СПОСОБ ВЗАИМОДЕЙСТВИЯ ВО ВЗАИМОДЕЙСТВУЮЩЕЙ СЕТИ БЛС ДЛЯ БЫСТРОГО ВЫБОРА ОБОРУДОВАНИЕМ ПОЛЬЗОВАТЕЛЯ СЕТИ МОБИЛЬНОЙ СВЯЗИ ДЛЯ ДОСТУПА

Изобретение относится к технологиям сетевого доступа. Изобретение раскрывает способ взаимодействия для быстрого выбора оборудованием пользователя (ОП) БЛС оптимальной сети мобильной связи для осуществления доступа в БЛС; сначала при установлении соединения с СД БЛС ОП БЛС принимает решение, существует ли в сохраненной информации об идентификаторах информация об идентификаторе СД БЛС; если "да", то в СД БЛС будет послана информация о выборе сети, соответствующая сохраненному идентификатору БЛС; в противном случае информацией о выборе сети, подлежащей передаче в СД БЛС, считается предварительно сконфигурированная сеть мобильной связи с высшим приоритетом; СД БЛС идентифицирует сеть мобильной связи для осуществления доступа согласно информации о выборе сети, содержащейся в запросе на аутентификацию, и соединяет ОП БЛС с выбранной сетью для выполнения аутентификации. Способ предусматривает выбор оборудованием пользователя (ОП) БЛС сети мобильной связи для осуществления быстрого доступа, когда ...

АУТЕНТИФИКАЦИЯ В СИСТЕМЕ СВЯЗИ

Изобретение относится к аутентификации в системе связи. Предложены способ и устройство для обеспечения шифрования речи при сотовой аутентификации в формате расширяемого протокола аутентификации. Техническим результатом является обеспечение обычного формата для аутентификации и настройки. 8 н. и 3 з.п. ф-лы, 8 ил.

СПОСОБ И СИСТЕМА ЗАЩИЩЕННОГО ДОСТУПА К HNB ИЛИ HeNB И ЭЛЕМЕНТ БАЗОВОЙ СЕТИ

Изобретение относится к области защиты сети. Технический результат - защита сети за счет исключения регистрации недопустимого H(e)NB непосредственно в элементе базовой сети. Способ защищенного доступа к исходному (развитому) узлу В (H(e)NB) включает: подписание шлюзом безопасности (SeGW) информации об идентификаторе H(e)NB и отправку цифровой подписи на H(e)NB; отправку посредством H(e)NB цифровой подписи и информации об идентификаторе H(e)NB на элемент базовой сети; выполнение элементом базовой сети проверки правильности цифровой подписи и информации об идентификаторе H(e)NB; при этом элемент базовой сети представляет собой H(e)NB GW или узел управления мобильностью (ММЕ); информация об идентификаторе H(e)NB представляет собой H(e)NB ID и внутренний IP адрес H(e)NB, или представляет собой ID закрытой группы абонентов (CSG) и внутренний IP адрес H(e)NB, или представляет собой H(e)NB ID, CSG ID и внутренний IP адрес H(e)NB. 5 н. и 17 з.п. ф-лы, 7 ил.

СПОСОБ ПРОВЕРКИ ПОЛНОМОЧИЙ ДОСТУПА ПОЛЬЗОВАТЕЛЯ ВБЕСПРОВОДНОЙ ЛОКАЛЬНОЙ СЕТИ

Настоящее изобретение раскрывает способ проверки полномочий доступа пользователя в беспроводных локальных сетях. В процессе получения терминалом пользователя беспроводной локальной сети (Wireless Local Area Network - WLAN) доступа к действующей WLAN во время проведения идентификации данного терминала пользователя WLAN сеть WLAN выясняет, разрешен ли доступ данному терминалу пользователя WLAN в соответствии с условиями проверки полномочий, оказывающими влияние на доступ данного терминала пользователя WLAN; если разрешен, то сеть WLAN устанавливает правила доступа для данного терминала пользователя WLAN в соответствии с указанными условиями проверки полномочий; в противном случае сеть WLAN уведомляет терминал пользователя WLAN об отказе. Используя способ согласно данному изобретению, можно контролировать доступ в сеть различных пользователей в соответствии с разными условиями проверки полномочий и после получения ими доступа ограничивать разными правилами доступа. В результате расширяются ...

ТЕХНОЛОГИИ АУТЕНТИФИКАЦИИ УСТРОЙСТВА ДЛЯ БЕСПРОВОДНОЙ СТЫКОВКИ

Группа изобретений относится к средствам беспроводной стыковки нескольких устройств. Технический результат – создание средств для беспроводной стыковки между беспроводными устройствами. Для этого предложено устройство, содержащее: схему для первого устройства; компонент приема, выполняемый схемой для приема первого информационного элемента (IE); компонент списка, выполняемый схемой для сравнения информации идентификации для второго устройства с первым списком одного или больше разрешенных устройств для беспроводной стыковки с первым устройством; компонент модификации, выполняемый схемой для модификации совместно выведенного в паре главного ключа (РМК) на основе сравнения, обозначающего, что второе устройство одобрено для беспроводной стыковки с первым устройством, и обеспечения передачи первым устройством сообщения запроса на модификацию для направления второго устройства на модификацию РМК таким же способом, как использовался для модификации РМК в первом устройстве; компонент аутентификации ...

СИСТЕМА И СПОСОБ ДИНАМИЧЕСКОГО ВРЕМЕННОГО РАЗРЕШЕНИЯ НА ПЛАТЕЖ В ПЕРЕНОСНОМ УСТРОЙСТВЕ СВЯЗИ

Изобретение относится к проверке проведения транзакции с динамическими временными идентификационными данными для переносного устройства связи, применяемого в транзакции с точкой электронного управления, например торговой точкой, точкой доступа к беспроводной связи ближнего радиуса действия. Технический результат заключается в расширении арсенала средств для проверки проведения транзакций. Переносное устройство связи содержит модуль, определяющий географическое местоположение, например модуль глобальной системы позиционирования. Система содержит централизованный модуль, получающий данные о текущем географическом местоположении переносного устройства связи, передающий динамические временные идентификационные данные на переносное устройство связи и предоставляющий прогнозную информацию о транзакции, включая динамические временные идентификационные данные и данные о географическом местоположении переносного устройства связи, в систему авторизации, функционально связанную с точкой электронного ...

УСТРОЙСТВО И СПОСОБ УПРАВЛЕНИЯ ПРАВАМИ ДОСТУПА К БЕСПРОВОДНОЙ СЕТИ

Изобретение относится к устройству и способу управления правами доступа к беспроводной сети. Технический результат заключается в обеспечении доступа к беспроводной сети посредством использования устройств беспроводной связи за счет проверки действительности прав доступа. Технический результат достигается за счет использования устройства для беспроводного подключения, которое обеспечивает беспроводное подключение к сети при подключении к терминалу. Устройство содержит средства управления правами доступа, предназначенные для того, чтобы при приеме запроса на активацию подключения от хост-устройства проверять действительность упомянутых прав доступа и, если права доступа действительны, управлять вторыми средствами подключения для открытия подключения к точке доступа беспроводной сети с использованием упомянутых прав доступа. 2 н. и 6 з.п. ф-лы, 4 ил.

ПРОФИЛЬ ПОЛЬЗОВАТЕЛЯ, ПОЛИТИКА И РАСПРЕДЕЛЕНИЕ КЛЮЧЕЙ PMIP В СЕТИ БЕСПРОВОДНОЙ СВЯЗИ

Изобретение относится к системам связи, а именно к способу, содействующему безопасному распределению информации подвижного устройства в пределах беспроводной сети связи. Техническим результатом является повышение безопасности связи. Технический результат достигается тем, что способ содержит следующие этапы: прием запроса аутентификации доступа от беспроводного аутентификационного однорангового элемента, генерирование вторичного идентификатора пользователя, связанного с первичным идентификатором пользователя для беспроводного аутентификационного однорангового элемента, предоставление вторичного идентификатора пользователя аутентификатору, связанному с аутентификационным одноранговым элементом, извлечение информации профиля пользователя на основании первичного идентификатора пользователя, и предоставление информации профиля пользователя аутентификатору. 12 н. и 35 з.п. ф-лы, 16 ил.

СРАБАТЫВАЕМОЕ НА ОСНОВЕ АКТИВНОСТИ ОБЕСПЕЧЕНИЕ ПОРТАТИВНЫХ БЕСПРОВОДНЫХ СЕТЕЙ

Изобретение относится к автоматической конфигурации беспроводных сетей связи в ответ на активность пользователя. Техническим результатом является обеспечение беспрепятственного и безопасного осуществления доступа устройств пользователя к Интернету посредством удаленной сети. Устройство и связанные способы относятся к конфигурированию сети, удаленной от персональной сети пользователя, с помощью параметров, регулирующих персональную сеть пользователя, в ответ на активность пользователя, а также в местоположении и момент времени, которые основаны на активности пользователя. В иллюстративном примере сеть может представлять собой сеть Wi-Fi. Персональная сеть пользователя может представлять собой, например, домашний SSID пользователя для осуществления доступа к персональному устройству доступа Wi-Fi пользователя. В некоторых примерах активность пользователя может представлять собой запрос доступа к удаленной сети с использованием домашнего SSID пользователя. Запрошенный доступ может быть предоставлен ...

Отчётность о законном перехвате в беспроводных сетях, используя релейную передачу для общественной безопасности

Изобретение относится к технике беспроводной связи, использующей технологию релейной передачи, что способствует обеспечению законного перехвата (LI) посредством сообщения в объект LI, связанный с сотовой сетью, аутентифицированных идентичностей удаленных UE (таких, как удаленные UE, соединенные через услуги непосредственной близости), и идентификационной информации, которая может обеспечить контроль объектом LI трафика (и/или управляющей статистики, относящейся к трафику), связанного с удаленными UE. Аутентификация удаленных UE может выполняться с использованием технологии, не требующей участия сотовой сети. 3 н. и 21 з.п. ф-лы, 8 ил.

СЛУЖБА IOT-ИНИЦИАЛИЗАЦИИ

Изобретение относится к технологии, направленной на инициализацию устройств в IoT-окружении. Техническим результатом является обеспечение возможности инициализации IoT-устройств в IoT-концентраторе. Система для связи для Интернета вещей (IoT) содержит службу инициализации, включающую в себя по меньшей мере один процессор, который обеспечивает прием идентификационного сообщения, при этом идентификационное сообщение включает в себя информацию, которая связана с идентификацией первого IoT-устройства, проверку достоверности первого IoT-устройства, выполнение определения IoT-концентратора из множества IoT-концентраторов, который должен быть ассоциирован с первым IoT-устройством, на основе, по меньшей мере отчасти, идентификационного сообщения, и предписание регистрации первого IoT-устройства в упомянутом определенном IoT-концентраторе. 3 н. и 17 з.п. ф-лы, 9 ил.

СПОСОБЫ, ПРЕДНАЗНАЧЕННЫЕ ДЛЯ ТОГО, ЧТОБЫ ДАВАТЬ ВОЗМОЖНОСТЬ БЕЗОПАСНОЙ САМОСТОЯТЕЛЬНОЙ ИНИЦИАЛИЗАЦИИ АБОНЕНТСКИХ УСТРОЙСТВ В СИСТЕМЕ СВЯЗИ

Изобретение относится к системам связи и, в частности, к способу безопасной самостоятельной инициализации абонентских устройств. Технический результат - возможность безопасной дистанционной самостоятельной инициализации абонентского устройства. Способ предоставления возможности безопасной самостоятельной инициализации абонентского устройства включает в себя в сервере инициализации и безопасности: прием из абонентского устройства запроса подписи сертификата, имеющего данные инициирования конфигурирования абонентского устройства, генерацию данных инициализации для абонентского устройства с использованием данных инициирования конфигурирования абонентского устройства и в ответ на запрос подписи сертификата предоставления в абонентское устройство данных инициализации абонентского устройства и сертификата абонентского устройства, имеющего атрибуты санкционирования, связанные с данными инициализации, чтобы предоставить возможность самостоятельной инициализации абонентского устройства. 2 н. и 18 ...

СИСТЕМА ВЗАИМНОЙ АУТЕНТИФИКАЦИИ

Изобретение относится к системе беспроводной связи, которая обеспечивает одностороннюю аутентификацию устройства–ответчика посредством устройства–инициатора и взаимную аутентификацию обоих устройств. Технический результат заключается в недопущении длительных периодов тайм–аута во время беспроводной связи при одновременном обеспечении возможности инициатору также сообщать ошибки связи пользователю в течение короткого времени. Инициатор могут иметь модуль сообщений и конечный автомат. Инициатор запускается посредством получения общедоступного ключа ответчика через внеполосное действие и отправляет запрос на аутентификацию. Ответчик отправляет ответ по аутентификации, содержащий данные аутентификации ответчика на основе конфиденциального ключа ответчика и статус взаимного проведения, указывающий проведение взаимной аутентификации для обеспечения возможности устройству–ответчику получать общедоступный ключ инициатора через внеполосное действие ответчика. Конечный автомат инициатора выполнен ...

СПОСОБ, ЭЛЕМЕНТ СЕТИ И МОБИЛЬНАЯ СТАНЦИЯ ДЛЯ СОГЛАСОВАНИЯ АЛГОРИТМОВ ШИФРОВАНИЯ

Изобретение относится к передаче данных, а именно к способам и устройствам для согласования алгоритмов шифрования. Техническим результатом является уменьшение количества ошибок передачи данных. Технический результат достигается тем, что заявленный способ согласования алгоритмов шифрования содержит этапы, на которых: получают информацию о том, что сменная карта мобильной станции, MS, не поддерживает первый алгоритм шифрования; удаляют первый алгоритм шифрования из списка алгоритмов шифрования, разрешенных элементом опорной сети, в соответствии с информацией о том, что сменная карта MS не поддерживает первый алгоритм шифрования; и отправляют список алгоритмов шифрования за исключением первого алгоритма шифрования элементу сети доступа, с тем чтобы элемент сети доступа выбрал алгоритм шифрования в соответствии со списком алгоритмов шифрования за исключением первого алгоритма шифрования и информацией о возможностях MS, отправленной от MS, и отправил выбранный алгоритм шифрования на MS. 4 н.

ЭФФЕКТИВНЫЙ СЕТЕВОЙ УРОВЕНЬ ДЛЯ ПРОТОКОЛА IPv6

Изобретение относится к области беспроводной связи. Технический результат изобретения заключается в возможности установления безопасной связи между электронными устройствами связи через ячеистую сеть. Электронное устройство связи включает в себя сетевой интерфейс, который может позволять электронному устройству беспроводным способом связывать электронное устройство с другими электронными устройствами связи, процессор, который принимает данные маршрутизации от другого электронного устройства. Причем таблица маршрутизации содержит множество целевых и промежуточных устройств, а также совокупность транзитных участков между электронными устройствами. Устанавливается сеанс связи с одним из множества целевых электронных устройств с использованием протокола дейтаграмм безопасности транспортного уровня (DTLS), причем пакетные данные, относящиеся к этому сеансу, маршрутизируются на основе принятых данных маршрутизации с вектором расстояний. 3 н. и 17 з.п. ф-лы, 12 ил.

СПОСОБ И УСТРОЙСТВО ДЛЯ АУТЕНТИФИКАЦИИ БЕСПРОВОДНЫХ УСТРОЙСТВ

Изобретение относится к области управления беспроводной сетью, а именно к аутентификации беспроводных устройств. Технический результат – уменьшение времени достижения аутентифицированного состояния устройств. Способ аутентификации содержит этапы, на которых включают один или более информационных элементов аутентификации в один или более соответственных кадров, передаваемых между первым устройством и вторым устройством беспроводной сети, причем эти один или более информационных элементов аутентификации включают в себя данные для использования в процедуре аутентификации для установления того, что оба из первого устройства и второго устройства обладают общим криптографическим ключом, и при этом процедура аутентификации содержит этапы, на которых передают первый информационный элемент аутентификации от первого устройства на второе устройство, передают второй информационный элемент аутентификации от второго устройства на первое устройство и передают третий информационный элемент аутентификации ...

СПОСОБ УПРАВЛЕНИЯ АВТОРИЗАЦИЕЙ

Изобретение относится к вычислительной технике. Технический результат заключается в устранении уязвимостей для кражи данных у поставщиков идентификационной информации. Способ управления авторизацией, подлежащий реализации терминалом сервера аутентификации, включает в себя этапы, на которых: после приема запроса соединения из терминала сервера поставщика, генерируют, сохраняют и передают контрольный идентификатор сервера на терминал сервера поставщика; после приема от пользовательского терминала зашифрованного идентификатора сервера, получаемого в результате шифрования, выполненного на контрольном идентификаторе сервера, определяют, авторизована ли комбинация из серийного номера конечного пользователя и зашифрованного идентификатора сервера; и когда результат определения является положительным, передают подтверждение авторизации и ввода пользовательских данных на терминал сервера поставщика. 10 з.п. ф-лы, 4 ил.

СИСТЕМА И СПОСОБ УВЕДОМЛЕНИЯ О ПОЛИТИКЕ ДЛЯ ЭЛЕКТРОННЫХ СИСТЕМ ПРЕДОСТАВЛЕНИЯ ПАРА

Изобретение относится к устройству мобильной связи, которое содержит устройство беспроводного приема, выполненное с возможностью приема сигнала маячка от беспроводного маячка, при этом сигнал маячка содержит уникальный идентификатор и общий идентификатор, указывающий, что маячок используется для передачи политик курения электронных сигарет; и процессор, выполненный с возможностью обнаружения в сигнале маячка общего идентификатора; устройство передачи, выполненное с возможностью передачи уникального идентификатора на удаленный сервер; и устройство приема, выполненное с возможностью приема от удаленного сервера контрольных данных, указывающих подлинность сигнала маячка. Технический результат заключается в обеспечении возможности обнаружения в сигнале маячка общего идентификатора. 7 н. и 9 з.п. ф-лы, 12 ил.

ПРОВЕРКА ДОПУСТИМОСТИ КОНТАКТОВ И ОБНОВЛЕНИЕ ДОСТОВЕРНЫХ КОНТАКТОВ В МОБИЛЬНЫХ УСТРОЙСТВАХ БЕСПРОВОДНОЙ СВЯЗИ

... 1. Способ в устройстве беспроводной связи, содержащий прием запроса сеанса связи, отклонение запроса сеанса связи, прием запроса сеанса связи по сигнатуре, имеющего сигнатуру после отклонения запроса сеанса связи, проверку допустимости сигнатуры запроса сеанса связи по сигнатуре. 2. Способ по п.1, по которому проверку допустимости сигнатуры запроса сеанса связи по сигнатуре осуществляют посредством сравнивания его сигнатуры с информацией, хранящейся в устройстве беспроводной связи. 3. Способ по п.1, по которому генерируют контрольную сигнатуру в устройстве беспроводной связи на основании информации, принятой от достоверного источника, подтверждают допустимость сигнатуры запроса сеанса связи по сигнатуре посредством сравнивания сигнатуры запроса сеанса связи по сигнатуре с контрольной сигнатурой, сгенерированной в устройстве беспроводной связи. 4. Способ по п.3, по которому генерируют контрольную сигнатуру до приема и отклонения запроса сеанса связи. 5. Способ по п.3, по которому генерируют ...

СПОСОБ, СИСТЕМА И УСТРОЙСТВА ДЛЯ ПОДДЕРЖКИ УСЛУГ ПРОТОКОЛА IP МОБИЛЬНОЙ СВЯЗИ, ВЕРСИИ 6

... 1. Способ поддержки аутентификации и авторизации для протокола IP мобильной связи, версия 6 (MIPv6), отличающийся тем, что пересылают между мобильным узлом (10) в гостевой сети (20) и собственной сетью (30) мобильного узла информацию об аутентификации и авторизации, относящуюся к MIPv6, в протоколе аутентификации в сквозной процедуре, прозрачной для гостевой сети, через инфраструктуру аутентификации, авторизации и учета (ААА). 2. Способ по п.1, отличающийся тем, что сквозная процедура имеет место между мобильным узлом (10) и сервером ААА (34) в собственной сети (30), и узлы в гостевой сети действуют просто как транзитные агенты в сквозной процедуре. 3. Способ по п.2, отличающийся тем, что дополнительно пересылают информацию, относящуюся к MIPv6, от сервера ААА (34) в собственной сети (30) собственному агенту (26; 36). 4. Способ по п.3, отличающийся тем, что информацию, относящуюся к MIPv6, пересылают через инфраструктуру ААА для немедленной установки или установки в будущем ассоциации защиты ...

ПРОФИЛЬ ПОЛЬЗОВАТЕЛЯ, ПОЛИТИКА И РАСПРЕДЕЛЕНИЕ КЛЮЧЕЙ PMIP В СЕТИ БЕСПРОВОДНОЙ СВЯЗИ

... 1. Способ, действующий на аутентификационном сервере для сети беспроводной связи, содержащий: ! прием запроса аутентификации доступа от беспроводного аутентификационного однорангового элемента, ! генерирование вторичного идентификатора пользователя, связанного с первичным идентификатором пользователя для беспроводного аутентификационного однорангового элемента, ! предоставление вторичного идентификатора пользователя аутентификатору, связанному с аутентификационным одноранговым элементом. ! 2. Способ по п.1, в котором сеть связи включает в себя сеть по меньшей мере одну из: сеть совместимую с сверхмобильным широкополосным доступом (UMB), сеть совместимую с WiMAX или сеть совместимую с протоколом долгосрочного развития (LTE). ! 3. Способ по п.1, в котором аутентификационный сервер представляет собой объект аутентификации, авторизации и учета (AAA), а аутентификационный одноранговый элемент представляет собой беспроводной терминал доступа (AT). ! 4. Способ по п.3, в котором аутентификатор ...

СПОСОБЫ И УСТРОЙСТВА ДЛЯ РОУМИНГА CDMA2000/GPRS

... 1. Способ, в котором пользователь, использующий Mobile IP, переходит из собственной системы в гостевую систему, содержащую обслуживающий узел поддержки GPRS (SGSN), заключающийся в том, что присоединяют собственную систему к гостевой системе, чтобы предоставить возможность обмена данными между собственной системой и гостевой системой, причем собственная система содержит собственного агента, посредством этапов, на которых предоставляют собственной системе модуль эмуляции чужого агента по третьему интерфейсу, и предоставляют гостевой системе модуль эмуляции шлюзового узла поддержки GPRS (GGSN) по четвертому интерфейсу. 2. Способ по п.1, в котором дополнительно разрешают пользователю регистрироваться по первому интерфейсу и разрешают пользователю регистрироваться по второму интерфейсу. 3. Способ по п.1, в котором этап, на котором присоединяют собственную систему к гостевой системе для предоставления возможности обмена данными между собственной системой и гостевой системой, содержит этап, на ...

ЭФФЕКТИВНЫЙ СЕТЕВОЙ УРОВЕНЬ ДЛЯ ПРОТОКОЛА IPv6

Изобретение относится к области беспроводной связи. Технический результат изобретения заключается в возможности установления безопасной связи между электронными устройствами связи через ячеистую сеть. Электронное устройство связи включает в себя сетевой интерфейс, который может позволять электронному устройству беспроводным способом связывать электронное устройство с другими электронными устройствами связи, процессор, который определяет по меньшей мере один путь данных к другим электронным устройствам с использованием механизма маршрутизации Протокола Информации Маршрутизации – Следующего Поколения (RIPng). После идентификации по меньшей мере одного пути данных к другим электронным устройствам процессор может определить, является (являются) ли идентифицированный(е) путь(и) данных безопасным(и), с использованием протокола Безопасности Транспортного Уровня Дейтаграмм (DTLS). Если идентифицированный(е) путь(и) данных является (являются) безопасным(и), процессор посылает пакеты данных Интернет-протокола ...

СПОСОБ И СИСТЕМА ЗАЩИЩЕННОГО ДОСТУПА К HNB ИЛИ HeNB И ЭЛЕМЕНТ БАЗОВОЙ СЕТИ

... 1. Способ защищенного доступа к исходному (развитому) узлу В (H(e)NB), включающий:подписание шлюзом безопасности (SeGW) информации об идентификаторе H(e)NB и отправку цифровой подписи на H(e)NB;отправку посредством H(e)NB цифровой подписи и информации об идентификаторе H(e)NB на элемент базовой сети;выполнение элементом базовой сети проверки правильности цифровой подписи и информации об идентификаторе H(e)NB.2. Способ по п. 1, отличающийся тем, что этап подписания шлюзом безопасности (SeGW) информации об идентификаторе H(e)NB включает:получение посредством SeGW при выполнении аутентификации идентификатора на H(e)NB информации об идентификаторе H(e)NB и подписание информации об идентификаторе H(e)NB.3. Способ по п. 1, отличающийся тем, что этап отправки посредством H(e)NB цифровой подписи и информации об идентификаторе H(e)NB на элемент базовой сети включает:при регистрации H(e)NB отправку посредством H(e)NB цифровой подписи и информации об идентификаторе H(e)NB на элемент базовой сети.4 ...

СПОСОБ И УСТРОЙСТВО ДЛЯ ПРЕДОСТАВЛЕНИЯ ИНФОРМАЦИИ

Способ повышения защищенности информации в сетях подвижной радиотелефонной связи

Изобретение относится к области защиты информации в сетях подвижной радиотелефонной связи. Техническим результатом является повышение защищенности информации за счет дополнительного введения идентификатора ключа абонента и его использования вместо собственно ключа абонента в отдельных элементах технологического процесса производства сим-карт для сетей подвижной радиотелефонной связи и при реализации процедур аутентификации и идентификации абонентов. Для этого при изготовлении ключей абонентов сетей подвижной радиотелефонной связи изготавливаются уникальные идентификаторы ключей абонентов, а также формируется множество пар (идентификатор ключа абонента, ключ абонента), которое записывается для хранения и использования в аппаратный модуль безопасности, размещаемый в ядре сети оператора услуг подвижной радиотелефонной связи, а также передается производителю сим-карт или инициализатору чипов, используемых при производстве сим-карт, который записывает в защищенную область памяти каждого чипа ...

Индикаторы конфиденциальности для управления запросами аутентификации

Изобретение относится к области систем связи. Техническим результатом является увеличение уровня безопасности систем связи. Технический результат заявляемого технического решения достигается тем, что предусмотрена возможность передавать сообщение с помощью пользовательского оборудования в элемент или функциональный блок сети связи, содержащее один или более индикаторов конфиденциальности, на основе которых определяются признаки конфиденциальности для обработки сообщения. Сообщение может содержать запрос подключения, включающий в свой состав идентификатор подписки для абонента, связанного с пользовательским оборудованием, совместно с индикаторами конфиденциальности, содержащими флаг, указывающий, является ли идентификатор подписки в запросе подключения защищенным с точки зрения конфиденциальности. 8 н. и 17 з.п. ф-лы, 7 ил.

ПРОВЕРКА ТРАНЗАКЦИИ, ОСУЩЕСТВЛЯЕМАЯ НЕСКОЛЬКИМИ УСТРОЙСТВАМИ

ОСНОВАННАЯ НА УРОВНЕ ОСЛАБЛЕНИЯ АССОЦИАЦИЯ В СЕТЯХ СВЯЗИ

УСТРОЙСТВА И СПОСОБЫ ДЛЯ АУТЕНТИФИКАЦИИ КЛИЕНТСКОГО УСТРОЙСТВА

ПРОВЕРКА ТРАНЗАКЦИИ, ОСУЩЕСТВЛЯЕМАЯ НЕСКОЛЬКИМИ УСТРОЙСТВАМИ

СПОСОБ АУТЕНТИФИКАЦИИ ПОЛЬЗОВАТЕЛЬСКОГО ТЕРМИНАЛА В СЕРВЕРЕ ИНТЕРФЕЙСА, А ТАКЖЕ СЕРВЕР ИНТЕРФЕЙСА И ПОЛЬЗОВАТЕЛЬСКИЙ ТЕРМИНАЛ ДЛЯ ЕГО ОСУЩЕСТВЛЕНИЯ

... 1. Способ аутентификации пользовательского терминала в сервере интерфейса, содержащий этапы, на которых:принимают информацию запроса аутентификации от сервера обеспечения услуг доступа к приложениям для запрашивания сервера интерфейса выполнить аутентификацию пользовательского терминала, который принимает услугу доступа к приложениям, предоставляемую сервером обеспечения услуг доступа к приложениям;выполняют аутентификацию пользовательского терминала согласно информации запроса аутентификации, используя способ аутентификации, выбранный сервером интерфейса или пользователем пользовательского терминала; ипередают информацию ответа на запрос аутентификации, включающую в себя результат аутентификации при выполнении упомянутого способа аутентификации, на сервер обеспечения услуг доступа к приложениям,причем сервер интерфейса обеспечивает интерфейс с сетью для сервера обеспечения услуг доступа к приложениям, ипричем информацию запроса аутентификации принимают так, что она проходит через пользовательский ...

ДИНАМИЧЕСКОЕ СОЗДАНИЕ АККАУНТА В ЗАЩИЩЕННОЙ СЕТИ С БЕСПРОВОДНОЙ ТОЧКОЙ ДОСТУПА

... 1. Устройство, содержащее:по меньшей мере один процессор ипо меньшей мере одну память, содержащую код компьютерной программы;при этом по меньшей мере одна память с кодом компьютерной программы сконфигурирована так, чтобы с помощью упомянутого по меньшей мере одного процессора обеспечивать выполнение устройством по меньшей мере следующего:приема по меньшей мере одного передаваемого маяка от по меньшей мере одной точки доступа к сети;формирования предварительного соединения с упомянутой по меньшей мере одной точкой доступа к сети в ответ на определение того, что устройство не обладает данными для аутентификации, необходимыми для подключения к защищенной точке доступа к сети из упомянутой по меньшей мере одной точки доступа к сети;приема или создания, во время упомянутого предварительного соединения, данных для аутентификации, необходимых для соединения с защищенной точкой доступа к сети, иформирования соединения с защищенной точкой доступа к сети посредством использования принятых или созданных ...

СПОСОБ И УСТРОЙСТВО ДЛЯ УСТАНОВКИ УЧЕТНОЙ ЗАПИСИ УПРАВЛЕНИЯ ИНТЕЛЛЕКТУАЛЬНЫМИ УСТРОЙСТВАМИ

СПОСОБ И УСТРОЙСТВО ДЛЯ СВЯЗЫВАНИЯ АУТЕНТИФИКАЦИИ АБОНЕНТА И АУТЕНТИФИКАЦИИ УСТРОЙСТВА В СИСТЕМАХ СВЯЗИ

... 1. Способ, действующий в устройстве, содержащий:выполнение аутентификации абонента с сетевым объектом;выполнение аутентификации устройства с сетевым объектом для упомянутого устройства;генерацию защитного ключа, связывающего аутентификацию абонента и аутентификацию устройства; ииспользование защитного ключа, чтобы обезопасить связь между устройством и обслуживающей сетью.2. Способ по п. 1, в котором аутентификация абонента основана на обмене данными соглашения о ключе аутентификации между устройством и сетевым объектом.3. Способ по п. 1, в котором аутентификация устройства основана на обмене данными по схеме «запрос-ответ» между устройством и сетевым объектом.4. Способ по п. 1, в котором аутентификация абонента выполняется первым сервером аутентификации, который является частью сетевого объекта, и аутентификация устройства выполняется вторым сервером аутентификации, который является частью сетевого объекта.5. Способ по п. 1, в котором аутентификация устройства выполняется посредством:приема ...

СИСТЕМА СВЯЗИ, ТЕРМИНАЛ СВЯЗИ, СПОСОБ АУТЕНТИФИКАЦИИ И НЕ ВРЕМЕННЫЙ МАШИНОЧИТАЕМЫЙ НОСИТЕЛЬ, ХРАНЯЩИЙ ПРОГРАММУ

Zellulartelefon als authentifiziertes Abrechnungs-Kontrollgerät

Benutzergerät (User Equipment, UE) und Verfahren zum Empfang von Downlink-Datendiensten

Hierin werden allgemein Ausführungsformen eines Benutzergeräts (UE) und Verfahren zum Empfang von Downlink-Datendiensten beschrieben. In einigen Ausführungsformen kann das UE so konfiguriert sein, dass es Downlink-Signale von einem Evolved Node-B (eNB) eines Third-Generation-Partnership-Project(3GPP)-Long-Term-Evolution(LTE)-Netzwerks empfängt. Das Senden von Uplink-Signalen an das 3GPP-LTE-Netzwerk kann in einigen Fällen beschränkt sein. Das UE kann an einen Zugangspunkt (AP) und gemäß einem Wireless-Local-Area-Network(WLAN)-Protokoll eine Anforderung für einen Dienstschlüssel für einen Downlink-Datendienst mit dem eNB senden. Das UE kann einen Dienstschlüssel von dem AP empfangen und kann den Dienstschlüssel verwenden, um einen Verkehrsschlüssel zu entschlüsseln, der von dem eNB empfangen wird. Der Verkehrsschlüssel kann verwendet werden, um Datenpakete zu entschlüsseln, die als Teil des Downlink-Datendiensts empfangen werden.

Verfahren zur geschützten Kommunikation eines Fahrzeugs

Die Erfindung betrifft ein Verfahren zur geschützten Kommunikation eines Fahrzeugs (14). Es sind die Schritte vorgesehen, – Erzeugen eines Schlüsselpaars (22) bestehend aus privatem Schlüssel und öffentlichem Schlüssel und/oder eines oder mehrerer symmetrischer Schlüssel für das Fahrzeug (14) oder für ein Steuergerät (28, 30, 32) des Fahrzeugs (14) im Einflussbereich des Fahrzeugherstellers, – Erzeugen eines ersten Zertifikats (24) mit dem Schlüsselpaar (22), – Einbringen des Schlüsselpaars (22) und des ersten Zertifikats (24) und/oder des oder der mehreren symmetrischen Schlüssel in das Fahrzeug (14) oder das Steuergerät (28, 30, 32), – Authentisieren des Fahrzeugs (14) oder des Steuergeräts (28, 30, 32) gegenüber einem neuen Kommunikationspartner (38, 40) durch die Generierung eines neuen Schlüsselpaares (50) für diesen Kommunikationsweg und das Absenden einer signierten Nachricht zusammen mit dem Zertifikat (24), und – Authentisieren eines neuen Kommunikationspartners (38, 40) gegenüber ...

Verfahren und Vorrichtungen für die Zugangskontrolle zu verschlüsselten Datendiensten für ein Unterhaltungs- und Informationsverarbeitungsgerät in einem Fahrzeug

System und Verfahren zur Sicherung einer PIN, die einem Mobilkommunikationsgerät zugeteilt ist

VERFAHREN UND VORRICHTUNG ZUR GEGENSEITIGEN AUTHENTISIERUNG VON KOMPONENTEN IN EINEM NETZ MIT DEM CHALLENGE-RESPONSE-VERFAHREN

VERFAHREN UND VORRICHTUNG ZUR ANONYMEN DATENÜBETRAGUNG IN EINEM KOMMUNIKATIONSSYSTEM

Synchronisierung von Zertifikaten zwischen einer Einrichtung und einem Server

System und Verfahren für einen drahtlosen Informationsverarbeitungssystem-Router, der über ein Mobilfunknetzwerk funktioniert

Ein Router für ein informationsverarbeitendes System integriert Komponenten für ein drahtloses lokales Netzwerk und Komponenten für ein drahtloses Wide Area-Mofilfunknetzwerk, um Informationen zwischen einem drahtlosen Wide Area-Mobilfunknetzwerk und mehreren informationsverarbeitenden Systemen, die eine Schnittstelle mit einem drahtlosen lokalen Netzwerk aufweisen, unterstützt durch die Komponenten für das drahtlose lokale Netzwerk, zu routen. Die Komponenten des drahtlosen Wide Area-Mofilfunknetzwerks können einen abnehmbaren drahtlosen Mobilfunktransceiver umfassen, um drahtlose Netzwerkschnittstellen zu unterstützen, wenn sie vom Router entfernt worden sind, wie z. B. ein drahtloses Mobilfunktelefon zur Kommunikation von Sprachtelefonie oder eine drahtlose Karte für die Kommunikation eines einzigen informationsverarbeitenden Systems mit einem drahtlosen Mobilfunknetzwerk. Alternativ dazu können die Komponenten für das drahtlose Wide Area-Mobilfunknetzwerk einen Transceiver integrieren ...

Secure multi-entity access to resources on mobile telephones

Apparatus and method for vehicle parking

Policy notification system and method for electronic vapour provision systems

Apparatus for authenticating user and method therefor

Use of radius in UMTS to perform HLR function and for roaming

Method of preconfiguring a media device to enable access to a network

Systems and methods for pre-configuring a media device or other information handling system so as to be authorized to gain access to one or more destination networks. Pre-configuring the device includes determining what admission requirements the destination network providers require for access and then generating and providing to the media device a network admission coupon that includes the required information. In some embodiments this may be accomplished by a service center, which removes the need for additional authentication steps to be performed by the media device or the destination network providers.

System,method and apparatus for federated single sign-on services

The advent of new and sophisticated web services provided by Service Providers to users, services that individually require authentication of users and authorization of access, brings the needs for a new service to facilitate such authentication and access, a service referred to as Single Sign-On (SSO). The basic principle behind SSO is that users are authenticated once at a particular level, and then access all their subscribed services accepting that level of authentication. The present invention provides a system, method and apparatus wherein a cellular Federation of mobile network operators becomes an SSO authentication authority for subscribers of this Federation accessing Service Providers having such agreement with a mobile network operator of the Federation. In accordance with this invention, mobile network operators can leverage their operator-subscriber trust relationship in order to act as SSO authentication authority for those subscribers accessing Service Providers in a service ...

Method and system for propagating mutual authentication data in wireless communication networks

Transport layer authentication

A method and system for maintaining access control for a secure web server, SCWS. Protection sets (each defining a group of protected resources, a realm of logical users who are granted access to the protected resources, and instructions for authenticating the users in that realm) are stored by the web server so that upon receiving a request to access a given protected resource, the web server assesses the parameters of the protection set associated with the given protected resource and selects an appropriate cryptographic ciphersuite for use in securing sessions to access that protected resource.

Authentication method

An authentication comprises: receiving at least one request for an action in relation to an electronic device, wherein performance of the action requires verification of an association of a group of IDs specified by the request; verifying, via cryptographic verification, whether the group of IDs specified by the request match a cryptographically attested group of IDs associated with the electronic device, to determine whether the at least one request for an action is an authentic request; and, having determined the at least one request for an action is an authentic request, approving the at least one request, wherein the group of IDs comprises at least an Integrated Circuit Card Identifier ICCID of a Subscriber Identity Module SIM of the electronic device and a device identifier associated with the electronic device. The device identifier may be an IMEI, Trusted Execution Environment TEE, or MAC address. The method prevents fraudulent activity by the use of Cloned sim cards.

Linked authentication protocols

Bootstrapping with common credential data

The invention comprises bootstrapping a device by a bootstrap server wherein the device has common credential data (e.g. a certificate or key) that is provisioned on and common to a group of devices. The method may reduce the administration burden as the devices do not each need to be provisioned with unique credential data. The process comprises receiving at the bootstrap server common credential data from the device including a trust indicator indicating that the common credential data is common for a group of devices; obtaining, at the bootstrap server, resource credential data based on the common credential data, where the resource credential data enables the device to authenticate with a resource; and transmitting the resource credential data from the bootstrap server to the device. Subsequently, the bootstrap server may obtain bootstrap credential data that devices can use to authenticate without the common credential data. The trust indicator indicates that it may have a chain of ...

Network connectivity switching utilizing an authentication device

In embodiments of network connectivity switching utilizing an authentication device (202) for switching network connectivity from a first device (104) to a second device (106), the authentication device maintains an address (212) of the first device with a memory (210) of a radio-frequency identification (RFID) tag (208), and the first device is authenticated for wireless communication via the cellular network (118). The authentication device receives an interrogation (216) of the RFID tag from the second device, which can communicate via the cellular network, and responsive to an RFID tag response (610) indicating the address of the first device, the second device communicates a device switch order (612) to the first device, communicates an attach request (616) to the cellular network, and writes an address (622) of the second device to the memory of the RFID tag. The authentication device can then authenticate (618) the second device to switch the network connectivity to the second device ...

Integrated information communication system

Optimised host identity protocol authentication

Distributed management system for internet of things devices and methods thereof

Distributed management of Internet of Things (IoT) devices is achieved using gateway devices. A gateway device connects to a security entity, e.g. a server, to obtain a gateway digital certificate, signed by a root of trust, and permission to perform tasks on the IoT device. The gateway connects to the IoT device and uses the gateway digital certificate to obtain management control of it. The IoT device has a private /public key pair and stores its private key and a certificate from the root of trust. The IoT device is able to check the root of trust of the gateway certificate with its own. The gateway may control multiple IoT devices and may be given permission to modify firmware of the IoT devices. A distributed management system comprises multiple gateways with each gateway managing multiple IoT devices. In another claimed arrangement the gateway receives from a security entity credentials to obtain control of the IoT devices and also an assignment of tasks for the gateway to perform ...

A set of servers for "machine-to-machine" communications using public key infrastructure

Access point with interworking between WLAN and 3GPP standards

A system 32 for WLAN/3GPP interworking has a first air interface for establishing a connection with user equipment (UE) 70 in accordance with a 3rd Generation Partnership Project (3GPP) air interface standard and a second air interface for establishing a connection with the UE in accordance with a Wireless Local Area Network (WLAN) standard. The interworking system also comprises a 3GPP network interface for connecting with a core network. The system is able to establish a connection with the core network for carrying traffic to the 3GPP air interface and is also able to establish a connection with the core network for carrying traffic to the WLAN air interface. The connection for carrying traffic to the 3GPP air interface may comprise a Packet Data Protocol (PDP) context and the connection for carrying traffic to the WLAN air interface may comprise the same PDP context, or a separate context. The interworking system may be included in an access point.

System,method and apparatus for federated single sign-on services

Enabling communications between devices

Systems and methods for virtualization in distributed computing environment including a mobile monitor

Method and apparatus to communicate data associated with media processing devices

Methods and apparatus to communicate data associated with media processing devices are disclosed. An example media processing device residing on a network includes a monitor configured to collect observational data associated with the media processing device in accordance with a configuration file stored on the media processing device; and communicate the observational data to a first device external to the network via a first persistent connection between the media processing device and the first external device; and a controller configured to receive an operational instruction from a second external device via a second persistent connection between the media processing device and the second external device, wherein the second persistent connection is independent of the first persistent connection; and implement the operational instruction on the media processing device, wherein the operation instruction controls media processing hardware of the media processing device.

DYNAMIC ACCOUNT CREATION WITH SECURED HOTSPOT NETWORK

LINKED REGISTRATION

Dynamic account creation with secured hotspot network

SYSTEM AND PROCEDURE FOR THE PROTECTION A PIN, WHICH IS ASSIGNED TO MOBILE COMMUNICATION EQUIPMENT

PROCEDURE AND DEVICE FOR THE ACTION OF A TRUSTWORTHY CLOCK VALUE

PROCEDURE FOR DISTRIBUTING PASSWORDS

PROCEDURE AND DEVICE FOR SWITCHING THE ACCESS BETWEEN MOBILE NETWORKS

ROUTINGVERFAHREN AND SYSTEM FOR EXAMPLE FOR IPBASIERENDE MOBILE NETS, EQUIVALENT NETZWERKUND OF COMPUTER PROGRAMME PRODUCTS

TRANSFER OF PACKAGE DATA IN A SYSTEM WITH MOBILE TERMINAL, WIRELESS ONE LOCAL NETWORK AND MOBILE NETWORK

POINT OF ENTRANCE F�R MOBILGER�TE IN A ON PACKAGES BASED NETWORK

DISTRIBUTED NETWORK COMMUNICATION SYSTEM THE USE OF A COMMON DISTRIBUTED NETWORK INFRASTRUCTURE TO MULTIPLE NETWORK SERVICE PROVIDER ALLOWS

SYSTEM AND PROCEDURE FOR THE WIRELESS ONE ZWEIFAKTORAUTHENTIFIZIERUNG

SYSTEM AND PROCEDURE FOR THE EXAMINATION OF DIGITAL CERTIFICATES

LOCAL NETWORK

PROCEDURE AND DEVICES FOR PRODUCING A IP ADDRESS FOR THE USE BY THE MOBILE HOST IN A PRO XY MOBILE IP COMMUNICATIONS NETWORK

SECURE TRAFFIC FORWARDING IN A MOBILE COMMUNICATION SYSTEM

MOBILES TERMINAL, WORKING FIXTURE, DATA ADMINISTRATION SYSTEM AND RECORDING MEDIUM

PROCEDURE FOR AUTHENTIFIZIERUNG A MOBILE NODE FOR THE PRODUCTION OF A SAFE PEER TON PEER CONTEXT BETWEEN A PAIR OF COMMUNICATIONS OF MOBILE NETWORK KNOTS

DEVICE AND PROCEDURE FOR INTEGRATING AUTHENTICATION MINUTES INTO THE STRUCTURE OF CONNECTIONS BETWEEN COMPUTER DEVICES

PRODUCTION OF ASYMMETRICAL KEYS IN A TELEKOMMUNICATIONSSYSTEM

AUTHENTIFIZIERUNG AND SMART CARD FOR DATA COMMUNICATION

SYSTEM AND PROCEDURE FOR THE EFFICIENT ONE AUTHENTIFIKATION OF KNOTS OF A MEDICAL WIRELESS AD-HOC-NETWORK

VERFAHREN UND SYSTEM ZUM AUSLESEN VON DATEN AUS EINEM SPEICHER EINES FERNEN GERÄTS DURCH EINEN SERVER

According to the invention, read out of data from a memory of a mobile remote device (2), for example a vehicular device, by a server (4) can be achieved by means of establishing a wireless connection between the server (4) and the device (2) by the server, subsequently carrying out an authentication check on the server side and establishing a VPN (virtual private network) from the server (4), whereupon the data is read out from the memory (3) of the device (2) to the server (4) by means of the VPN network and stored.

SYSTEM AND PROCEDURE FOR THE SAFE ONE AUTHENTIFIZIERUNGSINFORMATIONSVERTEILUNG

DIGITAL PERMISSIONS FOR THE POSITIONING

MOBILE LOGIN

Die vorliegende Erfindung betrifft ein System zur sicheren Durchführung von Transaktionen zwischen informationsverarbeitenden Anlagen. Dazu initiiert der Benutzer eine Authentisierung indem er von einem Terminal aus eine Anforderung an eine Authentisierungsstelle sendet. Diese nimmt zur Authentisierung der Transaktion über einen separaten Kommunikationsweg Verbindung mit einem mobilen Endgerät auf. Die Authentisierungsstelle sendet eine Nachricht mit einem eindeutigen URI an das mobile Endgerät. Der URI muss über einen Code zur Identifizierung einer Transaktion verfügen. Über diesen URI kann das mobile Endgerät Verbindung mit der Authentisierungsstelle aufnehmen und den Dialog zur Authentisierung starten. Die Authentisierung einer Transaktion erfolgt auf dem mobilen Endgerät indem der Benutzer den Dialog bestätigt. Ein Dialog kann zusätzlich die Eingabe von individuellen Daten ermöglichen. Bei einer positiven Überprüfung autorisiert die Authentisierungsstelle die Transaktion und verständigt ...

SIM AUTHENTIFIZIERUNGSMECHANISMUS FOR DHCRV4/V6 MESSAGE

SYSTEM AND PROCEDURE FOR THE SHOP OF A TEMPORARY INFRASTRUCTURE WITH PUBLIC KEYS FROM A ZELLULAREN TELEKOMMUNIKATIONSAUTHENTIFIZIERUNGSUND AN ACCOUNT INFRASTRUCTURE

PROCEDURE AND DEVICE FOR THE GUARANTEE OF THE AUTHENTIFIZIERUNG IN A COMMUNICATION SYSTEM

SECURED PAYMENT PROCEDURE

Authentication method

MESH NETWORK COMMISSIONING

In embodiments of mesh network commissioning, a commissioning device of a mesh network can establish a commissioning communication session between the commissioning device and a border router of the mesh network, and also establish a joiner communication session between the joining device and the commissioning device. The commissioning device can then send commissioning information to the joining device, where the commissioning information is usable by the joining device to join the mesh network. The commissioning device receives an indication of a location of a commissioner application from the joining device, utilizes the received indication to retrieve the commissioner application, and executes the commissioner application to provision the joining device.

Multi-service vpn network client for mobile device

An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client integrates with an operating system of the device to provide a single entry point for user authentication for secure enterprise connectivity, endpoint security services including endpoint compliance with respect to anti-virus and spyware software, and comprehensive integrity checks. That is, the multi-service client provides a common user interface to the integrated services, and provides a VPN handler that interfaces with the operating system to provide an entry point for network traffic to which the integrated services can be seamlessly applied.

Methods and apparatus to discover authentication information in a wireless networking environment

Example methods and apparatus to discover authentication information in a wireless networking environment are disclosed. A disclosed example method involves transmitting, during network discovery, a Generic Advertisement Services (GAS) request to a network access point, the GAS request requesting authentication information, the authentication information being indicative of a credential required from a wireless terminal. In addition, a response to the GAS request is received from the network access point. The response includes the authentication information.

Ad hoc service provider's ability to provide service for a wireless network

Exemplary embodiments are directed to devices and methods for supporting a wireless access point for one or more mobile clients. A mobile device may include a first module for supporting access to a network via a first wireless access protocol. The device may further include a second module for supporting a wireless access point for the one or more mobile clients to the network using a second wireless access protocol.

Method and apparatus for secure immediate wireless access in a telecommunications network

A wireless telephone and messaging system provides Secure Immediate Wireless Access (SIWA) to wireless telephones onto existing wireless networks. The SIWA protocol uses existing wireless network messaging to exchange information between wireless devices and a network server, referred to herein as an Intelligent Service Manager (ISM). The ISM acts as a gateway between wireless devices and wireless service provider, and provides the wireless devices with an immediate limited or unlimited access to the wireless network. The ISM can also deny access to the wireless network from unauthorized wireless devices.

Authentication of personal data over telecommunications system

An additional service that authenticates personal information of a second person by using the mobile identification service in response to a first person requesting authentication is provided. As a result, the authenticated personal information of the second person is shown to the first person.

Methods for handling apparatus originated communication requests and communication apparatuses utilizing the same

A communication apparatus is provided. A first subscriber identity card camps on a first cell belonging to a first wireless network via a radio transceiver module and stores first contact entries each having a destination address. A second subscriber identity card camps on a second cell belonging to a second wireless network via the radio transceiver module and stores second contact entries each having a destination address. A processor receives an apparatus originated communication request with a destination address, determines whether the received destination address is currently stored in one of the first contact entries of the first subscriber identity card or one of the second contact entries of the second subscriber identity card, and transmits the apparatus originated communication request to the cell that the determined subscriber identity card camps on to establish a wireless communication with a peer device associated with the received destination address.

Quick payment using mobile device binding

Methods and systems are provided for secure device binding that provides user convenience through avoiding repetitive logging in when changing apps or moving from website to website. A mobile device undergoes binding to an account so that customers do not always have to enter their password when going through a financial transaction process, on a known (e.g., registered) mobile device. A device may be bound during an initial login, and once logged in, the user can select an option to be “remembered” so that the user need not re-login on the same device for future visits with an app or to a website that shares the service provider library.

Transaction verification on rfid enabled payment and transaction instruments

A display enabled RFID tag (DERT) receives transaction details from the reader. DERT verifies that the details match their counterparts in the reader public key certificate. The process is aborted in case of a mismatch. DERT extracts and displays user-verifiable data. It then enters a countdown stage that lasts for a predetermined duration. A user observes the transaction information and, if the transaction amount and other details are deemed correct, presses an accept button provided on the DERT before the timer runs out. DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.

Mobile phone atm processing methods and systems

Embodiments provide systems, methods, processes, computer program code and means for using mobile devices to conduct transactions with ATM devices.

Method for re-configuring a communications device

A communications device ( 12 ) maintains profile data including a device identity and a calling line identity (CLI) associated with a PSTN connection ( 28 ) both on the device itself and also on an authentication platform ( 32 ), in order that the device can access a service ( 52 ) which requires knowledge of the CLI by way of a packet-switched connection ( 30 ). In the event that the CLI data in the communications device is corrupted or lost, the communications device transmits a request for re-authentication to a reactivation server ( 46 ) together with the device identity. On receipt of the request, the reactivation server retrieves the stored profile ( 50 ) from the authentication platform ( 32 ), and returns it to the communications device ( 12 ) to allow the profile to be restored. This process can be done without the user needing to send a new request for service over the PSTN link ( 28 ).

Biometric authentication of mobile financial transactions by trusted service managers

A method for authenticating a financial transaction at a point of sale (POS) includes storing an application program in a first secure element of a mobile phone. The application is configured to generate instruction codes to effect the financial transaction upon verification of a user's identity. The user's credentials are stored in a second SE of the phone, which is operable to verify the user's identity from a biometric trait of the user input to the phone and to generate data authenticating the financial transaction in response to the verification of the user's identity. At the POS, the user invokes the application and then inputs a biometric trait to the phone. The second SE verifies the user's identity, and upon verification, generates data authenticating the transaction. The financial transaction data, including the instruction codes and the authenticating data, are then transmitted from the phone to the POS.

Radio devices, regulation servers, and verification servers

According to various embodiments, a radio device may be provided. The radio device may include a configurable component, a configuration information transmitter configured to transmit information identifying the radio device and an identifier of a configuration of the configurable component to a regulation server; and a permission information receiver configured to receive from the regulation server information indicating as to whether the radio device is permitted to use the configuration of the configurable component or as to whether a pre-determined configuration of the configurable component is to be used by the radio device.

Method for operating a node in a wireless sensor network

The present invention relates to a method for operating a first node in a network, the network including a plurality of nodes, the method comprising (a) the first node having a first identifier joining the network by transmitting the first identifier to a second node having a second identifier, (b) the first node generating a first key on the basis of the second identifier (c) the first node authenticating the second node by means of the first key, (d) the first node communicating with a third node if the first and second keys are equal.

Systems and methods for network curation

Systems and methods for network curation are disclosed. In some embodiments, a method comprises scanning, by a mobile device, an area to identify a network device for accessing a network, receiving, by the mobile device, a network identifier associated with the network device, providing a curation indicator request to a curation server, the curation indicator request comprising the network identifier, receiving a curation indicator from the curation server, the curation indicator being retrieved, based on the network identifier, from a database of a plurality of curation indicators, the curation indicator associated with a likelihood of intent to publicly share the network by the network device, comparing the curation indicator to an access setting, the access setting indicating acceptability of network access based on the likelihood of intent to publicly share the network by the network device, and accessing the network via the network device based on the comparison.

Wirelessly accessing broadband services using intelligent covers

The present disclosure is directed to a system and method for wirelessly accessing broadband services using intelligent covers. In some implementations, a cover for a consumer device includes side surfaces, a rear surface, a physical interface, a circuit, and a broadband service card. The side surfaces and a rear surface form an opening that receives at least a portion of a consumer device. A first portion of at least one of the surfaces includes a connector for connecting to a port of the consumer device. The circuit connects the physical interface to the connector. The broadband service card connected to the physical interface and accesses a service foreign through the wireless broadband network independent of the consumer device.

Systems and methods for enabling temporary, user-authorized cloning of mobile phone functionality on a secure server accessible via a remote client

Temporary, user-authorized cloning of physical mobile phone functionality via a secure server can enable physical mobile phone features to be accessed and controlled by a user from a remote client. A secure server can include mobile phone registration information, enable secure access by users via a remote client, maintain communication and synchronization with the mobile phone, receive data associated with the physical mobile phone when is not in communication with at least one of a supporting telecommunication network and the secure server, and enable the physical mobile phone user to obtain secure communication with the secure server via a remote client, access and manage cloned mobile phone data and communicate with third parties. Physical mobile phone user access to the secure server and cloned mobile phone functionality with the remote client can be terminated once the physical mobile phone user logs off of the secure server from the remote client.

Data transmitting apparatus, data receiving apparatus, data transmitting method, and data receiving method

The present invention provides a data transmitting apparatus in which a device information obtaining unit obtains device information of a device connected to the data transmitting apparatus; a verification unit verifies validity of a data receiving apparatus, based on the device information obtained by the device information obtaining unit; and a control unit performs control as to whether to obtain the device information through a wireless communication unit or obtain the device information through a wire communication unit, and as to whether to transmit image information encrypted by a first encryption unit from the wireless communication unit or transmit image information encrypted by a second encryption unit from the wire communication unit when the verification unit verifies that the data receiving apparatus is authorized.

Method and apparatus for providing machine-to-machine service

A method and an apparatus for providing Machine-to-Machine (M2M) service are provided. A method of providing service by an M2M device includes transmitting a request for service to a Network Security Capability (NSEC), the request for service comprising a identifier of a Device Servie Capability Layer (DSCL) of the M2M device, performing an Extensible Authentication Protocol (EAP) authentication with an M2M Authentication Server (MAS) via the NSEC, and generating, if the EAP authentication is successful, a service key using a Master Session Key (MSK), a first constant string, and the identifier of the DSCL.

Exploiting Application Characteristics for Multiple-Authenticator Broadcast Authentication Schemes

A method for securing communications in a vehicle-to-vehicle (V2V) system including an on-board computer of a broadcasting vehicle predicting a value for a vehicle parameter, generating a heavyweight signature corresponding to the predicted value, and obtaining an actual value for the vehicle parameter. The method also includes the computer comparing the predicted value to the actual value to determine if the predicted value bears a first relationship to the actual value. If the computer determines that the predicted value bears the relationship to the actual value, the on-board computer generates a lightweight authenticating signature to correspond to the predicted value and broadcasts a data message having the predicted value with the corresponding heavyweight authenticating signature and the corresponding lightweight authenticating signature.

Method and apparatus for over-the-air provisioning

An approach is presented for over-the-air service provisioning. A provisioning manager causes, at least in part, a generation of a request to provision one or more services at a device to operate over a data bearer of at least one communication network. The provisioning manager determines one or more access numbers associated with the one or more services, one or more service providers of the one or more services, or a combination thereof. The provisioning manager causes, at least in part, a transmission of the request based, at least in part, on the one or more access numbers. The one or more access numbers are preconfigured at the device for availability over a plurality of communication networks.

Secure and seamless wan-lan roaming

Systems and methods are described for secure and seamless roaming between internal and external networks. Double and triple tunnels may be used to connect a mobile node to a correspondent host. A mobile node may include the ability to connect to two networks simultaneously to enable seamless roaming between networks.

Relay node authentication method, apparatus, and system

Embodiments of the present invention disclose a relay node authentication method, apparatus, and system. The method provided in an embodiment of the present invention includes: sending, by a relay node, an authentication request message to a peer node, where the authentication request message includes a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, where the peer node is a network side node or a security gateway in a security domain where the network side node is located; and receiving, by the relay node, an authentication response message sent by the peer node, where the authentication response message includes a certificate of the peer node, and authenticating the peer node according to the certificate of the peer node.

System And Method For Wireless Re-Programming Of Memory In A Communication System

The invention relates to a system and method of re-programming memory, and in particular, to wirelessly re-programming software, such as the application code, residing in memory of a trainable transceiver. The wireless re-programming of memory allows for software in the trainable transceiver to be updated or replaced from a remote location, where a direct or wired connection to the product is not otherwise available.

Method and system for encryption of messages in land mobile radio systems

A method and system for authentication of sites in a land mobile radio (LMR) system and encryption of messages exchanged by the sites. In some embodiments, the method includes transmitting a certificate created by a trusted authority by applying a function to a first site public key using the trusted authority's private key to generate a reduced representation, which is encrypted with the trusted authority's private key. Other sites may receive the certificate, decrypt it using the trusted authority's public key, and authenticate the first site. The method may further include generating a session key, encrypting it with the public key of the first site, and transmitting the encrypted session key to the first site. The first site decrypts the encrypted session key with the first site's private key, and transmits a message encrypted with the shared session key to other sites for decryption using the session key.

System and method for securing a base station using sim cards

Methods and systems are provided for securing integrated base stations, such as base station routers (BSRs), in which a SIM card is operatively coupled with a secured portion of a base station and a secure association is established therebetween to facilitate encryption key exchange between the secured portion of the base station and a core network.

Device Ownership Security On A Network

A method for device ownership security is disclosed. The method includes storing an ownership record on a mobile device identifying a home network for the mobile device. The method further includes connecting, by the mobile device, to a foreign network. The method also includes receiving, from the home network, a negative communication based on an indication that the mobile device is at least one of stolen and lost as a second portion of the transaction. The method still further includes ceasing a function of the mobile device in response to the negative acknowledgment.

Authenticating a user of a system using near field communication

A system and machine-implemented method for providing a username and password to a system using a device, via establishing a near field communication link with the system; retrieving a username and password from storage on the device; and transmitting the username and password to the system via the near field communication link, wherein the username and password are configured to be used by the system to authenticate the user on the system.

Authentication with secondary approver

Techniques are provided for giving access to restricted content on a first device from a second device through a wireless network. In one embodiment, the first device transmits an authorization request signal to the second device or to a server in the wireless network. The second device, having received the authorization request, prompts an authorized user to give authorization to the first device by inputting an authentication key such as a password or gesture on the second device. Upon verification of the authentication key, an authorization signal may be wirelessly transmitted to the first device, permitting access to the restricted content or functions on the first device. In some embodiments, the second device may be alerted to an authorization request and may select a request for authorization from a selectable queue of requests.

Method of Connecting a Mobile Station to a Communcations Network

A method of connecting a mobile station to a communications network is provided, and includes performing an authentication of the mobile station at the network. A secure identifier, generated at the mobile station, is received at a gateway node and at an access node from an authentication node of the network if it is determined by the authentication that the mobile station is a subscriber to the network. A first secure communications tunnel is established from the access node to the mobile station using a value of the secure identifier and a second secure communications tunnel is established from the access node to the gateway node of the network using the value of the secure identifier. The first and second communications tunnels are bound together to form a communications path between the mobile station and the network.

SYSTEM AND METHOD FOR PROVIDING SECURITY IN MOBILE WiMAX NETWORK SYSTEM

A method for providing security between a radio access station and an access control router in a mobile microwave access network includes: receiving, by the radio access station and the access control router, the same certificate from a licensed certification authority; generating, by the access control router, an access service network traffic encryption key (asn_TEK); encrypting, by the access control router, a message to be transmitted with the generated asn_TEK and transmitting the encrypted message to the radio access station; verifying, by the radio access station, the certificate of the licensed certification authority appended to the message received from the access control router to check the asn_TEK, and decrypting the message received from the access control router to obtain an actual message; encrypting, by the radio access station, the actual message with the checked asn_TEK and transmitting the encrypted message to the access control router.

Apparatus and method of binding a removable module to an access terminal

The described apparatus and methods may include a processor, a memory in communication with the processor, a removable module in communication with the processor and operable to store data, an initialization component executable by the processor and configured to initialize the removable module, and an authentication component executable by the processor and configured to: receive a command from the removable module to perform an authentication operation, wherein the command is a standard message having a command qualifier value or code that represents an authentication challenge; obtain a random value from the removable module in response to the command; calculate a response based on the random value and a terminal key stored in the memory; and transmit the response to the removable module.

Seamless mobile subscriber identification

A method for execution by at least one server within a domain of a service provider. The method comprises receiving a first request from a communication device registered with the service provider. A response including a token is sent to the communication device. Then a second request is received, this one from an application server over a communication channel at least partly not within the domain of the service provider. The second request contains the token, which causes the at least one server to send a response to the application server, which response includes information about the communication device obtained based on the token. Use of the token facilitates customer access to data services and applications, while making the token anonymous safeguards the privacy of customer data.

Modular wireless communicator

A wireless communication system including a wireless communicator, including a housing, wireless communication functionality, a first subscriber identifier module for accessing a wireless network, native user interface functionality, and pouching responsive electrical interconnection functionality responsive to pouching orientation of the housing in a pouch of an enhanced function device for causing the wireless communication functionality to adapt to cooperating with parenting user interface functionality forming part of the enhanced function device at least partially instead of with the native user interface functionality, and an enhanced function device, including a pouch, a second subscriber identifier module for accessing the wireless network, and parenting user interface functionality, wherein the wireless communicator is able to access the wireless network using either the first subscriber identifier module or the second subscriber identifier module, when the wireless communicator is pouched with the enhanced function device.

Roaming authentication method for a gsm system

A roaming authentication method for a GSM system is disclosed. The method sends an IMSI of a user end to a visitor end, generates a challenge code, and sends the IMSI and the challenge code to a home end. The method further generates a random code, a signature code and a communication key and combines them into an authentication data. The method further generates and sends a response code to the visitor end. The user end generates and sends the authentication signature code to the visitor end for authentication purposes. In another embodiment, the visitor end sends one more challenge code to the home end. The home end generates an authentication key that is stored in the visitor end and used to generate an authentication code. The authentication code is sent to the use end which generates and sends an authentication signature code to the visitor end for authentication purposes.

Methods, devices, and systems for unobtrusive mobile device user recognition

The present invention discloses methods, devices, and systems for unobtrusively recognizing a user of a mobile device. Methods including the steps of: unobtrusively collecting motion data from the mobile device during normal device usage by monitoring standard authorized-user interaction with the device, without any form of challenge or device-specified action; demarcating the motion data into user motion-sequences based on changes in a motion-state or an elapsed time-period without an occurrence of the changes, wherein the motion-state refers to a placement and speed of the mobile device at a point in time; calculating user motion-characteristics from the user motion-sequences; and generating a motion-repertoire from the user motion-characteristics, whereby the motion-repertoire enables unobtrusive recognition of the user. Preferably, the method further includes the step of: detecting unidentified motion-characteristics that are not associated with the motion-repertoire, thereby enabling unobtrusive recognition of unidentified usage.

Mobile Device Activation Via Dynamically Selected Access Network

Within a network system, a wireless device sends a message to a network element over a first wireless access network, the message including a first device credential and being configured to obtain information to assist in presenting an on-device user service plan selection choice through a user interface of the wireless device. After sending the message, the wireless device determines that it lacks authorization to connect to the network element over the first wireless network and, in response, attempts to connect to the network element over a second data access network.

Trusted service manager (tsm) architectures and methods

A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.

Multifunction Portable Electronic Device and Mobile Phone with Touch Screen, Internet Connectivity, and Intelligent Voice Recognition Assistant

A multifunction portable electronic device, mobile device, or smart phone may have a touch screen, cellular radio, microphone, speakers, video, camera, voicemail, website, and Internet connectivity. The device records spoken audio, processes the audio, transcribes the audio into text, and displays the text on the screen. The spoken audio may be used for composition of emails or documents. The mobile device may accept voice commands for actions including calling, dialing a number, or accessing an Internet site. The device may use local or server-based voice recognition software. Voice patterns may be stored in a database specific to an individual. Voice may be used to control functions on the device, a server, Internet site, or an intelligent television. The mobile device may communicate using an inside line path such as a Bluetooth, Ethernet, USB, WiFi or 802.11x or a cellular, GSM, CDMA, LTE, GPS, or other outside line path.

System and method for providing a certificate to a third party request

Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system based on at least one criteria and an established identity with a first system. The method includes receiving criteria, such as at least one predefined attribute. Also received from a user known to a first system is a request for network access to a second system, the request having at least one identifier. The first system is then queried with the identifier for attributes associated with the user. The attributes associated with the user are evaluated to the predefined attribute(s). In response to at least one attribute associated with the user correlating to the predefined attribute(s), providing a certificate with at least one characteristic for network access on the second system to the user. An associated system for providing a Certificate is also provided.

Wireless storage device

A first computing device is detected as substantially collocated with a wireless storage device, using a short-range wireless communication network. A connection is established between the first computing device and the wireless storage device over the short-range wireless network. Data stored in memory of the wireless storage device is sent from the wireless storage device to the first computing device over the short-range wireless network for a presentation of the data using a user interface of the first computing device. The wireless storage device lacks user interfaces for the presentation of the data. In some instances, authentication of either or both of the first computing device or wireless storage device can be accomplished through communication between the first computing device and wireless storage device over the short-range wireless communication network.

Methods and systems for fallback modes of operation within wireless computer networks

Described herein are systems and methods for fallback operation within WLANs that rely on remote authentication procedures. When a primary network node authentication process fails, fallback access control parameters associated with a secondary network node authentication process are exchanged between a network node and an authentication server, wherein the secondary network node authentication process allows the network node to access other resources of a computer network.

Device Association Via Video Handshake

A method of pairing a first device with a second device is disclosed. Accordingly, an image that includes encoded data is generated. The encoded data includes a unique identifier for identifying the first device and an arbitrary security code. The first device displays the image on a display. The second device captures the image using an image sensing device. The encoded data is decoded to generate a decoded data. The second device sends the decoded data to a server that is communicatively connected to the first device and the second device. Upon receiving the decoded data and using the unique identifier, the server communicates with the first device to verify the arbitrary security code.

Method and apparatus for network personalization of subscriber devices

A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.

Image networks for mobile communication

A mobile communication system based on images, enabling communication between a plurality of mobile devices and servers, wherein the images have associated additional properties in the nature of voice, audio, data and other information. The system further enabling the formation of one or more image networks wherein the images are stored, organized, connected and linked to each other by one or more methods inclusive of one to one connection between images, a hierarchical connection between images and or other methods of connection between images to facilitate efficient image based communication between mobile devices, stationary devices and servers based on the mobile device identification, mobile device specific profiles and user specific profiles. The imaged base network system further having the ability to learn and form intelligent association between objects, people and other entities; between images and the associated data relating to both animate-and inanimate entities for intelligent image based communication in a network.

Method and apparatus

A method comprises certifying at least a part of offload configuration information for an application, said application for use in an offload environment.

System and Method for Presenting Application Data by Data Processing System(s) in a Vicinity

Provided is a distributed system and method for enabling new and useful location dependent features and functionality to mobile data processing systems. Mobile data processing Systems (MSs) interact with each other as peers in communications and interoperability. Data is shared between mobile data processing systems to carry out novel Location Based eXchanges (LBX) of data for new mobile applications. Information transmitted inbound to, transmitted outbound from, is in process at, or is application modified at a mobile data processing system triggers processing of actions in accordance with user configured permissions, charters, and other configurations. In a preferred embodiment, a user configurable platform is provided for quickly building well behaving LBX applications at MSs and across a plurality of interoperating MSs. Tools, triggered interfaces and integrated applications are disclosed for a breadth of MS LBX configurations and functionality.

System and Method for Application Context Location Based Configuration Suggestions

Provided is a distributed system and method for enabling new and useful location dependent features and functionality to mobile data processing systems. Mobile data processing Systems (MSs) interact with each other as peers in communications and interoperability. Data is shared between mobile data processing systems to carry out novel Location Based eXchanges (LBX) of data for new mobile applications. Information transmitted inbound to, transmitted outbound from, is in process at, or is application modified at a mobile data processing system triggers processing of actions in accordance with user configured permissions, charters, and other configurations. In a preferred embodiment, a user configurable platform is provided for quickly building well behaving LBX applications at MSs and across a plurality of interoperating MSs. Tools, triggered interfaces and integrated applications are disclosed for a breadth of MS LBX configurations and functionality.

System and Method for Femto ID verification

Embodiments are provided for enabling identity verification of messages originating from a radio station, such as a Femto cell, to a gateway, such as a Femto gateway. In an embodiment, a radio station establishes a first connection for authentication with a security gateway, sends authentication information on the first connection, and receives in return an Internet Protocol (IP) address assigned to the radio station. The security gateway updates a Domain Name System (DNS) to map between the IP address and a DNS name for the radio station. The radio station also establishes a second connection for control messages with a second gateway, and sends the IP address and an identity of the radio station on the second connection. The mapping between the IP address and the DNS name enables the second gateway to identify messages on the second connection between the radio station and the second gateway.

Wirelessly accessing broadband services using intelligent covers

The present disclosure is directed to a system and method for wirelessly accessing broadband services using intelligent covers. In some implementations, a cover for a consumer device includes side surfaces, a rear surface, a physical interface, a circuit, and a broadband service card. The side surfaces and a rear surface form an opening that receives at least a portion of a consumer device. A first portion of at least one of the surfaces includes a connector for connecting to a port of the consumer device. The circuit connects the physical interface to the connector. The broadband service card connected to the physical interface and accesses a service foreign through the wireless broadband network independent of the consumer device.

Multi-service vpn network client for mobile device having integrated acceleration

An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the device to provide a VPN handler to establish a VPN connection with a remote VPN security device. The VPN network client includes to data acceleration module exchange network packets with the VPN handler and apply at least one acceleration service to the network packets, and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module.

Secure key distribution with general purpose mobile device

One embodiment is directed to a method for managing cryptographic information. The method includes initiating cryptographic information loading application on a general purpose mobile device (GPMD) and establishing a connection between the GPMD and a server that includes cryptographic information. Authentication input is received from a user of the GPMD. Data identifying the GPMD and the authentication input is sent from the GPMD to the server for authentication of the GPMD and the user. The GPMD also sends data identifying an electronic device into which cryptographic information is to be loaded. In response, the GPMD receives cryptographic information for the electronic device at the GPMD from the server. The GPMD then sends the cryptographic information from the GPMD to the electronic device for loading therein.

Universal Authentication Token

A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory.

Peer-to-peer communication in ad hoc wireless network

For a peer-to-peer call in an ad hoc wireless network, a wireless device performs discovery of a target wireless device, performs authentication of the target wireless device and generates a session key (e.g., using a pre-shared key or a certificate provisioned on the wireless device), forms an ad hoc wireless network with the target wireless device, and communicates peer-to-peer with the target wireless device via the ad hoc wireless network. The wireless device may perform discovery with a list of identifiers for wireless devices designated to communicate with this wireless device. The wireless device may derive a service set identifier (SSID) used to identify the ad hoc wireless network based on its user-specific identifier (e.g., its phone number) and/or a user-specific identifier for the target wireless device. Other aspects, embodiments, and features are also claimed and described.

Method and system for transfering profiles of authentication module

A system for transferring a profile that is stored at an authentication module includes: a first terminal that includes a first authentication module and that operates based on a user profile that is stored at the first authentication module; a second terminal that includes a second authentication module and that requests the user profile by transmitting a first message including user identification information; and a management server that receives the first terminal and that acquires a profile that is stored at the first terminal based on user identification information and that transmits the acquired profile to the second terminal, wherein the first terminal exports the stored profile, and the second terminal installs a profile, having received from the management server at the second authentication module.

Performing a group authentication and key agreement procedure

Provided are a method, a corresponding apparatus and a computer program product for performing a group authentication and key agreement procedure. A method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure. With the claimed invention, the impact of the signaling overhead on a network can be significantly decreased without substantive modification to the existing architecture of the network.

System, devices, and methods for proximity-based parental controls

Systems, devices, and methods for proximity-based parental controls include a dominant computing device and a subordinate computing device configured to pair and establish a shared secret. Later, upon determining that the dominant computing device and the subordinate computing device are in proximity, the dominant computing device authenticates the subordinate computing device using the shared secret and authorizes access to an application on the subordinate computing device. The dominant computing device may configure an access control policy associated with the application. The access control policy may define allowed usage time, allowed usage time of day, allowed content, and/or other parameters. The subordinate computing device may enforce the access control policy. The application on the subordinate computing device may be a user interface shell, a game, a web browser, a particular web site, or other application. Other embodiments are described and claimed.

Layer 7 authentication using layer 2 or layer 3 authentication

A system and method for authenticating a layer 7 client application (application layer) based on a layer 2 (data link layer) or a layer 3 (network layer) authentication is provided. A request to authenticate to a network is received from a communication device. The request to authenticate to the network is for a layer 2 or layer 3 authentication. The communication device is authenticated to the network based on having the necessary credentials. A request is received to authenticate a layer 7 client application running on the communication device. The layer 7 client application running on the communication device requires a layer 7 authentication. The layer 7 client application running on the communication device is authenticated based on the layer 2 or layer 3 authentication.

Method for performing authentication and electronic device thereof

A method and an apparatus for performing authentication are provided. The method includes performing, by a first authentication unit in a first electronic device, authentication with respect to a second electronic device that requests authentication through a first communication mode and when the second electronic device is authenticated, transmitting first information used for controlling the first electronic device to the second electronic device through the first communication mode and transferring second information indicating that the second electronic device is authenticated to a second authentication unit in the first electronic device.

VIRTUAL SECURITY GUARD

A security device includes a network interface, a short-range wireless interface and a processor coupled to the wireless interface. The short-range wireless interface communicates with a wireless mobile device in a vicinity of a location of the security device. The processor is configured to detect a signal received from the wireless mobile device in the vicinity of the location, receive a cryptographic certificate from the wireless mobile device via the wireless interface and automatically register the user to the location of the security device by sending the cryptographic certificate to a server via the network interface. The cryptographic certificate is associated with an identity of a user of the wireless mobile device. 1. A security device comprising:a network interface;a short-range wireless interface to communicate with a wireless mobile device in a vicinity of a location of the security device; detect a signal received from the wireless mobile device in the vicinity of the location;', 'receive a cryptographic certificate from the wireless mobile device via the wireless interface, the cryptographic certificate associated with an identity of a user of the wireless mobile device; and', 'automatically register the user to the location of the security device by verifying the cryptographic certificate or by sending the cryptographic certificate to a server via the network interface for verification., 'a processor coupled to the wireless interface, the processor configured to2. The security device of claim 1 , wherein the wireless interface connects the security device to a plurality of lock controllers at the location claim 1 , wherein the processor is further configured to monitor access to a plurality of electronic locks guarded by the lock controllers.3. The security device of claim 1 , wherein the processor is further configured to send an interrogation signal to the wireless mobile device claim 1 , the interrogation signal configured to prompt the user for ...

ENHANCED IDENTIFICATION IN COMMUNICATION NETWORKS

According to an example aspect of the present invention, there is provided a method comprising receiving, by a network repository function, a request from a network function, wherein the request comprises a string associated with an instance identity of the network function, determining, by the network repository function, a type of the instance identity of the network function from a set of instance identity types, determining, by the network repository function, the instance identity of the network function based on the string associated with the instance identity of the network function and the type of the instance identity of the network function and transmitting, by the network repository function, a response to the network function, wherein the response depends on whether the instance identity of the network function was found in a list of network function instances registered at the network repository function. 1. A method , in a network repository function , comprising:receiving a request from a network function, wherein the request comprises a string associated with an instance identity of the network function;determining a type of the instance identity of the network function from a set of instance identity types;determining the instance identity of the network function based on the string associated with the instance identity of the network function and the type of the instance identity of the network function; andtransmitting a response to the network function, wherein the response depends on whether the instance identity of the network function was found in a list of network function instances registered at the network repository function.2. An apparatus comprising at least one processor; and at least one memory including computer program code , the at least one memory and the computer program code configured to , with the at least one processor , cause the apparatus at least to perform:receive, by a network repository function, a request from a network ...

COMMUNICATION APPARATUS, COMMUNICATION METHOD, PROGRAM, AND STORAGE MEDIUM

Identification information indicates that a communication parameter to be provided in accordance with a Device Provisioning Protocol standard is a communication parameter that allows connection processing compliant with an Institute of Electrical and Electronics Engineers 802.11r standard. The identification information is set in an Authentication and Key Management field, and the communication parameter that allows connection processing compliant with the Institute of Electrical and Electronics Engineers 802.11r standard is provided. 1. A communication apparatus comprising:a setting unit configured to set first identification information in an Authentication and Key Management field, the first identification information indicating that a communication parameter to be provided in accordance with a Device Provisioning Protocol standard is a first communication parameter allowing connection processing compliant with an Institute of Electrical and Electronics Engineers 802.11r standard; anda transmitting unit configured to transmit a frame to another communication apparatus, the frame including the Authentication and Key Management field having therein the first identification information set by the setting unit and the first communication parameter.2. The communication apparatus according to claim 1 , further comprising an acquiring unit configured to acquire information from the other communication apparatus claim 1 , the information indicating that the other communication apparatus performs connection processing compliant with the Institute of Electrical and Electronics Engineers 802.11r standard claim 1 ,wherein the setting unit sets the first identification information in the Authentication and Key Management field in a case where the acquiring unit acquires the information indicating that the other communication apparatus performs connection processing compliant with the Institute of Electrical and Electronics Engineers 802.11r standard.3. The communication ...

Records Access and Management

An electronic device for aggregating electronic medical records, in which electronic medical records are aggregated from multiple electronic repositories and displayed as a single set of records. The multiple electronic repositories may store records for a particular patient using varying identifying/access information to facilitate anonymous access to the electronic medical records. Emergency medical services providers may be able to access medical records for a patient using the electronic device after being authenticated as a valid/licensed medical services provider.

ELECTRONIC INTERACTION AUTHENTICATION AND VERIFICATION, AND RELATED SYSTEMS, DEVICES, AND METHODS

Systems, devices, and methods are disclosed for exchanging electronic information over a communication network and, more specifically, to authenticating and verifying data integrity between two or more interacting users exchanging information. A client computing device generates a split secret that is transmitted to a server via two distinct communication channels. The split secret is generated based on a public key of a public-private key pair generated by the client computing device based on a unique identifier. Validity of the public key can authenticate source identity 1. A device for authenticated and verified electronic communication from a sender to a receiver , comprising:a security processor to generate a public-private key pair using a unique identifier of the client device as a seed;a communication interface to provide electronic connectivity to a remote communication authentication and verification (CAV) server and to a recipient client computing device, the communication interface providing electronic communications via a first communication channel and electronic communications via a second communication channel; generate a split secret including a public key of the public-private key pair;', 'transmit via the first communication channel of the communication interface a first half of the split secret to the CAV system;', 'transmit via the second communication channel of the communication interface a second half of the split secret to the CAV system;', 'receive via the communication interface an identity certificate from the CAV system, the identity certificate generated based on the public key, the identity certificate evidencing the public key is registered with an authority entity;', 'digitally sign an electronic communication to the recipient client computing device to produce a digitally signed electronic communication and a digital signature generated based on the electronic communication and a private key of the public-private key pair;', ' ...

METHOD AND DEVICE FOR MANAGING EUICC PROFILE INSTALLATION RIGHTS

Provided is a terminal for managing a profile by using an embedded universal integrated circuit card (eUICC) in a wireless communication system. The terminal includes: a transceiver; and at least one processor configured to: receive, from a first server, a command code including event download information for downloading an event related to a profile; perform verification for processing the command code; when the verification is successful, generate a message requesting downloading of the event, by using the event download information, and transmit the same to a second server; and receive, from the second server, the event in response to the message requesting the downloading of the event. 1. A method performed by a terminal in a wireless communication system , the method comprising:transmitting, to a local profile assistant (LPA) installed in the terminal, a remote subscriber identity module provisioning (RSP) procedure start request message including information about whether an unsigned command code is to be used;transmitting, to a server of a second operator, a command code generation request message including command code generation information, based on the RSP procedure start request message;receiving, from the server of the second operator, a command code in response to the command code generation request message;verifying the command code;transmitting, to a profile server of a first operator, an RSP request message including information about the command code, based on a result of the verifying; andreceiving, from the profile server of the first operator, data about a profile, in response to the RSP request message.2. The method of claim 1 , wherein the command code generation information comprises at least one of information about the terminal or information about an embedded universal integrated circuit card (eUICC) of the terminal.3. The method of claim 1 , wherein the command code is generated claim 1 , by the server of the second operator claim 1 , ...

Secure pairing of devices

A process for securely pairing devices. A host device receives an input indicating a user credential for logging into the host device and initiates a scanning process for discovering target devices available for pairing with the host device. During the scanning process, the host device receives wireless pairing information from a target device. The wireless pairing information includes a unique device identifier associated with the target device and an electronic signature generated as a function of a signature key stored at the target device and the unique device identifier. The host device compares the electronic signature with a run-time signature generated at the host device as a function of the user credential received at the host device and the unique device identifier. The host device then initiates a pairing process to establish a short-range communication link with the target device when the electronic signature matches with the run-time signature.

Secure network enrollment

A UE communicates with a network gateway to access a provisioning device via a provisioning network. The provisioning device uses identification data of the UE to authenticate the UE for a primary network, and provides primary network configuration data to the UE. Using the primary network configuration data, the UE communicates with the network gateway to access the primary network. The primary network configuration data can include data to enable the UE to establish communications with one or more private networks accessible via the primary network.

Wireless communication of a user identifier and encrypted time-sensitive data

Examples disclosed herein relate to wireless communication of a user identifier and encrypted time-sensitive data. Examples further include wireless communication of an authentication token including a user identifier and encrypted time-sensitive data. Examples further include interaction with a remote authentication service. Examples further include utilization of near field communication (NFC).

Information processing device, information processing system, non-transitory computer-readable storage medium, and information processing method

An information processing device includes: a memory; and a processor coupled to the memory and configured to execute first transmission processing that includes transmitting a processing request that corresponds to an operation of a user to a server device coupled to the information processing device through a network, in accordance with the operation by the user, execute storage processing that includes storing a processing request that corresponds to an operation executed when communication with the server device is not allowed to be performed, and execute second transmission processing that includes transmitting the processing request stored during the storage processing, to a further information processing device allowed to transmit a processing request that corresponds to an operation by the user to the server device.

Mesh network commissioning

In embodiments of mesh network commissioning, a commissioning device establishes a secure commissioning communication session between the commissioning device and a border router of a mesh network to securely establish network communication sessions for joining one or more joining devices to the mesh network. The commissioning device can activate joining for the mesh network, and receive a request from a joining device to join the mesh network. The commissioning device can establish a secure joiner communication session between the commissioning device and the joining device, authenticate the joining device using an encrypted device identifier, and join the joining device to the mesh network.

Reduced bandwidth handshake communication

Broadly speaking, embodiments of the present technique provide methods, apparatuses and systems for performing a TLS/DTLS handshake process between machines in a manner that reduces the amount of data sent during the handshake process.

Integrated security system with parallel processing architecture

An integrated security system that includes a security coprocessor coupled to a conventional security system panel and an interactive security system. The integrated security system enables conventional security system features as well as the consumer-oriented interactive features and functions of an interactive security system without sacrificing reliability or the significant burden and cost associated with frequent software updates associated with conventional security systems. The integrated security system also minimizes or eliminates the need for new battery backup circuitry or larger batteries.

Secured communication via location awareness

A method and system for collecting and verifying the location information of a calling party and a device of the calling party is provided. More specifically, a method and system is provided for determining whether the identity of the calling party can be confirmed, via evaluating location information, with an acceptable degree of certainty. The location information may be provided by the calling party or obtained from various sources over a digital communication channel. Some of the provided location information which can be accidentally or intentionally altered is identified and evaluated to determine its accuracy as part of the verification process of the caller's identity.

Communication Coverage Navigation

A network device may predict the use of a mobile device and configure a network based on the prediction. The network device may provide instructions to display coverage indicators for the mobile device based on the predictions.

Registering, Deregistering and Standby Processing Methods and Systems for Terminal Peripheral

Provided are registering, deregistering and standby processing methods and systems for a terminal peripheral. The registering method includes that: a Machine-to-Machine/Man (M2M) gateway pre-allocates a terminal peripheral group identifier of a terminal peripheral group to a terminal peripheral configured into the terminal peripheral group by an M2M user, and sets an initial state of the terminal peripheral, the terminal peripheral group identifier being used for identifying the terminal peripheral group to which the terminal peripheral belongs; the M2M gateway acquires a terminal peripheral identifier of the terminal peripheral initiating a registering request, and determines the terminal peripheral group identifier pre-allocated to the terminal peripheral according to the terminal peripheral identifier; and the M2M gateway sends the terminal peripheral identifier and the terminal peripheral group identifier to an M2M application through an M2M service platform.

Method for an euicc embedded into a machine type communication device to trigger the download of a subscription profile

The invention related to a method for an eUICC embedded into a machine type communication device to trigger the download of a subscription profile from a first network operator, the eUICC being provisioned with an eUICC identifier and a pre-loaded data set memorizing a range of International Mobile Subscription Identifiers-associated to a second network operator, the method comprising the steps of: selecting randomly by the eUICC an IMSI number in the range memorized in the pre-loaded data set; sending an attachment request comprising the randomly selected IMSI; receiving in an authentication request message the request for getting the eUICC identifier; as a response, sending to the discovery server a authentication failure message; receiving in an authentication request message a temporary IMSI from the discovery server so that the machine type communication device is able to attach to the first network operator and download the pending subscription profile.

Techniques for call authentication

Various embodiments described herein are directed towards authenticating calls by using one or more keys associated with a specific user. In examples, the user is the sender of a call. In various embodiments, when a call is made, an identifying payload is encrypted using a private key associated with the user. The encrypted identifying payload is appended to the call data stream. The identifying payload may be decrypted with a public key. In embodiments, the identifying payload may be verified. In various embodiments, further authentication methods may be performed by using an object such as a contactless card to provide one or more components of the identifying payload and/or keys. In embodiments, a connection may be made between the sender and the intended recipient of a call based on the verification of the identifying payload.

Methods providing security for multiple nas connections using separate counts and related network nodes and wireless terminals

A first communication node may provide first and second NAS connection identifications for respective first and second NAS connections between the first and a second communication node, with the first and second NAS connection identifications being different and the first and second NAS connections being different. A first NAS message may be communicated between the first and second communication nodes over the first NAS connection, including at performing integrity protection for the first NAS message using the first NAS connection identification and/or performing confidentiality protection for the first NAS message using the first NAS connection identification. A second NAS message may be communicated between the first and second communication nodes over the second NAS connection, including performing integrity protection for the second NAS message using the second NAS connection identification and/or performing confidentiality protection for the second NAS message for confidentiality protection using the second NAS connection identification.

Method for securing electronic transactions

A method for securing electronic transactions includes associating a mobile electronic device with a first user. A first computer system retrievably stores registration data relating to the first user, including a device identifier that is unique to the mobile electronic device. A security application that supports in-application push notifications is installed on the mobile electronic device. The first computer system sends a push notification to the mobile electronic device, the push notification prompting the first user to provide a confirmation reply via a user interface of the security application for activating the mobile electronic device as a security token. The mobile electronic device is activated as a security token for the first user in response to receiving at the first computer system, from the mobile electronic device, the confirmation reply from the first user.

Mesh network commissioning

In embodiments of mesh network commissioning, a commissioning device of a mesh network can determine steering data for the mesh network, where the steering data is an indication of a device identifier associated with a device that is allowed to join the mesh network. The commissioning device can then propagate the steering data from the commissioning device for the mesh network to one or more routers in the mesh network, and the steering data indicates that a commissioner is active on the mesh network. The commissioning device propagating the steering data enables the one or more routers to transmit the steering data in a beacon message, and the steering data is effective to enable the device associated with the device identifier to identify that the device is allowed to join the mesh network.

System and method for providing vehicle information based on personal authentication and vehicle authentication

An electronic device and method for providing vehicle information based on personal authentication and vehicle authentication are disclosed. According to various example embodiments, an electronic device includes a communication module comprising communication circuitry configured to communicate with a vehicle device and a first server and a processor electrically connected with the communication module, in which the processor is configured to receive an encrypted session key set including at least one session key from the first server, to transmit the encrypted session key set to the vehicle device, receive, from the vehicle device, second vehicle information in which first vehicle information of the vehicle device is encrypted using a first session key of the at least one session key and is signed using a secret key of the vehicle device, and to transmit, to the first server, third vehicle information in which the received second vehicle information is signed using a secret key of a user.

METHOD FOR REMOTE SUBSCRIPTION MANAGEMENT OF AN eUICC, CORRESPONDING TERMINAL

Remote subscription management of an eUICC comprising a private key and a public certificate, the public certificate comprising information allowing a subscription manager server to decide if it can agree to manage the eUICC. The method includes: establishing a secure channel between the terminal and the subscription manager server by using the public certificate and dedicated cryptographic services of the eUICC; sendingto the subscription manager server a subscription management request; verifying, based on the information in the public certificate in the subscription manager server, whether the eUICC is entitled to be managed by the subscription manager server and, if yes: performing a key establishment procedure between the subscription manager server and the eUICC by using the eUICC public certificate; establishing between the subscription manager server and the eUICC a secure channel with the established keys; and, executing by the subscription manager server the subscription management request on the eUICC.

Method, apparatus, and system for establishing security context

Embodiments disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

Device registration to management domain

The technology disclosed herein pertains to a method for mobile storage device registration to a management domain using a random token and a pin. In at least one implementation, a technology disclosed herein provides a method of authenticating a device on a system, the method including generating a random token, displaying the random token to a user, communicating the random token to an authentication system portal, in response the authentication system portal validating the random token receiving a PIN from the user, and communicating the PIN to the authentication system portal, and receiving a portal IP address and a certificate of authentication from the authentication system portal.

SECURITY PROCEDURE

In accordance with an example embodiment, there is provided an apparatus, such as a user equipment, configured to receive, from a communication network, an authentication request which comprises a nonce and a received sequence number, check, whether the received sequence number is advanced with respect to a first sequence number, the first sequence number being from a most recent previous authentication request handled by the apparatus, check, responsive to the received sequence number not being advanced with respect the first sequence number, whether the nonce is identical to one from among plural stored nonces, and send, responsive to the nonce being identical to the one stored nonce, a response to the authentication request which comprises as a synchronization failure token a dummy value which is not derived from the first sequence number. 1. An apparatus comprising at least one processing core , at least one memory including computer program code , the at least one memory and the computer program code being configured to , with the at least one processing core , cause the apparatus at least to:receive, from a communication network, an authentication request which comprises a nonce and a received sequence number;check, whether the received sequence number is advanced with respect to a first sequence number, the first sequence number being from a most recent previous authentication request handled by the apparatus;check, responsive to the received sequence number not being advanced with respect the first sequence number, whether the nonce is identical to one from among plural stored nonces, andsend, responsive to the nonce being identical to the one stored nonce, a response to the authentication request which comprises as a synchronization failure token a preconfigured dummy value which is not derived from the first sequence number.2. The apparatus according to claim 1 , wherein the synchronization failure token comprises an authentication token for ...

Electronic lockbox with schedule controlled access credentials

An electronic lockbox control system allows visiting agents (such a “showing agents” in a real estate sales situation) to make an appointment to visit a property that is protected by an electronic lockbox, using a time-sensitive authorizing credential that is provided by a central computer; and then, if that visiting agent is delayed because of an earlier appointment, the central computer can automatically create a new time-sensitive authorizing credential that is time-shifted, so that visiting agent can later visit that remote property and obtain access to that lockbox at the later, time-shifted appointment time. Another interested party (e.g., a homeowner) can decline that later, time-shifted appointment. The visiting agent can carry a smart phone with a GPS receiver, and the central computer can use his GPS coordinates to calculate his physical position, and calculate his travel time to the next lockbox location to automatically create the new, time-shifted appointment time.

Device authentication using proxy automatic configuration script requests

Methods and systems for performing device authentication using proxy automatic configuration script requests are described. One example method includes generating a unique key for a client device; configuring the client device to send a request for a proxy automatic configuration (PAC) script upon accessing a network, the request including the unique key; receiving, over a network, a request for the PAC script including a request key; and authenticating the client device on the network if the request key matches the client device's unique key.

System and method for attorney-client privileged digital evidence capture, analysis and collaboration

A system and method for attorney-client privileged digital evidence capture, analysis and collaboration is presented herein. In particular, the system and method facilitates the capturing and analysis of evidentiary digital images, audio, video or audiovisual files (“Evidence”) via smart phones, cameras, digital recording devices, personal computers, connected Internet of Things (IoT) devices and other networked machines capable of capturing digital images, audio, video or audiovisual recordings and data by verified people, devices and machines. The system and method further facilitates secure, attorney-client privileged information, storage, communication and collaboration with respect to such evidence, and allows access and collaboration by authorized third parties with permission.

AUTHENTICATION OF INTERNET OF THINGS DEVICES, INCLUDING ELECTRONIC LOCKS

Methods and systems for authenticating an Internet of Things device, such as an electronic lock, are disclosed. One method includes generating a first challenge at a server; transmitting the first challenge to the Internet of Things device; receiving a first signed certificate from the Internet of Things device, the first signed certificate being the first random number challenge signed with a private key associated with the internet of things device; and verifying the first signed certificate with the first challenge and a public key associated with the Internet of Things device. Mutual authentication of the server from the Internet of Things device is also provided. 1. A method of authenticating an Internet of Things device comprising:generating a first challenge at a server;transmitting the first challenge to the Internet of Things device;receiving a first response from the Internet of Things device; andverifying the first response with the first challenge and a public key associated with the Internet of Things device.2. The method of claim 1 , further comprising:receiving a second challenge from the Internet of Things device;responding to the second challenge to produce a second response;transmitting the second response to the Internet of Things device; andreceiving confirmation of authentication from the Internet of Things device.3. The method of claim 1 , wherein the Internet of Things device is an electronic lock.4. The method of claim 1 , wherein the transmitting occurs via a mobile device in data communication with both the Internet of Things device and the server.5. The method of claim 4 , wherein the mobile device is in data communication with the Internet of Things device via a Bluetooth connection.6. The method of claim 4 , wherein the mobile device is in data communication with the server via a Wi-Fi connection.7. The method of claim 1 , wherein the transmitting occurs directly between the Internet of Things device and the server via a wireless network ...

Pen Needle Outer Cover Concepts

Some examples provide a non-transitory computer readable medium having instructions executable by a processor of a computing device. The instructions can cause the processor to establish remote access by the computing device to a network-based storage resource, and establish the remote access based on a hardware identifier associated with the computing device. The instructions can cause the processor to generate, at the computing device, a local index for the remote data stored on the network-based storage resource and available to the computing device through the remote access. The instructions can cause the processor to provide, based on the local index, local access to the remote data through a virtual file system at the computing device.

Bootstrapping with common credential data

According to the present techniques there is provided a computer implemented method of bootstrapping a device by a bootstrap server, the method comprising: receiving, at the bootstrap server from the device as part of a bootstrap process, common credential data including a trust indicator to indicate that the common credential data is common for a group of devices; obtaining, at the bootstrap server, resource credential data based on or in response to the common credential data, the resource credential data to enable the device to authenticate with a resource; transmitting, from the bootstrap server to the device, the resource credential data.

Updating User Equipment Parameters

A user equipment (UE) may perform a UE parameter update (UPU) procedure or a steering of roaming (SoR) procedure based on information received from a home public land mobile network (HPLMN). The UE receives, from a network component, an update container comprising updated parameters for the UE and a counter value associated with the update container, compares the counter value with a stored value and performs an action related to the update container based on at least the comparison of the counter value with the stored value. 1. A user equipment (UE) , comprising:a transceiver; andone or more processors communicatively coupled to the transceiver and configured to perform operations comprising:receiving, from a network component, an update container comprising updated parameters for the UE and a counter value associated with the update container;comparing the counter value with a stored value; andperforming an action related to the update container based on at least the comparison of the counter value with the stored value.2. The UE of claim 1 , wherein claim 1 , when the counter value and the stored value are equal claim 1 , the action comprises disregarding the update container.3. The UE of claim 2 , wherein the update container further comprises an acknowledgement request and wherein the action further comprises transmitting an acknowledgement to the network component.4. The UE of claim 1 , wherein claim 1 , when the counter value and the stored value are not equal claim 1 , the action comprises performing an update procedure of the UE using the updated parameters of the update container.5. The UE of claim 4 , wherein the update container further comprises an acknowledgement request and wherein the action further comprises transmitting an acknowledgement to the network component.6. The UE of claim 1 , wherein the update container comprises a UE parameter update (UPU) container comprising one of an updated routing indicator or an updated default network slice ...

Management of credentials on an electronic device using an online resource

Systems, methods, and computer-readable media for using an online resource to manage credentials on an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter alia, receiving account data via an online resource, accessing commerce credential status data from a secure element of the electronic device, providing initial credential management option data via the online resource based on the received account data and based on the accessed commerce credential status data, in response to the providing, receiving a selection of an initial credential management option via the online resource, and changing the status of a credential on the secure element based on the received selection. Additional embodiments are also provided.

Method for ensuring the authenticity of a field device

The present disclosure relates to a method for ensuring the authenticity of a field device. The method includes a step of assigning a unique authentic identification feature to the field device or providing the field device with a unique authentic identification feature. The method also includes steps of transmitting ACTUAL identification data to a participant node which transmits the ACTUAL identification data to the other participant nodes in a transaction, validating the transaction by the participant nodes, and creating a data block containing the transaction, wherein the data block is transmitted to each of the participant nodes. The method also includes verifying the data block by all participant nodes, storing the validated data block in the databases, comparing the ACTUAL identification data with corresponding TARGET identification data or original identification data from an authentication point, and generating a response containing the result of the comparison.

Securely providing a password using an internet of things (iot) system

An apparatus and method are described for securely providing a User ID and/or password to an IoT device. For example, one embodiment of a method comprises: receiving at an Internet of Things (IoT) service a request from a mobile device over a first communication channel to transmit credentials for a particular online service to an IoT device, responsively encrypting the credentials to generate encrypted credentials and transmitting the encrypted credentials to the IoT device over a second communication channel, decrypting the encrypted credentials at the IoT device, and providing the credentials by the IoT device to a computer over a third communication channel, the computer causing the credentials to be provided to the online service to authenticate the user.

Simulacrum of physical security device and methods

Described herein is a simulacrum security device and methods. In one embodiment, a simulacrum or likeness of a physical security device is provided for use in conjunction with a software emulation of the security device. In one implementation, a “faux SIM card” is provided that does not contain Subscriber Identification Module (SIM) information itself, but instead enables a user to download Electronic SIM (eSIM) information (e.g., from a network or eSIM server) which is loaded into a software emulation of a Universal Integrated Circuit Card (UICC) device. The faux card is printed with an activation code, scan pattern, or other activation or access information. The subscriber purchases the faux card, and enters the activation code into a device; the entered activation code enables the device to log onto a network, and download the appropriate eSIM data. Delivery of eSIM information as enabled by the faux card addresses deficiencies in existing SIM distribution schemes, provides users with an enhanced perception of security, and further addresses various legal requirements.

AUTHENTICATION WITH SECONDARY APPROVER

Techniques are provided for giving access to restricted content on a first device from a second device through a wireless network. In one embodiment, the first device transmits an authorization request signal to the second device or to a server in the wireless network. The second device, having received the authorization request, prompts an authorized user to give authorization to the first device by inputting an authentication key such as a password or gesture on the second device. Upon verification of the authentication key, an authorization signal may be wirelessly transmitted to the first device, permitting access to the restricted content or functions on the first device. In some embodiments, the second device may be alerted to an authorization request and may select a request for authorization from a selectable queue of requests. 1. (canceled)2. A first electronic device , including:a display;one or more processors; and initiating a process for an authorization request for accessing restricted content at the first electronic device, wherein the first electronic device is associated with a first user account, and wherein the first user account is associated with a first account identifier and a first password; and', in accordance with a determination that the authorization request corresponds to a request for authorization at a second electronic device, transmitting, to the second electronic device, the authorization request for accessing the restricted content, wherein the second electronic device is associated with a second user account different from the first user account, and wherein the second user account is associated with a second account identifier different from the first account identifier and a second password different from the first password, and wherein the second electronic device is different from the first electronic device, and', 'in accordance with a determination that the authorization request corresponds to a request for authorization at ...

SERVER FOR PROVIDING A TOKEN

A server for providing a token to a mobile terminal includes a network interface and a processing unit coupled to the network interface. The processing unit is configured to receive from the mobile terminal a request asking for the token, to obtain subscriber identification information of the mobile terminal, to obtain a token which includes a user profile associated with the subscriber identification information and to which an electronic signature is added, and to transmit the token to the mobile terminal. 1. A server arranged in a mobile network for providing a token to a mobile terminal , the server comprising:a network interface; anda processor coupled to the network interface, receive, from the mobile terminal, a first request asking for the token,', 'determine whether the first request is received via the mobile network,', obtain subscriber identification information of the mobile terminal based on a session with the mobile terminal,', 'send a second request to a token issuing server to obtain the token, the second request including the subscriber identification information of the mobile terminal,', 'receive, from the token issuing server, the token generated by the token issuing server in response to the second request, where an electronic signature is added to the token; and', 'transmit, to the mobile terminal, the token returned from the token issuing server, and, 'if the first request is received via the mobile network,'}], 'a memory comprising instructions executable by the processor, wherein, when executed, the instructions cause the processor to at leastif the first request is received via a network other than the mobile network, notify the mobile terminal that the token is not transmitted.2. The server according to claim 1 , whereinthe first request includes an address of an external server, andthe second request further includes the address of the external server included in the first request received from the mobile terminal.3. The server according ...

SYSTEMS AND METHODS FOR SECURE AUTOMATED NETWORK ATTACHMENT

A method for automatically attaching a purpose-built electronic device to a provider network includes steps of discovering, by a Wi-Fi module of the purpose-built electronic device, a wireless data network in operable communication with the provider network selecting, by the Wi-Fi module, the wireless data network, transmitting a primary authentication certificate from the Wi-Fi module to an authentication, authorization, and accounting server of the provider network, receiving, by an application server of the provider network, a secondary authentication certificate from a functionality module of the purpose-built electronic device authenticating, by the provider network, the primary and secondary authentication certificates, and attaching the purpose-built device to the provider network. 1. A method for automatically attaching a first electronic device operating at a first location to a provider network operating at a second location , the method comprising the steps of:discovering, by a communication module of the first electronic device, a communication data network in operable communication with the provider network;selecting, via the communication module, the communication data network;transmitting a primary authentication certificate from the communication module to an authentication server of the provider network;receiving, by an application server of the provider network, a secondary authentication certificate from a functionality module associated with the first electronic device;authenticating, by the provider network, the primary authentication certificate; andattaching the first device to the provider network,wherein the first location is one of (i) within an operational vicinity of the provider network at the second location, and (ii) outside of the operational vicinity of the provider network.2. The method of claim 1 , wherein the first device is a medical device and the provider network is associated with a clinical network.3. The method of claim 2 , ...

SYSTEMS AND METHODS FOR MULTI-LINK DEVICE PRIVACY PROTECTION

A method for communicating over a wireless network includes broadcasting, by a Multi-Link Device (MLD) device, service data indicative of one or more services for wireless communication with a client device; wherein the service data indicates that a service type is differentiated based on a type of the client device; establishing a security association with the client device; and in response to establishing a security association with the client device, granting access by the client device to a subset of the one or more services based on the type of the client device. 1. A method for communicating over a wireless network , the method comprising:broadcasting, by a Multi-Link Device (MLD) device, service data indicative of one or more services for wireless communication with a client device;wherein the service data indicates that a service type is differentiated based on a type of the client device;establishing a security association with the client device; andin response to establishing a security association with the client device, granting access by the client device to a subset of the one or more services based on the type of the client device.2. The method of claim 1 , wherein the type of client device indicates one or more network resources available to the client device claim 1 , the one or more network resources comprising an access point claim 1 , a subnetwork claim 1 , or both.3. The method of claim 1 , wherein the one or more services each comprises an access point for establishing a communication link between the client device and a networking device.4. The method of claim 3 , wherein each access point is associated with a radio band comprising one of a 2.4 GHz radio band claim 3 , a 5 GHz radio band claim 3 , or a 6 GHz radio band.5. The method of claim 1 , wherein the type of client device is indicated by a private pre-shared key (PPSK) or a simultaneous authentication of equals (SAE) password identifier.6. The method of claim 1 , further comprising: ...

KEY MATCHING FOR EAPOL HANDSHAKE USING DISTRIBUTED COMPUTING

Embodiments herein relate to the field of communications, and more particularly to key matching for extensible authentication protocol over local area network (EAPOL) handshaking using distributed computing. Other embodiments may be described and claimed. 1. One or more non-transitory computer-readable media storing instructions that , when executed by one or more processors , cause a computing device to:receive a match request from an access point of a local area network (LAN) as part of an extensible authentication protocol over LAN (EAPOL) process associated with a client device, the match request including an offered key provided by the client device, a station nonce (SNonce) value generated by the client device, and an access point nonce (ANonce) value generated by the access point;determine a number of keys that are potentially valid for authentication with the LAN;determine indexing information based on the number of keys, the indexing information to allocate the keys into a plurality of partitions based on a portion of the respective keys;send the offered key, the indexing information for the respective partitions, the SNonce value, and the ANonce value to a plurality of computation elements to perform matching with the respective partitions of keys; andreceive, from a first computation element from the plurality of computation elements, an indication of a match.2. The one or more non-transitory computer-readable media of claim 1 , wherein the indexing information is determined based further on a computational capacity of the plurality of computation elements.3. The one or more non-transitory computer-readable media of claim 1 , wherein the portion of the respective keys is a prefix of the respective keys.4. The one or more non-transitory computer-readable media of claim 1 , wherein the media further stores instructions to cause the computing device to determine a size of the portion of the key based on the number of keys.5. The one or more non-transitory ...