Entries |
Document | Title | Date |
20080209214 | Method of Authentication Based on Polyomials - There is provided an authentication method for a system ( | 08-28-2008 |
20080209215 | Method of Physical Authentication and an Electronic Device - The present invention relates to a method of physical authentication and an electronic device for implementing the method. According to the method of the present invention, using an operation control list stored in an electronic device, a valid user authenticates the operation implemented by the electronic device in a physical mode, by which a binding relationship is established between a valid user and the electronic device. The establishment of the binding relationship resolves not only the problem of identity authentication and exchange authentication in network exchange but also that of anti-virus of data storage device, thus the security of the user data is ensured. The method of the present invention comprises setting a corresponding relationship between the operation command and a physical authentication mode and using the physical authentication mode to implement an authentication when the operation command is performed. The electronic device comprises a microprocessor, an operation communication interface, a smartcard chip and an authentication implementing mechanism. | 08-28-2008 |
20080209216 | METHOD AND SYSTEM FOR AUTOMATED AUTHENTICATION OF A DEVICE TO A MANAGEMENT NODE OF A COMPUTER NETWORK - A first computer-based device is authenticated at a second computer-based device communicatively coupled thereto through use of a unique identifier and an encrypted token, each received from the first device. Following the authentication, configuration information for the first device is sent from the second device to the first device and the first device authorized to join a network that includes the second device. Further, permissions related to the network may be granted to the first device. | 08-28-2008 |
20080229104 | MUTUAL AUTHENTICATION METHOD BETWEEN DEVICES USING MEDIATION MODULE AND SYSTEM THEREFOR - A mutual authentication method using a mediation module and a system therefor are provided. The method includes: storing a first partial private key obtained by dividing a first private key of a device; storing a second partial private key obtained by dividing a second private key of a host device; receiving unique identifiers (IDs) and random numbers for the device and the host device from the device and determining whether the unique IDs are valid; and generating a first signature value by using the first partial private key and a second signature value by using the second partial private key if the unique IDs are valid, and transmitting the generated first and second signature values to the device | 09-18-2008 |
20080229105 | Efficient Method for Providing Secure Remote Access - A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password. | 09-18-2008 |
20080250245 | Biometric-based document security - Embodiments of methods and systems for securely transmitting electronic data are disclosed. One embodiment of a method includes a security server authenticating the identity of a sender utilizing a collection of biometric data obtained from the sender. A sender client encrypts electronic data with an encryption key obtained from the security server upon successful authentication. A data transmission server transmits the encrypted electronic data from the sender client to a receiver client. The document security server authenticates the identity of a receiver utilizing a collection of biometric data obtained from the receiver. The security server sends encryption information related to the encryption key to the receiver client upon successful authentication of the receiver. Finally, the receiver client decrypts the encrypted electronic data utilizing the encryption information. | 10-09-2008 |
20080270796 | SYSTEM AND METHOD FOR PROVIDING PROGRAM INFORMATION, AND RECORDING MEDIUM USED THEREFOR - A system for providing program information has a user terminal, a recording medium capable of reading information therefrom and writing information thereto through a command issued by the user terminal, and a server connected to the user terminal via a network, and provides program information from the server to the recording medium. The recording medium has a first control unit that performs a first mutual authentication operation with a first storage unit capable of writing program information thereto and the user terminal, and that executes a command to write program information to the first storage unit only if the first mutual authentication operation is successful. The user terminal performs a second mutual authentication operation with the server, obtains program information transmitted from the server if the second mutual authentication operation is successful, and issues a command to write the program information to the first storage unit of the recording medium. | 10-30-2008 |
20080276090 | System for Allocating a Chip Card to a Network Operator - A chip card needs to be allocated in a secured manner to a network operator via a personalization center in order to determine a final authentication key which is attributed to a subscriber of the operator without its being transmitted via a network. The following is loaded into a card by a module: an algorithm and an allocation key; an algorithm for determination of the authentication key and at least one intermediate authentication key. A module transmits an allocation message which includes a final identity number, a random number and an allocation signature from the center to the card. The card authenticates the message by means of the allocation algorithm as a function of the allocation key and the allocation signature, and determines the final authentication key as a function of the intermediate key and the random number. | 11-06-2008 |
20080294898 | Mobile Terminal for Secure Electronic Transactions and Secure Electronic Transaction System - The present invention relates to a roaming electronic transaction terminal. It also relates to a secure system for electronic transactions comprising one or more roaming terminals. The terminal ( | 11-27-2008 |
20080301444 | Apparatus and Method for Providing Personal Information Sharing Service Using Signed Callback Url Message - An apparatus and method for providing a service that securely and easily shares personal information using a signed callback uniform resource locator (URL) message in a mobile terminal environment are provided. The mobile terminal providing a personal information sharing service using a signed URL message includes; a personal information sharing service module which receives a message that includes a first callback URL and a personal information sharing request and is signed using a private key of a server, and creates a second callback URL by adding a user response result in response to the personal information sharing request to the first callback URL; and an authentication module which verifies a signature of the message using a public key of the server, and signs the second callback URL using a user private key. | 12-04-2008 |
20090006850 | Computer system for authenticating a computing device - A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device. | 01-01-2009 |
20090013183 | Confidential Information Processing Method, Confidential Information Processor, and Content Data Playback System - In order to maintain the confidentiality of information at a high level even in cases where a confidential information processor in which multiple types of decryption sequences are applicable is used, decryption is performed according to the value of content decryption information | 01-08-2009 |
20090013184 | Method, System And Apparatus For Protecting A BSF Entity From Attack - A method, system and apparatus for protecting a bootstrapping service function (BSF) entity from attack includes: obtaining a first temporary identity and a second temporary identity after a user equipment (UE) performing mutual authentication with the BSF entity, where the first temporary identity is different from the second temporary identity; by the UE, originating a re-authentication request to the BSF entity through the first temporary identity; and originating a service request to a NAF entity through the second temporary identity. The present disclosure prevents attackers from intercepting the temporary identity at the Ua interface and using the temporary identity to originate a re-authentication request at the Ub interface, thus protecting the BSF entity from attack and avoiding unnecessary load on the BSF entity and saving resources. | 01-08-2009 |
20090024848 | Terminal Identification Method, Authentication Method, Authentication System, Server, Terminal, Wireless Base Station, Program, and Recording Medium - A terminal identification method is provided which enables two-way communications between terminals and a network while identifying terminal IDs and protecting privacy. Also, authentication method and system are provided which require no complicated calculating process, less steps and smaller amount for wireless communications, and less power consumption. A server and terminal share a hash function and an initial value determined for each terminal, calculate the same temporary ID by hashing the initial value the same number of times with the hash function, and identify the terminal using the calculated temporary ID. The server and the terminal also hold a common hash function and authentication information, acquire an authenticating communication parameter from communication parameters temporarily common during communication, and generate an authentication key using the authentication information, the authenticating communication parameter, and the hash function. Then at least one of the server and terminal performs authentication using the generated authentication key. | 01-22-2009 |
20090132818 | CONTENT SERVER APPARATUS, ON-VEHICLE PLAYER APPARATUS, SYSTEM, METHOD, AND PROGRAM - A content server apparatus ( | 05-21-2009 |
20090132819 | SYSTEM FOR SELF-SERVICE RECHARGING AND METHOD FOR THE SAME - The present invention discloses a method for self-service recharging and a system for the same, relating to the security communications of online banking. The system comprises a client and a server. The method mainly comprises the steps of: 1) establishing a data security channel between the client and the server; 2) inputting an identifier by a user to a secure transaction device; 3) determining whether the identifier is legitimate; and if legitimate allowing the user to input a recharging operation message; 4) connecting to the server and transmitting a recharging operation request packet after receiving the recharging operation message; 5) verifying whether the secure transaction device is legitimate by the server according to information in a database stored natively, and if legitimate, deducting a recharging amount from a user account, recording an operation log, and transmitting a recharging permission command packet to the secure transaction device; and 6) conducting a recharging operation by the secure transaction device and recording an operation log. The present invention provides a way to conveniently and rapidly recharge. | 05-21-2009 |
20090132820 | Content data management system and method - Embodiments of the present invention provide a simplified authentication transaction for reconnecting a storage device to a host apparatus that has completed authentication in the past. According to one embodiment, an authentication log is recorded in the host. Plural units of this log information are recorded in the storage device. At the time of transferring a content decryption key and usage rules between the host and the storage device, the decryption key and usage rules are recorded into the host as a log for the transfer. The used authentication log is recorded into the storage device as RAPDI. If RAPDI indicates the authentication log in the simplified authentication transaction, recovery transaction is permitted. The host device deletes/invalidates or holds the log for the transfer in accordance with non-permission/permission. In the case of permission, the key and usage rules are recovered by using a log for the transfer prior to the simplified authentication transaction. | 05-21-2009 |
20090144548 | AUTHENTICATION WHILE EXCHANGING DATA IN A COMMUNICATION SYSTEM - An apparatus and method is described for authentication while exchanging data in a communication system includes deriving ( | 06-04-2009 |
20090144549 | COPYRIGHT PROTECTION PROCESSING APPARATUS AND COPYRIGHT PROTECTION PROCESSING METHOD - According to one embodiment, a copyright protection processing apparatus is provided in a source device containing content items that are objects of copyright protection. The apparatus includes a network interface which is connected to a sink device which utilizes the content items, and a protection process section which executes mutual authentication for exchanging keys requested by the sink device in a state where a network connection is established with the sink device via the network interface and performs a protection process of encrypting the content items by the secret key shared as a result of successful mutual authentication and transmitting the encrypted content items to the sink device. A content list process section adds an item of error information to the content list to be transmitted to the sink device, upon failure in the mutual authentication. | 06-04-2009 |
20090150670 | Communication node authentication system and method, and communication node authentication program - [Problems] When two communication nodes communicate with each other they more reliably confirm that the communication party is a correct one. | 06-11-2009 |
20090150671 | COMMUNICATION SYSTEM AND COMMUNICATION TERMINAL DEVICE - There is provided a communication terminal device configured to include: a mutual authentication unit that performs mutual authentication with a service providing server; an obtaining unit that obtains biometric information of an authentication target associated with an encryption key common to the service providing server, which is obtained as a successful result of the mutual authentication performed by the mutual authentication unit; a biometric authentication unit that performs biometric authentication by using the biometric information of the authentication target, which has been obtained by the obtaining unit, and biometric information of a registration target; and a notification unit that encrypts a message indicating that the biometric authentication has succeeded, by using the encryption key and notifies the service providing server of the message, if the biometric authentication of the biometric authentication unit succeeds. | 06-11-2009 |
20090150672 | METHOD AND APPARATUS FOR MUTUAL AUTHENTICATION IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - Disclosed is a mutual authentication method and apparatus in a CAS including a headend system and DCAS host. In particular, example embodiments relate to a mutual authentication method and apparatus in DCAS, wherein the mutual authentication is performed between an authentication server of the headend system and an SM of a DCAS host, and then CAS software is downloaded to the SM. According to the example embodiments, there is provided a mutual authentication protocol between the authentication server of the headend and the SM of the DCAS host in a cable network, and also provided a mutual authentication method and apparatus in the DCAS where a substantial authentication based on a hardware, such as a smart card or a cable card, is not needed. | 06-11-2009 |
20090164785 | METHOD FOR AUTHENTICATION IN A COMMUNICATION NETWORK - A method authenticates a first node to a communication network that includes a second node to which the first node desires to mutually authenticate. The method includes detecting a broadcast message from the second node and determining whether mutual authentication can be performed directly with the second node. When the first node is unable to mutually authenticate to the second node directly, the first node locates a node that can serve as an authentication bridge to authenticate the first node to the communication network. | 06-25-2009 |
20090172400 | DIGITAL CONTENT DISTRIBUTION AND CONSUMPTION - Digital content distribution and consumption that provides the advantages of digital content being locally stored under user control while concurrently having the widest acceptance by legacy players/platforms (i.e., no need to perform complex software integration) while still remaining compatible with state of the art security in order to satisfy content provider requirements. | 07-02-2009 |
20090172401 | METHOD AND SYSTEM FOR CONTROLLING A DEVICE - A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted. | 07-02-2009 |
20090222662 | CARD ISSUING SYSTEM, CARD ISSUING SERVER, CARD ISSUING METHOD AND PROGRAM - The present invention provides a service providing server including an authentication ticket creating unit for encrypting access authentication information and creating an authentication ticket, and an authentication ticket transmitting unit for transmitting the authentication ticket to a card issuing server; where the card issuing server includes an authentication ticket verifying unit for decrypting the authentication ticket and verifying the authentication ticket, a verification result notifying unit for notifying the verification result of the authentication ticket to the service providing server, a connection information transmitting unit for transmitting connection information for connecting to the card issuing server to the service providing server along with the verification result of the authentication ticket, and an authentication information verifying unit for comparing and verifying the access authentication information of the authentication ticket and access authentication information stored in the IC chip of the information processing terminal. | 09-03-2009 |
20090235073 | Authentication method and communications system used for authentication - An authentication method authenticates between subscribers of a communications system using an asymmetric elliptic curve encryption algorithm. The method involves providing a first and at least one second subscriber having a first or second secret key known only to the respective subscriber and a public key; authenticating an inquiry transmitted by the first subscriber with respect to the validity of the first certificate contained therein and associated with the first subscriber; calculating the response of the second subscriber associated with the inquiry; randomized encryption of the calculated response and a second certificate associated with the second subscriber using the public key; decryption and authentication of the response transmitted by the second subscriber with respect to the validity of the second certificate contained therein. | 09-17-2009 |
20090235074 | SYSTEM AND METHOD FOR PERFORMING A TRANSACTION - A system for performing a transaction comprises a terminal adapted to perform a transaction required by a user, user authentication means and a transaction server adapted to communicate with the terminal. The user authentication means comprise a first and a second authentication device adapted to communicate with the terminal through respectively a first communication channel and second communication channel and comprise storage means for storing respective first and second user authentication keys. The transaction server comprises storage means for storing, for each of the authentication devices, respective first and second server authentication keys. In particular, the first authentication keys are distinct from the second authentication keys. | 09-17-2009 |
20090240941 | METHOD AND APPARATUS FOR AUTHENTICATING DEVICE IN MULTI DOMAIN HOME NETWORK ENVIRONMENT - A device authentication method and device authentication apparatus in a multi domain home network environment are provided. The method includes registering a new device in each local domain and issuing a local domain certificate; making an agreement between local domains in order to authenticate a device registered to another local domain; when the device registered to the home local domain or another local domain requests a service, authenticating the device via communication inside the local domains, thereby minimizing a user's intervention, making it easier to use the apparatus, reducing a device operation with regard to a device having limited performance, and making it easier to extend the apparatus. | 09-24-2009 |
20090249069 | CREDENTIAL GENERATION SYSTEM AND METHOD FOR COMMUNICATIONS DEVICES AND DEVICE MANAGEMENT SERVERS - Systems and methods are described for establishing credentials at a device and at a device management server for the purpose of exchanging secure credentials in order to mutually authenticate the device and the server. A credential generation algorithm is described which uses a plurality of seeds, including the hardware identity of the device, the server identity, and a shared private key, to generate two sets of credentials, one to be used by the device and the other to be used by the device management server. The credentials are exchanged between the device and the server during any session, thereby assuring mutual authentication. | 10-01-2009 |
20090254749 | COOPERATION METHOD AND SYSTEM OF HARDWARE SECURE UNITS, AND APPLICATION DEVICE - The present invention provides a cooperation method of a mobile hardware secure unit and a fixed hardware secure unit, comprising: providing user's identification information of a mobile hardware secure unit; providing platform's identification information of a computer-based or other-device-based fixed hardware secure unit; establishing a bidirectional communication pipe between the mobile and fixed hardware secure unit; and binding the mobile and fixed hardware secure units through interaction of the user's identification information and the platform's identification information. The present invention further provides a cooperation system of a mobile hardware secure unit and a fixed hardware secure unit as well as a computer device, with which the security solution based on a fixed hardware secure unit can be combined with a mobile hardware secure unit securing a user's identity. | 10-08-2009 |
20090259849 | Methods and Apparatus for Authenticated User-Access to Kerberos-Enabled Applications Based on an Authentication and Key Agreement (AKA) Mechanism - Methods and apparatus are provided for authenticated user-access to Kerberos-enabled applications based on an Authentication and Key Agreement mechanism. A user is first authenticated using an Authentication and Key Agreement mechanism based on a bootstrapping protocol that mutually authenticates the user and one or more servers; and, once the user is authenticated, the user is enabled to derive a session key and is provided with a first ticket to a Ticket Granting Server. The first ticket can establish an identity of the user and include the session key. The bootstrapping protocol can be based on a Generic Bootstrapping Architecture | 10-15-2009 |
20090259850 | Information Processing Device and Method, Recording Medium, Program and Information Processing System - An information processing device regarding which access to data held by the information processing device itself, in multiple regions, is requested from another information processing device, includes: an authenticating unit to perform authenticating processing of the other information processing device; a receiving unit to receive an access license ticket including an access code and a check digit; an access license ticket generating key generating unit to generate an access license ticket generating key, which is key information for computing a check digit using data held beforehand, a root key, an access control key, and other key information which is key information to manage data of a region other than the predetermined region, corresponding to an access code; check digit computing unit to compute a check digit corresponding to the access code described in the access license ticket; and access license ticket validating unit to validate the access license ticket. | 10-15-2009 |
20090265556 | METHOD AND TERMINAL FOR AUTHENTICATING BETWEEN DRM AGENTS FOR MOVING RO - A digital Rights Management (DRM), and particularly an apparatus and method of authentication between DRM agents for moving Rights Object (RO) is provided, whereby RO and contents can be moved between DRM agents after a simple authentication therebetween using specific authentication information received from a Rights Issuer (RI), in case where the RO is moved in a user domain or among a plurality of DRM agents. | 10-22-2009 |
20090271624 | Authentication method, system, server, and user node - The embodiments of the present disclosure disclose an authentication method, a system, a server, and a user node are disclosed herein. The method includes: generating, by a server, a server session key according to the identity information, at least one login information parameter, and the validity period included in the login information, generating at least one session key parameter of a user node according to the generator point of the algebraic curve, and sending at least one session key parameter of the user node to the user node; generating, by the user node, a user node session key according to at least one session key parameter of the user node; performing, by the server and the user node, mutual authentication according to the session keys. The authentication solution under the present disclosure is simple and practicable, and is also applicable to authenticating the user node in a grid computing platform. | 10-29-2009 |
20090292920 | Device authentication in a PKI - A method for establishing a link key between correspondents in a public key cryptographic scheme, one of the correspondents being an authenticating device and the other being an authenticated device. The method also provides a means for mutual authentication of the devices. The authenticating device may be a personalized device, such as a mobile phone, and the authenticated device may be a headset. The method for establishing the link key includes the step of introducing the first correspondent and the second correspondent within a predetermined distance, establishing a key agreement and implementing challenge-response routine for authentication. Advantageously, main-in-the middle attacks are minimized. | 11-26-2009 |
20090292921 | METHOD FOR THE ENCRYPTED DATA EXCHANGE AND COMMUNICATION SYSTEM - The embodiments relate to a method for the encrypted data exchange between subscribers of a communication system using cryptography based on elliptical curves, wherein upon a query by a first subscriber a scalar multiplication is calculated by the second subscriber, wherein merely part of the result of the scalar multiplication is returned to the first subscriber as a response. The invention relates to a communication system. | 11-26-2009 |
20090292922 | SYSTEM AND METHOD FOR EXCHANGING SECURE INFORMATION BETWEEN SECURE REMOVABLE MEDIA (SRM) DEVICES - A system and method for exchanging secure information between Secure Removable Media (SRM) devices. An initialization operation is performed between the SRM devices. After a mutual authentication operation is performed between the SRM devices, a secret key is exchanged for secure information exchange. An installation setup operation is then performed to establish an environment for moving rights between the SRM devices, and the rights information can be directly exchanged between the SRM devices by performing a rights installation operation between the SRM devices. | 11-26-2009 |
20090307491 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, PROGRAM AND COMMUNICATION SYSTEM - An information processing device includes: a data storage portion that can store user data used in a particular non-contact communication service and management information to manage the user data in different storage areas corresponding to different encryption methods and that has a first storage area storing management information corresponding to a first encryption method; an issuing information receiver that receives issuing information encrypted with the first encryption method from an issuing device delivering the issuing information to issue management information corresponding to a second encryption method; an issuing information decryption portion that decrypts the received issuing information with the first encryption method, based on the management information corresponding to the first encryption method stored in the first storage area; and a management information issuing portion that, based on the decrypted issuing information, issues the management information corresponding to the second encryption method and stores it in a second storage area. | 12-10-2009 |
20090307492 | METHOD,SYSTEM AND NETWORK DEVICE FOR BIDIRECTIONAL AUTHENTICATION - A bidirectional authentication method, a system, and a network device, that relates to network information security are provided. The method may include: a network device configured to generate an inspection parameter according to a public key of the peer network device and a private key of the network device, the public key and the private key of the network device being generated according to an identifier of the network device. The network device may perform reciprocal authentication according to the inspection parameter generated by the network device and an inspection parameter sent by the peer network device. A system and a network device for bidirectional authentication are also provided herein. As such, extra calculation caused by certificate authentication may be reduced, and thus provide a more secure and reliable system having a simplified key management. | 12-10-2009 |
20090313470 | Using a Portable Computing Device as a Smart Key Device - A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system. | 12-17-2009 |
20090319791 | ELECTRONIC APPARATUS AND COPYRIGHT-PROTECTED CHIP - According to one embodiment, a copyright-protected chip includes a selector which connects a host controller to a circuit in the copyright-protected chip, a second register in which a encrypted content key, decryption key generation information, and shared classified information stored in a storage device are stored, and a communication circuit which communicates with the host controller and transmits the encrypted content key and the decryption key generation information stored in the register to the host controller when an access module accesses content obtained by decrypting the encrypted content stored in a hard disk. | 12-24-2009 |
20090327724 | TWO-WAY AUTHENTICATION BETWEEN TWO COMMUNICATION ENDPOINTS USING A ONE-WAY OUT-OF-BAND (OOB) CHANNEL - Techniques for two-way authentication between two communication endpoints (e.g., two devices) using a one-way out-of-band (OOB) channel are presented. Here, in embodiments, both communication endpoints may be securely authenticated as long as the one-way OOB channel is tamper-proof. Embodiments of the invention do not require the one-way OOB channel to be private to ensure that both endpoints are securely authenticated. Since providing a two-way or private OOB channel adds to the cost of a platform, embodiments of the invention provide for a simple and secure method for two-way authentication that uses only a non-private one-way OOB channel and thus helping to reduce platform cost. Other embodiments may be described and claimed. | 12-31-2009 |
20090327725 | Content object management method, right object providing method, content object revocation method based thereon, and device using the same - A device for managing a rights object and revoking a content object. The device includes a content/rights object storage unit for storing at least one content object, and a rights object corresponding to each content object. An authentication module performs mutual authentication between devices giving and taking a rights object, and when a revocation notification of a rights object among the stored rights object is received, authenticates whether an author having transferred the revocation notification is an author having a revocation right. A content object checking unit checks if the content object is valid before the content object is executed. A rights object management module searches for a rights object corresponding to a content object to be executed, and deletes a rights object corresponding to the revocation notification when the author is an author having the revocation right. A controller controls the modules and the units. | 12-31-2009 |
20090327726 | INFORMATION RECORDING/REPRODUCTION APPARATUS AND SYSTEM - According to one embodiment, a data transmission control section ends transmission of a title without copyright protection at time t | 12-31-2009 |
20100005297 | MASHSSL: A NOVEL MULTI PARTY AUTHENTICATION AND KEY EXCHANGE MECHANISM BASED ON SSL - The present invention provides a method that allows three parties to mutually authenticate each other and share an encrypted channel. The invention is based on a novel twist to the widely used two party transport level SSL protocol. One party, typically a user at a browser, acts as a man in the middle between the other two parties, typically two web servers with regular SSL credentials. The two web servers establish a standard mutually authenticated SSL connection via the user's browser, using a novel variation of the SSL handshake that guarantees that a legitimate user is in the middle. | 01-07-2010 |
20100023766 | Computer Program Product and Computer System for Peer-to-Peer Communications - A protocol for secure peer-to-peer communications is established based on existing cryptographic techniques and encryption algorithms. The peers ( | 01-28-2010 |
20100031042 | Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS) - The inventive system for providing strong security for UDP communications in networks comprises a server, a client, and a secure communication protocol wherein authentication of client and server, either unilaterally or mutually, is performed using identity based encryption, the secure communication protocol preserves privacy of the client, achieves significant bandwidth savings, and eliminates overheads associated with certificate management. VDTLS also enables session mobility across multiple IP domains through its session resumption capability. | 02-04-2010 |
20100037053 | Mobile station authentication in tetra networks - A method in a communication system. The mobile station is provided with two or more separate subscriber modules having separate authentication identities. The modules are authenticated and a session key is established between these subscriber modules using the system as a trusted party. The invention improves the ability of the communication system to adjust to the varying operational conditions of the users, and user organizations. | 02-11-2010 |
20100042838 | Public Key Out-of-Band Transfer for Mutual Authentication - Methods for key exchange and mutual authentication are provided that allow for inherent authentication and secret key derivation of parties communicating through an unsecured medium. These methods allow for greater security than existing key exchange and authentication methods while requiring little or no additional energy or time compared with a basic Diffie-Hellman key exchange. These methods allow for secure communication with small, low-power devices and greater security for any devices communicating through an unsecured medium. | 02-18-2010 |
20100042839 | REDUCED COMPUTATION FOR BIT-BY-BIT PASSWORD VERIFICATION IN MUTUAL AUTHENTICATION - Authentication methods are provided that allow for superior security, power consumption, and resource utilization over existing authentication methods. By computing only two hashes of a shared secret password for each protocol run, the methods described in this disclosure dramatically reduce the computational power needed to perform authentication. Similarly, by exchanging these hashes bitwise or piecewise for verification, rather than performing new hashes including each bit of the password separately, the methods described in this disclosure reveal less information about the password being authenticated than existing methods. The methods described in this disclosure also allow for authentication using fewer messages and with lower latency, reducing the amount of operational power used in the authentication process. | 02-18-2010 |
20100042840 | CONTENT SHARING SYSTEM AND METHOD - According to an aspect of the invention, there is provided a content sharing system including a first device configured to acquire a right object; a second device configured to acquire a content of the right object from the first device; a session key generation unit provided in the first device and the second device and configured to generate a session key based on mutual authentication; a temporary right object generation unit provided in the first device and configured to generate a temporary right object from the right object by using the session key to supply the generated temporary right to the second device; and a content play unit provided in the second device and configured to receive the temporary right object to play the content of the right object acquired from the first device by using the temporary right object. | 02-18-2010 |
20100049977 | ELECTRONIC APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - The present invention relates to an electronic apparatus, an information processing method, and a program that allow a provision server of an application to be capable of easily causing an electronic apparatus having an IC chip to manage data. When a service-issuing command transmitted from a service-issuing terminal | 02-25-2010 |
20100058058 | Certificate Handling Method and System for Ensuring Secure Identification of Identities of Multiple Electronic Devices - The present invention relates to a certificate handling method and system for ensuring secure identification of multiple electronic devices and especially to a method and a system for autonomously creating, transferring, verifying, issuing and status checking (e.g. revocation status) of digital certificates for electronic communication. The present invention provides a certificate handling method, wherein the electronic devices can mutually authenticate each others identity without the use of a certificate authority and the identities of a first electronic device and a second electronic device are mutually authenticated using a personal area network to establish a trust relationship between the first electronic device and the second electronic device. | 03-04-2010 |
20100070767 | Method and system of secured direct link set-up (DLS) for wireless networks - Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key. | 03-18-2010 |
20100077213 | TRUSTED NETWORK CONNECT SYSTEM BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect (TNC) system based on tri-element peer authentication (TePA) is provided. An network access requestor (NAR) of an access requestor (AR) is connected to a TNC client (TNCC), and the TNCC is connected to and integrity measurement collector (IMC | 03-25-2010 |
20100082983 | SECURE DEVICE ASSOCIATION - Secure device association is generally described. In one example, a secure device association system comprises a first device comprising a mechanical actuator and a second device comprising a microphone, the mechanical actuator of the first device and the microphone of the second device to form an out-of-band (OOB) channel for secure association between the first device and the second device. | 04-01-2010 |
20100115276 | SYSTEM AND METHOD FOR DERIVATING DETERMINISTIC BINARY VALUES - Disclosed herein are systems, computer-implemented methods, and computer-readable media for deriving a deterministic binary value. The method consists of generating a graph from multiple inputs, formalizing the graph, calculating paths between starting and ending nodes in the graph using a shortest path algorithm and performing a digest operation based on the derived paths to generate a deterministic binary value. In another aspect of this disclosure, authentication is performed utilizing deterministic binary values and a graph-merging function. This method allows for diversity in complexity, thus maintaining security on different computer platforms. | 05-06-2010 |
20100125733 | DOWNLOADABLE CONDITIONAL ACCESS SYSTEM, CHANNEL SETTING METHOD AND MESSAGE STRUCTURE FOR 2-WAY COMMUNICATION BETWEEN TERMINAL AND AUTHENTICATION SERVER IN THE DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - Provided are a Downloadable Conditional Access System (DCAS), and a channel setting method and a message format for a 2-way communication between a terminal and an authentication server in the DCAS. The DCAS may include: a verification unit to verify an electronic signature and an integrity with respect to a message received from the authentication server; an extraction unit to extract network access information of the authentication server from the message in which the electronic signature and the integrity are verified; and a channel setting unit to set a communication channel with the authentication server based on the extracted network access information. | 05-20-2010 |
20100125734 | ENCRYPTED IMAGE WITH MATRYOSHKA STRUCTURE AND MUTUAL AGREEMENT AUTHENTICATION SYSTEM AND METHOD USING THE SAME - The present invention relates to an encrypted image with a matryoshka structure and a mutual agreement authentication system and method using the same. The encrypted image with a matryoshka structure is used in authentication in an authentication system having a plurality of layers and comprises: a first encrypted image which can be opened by only a server of any one layer of the authentication system; and a second encrypted image which can be opened by only a server of another layer distinguished from the any one layer, wherein any one sealed encrypted image of the first and second encrypted images is embedded and sealed in the other encrypted image. | 05-20-2010 |
20100131761 | DOWNLOADABLE CONDITIONAL ACCESS SYSTEM AND METHOD OF SESSION CONTROL FOR SECURED 2-WAY COMMUNICATION BETWEEN AUTHENTICATION SERVER AND HOST DEVICE IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - Disclosed is a downloadable conditional access system (DCAS) including a key request unit to transmit a key request message to an authentication server, an authentication request unit to request authentication from the authentication server based on a key response message received from the authentication server in response to the key request message, and a session establishment unit to establish a session with the authentication server, based on an authentication response message received in response to the authentication request. | 05-27-2010 |
20100138657 | System and method for authenticating an end user - A method for authenticating an end user. The method starts by generating a first pattern in response to receiving an authentication request from the end user. Next, the method continues by generating a second pattern in response to receiving confirmation that the end user received the first pattern; the second pattern comprising multiple colored nodes. Then the method determines the authenticity status of the end user by comparing data sent by the end user with the second pattern. The end user having generated the data by overlaying a transparent credit card on top of the second pattern and selecting at least one node which displays a color other than black. Finally, the method sends the determined authenticity status to the end user via an output device. | 06-03-2010 |
20100146275 | AUTHENTICATING A DEVICE WITH A SERVER OVER A NETWORK - The authentication of a device with a server over a network includes authenticating, by the device, the server so as to establish a secure connection with the server. The device communicates identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The server determines the credibility of the device using the identification information communicated by the device. In a case where the server determines that the device is credible, the server creates a first authentication token for the device, stores the first authentication token, and transfers the first authentication token to the device using the secure connection, and the device stores the first authentication token. The server authenticates the device using the first authentication token. | 06-10-2010 |
20100146276 | METHOD OF RECOVERING AND MANAGING SECURITY-RELATED INFORMATION FOR DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - A method of managing security-related information in a Downloadable Conditional Access System (DCAS) is provided. The method of managing security-related information in the DCAS, the method including: receiving a request for storage of identification information and security-related information from a target server, the security-related information being required to be securely maintained; transmitting a recovery key to the target server in preparation for a loss of the security-related information in the target server; receiving a request for recovery of the security-related information from the target server, when the security-related information is lost; encrypting the security-related information of the target server using the recovery key; and transmitting the encrypted security-related information to the target server. | 06-10-2010 |
20100146277 | SEMICONDUCTOR INTEGRATED CIRCUIT - The present invention aims to avoid a needless increase in cable wiring when a cipher key is shared between other electronic devices upon encrypted wireless communication. A semiconductor integrated circuit comprises a wireless communication control circuit for the encrypted wireless communication, a processing unit for managing the cipher key, and a power line communication circuit. The semiconductor integrated circuit is operated by a power supply voltage supplied externally to the power line communication circuit via a power line. The power line communication circuit is coupled to other electronic devices via the power line. The wireless communication control circuit communicates with the other electronic devices by the encrypted wireless communication. Before the semiconductor integrated circuit performs encrypted wireless communication with other electronic devices using the wireless communication control circuit, the semiconductor integrated circuit supplies information about the cipher key to other electronic devices via the power line communication circuit. | 06-10-2010 |
20100153724 | SYSTEM AND METHOD FOR A KEY BLOCK BASED AUTHENTICATION - The present invention relates to a system ( | 06-17-2010 |
20100161986 | Method for Verifying the Authenticity of Messages Exchanged According to a Mobile Internet Protocol - Messages exchanged between a mobile node and a home agent according to a mobile Internet protocol are authenticated using cryptographic methods applied to the messages and which have been agreed on between the mobile node and the home agent. | 06-24-2010 |
20100161987 | DOWNLOADABLE CONDITIONAL ACCESS SYSTEM SERVICE PROVIDING APPARATUS AND METHOD - Provided is a Downloadable Conditional Access System (DCAS) service providing method where a mutual authentication with respect to a DCAS host and an Authentication Proxy (AP) server is performed, operating environment information and host identification information, which are extracted by the AP server, are transmitted by the AP server to a Personalization Server (PS), image information is selected by referring to the host identification information, the operating environment information, and policy information agreed to by a Conditional Access System (CAS) server and the PS, the image information being transmitted by the PS to a code download server, and the image information is transmitted to the DCAS host, when access information of the image information is transmitted to the DCAS host through the PS and the AP server. | 06-24-2010 |
20100169644 | Message authentication code with elliptic polynomial hopping - The message authentication code with elliptic polynomial hopping provides methods for the generation of message authentication codes (MACs) utilizing elliptic curves, which are based on the elliptic curve discrete logarithm problem. The elliptic curve discrete logarithm problem is well known to be a computationally “difficult” or “hard” problem, thus providing enhanced security for the MACs. Different elliptic polynomials are used for different blocks of the same plaintext, each elliptic polynomial for each message block being selected at random using an initial secret key and a random number generator. | 07-01-2010 |
20100174907 | SECURE BOOTSTRAPPING FOR WIRELESS COMMUNICATIONS - A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT. | 07-08-2010 |
20100180118 | Information Processing Apparatus, Method for Switching Cipher and Program - An information processing apparatus is provided which includes a plurality of encryption algorithm units which are respectively capable of performing mutual authentication with an external device by respectively using an encryption method or a cipher key being different from one another; and a data memory unit which stores a plurality of cipher-specific information being provided to each of the encryption algorithm units and including a cipher type which specifies an encryption method used by each of the encryption algorithm units and disabling control information for disabling at least one encryption algorithm unit among the plurality of encryption algorithm units; wherein at least a first encryption algorithm unit among the plurality of encryption algorithm units disables another encryption algorithm unit in accordance with the disabling control information which is stored at the data memory unit when a mutual authentication with an external device succeeds. | 07-15-2010 |
20100185860 | METHOD FOR AUTHENTICATING A COMMUNICATION CHANNEL BETWEEN A CLIENT AND A SERVER - A method for authenticating a communication channel between a client and server has been disclosed. The method employs a mutual authentication payload (MAP) protocol that enables mutual authentication between a client and server system in a convenient user-friendly manner while providing seamless and automated portability to the clients, In the process of mutual authentication, the client verifies that the server entity is indeed the intended entity and is trusted. Likewise, the server verifies if the client entity initiating the exchange is indeed the intended entity and is trusted. Accordingly, this verification process involves multi-factor authentication factors contained within the MAP protocol. | 07-22-2010 |
20100191967 | CLIENT APPARATUS, SERVER APPARATUS, AND PROGRAM - A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake. | 07-29-2010 |
20100205438 | Authenticating method for short-distance radio devices and a short-distance radio device - The invention provides a method for making mutual authentication between short-distance radio devices automatically or after confirmation by users, and a short-distance radio device for realizing the method. In a condition where a plurality of radio devices exist, each of the radio devices comprising a data communicating unit for performing short-distance radio communication and an authenticating unit for performing authentication of the radio device, the authenticating unit performs mutual authentication between two radio devices automatically or after confirmation by users of the radio devices when the two radio devices come closer to each other to such an extent that coverage areas of radio waves generated by the radio devices overlap with each other. | 08-12-2010 |
20100205439 | METHOD AND TERMINAL FOR RECEIVING RIGHTS OBJECT FOR CONTENT ON BEHALF OF MEMORY CARD - Disclosed is a method of receiving by a terminal a rights object (RO) from a rights issuer (RI) on behalf of a memory card, the method including, receiving, by the terminal, a trigger message for RO acquisition from the rights issuing server, comparing, by the terminal, trust anchor and ID of the memory card in a list included in the trigger message with a trust anchor and ID of the memory card within a context of the terminal, transmitting, by the terminal, a RO request message to the rights issuing server if the trust anchor and the ID of the memory card within the context are consistent with those within the list according to the comparison result, and receiving, by the terminal, a RO response message including a protected RO from the rights issuing server. | 08-12-2010 |
20100205440 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROVIDING MEDIUM, INFORMATION DECRYPTION APPARATUS, AND INFORMATION RECORDING MEDIUM - An information processing apparatus, an information processing method, and an information providing medium are provided. Encrypted information, an encrypted first key for decrypting the encrypted information, and a second key for decrypting the first key are processed to store the information in a storage medium. To be more specific, cross certification is executed with the storage medium, the first key is decrypted by the second key, the decrypted first key is encrypted, and the decrypted first key and the encrypted information are stored in the storage medium. The novel constitution prevents unauthorized replication of information by use of a low-cost, general-purpose semiconductor memory. | 08-12-2010 |
20100211786 | METHOD FOR GENERATING AUTHORIZATION KEY AND METHOD FOR NEGOTIATING AUTHORIZATION IN COMMUNICATION SYSTEM BASED ON FREQUENCY OVERLAY - A method for a terminal including a first media access control (MAC) layer and a second MAC layer to create an authorization key includes performing a first network entry process to a base station through the first MAC layer, and performing a second network entry process for a frequency overlay to the base station through the second MAC layer. In this instance, the first network entry process includes acquiring a key for generating an authorization key through an authentication process according to an authentication method negotiated with the base station, and generating a first authorization key through the key for generating the authorization key. The second network entry process includes generating a second authorization key by using the key generated in the first network entry process for generating the authorization key. | 08-19-2010 |
20100217985 | Authenticated Communication Between Security Devices - Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid. | 08-26-2010 |
20100235640 | INFORMATION PROCESSING APPARATUS, METHOD OF MUTUAL AUTHENTICATION, MUTUAL AUTHENTICATION PROGRAM, AND STORAGE MEDIUM - An information processing apparatus and a counterpart apparatus supporting data communications are devised. The information processing apparatus is connected to the counterpart apparatus via a communication network. The information processing apparatus and the counterpart apparatus supporting data communications use mutual authentication using a certificate file. The information processing apparatus includes a certificate management unit, a verification information obtaining unit, and a security key generation unit. The certificate management unit encrypts and decrypts the certificate file using a security key. The verification information obtaining unit obtains verification information of the information processing apparatus. The verification information enables identification of the information processing apparatus as a unique physical entity. The security key generation unit generates the security key by conducting a non-reversible transformation of the verification information obtained by the verification information obtaining unit. The verification information is used as source data. | 09-16-2010 |
20100241858 | Downloadable Conditional Access System, Secure Micro, and Transport Processor, and Security Authentication Method Using the Same - A downloadable conditional access system (DCAS), a secure micro (SM), and a transport processor (TP), and a security authentication method using the same are provided. The DCAS provides a safe security environment through a security protocol which enables mutual authentication and secure channel establishment between the SM and the TP. | 09-23-2010 |
20100250936 | INTEGRATED CIRCUIT, ENCRYPTION COMMUNICATION APPARATUS, ENCRYPTION COMMUNICATION SYSTEM, INFORMATION PROCESSING METHOD AND ENCRYPTION COMMUNICATION METHOD - There is provided an integrated circuit includes an arithmetic circuit having input/output characteristics determined by element-specific physical characteristics; a storage unit having cipher text obtained by performing encryption processing on predetermined secret information using an output value output from the arithmetic circuit with respect to input of a predetermined value and the predetermined value input into the arithmetic circuit stored therein; and a decryption unit that restores the predetermined secret information by inputting the predetermined value stored in the storage unit into the arithmetic circuit and decrypting the cipher text stored in the storage unit using the output value output from the arithmetic circuit when the predetermined secret information is used. | 09-30-2010 |
20100262825 | SECURITY METHOD OF MOBILE INTERNET PROTOCOL BASED SERVER - A security method in a server-based mobile IP system is provided. Specifically, in the security method, general data is securely exchanged in addition to a control message that is exchanged between a mobile node and a server or between mobile nodes. Specifically, provided is a method of securely exchanging data by using a mobile node including an mPAK execution module generating necessary keys by exchanging key information with the server while performing a mutual authentication process and negotiating the security policy; and a security module setting a security policy that is negotiated with the corresponding node and applying the security policy to data according to the set security policy when transmitting the data. | 10-14-2010 |
20100268951 | METHOD OF HANDOVER - A method for quickly performing a handover in a wireless access system is disclosed. The method for quickly performing a handover includes transmitting a handover request message to a serving base station (SBS), receiving a handover response message from the serving base station (SBS), and transmitting an uplink sequence generated by authentication-associated information of the serving base station (SBS) to a target base station (TBS). Therefore, a mobile station (MS) can complete the handover without exchanging a ranging message with the target base station (TBS), such that a communication interruption time can be minimized. | 10-21-2010 |
20100275019 | SERVICE PROVIDING METHOD AND INTEGRATED CIRCUIT - An application program relating to a process of an integrated circuit | 10-28-2010 |
20100281259 | KEY AGREEMENT AND TRANSPORT PROTOCOL WITH IMPLICIT SIGNATURES - A key establishment protocol between a pair of correspondents includes the generation by each correspondent of respective signatures. The signatures are derived from information that is private to the correspondent and information that is public. After exchange of signatures, the integrity of exchange messages can be verified by extracting the public information contained in the signature and comparing it with information used to generate the signature. A common session key may then be generated from the public and private information of respective ones of the correspondents. | 11-04-2010 |
20100293379 | METHOD FOR SECURE DATA TRANSMISSION IN WIRELESS SENSOR NETWORK - A method for secure data transmission in wireless sensor network includes that: the network user determines a master key and inputs it into a central node and a device node; after the central node and the device node have authorized each other, the central node generates a new session key and sends it to the device node; while the central node and the device node communicate with each other, the data sending party uses the new session key to encrypt the data for transmission and verify the integrity of the data, and the data receiving party uses the session key to decrypt the data and verify the integrity of the data. The advantages of the present invention are that: the consumption of computation resource and the communication overhead are greatly reduced without affecting the security performance of the network, the problem of the authorization between the central node and the device node is solved, and the method for generating, transmitting and updating the key realizes the encryption of the data for transmission and the verification of the data integrity, and thus it ensures the security of the data transmission in wireless sensor network. | 11-18-2010 |
20100293380 | QUANTUM CRYPTOGRAPHY APPARATUS - The method involves exchange of a quantum signal between a first quantum node and a second quantum node as is usual in known quantum key distribution (QKD) scheme. The first quantum node communicates details of the quantum signal it sent or received with a first remote node. The first remote node thus has all the information to required to take the place of the first quantum node in the key agreement step with the second quantum node. The first quantum node may be arranged to transmit the quantum signal to the second quantum node, in which ease the invention provides a distributed quantum transmitter with the control logic in the first remote node being distributed remotely from the actual quantum transmitter in the first quantum node. Communications between the first remote node and first quantum node may comprise or be protected by a quantum key derived by conventional QKD. | 11-18-2010 |
20100332832 | TWO-FACTOR AUTHENTICATION METHOD AND SYSTEM FOR SECURING ONLINE TRANSACTIONS - A two-factor authentication system is provided for securing online transactions. In the two-factor authentication system, a transaction server provides online transaction services. A mobile communication device receives short messages. A client computing device applies a first authentication function to communicate with the transaction server, receives, via short messages, a first authentication code used to authenticate the transaction server, and applies a second authentication function to generate a second authentication code. Next, the transaction server authenticates the client computing device with the second authentication function and second authentication code. | 12-30-2010 |
20100332833 | LINK KEY INJECTION MECHANISM FOR PERSONAL AREA NETWORKS - According to one embodiment, a method is disclosed. The method includes generating a link key at a secure component within a first personal area network device and injecting the link key into a protocol stack component database within the first device. The link key may further be transmitted to a second device. Other embodiments are described and claimed. | 12-30-2010 |
20110016317 | Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method, and program - Provided is a key storage device including a receiving unit for receiving package data that includes a template key for decrypting an encrypted template and an authentication key that is used for authentication performed with a terminal that uses the template key and the package data being in a data format that allows restoration only by the key storage device, a key information storage unit for restoring the template key and the authentication key, and for storing the template key and the authentication key in a tamper resistant non-volatile memory, a authentication unit for performing, in case a request for use of the template key is received from the terminal, authentication with the terminal by using authentication information that is based on the authentication key, and a key state management unit for placing, in case the authentication succeeds, the template key in a state usable by the terminal. | 01-20-2011 |
20110022843 | SECURITY IN A MOBILE COMMUNICATION SYSTEM - When a mobile terminal ( | 01-27-2011 |
20110035592 | AUTHENTICATION METHOD SELECTION USING A HOME ENHANCED NODE B PROFILE - An authentication method selection using a home enhanced Node B (H(e)NB) profile is disclosed. A method for selecting an H(e)NB authentication method includes authenticating at least one of the device or the hosting party module by a security gateway (SeGW). The SeGW receives a request from the H(e)NB to start the authentication process. Based on information received from the H(e)NB and an authentication information server, the SeGW determines how to authenticate the H(e)NB. The possible authentication methods include device authentication only, device authentication and hosting party module authentication, requesting the H(e)NB to perform authentication using Extensible Authentication Protocol-Authentication and Key Agreement, or authentication of both the H(e)NB and one or more WTRUs connected to or attempting to connect to the H(e)NB. | 02-10-2011 |
20110035593 | ESTABLISHING SECURE MUTUAL TRUST USING AN INSECURE PASSWORD - A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device's authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established. | 02-10-2011 |
20110047381 | SAFEMASHUPS CLOUD TRUST BROKER - The present invention provides a new method for policy enforcement in a virtualized or cloud environment. We break down the environment into layers, which are further sub-divided into security units. Each security unit has a security profile based on its own security properties and those of the layers below. The security profile also reflects the floor, ceiling and wall security properties. Each security unit has an agent which is used to establish communications with other security units. Such communication is mediated by a cloud trust broker which determines if the communication is permitted based on access control list or else retrieves the security profiles and applies pre-defined rules. If the communications are allowed the cloud trust broker runs a mutual authentication and key distribution protocol that results in the two security units obtaining a session key which they can then use for further communications which can proceed directly. | 02-24-2011 |
20110055567 | Secure Key Management in Multimedia Communication System - Principles of the invention provide one or more secure key management protocols for use in communication environments such as a media plane of a multimedia communication system. For example, a method for performing an authenticated key agreement protocol, in accordance with a multimedia communication system, between a first party and a second party comprises, at the first party, the following steps. Note that encryption/decryption is performed in accordance with an identity based encryption operation. At least one private key for the first party is obtained from a key service. A first message comprising an encrypted first random key component is sent from the first party to the second party, the first random key component having been computed at the first party, and the first message having been encrypted using a public key of the second party. A second message comprising an encrypted random key component pair is received at the first party from the second party, the random key component pair having been formed from the first random key component and a second random key component computed at the second party, and the second message having been encrypted at the second party using a public key of the first party. The second message is decrypted by the first party using the private key obtained by the first party from the key service to obtain the second random key component. A third message comprising the second random key component is sent from the first party to the second party, the third message having been encrypted using the public key of the second party. The first party computes a secure key based on the second random key component, the secure key being used for conducting at least one call session with the second party via a media plane of the multimedia communication system. | 03-03-2011 |
20110072266 | INFORMATION PROCESSING DEVICE, AUTHENTICATION SYSTEM, AUTHENTICATION DEVICE, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM, RECORDING MEDIUM, AND INTEGRATED CIRCUIT - The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A | 03-24-2011 |
20110078443 | METHOD AND SYSTEM FOR SECURE COMMUNICATIONS ON A MANAGED NETWORK - A system and method for discovery and/or authentication of clients to a network, particularly a managed network, substantially without requiring the client and/or access device to transmit an unencrypted address or identification. | 03-31-2011 |
20110093710 | LOW-LATENCY PEER SESSION ESTABLISHMENT - A source device and a target device may endeavor to form a secure communication session whereby encrypted messages may be transmitted over an untrusted network, such as the internet. However, the exchange of many messages in the establishment of the communication session may involve considerable latency and computational resources, particularly in scenarios featuring many communication sessions (e.g., peer-to-peer communication sessions.) Techniques for initiating a communication session may be devised that enables the initiation of a communication session with only two exchanged messages, or even with a single message transmitted from the source device to the target device. Some embodiments of these techniques may also permit the inclusion of advantageous security features, such as authentication via public certificate to detect man-in-the-middle attacks and the inclusion of nonces to detect replay attacks, without increasing the number of messages involved in the initiation of the communication session. | 04-21-2011 |
20110093711 | METHOD AND SYSTEM FOR ENCRYPTING DATA IN A WIRELESS COMMUNICATION SYSTEM - A method and system for encrypting data in a wireless communication system are provided. The system includes a first node for generating a first encryption key using a plurality of encryption key parameters when performing authentication with a second node, for changing a second parameter among the plurality of encryption key parameters to generate a second encryption key being identical to the first encryption key, if a first parameter among the plurality of encryption key parameters is changed during re-authentication between the first node and the second node, for generating the second encryption key using the changed first parameter and the changed second parameter, and for encrypting data to be transmitted to the second node using the second encryption key. | 04-21-2011 |
20110107099 | PRE-AUTHENTICATION METHOD, AUTHENTICATION SYSTEM AND AUTHENTICATION APPARATUS - A pre-authentication method and an authentication system related to the mobile communications field are disclosed. The pre-authentication method includes: when a mobile node (MN) enters a visited network other than a home network, the MN obtains the identity information of the visited network, selects, according to the identity information of the visited network, a first pre-auth-key-file corresponding to the visited network and a first ticket corresponding to the visited network, where the first ticket carries the first pre-auth-key-file, and authenticates the visited authentication, authorization and accounting (VAAA) server according to the first pre-auth-key-file. | 05-05-2011 |
20110119489 | NETWORK AND METHOD FOR ESTABLISHING A SECURE NETWORK - The invention relates to a network with a first node ( | 05-19-2011 |
20110119490 | Controlling Communications - A gateway, program and method for use in a packet-based communication system. The gateway comprises: a connection to a public packet-based network comprising a public-network server and a plurality of public-network user terminals; a connection to a private packet-based network comprising a private-network server and a plurality of private-network user terminals each installed with a public-network communication client; a processing device arranged to receive a login request from a public-network client of a private-network user terminal, and in response to initiate both a private-network authentication procedure involving the private-network server and a public-network authentication procedure involving the public-network server, so as subject to both authentication procedures to enable establishment of a communication channel between one of the public-network user terminals and the public-network client of the private-network user terminal; wherein the processing device is further configured to apply a control policy to communications occurring over said channel. | 05-19-2011 |
20110138183 | METHOD FOR ENSURING SECURITY AND PRIVACY IN A WIRELESS COGNITIVE NETWORK - In some embodiments, authentication, confidentiality, and privacy are enhanced for a wireless network of cognitive radios by encryption of network management and control messages as well as data traffic, thereby protecting information pertaining to node identification, node location, node-sensed incumbent transmissions, CRN frequency channel selections, and such like. During initial network registration, a temporary ID can be issued to a node, and then replaced once encrypted communication has been established. This prevents association of initial, clear-text messages with later encrypted transmissions. Elliptic curve cryptography can be used for mutual authentication between subscribers and the base station. ECC-based implicit digital certificates can be embedded in co-existence beacons used by CRN nodes to coordinate use of frequency channels, thereby preventing denial of service attacks due to transmitting of falsified beacons. Similar certificates can be embedded within identity beacons used to protect certain incumbents from interference by the CRN. | 06-09-2011 |
20110145578 | Actor node, sensor node, coverage block change method, parameter change method, program, and information processing system - An actor node according to the present invention includes a dynamic change unit for temporarily changing a coverage block in which data are obtained from a sensor node and temporarily causing another actor node to obtain, on behalf of the actor node, data from the sensor node arranged in a partial region of at least a portion of the coverage blocks. The dynamic change unit obtains identification information unique to the another actor node from the another actor node. The dynamic change unit notifies, to the sensor node arranged in the partial region, the obtained identification information. The dynamic change unit notifies, to the another actor node, a portion of the hash chain and a temporary key generated using the obtained identification information and the key used for communication with the sensor node arranged in the partial region. | 06-16-2011 |
20110145579 | PASSWORD AUTHENTICATION METHOD - There is provided an authentication method which is secure against various attacks such as a KCI attack on a public network, and can reduce a required calculation amount compared to a conventional method. In this authentication method, a mutual authentication processing technique using Diffie-Hellman type key exchange is modified to compute a master secret Ks in a server by Ks=g | 06-16-2011 |
20110167268 | NETWORK DEVICE AUTHENTICATION - In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network. | 07-07-2011 |
20110167269 | NETWORK DEVICE AUTHENTICATION - In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network. | 07-07-2011 |
20110173448 | AUTHORIZATION OF SERVER OPERATIONS - An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation. | 07-14-2011 |
20110179274 | Shared secret verification method and system - Method for shared secret verification e.g. to be applied in secure data exchange, in which at least two parties, hereinafter indicated as Alice and Bob, each have a secret while their challenge is to find out whether they share the same secret or not, however, without disclosing the secret itself to each other or to any third party. The method comprises the following steps. In step 1, Alice picks a random number RA, encrypts it using Bob's public key PUB, adds the value of her secret SA, and sends the result K to Bob. In step 2 Bob receives K, subtracts his secret SB, and performs a decryption using his own private key PRB. In step 3 Bob performs the one-way function H on L and sends the result M to Alice. In step 4 Alice receives M, takes her original random number RA, performs the same one-way function H and verifies whether the result equals the received M. In step 5 Alice sends her original random number RA to Bob. In step 6 Bob receives RA and verifies whether it equals to his earlier result L and concluding that, if the answer is “no”, Alice knows that Bob has the same secret and that, if the answer is “yes” Bob knows Alice doesn't have the same secret. Instead of performing the steps 6 and 7, Alice and Bob may repeat steps 1 to 5 where it is Bob who starts the exchange. | 07-21-2011 |
20110179275 | TOOLS FOR GENERATING PKI EMAIL ACCOUNTS - The present invention provides systems and methods for allowing an Email User to create a Public Key Infrastructure (PKI) Email Account and thereafter to digitally sign, send, verify and receive PKI encrypted emails over a computer network, such as the Internet. The systems and methods preferably include a Web-based Email System and a Certificate Authority that coordinate their actions to make the process of creating, maintaining and using the PKI Account as easy as possible for the Email User. In a preferred embodiment, a Keystore System may also be used to enhance the management and use of digital keypairs. | 07-21-2011 |
20110208967 | MANAGEMENT APPARATUS AND COPYING APPARATUS - The management apparatus 105 | 08-25-2011 |
20110213974 | IDENTIFYING RELATIONSHIPS BETWEEN USERS OF A COMMUNICATIONS DOMAIN - The invention enables identifying relationships between users of a online communications domain such as a social networking website. First identification tokens | 09-01-2011 |
20110213975 | SECRET INTEREST GROUPS IN ONLINE SOCIAL NETWORKS - Described herein are methods and systems for creating a framework that allows the creation of Secret Interest Groups (SIGs) in Online Social Networks. SIGs are self-managed groups formed outside of the social network, around secret, sensitive, or private topics. A set of cryptographic algorithms are used for the framework implementation. | 09-01-2011 |
20110213976 | METHOD FOR DOWNLOADING CONDITIONAL ACCESS SYSTEM FOR DIGITAL BROADCASTING - The present invention relates to a method of downloading a conditional access system (CAS) for digital broadcasting in a digital broadcasting system. More specifically, the present invention includes a transmitter which includes a DCAS authentication proxy (AP), a personalization server, a DCAS provisioning server, and a head-end, and a set-top box as a receiver, which includes a DCAS host. In particular, a mutual authentication occurs between the DCAS AP and the DCAS host and key distribution, between the personalization server and the DCAS host and key distribution, and between the DCAS provisioning server and the DCAS host and key distribution in order to protecting a conditional access system that descrambles scrambled broadcasting contents when broadcasting contents are downloaded from an IP-TV broadcasting system and viewed. | 09-01-2011 |
20110219232 | CONTROLLER TO BE INCORPORATED IN STORAGE MEDIUM DEVICE, STORAGE MEDIUM DEVICE, SYSTEM FOR MANUFACTURING STORAGE MEDIUM DEVICE, AND METHOD FOR MANUFACTURING STORAGE MEDIUM DEVICE - The present invention is a controller capable of preventing card makers from conducting unauthorized acts. The controller includes: a controller key storage unit | 09-08-2011 |
20110238994 | MANAGEMENT OF SECRET DATA ITEMS USED FOR SERVER AUTHENTICATION - A security device ( | 09-29-2011 |
20110252240 | Mobile Device Management - Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control. | 10-13-2011 |
20110258451 | METHOD FOR UPDATING MOBILE TERMINAL SOFTWARE AND MOBILE TERMINAL - Disclosed are a method for updating mobile terminal software and a mobile terminal. The method comprises the following steps: the mobile terminal software and/or the tool software used for updating the mobile terminal software perform hand-shaking according to encrypted hand-shaking data sent by the other party; wherein in the case that said hand-shaking is successful, the mobile terminal software or the tool software carries out verification of new mobile terminal software according to the pre-encrypted feature identifier of the mobile terminal software and the feature identifier of the new mobile terminal software, and determines whether the update is allowable according to the verification result. By introducing the two authentications of both the handshaking data and of the feature identifier, this invention greatly eliminates the possibility that the terminal may be modified by a software, avoids terminal unlocking and modification of language in the relevant technology, overcomes the deficiencies of the prior art in preventing such unlocking and language modification, ensures to the largest extend the terminal security, and effectively protects the interests of providers. | 10-20-2011 |
20110314284 | METHOD FOR SECURING TRANSMISSION DATA AND SECURITY SYSTEM FOR IMPLEMENTING THE SAME - A method for securing transmission data is to be implemented by a security system including first and second security modules. The first security module provides a first public key to the second security module. The second security module encrypts a second public key and second verification data associated therewith using the first public key, and provides the encrypted second public key and the encrypted second verification data to the first security module. The first security module decrypts the encrypted second public key using a first private key, encrypts first verification data associated therewith using the second public key, and provides the encrypted first verification data to the second security module. The first and second security modules verify each other using the encrypted second and first verification data, respectively. The security system allows data transmission through the first and second security modules when verification is successfully completed. | 12-22-2011 |
20120023334 | METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA). | 01-26-2012 |
20120030467 | METHODS AND SYSTEMS FOR FACILITATING COMMUNICATIONS BETWEEN VEHICLES AND SERVICE PROVIDERS - Methods and systems for facilitating communications between a vehicle and a service provider are provided. A first address of a vehicle communication device and a second address of a service provider communication device are obtained at a remote location that is remote to both the vehicle and the service provider. A set of keys, including a first key and a second key, is generated at the remote server. The first key is for use by the vehicle in establishing communications with the service provider, and the second key is for use by the service provider in establishing communications with the vehicle. The first key is provided to the vehicle, and the second key is provided to the service provider. | 02-02-2012 |
20120079274 | Key Agreement and Transport Protocol with Implicit Signatures - A key establishment protocol between a pair of correspondents includes the generation by each correspondent of respective signatures. The signatures are derived from information that is private to the correspondent and information that is public. After exchange of signatures, the integrity of exchange messages can be verified by extracting the public information contained in the signature and comparing it with information used to generate the signature. A common session key may then be generated from the public and private information of respective ones of the correspondents. | 03-29-2012 |
20120089837 | KEYLESS CHALLENGE AND RESPONSE SYSTEM - A confidential information exchange between a sender and a receiver may be conducted without the use of encryption keys. The information is coded with a Challenge-Response Table that is shared between the sender and the receiver. Rather than sending a challenge and then waiting for a response, the challenge and response are both sent by the sender of the information. The information sent comprises an index with a challenge and a response from the Challenge-Response Table. Upon receiving the coded information, the receiver uses the Challenge-Response Table to decode the information by using the index to locate the challenge and its valid response. Upon determining that the challenge and the response are correct, a first decoded answer is determined. Upon determining that either the challenge or the response, or both, are incorrect, a second decoded answer is determined. | 04-12-2012 |
20120096267 | CREDENTIAL GENERATION SYSTEM AND METHOD FOR COMMUNICATIONS DEVICES AND DEVICE MANAGEMENT SERVERS - Systems and methods are described for establishing credentials at a device and at a device management server for the purpose of exchanging secure credentials in order to mutually authenticate the device and the server. A credential generation algorithm is described which uses a plurality of seeds, including the hardware identity of the device, the server identity, and a shared private key, to generate two sets of credentials, one to be used by the device and the other to be used by the device management server. The credentials are exchanged between the device and the server during any session, thereby assuring mutual authentication. | 04-19-2012 |
20120144197 | POINT-TO-POINT COMMUNICATION METHOD IN A WIRELESS SENSOR NETWORK AND METHODS OF DRIVING COORDINATORS AND COMMUNICATION DEVICES IN THE WIRELESS SENSOR NETWORK - The present invention relates to a point-to-point communication method that performs mutual authentication and creates link keys without using a master key. The point-to-point communication method can include authentication by exchanging authentication information between a first node and a second node from among the plural nodes; and having each of the first node and the second node create a link key, after the authentication is completed. During the authentication, the authentication information uses a secret key of a corresponding coordinator (node). | 06-07-2012 |
20120159170 | METHOD OF AUTHENTICATING VEHICLE COMMUNICATION - A vehicle communication authentication system performs mutual authentication with an authentication subject by performing a user subscriber identify module (USIM)-based authentication protocol in a wireless network, mounts a USIM card in which mutual authentication is succeeded in a vehicle terminal, and performs authentication of vehicle communication with a server that provides a vehicle service. | 06-21-2012 |
20120159171 | METHOD AND SYSTEM FOR ACTIVATING A PORTABLE DATA CARRIER - The invention relates to a method for activating a portable data carrier ( | 06-21-2012 |
20120166801 | MUTUAL AUTHENTICATION SYSTEM AND METHOD FOR MOBILE TERMINALS - Provided is a technique for mutual authentication between different kinds of objects (devices, apparatuses, users, etc.) by expanding the kinds of objects that are subject to authentication, such as authentication between users, authentication between users and an apparatuses (devices, equipment, terminals, etc.), and authentication between apparatuses (devices, equipment, terminals, etc.). | 06-28-2012 |
20120173877 | METHOD AND APPARATUS FOR BUILDING A HARDWARE ROOT OF TRUST AND PROVIDING PROTECTED CONTENT PROCESSING WITHIN AN OPEN COMPUTING PLATFORM - A system architecture provides a hardware-based root of trust solution for supporting distribution and playback of premium digital content. In an embodiment, hardware root of trust for digital content and services is a solution where the basis of trust for security purposes is rooted in hardware and firmware mechanisms in a client computing system, rather than in software. From this root of trust, the client computing system constructs an entire media processing pipeline that is protected for content authorization and playback. In embodiments of the present invention, the security of the client computing system for content processing is not dependent on the operating system (OS), basic input/output system (BIOS), media player application, or other host software. | 07-05-2012 |
20120284517 | WIRELESS AUTHENTICATION USING BEACON MESSAGES - Systems, methods, and other embodiments associated with wireless authentication using beacon messages are described. According to one embodiment, an access point controller includes a transmitter configured to wirelessly transmit a beacon message. The beacon message is configured to announce to a remote device that a wireless access point is available to provide access to a network. The beacon message includes a security identifier that identifies a public key for the wireless access point. | 11-08-2012 |
20120297193 | MTC DEVICE AUTHENTICATION METHOD, MTC GATEWAY, AND RELATED DEVICE - Embodiments of the present invention provide an MTC device authentication method, an MTC gateway, and a related device, which are used to solve a problem that direct interaction between a large quantity of MTC devices and a network side brings a heavy load to a network when the MTC devices are authenticated in the prior art. The method includes: performing, by an MTC gateway, mutual authentication with a core network node; performing, by the MTC gateway, mutual authentication with an MTC device; reporting, by the MTC gateway, a result of the mutual authentication with the MTC device to the core network node; and providing, by the MTC gateway, a non access stratum link protection key K between the MTC device and the core network node according to a key K | 11-22-2012 |
20120303960 | Systems and Methods for Mutual Authentication Using One Time Codes - Methods and systems for mutual authentication and personalizing a transaction device, such as a payment, transaction, or identity card. Successively generated one time codes are calculated by a first and second entity. One of the codes is transmitted to the second entity, which verifies the code is proper, then encrypts a second one time code using a third one time code and transmits the encrypted data to the first entity. The first entity decrypts the data using the third one time code, verifies the encrypted second one time code is proper, thereby mutually authenticating, and establishing a shared encryption key for subsequent communications, including transmission of personalization data. | 11-29-2012 |
20120311334 | METHOD AND APPARATUS FOR SECURE COMMUNICATIONS AND RESOURCE SHARING BETWEEN ANONYMOUS NON-TRUSTING PARTIES WITH NO CENTRAL ADMINISTRATION - A unifying network model with a structure and architecture configured to address security, interoperability, mobility, and resource management, including priority and quality of services is provided. The network of the network model is structured as a hierarchical mesh network, with dynamically generated routing tables. The configuration of the network model optimizes routing and distributes communication load. Every device on the network is capable of being both an endpoint and a forwarder of communications. The network model may include underlying networks that are represented with one of two models, the link model or the star model. The nodes are organized in a hierarchical relationship structure to optimizes throughput. The model may include a cryptographic method of dynamically assigning local network addresses. | 12-06-2012 |
20120324225 | CERTIFICATE-BASED MUTUAL AUTHENTICATION FOR DATA SECURITY - Systems and methods for maintaining data security using client roles, API keys, and certificate-based mutual authentication are presented. A method of protecting sensitive data includes both client authorization techniques and the mutual exchange and verification of certificates between client and server. In one embodiment, access by a client to a server is further limited by temporal constraints, volume constraints, and an end user identity filter. | 12-20-2012 |
20120331295 | METHOD FOR KEY GENERATION, MEMBER AUTHENTICATION, AND COMMUNICATION SECURITY IN DYNAMIC GROUP - The present invention provides a method for keys generation, member authentication and communication security in a dynamic group, which comprises steps: assigning each member an identification vector containing common group identification vector elements and an individual identification vector element, and generating an authentication vector and an access control vector for each member according to the identification vector; using the identification vector elements to generate public key elements and establish an authentication public key and an access control public key; and using a polynomial and the identification vector to generate a private key. The present invention uses these public keys and private keys, which are generated from the identification vectors, to implement serverless member authentication and data access control, whereby is protected privacy of members and promoted security of communication. | 12-27-2012 |
20130007453 | Lattice scheme for establishing a secure multi-identity authentication context - This disclosure describes a secure and computationally-efficient method to establish a single authentication context for multiple identities. The method is implemented in an authentication system using a key exchange protocol, namely, the Diffie-Hellman key exchange. One or more entities that desire to authenticate (either individually or jointly) register with the authentication system and receive private Diffie-Hellman keys (the PINs). Later, during an authentication operation, each entity provides the PIN to the authentication system, preferably over a secure transport. The authentication system, using Diffie-Hellman key exchange artifacts, generates a Diffie-Hellman cryptographic value for each PIN, although the value need not be maintained private. The authentication system orders the Diffie-Hellman values as a “partially ordered set” to form a lattice. An authentication context is derived from the Diffie-Hellman values in the lattice. Thus, for example, during authentication of multiple entities, a shared key is computed incrementally as the Diffie-Hellman keys arrive from the entities for which a multi-identity authentication is required. The shared key represents a proof of group authentication. | 01-03-2013 |
20130024692 | METHOD AND APPARATUS FOR LOCAL AREA NETWORKS - A mechanism for segregating traffic amongst STAs that are associated with a bridge, referred to herein as the personal virtual bridged local area network (personal VLAN), is based upon the use of a VLAN to segregate traffic. The IEEE 802.1Q-1998 (virtual bridged LANs) protocol provides a mechanism that is extended by the invention to partition a LAN segment logically into multiple VLANs. In the preferred embodiment, a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong. One embodiment of the invention extends the standard VLAN bridge model to provide a mechanism that is suitable for use within an AP. In a preferred embodiment, the Personal VLAN bridge extends the standard VLAN bridge in at least any of the following ways: VLAN discovery in which a personal VLAN bridge provides a protocol for VLAN discovery; VLAN extension in which a Personal VLAN allows a station to create a new port that serves a new VLAN, or to join an existing VLAN via an authentication protocol; Logical ports in which a Personal VLAN bridge can maintain more than one logical port per physical port, and bridges between ports of any kind; and cryptographic VLAN separation. | 01-24-2013 |
20130054969 | Secured privileged access to an embedded client on a mobile device - Disclosed is an apparatus and method to access privileges of Virtual Mobile Management (VMM) client in mobile device. A disclosed example method contains an assigning embedded stub to raise the access privilege of the tool on a mobile device, the embedded stub is integrated by an operating system of the mobile device with “root” privilege, determining via a secured key exchange algorithm that the VMM client and tools is authorized to be installed on the mobile device then, the VMM client and tools of a mobile device are authorized to access a network interface of the Communication Endpoint Gateway (CEG) server, configuring the embedded stub to install the key exchange procedure for the shared certification between the embedded stub, VMM client and the session mediation server, enabling the embedded stub to communicate through a secure link via VMM client. | 02-28-2013 |
20130091358 | FACILITATING SECURE ONLINE TRANSACTIONS - A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet. | 04-11-2013 |
20130124865 | COMMUNICATION SYSTEM, COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND COMPUTER PROGRAM - Content is transmitted within a range of the user's legitimate use while limiting the number of equipment to which the content is transmitted at the same time. | 05-16-2013 |
20130227290 | Communication Apparatus and Communication Method - According to an embodiment, a communication apparatus includes a security control unit. The security control unit establishes first and second secure communication channels to a first server which manages communication security keys and second server which provides a service regarding a smart meter, respectively when operation to the smart meter is started, performs mutual authentication with the first server and acquire a first key from the first server via the first secure communication channel, and relays mutual authentication with the first server and acquisition of a second key from the first server via the first secure communication channel for the smart meter. | 08-29-2013 |
20130332735 | METHOD AND APPARATUS FOR PROTECTING DIGITAL CONTENT IN A STORAGE DEVICE - Techniques for protecting digital content in a storage device from pirate and illegal use are described. According to one aspect of the techniques, a method for protecting digital content stored in a storage device from illegally accessing by a host, comprises: exchanging data between the storage device and the host to achieve a mutual authentication between the storage device and the host; disabling an encryption/decryption module in the storage device to prohibit the host from reading out the digital content decrypted by the encryption/decryption module until the authentication of the storage device to the host passes; and disabling the host to prohibit the host from reading out the digital content decrypted by the encryption/decryption module if the authentication of the host to the storage device fails. Thereby, pirate and illegal use of the digital content stored in the storage device are effectively prevented or decreased. | 12-12-2013 |
20130339735 | AUTHENTICATION METHOD - According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match. | 12-19-2013 |
20140006784 | TECHNIQUES FOR USER-VALIDATED CLOSE-RANGE MUTUAL AUTHENTICATION | 01-02-2014 |
20140059350 | UNAUTHORIZED CONNECTION DETECTING DEVICE, UNAUTHORIZED CONNECTION DETECTING SYSTEM, AND UNAUTHORIZED CONNECTION DETECTING METHOD - An unauthorized connection detecting device, which detects whether or not a power storage device is an unauthorized power storage device, includes: a communications unit receiving first charge/discharge information in which first identification information and first connection information are associated each other, the first identification information identifying an encryption key of the power storage device used for mutual authentication between a charge/discharge device and the power storage device, and the first connection information being on the power storage device and obtained when the power storage device is connected to the charge/discharge device; and an unauthorization detecting unit detecting whether or not the power storage device is the unauthorized power storage device, by determining, using the first identification information and the first connection information, whether or not two or more power storage devices associated with a single first identification information item are present. | 02-27-2014 |
20140082362 | METHOD OF ANONYMOUS ENTITY AUTHENTICATION USING GROUP-BASED ANONYMOUS SIGNATURES - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA). | 03-20-2014 |
20140101446 | SECURE CLIENT-SIDE KEY STORAGE FOR WEB APPLICATIONS - Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for secure client-side key storage for authentication tracking. Implementations include actions of determining, at a browser executed on a client-side computing device, that an application is authentic, the application being executed on a server-side computing device, in response to determining that the application is authentic, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain including a static script that handles the SSK and that selectively provides request signatures, receiving, at the sub-domain, a message requesting a request signature, determining that the message originated from an authentic origin, and in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK. | 04-10-2014 |
20140101447 | Mutual Authentication Schemes - Implementations of the present disclosure are directed to web-based authentication. Implementations include receiving user credentials at a browser, transmitting a first request to an application, the first request including a first user credential, receiving a first response, the first response including an encrypted server public key (SPK) and a user-specific salt value, decrypting the encrypted SPK to provide a SPK, the encrypted SPK being decrypted based on the user-specific salt value and a second user credential, determining a browser public key (BPK) and a client-side session signing key (SSK), encrypting the BPK to provide an encrypted BPK, transmitting a second request to the application, the second request including the encrypted BPK and a request signature, the request signature having been provided based on the client-side SSK, and receiving a second response, the second response including a response signature and indicating that a user has been authenticated by the application. | 04-10-2014 |
20140115335 | SECURE MACHINE-TO-MACHINE COMMUNICATION PROTOCOL - A task list server supports secure asynchronous communications between both a workstation and one or more machines. The task list server stores requests and responses initiated by either side and establishes secure communication channels used to forward the data between parties. The communication between workstation and machine may be delayed by hours or even days, depending on the work schedule and network access of both the workstation operator and machine. The machine may process requests in order from highest priority to lowest priority and from oldest to newest. Public key encryption may be used to establish secure channels between the task list server and the workstation or the one or more machines using a combination of certificate authorities including both manufacturers and owner/operators. | 04-24-2014 |
20140122881 | METHOD AND SYSTEM FOR CONTROLLING A DEVICE - A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted. | 05-01-2014 |
20140136845 | APPARATUS AND METHOD FOR USING MEMORY DEVICE - A method and an apparatus for using a memory device are provided. A host device includes a transmitter that transmits data; a receiver that receives data; and a controller configured to receive configuration information of the memory device including the information related to the data stored in the one or more slots determined according to each vendor of the memory device, identify information related to predetermined data in the configuration data of the memory device, and receive the predetermined data from the memory device. | 05-15-2014 |
20140181520 | METHOD USING A SINGLE AUTHENTICATION DEVICE TO AUTHENTICATE A USER TO A SERVICE PROVIDER AMONG A PLURALITY OF SERVICE PROVIDERS AND DEVICE FOR PERFORMING SUCH A METHOD - A method for authenticating a user to a provider, among a plurality of providers. The method uses an authentication device comprising, for each of provider, a record comprising a pairing key and first data, both as shared data. Provider authentication data comprises a first cryptogram obtained by encrypting said first data with said pairing key. Authenticating provider authentication data is performed at the authentication device by the steps of decrypting said first cryptogram by means of the pairing key stored in one of said records, then comparing the result of this decryption with first data resulting from pairing data stored in said record, if the comparison does not indicate a match, then processing again the previous decryption and comparison steps by using the pairing key of another record until each of said records stored in the authentication device has been processed. | 06-26-2014 |
20140215213 | FACILITATING SECURE ONLINE TRANSACTIONS - A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet. | 07-31-2014 |
20140250301 | NETWORK CODING-BASED ANONYMOUS COMMUNICATION - A computer-based peer-to-peer anonymous networking using a coding scheme with a formal information theoretic security characterization to construct a corresponding overlay subgraph is presented. A code construction based on linear coding which can be used for data transfer in an anonymous network is also presented. Various performance and simulation of the presented codes are provided in the Annex A1 which makes part of the present disclosure. | 09-04-2014 |
20140281540 | KEYCHAIN SYNCING - Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels. | 09-18-2014 |
20140281541 | AUTHENTICATION FOR RELAY DEPLOYMENT - Techniques for proving enterprise mode security for relays are disclosed. For example, enterprise mode security based on IEEE 802.1x is provided for relays or other similar devices to extend the coverage of access point hotspots or other similar access point use cases. According to one aspect, a relay incorporates an authentication client associated with an authentication server. According to another aspect, a four address format is employed for tunneling messages via a relay between a station and an access point. According to another aspect, a cryptographic master key associated with an access point and a station is provided to a relay to enable the relay to be an authenticator for the station. | 09-18-2014 |
20140337626 | CONTENT REPRODUCING DEVICE, CONTENT REPRODUCING METHOD, AND CONTENT REPRODUCING SYSTEM - According to one embodiment, a content reproducing device is provided with connection unit and reproducing unit. The connection unit connects a license server and removable medium to each other in such a manner that mutual authentication can be carried out between the license server and removable medium, and rights information can be downloaded from the license server to the removable medium. The reproducing unit carries out mutual authentication between itself and the removable medium and, when the authentication is successful, acquires rights information recorded on the removable medium to thereby decrypt the encrypted content item delivered by the content server on the basis of the rights information, and subject the decrypted content item to streaming reproduction. | 11-13-2014 |
20140351595 | Key Management in a Communication Network - A method and apparatus for key management in a communication network. A Key Management Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device. | 11-27-2014 |
20140380051 | SECURE DATA ACCESS USING SQL QUERY REWRITES - A mechanism is provided for secure data access in a data processing system. A database having two tables is provided. A subset of the tables' primary key attributes is considered sensitive. A first user is authorized to access the primary key's sensitive attribute in an unmasked format, while a second user is authorized to access same data in a masked format. Two security views are generated granting the second user access to the primary key's sensitive attribute values of both tables in the masked format. The masked format value is generated from an unmasked format value using a reversible function. A join operation between the two security views is performed by optimizing a query statement corresponding to the join operation. | 12-25-2014 |
20140380052 | Message filtering method and system - A message filtering method and system is provided for enabling a terminal to determine whether a message is true or false. A message server and a mobile network server perform mutual authentication and negotiate with each other for a sequence code for message verification; when transmitting a message to a terminal, the message server contains the sequence code in the message; after receiving the message, the terminal transmits the sequence code to the mobile network server for verification, presents the message for the user if the verification is passed, or rejects the message if the verification is not passed. By verifying the source of a message received using a sequence code, a false message server can be prevented from spreading a false message to terminals. | 12-25-2014 |
20150046710 | Industrial control system redundant communications/control modules authentication - A set of redundant industrial control system communications/control modules includes at least a first communications/control module and a second communications/control module. The first and second communications/control modules are configured to perform an authentication sequence including: transmitting a request datagram from the first communications/control module to the second communications/control module, the request datagram including a first nonce, a first device authentication key certificate, and a first identity attribute certificate; transmitting a response datagram from the second communications/control module to the first communications/control module, the response datagram including a second nonce, a first signature associated with the first and second nonces, a second device authentication key certificate, and a second identity attribute certificate; and transmitting an authentication datagram from the first communications/control module to the second communications/control module when the response datagram is valid, the authentication datagram including a second signature associated with the first and second nonces. | 02-12-2015 |
20150074403 | METHOD AND APPARATUS FOR MUTUAL AUTHENTICATION - Disclosed is a method for mutual authentication between a station, having a digital rights agent, and a secure removable media device. The digital rights agent is configured to initiate mutual authentication by sending a message to the secure removable media device. The secure removable media device is configured to encrypt at least a first random number using a public key associated with the digital rights agent. The digital rights agent is configured to decrypt the encrypted first random number, and encrypt at least a second random number and a first hash based on at least the first random number. The secure removable media device is configured to decrypt the encrypted second random number and the first hash, verifie the first hash to authenticate the digital rights agent, and generate a second hash based on at least the second random number. The digital rights agent is configured to verify the second hash to authenticate the secure removable media device. | 03-12-2015 |
20150082038 | DISPLAY CONTROL APPARATUS, DISPLAY CONTROL METHOD AND SERVER SYSTEM - A display control apparatus performs download processing and streaming processing. In the download processing, after first mutual authentication between removable media and a license server, the removable media receive and store a first title key from a license server and first encrypted content from a content server. In the streaming processing, the removable media and the license server perform second mutual authentication, the removable media receive and store a second title key and a content address from the license server, the removable media and the display control apparatus perform third mutual authentication, the display control apparatus acquires the second title key and the content address recorded on the removable media, the display control apparatus streams and receives second encrypted content from the content server, and the display control apparatus decodes the streamed-and-received second encrypted content using the second title key, and streams and reproduces the decoded second encrypted content. | 03-19-2015 |
20150089227 | INFORMATION PROCESSING DEVICE, MANAGEMENT APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an information processing device is connected to a management apparatus via a network. The device includes a receiver, an acquisition unit, an MKB processor, and an authentication unit. The receiver is configured to receive communication information. The acquisition unit is configured to acquire a media key block from the management apparatus, in response to receipt of the communication information from a first external device not belonging to a group previously classified on a management unit basis by the management apparatus, the first external device and the information processing device being enabled to derive a first group key based on the media key block. The MKB processor is configured to generate the group key from a device key of the information processing device and the media key block. The authentication unit is configured to perform encrypted communication with the external device based on an authentication method using the group key. | 03-26-2015 |
20150100788 | APPARATUS AND METHOD FOR MANAGING USE OF SECURE TOKENS - A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed. | 04-09-2015 |
20150113275 | TAMPER-RESISTANT AND SCALABLE MUTUAL AUTHENTICATION FOR MACHINE-TO-MACHINE DEVICES - An authentication request message is sent from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device. A challenge message is received at the first computing device from the second computing device. In response to the challenge message, a session key is computed at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device. Upon generating the session key, the first computing device extracts a value from the challenge message and generates an authentication delegate based on the extracted value. The authentication delegate is sent from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device. | 04-23-2015 |
20150149776 | APPARATUS AND METHOD FOR SECURE DELIVERY OF DATA FROM A COMMUNICATION DEVICE - A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed. | 05-28-2015 |
20150149777 | MOBILE TERMINAL, TERMINAL AND AUTHENTICATION METHOD USING SECURITY COOKIE - An authentication method including: transmitting, by a first terminal, a security cookie to a server and making an authentication request; transmitting, by the server, session information and the security cookie to a second terminal in response to the authentication request; verifying, by the second terminal, whether the security cookie has been encoded by a session key pre-stored in the second terminal; and performing, by the second terminal and the server, mutual authentication in the case in which the security cookie is encoded by the session key pre-stored in the second terminal is disclosed. | 05-28-2015 |
20150149778 | CONTENT RECEPTION APPARATUS AND METHOD, AND CONTENT TRANSMISSION APPARATUS AND METHOD - A content reception apparatus includes: a communication unit that communicates with a content transmission apparatus; an authenticating unit that performs mutual authentication with the content transmission apparatus; a content recording unit that records content; and a content reproduction output unit that reproduces the content, wherein the content is received from the content transmission apparatus and is recorded in the content recording unit after the authenticating unit performs first authentication with the content transmission apparatus, and the content recorded in the content recording unit is reproduced after the authenticating unit performs a process including second authentication with the content transmission apparatus. | 05-28-2015 |
20150295928 | DISTRIBUTED CRYPTOGRAPHY SYSTEM - A card reader controller engine includes an interface controller responsive to information. The engine is coupled to the interface controller and is configured to compress the information before the information is to be stored in a memory card. A master interface is coupled to the engine and is further responsive to the compressed information for storage in the memory card. | 10-15-2015 |
20150318993 | OFF-HOST AUTHENTICATION SYSTEM - An off-host authentication system includes an authentication information handling system (IHS) that is coupled to a network. The off-host authentication system also includes a host processing system. An off-host processing system in the off-host authentication system is coupled to the host processing system and is coupled to the authentication IHS through the network. The off-host processing system provides an encrypted primary authentication item to the authentication IHS through the network. The off-host processing system then receives an encrypted secondary authentication token from the authentication IHS through the network. The off-host processing system then decrypts the encrypted secondary authentication token to produce a decrypted secondary authentication token and uses the decrypted secondary authentication token to retrieve a tertiary authentication token. The off-host processing system then provides the tertiary authentication token to the host processing system for use in logging a user into a user IHS that includes the host processing system. | 11-05-2015 |
20150319172 | GROUP AUTHENTICATION AND KEY MANAGEMENT FOR MTC | 11-05-2015 |
20150326573 | SYSTEM AND METHOD FOR TRUSTED PAIR SECURITY - A system for and method of protecting a resource is presented. The system and method include a trusted pair consisting of an initiator and a receiver. The receiver faces outward and is connected to a network, such as the Internet. The initiator is connected to the protected resource. In establishing a connection between the initiator and the receiver, the initiator initiates all communications. This configuration simplifies environment management, improves security including access controls, and facilitates deployment of internet-facing resources by changing the traditional model of component-to-component connection. | 11-12-2015 |
20150341177 | SECURE METHOD FOR REMOTE GRANT OF OPERATING RIGHTS - In the method and system of establishing a trusted relationship, first a virtual private network is established between a key device and at least one locking device. Thereafter, in order to establish a trusted relationship the key device sends a message encrypted with its private cryptographic key to at least one locking device. The message comprises the certificate of the trusted key device and the certificate of some other device, with which the locking device that received the message shall establish a new trusted relationship. By using the established trusted relationship either a trusted relationship between the locking device and a new key device or a trusted relationship between two or more locking devices is established, whereby a virtual private network can be established between the locking devices. | 11-26-2015 |
20150358814 | ENCRYPTED COMMUNICATION BETWEEN PAIRED DEVICES - In some examples, a device may include at least one communication interface configured to exchange signals with another device, and a pairable component configured to: assure the another device of mutual proximity by exchange of at least two progressively increasing locator signals and corresponding acknowledgement signals, receive executable validating code from the another device, execute the validating code, output a self-validating result of executing the validating code, verify pairing with the another device, and generate a secret key to ensure a private exchange of data between the mutually proximate, paired, and validated device and another device. | 12-10-2015 |
20150381618 | METHOD OF MUTUAL VERIFICATION BETWEEN A CLIENT AND A SERVER - A method of mutual verification between a client and a server is disclosed. The method comprises receiving a request via a telecommunication link, the request comprising an address of the server; receiving a verification data; decrypting the verification data with a private key of the server; identifying an account identity (ID) of the client from the decrypted verification data; generating a first logon token; generating a logon message comprising the first logon token and a uniform resource locator (URL) of the server; encrypting the logon message with a public key of the client; transmitting the logon message via the telecommunication link; receiving a logon request comprising the account ID and a second logon token; and determining whether the second logon token matches the first logon token. | 12-31-2015 |
20160014100 | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, KEY MANAGEMENT APPARATUS, AND COMMUNICATION METHOD | 01-14-2016 |
20160021536 | INTEGRATED CIRCUIT, COMMUNICATION METHOD, COMPUTER PROGRAM, AND COMMUNICATION APPARATUS - There is provided an integrated circuit capable of performing more secure encrypted communication using near field non-contact wireless communication. The integrated circuit including a communication processing section configured to communicate with another apparatus through non-contact communication, and an encryption information generation section configured to make a determination on generation of authentication information used to mutually authenticate the other apparatus in performing non-contact communication with the other apparatus depending on presence or absence of a history of non-contact communication with the other apparatus, before the communication processing section executes communication of encrypted information with the other apparatus. The integrated circuit allows more secure near field non-contact wireless communication to be performed. | 01-21-2016 |
20160056962 | TRANSACTION AUTHORIZATION METHOD AND SYSTEM - Authorizing transactions by an authentication provider involves at least one preparatory phase and an authorization phase. The preparatory phase includes registering a user account with several personal devices, each with an authentication application installed. The authorization phase receives knowledge of the transaction; determines the user account related to the transaction; determines at least one personal device registered with the user account related to the transaction; receives a request for details specific to the transaction from at least one personal device; provides the authentication application of the at least one personal device with the requested details specific to the transaction; receives from the authentication application a digitally signed transmission which indicates transaction-specific instructions received by the authentication application; and authorizes or denies the transaction based on the received transaction-specific instructions. | 02-25-2016 |
20160099938 | Authenticating Method and Apparatus Using Electronic Device - An authentication method and apparatus for an electronic device. A first electronic device transmits a mutual authentication request for the first electronic device and a second electronic device communication-connected with the first electronic device to an authentication server. The first electronic device receives mutual authentication information for each of the first electronic device and the second electronic device from the authentication server, and stores the mutual authentication information in the first electronic device and the second electronic device. The first electronic device determines whether reliability of an authentication state between the first electronic device and the second electronic device is maintained. The first electronic device acquires an authentication result for a service using the second electronic device from the authentication server by using the mutual authentication information for each of the first electronic device and the second electronic device, when the reliability is maintained. | 04-07-2016 |
20160156626 | MUTUAL AUTHENTICATION WITH SYMMETRIC SECRETS AND SIGNATURES | 06-02-2016 |
20160165435 | ENCRYPTED COMMUNICATIONS METHOD AND ENCRYPTED COMMUNICATIONS SYSTEM - The encrypted communication method and an encrypted communication system include a mobile terminal and an application server to execute two-way authentication and establish encrypted mobile communication between them, and then execute key derivation. A client host is started up, and reads and run client system software and client network application software stored in its Read-Only Memory (ROM). The client host and the application server retrieve the IP address of the counter-party respectively, and set IP address filtering rules respectively. The application server generates random numbers and keys, and sends the random numbers and the keys to the client host via the mobile terminal. The client host and the application server execute IP address filtering, two-way authentication, and key negotiation, and thereby establish encrypted network communication. The system and method ensure end-to-end security of network applications. | 06-09-2016 |
20160380774 | VIRTUAL CREDENTIALS AND LICENSES - Providing virtualized credentials of a holder includes authorizing a subset of credential data to be sent to a device of a relying party that is different from the holder, where the subset of credential data depends on a role of the relying party, selection by the holder, and/or contextual data of the relying party and includes displaying the subset of credential data on a screen of the device of the relying party. The contextual data may be a privacy level setting, distance between the relying party and the holder, and/or geolocation of the relying party. The role of the relying party may be provided by the relying party. Role information provided by the relying party may be provided in a verifiable format. The role information may be digitally signed or securely derived and determined by a mutual authentication algorithm between the relying party and the holder. | 12-29-2016 |
20160381011 | NETWORK SECURITY METHOD AND NETWORK SECURITY SYSTEM - Disclosed are a network security method and a network security system. The method comprises steps: a third-party server, an application server, a mobile terminal and a client host being started and running respective read-only software; an application IC card transmitting an input user password to the application server; the application server and the client host respectively starting data packet filtering; the mobile terminal executing encryption and decryption computations of encrypted Internet communication of the client host; the client host directly logging in the application server and transmitting a user command to the application server; the mobile terminal and/or the application IC card confirming the user command with the application server; and the mobile terminal and/or a third-party IC card generating a user command digital signature. The system comprises the application IC card, the mobile terminal, the client host, the application server, the third-party IC card and the third-party server. | 12-29-2016 |
20160381555 | SYSTEM AND METHODS FOR UICC-BASED SECURE COMMUNICATION - A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed. | 12-29-2016 |