Patent application number | Description | Published |
20080240440 | SYNCHRONIZATION TEST FOR DEVICE AUTHENTICATION - Device authentication is based on the ability of a human to synchronize the movements of his or her fingers. A pairing procedure for two wireless devices may thus involve a synchronization test that is based on the relative timing of actuations of input devices on each of the wireless devices. In some aspects a synchronization test involves determining whether actuations of user input devices on two different wireless devices occurred within a defined time interval. In some aspects a synchronization test involves comparing time intervals defined by multiple actuations of user input devices on two wireless devices. | 10-02-2008 |
20080263117 | INITIAL SEED MANAGEMENT FOR PSEUDORANDOM NUMBER GENERATOR - A secure seeding and reseeding scheme is provided for pseudorandom number generators by using a pre-stored initialization seed. This scheme initializes a pseudorandom number generator into an unknown state even when entropy collection is unavailable. A primary seed file and a shadow seed file are maintained with initialization seed information in a secure file system. If the primary seed file is corrupted, the pseudorandom number generator is seeded with the content of the shadow seed file. Additionally, a trusted timer or clock may be mixed with the pre-stored initialization seed to add entropy even when the pre-stored seed information has been compromised. | 10-23-2008 |
20090003597 | Small Public-Key Based Digital Signatures for Authentication - Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated. | 01-01-2009 |
20090005140 | REAL WORLD GAMING FRAMEWORK - A virtual environment and real world environment are combined into a framework that facilitates large-scale social interaction in multi-player fantasy games played in both the real world and/or a virtual world. Such combination of real and virtual world features may blend geo-caching, orienteering, and other virtual gaming features to enable players to interact across the real and virtual environments. A real world player is also mapped into the virtual environment, thereby inserting the player's movements and actions into the virtual environment. Additionally, this feature enables interaction between players located in a real environment with characters found in a virtual environment. A player may use a mobile device that is configured to recognize the geo-location and orientation of the player and display a corresponding view of the virtual environment gaming landscape for the player. | 01-01-2009 |
20090282243 | PUZZLE-BASED AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A puzzle-based protocol is provided that allows a token and verifier to agree on a secure symmetric key for authentication between the token and verifier. A token stores a secret key and one or more puzzle-generating algorithms. The verifier independently obtains a plurality of puzzles associated with the token, pseudorandomly selects at least one of the puzzles, and solves it to obtain a puzzle secret and a puzzle identifier. The verifier generates a verifier key based on the puzzle secret. The verifier sends the puzzle identifier and an encoded version of the verifier key to the token. The token regenerates the puzzle secret using its puzzle-generating algorithms and the puzzle identifier. The token sends an encoded response to the verifier indicating that it knows the verifier key. The token and verifier may use the verifier key as a symmetric key for subsequent authentications. | 11-12-2009 |
20090282253 | NETWORK HELPER FOR AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS - A network helper is provided that assists verifiers in executing a puzzle-based protocol for authentication of a token. A token stores a secret key and one or more puzzle-generating algorithms. The helper stores a plurality of puzzles associated with a particular token. When requested to do so by a verifier, the helper provides a plurality of pseudorandomly selected puzzles for the token to a verifier. The puzzles are encoded with information that is used between the verifier and token to establish a secured symmetric key. The verifier selects one or a few of the encoded puzzles and breaks them by a brute force attack. Because the helper does not know which puzzles have been selected, it has to break all puzzles to attempt to figure out the symmetric key. However, if a large number of puzzles are utilized, say millions, then breaking all of them becomes a computationally prohibitive task. | 11-12-2009 |
20090307766 | METHOD AND APPARATUS FOR VERIFYING DATA PACKET INTEGRITY IN A STREAMING DATA CHANNEL - Disclosed is a method for verifying data packet integrity in a streaming-data channel. In the method, data packets are received from the streaming-data channel. Each data packet includes a data payload and a corresponding message integrity code. The received data packets are processed in a first processing mode, wherein the received data packets are forwarded to an application module before checking the integrity of the data packets using the respective message integrity codes. An integrity-check-failure measurement is generated for monitoring an integrity-check-failure rate in the first processing mode. If the integrity-check-failure measurement exceeds an integrity-check threshold, then the method transitions to a second processing mode. A received data packet is forwarded to the application module in the second processing mode only after passing the integrity check. | 12-10-2009 |
20100049615 | MOBILE COMMERCE AUTHENTICATION AND AUTHORIZATION SYSTEM - The mobile commerce authentication and authorization system disclosed, illustrated, and claimed allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the user of the mobile wireless communications instrument is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A transaction matching subsystem located in a wireless customer server hub may assist in processing the location data and the payment sum amount across the wireless communications network. | 02-25-2010 |
20100098242 | APPARATUS AND METHOD FOR EVALUATING A CIPHER STRUCTURE'S RESISTANCE TO CRYPTANALYSIS - Disclosed is a method for evaluating resistance to cryptanalysis of a cipher structure having a diffusion element including a linear transformation placed between differently-sized confusion elements at an input and an output of the diffusion element. A generalized minimum number of non-zero symbols at the diffusion element's input and output is determined. The diffusion element's input is divided into subset inputs, each having a size corresponding to the size of each confusion element at the diffusion element input. For each subset input, a subset number of non-zero symbols at the subset input and the diffusion element output is determined. Each subset number is summed to generate a summed subset number. The summed subset number is subtracted from the generalized minimum number to generate a worst-case number. An upper bound of a maximum differential characteristic probability is calculated and used to evaluate the cipher structure. | 04-22-2010 |
20100100933 | APPARATUS AND METHOD FOR TRANSITIONING ACCESS RIGHTS FOR ROLE-BASED ACCESS CONTROL COMPATIBILIITY - Disclosed is a method for transitioning access rights, in a remote station with role-based access control, for an unknown role having access rights defined by a central access control management module. In the method, a role capability table is maintained in the remote station specifying centrally-defined access rights of roles that are interpretable in the remote station. An access request associated with an unknown role that is not interpretable in the remote station is received. The access request includes a role transition list that relates the unknown role to other centrally-defined roles. At least one of the other centrally-defined roles is interpretable in the remote station. A role is selected, from the role transition list, that is interpretable in the remote station for interpreting the unknown role of the access request. Access is granted based on the access request associated with the unknown role using the access rights of the interpretable role selected from the role transition table. | 04-22-2010 |
20100115286 | LOW LATENCY BLOCK CIPHER - A block cipher is provided that secures data by encrypting it based on the memory address where it is to be stored. When encrypting data for storage in the memory address, the memory address is encrypted in a first plurality of block cipher rounds. Data round keys are generated using information from the first plurality of block cipher rounds. Data to be stored is combined with the encrypted memory address and encrypted in a second plurality of block cipher rounds using the data round keys. The encrypted data is then stored in the memory location. When decrypting data, the memory address is again encrypted as before while the encrypted stored data is decrypted in a second plurality of the block cipher rounds using the data round keys to obtain a partially decrypted data. The partially decrypted data is combined with the encrypted memory address to obtain fully decrypted data. | 05-06-2010 |
20100174907 | SECURE BOOTSTRAPPING FOR WIRELESS COMMUNICATIONS - A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT. | 07-08-2010 |
20100198733 | Enabling Payment Using Paperless Image Of A Check - Payment or financial transactions are facilitated between two parties by utilizing mobile devices. A payor's mobile device may be adapted to generate an electronic/paperless version or image of a check. The payor may make the paperless image of a check out to a particular payee so that it can be cashed from the payor's checking account. The electronically-generated check may be in the form of an image than can be transmitted by the payor's mobile device to the recipient's mobile device. The payee then submits the received check, electronically or in paper form, to a financial institution for redemption. | 08-05-2010 |
20100246824 | APPARATUS AND METHOD FOR VIRTUAL PAIRING USING AN EXISTING WIRELESS CONNECTION KEY - Disclosed is a method for virtual pairing of a first peer device with a second peer device. In the method, a nonce is generated at the first peer device for use in virtually pairing the first and second peer devices to establish a first-type wireless connection. The nonce is forwarded from the first peer device to the second peer device over an already established second-type wireless connection between the first and second peer devices. At least one new key is generated from the nonce and a shared key for the already established second-type wireless connection. The first peer device is virtually paired with the second peer device using the at least one new key to establish the first-type wireless connection between the first and second peer devices. | 09-30-2010 |
20110107107 | Multisigning - A Protocol For Robust Multiple Party Digital Signatures - Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key. | 05-05-2011 |
20110119492 | Apparatus and Method for Over-the-Air (OTA) Provisioning of Authentication and Key Agreement (AKA) Credentials Between Two Access Systems - A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters. | 05-19-2011 |
20110131104 | Mobile Commerce Authentication And Authorization Systems - Mobile commerce authentication and authorization systems enable currently existing point-of-sale devices that are neither structurally nor systemically altered to conduct financial transactions with a customer using an access terminal across a wireless communications system. The point-of-sale devices receive an input from a payment instrument replacement, which identifies the transaction to the point-of-sale device as a transaction including an access terminal. Authentication of the user of the access terminal is achieved at least by application of position and/or location determinable features of the access terminal, the position and/or location of a point-of-sale device of a vendor or merchant where the customer seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A payment matching server may assist in processing the location data and the payment sum amount across communications network. | 06-02-2011 |
20120042374 | EFFICIENT CLASSIFICATION OF NETWORK PACKETS - Embodiments describe a system and/or method for efficient classification of network packets. According to an aspect a method includes describing a packet as a feature vector and mapping the feature vector to a feature space. The method can further include defining a feature prism, classifying the packet relative to the feature prism, and determining if the feature vector matches the feature prism. If the feature vector matches the feature prism the packet is passed to a data recipient, if not, the packet is blocked. Another embodiment is an apparatus that includes an identification component that defines at least one feature of a packet and a classification component that classifies the packet based at least in part upon the at least one defined feature. | 02-16-2012 |
20120239576 | MOBILE COMMERCE AUTHENTICATION AND AUTHORIZATION SYSTEM - The mobile commerce authentication and authorization system allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the mobile wireless communications instrument user is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A transaction matching subsystem located in a wireless customer server hub may assist in processing the location data and the payment sum across the wireless communications network. | 09-20-2012 |
20130013433 | MOBILE COMMERCE AUTHENTICATION AND AUTHORIZATION SYSTEM - The mobile commerce authentication and authorization system allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the mobile wireless communications instrument user is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A transaction matching subsystem located in a wireless customer server hub may assist in processing the location data and the payment sum across the wireless communications network. | 01-10-2013 |
20130117817 | PREVENTION OF CROSS SITE REQUEST FORGERY ATTACKS BY CONDITIONAL USE COOKIES - To inhibit cross-site forgery attacks, different types/classes of cookies are used. A first cookie and a second cookie are generated by a web server and provided to a client browser during a web session. The first cookie defines a first set of use conditions for when the first cookie is to be used within the web session. The second cookie defines a second set of use conditions for when the second cookie is to be used within the web session. The client browser determines which (if any) of the first cookie or second cookie to send to the web server based on the use conditions defined within each cookie and the operation(s) sought by the client browser. The web server may grant different or the same privileges to operation(s) being sought by the client browser depending on whether the first or second cookie is sent by the client browser. | 05-09-2013 |
20130227297 | Small public-key based digital signatures for authentication - Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated. | 08-29-2013 |
20140016780 | Method and device for secure phone banking - A small form-factor security device is provided that may be inserted in series with a telephone line to encrypt dual tone multi-frequency (DTMF) tones from a telephone to prevent unauthorized disclosure of sensitive information. A receiving device decrypts the encrypted DTMF tones to receive the original information sent by the telephone. The security device acts as a second factor in a two-factor authentication scheme with a tele-services security server that authenticates the security device. | 01-16-2014 |
20140101368 | Binding microprocessor to memory chips to prevent re-use of microprocessor - A processor is provided that binds itself to a circuit such that the processor cannot be subsequently reused in other circuits. On a first startup of the processor, a memory segment of an external volatile memory device is read to obtain information prior to initialization of the memory segment. An original/initial identifier may be generated from the information read from the memory segment. The original/initial identifier may then be stored in a non-volatile storage of the processor. On subsequent startups of the processor, it verifies that the processor is still coupled to the same external volatile memory device by using the stored identifier. For instance, on a subsequent startup, the processor again reads the same memory segment of the external memory device and generates a new identifier. If the identifier matches the previously stored identifier, then the processor may continue its operations; otherwise the processor is disabled/halted. | 04-10-2014 |
20140198913 | Method and Apparatus for a Computable, Large, Variable and Secure Substitution Box - One feature pertains to methods for generating cryptographic values associated with substitution boxes (S-box). The methods includes first obtaining an input value and a first value. One method includes generating an S-box output value by performing an exclusive OR (XOR) operation on the input value and the first value to generate an intermediate value, and performing a bitwise rotation on the intermediate value by a number of bits equal to the Hamming Weight of the intermediate value. In one aspect, the output of this bitwise rotation is further XOR-ed with a second value. Another method includes generating the S-box output value by performing a bitwise rotation on the input value by a number of bits equal to the Hamming Weight of the input value to generate an intermediate value, and performing an XOR operation on the intermediate value and the first value. | 07-17-2014 |
20140232560 | Facilitating vehicle merging utilizing road markers - Disclosed is an apparatus, system, and method to utilize a plurality of road markers to aid a vehicle in merging into a lane. The lane that the merging vehicle desires to merge into is determined. Further, the position of the merging vehicle is determined. Target vehicles are then notified about the merging vehicle utilizing the plurality of road markers. | 08-21-2014 |
20140270166 | MASTER KEY ENCRYPTION FUNCTIONS FOR TRANSMITTER-RECEIVER PAIRING AS A COUNTERMEASURE TO THWART KEY RECOVERY ATTACKS - A method operational on a receiver device for exchanging and/or generating security keys is provided. A first encrypted master key Km is received at the receiver device from a transmitter device, the first encrypted master key Km secured by a receiver public key Kpub-rx. The first encrypted master key Km may be decrypted with a receiver private key Kpri-rx to obtain the master key Km. The master key Km may be encrypted using a block cipher that applies a receiver secret key Kh to obtain a second encrypted master key. | 09-18-2014 |
20140280411 | INTERRUPT DRIVEN HARDWARE RANDOM NUMBER GENERATOR - A method, an apparatus, and a computer program product for generating and processing random numbers are provided. An apparatus comprises a processing system that includes a processor, a random number generator and a pair of buffers. A first buffer receives low-entropy random numbers generated by the random number generator and a second buffer provides high-entropy random numbers directly to a processing system. The processing system may directly access the second buffer in response to an instruction executed by the processing system. The processing system responds to an interrupt based on occupancy levels of the buffers by conditioning low-entropy random numbers read from the first buffer to obtain high-entropy random numbers that are then stored in the second. | 09-18-2014 |
20140351601 | PRODUCT AUTHENTICATION USING END-TO-END CRYPTOGRAPHIC SCHEME - A system is provided for inside-to-outside or outside-to-inside cryptographic coding that facilitates product authentication along a distribution channel. An association of authenticated, secured codes is generated between inner items (e.g., pharmaceutical doses such as pills, capsules, tablets) and outer items (e.g., packaging containing inner items). For instance, an inner code associated with a first item is used to generate (at least partially) an outer code associated with a second item that contains one or more first items. This process may be repeated multiple times with codes for outer items being a function of codes for inner items. The sequence of items may be authenticated by the dependent relationship between their codes. | 11-27-2014 |
20150017951 | SYSTEM AND METHOD OF ASSOCIATING DEVICES BASED ON ACTUATION OF INPUT DEVICES AND SIGNAL STRENGTH - Various operations may be performed based on a distance-related function associated with two or more devices. For example, an association procedure for two or more devices may be based on one or more determined distances. Similarly, presence management may be based on one or more determined distances. A distance-related function may take various form including, for example, a distance between devices, two or more distances between devices, a rate of change in a relative distance between devices, relative acceleration between devices, or some combination of two or more of the these distance-related functions. | 01-15-2015 |
20150024689 | SYSTEM AND METHOD FOR ASSOCIATING DEVICES BASED ON BIOMETRIC INFORMATION - Various operations may be performed based on a distance-related function associated with two or more devices. For example, an association procedure for two or more devices may be based on one or more determined distances. Similarly, presence management may be based on one or more determined distances. A distance-related function may take various form including, for example, a distance between devices, two or more distances between devices, a rate of change in a relative distance between devices, relative acceleration between devices, or some combination of two or more of the these distance-related functions. | 01-22-2015 |