СПОСОБ И УСТРОЙСТВО ДЛЯ НАДЕЖНОЙ АУТЕНТИФИКАЦИИ

Изобретение относится к радиоэлектронике, а именно к способу аутентификации пользователей в радиоэлектронной обстановке. Техническим результатом является предотвращение воспроизведения и копирования показателя аутентификации и повышение надежности процесса аутентификации. Технический результат достигается тем, что способ содержит этапы, на которых сохраняют в запоминающем устройстве персонального терминала клиентское приложение, генерируют случайное число с помощью упомянутого клиентского приложения и сохраняют его применительно к клиентскому приложению под именем ссылки на клиентское приложение, вызывают однозначный код, присвоенный и постоянно хранящийся в персональном терминале, из упомянутого клиентского приложения, вводят упомянутую ссылку на клиентское приложение и упомянутый однозначный код в один из вычислительных алгоритмов упомянутого клиентского приложения и получают выходные данные, представляющие собой код пользователя, отображающий, что пользователь владеет персональным терминалом ...

ТЕХНОЛОГИИ АУТЕНТИФИКАЦИИ УСТРОЙСТВА ДЛЯ БЕСПРОВОДНОЙ СТЫКОВКИ

Группа изобретений относится к средствам беспроводной стыковки нескольких устройств. Технический результат – создание средств для беспроводной стыковки между беспроводными устройствами. Для этого предложено устройство, содержащее: схему для первого устройства; компонент приема, выполняемый схемой для приема первого информационного элемента (IE); компонент списка, выполняемый схемой для сравнения информации идентификации для второго устройства с первым списком одного или больше разрешенных устройств для беспроводной стыковки с первым устройством; компонент модификации, выполняемый схемой для модификации совместно выведенного в паре главного ключа (РМК) на основе сравнения, обозначающего, что второе устройство одобрено для беспроводной стыковки с первым устройством, и обеспечения передачи первым устройством сообщения запроса на модификацию для направления второго устройства на модификацию РМК таким же способом, как использовался для модификации РМК в первом устройстве; компонент аутентификации ...

ПРОФИЛЬ ПОЛЬЗОВАТЕЛЯ, ПОЛИТИКА И РАСПРЕДЕЛЕНИЕ КЛЮЧЕЙ PMIP В СЕТИ БЕСПРОВОДНОЙ СВЯЗИ

Изобретение относится к системам связи, а именно к способу, содействующему безопасному распределению информации подвижного устройства в пределах беспроводной сети связи. Техническим результатом является повышение безопасности связи. Технический результат достигается тем, что способ содержит следующие этапы: прием запроса аутентификации доступа от беспроводного аутентификационного однорангового элемента, генерирование вторичного идентификатора пользователя, связанного с первичным идентификатором пользователя для беспроводного аутентификационного однорангового элемента, предоставление вторичного идентификатора пользователя аутентификатору, связанному с аутентификационным одноранговым элементом, извлечение информации профиля пользователя на основании первичного идентификатора пользователя, и предоставление информации профиля пользователя аутентификатору. 12 н. и 35 з.п. ф-лы, 16 ил.

СПОСОБ И УСТРОЙСТВО ДЛЯ ПЕРЕДАЧИ РЕСУРСОВ

Изобретение раскрывает способ и устройство для передачи ресурсов, которое относится к области компьютерных технологий. Технический результат заключается в уменьшении сложности потоковой передачи ресурсов с одновременным обеспечением безопасности. Способ передачи ресурсов включает в себя прием запроса на передачу ресурсов, запрашивающий передачу ресурсов, отправленный по номеру счета передачи; определение, принята ли физиологическая характеристика, собранная мобильным устройством, привязанным к номеру счета передачи; и, если определено, что принята физиологическая характеристика, собранная мобильным устройством, привязанным к номеру счета передачи, передачи ресурсов, если физиологическая характеристика соответствует сохраненной модели физиологической характеристики для номера счета передачи. 3 н. и 8 з.п. ф-лы, 9 ил.

ПРЕДОСТАВЛЕНИЕ УСТРОЙСТВ В КАЧЕСТВЕ СЕРВИСА

Изобретение относится к области защиты данных. Технический результат заключается в обеспечении возможности использования аппаратного модуля безопасности в качестве сервиса вычислительного ресурса. Такой результат достигается тем, что получают по первой сети первый запрос для аппаратного модуля безопасности из множества аппаратных модулей безопасности, управляемых поставщиком услуги вычислительного ресурса, предписывают по меньшей мере частично на основании параметров, включенных в первый запрос, поставщику услуги вычислительного ресурса подключить аппаратный модуль безопасности из множества аппаратных модулей безопасности к второй сети и маршрутизируют второй запрос в первой сети к аппаратному модулю безопасности второй сети. 3 н. и 17 з.п. ф-лы, 8 ил.

ПЛАТФОРМА ОБЕСПЕЧЕНИЯ ДЛЯ МЕЖМАШИННЫХ УСТРОЙСТВ

Изобретение относится к беспроводной связи и предназначено для предоставления информации потребителя на межмашинное устройство. Технический результат – обеспечение удостоверяющих данных доступа и предоставление возможности разным устройствам проводить транзакции доступа с другими устройствами даже без вмешательства со стороны человека. Способы включают платформу и процесс предоставления информации пользователя на межмашинное устройство для предоставления межмашинному устройству возможности проведения транзакций с использованием информации пользователя. В некоторых вариантах осуществления устройство пользователя используют для передачи информации между межмашинным устройством и компьютером поставщика услуг обеспечения. В некоторых вариантах осуществления межмашинное устройство подключено к компьютеру поставщика услуг обеспечения по сетевому соединению. После приема запроса на обеспечение межмашинного устройства компьютер поставщика услуг может идентифицировать устройство по идентификатору ...

СПОСОБ ОСУЩЕСТВЛЕНИЯ ТРАНЗАКЦИИ МЕЖДУ ДВУМЯ СЕРВЕРАМИ С ПРЕДВАРИТЕЛЬНОЙ ПРОВЕРКОЙ ДОСТОВЕРНОСТИ ПОСРЕДСТВОМ ДВУХ МОБИЛЬНЫХ ТЕЛЕФОНОВ

Изобретение относится к области транзакций, производимых между двумя серверами, соединенными между собой через сети связи любого рода, в частности между двумя серверами, соединенными между собой через интернет. Техническим результатом является повышение степени защиты транзакции и обеспечение устранения ошибок при аутентификации лиц, участвующих в транзакции, посредством уровней защиты протокола GSM. Способ осуществления транзакции между первым сервером (101) и вторым сервером (102) в первой сети (1) связи содержит шаг установки первого канала (С1) связи в сети (2) беспроводной связи между первым сервером (101) и первым мобильным терминалом (11); шаг установки второго канала (С2) связи в указанной сети (2) беспроводной связи между вторым сервером (102) и вторым мобильным терминалом (12); шаг отправки первым сервером (101) сигнала (S) по указанному первому каналу (С1) беспроводной связи, при этом первый мобильный терминал (11) принимает указанный сигнал (S) и отправляет его во второй мобильный ...

АУТЕНТИФИКАЦИЯ ПОСТАВКИ ЧЕРЕЗ ОТВЕТ НА ЗАПРОС СОГЛАСОВАНИЯ ПО ВРЕМЕНИ

Предложенное решение относится к заменяемым компонентам, которые содержат расходный материал, который убывает с каждым использованием системы, например заменяемые аккумуляторы, системы печати, которые распределяют текучие среды (например, чернила), или тонеры из заменяемых поставляемых картриджей и т.д. В примерной реализации печатающий поставляемый картридж содержит микроконтроллер для приема запроса согласования по времени и предоставления возможности аутентификации картриджа при предоставлении ответа на запрос. Ответ на запрос предоставляется во время ответа на запрос, которое попадает в ожидаемое временное окно. Предложенное решение обеспечивает проверку того, что заменяемое поставляемое устройство является подлинным устройством от легального производителя. 2 н. и 12 з.п. ф-лы, 5 ил.

СИСТЕМА И СПОСОБ ДЛЯ ЗАЩИТЫ ДИНАМИЧЕСКИХ ГРУППОВЫХ ДАННЫХ

Изобретение относится к области связи. Технический результат заключается в достижении защиты данных членам динамической группы за счет совместного обмена информацией членов группы только с зарегистрированными членами группы. Для этого способ для предоставления защиты данных членам группы уровня вертикальных приложений (VAL) включает в себя создание сервером управления группами VAL-группы на основе запроса на создание VAL-группы из VAL-сервера, оповещение сервером управления группами информации создания VAL-групп в по меньшей мере один клиент управления группами из множества клиентов управления группами, регистрацию, посредством сервера управления группами, по меньшей мере одного клиента управления группами в качестве члена VAL-группы из множества клиентов управления группами, и совместное использование сервером управления группами, информации членов VAL-группы, содержащей список идентификационных данных с по меньшей мере одним клиентом управления группами. 4 н. и 18 з.п. ф-лы, 10 ил.

КОНКУРЕНТНАЯ ПЕРЕДАЧА С БЕСКОНКУРЕНТНОЙ ОБРАТНОЙ СВЯЗЬЮ ДЛЯ СНИЖЕНИЯ ВРЕМЕНИ ОЖИДАНИЯ В СЕТЯХ С УСОВЕРШЕНСТВОВАННОЙ LTE И УЛУЧШЕННЫМ ФИЗИЧЕСКИМ ВОСХОДЯЩИМ УПРАВЛЯЮЩИМ ПОТОКОМ (ФВУкан)

Настоящее изобретение относится к беспроводной связи. Технический результат изобретения заключается в снижении времени ожидания, связанного с запросами на выделение ресурса восходящего канала в сетях с усовершенствованной долгосрочной эволюцией (LTE). Абонентский терминал (AT) может передавать состязательную последовательность на расширенном физическом восходящем управляющем канале (ФВУКан) к расширенному узлу В (рУВ) и может одновременно передавать данные, запрашивающие восходящие ресурсы, на физическом восходящем совместно используемом канале (ФВСИКан) к рУВ. Состязательную последовательность передают на ФВУКан в соответствии с форматом, который назначен расширенным узлом В. Состязательную последовательность либо случайно выбирают абонентским терминалом, либо назначают расширенным узлом В. Когда состязательная последовательность и данные не принимаются успешно расширенным узлом В, AT может прибегнуть к более традиционной процедуре канала произвольного доступа (КанПД) для выделения восходящих ...

СПОСОБ УПРАВЛЕНИЯ АВТОРИЗАЦИЕЙ

Изобретение относится к вычислительной технике. Технический результат заключается в устранении уязвимостей для кражи данных у поставщиков идентификационной информации. Способ управления авторизацией, подлежащий реализации терминалом сервера аутентификации, включает в себя этапы, на которых: после приема запроса соединения из терминала сервера поставщика, генерируют, сохраняют и передают контрольный идентификатор сервера на терминал сервера поставщика; после приема от пользовательского терминала зашифрованного идентификатора сервера, получаемого в результате шифрования, выполненного на контрольном идентификаторе сервера, определяют, авторизована ли комбинация из серийного номера конечного пользователя и зашифрованного идентификатора сервера; и когда результат определения является положительным, передают подтверждение авторизации и ввода пользовательских данных на терминал сервера поставщика. 10 з.п. ф-лы, 4 ил.

ПРОФИЛЬ ПОЛЬЗОВАТЕЛЯ, ПОЛИТИКА И РАСПРЕДЕЛЕНИЕ КЛЮЧЕЙ PMIP В СЕТИ БЕСПРОВОДНОЙ СВЯЗИ

... 1. Способ, действующий на аутентификационном сервере для сети беспроводной связи, содержащий: ! прием запроса аутентификации доступа от беспроводного аутентификационного однорангового элемента, ! генерирование вторичного идентификатора пользователя, связанного с первичным идентификатором пользователя для беспроводного аутентификационного однорангового элемента, ! предоставление вторичного идентификатора пользователя аутентификатору, связанному с аутентификационным одноранговым элементом. ! 2. Способ по п.1, в котором сеть связи включает в себя сеть по меньшей мере одну из: сеть совместимую с сверхмобильным широкополосным доступом (UMB), сеть совместимую с WiMAX или сеть совместимую с протоколом долгосрочного развития (LTE). ! 3. Способ по п.1, в котором аутентификационный сервер представляет собой объект аутентификации, авторизации и учета (AAA), а аутентификационный одноранговый элемент представляет собой беспроводной терминал доступа (AT). ! 4. Способ по п.3, в котором аутентификатор ...

СПОСОБ ДОВЕРЕННОГО СЕТЕВОГО СОЕДИНЕНИЯ ДЛЯ СОВЕРШЕНСТВОВАНИЯ ЗАЩИТЫ

... 1. Способ доверенного сетевого соединения для совершенствования защиты, содержащий: ! (1.) этап инициирования: ! (1.1) клиент TNC модуля запроса доступа и сервер TNC модуля полномочий доступа заранее готовят информацию о целостности платформы и предоставляют информацию о целостности платформы соответствующим коллекторам измерения целостности (IMC) уровня измерения целостности; ! (1.2) клиент TNC и сервер TNC предварительно задают требования к верификации целостности, включающие в себя таблицу регистров PCR, которая взаимно запрашивается модулем запроса доступа и модулем полномочий доступа для верификации; ! (1.3) модули доверенной платформы (TPM) модуля запроса доступа и модуля полномочий доступа хэшируют информацию о платформе, необходимую для сетевых стратегий, и запоминают хэшированную информацию о платформе в регистрах конфигурации платформы (PCR); ! (2.) аутентификацию пользователя: ! (2.1) на уровне сетевого доступа модуль запроса сетевого доступа инициирует запрос доступа в программе ...

Индикаторы конфиденциальности для управления запросами аутентификации

Изобретение относится к области систем связи. Техническим результатом является увеличение уровня безопасности систем связи. Технический результат заявляемого технического решения достигается тем, что предусмотрена возможность передавать сообщение с помощью пользовательского оборудования в элемент или функциональный блок сети связи, содержащее один или более индикаторов конфиденциальности, на основе которых определяются признаки конфиденциальности для обработки сообщения. Сообщение может содержать запрос подключения, включающий в свой состав идентификатор подписки для абонента, связанного с пользовательским оборудованием, совместно с индикаторами конфиденциальности, содержащими флаг, указывающий, является ли идентификатор подписки в запросе подключения защищенным с точки зрения конфиденциальности. 8 н. и 17 з.п. ф-лы, 7 ил.

СПОСОБ И УСТРОЙСТВО УПРАВЛЕНИЯ ОБОРУДОВАНИЕМ

Изобретение относится к вычислительной технике. Способ управления оборудованием содержит следующие этапы: принимают от клиента первый идентификатор оборудования посетителя, учетную запись посетителя и второй идентификатор управляющего оборудования, причем клиент установлен на оборудовании посетителя; получают учетную запись администратора, связанную со вторым идентификатором; и если определено, что предварительно заданное соотношение между учетной записью посетителя и учетной записью администратора удовлетворено, определяют, что оборудование посетителя имеет предварительно заданное разрешение на использование согласно первому идентификатору. Технический результат заключается в упрощении операции получения пользователем предварительно заданного разрешения на использование сети. 6 н. и 16 з.п. ф-лы, 10 ил.

ИНФОРМАЦИОННАЯ КОММУНИКАЦИОННАЯ СИСТЕМА, СИСТЕМА УЛУЧШЕНИЯ ОКРУЖАЮЩЕЙ СРЕДЫ И СЕРВЕР, ИСПОЛЬЗУЕМЫЙ В НИХ

Информационная коммуникационная система для передачи информации между сервером и множеством транспортных средств содержит множество транспортных средств (100) и сервер (200), выполненный с возможностью связи с множеством транспортных средств (100). Сервер (200) выполнен с возможностью осуществления связи при помощи либо первого режима связи, либо второго режима связи. В первом режиме связи сервер (200) принимает информацию индивидуально от каждого транспортного средства из множества транспортных средств (100) и передает информацию индивидуально на каждое транспортное средство из множества транспортных средств (100). Во втором режиме связи сервер (200) принимает информацию от части транспортных средств из множества транспортных средств (100) и передает информацию на часть транспортных средств из множества транспортных средств (100), при этом информация распространяется среди множества транспортных средств (100) при помощи связи между транспортными средствами. Система позволяет существенно ...

ЗАЩИЩЕННЫЙ СПОСОБ ЗАПУСКА УСТРОЙСТВА СВЯЗИ МАШИННОГО ТИПА

Заявленное изобретение относится к защищенному способу запуска устройства машинного типа связи. После приема триггерного сообщения от сервера МТС сеть удостоверяется, авторизован ли сервер МТС запускать целевое устройство МТС и также авторизовано ли устройство МТС отвечать на триггерное сообщение, путем сравнения ID устройства МТС и ID сервера МТС, которые включены в триггерное сообщение, с авторизованными ID. После успешного удостоверения сеть проверяет тип запуска, включенный в триггерное сообщение, чтобы удостовериться, авторизовано ли триггерное сообщение для отправки устройству МТС. Способ обеспечивает повышенную степень аутентификации и верификации, предотвращая утечку данных. 4 н. и 8 з.п. ф-лы, 12 ил.

СИСТЕМА УПРАВЛЕНИЯ СУБТОКЕНАМИ ДЛЯ ПОДКЛЮЧЕННЫХ УСТРОЙСТВ

Приводная система со сверхкомпактным профилем для регулируемой кровати

СПОСОБ И УСТРОЙСТВО ДЛЯ ВЫПОЛНЕНИЯ НАСТРАИВАНИЯ

УСТРОЙСТВА И СПОСОБЫ ДЛЯ АУТЕНТИФИКАЦИИ КЛИЕНТСКОГО УСТРОЙСТВА

СПОСОБ И СИСТЕМА АУТЕНТИФИКАЦИИ ПОЛЬЗОВАТЕЛЕЙ ДЛЯ ПРЕДОСТАВЛЕНИЯ ДОСТУПА К СЕТЯМ ПЕРЕДАЧИ ДАННЫХ

УСТРОЙСТВО БЕСПРОВОДНОЙ СВЯЗИ, СПОСОБ ПРЕДОСТАВЛЕНИЯ ДОСТУПА К БЕСПРОВОДНОЙ СВЯЗИ, БАЗОВАЯ СТАНЦИЯ И СПОСОБ ОБЕСПЕЧЕНИЯ ПЕРЕХОДА В СЕТЬ БЕСПРОВОДНОЙ СВЯЗИ

... 1. Устройство беспроводной связи, содержащееодин или большее количество беспроводных интерфейсов, выполненных с возможностью соединения с одной или большим количеством сетей беспроводной связи;защищенный узел, выполненный с возможностью хранения множества элементов данных доступа пользователя, при этом каждый элемент данных доступа пользователя сопоставлен соответствующей сети;процессор иустройство хранения, обменивающееся данными с процессором и содержащее исполняемые компьютером команды, которые при выполнении процессором обеспечиваютвыбор доступной сети;извлечение первого элемента данных доступа пользователя, сопоставленного выбранной сети, из защищенного узла;загрузку извлеченного элемента данных доступа пользователя; иаутентификацию в выбранной сети с использованием загруженного элемента данных доступа пользователя.2. Устройство по п.1, отличающееся тем, что указанное множество элементов данных доступа пользователя включает один или большее количество электронных модулей идентификации ...

Мобильное устройство и способ

СПОСОБ И УСТРОЙСТВО ДЛЯ УСТАНОВКИ УЧЕТНОЙ ЗАПИСИ УПРАВЛЕНИЯ ИНТЕЛЛЕКТУАЛЬНЫМИ УСТРОЙСТВАМИ

Система и способ определения устройств компьютерной сети с использованием правил инвентаризации

Verfahren und Speichermodul für sicherheitsgeschützte Schreibvorgänge und/oder Lesevorgänge auf dem Speichermodul

Die Erfindung betrifft ein Verfahren (500) für sicherheitsgeschützte Schreibvorgänge und/oder Lesevorgänge auf einem Speichermodul (200, 300, 400), wobei nachfolgende Verfahrensschritte durchgeführt werden. Ein erster Verfahrensschritt zum Übertragen (505) von Nutzerdaten an das Speichermodul (200, 300, 400). Ein zweiter Verfahrensschritt zum Festlegen (510) einer Sicherheitsinformation in einem ersten Speicherbereich (230) des Speichermoduls (200, 300, 400). Ein dritter Verfahrensschritt zum automatischen Mitaktualisieren (515) mindestens eines vordefinierten Teils der Sicherheitsinformation bei einem Schreibzugriff für die Nutzerdaten auf dem Speichermodul (200, 300, 400) und/oder bei einem vorgegebenen Auslöser, wobei das Speichermodul (200, 300, 400) die mitaktualisierte Sicherheitsinformation automatisch bestimmt.

Verfahren zum Schutz eines Netzwerkes vor einem Cyberangriff

Es wird ein Verfahren zum Schutz eines Netzwerkes vor einem Cyberangriff vorgeschlagen, bei welchem für eine Nachricht in dem Netzwerk erste Charakteristika einer ersten Übertragung der Nachricht bestimmt werden und durch einen Vergleich der ersten Charakteristika mit mindestens einem Fingerabdruck mindestens eines Teilnehmers oder eines Segments des Netzwerks oder einer Übertragungsstrecke eine Herkunft der Nachricht in dem Netzwerk festgestellt wird. Falls eine Manipulation der Nachricht erkannt wird, wird ein Angriffspunkt des Cyberangriffs im Netzwerk erkannt und insbesondere anhand der Herkunft der Nachricht lokalisiert.

Sicherheitseinrichtung mit ortsgebundenem Schlüsselspeicher, System und Verfahren

System von Automatisierungskomponenten mit integrierter Sicherheitseinrichtung (1), bestehend aus – mindestens einer Sicherheitseinrichtungen (1), wobei jede Sicherheitseinrichtung (1) eine physikalische Schnittstelle für den Datenaustausch mit einem Schlüsselspeicher (2) zur Verfügung stellt, wobei der Schlüsselspeicher (2) ortsgebunden ist, wobei der Schlüsselspeicher (2) eine eindeutige Identifikationsinformation enthält, – und einem Parametriergerät (4), und wobei dieses Parametriergerät (4) befähigt ist, über das Feldbussystem (3) jede daran angeschlossene Sicherheitseinrichtung (1) über die aus der eindeutigen Identifikationsinformation des externen Schlüsselspeichers (2) erzeugten eindeutigen Geräteidentifikationsinformation zu verifizieren und zu parametrieren.

A system and method for network entity assisted honeypot access point detection

Random number distruibution

Apparatus and method of controlling transmitting power in a subscriber terminal of a wireless telecommunications system

Authentication system and method therefor

Method and apparatus for supporting mobility of WLAN voice terminal

A method is for supporting mobility of a WLAN voice terminal which can guarantee mobility, when a data line such as an ISDN line is used as a communication line between a switching system and access points and when the WLAN voice terminal roams from a basic service set of one access point which it intends to be associated with to a basic service set of another access point during signaling. It also guarantees mobility when the WLAN voice terminal roams from a basic service set of one access point which it is currently associated with to a basic service set of another access point during an active call. The method for supporting mobility of a WLAN voice terminal using a data line, includes where the WLAN voice terminal roams to a second access point and performs a probe process during association signaling between the WLAN voice terminal and a first access point, where the WLAN voice terminal and the second access point perform a MAC address authentication process, where a circuit interface ...

Providing network site security using pseudo uniform resource locators (PURLs)

The invention relates to electronic security over a network, and in particular to a client/server arrangement. Each time a client 00, 05 wishes to access information, e.g. a web site, it generates a client identifier key (CIK) based on the software/hardware configuration of the client's terminal for verification at the server 37. Requests for information by the client take the form of a pseudo (or dummy) uniform resource locator (PURL), which appear the same as ordinary URLs but define tasks to be performed in response to the request rather than the address of the requested information. The server profiles the security level of the client and that of the requested information and determines whether the client should have access. If access is denied, instead of notifying the client of this outcome, the server generates and transmits a substitute dummy web page 42 which may contain harmless public information. In this way, an unauthorised client is unaware that the request has been unsuccessful ...

Removable memory device, encryption and location sensing

A data storage device which has an interface for connecting the removable memory device, such as a USB pen drive, to a host device, the data storage device including location determining means, such as GPS, and an encryption processor. The encryption processor is coupled to the interface and to the data storage means and the controller is coupled to the location determining means and comprises a non-volatile memory for storage of permitted location information. Data files may therefore be read from the flash memory when the user is at an authorized location, and encryption maintained when the user is not in a permitted position. A password or biometric data may also be used as security. The communications interface may be GSM, wireless internet protocol or 3G. A rechargeable battery on the device may be used to provide power to send a message when unauthorized usage occurs.

Authentication method

An authentication comprises: receiving at least one request for an action in relation to an electronic device, wherein performance of the action requires verification of an association of a group of IDs specified by the request; verifying, via cryptographic verification, whether the group of IDs specified by the request match a cryptographically attested group of IDs associated with the electronic device, to determine whether the at least one request for an action is an authentic request; and, having determined the at least one request for an action is an authentic request, approving the at least one request, wherein the group of IDs comprises at least an Integrated Circuit Card Identifier ICCID of a Subscriber Identity Module SIM of the electronic device and a device identifier associated with the electronic device. The device identifier may be an IMEI, Trusted Execution Environment TEE, or MAC address. The method prevents fraudulent activity by the use of Cloned sim cards.

Address validation using signatures

Detection of spoofing of remote client system information

Access control system

An access control system is configured for data communication with at least a first remote service provider (eg power company, hospital with remote patient monitoring, security services company) via a wide area telecommunications network and for data communication with at least a first local device associated with the service provider (eg electricity meter, health monitoring device, home security system) via local data communication. The access control system is configurable to facilitate data communication between the first remote service provider and the first local device. The access control system comprises a gateway device and virtual machines VM1-VMN associated with at least one local device and at least one service provider. When a service provider requests connection with a local device, it supplies an identifier. The gateway rejects the connection request. However, the VM associated with the local device compares the identifier with a list of authorized identifiers and associated ...

Access control system

Communicating with a machine to machine device

Administering an interface Ua 150 between a machine-to-machine, M2M, device 110 and a network application function, NAF, 122 for secure communication between the M2M device and the NAF. In one method, the M2M device comprises security information for enabling secure communication via the interface, and administers the interface by: setting a secure interface lifetime parameter based on a lifetime of at least part of the security information; and transmitting administration data to the NAF, wherein the administration data comprises the secure interface lifetime parameter. Also disclosed is a method for a NAF to administer an interface between the NAF and a M2M device, comprising: receiving administration data from the M2M device, the registration data comprising a secure interface lifetime parameter that has been set based on a lifetime of at least part of the security information; and transmitting an administration response to the M2M device. The interface may be a Lightweight M2M, LWM2M ...

Communicating with an machine to machine device

Administering an interface Ua 150 between a machine-to-machine, M2M, device 110 and a network application function, NAF, 122 for secure communication between the M2M device and the NAF. In one method, the M2M device comprises security information for enabling secure communication via the interface, and administers the interface by transmitting administration data to the NAF wherein the administration data comprises a name for the M2M device which is equal to, or derived at least in part from, or otherwise linked to, at least part of data that are shared between the M2M device and a bootstrapping server. Also disclosed is a method for a NAF to administer an interface between the NAF and a M2M device, comprising: receiving administration data from the M2M device, including the determined name of the M2M device and transmitting an administration response to the M2M device. The interface may be a Lightweight M2M, LWM2M, interface.

Security authentication

Password-based authentication

Venue-specific WI-FI connectivity notifications

Continued secure access to computer system maintained by periodic challenge-response

An entity 210, 220 requesting communications access to the system 100 is sent a first challenge message. Access is denied unless a first response matches a predetermined, authorised user, allowing a second challenge message to be sent. If a second response comprises a predetermined sequence of codes or numbers, access is allowed. If the second response does not match the sequence, access is denied and the second challenge is re-sent. Communication with the entity is terminated after a predetermined number of successive mismatches. If the entity is granted access, further challenges are issued periodically. If a further response matches a predetermined sequence, continued access is granted. If a further response does not match the sequence the further challenge is re-sent until, after a predetermined number of successive mismatches, communications access is terminated. Typically, the computer system is for equipment monitoring and diagnostics. Preferably, the first challenge comprises a ...

Communicating with a machine to machine device

The present disclosure provides a wireless communication module for use in a machine to machine device, M2M, the M2M device also comprising an integrated circuit card. The present disclosure also provides an integrated circuit card for use in a machine to machine device. The wireless communication module of the first aspect and the integrated circuit card of the alternative aspect are each configured for using a shared secret and at least part of a first data object to obtain a second data object from the integrated circuit card. The second data object is derived from the existing shared secret, is suitable for deriving security information and is suitable for use in establishing secure communication between the M2M device and a network application function, NAF. Many possible implementations are described using various aspects of lightweight M2M (LWM2M) standards, Generic Authentication Architecture (GAA) standards, Generic Bootstrapping Architecture (GBA) standards, OMA standards, 3GPP ...

Unmanned aerial delivery to secure location

A delivery management system comprises a communication device that receives a notification of a communication established between an unmanned aerial vehicle (UAV) that delivers a payload and a delivery box constructed and arranged to receive the payload from the UAV when the UAV is a predetermined distance from the delivery box and moving in a direction toward the delivery box, the communication including an identity of the UAV; a verification device that processes the notification and validates the identity of the UAV; and an instruction generator that generates an instruction to the delivery box to open the delivery box in response to the verification device validating the identity of the UAV and a determination by the communication device that the communication is established between the UAV and the delivery box. The communication device includes an autolocker communication device that outputs the instruction to the delivery box.

Method and System for Updating a Whitelist at a Network Node

A method and a system for updating a first whitelist at a network node. The network node receives data packets from an Internet of Things (IoT) device and determines a predetermined identifier for the IoT device. The network node then determines whether the predetermined identifier is in the first whitelist. When the predetermined identifier is not in the first whitelist, the network node starts a first time period. When the predetermined identified is on the first whitelist, the network node determines whether the data packets are received within the first time period. When the data packets are received within the first time period, the network node identifies destination addresses of the data packets and updates the first whitelist based on the destination addresses and the predetermined identifier. The updated first whitelist is stored in non-transitory computer readable storage medium in the network node.

Qubit network non-volatile identification

A set of servers for "machine-to-machine" communications using public key infrastructure

Labeling network flows according to source applications

Communicating With A Device

Methods and apparatus for authenticating devices

A network management agent 30 establishes trust of a device 10 by: receiving, from the device via a first channel, device identifier ID1; receiving via a different second channel device identifier ID2 and device security token DST2 (a random number, a secret, a key etc.); authenticating the device based on ID1 and ID2 to establish trust, and transmitting to the device a security token ST, derived from DST2, via the first channel. In another embodiment, ID1 may be received and trust established at a network access device 20. Device 10 establishes trust of agent 20 by: transmitting device identifier ID1 to the agent via the first channel; receiving from the agent via the first channel security token ST derived from DST2 received at the agent via the second channel; and authenticating the agent to establish trust, based on ST and security token DST1 stored at the device. The device may try another agent and network if a not authenticated response is received. The second channel may be a link ...

Systems and methods for objective-based scoring using machine learning techniques

Method and system for network devices

Encryption for a synchronous wireless link

Networking device management syatem and method

Authentication for connecting a barcode reader to a client computing device

System and method for improved identification of a mobile device

Federated security for multi-enterprise communications

Where a single networked security service supports multiple enterprises, this security service can operate as a shared source of trust so that security devices associated with one enterprise can provide authenticated, policy-based management of computing devices associated with another enterprise. For example, an enterprise firewall can advantageously manage network access for a new device based on a shared and authenticated relationship with the networked security service.

Enhanced smart process control switch port lockdown

A lockdown routine for a smart process control switch 146B, wherein traffic at the ports 203, 213, 215 of the switch is limited. Upon initiation of the lockdown routine and detection that a port 203, 213, 215 of the process control switch is connected to a second switch 109, 146C, 146D, a determination as to whether the second switch is lockable is carried out (e.g. using a handshake between the two switches). If the second switch is not lockable 109 (e.g. if it is an unmanaged switch) then a set of addresses (e.g. physical addresses or network addresses) for a set of known devices that have communicated via the second switch is received from the second switch, and the process control switch is transitioned into a locked state wherein traffic at the port 203 is limited to messages associated with an address in the set of addresses. If the second switch is lockable 146C, 146D, then the port 213, 215 is left unlocked. The switches may be used in automated or industrial control networks.

Transaction method between two servers including aprior validating step using two portable telephones

Sharing control system and method for network resources download information

Transaction method between two servers including aprior validating step using two portable telephon es.

Transaction method between two servers including aprior validating step using two portable telephones

Authentication method, device and system based on biological characteristics

Authentication method, device and system based on biological characteristics

Sharing control system and method for network resources download information

Authentication method, device and system based on biological characteristics

Transaction method between two servers including aprior validating step using two portable telephones

ADDRESSING IN WIRELESS LOCAL NETWORKS

PROCEDURE, DEVICE AND COMPUTER PROGRAMME PRODUCT FOR THE EXAMINATION OF THE SAFE USE OF ROUTINGADRESSENINFORMATIONEN OF A WIRELESS TERMINAL MECHANISM IN A WIRELESS LOCAL NET

AUTHENTIFIKATIONSVERFAHREN FOR APPLICATIONS OF INFORMATION MEMORY

PROCEDURE AND SYSTEM FOR LOCATING AND AUTHENTIFIZIEREN OF A MOBILE MECHANISM WITHIN A HOME RANGE

SECURE REGISTRATION FOR A MBMS (MULTICAST BROADCAST MULTIMEDIA SYSTEM)

METHOD FOR THE INDEPENDENT SUPPLY OF USER DATA IN A IP MULTIMEDIA SUBSYSTEM (IMS)

PROCEDURE AND SYSTEM FOR THE PROTECTION FROM THE PENETRATION IN A COMMUNICATION DEVICE

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

ADDRESSING IN WIRELESS LOCAL NETWORKS

Method and device for unlocking air conditioning unit and server

The present disclosure provides a method for unlocking an air conditioning unit, including: when a server receives first identity information and unit information from a mobile terminal, performing a verification of the first identity information based on the unit information; and 5 sending an unlocking instruction to the air conditioning unit corresponding to the unit information when the first identity information is verified, such that the air conditioning unit performs an unlocking operation based on the unlocking instruction. The present disclosure also provides a device for unlocking an air conditioning unit and a server. The present disclosure realizes unlocking the air conditioning unit when the first identity information is verified, thus ensuring D that the current operator (user) is an authorized operator, and thus further avoiding problems that the air conditioning unit still have malfunctions and that irreversible damages are caused to the air conditioning unit in maintenance ...

Internet of things device burning verification method and apparatus, and identity authentication method and apparatus

Provided in the present application are an Internet of Things device burning verification method and apparatus, and an identity authentication method and apparatus, the burning verification method comprising: a burning verification apparatus receives a burning request sent by a burning production line, the burning request being used for requesting the burning apparatus to allocate an identity ID and device keys to an Internet of Things device to be burned; the device keys comprise a device private key and a device public key; the burning verification apparatus verifies whether the burning request is legitimate, and if so, then allocates an identity ID and device keys to the Internet of Things device to be burned; and the burning verification apparatus sends the identity ID and the device keys to the burning production line, such that the burning production line burns the identity ID and the device keys to the corresponding Internet of Things device. Using the embodiments of the present ...

Transferring playback queues between devices

In some implementations, a computing device can transfer a playback queue between the computing device and a playback device. For example, the computing device can detect when the computing device is within a threshold distance of a playback device. The computing device can establish a connection to the playback device and receive state information describing the media playback state of the playback device. The computing device can determine the media playback state of the computing device. The computing device can present graphical user interfaces for initiating a transfer of a playback queue between the computing device and the playback device based on the playback state of the devices. The computing device can initiate a transfer of the playback queue in response to user input to one of the graphical user interfaces or automatically based on the context of the computing device.

System, methods and software for user authentication

The present invention provides a system and method for authenticated-user access, the system including an optical device proximal to an entrance adapted to capture a biometric credential of an individual user, a communication network adapted to receive from and send signals to the optical device, a portable communication device associated with the individual user, the portable communication device in connection with the network and a processor adapted to receive the biometric credential of the user and to match the biometric credential with a previous pre-authorized biometric credential, of the user and to send an authorization key to the portable communication device responsive to the match to provide the individual user with a time-limited access key to the entrance.

Methods and apparatus to discover authentication information in a wireless networking environment

Example methods and apparatus to discover authentication information in a wireless networking environment are disclosed. A disclosed example method involves transmitting, during network discovery, a Generic Advertisement Services (GAS) request to a network access point, the GAS request requesting authentication information, the authentication information being indicative of a credential required from a wireless terminal. In addition, a response to the GAS request is received from the network access point. The response includes the authentication information.

Systems and methods for rfid security

An RFID system includes an RFID tag, an RFID reader, and a server. The RFID tag communicates to the server via encrypted information. The information may be encrypted with synchronized encryption keys. In this manner, the reader need not decrypt the information from the RFID tag. The effectiveness of malicious readers is thereby reduced, resulting in improved RFID tag security.

System and method employing an agile network protocol for secure communications using secure domain names

A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link.

Cryptographically generated addresses using backward key chain for secure route optimization in mobile internet protocol

Enhanced cryptographically generated addresses (ECGA) for MIPv6 incorporate a built-in backward key chain. The backward key chain prevents time-memory attacks to discover a network address and helps prevent spoofing a network address of a mobile node. The backward key chain also provides a means to authenticate network addresses of a mobile node.

System and method for providing wireless networks as a service

A wireless network system is provided. The system comprises a wireless network controller and a plurality of access points and/or femtocells. The wireless network controller is in communication with each of the plurality of access points and/or femtocells via an access data network, and is configured to perform one or more network control functions for the benefit of the plurality of access points and/or femtocells. The network control functions may be selected from management and operation, client authentication, mobility, and per-user administration. The wireless network controller is remotely located and operated with respect to the plurality of access points and/or femtocells.

Secure contactless payment systems and methods

According to the invention, a system for providing payments to a point of sale device is disclosed. The system may include a mobile device having a storage medium, an input device, a wireless transmission device, and a processor. The storage medium may include individual authentication information and device authentication information. The input device may be configured to receive an input. The wireless transmission device may be configured to selectively transmit the device authentication information to a nearby point of sale device. The processor may be configured to compare the input with the individual authentication information, and activate the wireless transmission device to transmit the device authentication information if the input is correlated with the individual authentication information.

Radio devices, regulation servers, and verification servers

According to various embodiments, a radio device may be provided. The radio device may include a configurable component, a configuration information transmitter configured to transmit information identifying the radio device and an identifier of a configuration of the configurable component to a regulation server; and a permission information receiver configured to receive from the regulation server information indicating as to whether the radio device is permitted to use the configuration of the configurable component or as to whether a pre-determined configuration of the configurable component is to be used by the radio device.

Secure cloud computing system

The present invention provides a method and apparatus for securing electronic systems, including computers, information appliances and communication devices. The invention in question addresses the problem of preventing compromise by severe attacks directed at the protected systems. A severe attack could mean any of the following: low level debugging, use of in-circuit emulators or logic analyzers, removal of silicon dice and inspection including by lapping and micro-photography, and other well-known methods of attack such as distributed denial of service. In order to protect systems and data from such severe attacks, a mechanism is required whose operation is irreparably altered by the attempt to understand its operation through such attacks. Moreover, the mechanism must cease operation instantly upon detection of any intrusion associated with an attack, whether by software or by hardware based means.

Predictive roaming between subnets

A network device of a subnet determines predictive roaming information for a wireless client. Predictive roaming information can identify the wireless client and a home network subnet of the wireless client. The network device provides predictive roaming information associated with a wireless client to neighboring subnets. Neighboring subnets store received predictive roaming information, and use the predictive roaming information if the wireless client roams to them.

Cryptographic security functions based on anticipated changes in dynamic minutiae

Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Authentication method and apparatus in a communication system

An authentication method and apparatus in a communication system are provided. In a method for authenticating a first node at a second authentication server in a communication system comprising the first node registered to a first authentication server and a second node registered to the second authentication server, an authentication request message requesting authentication of the first node is received from the second node, the authentication request message is transmitted to the first authentication server, and upon receipt of an authentication success message indicating successful authentication of the first node from the first authentication server, the authentication success message is transmitted to the second node.

System and method for binding a smartcard and a smartcard reader

Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction.

Wirelessly accessing broadband services using intelligent covers

The present disclosure is directed to a system and method for wirelessly accessing broadband services using intelligent covers. In some implementations, a cover for a consumer device includes side surfaces, a rear surface, a physical interface, a circuit, and a broadband service card. The side surfaces and a rear surface form an opening that receives at least a portion of a consumer device. A first portion of at least one of the surfaces includes a connector for connecting to a port of the consumer device. The circuit connects the physical interface to the connector. The broadband service card connected to the physical interface and accesses a service foreign through the wireless broadband network independent of the consumer device.

Method and Apparatus for Synchronizing an Adaptable Security Level in an Electronic Communication

A method of communicating in a secure communication system, comprises the steps of assembling as message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Information management system and method for managing identification information

A registration unit associates identification information of a portable terminal device with identification information of a vehicle, which is to be registered and equipped with a communication device. The registration unit registers the identification information. A grant unit grants an authentication key to the portable terminal device having the registered identification information. A permission unit permits the portable terminal device with the authentication key to operate in cooperation with the communication device, which is equipped to a vehicle to be registered, and the communication device equipped to a vehicle other than the vehicle to be registered. The permission unit does not to permit the portable terminal device without the authentication key to operate in cooperation with the communication device equipped to any vehicle.

Authentication system and authentication method in wireless lan environment

The authentication system in the wireless LAN environment includes a first wireless LAN access point for providing a wireless LAN service to a terminal device accessing the first wireless LAN access point; the terminal device for transmitting an authentication request to a second wireless LAN access point when the terminal device moves to access the second wireless LAN access point while receiving the wireless LAN service through an access to the first wireless LAN access point; and the second wireless LAN access point for identifying the first wireless LAN access point based on identification information contained in the authentication request transmitted from the terminal device which has moved to access the second wireless LAN access point, acquiring authentication information on the terminal device from the identified first wireless LAN access point, and performing an authentication for the terminal device based on the acquired authentication information.

Method and Apparatus for Emergency Session Validation

According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token. The session token may be associated with access to the resource by a user. The apparatus may receive a first token indicating that an emergency has been declared. The emergency may be associated with the user. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated.

Method and system for tracking machines on a network using fuzzy guid technology

A method for querying a knowledgebase of malicious hosts numbered from 1 through N. The method includes providing a network of computers, which has a plurality of unknown malicious host machines. In a specific embodiment, the malicious host machines are disposed throughout the network of computers, which includes a world wide network of computers, e.g., Internet. The method includes querying a knowledge base including a plurality of known malicious hosts, which are numbered from 1 through N, where N is an integer greater than 1. In a preferred embodiment, the knowledge base is coupled to the network of computers. The method includes receiving first information associated with an unknown host from the network; identifying an unknown host and querying the knowledge base to determine if the unknown host is one of the known malicious hosts in the knowledge base. The method also includes outputting second information associated with the unknown host based upon the querying process.

Portable computerized wireless information apparatus and methods

A mobile user apparatus and associated methods useful for transferring information wirelessly, such as for instance at points of departure or point-of-sale locations. In one embodiment, the mobile user apparatus is a cellular-enabled mobile device with a GPS receiver and a short-range radio frequency device that enables transfer of information to the device from a wireless-enabled entity such as a kiosk.

System and method for user authentication

A system and method for providing authentication of a user is disclosed. The use of a non-confidential and unique user identification number and a temporary access code separates authentication of the user from transmission of any user passwords or user-identifiable data, as well as provides a ubiquitous means to authenticate the user with unrelated organizations, without any information passing between those organizations.

Seamlessly authenticating device users

A method for seamlessly authenticating users of a first and second device is described. The method includes: determining a set of first signatures for a first device; generating a set of second signatures for a second device; comparing the set of first signatures with the set of second signatures; and based on the comparing, granting a user authentication status if a difference between the set of first signatures and the set of second signatures is less than a predetermined tolerance threshold, and rejecting the user authentication status if a difference between the set of first signatures and the set of second signatures is more than the predetermined tolerance threshold.

METHOD FOR ESTABLISHING A SECURE AND AUTHORIZED CONNECTION BETWEEN A SMART CARD AND A DEVICE IN A NETWORK

It is provided a method a method for establishing a first secure and authorized connection between a smart card and a first device in a network, wherein the first device comprises a second secure connection to a second device, wherein the method comprises storing a first security data; transferring the first security data between the first device and the second device; providing the first security data at the first device; establishing a binding between the smart card and the first device via the first secure and authorized connection utilizing the first security data; authorizing the binding between the smart card and the first device; and sending a second security data from the smart card to the first device via the first secure and authorized connection whereas the second security data may be usable for authentication of the first device to the network. 1. A method for establishing a first secure and authorized connection between a smart card and a first device in a network , wherein the first device comprises a second secure connection to a second device , wherein the method comprises:storing a first security data;transferring the first security data between the first device and the second device;providing the first security data at the first device;establishing a binding between the smart card and the first device via the first secure and authorized connection utilizing the first security data;authorizing the binding between the smart card and the first device; andsending a second security data from the smart card to the first device via the first secure and authorized connection, whereas the second security data is usable for authentication of the first device to the network.2. The method according to claim 1 , wherein the security data is at least one security data from the group of data consisting of a pre-shared key claim 1 , a certificate claim 1 , a root certificate claim 1 , certificate revocation data claim 1 , authorization data claim 1 , a serving ...

Communication control system, server device, and communication control method

A pairing server includes: a second determination unit which, when a first request is received from a transmitting terminal and a second request is received from a receiving terminal, determines whether or not there is matching of pairing identifiers included in the first and second requests and whether or not there is matching of communication device information included in the first and second requests; and a pairing unit which pairs the transmitting terminal and the receiving terminal using a first device identifier included in the first request and a second device identifier included in the second request when it is determined that there is matching of the pairing identifiers included in the first and second requests and that there is matching of the communication device information included in the first and second requests.

Communication control system and method, and communication device and method

A communication control system pairs a first communication device with a second communication device, the first communication device includes a first image editing unit that edits an input image in accordance with a predetermined rule to generate a first authentication image, and a first transmission unit that transmits first authentication data representing the first authentication image and a first identifier for identifying the first communication device to a server device, the second communication device includes a second transmission unit that transmits second authentication data representing the second authentication image and a second identifier for identifying the second communication device to the server device, and the server device includes a pairing unit that pairs the first communication device with the second communication device in the case where it is determined that the first authentication data matches the second authentication data.

Method and system for authorizing remote access to customer account information

System for authorizing a request for remote access to customer account information includes a server configured to receive the request via a network from a remote computing device, a database storing the customer account information accessible by the server, and memory accessible by the server and storing a customer notification program which, when executed by the server, performs steps for (a) identifying, responsive to the server receiving the request, the remote computing device by a device fingerprint and by a requesting location, (b) determining whether the device fingerprint matches any of a number of device fingerprints authorized to access the customer account information, and (c) sending, responsive to determining a mismatch between the device fingerprint and each of the previously authorized device fingerprints, a notification of the request to a customer-specified address, the notification indicating (i) the request, (ii) identity of the remote computing device, and (iii) the requesting location.

Secure registration to a service provided by a web server

To check a secure registration to a service provided by a web server from a communication terminal (TC), the web server (SW) saves a dynamically generated code matching the terminal (TC)'s IP address and transmits a message containing the code (CodC) to an e-mail address. This address is provided by the user in response to the terminal's connection to the web server. The server transmits to the terminal an application (App) capable of generating an automated test in order to tell computers apart from humans. The answer provided by the user is encrypted with the terminal's IP address and the code contained in the message transmitted to the e-mail address, and is directly transmitted by the application to the server, which decrypts it and compares it with an expected answer in order to enable access to the Web server if the decrypted answer matches the expected answer.

Mobile device management

Methods and systems are disclosed for reducing fraud, waste, and abuse of devices associated with government or business programs. Devices are authenticated based on a first set of data collected from the device, and if authenticated, may be permitted to send or receive service requests based on a second set of data that identifies the user, includes data about the user, identifies the service and/or identifies eligibility criteria. Devices may also be subject to eligibility requirements instituted before, during or after a service request is performed that determine the eligibility of the device and/or the user of the device. Devices may also be subject to filtering requirements administered before or during a service request. Devices may also be subject verification before, during or after one or more service requests.

Determining virtual location based upon scanned wireless signals

A method for determining proximity of two or more mobile units within a defined locale is disclosed. Each of the mobile units is operable to scan at least a portion of the locale associated with the scanning one of the mobile units. The presence of the ones of the plurality of wireless devices is detected within the associated portion of the locale, detecting receiving the unique information from the detected ones of the plurality of wireless devices or device IDs. The received information is formed into a wireless fingerprint and transmitted to a server, which has a database of stored wireless fingerprints that are compared to the received fingerprint and a determination made as to the stored wireless fingerprints within the locale. The relative proximity position of the mobile devices associated with stored wireless fingerprints within the locale is then determined and are transmitted to the scanning one thereof.

Content addressable stores based on sibling groups

A content addressable storage (CAS) system is provided in which each storage unit is assigned to one of a plurality of sibling groups. Each sibling group is assigned the entire hash space. Within each sibling group, the hash space is partitioned into hash segments which are assigned to the individual storage units that belong to the sibling group. Chunk retrieval requests are submitted to all sibling groups. Chunk storage requests are submitted to a single sibling group. The sibling group to which a storage request is submitted depends on whether any sibling group already stores the chunk, and which sibling groups are considered full.

Mobile human challenge-response test

Methods and systems for verifying whether a user requesting an online account is likely a human or an automated program are described. A request for an online account may be received from a mobile device. A human challenge-response test adapted for displaying on a mobile device is displayed on the mobile device. Upon viewing the human challenge-response test, the user enters the user's solution to the human challenge-response test on the mobile device. A response hash value is created based on the user's solution. The response hash value is sent to an account request server for verification.

Openid/local openid security

Identity management, user authentication, and/or user access to services on a network may be provided in a secure and/or trustworthy manner, as described herein. For example, trustworthy claims may be used to indicate security and/or trustworthiness of a user or user device on a network. Security and/or trustworthiness of a user or a user device on a network may also be established using OpenID and/or local OpenID, a secure channel between a service and the user device, and/or by including a network layer authentication challenge in an application layer authentication challenge on the user device for example.

Network security and fraud detection system and method

A system and method to detect and prevent fraud in a system is provided. The system may uniquely identify physical devices connecting to a network, register unique devices, track end-user logins, associate end-user accounts with specific devices, and share information with multiple network service providers is described.

Method and System for Secure Mobile File Sharing

A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.

Controlling Access to Resources on a Network

Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.

SYSTEMS AND METHODS FOR MANAGING RIGHTS TO BROADBAND CONTENT

Systems and methods for managing rights to broadband content are provided. A request for broadband content may be received by a server. The received request may include a client identifier associated with a customer device from which the request is received and a content identifier associated with the requested broadband content. Based at least in part upon the client identifier, a billing account associated with the customer device may be identified, and one or more users associated with the billing account may be identified. A set of access rights for the one or more users may be determined and, based upon an analysis of the set of access rights, a determination may be made as to whether access to the broadband content is authorized. 1. At least one computer-readable non-transitory storage medium having instructions encoded thereon that , in response to execution , cause at least one computer processor to performs operations comprising:receiving a request for content, the request is received from a customer device and comprises a client identifier associated with the customer device;receiving access rights information from one or more rights locker devices associated with one or more content providers, each of the one or more rights locker devices is external to the server;identifying, a billing account associated with the customer device based at least on the client identifier;identifying a plurality of users associated with the billing account;determining a set of one or more access rights based at least on a portion of the access rights information, the set of one or more access rights comprising respective rights for each of the plurality of users; anddetermining, if access to the content is authorized based at least on the set of one or more access rights.2. The at least one computer-readable non-transitory storage medium of claim 1 , wherein the received request further comprises an identifier of a desired permission level for accessing the content claim 1 , ...

System and method employing an agile network protocol for secure communications using secure domain names

A network device comprises a storage device storing an application program for a secure communications service; and at least one processor configured to execute the application program enabling the network device to: (a) send a request to look up a network address of a second network device based on an identifier; (b) receive an indication that the second network device is available for the secure communications service, the indication including the requested network address of the second network device and provisioning information for a secure communication link; (c) connect to the second network device over the secure communication link, using the received network address of the second network device and the provisioning information for the secure communication link; and (d) communicate at least one of video data and audio data with the second network device using the secure communications service via the secure communication link.

Management server and method for controlling device, user terminal apparatus and method for controlling device, and user terminal apparatus and control method thereof

A universal access method performed by a mobile device includes receiving a signal from a security access point that requests authentication information from the mobile device through near field communication (NFC), selecting one of first authentication information and second authentication information corresponding to the security access point, and transferring the selected authentication information to the security access point through NFC.

Interface for access management of femto cell coverage

Access to femto cell service is managed through access control list(s), or “white list(s).” Such white list(s) can be configured via a networked interface which facilitates access management to a femto cell. White list(s) includes a set of subscriber station(s) identifier numbers, codes or tokens, and can also include additional fields for femto cell access management based on desired complexity. Various interfaces and user profiles are associated with granting different levels of access to requesting UEs.

Methods and systems for fallback modes of operation within wireless computer networks

Described herein are systems and methods for fallback operation within WLANs that rely on remote authentication procedures. When a primary network node authentication process fails, fallback access control parameters associated with a secondary network node authentication process are exchanged between a network node and an authentication server, wherein the secondary network node authentication process allows the network node to access other resources of a computer network.

SECURE DATA PARSER METHOD AND SYSTEM

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths. 1. (canceled)2. A method of presenting a virtual disk to a client device , the method comprising:receiving client credentials from a client device, the client credentials including a client identifier;authenticating the client device at a secure storage device;determining a volume is associated with the client device based upon the client identifier, the volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices; andupon determining the volume is associated with the client device, presenting the volume to the client device.3. The method of claim 2 , wherein presenting the volume to the client devices includes providing access to data stored in the plurality of shares associated with the volume.4. The method of claim 2 , further comprising establishing a secure connection between the client device and the secure storage appliance.5. The method of claim 2 , wherein the client device is a first client device claim 2 , the client identifier is a first client identifier claim 2 , the volume is a first volume claim 2 , the plurality of shares are a first plurality of shares claim 2 , the plurality of physical storage devices is a first plurality of physical storage devices claim 2 , and further comprising:receiving client credentials from a second client device, the client credentials including a second client identifier;authenticating the second client device at a secure storage device;determining a ...

Secure data parser method and system

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

EXTERNAL AUTHENTICATION SUPPORT OVER AN UNTRUSTED NETWORK

There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment. 137.-. (canceled)38. A method comprisingcreating a first authentication request for authenticating a user equipment towards a communication network providing connectivity for the user equipment across an unsecured access network, wherein the authentication request is an authentication request of a key information exchange mechanism and authentication data is inserted in the authentication request,sending the first authentication request for authenticating the user equipment with the communication network based on the authentication data,creating, after authentication with the communication network, a second authentication request for authenticating the user equipment towards a packet data network external to the communications network, andsending the second authentication request.39. The method according to claim 38 , further comprisingreceiving, before sending the first authentication request, an indication that multiple authentications are supported, andinserting in the first authentication request an indication that multiple authentications are supported.40. A method comprisingreceiving an first authentication request for authenticating a user equipment towards a ...

System and method for enabling unconfigured devices to join an autonomic network in a secure manner

A method in an example embodiment includes creating an initial information package for a device in a domain of a network environment when the device is unconfigured. The method further includes communicating the initial information package to a signing authority, receiving an authorization token from the signing authority, and sending the authorization token to the unconfigured device, where the unconfigured device validates the authorization token based on a credential in the unconfigured device. In more specific embodiments, the initial information package includes a unique device identifier of the unconfigured device and a domain identifier of the domain. In further embodiments, the signing authority creates the authorization token by applying an authorization signature to the unique device identifier and the domain identifier. In other embodiments, the method includes receiving an audit history report of the unconfigured device and applying a policy to the device based on the audit history report.

PROCESSING OF COMMUNICATION DEVICE SIGNATURES FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS

A method for execution in a communication device, which comprises receiving a first data set and a second data set over a first communication path; receiving a series of requests over local communication path different from the first communication path; responding to a first one of the requests by releasing a first response including the first data set over the local communication path; and responding to a second one of the requests by releasing a second response including the second data set over the second communication path. 1. A method for execution in a communication device , comprising:receiving a plurality of data sets over a first communication path;receiving a series of requests over a local communication path different from the first communication path, wherein the series of requests is received after having received the plurality of data sets;responding to a first one of the requests by releasing a first response over the local communication path including a first data set of the plurality of data sets;responding to a second one of the requests by releasing a second response over the local communication path including a second data set of the plurality of data sets, wherein the second response does not contain the first data set.2. The method defined in claim 1 , wherein the first data set comprises a first signature previously generated by encrypting with an encryption key (i) an identifier associated with the communication device; and (ii) first additional data.3. The method defined in claim 2 , wherein the second data set comprises a second signature previously generated by encrypting the identifier and second additional data with the encryption key.4. The method defined in claim 3 , wherein the second additional data is related to the first data set by a function of time implemented by a control server claim 3 , the function of time being unknown to the communication device.5. The method defined in claim 4 , wherein the function of time is ...

Information processing apparatus and method, recording medium and program

The present invention relates to an information processing apparatus allowing proper communication with a communication partner in accordance with a communication time of the communication partner.

Server system, method for executing server system, and external memory

A system includes an application server connected to a web server and a client terminal via a network, the terminal being connected to an external memory, the application server includes an interface for a provider of a service, a contents database, an attribute database, an ID receiving part for receiving the ID sent from the client terminal connected to the external memory, an authentication part, an attribute information reading part, a display contents generation part and a display contents sending part, the external memory is stored with a program for sending the read ID to the application server from the client terminal and displaying the received display contents on a screen of the client terminal.

Method And Apparatus For Virtualizing Hardware Dongle Over A Wireless Connection

In a computer system configured to handle I/O signals received by the computer system from input devices and/or output signals output by the computer system, a virtual attachment module includes logic for selecting such that program code for coupling can alter the operating system's selection of I/O devices used for particular I/O device operations, coupling to a wireless I/O device at least for determining whether the wireless I/O device is available, and causing redirection of I/O signals destined to a default I/O device to be to the wireless I/O device, if the program code for coupling determines that the wireless I/O device is available. A virtual connection module could be used to intercept system messages indicating a wireless device is present and connected, determine whether the wireless device is present and/or connected, and determine which intercepted messages to forward, drop, delay or reformulate.

TRANSMISSION APPARATUS OPERATION FOR VPN OPTIMIZATION BY DEFRAGMENTATION AND DEDUPLICATION METHOD

A transmission apparatus operation method for optimizing a virtual private network operates by defragmenting and de-duplicating transfer of variable sized blocks. A large data object is converted to a plurality of data paragraphs by a fingerprinting method. Each data paragraph is cached and hashed. The hashes are transmitted to at least one satellite apparatus. Only data paragraphs which were not previously cached at each satellite are transferred. 1. A method for operating a transmission apparatus coupled to a local area network and coupled to a wide area network , the transmission apparatus configured with at least a circuit for to generate a data paragraph , a hash , and a remainder , a satellite cache store , a satellite transfer diary store , and a circuit for to pack a plurality of hashes and a remainder into a packet; the method comprising:receiving a data object;generating at least one data paragraph by selecting a string between a minimum length and a maximum length by computing a fingerprint and matching selected bits of the fingerprint to a certain mask by reading from the beginning of a data object or from the end of the previous data paragraph;computing a hash for each data paragraph;determining a remainder;storing a data paragraph into a primary cache store when the hash is determined to be new;storing a record into a satellite transfer diary of the reception apparatus for each data paragraph, the hash, and the status of the transfer of the data paragraph to the reception apparatus; andtransferring at least one hash and a remainder to a circuit to pack a data object integration packet.2. The method of further comprising:reading a pending status for transfer of a data paragraph;transferring a data paragraph from a primary cache store to a satellite apparatus; andupdating the status of the record in satellite transfer diary store from pending to past.3. The method of further comprising:determining that all data paragraphs required for data object ...

Method and apparatus for dynamic destination address control in a computer network

An arrangement to direct a packet sent out from an arbitrary apparatus connected to a network to a predetermined authentication server without changing the configuration of a computer network. A packet transmitted from apparatus, such as a personal computer, newly connected to the network, is guided to an authentication server via communication control apparatus. The communication control apparatus replaces a MAC address of the destination addresses of another server, which is included in the ARP cache of the personal computer, with the MAC address of the communication control apparatus to guide the packet from the personal computer to the communication control apparatus. The communication control apparatus further transmits the received packet to a predetermined authentication server.

Systems and methods for authenticating mobile devices at an incident via collaboration

A mobile device collaboration method includes provisioning a first mobile device with unique user identification related to a role and skill set of an associated user of the first mobile device, detecting a second mobile device responsive to a condition at the first mobile device, communicating the unique user identification to the second mobile device, authenticating the first mobile device through the second mobile device communicating the unique user identification to an external database, and providing access for the first mobile device through the second mobile device if the authenticating is successful. A mobile device collaboration system and a mobile device are also described.

Method and system for securing communication

A method for securing communication between a plurality of members. The method includes a first member sending a first input to a second member, receiving a second input from the second member, and generating, by an n-bit generator, an initial message digest using the first input and the second input. Communications between the first member and the second member are encrypted using the initial message digest.

User Authentication of Applications on Third-Party Devices Via User Devices

In one embodiment, a first computing device receives an access token from a second computing device, the access token being generated by the second computing device for a specific software application executing on a specific computing device; stores the access token; receives a request for the access token from a software application executing on a third computing device; verifies whether the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated; and sends the access token to the third computing device only when the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated.

Apparatus, method, and software for authentication of mobile communication terminals

An approach is provided for mobile communication terminal authentication. An invitation message is generated based on an invitation request received from a first mobile communication terminal, the invitation request including invitation information associated with a second mobile communication terminal. First authentication information associated with the invitation message is stored. The invitation message is transmitted to the second mobile communication terminal. An authentication request is received from the second mobile communication terminal, the invitation request including second authentication information extracted from the invitation message. The second mobile communication terminal is authenticated based on a comparison of the first authentication information and the second authentication information.

Wirelessly accessing broadband services using intelligent covers

The present disclosure is directed to a system and method for wirelessly accessing broadband services using intelligent covers. In some implementations, a cover for a consumer device includes side surfaces, a rear surface, a physical interface, a circuit, and a broadband service card. The side surfaces and a rear surface form an opening that receives at least a portion of a consumer device. A first portion of at least one of the surfaces includes a connector for connecting to a port of the consumer device. The circuit connects the physical interface to the connector. The broadband service card connected to the physical interface and accesses a service foreign through the wireless broadband network independent of the consumer device.

Bacnet ms/tp automatic mac addressing

A building automation and control network (BACnet) master-slave/token-passing (MS/TP) automatic media access control (MAC) addressing system having a BACnet MS/TP network, a MAC assigner on the network, and one or more MAC assignees on the network. Each assignee may have a global unique identity (GUID) and the assigner may have a pre-defined address. The assigner may gather virtually all GUIDs of the MAC assignees on the network and gather virtually all unused MAC addresses on the network. The assigner may map GUIDs to the unused MAC addresses and send a resulting map to the MAC assignees for assignment of a MAC address to each assignee. Each assignee may be assigned a MAC address according to its GUID, and the assignment of a MAC address to each assignee may occur automatically without manual intervention. In other words, the system may provide auto MAC addressing.

CRYPTOGRAPHIC AUTHENTICATION TECHNIQUES FOR MOBILE DEVICES

A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device regenerates a credential containing a key pair from a PIN and a protocredential, and authenticates cryptographically to a verifier black-box in the back-end subsystem; then the verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication, the prover black-box sends the authentication token to an application front-end in the computing device, the application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token. 1. (canceled)2. A multifactor authentication method , comprising:regenerating a credential from a protocredential stored in a computing device and a passcode supplied by a user, using a credential regeneration process having at least 1% probability of producing well-formed output and at most 0.1% probability of producing correct output from the protocredential and a random guess of the passcode, the random guess having a uniform probability distribution over the range of allowable passcodes; andproving possession of the credential to a verifier.3. The method of claim 2 , wherein the credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem claim 2 , and proving possession of the credential includes proving knowledge of the private key.4. The method of claim 3 , wherein the public key cryptosystem is a digital signature cryptosystem and proving knowledge of the private key includes using the private key to sign a challenge.5. A multifactor authentication method claim 3 , comprising:regenerating a credential comprising a private key that is part of a key pair pertaining to a public key cryptosystem from a protocredential stored in a computing device and one or more secrets not stored in the device, the ...

Inmate information center for correctional facility processing

A platform application and methods of operation that integrate both native and third-party modules into an integrated environment on an inmate computing device is disclosed. Third-party modules or systems are applications meant to operate independent from the platform application. Information is communicated between the platform application and third-party module or system to add audit, alarm and other functions across all modules or systems controlled by the platform software. The third-party module or system is audited to allow triggering of rules that cause remedial action to be taken. Triggers can be on actions not monitored by a particular third-party module or system.

Device identification using synthetic device keys

A device authentication server assigns unique synthetic device attributes to a device such that the device can use actual hardware and system configuration attributes and the assigned synthetic device attributes to form a device identifier that is unique, even among homogeneous devices for which actual, accessible hardware and system configuration attributes are not distinct.

Wireless communication network association and security for control of industrial equipment in harsh environments

In certain embodiments, a system includes a master node device. The master node device includes communication circuitry configured to facilitate communication with a welding power supply unit via a long-range communication link, and to facilitate wireless communication with one or more welding-related devices via a short-range wireless communication network. The master node device also includes control circuitry configured to associate the one or more welding-related devices with the short-range wireless communication network. The master node device further includes means for manually initiating association of the one or more welding-related devices with the short-range wireless communication network.

Wireless communication network sensor information for control of industrial equipment in harsh environments

In certain embodiments, a system includes a master node device. The master node device includes communication circuitry configured to facilitate communication with a welding power supply unit via a long-range communication link, and to facilitate wireless communication with one or more welding-related devices via a short-range wireless communication network. The master node device also includes control circuitry configured to receive sensor data from one or more sensors within a physical vicinity of the short-range wireless communication network, and to route the sensor data to final destinations for the one or more sensors.

Method for automatically applying access control policies based on device types of networked computing devices

Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

System and method for sharing login status between an application platform and an application

A method for sharing login status between an application platform and an application, both running on a client device, is performed at a computer. In response to a login request from the client device, the computer analyzes the login request to determine whether the login request is associated with the application platform or the application. If the login request is with the application platform, the computer then establishes a first connection with an application platform server and forwards the login request to the application platform server. Upon receiving a login key from the application platform server, the computer returns the login key to the client device. If not, the computer establishes a second connection with an application server and forwards the login request to the application server. Upon receiving a login key from the application server, the computer then returns the login key to the client device.

Mobile device security

A mobile device ( 2 ) exchanges an electronic message with a messaging server ( 4 ), where the message is encrypted with a messaging key. The mobile device encrypts a copy of the message with a monitoring key ( 9 ) different from the messaging key, and sends the encrypted copy to a monitoring server ( 5 ) remote from the messaging server ( 4 ).

Device-Specific Authorization at Distributed Locations

A method includes receiving authentication information for a client device at a server. The authentication information includes a network address of the client device, a geographic location of the client device, and a first result of a one-way hash function based on a combination of the network address, an authentication seed, and a first secret. The method includes computing, with the server, a second result of the one-way hash function based on a combination of the network address, the authentication seed, and a second secret. The method also includes enabling the client device to access a second network in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access the second network based on the geographic location.

SECURE IDENTIFICATION OF INTRANET NETWORK

A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer. 1. A method performed on a computing device connected to a network , the method comprising generating a unique identifier of the network based on at least one high-entropy property of the network , and further based on an authentication history that comprises information indicating whether or not the computing device is joined to a domain of the network , is authenticated , and was previously authenticated.2. The method of where the at least one high-entropy property is resistant to being guessed outside of the network.3. The method of where the at least one high-entropy property is resistant to being obtained outside of the network.4. The method of where the at least one high-entropy property comprises a globally unique identifier (“GUID”) of the domain.5. The method of where the ‘is authenticated’ comprises being currently authenticated by a domain controller that controls the network and the domain.6. The method of where the ‘was previously authenticated’ comprises being previously authenticated by a domain controller that controls the network and the domain ...

Processing device and management board

A processing device includes: casing; a processor in the casing; and a management board detachably mounted on the casing and manages the processor. The casing includes a memory storing therein first identification data to identify the casing. The management board includes a non-volatile memory storing therein second identification data of the casing mounting thereon the management board and second setting data to be referred by firmware, a portable recording medium being detachably mounted on the management board and storing therein third identification data of the casing mounting thereon the management board that mounts thereon the portable recording medium and third setting data to be referred by firmware, and a determiner. The determiner determines, using the first, second, and third identification data, whether the non-volatile memory or the portable recording medium stores setting data to be referred by the firmware operating on the management board.

Systems and Methods for RFID Security

An RFID system includes an RFID tag, an RFID reader, and a server. The RFID tag communicates to the server via encrypted information. The information may be encrypted with synchronized encryption keys. In this manner, the reader need not decrypt the information from the RFID tag. The effectiveness of malicious readers is thereby reduced, resulting in improved RFID tag security.

SECURE EMBEDDED MICROCONTROLLER IMAGE LOAD

A system and method for pairing two devices for secure communications. A user selects a first device to pair with a second device. The first and second devices have the ability to securely communicate with each other through the use of encrypted communications. An encryption key is written to the first device and then burned into the encryption module on the first device. A corresponding decryption key is written to the second device and then is burned into the decryption module of the second device. 1. A method for securely pairing two devices , comprising:selecting a first device to pair with a second device;writing an encryption key to the first device;burning the encryption key into an encryption module on the first device;writing a corresponding decryption key to the second device, the decryption key allowing the second device to decrypt data transmitted by the first device; andburning the decryption key into a decryption module on the second device.2. The method of wherein the encryption key is burned into a plurality of physically modifiable internal components (PMIC) disposed on the encryption module claim 1 , wherein each of the plurality of PMICs can only be modified one time.3. The method of wherein the encryption key is burned into the plurality of PMICs as a binary representation of the encryption key.4. The method of wherein the decryption key is burned into a plurality of physically modifiable internal components (PMIC) disposed on the decryption module claim 1 , wherein each of the plurality of PMICs can only be modified one time.5. The method of wherein the decryption key is burned into the plurality of PMICs as a binary representation of the decryption key.6. The method of wherein the encryption key and decryption key are a public/private key pair.7. The method of further comprising:writing a second encryption key to the second device;burning the second encryption key into an encryption module on the second device;writing a corresponding second ...

DYNAMICALLY HARDENING COMMUNICATIONS HAVING INSECURE PROTOCOLS

In various examples, communications having insecure protocols are dynamically hardened. For example, communications that are formatted in an outdated or otherwise insecure version of a protocol (e.g., sent by a device aged out of a service window) may be isolated within a network, converted to an updated protocol format, or any combination thereof. These systems and methods may be implemented on a general purpose network device (e.g., a hub of a Local Area Network (LAN)). 1. A computer-implemented method comprising:receiving, from a first device, first data communicated using a format corresponding to a first communication protocol;based at least on the first data being communicated using the format corresponding to the first communication protocol, assigning at least one communication channel of the first device to an isolated network;configuring a data converter to exchange one or more communications with the first device over the isolated network;converting, using the data converter, the first data from the format corresponding to the first communication protocol to second data according to a format corresponding to a second communication protocol; andtransmitting the second data to a second device.2. The computer-implemented method of further comprising claim 1 , determining an identifier (ID) of the format corresponding to the first communication protocol is listed in one or more data stores claim 1 , the one or more data stores comprising a list of IDs representative of a plurality of formats corresponding to a plurality of communication protocols.3. The computer-implemented method of claim 1 , wherein the converting includes mapping fields of the first data as arranged using the format corresponding to the first communication protocol to fields of the second data as arranged using the format corresponding to the second communication protocol.4. The computer-implemented method of claim 1 , wherein the converting includes encapsulating the first data with a ...

Method of Activation on a Second Network of a Terminal Comprising a Memory Module Associated with a First Network

A method is provided for activating, on a second network, a terminal having a memory module including a temporary identification datum and being associated in a central database with a first predetermined network. The method includes a first step of authenticating the memory module with the central database by way of the temporary identification datum, a step of determining a new identification datum following an activation of the terminal in the second network, and transmitting this new identification datum to the memory module for storage on the memory module. Also provided are an associated computing entity and a terminal containing the associated memory module. 1. A method for activation , on a second network , of a terminal comprising a memory module containing a temporary identification data item and being associated in a central database with a predetermined first networker , said central database containing predetermined identification data items each associated with a predetermined network , wherein said method comprises:following a first connection of the terminal to the first network via an interworking gateway, a first step of authenticating the memory module with the central database by using the temporary identification data item,following an activation of the terminal on the second network, determining a new identification data item by comparing information relating to the second network where the terminal is activated with each of the predetermined identification data items in the central database, this information being sent to the central database during said first connection of the terminal to the first network, anda first transmission step of transmitting this new identification data item to the memory module in order to store this new identification data item in the memory module.2. The method according to claim 1 , comprising claim 1 , following a second connection of the terminal to the first network via the interworking gateway claim 1 , a ...

ACCESS ALLOCATION FOR A SHARED MEDIA OUTPUT DEVICE

Systems and methods for operating a control device are disclosed. In accordance with an aspect of the disclosure, a method for operating a control device may include determining that a first user equipment is in local proximity to a shared media output device, allocating, to the first user equipment, access to the shared media output device, and facilitating playback, on the shared media output device, of media content associated with the first user equipment, so long as the first user equipment is determined to be in local proximity to the shared media output device. 1. A method of operating a control device , comprising:determining that a first user equipment is in local proximity to a shared media output device;allocating, to the first user equipment, access to the shared media output device; andfacilitating playback, on the shared media output device, of media content associated with the first user equipment so long as the first user equipment is determined to be in local proximity to the shared media output device.2. The method of claim 1 , further comprising determining a priority status of the first user equipment claim 1 , wherein greater access to the shared media output device is allocated to the first user equipment if the first user equipment is determined to have a high priority status.3. The method of claim 1 , further comprising authenticating user-specific digital ownership rights associated with the media content associated with the first user equipment claim 1 , wherein the playback of the media content is facilitated only if the user-specific digital ownership rights are authenticated.4. The method of claim 3 , wherein authenticating the user-specific digital ownership rights associated with the media content associated with the first user equipment comprises:determining that the first user equipment is authorized to playback the media content; anddetermining that the first user equipment is within a proximity zone.5. The method of claim 4 , ...

System and Methods for Validating and Managing User Identities

A system and associated methods for validating and managing user identities are disclosed. In at least one embodiment, a central computing system is configured for receiving and processing data related to an at least one user and associated identity. A user account is established and associated with each user, the account containing at least one of a unique account identifier, an identity score representing a quality rating of the user based on the at least one identity, and an identity table containing details related to the at least one identity. In at least one embodiment, the computing system is capable of selectively validating the at least one identity, dynamically calculating the identity score associated with the at least one user, and even leveraging select unique identifying data to create a persistent multi-factor authentication process in conjunction with a mobile device associated with the at least one user.

Method for performing authentication and electronic device thereof

A method and an apparatus for performing authentication are provided. The method includes performing, by a first authentication unit in a first electronic device, authentication with respect to a second electronic device that requests authentication through a first communication mode and when the second electronic device is authenticated, transmitting first information used for controlling the first electronic device to the second electronic device through the first communication mode and transferring second information indicating that the second electronic device is authenticated to a second authentication unit in the first electronic device.

One Click Application Asset Distribution

The technology described in this document can be embodied in a method that includes receiving at a second device a request for data sharing from a first device, and receiving a first file package associated with an application installed on the first device, and the file package includes a first portion of information usable for installation of the application on the second device. The method also includes processing the first file package to obtain the first portion of information usable for installing the application on the second device, providing authentication information for downloading a second file package to a remote computer device different from the first device, and installing the application on the second device using the first portion of information and the second portion of information.

DECENTRALIZED POLICY PUBLISH AND QUERY SYSTEM FOR MULTI-CLOUD COMPUTING ENVIRONMENT

A given policy file is obtained at a publishing node of a decentralized system of nodes, wherein the given policy file defines a policy that applies to at least a subset of nodes in the decentralized system of nodes. The given policy file is sent to a decentralized storage network for storage therein. Storage metadata is received from the decentralized storage network, wherein the storage metadata represents address information associated with storage of the given policy file in the decentralized storage network. The publishing node generates policy file retrieval metadata based on the storage metadata received from the decentralized storage system. The policy file retrieval metadata is sent to a blockchain network for storage therein. One or more querying nodes of the decentralized system of nodes access the blockchain network to obtain the policy file retrieval metadata in order to then retrieve the policy file from the decentralized storage network. 1. A method comprising:sending a request from a given node in a decentralized system of nodes to a blockchain network, wherein the request is associated with a given policy file that defines a policy that applies to at least a subset of nodes in the decentralized system of nodes;receiving policy file retrieval metadata at the given node from the blockchain network in response to the request, wherein the policy file retrieval metadata comprises address information associated with storage of the given policy file in a decentralized storage network;sending the address information from the given node to the decentralized storage network; andreceiving the given policy file at the given node from the decentralized storage network;wherein the given node is implemented via at least one processing device comprising a processor coupled to a memory.2. The method of claim 1 , wherein the address information comprises a content-based address generated for the given policy file.3. The method of claim 2 , wherein the policy file ...

MULTI-PHASE DIGITAL CONTENT PROTECTION

In one example, the present disclosure describes a device, computer-readable medium, and method for multi-phase protection of digital content. For instance, in one example, a method includes receiving a request for digital content from a client device, initiating a digital content protection process comprising a plurality of phases, where each phase of the plurality of phases includes verifying credentials provided by the client device, delivering a plurality of seeds to the client device, wherein each individual seed of the plurality of seeds is delivered to the client device upon a successful completion of one phase of the plurality of phases, encrypting the digital content, using an encryption key derived using the plurality of seeds, to generate encrypted content, and delivering the encrypted content to the client device. 1. A method , comprising:receiving a request for accessing digital content from a client device;initiating a digital content protection process comprising a plurality of phases, where each phase of the plurality of phases includes verifying credentials provided by the client device;delivering a plurality of seeds to the client device, wherein each individual seed of the plurality of seeds is delivered to the client device upon a successful completion of one phase of the plurality of phases;encrypting the digital content, using an encryption key derived using the plurality of seeds, to generate encrypted content; anddelivering the encrypted content to the client device.2. The method of claim 1 , wherein the plurality of phases comprises:a manufacture phase for verifying a manufacture of the client device by an expected vendor;a registration phase for verifying a registration of the client device with a global server that maintains a whitelist for a site;an authentication phase for verifying authentication of the client device with the global server; andan authorization phase for verifying that the client device is authorized to access the ...

Intelligent tracking system and methods and systems therefor

An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Intelligent tracking system and methods and systems therefor

An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Intelligent tracking system and methods and systems therefor

An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Machine learning voltage fingerprinting for ground truth and controlled message error for message and ecu mapping

Systems, apparatuses, and methods to establish ground truth for an intrusion detection system using machine learning models to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. Voltage signatures for overlapping message identification (MID) numbers are collapsed and trained on a single ECU label.

AUTHENTICATION OF PASSIVE DEVICES

Some embodiments provide a method, executable by a network device, that receives a first set of commands instructing the network device to allow network traffic to egress out of an authentication port of the network device. The authentication port is configured to belong to a first virtual local area network (VLAN). An unauthenticated device is connected to the authentication port. The method further receives a second set of commands instructing the network device to add ports belonging to the first VLAN to a broadcast domain of a second VLAN. The method also broadcasts an address request to the broadcast domain of the second VLAN. The method further receives, from the unauthenticated device, a response to the address request. 1. A method , executable by a network device , comprising:receiving a first set of commands instructing the network device to allow network traffic to egress out of an authentication port of the network device, wherein the authentication port is configured to belong to a first virtual local area network (VLAN), wherein an unauthenticated device is connected to the authentication port;receiving a second set of commands instructing the network device to add ports belonging to the first VLAN to a broadcast domain of a second VLAN;broadcasting an address request to the broadcast domain of the second VLAN; andreceiving, from the unauthenticated device, a response to the address request.2. The method of claim 1 , wherein the response is a first response claim 1 , the method further comprising:sending a computing device a request to authenticate the unauthenticated device; andreceiving from the computing device a second response indicating that the unauthenticated device is now an authenticated device.3. The method of claim 2 , wherein the second response comprises an address associated with the authenticated device and a VLAN identifier associated with the second VLAN claim 2 , the method further comprising claim 2 , in response to receiving the ...

FEDERATED SECURITY FOR MULTI-ENTERPRISE COMMUNICATIONS

Where a single networked security service supports multiple enterprises, this security service can operate as a shared source of trust so that security devices associated with one enterprise can provide authenticated, policy-based management of computing devices associated with another enterprise. For example, an enterprise firewall can advantageously manage network access for a new device based on a shared and authenticated relationship with the networked security service. 1. A system comprising:a firewall coupled to a first network interface and a second network interface, the firewall associated with a first enterprise network and coupled to the first enterprise network through the first network interface, and the firewall coupled to a public internetwork through the second network interface;a compute instance associated with a second enterprise network, the compute instance coupled through the first enterprise network to the first network interface of the firewall; anda threat management facility coupled in a communicating relationship with the firewall, the threat management facility configured to provide security services for each of the first enterprise network associated with the firewall and the second enterprise network associated with the compute instance, and the threat management facility further configured to cryptographically verify an association between the compute instance and the second enterprise network as a condition for access by the compute instance to the public internetwork through the firewall.2. The system of wherein the threat management facility cryptographically verifies the association between the compute instance and the second enterprise network using a transport layer security handshake protocol to authenticate the compute instance.3. A system comprising:a first network interface coupled through a first data network with a compute instance, the compute instance associated with a first enterprise;a second network interface coupled ...

File Reputation Acquiring Method, Gateway Device, and File Reputation Server

A file reputation acquiring method, a gateway device, and a file reputation server, the method comprising the gateway device acquires at least one function in the accessed file and acquiring a function hash value of each function in the at least one function to obtain at least one function hash value, determines, using a classifier obtained in advance by training, a probability distribution separately corresponding to each function hash value, where the probability distribution is used to indicate a probability that each function hash value appears in a file of a black sample set, and a probability that each function hash value appears in a file of a white sample set, and determines a reputation value of the accessed file according to the probability distribution corresponding to each function hash value. 1. A file reputation acquiring method , comprising:acquiring at least one function in an accessed file;acquiring a function hash value of each function in the at least one function to obtain at least one function hash value, wherein the accessed file is an executable program file;determining, using a classifier obtained in advance by training, a probability distribution separately corresponding to each function hash value in the at least one function hash value, wherein the probability distribution is used to indicate a probability that each function hash value appears in a file of a black sample set, and a probability that each function hash value appears in a file of a white sample set, wherein the black sample set comprises at least one malicious program file, and wherein the white sample set comprises at least one normal program file; anddetermining a reputation value of the accessed file according to the probability distribution corresponding to each function hash value.2. The method according to claim 1 , wherein acquiring the at least one function in the accessed file and the function hash value of each function in the at least one function comprises: ...

Systems and Methods for Controlling Email Access

Embodiments of the disclosure relate to controlling access to email content. According to various embodiments as described herein, an email message may be accessed by a computing device to identify a uniform resource locator (URL) within the email message, wherein the URL corresponds to a resource residing in a protected location that is not accessible by a native browser application of the client device. The computing device may determine whether the client device is permitted to access the URL and request access to the resource via the secure browser application of the client device upon a determination that the client device is permitted to access the resource in accordance with the at least one resource rule. 120-. (canceled)21. A non-transitory computer-readable medium embodying a program executable in a computing device to ensure security of email attachments , comprising code that:receives an e-mail including an attachment using an e-mail program, the attachment having been modified by a management system based on an administrator policy to restrict access to the attachment to a secure container application;displays the e-mail;receives selection of the attachment using the e-mail program; andautomatically launches the secure container application to open the attachment.22. The non-transitory computer-readable medium of claim 21 , further comprising code that claim 21 , when executed:prohibits access to the attachment by encrypting the attachment; andrestricts access to the attachment by any other third-party application by providing a decryption key to only the secure container application.23. The non-transitory computer-readable medium of claim 21 , further comprising code that claim 21 , when executed:determines a device type from which the e-mail will be accessed; andrestricts access to the attachment to access by the secure container application when the device type is a smartphone.24. The non-transitory computer-readable medium of claim 21 , further ...

Goal-Driven Provisioning in IoT Systems

Techniques are disclosed for provisioning Internet of Things (IoT) devices in accordance with a state machine model. More particularly, collections of IoT devices may be organized into enclaves, groups or “shoals” that operate as autonomous or semi-autonomous groups of devices functioning as a collective having a common objective or mission. IoT devices participating in a shoal may be provisioned with shoal-specific context information as part of their device-specific provisioning activity. By way of example, a shoal context object can include a current state variable and a target next state variable. The shoal's target next state variable establishes a goal (e.g., for provisioning activity) without dictating how the individual shoal members (IoT device) are to achieve that goal. This mechanism may be used to drive a shoal's separate devices through their individual provisioning state machines until the shoal itself is made operational.

Systems, Methods and Computer Readable Medium To Implement Secured Computational Infrastructure for Cloud and Data Center Environments

Systems, methods, and non-transitory computer-readable medium are provided to secure data centers and cloud computing. A method receives network identifiers for functions, requests a network key for each function, allocates network interfaces, requests a virtual network interface controller allocation, requests a network key for each cloud function, receives storage identifiers for functions, requests a storage key for each cloud function, allocates virtual storage disks, requests a storage interface controller allocation, requests a storage key for each cloud function. Methods secure migration of a virtual machine from a source to a target server. A server includes multiple cores where each core is dedicated to a compute function and a unique key encrypts data of each compute function. A non-transitory computer-readable medium encodes programs that execute the above methods. 1. A method of computer security executed on one or more servers of a cloud or data center provider , comprising:receiving a network identifier for a plurality of functions from a cloud or data center manager;requesting a network key for each function from key server(s) or from a local key generator based on one or multiple secrets;allocating a plurality of isolated network interfaces based on a cloud or data center provider's and/or a customer's requirements;requesting a virtual network interface controller allocation per function per virtual machine;requesting from the key server a network key for each cloud or data center function;receiving a storage identifier for a plurality of functions from a cloud or data center manager;requesting a storage key for each function from key server(s) or from a local key generator based on one or multiple secrets;allocating a plurality of isolated virtual storage disks based on cloud or data center provider and/or customer requirements;requesting a storage controller allocation per function per virtual machine;requesting from the key server a storage key(s) ...

METHODS AND SYSTEMS FOR AUTO-COMMISSIONING OF DEVICES IN A COMMUNICATION NETWORK

Devices, methods, systems, and computer-readable media for auto-commissioning of devices in a communication network are described herein. One or more embodiments include a method for auto-commissioning of a device added to a communication network, comprising: determining properties of signal transitions of the communication network via a device added to the network while the signal transitions of the communication network are passing unchanged, and processing the signal transitions of the communication network, via the device, based on the properties of the signal transitions. 1. A method for auto-commissioning of devices in a communication network , comprising:determining, via an added device, properties of signal transitions of the communication network while the signal transitions of the communication network are passing unchanged, wherein determining the properties of the signal transitions includes passively observing unmodified signal transitions pre-existing in the communication network; andprocessing, via the added device, the signal transitions of the communication network based on the properties of the signal transitions.2. The method of claim 1 , wherein determining the properties of the signal transitions includes passively determining a protocol of the communication network by observing protocol signatures of the signal transitions.3. The method of claim 1 , wherein determining properties of the signal transitions comprises:determining, via the added device, a protocol of the signal transitions;determining, via the added device, a size of a stop bit;determining, via the added device, a number of bits between a start bit and a stop bit; anddetermining, via the added device, a location of a node within the communication system.4. The method of claim 1 , comprising:processing, via the added device, content of a transmission bit by bit with a cryptographic hash prior to determining which cryptographic key is to be used.5. The method of claim 1 , comprising: ...

DECRYPTING AND DECODING MEDIA ASSETS THROUGH A SECURE DATA PATH

A client device for decrypting and decoding media assets through a secure data path. The client device includes a host core and global memory in a common execution environment and a secure core and restricted memory in a secure execution environment. The secure core generates a license challenge only in the context of the secure execution environment and processes a license challenge response that includes a media content decryption key only in the context of the secure execution environment. The secure core decrypts a protected media asset using the media content decryption key only in the context of the secure execution environment such that the decryption key and decrypted media asset will not be in global memory thereby protecting the media asset from unauthorized access. 1. A method in a client device for decrypting and decoding media assets through a secure data path , comprising:encrypting, by a secure core in a secure execution environment of the client device, a device certificate template and a private key using a key that is unique to the client device;storing the encrypted device certificate template and the private key in global memory in a common execution environment;receiving, by a host core in the common execution environment, a request to play a protected media asset;receiving, by the host core, the protected media asset and metadata for the protected media asset that includes a media asset key identifier of the protected media asset;reading, by the host core, the encrypted device certificate template and the private key and passing the encrypted device certificate template and the private key to the secure core;decrypting, by the secure core, the encrypted device certificate template and the private key using the key that is unique to the client device;generating, by the secure core using the device certificate template, a unique device certificate that is unique to the client device that includes a public key that corresponds to the private key; ...

HEARING DEVICE AND METHOD OF HEARING DEVICE COMMUNICATION

A hearing device includes: a processing unit configured to compensate for hearing loss of a user of the hearing device; a memory unit; and an interface; wherein the processing unit is configured to: receive a connection request for a session via the interface; obtain a session identifier; transmit, via the interface, a connection response comprising a hearing device identifier and the session identifier; receive, via the interface, an authentication message comprising an authentication key identifier and client device data; select a hearing device key from a plurality of hearing device keys in the memory unit based on the authentication key identifier; and verify the client device data based on the selected hearing device key. 1. A hearing device comprising:a processing unit configured to compensate for hearing loss of a user of the hearing device;a memory unit; andan interface; receive a connection request for a session via the interface;', 'obtain a session identifier;', 'transmit, via the interface, a connection response comprising a hearing device identifier and the session identifier;', 'receive, via the interface, an authentication message comprising an authentication key identifier and client device data;', 'select a hearing device key from a plurality of hearing device keys in the memory unit based on the authentication key identifier; and', 'verify the client device data based on the selected hearing device key., 'wherein the processing unit is configured to2. The hearing device of claim 1 , wherein the session identifier is for a session claim 1 , and wherein the processing unit is configured to terminate the session if a verification of the client device data fails.3. The hearing device according to claim 1 , wherein the authentication message comprises an authentication type identifier claim 1 , and wherein the processing unit is configured to select the hearing device key from the plurality of hearing device keys based on the authentication type ...

Device Communication Environment

A computing environment is disclosed that receives from devices requests directed toward services accessible in the environment, and that forwards communications from services in the environment to devices registered with the environment. During a registration process at the environment, devices are assigned a device identifier that is used to identify and authenticate each particular device and requests communicated from and to the device via the environment. The computing environment maintains state information for each device that has been registered with the system. As the device interacts with the system, the state information is updated to reflect the changes in the device. When requests to perform functions are received from devices, the computing environment determines for the particular device and the particular function requested what processing needs to be performed by the environment in response to the request. 1. A method , comprising:receiving, at a device security server, a request from a manufacturer to register a device, the request comprising information associated with the device and information for use in authenticating the device;identifying, at the device security server, a unique device identifier;associating, at the device security server, the identified unique device identifier with the information associated with the device and with the information for use in authenticating the device;receiving, at a device security server, a request from an entity responsible for the device to associate information identifying the entity with the device, the request comprising the unique device identifier and the information identifying the entity;associating, at the device security server, the information identifying the entity with the unique device identifier;authenticating, at the device security server, a request to perform a function, the authenticating employing the information for use in authenticating the device;receiving, at the device security ...

SYSTEMS AND METHODS FOR DETECTING MAN-IN-THE-MIDDLE ATTACKS

A computer-implemented method for detecting man-in-the-middle attacks may include (1) registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user, (2) receiving an authentication request to log into a secure computing resource as the user, (3) transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received, (4) comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device, and (5) performing remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match. Various other methods, systems, and computer-readable media are also disclosed. 1. A computer-implemented method for detecting man-in-the-middle attacks , at least a portion of the method being performed by a computing device comprising at least one processor , the method comprising:registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user;receiving an authentication request to log into a secure computing resource as the user;transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received;comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device in response to the out-of-band push authentication prompt;performing remedial action in response to detecting a man-in-the-middle attack based on a determination that the ...

Security bridging

A network media gateway is used to bridge trust between a Service Provider network and subscriber devices. The gateway is authenticated by the Service Provider by using knowledge of network topology. Subscriber devices are authenticated in response to subscriber input to the gateway via an interface. Trusted subscriber devices can be tightly coupled with the Service Provider network, thereby facilitating delivery of QoE. Mobile and remote subscriber devices may also be authenticated. The gateway may also facilitate establishment of VPNs for peer-to-peer communications, and dynamically adjustable traffic, policy and queue weightings based on usage patterns.

INFORMATION PROCESSING APPARATUS AND MOBILE TERMINAL DEVICE

A management server () encrypts storage target data and transmits the encrypted storage target data to mobile terminals (). Thereafter, the management server () receives and decrypts the encrypted storage target data stored in the mobile terminals (). 1. An information processing apparatus communicably connected to a mobile terminal device , the information processing apparatus comprising:an encrypting unit to encrypt storage target data;a transmitting unit to transmit the storage target data encrypted by the encrypting unit to the mobile terminal device;a receiving unit to receive the storage target data stored in the mobile terminal device; anda decrypting unit to decrypt the storage target data received by the receiving unit.2. The information processing apparatus according to claim 1 , wherein the transmitting unit transmits the same storage target data to a plurality of terminal devices including the mobile terminal device.3. The information processing apparatus according to claim 1 , further comprising the encrypting unit encrypts each divided storage target data generated by a division process by the dividing unit; and', 'the transmitting unit transmits the divided storage target data encrypted by the encrypting unit to the mobile terminal device., 'a dividing unit to divide the storage target data, wherein4. The information processing apparatus according to claim 3 , wherein the transmitting unit transmits each of the divided storage target data encrypted by the encrypting unit to a plurality of the mobile terminal devices different from each other.5. The information processing apparatus according to claim 3 , wherein the dividing unit divides the storage target data so that a ratio of a size of the divided storage target data to a size of the storage target data becomes a predetermined ratio or less.6. The information processing apparatus according to claim 3 , further comprising:an assessing unit to assess validity of the divided storage target data ...

DUAL CHANNEL IDENTITY AUTHENTICATION

Identity authentication comprises: determining, in response to a request from a first device operated by a source user, that an identity authentication is to be performed for the source user; identifying a target user who is deemed to satisfy at least a preset condition, the target user being a user other than the source user; generating validation information to authenticate identity of the source user; sending the validation information to a second device operated by the target user; receiving a validation response from the first device operated by the source user; and performing identity authentication, including verifying whether the validation response received from the first device operated by the source user matches the validation information sent to the second device. 1. A method , comprising:determining, in response to a request from a first device operated by a source user, that an identity authentication is to be performed for the source user;identifying a target user who is deemed to satisfy at least a preset condition, the target user being a user other than the source user;generating validation information to authenticate identity of the source user;sending the validation information to a second device operated by the target user;receiving a validation response from the first device operated by the source user; andperforming identity authentication, including verifying whether the validation response received from the first device operated by the source user matches the validation information sent to the second device.2. The method of claim 1 , wherein the identifying the target user comprises:determining a set of one or more associated users of the source user based at least in part on the source user's historical user information;using the historical user information to compute a set of one or more trust levels between the source user and respective ones of the set of one or more associated users; andselecting a set of one or more trusted users among ...

SYSTEMS AND METHODS OF DEVICE AUTHENTICATION INCLUDING FEATURES OF CIRCUIT TESTING AND VERIFICATION IN CONNECTION WITH KNOWN BOARD INFORMATION

A method and system for authenticating a device, board, assembly or system includes obtaining or processing test/scan information provided via extraction of ECID or other unique identifying information regarding a board. 1. A method of authenticating a board , assembly or system , the method comprising:obtaining or processing test/scan information provided via extraction of unique identifying information regarding one or more devices on a board, assembly or system, including determination of associated mounted position(s);performing one or more re-authentication processes to verify that the board, assembly or system contains only legitimate uniquely identified devices, via comparison of re-extracted codes of devices at known positions against a reference record, the reference record being established by an initial authentication process that utilizes information regarding authentic and unique codes of devices delivered to populate the board, assembly or system as placed at specific positions to derive the reference record for the device, enabling the re-attestation of the authenticity of such devices.2. The method of further comprising processing information regarding knowledge of all legitimately shipped codes of a given device type assuring each code's uniqueness claim 1 , verifying non-duplication over the supply chain from legitimate IC fabricator(s).3. The method of wherein the reference record is received claim 1 , directly or indirectly claim 1 , from an IC fabricator that performed the initial authentication process on a newly assembled board claim 1 , assembly or system at a board claim 1 , assembly or system factory.4. The method of wherein the information regarding the codes includes lot information regarding securely documented lots of devices shipped via a supply chain.5. A method of authenticating a board claim 1 , assembly or system claim 1 , the method comprising:performing an initial authentication process that utilizes information regarding ...

Bidirectional authorization system, client and method

Disclosed is a bidirectional authorization system, including a first service provision subsystem configured to acquire a first temporary credential of the first service provision subsystem and a second temporary credential of a second service provision subsystem, respectively, send the second and the first temporary credential to the user terminal and the second service provision subsystem, respectively, send the second authorization credential returned by the user terminal to the second service provision subsystem to exchange for a second access token and acquire the second service resources; a second service provision subsystem configured to modify the first temporary credential and send it to the user terminal, send the first authorization credential returned by the user terminal to the first service provision subsystem to exchange for a first access token, and acquire the first service resources; and a user terminal configured to authorize the received second and first temporary credentials, respectively, and return the second and first authorization credentials to the first and second service provision subsystems, respectively. A bidirectional authorization client and a method are also disclosed. The present disclosure can be used to enable clients on both sides to simultaneously access resources of the opposite side. 1. A system for bidirectional authorization , comprising a first service provision subsystem , a second service provision subsystem and a user terminal , wherein ,the first service provision subsystem is configured to acquire a first temporary credential of the first service provision subsystem and a second temporary credential of the second service provision subsystem, respectively, send the second temporary credential to the user terminal for authorization, receive a second authorization credential returned by the user terminal, send the second authorization credential to the second service provision subsystem to exchange for a second access ...

PRIORITY BASED RADIUS AUTHENTICATION

An apparatus, method and machine readable storage medium, for an authentication server such as a RADIUS server, for authenticating a subscriber are disclosed. The method comprises: receiving at the authentication server, a request message including a plurality of attributes having respective attribute names and respective attribute values; retrieving from a profile storage, an authentication profile object; identifying a plurality of authentication attributes to use for authentication, including a respective associated priority value, from the authentication profile object; extracting attribute values from the request message, corresponding to each authentication attribute; and attempting to authenticate the request message based on each of the extracted attribute value in order of a respective associated priority value until the authentication attempt is successful. 1. A method performed by an authentication server for authenticating a subscriber , the method comprising:receiving, at said authentication server, a request message including a plurality of attributes having respective attribute names and respective attribute values;retrieving, from a profile storage, an authentication profile object, wherein each entry has a respective priority field;identifying a plurality of authentication attributes to use for authentication, including a respective associated priority value from the priority field of each entry, from said authentication profile object;extracting attribute values from said request message, corresponding to each authentication attribute; andattempting to authenticate said request message based on each of said extracted attribute value in order of the respective associated priority value until said authentication attempt is successful.2. The method of claim 1 , wherein said step of attempting to authenticate is preceded by a step of sorting said plurality of authentication attributes in order of the respective associated priority value for each of ...

APPARATUS AND METHOD FOR REGISTERING HOME DEVICE IN SERVER IN HOME NETWORK SYSTEM

The present invention relates to a method for registering a home device of a home network system in a server, the method comprising: receiving an access token from an account server managing an account for a control device; receiving a peer identifier (peer ID) identifying the home device and a peer group identifier (peer group ID) identifying a group of home devices from the control device; and logging into a connectivity server managing the connection between the home device and the control device on the basis of the access token, the peer ID, and the peer group ID. 1. A method for registering a home device in a server in a home network system , the method comprising:receiving an access token from an account server managing an account for a control device;receiving a peer identifier (ID) for identifying the home device and a peer group ID for identifying a group of home devices from the control device; andlogging into a connectivity server managing connection between the home device and the control device based on the access token, the peer ID, and the peer group ID.2. The method of claim 1 , further comprising:receiving a server information including information relating to access to a service server from the control device;receiving a peer group ID and a peer ID from the service server; and,logging into the connectivity server based on the access token, the peer group ID and the peer ID from the service server.3. The method of claim 1 , further comprising:receiving, from the account server, a refresh token used to renew the access token and a globally unique ID (GUID) assigned and managed by the account server to identify the home device.4. A method for registering a home device in a server by a control device in a home network system claim 1 , the method comprising:receiving a peer ID for identifying the home device from a service server managing device information on the home device; andtransmitting a peer group ID for identifying a group of home devices and ...

Correlation Identity Generation Method For Cloud Environment

This invention relates to a method for generating correlation identity with respect to a client to establish, integrate and communicate to a server within a cloud environment (e.g. Inswit™ Cloud). A service location identity can be generated with respect to a remote client by getting at least one service node of an appropriate service request made by the client device within the cluster of the cloud environment. A correlation ID/source ID can be thereafter generated based on the service location identity to serialize the payload and establish a connection with the server. The integration services with respect to the client device can be instantiated to permit authenticated information flow within the cloud network. The messages including the information on the destination end points can be finally emanated out of the source end points to the destination end point by efficiently authenticating the client devices using the correlation ID. 1. A method for generating correlation identity within a cloud environment , said method comprising the following steps:generating a service location identity with respect to a remote client by getting at least one service node of an appropriate service request made by a client device within a cluster of said cloud environment;generating a correlation ID based on said service location identity in order to serialize payload and establish a connecting with a server; andinstantiating at least one integration service with respect to said client device to permit authenticated information flow with respect to said client to establish, integrate and communicate to said server within the cloud network.2. The method of further comprising the step of emanating a plurality of messages out of said server to said client device by efficiently authenticating said client devise using said correlation ID thereby providing a new paradigm in information exchange/software integration catering the requirements of a wide range of enterprise computing ...

Method for enabling interception, decoding and/or processing of a mac level message

There is disclosed a method in a User Equipment, UE, for enabling interception, decoding and/or processing of at least parts of a Media Access Control, MAC, level message. The method comprises the steps of receiving configuration information comprising information to add additional information to a MAC level message, and creating a bit string representing the additional information. The method also comprise the step of adding the created bit string to the MAC level message, to enable a recipient of said MAC level message to determine, based on the additional information represented by the bit string, whether at least part of a payload of the MAC level message is to be intercepted, decoded and/or processed. There is further disclosed a method in a base station for decoding a corresponding MAC level message. A corresponding User Equipment, UE, and a base station configured for the methods are also disclosed.