEMENT | 06-16-2016 |
20160173279 | DUAL-PARTY SESSION KEY DERIVATION | 06-16-2016 |
20160173288 | ENCRYPTED DATA INSPECTION IN A NETWORK ENVIRONMENT | 06-16-2016 |
20160173455 | METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT of ENCRYPTED DIGITAL CONTENT | 06-16-2016 |
20160173461 | UTILIZATION OF A PROTECTED MODULE TO PREVENT OFFLINE DICTIONARY ATTACKS | 06-16-2016 |
20160173470 | APPARATUS AND METHOD FOR PROVIDING POSITIONING DATA BASED ON AUTHENTICATION RESULT | 06-16-2016 |
20160173611 | TECHNIQUES FOR PREVENT INFORMATION DISCLOSURE VIA DYNAMIC SECURE CLOUD RESOURCES | 06-16-2016 |
20160173623 | LOCATION-ENFORCED DATA MANAGEMENT IN COMPLEX MULTI-REGION COMPUTING | 06-16-2016 |
20160174068 | Integrated Circuit Device That Includes A Secure Element And A Wireless Component For Transmitting Protected Data Over A Local Point-To-Point Wireless Communication Connection | 06-16-2016 |
20160182222 | Computer-Implemented System And Method For Multi-Party Data Function Computing Using Discriminative Dimensionality-Reducing Mappings | 06-23-2016 |
20160182458 | END-TO-END SECURITY FOR VIRTUAL PRIVATE SERVICE CHAINS | 06-23-2016 |
20160182470 | Data Security Operations With Expectations | 06-23-2016 |
20160191243 | OUT-OF-BAND VALIDATION OF DOMAIN NAME SYSTEM RECORDS - An out-of-band Domain Name System (DNS) security technique uses a cryptographic blockchain for securing and validating DNS data in a chain of custody that exists outside the DNS namespace, allowing validated access to cached DNS information without requiring real-time access to root servers. | 06-30-2016 |
20160191245 | Method for Offline Authenticating Time Encoded Passcode - A method is capable of offline authenticating a passcode which is generated online by encoding time related information with a shared private key. The authentication process decodes the time related information from passcode with the same shared private key and compares the decoded time related information with the point of time of authenticating to determine whether the passcode is valid at the present time or not. The authentication is performing locally and independently without connection to other separated device, services, components or storage. | 06-30-2016 |
20160191249 | PEER TO PEER ENTERPRISE FILE SHARING - Disclosed are various embodiments for facilitating the distribution of files from a file repository. Files from a file repository can be distributed via peer to peer transmissions where the peer devices can perform authentication functions. The authentication can be performed based upon metadata associated with the files as well as based upon authentication requests submitted to an authentication server. | 06-30-2016 |
20160191250 | Read-Modify-Write Processing of Chunks at the Storage Server Level in a Distributed Object Storage System - The present disclosure provides systems and methods for sharding objects stored in a distributed storage system. Such sharding may be advantageously utilized for an object that stores a collection of key-value records and for otherwise encoded objects. The object sharding techniques disclosed herein advantageously enable a read-modify-write process at the storage server level. One embodiment disclosed herein provides a method of creating a new chunk by modifying a payload of an existing chunk at the storage server level in a distributed object storage system. The method includes validating the new chunk at the gateway server. Other embodiments, aspects and features are also disclosed. | 06-30-2016 |
20160191481 | ENCRYPTION KEY RETRIEVAL - Particular embodiments described herein provide for an electronic device that can be configured to include an authentication module. The authentication module can be configured to receiving a request to access an electronic device, where the electronic device is separate from the authentication module, collect authentication data, communicate the authentication data to a network element, receive an authentication key, and communicate the authentication key to the electronic device. | 06-30-2016 |
20160191483 | Universal Connector - A Universal Connector (“UC”) ecosystem includes encrypted twin (first and second) communications stacks configured to supervise persistent connectivity with distributed data collection points within an Internet of Things. Everything that interacts with the UC ecosystem follows a simple registration process: (1) devices participate on the first stack by requesting to be adopted by logging into the Cloud Service (the “knowledge” factor, they phone home); (2) if validated as an ecosystem device, it is placed into the adoption process and proceeds to the next layer of authentication; and (3) the second stack represents applications (mobile and web) that continue the adoption process for the user/owner (the possession factor). The owner creates an account, then associates the device to the account created, and if all authentication factors are confirmed, the device is adopted and registered to the user/owner completing the adoption process. | 06-30-2016 |
20160191513 | BINDING A DATA TRANSACTION TO A PERSON'S IDENTITY USING BIOMETRICS - Methods and systems are described for binding a data transaction to a person's identity using biometrics. The method comprises the generation of data which includes information associated with a transaction, or an encrypted transaction, between a server and a client device associated with a user, generating authentication data providing an irrevocable binding of the information to biometric characteristics of the user, by capturing biometric input by the user of said authentication data or information associated with the transaction, wherein this information is implanted into the captured data. A predetermined minimum number of quorum portions may be generated from a portion of the data generated or processed by the method, wherein at least a predetermined minimum number of received quorum data portions are required to reconstruct the data portion. | 06-30-2016 |
20160191522 | METHOD AND APPARATUS FOR ACCESSING WEBSITE - Disclosed are methods and apparatus for accessing a website. A method may comprise: acquiring a web address that meets a preset condition; determining a server corresponding to the web address and establishing a transport layer connection therewith; upon receiving an instruction for accessing a website corresponding to the web address, using the transport layer connection to send a network request to the server for acquiring the webpage content of the website. Such method can save time for establishing a transport layer connection, thereby improving the efficiency of accessing a website. When a transport layer connection is established with a server in advance, moreover, there are a very small number of data packets generated with the server, which greatly reduces the network data. Prior to receiving an instruction for accessing a website corresponding to the web address, moreover, only a transport layer connection is established with the server without requesting more data from the server, leading to a very low occupation of system resources such as memory and processor. | 06-30-2016 |
20160197727 | PERSONAL DIGITAL IDENTITY DEVICE WITH FINGERPRINT SENSOR AND CHALLENGE-RESPONSE KEY | 07-07-2016 |
20160197886 | SECURE PERSONAL SERVER SYSTEM AND METHOD | 07-07-2016 |
20160197887 | METHOD OF MULTI-FACTOR AUTHENICATION DURING ENCRYPTED COMMUNICATIONS | 07-07-2016 |
20160197889 | Device and System for Facilitating Communication and Networking Within A Secure Mobile Environment | 07-07-2016 |
20160197890 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION | 07-07-2016 |
20160197893 | SYSTEMS AND METHODS FOR SECURE ELECTRONIC ACCESS CONTROL | 07-07-2016 |
20160197897 | CROSS-CLIENT COMMUNICATION METHOD | 07-07-2016 |
20160197898 | Using Domain Name System Security Extensions In A Mixed-Mode Environment | 07-07-2016 |
20160197900 | SYSTEM AND METHOD FOR SECURING AUTHENTICATION INFORMATION IN A NETWORKED ENVIRONMENT | 07-07-2016 |
20160197902 | Unpassword: Risk Aware End-to-End Multi-Factor Authentication Via Dynamic Pairing | 07-07-2016 |
20160197906 | MULTI-PARTY SECURE AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, INTERMEDIATE SERVER, MULTI-PARTY SECURE AUTHENTICATION METHOD, AND PROGRAM | 07-07-2016 |
20160197924 | SECURE PERSONAL SERVER SYSTEM AND METHOD | 07-07-2016 |
20160197962 | Network Access Control with Compliance Policy Check | 07-07-2016 |
20160204937 | SYSTEM AND METHOD FOR STORING AND TRANSMITTING CONFIDENTIAL MEDICALINFORMATION ON VULNERABLE DEVICES AND NETWORKS | 07-14-2016 |
20160204941 | Password Encryption Key | 07-14-2016 |
20160204942 | METHOD AND SYSTEM FOR AUTHENTICATING A DATA STREAM | 07-14-2016 |
20160204943 | COMPUTER PROGRAM AND METHOD FOR BIOMETRICALLY SECURED, TRANSPARENT ENCRYPTION AND DECRYPTION | 07-14-2016 |
20160204948 | CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGES IN DYNAMIC MINUTIAE | 07-14-2016 |
20160205075 | Implementation of an Integrity-Protected Secure Storage | 07-14-2016 |
20160205114 | METHOD AND APPARATUS FOR PRIVACY-ENHANCED EVIDENCE EVALUATION | 07-14-2016 |
20160205555 | METHOD AND SYSTEM FOR ESTABLISHING A SECURE COMMUNICATION BETWEEN REMOTE UE AND RELAY UE IN A DEVICE TO DEVICE COMMUNICATION NETWORK | 07-14-2016 |
20160253506 | SECURE NETWORK ACCESS | 09-01-2016 |
20160254906 | VERIFIABLE REDACTABLE AUDIT LOG | 09-01-2016 |
20160254912 | SYSTEMS AND METHODS FOR PRIVACY-PRESERVING FUNCTIONAL IP VERIFICATION UTILIZING FULLY HOMOMORPHIC ENCRYPTION | 09-01-2016 |
20160255055 | Controlling Access To Resource Functions At A Control Point Of The Resource Via A User Device | 09-01-2016 |
20160255056 | APPARATUS AND METHOD FOR MESSAGING SECURITY AND RELIABILITY | 09-01-2016 |
20160255057 | SYSTEM AND METHOD FOR SECURING TELECOMMUNICATIONS TRAFFIC DATA | 09-01-2016 |
20160255060 | AUTHORIZATION OF COMMUNICATION LINKS BETWEEN END USER DEVICES USING INTERMEDIARY NODES | 09-01-2016 |
20160255063 | IN SITU DEVICE AUTHENTICATION AND DIAGNOSTIC REPAIR IN A HOST ENVIRONMENT | 09-01-2016 |
20160255073 | TRUSTED PIN MANAGEMENT | 09-01-2016 |
20160255099 | A SYSTEM AND METHOD FOR CERTIFYING INFORMATION | 09-01-2016 |
20160255504 | Authentication Module | 09-01-2016 |
20160380979 | DISTRIBUTED COMPUTING UTILIZING HOMOMORPHIC ENCRYPTION - A method for determining a compute amount contributed by a device is provided. The method comprises receiving encrypted data from a processor of a customer system and parsing the encrypted data into a plurality of encrypted subsets. Then, the method associates a token specific to the device with an encrypted subset of the plurality of encrypted subsets to produce a packaged subset. The packaged subset is sent to the device. In response, a processed packaged subset that includes the token is received. The compute time contributed by the device is determined from the token of the processed packaged subset. | 12-29-2016 |
20160380980 | METHOD FOR TRANSMITTING ENCRYPTED DATA, METHOD FOR RECEIVING, CORRESPONDING DEVICES AND COMPUTER PROGRAMS - The invention relates to a method for transmitting data from a first terminal, called a sender terminal (TermE), to a second terminal, called a receiver terminal (TermR), the method being characterized in that it comprises:
| 12-29-2016 |
20160380981 | REMOTE MONITORING AND MANAGEMENT OF AN INSTANT ISSUANCE SYSTEM - A system and method for remote monitoring and management of an instant issuance system is provided. The embodiments provide secure communication between different entities within the instant issuance system. Security can be established via mutual authentication between the communicating entities of the instant issuance system prior and/or concurrent with a communication taking place. | 12-29-2016 |
20160381002 | SECUREDINTER-APPLICATION COMMUNICATION IN MOBILE DEVICES - This disclosure describes a method for accessing network resources which includes receiving by a first application in a mobile computing device sign-in information from a user and enabling the user to sign in to a second application with the first application to access network resources from a resource server based on (a) a first application identification (ID) of the second application, (b) the user authorizing the second application to the resource server, and (c) receiving an authorization grant from the resource server to enable the second application to access the network resources, the mobile computing device coupled with the resource server via a network. | 12-29-2016 |
20160381178 | MICRO CLOUD IMAGE UPLOADING - A method and system for uploading an image is provided. The method includes registering an application vendor with an account with respect to a computing system. A credentials file and an uploading software application are transmitted to the application vendor and a frozen image of a micro-cloud application running on an origin compute node associated with an application owner is compressed resulting in a compressed micro-cloud application. The credentials file is read and object store access information comprising an object store path and an object store authentication key is retrieved. The compressed frozen image of the micro-cloud application is uploaded and an entitlement package comprising the compressed frozen image of the micro-cloud application and an encrypted version of the object store access information is generated. | 12-29-2016 |
20170235957 | CONTROLLED SECURE CODE AUTHENTICATION | 08-17-2017 |
20170237556 | SYSTEM AND METHOD FOR DELIVERING ENCRYPTED INFORMATION IN A COMMUNICATION NETWORK USING LOCATION IDENTITY AND KEY TABLES | 08-17-2017 |
20170237560 | SECURE PROVISIONING OF OPERATING SYSTEMS | 08-17-2017 |
20170237564 | TWO-PARTS-ARE-ONE PASSWORD | 08-17-2017 |
20170237568 | Method of protecting the identifying information of persons and computing devices, specifically those devices which are capable of sensing, capturing, receiving, transmitting, processing and storing digital information | 08-17-2017 |
20170237713 | METHOD FOR ENSURING MEDIA STREAM SECURITY IN IP MULTIMEDIA SUB-SYSTEM | 08-17-2017 |
20170237718 | METHOD AND APPARATUS FOR SECURE NETWORK COMMUNICATIONS | 08-17-2017 |
20180025455 | Registry | 01-25-2018 |
20180026788 | COMMUNICATION SYSTEM, NODE DEVICE, COMMUNICATION TERMINAL, KEY MANAGEMENT METHOD, AND NON-TRANSITORY COMPUTER-READABLE MEDIUM IN WHICH PROGRAM IS STORED | 01-25-2018 |
20180026789 | Information processing method, terminal and computer storage medium | 01-25-2018 |
20180026947 | Systems, Methods and Apparatus for Keystroke Encryption | 01-25-2018 |
20180026948 | SYSTEM AND METHOD FOR ENCRYPTING AND DECRYPTING DATA | 01-25-2018 |
20180026973 | ENHANCED AUTHENTICATION BASED ON SECONDARY DEVICE INTERACTIONS | 01-25-2018 |
20180026980 | MOBILE DEVICE, AUTHENTICATION DEVICE AND AUTHENTICATION METHODS THEREOF | 01-25-2018 |
20180027046 | METHOD OF SHARING CONTENTS BY USING PERSONAL CLOUD DEVICE, AND ELECTRONIC DEVICE AND PERSONAL CLOUD SYSTEM USING THE SAME | 01-25-2018 |
20180027600 | PRIVATE VEHICLE-TO-VEHICLE COMMUNICATION | 01-25-2018 |
20190149332 | ZERO-KNOWLEDGE ARCHITECTURE BETWEEN MULTIPLE SYSTEMS | 05-16-2019 |
20190149337 | IMPLEMENTING LOGIC GATE FUNCTIONALITY USING A BLOCKCHAIN | 05-16-2019 |
20190149526 | SENDING MESSAGE IN MULTILAYER SYSTEM | 05-16-2019 |
20190149539 | Secure Authentication Of A Device Through Attestation By Another Device | 05-16-2019 |
20190149557 | METHOD AND INTEGRITY CHECKING SYSTEM FOR DECOUPLED INTEGRITY MONITORING | 05-16-2019 |
20190149577 | SYSTEMS AND METHODS FOR SECURELY PAIRING A TRANSMITTING DEVICE WITH A RECEIVING DEVICE | 05-16-2019 |
20190149578 | SYSTEMS AND METHODS FOR SECURELY PAIRING A TRANSMITTING DEVICE WITH A RECEIVING DEVICE | 05-16-2019 |
20220138005 | DISTRIBUTED COMPUTING SYSTEM AND METHOD OF OPERATION THEREOF - There is provided a distributed computation system that establishes a consensus related to a computational value of a computational task, wherein the distributed computation system includes a plurality of computing nodes. The distributed computation system distributes the computational task to the plurality of computing nodes; each of a first set of computing nodes, from the plurality of computing nodes, performs a partial evaluation of the computational task, wherein the partial evaluations of the computational task are stored in a ledger arrangement; each of a second set of computing nodes from the plurality of computing nodes generate a computational value corresponding to each of the partial evaluations stored in the ledger arrangement and determine correctness proof of each of the computational value; and a third set of computing nodes from the plurality of computing nodes validates the correctness proof of each of the computational value to establish consensus related to the computational values. | 05-05-2022 |
20220140997 | VALIDATING CONFIDENTIAL DATA USING HOMOMORPHIC COMPUTATIONS - The disclosed exemplary embodiments include computer-implemented apparatuses and methods that validate confidential data based privacy-preserving homomorphic computations involving encrypted data. For example, an apparatus may receive, from a first computing system, encrypted data that includes a first encrypted value representative of at least one of first account data or an element of cryptographic data. Based on the first encrypted value and on second encrypted values, the apparatus may generate encrypted residual values representative of second account data associated with one or more reference accounts, and the apparatus may request and receive a decrypted residual value associated with each of the encrypted residual values from a second computing system. The apparatus may transmit the decrypted residual values to the first computing system, which may validate the first account data based on at least the decrypted residual values and perform operations associated with the validated first account data. | 05-05-2022 |
20220141033 | METHOD OF VERIFYING ORIGIN OF A SIGNED FILE - Methods are provided for generating a certificate, signing files with the certificate and verifying the signing. A first aspect provides, in an electronic data processing device, a method of processing a data file. The method comprises associating a certificate to a data file, the certificate comprising at least one reputation service identifier, signing the data file using a private key associated with the certificate, generating a file identifier based on data comprised by the data file and sending the file identifier to a trusted data vault associated with the certificate. The method further comprises generating a data file token based on the file identifier, signing the data file token with the private key and sending the token to the reputation service for publication associated with the reputation service identifier. | 05-05-2022 |
20220141201 | MECHANISMS TO REDUCE EXPOSURE OF SENSITIVE TELEMETRY DATA IN COMPUTING NETWORKS - One or more machine readable storage media, an apparatus, and a method. The apparatus provides a mechanism to implement a trusted telemetry governor (TTG) inside a trusted execution environment. The TTG is to determine a security policy to be applied to telemetry data corresponding to component of a computing infrastructure, receive the telemetry data in encrypted format and, based on the security policy: process the telemetry data including at least one of generating transformed telemetry data or analyzing the telemetry data to generate a report therefrom, and generating telemetry information from the telemetry data. The telemetry information includes at least one of processed telemetry data, a report, or a recommendation based on an analysis of the telemetry data. The TTG is to send the telemetry information outside of the trusted execution environment to a consumer of the telemetry data. | 05-05-2022 |