608results about How to "Communication security" patented technology

A media distribution technique employs a multi-user server positioned at the terminal end of a broadcast media network. The server receives broadcast media signals and selectively captures a portion of the signals for live personalized media streaming and / or storage for later personalized media streaming and / or download over a local distribution network to a collection of user receivers. Request / control streams sent from the receivers to the server control real-time personalization of the media streams such as trick-play functions and channel selection. Buffering and data storage segmentation techniques are used to provide highly responsive personal video recorder-like functionality to the multiple end users.

A gaming device which can be operated by wireless signals provided by a remote control unit or device after an initialization process. The initialization process insures that the initialized gaming device accepts signals solely from the initialized remote control unit and that other players are prevented from operating the gaming device using a different remote control unit. The wireless signals contain gaming commands for play of a primary wagering game as well as player identification and / or player tracking information.

Registration of non-configured network devices in a distributed network is facilitated by a method of distributing cryptographic keys. A non-configured first device seeking to communicate securely with a second device acquires knowledge of a trusted registration service. The first device registers with the registration service and obtains a longer-lived symmetric key. Using the longer-lived key, the first device authenticates itself to a key management service, and receives a shorter-lived symmetric key encapsulated in a ticket that includes policy information. A second device carries out the same preparatory process. Using its ticket containing the shorter-lived key, the first device requests the second device to obtain a session key on behalf of both. The second device presents its own ticket and that of the first device to the key management service to authenticate the shorter-lived key, and then obtains a session key for use in communications among the first and second devices. The first device and second device then communicate by encrypting communications with the session key, and without further contact with the key management or registration services or any other online authoritative server or key database. Thus newly deployed network devices may be positively identified, registered in the network, and subjected to key schedule or other key management policies.

A unified policy management system for an organization including a central policy server and remotely situated policy enforcers. A central database and policy enforcer databases storing policy settings are configured as LDAP databases adhering to a hierarchical object oriented structure. Such structure allows the policy settings to be defined in an intuitive and extensible fashion. Changes in the policy settings made at the central policy server are automatically transferred to the policy enforcers for updating their respective databases. Each policy enforcer collects and transmits health and status information in a predefined log format and transmits it to the policy server for efficient monitoring by the policy server. For further efficiencies, the policy enforcement functionalities of the policy enforcers are effectively partitioned so as to be readily implemented in hardware. The system also provides for dynamically routed VPNs where VPN membership lists are automatically created and shared with the member policy enforcers. Updates to such membership lists are also automatically transferred to remote VPN clients. The system further provides for fine grain access control of the traffic in the VPN by allowing definition of firewall rules within the VPN. In addition, policy server and policy enforcers may be configured for high availability by maintaining a backup unit in addition to a primary unit. The backup unit become active upon failure of the primary unit.

Systems, methods, and apparatus embodiments for electric power grid and network registration and management of physical and financial settlement for participation of active grid elements in supply and / or curtailment of power. Settlement is provided for grid elements that participate in the electric power grid following initial registration of each grid element with the system, preferably through network-based communication between the grid elements and a coordinator, either in coordination with or outside of an IP-based communications network router. A multiplicity of active grid elements function in the grid for supply capacity, supply and / or load curtailment as supply or capacity, and are compensated through settlement for their functional participation in the electric power grid. Also, messaging related to settlement is managed through a network by a Coordinator using IP messaging for communication with the grid elements, with the energy management system (EMS), and with the utilities, market participants, and / or grid operators.

The present invention extends to trusted third party authentication for Web services. Web services trust and delegate user authentication responsibility to a trusted third party that acts as an identity provider for the trusting Web services. The trusted third party authenticates users through common authentication mechanisms, such as, for example, username / password and X.509 certificates and uses initial user authentication to bootstrap subsequent secure sessions with Web services. Web services construct user identity context using a service session token issued by the trusted third party and reconstruct security states without having to use a service-side distributed cache.

A portable wireless system for providing a user with access to a computer-based system includes a BARB Badge to interface with the user's body, responsive to a disruption in the interface and including a transceiver to communicate with an external source, a BARB Base to detect a presence of said BARB Badge in a vicinity of said BARB Base and relay secure communications between said BARB Badge and said computer-based system; and an administrator subsystem to regulate interfacing operations of said BARB Badge and said computer-based system based on predetermined administrative protocols. In this way, the overall security of the computer-based system is enhanced while the amount of operational burdens associated with accessing the computer-based system are reduced.

Secure communication between a resource-constrained device and remote network nodes over a network with the resource-constrained acting as a network node. The remote network nodes communicate with the resource-constrained device using un-modified network clients and servers. Executing on the resource-constrained device, a communications module implements one or more link layer communication protocols, operable to communicate with a host computer, operable to communicate with remote network nodes and operable to implement network security protocols thereby setting a security boundary inside the resource-constrained device.

The inventive system for providing strong security for UDP communications in networks comprises a server, a client, and a secure communication protocol wherein authentication of client and server, either unilaterally or mutually, is performed using identity based encryption, the secure communication protocol preserves privacy of the client, achieves significant bandwidth savings, and eliminates overheads associated with certificate management. VDTLS also enables session mobility across multiple IP domains through its session resumption capability.

A secure communication protocol (e.g., SSL) transaction request from a client to a server is intercepted at a client-side proxy communicatively coupled to the client and logically deployed between the client and the server. The client-side proxy initiates a secure connection with the server and passes an attribute (e.g., a cryptographic key) associated with that secure connection to a server-side proxy communicatively coupled to the server and logically deployed between the client and the server. This enables the server-side proxy to engage in secure communications with the server in a transparent fashion.

The present invention concerns application of digital rights management to industrial automation devices including programmable logic controllers (PLCs), I / O devices, and communication adapters. Digital rights management involves a set of technologies for controlling and managing access to device objects and / or programs such as ladder logic programs. Access to automation device objects and / or programs can be managed by downloading rules of use that define user privileges with respect to automation devices and utilizing digital certificates, among other things, to verify the identity of a user desiring to interact with device programs, for example. Furthermore, the present invention provides for secure transmission of messages to and amongst automation devices utilizing public key cryptography associated with digital certificates.

Embodiments of the invention include a platform for using 2D barcodes to establish secure authenticated communication between two computing devices that are in proximity to each other. A two-tier application architecture using a single base app and dynamic add-on applets is used. 2D barcodes can be distinctively visually branded. According to other aspects, the security of mobile payment systems are enhanced by (1) a triangular payment settlement in which the sender and receiver of payment each submit transaction information independently to the same payment server; (2) sensitive information is split into two parts, one of which is stored on a mobile device, and the other of which is stored on a payment server, and the two parts are only combined and exist transiently in the payment server's volatile memory when executing a transaction; and (3) a process to securely update profile pictures associated with payment accounts.

A system and method for simply and securely pairing Bluetooth devices in a vehicle. A Near Field Communication (NFC) read-only tag is placed in the vehicle such that a user can pass an NFC-enabled Bluetooth device near the tag, which then transfers encryption key data for the vehicle's Bluetooth device to the user's Bluetooth device. Various embodiments are disclosed for initiating the pairing process with the vehicle's Bluetooth device, which ordinarily remains in a silent mode for security reasons. Once the pairing process has been initiated, and the user's Bluetooth device has been passed near the NFC tag, the pairing process is completed with no further action required by the user.

A computer-implemented communication method performed by a computerized device and a computerized communication apparatus, the method comprising: receiving by a buffer server a first communication request and a device key from a mobile device; verifying the device key and a buffer server key; sending a request with details associated with the device key and the buffer server key, to a corporate server; receiving a response from the corporate server; removing data from the response, and sending a reduced response to the mobile device; receiving a user identification and a second communication request from the mobile device, for the data that has been removed; and sending the data that has been removed to the mobile device, upon verifying the user identification.

The present invention provides for a system and method of discovering whether a medical device is connected to a network, establishing secure communications between and a server and the medical device, and communicating with the medical device. Also disclosed is a method of encryption to ensure secure communications within the network between a server and medical devices connected to the network. The invention also includes a system and method for determining the location of medical devices within an institution.

The present invention provides systems and methods for enabling encrypted communication capabilities for a Subscriber's Web Site, thereby allowing Customers to access the Subscriber's Web Site in a secure manner. The Subscriber may register a domain name associated with the Subscriber's Web Site using a proxy domain name service, thereby hindering its Customers ability to verify the owner of the Subscriber's Web Site. A Hosting Provider hosts the Subscriber's Web Site and a Certificate Authority (CA) verifies the identity of the Subscriber. In combination the Hosting Provider and CA provide the Subscriber's Web Site with Secure Sockets Layer (SSL) encrypted communications capability. The Hosting Provider and CA communicate directly with each other as needed, typically via the Internet, without using the Subscriber as an intermediary in their communications.

Automated secure registration techniques for communication devices are provided which address the problem of allowing multiple clients to gain access to one system, and thus provide a solution to the “reverse single sign-on” problem. For example, a method for registering a group of two or more communication devices in a communication network comprises the following steps. A group challenge message is sent from a network device to the group of two or more communication devices. The network device receives one or more response messages to the group challenge respectively from one or more of the group of two or more communication devices, wherein the response message from each of the responding communication devices in the group comprises a group credential corresponding to the group.

A system and method for simply and securely pairing Bluetooth devices in a vehicle. A Near Field Communication (NFC) read-only tag is placed in the vehicle such that a user can pass an NFC-enabled Bluetooth device near the tag, which then transfers encryption key data for the vehicle's Bluetooth device to the user's Bluetooth device. Various embodiments are disclosed for initiating the pairing process with the vehicle's Bluetooth device, which ordinarily remains in a silent mode for security reasons. Once the pairing process has been initiated, and the user's Bluetooth device has been passed near the NFC tag, the pairing process is completed with no further action required by the user.

An encrypted communication system according to the present invention comprises an authentication server in which a user password and an encryption key of a server were registered, a client involved in utilization by a user, and a server providing a service. According to the encrypted communication system, shared credentials for the client and the server to conduct encrypted communication are generated separately by the authentication server and the client based on mutually shared information, a ticket is generated in which the credentials that were generated by the authentication server are encrypted with the encryption key by the authentication server, and the client encrypts information to be sent using the credentials generated by the client and attaches the ticket that was acquired from the authentication server to the encrypted information to send the encrypted information and the ticket to the server.

A two-tier security architecture that provides balance between the use of public and secret-key cryptography to realize cost-effectiveness and scalability of security. One tier is an intra-zone tier and the other tier is an inter-zone tier. The intra-zone tier addresses communication between users employing endpoints within a prescribed Security Zone and is designed to achieve cost-effectiveness. The inter-zone tier specifies how communication between users employing endpoints from different Security Zones can be established and is designed to provide scalability for intra-enterprise and / or inter-enterprise communications. Specifically, each Security Zone has a “Zone Keeper” and one or more endpoints that may be employed by users. The Zone Keeper authenticates, i.e., validates, users employing an endpoint in the Security Zone and determines whether a caller and a callee are security compatible. When setting up a communication, the caller provides the Zone Keeper security information in order for the caller to prove its identity. The callee supplies to the caller information confirming its identity. A proposal on how the communication is to be Set-up is sent from the caller to the callee, and if they agree to the proposal and their security is authenticated, the communication is started. For inter-zone, inter-domain, communications, the caller provides information as described above to its Zone Keeper. Then, the caller's Zone Keeper forwards the caller's request to the Zone Keeper of the security associated with the callee. Additionally, the caller's Zone Keeper also supplies the callee's Zone Keeper with its security identity so that the callee's Zone Keeper may authenticate that the request is from the caller's Zone Keeper. Then, the callee's Zone Keeper sends back an authorization to the Caller's Zone Keeper. This authorization includes the callee's Zone Keeper security identity so that the caller's Zone Keeper can authenticate that the authorization is from the callee's Zone Keeper.

A method and system for distributing voice communication services via wireless local area networks. An entity sells, loans, gives or otherwise distributes wireless access points, each of which is pre-configured with virtual private network (VPN) security settings to establish a VPN tunnel over a packet network with a VPN terminator on a remote telephony services network. A recipient may thus install the wireless access point on a local area network (LAN), to allow users of voice-capable wireless devices to engage in voice calls via the wireless access point, VPN tunnel and telephony services network. The distributor of the access point, or another entity, may then charge users for placing and receiving voice calls through this system.

A Secure Service Network (SSN) in which at least two participants having a relationship are connected to a physical network by way of Secure Service Gateways and share information defined by one or more Service Definitions allowing for the creation of a secure Virtual Service Connection (VSC) between the participants in which the VSC is specific to the activity being performed and the participants provisioned for that activity. SSN enables the creation of a secure virtual network topology on any network transport that allows participants to exchange documents and transact business over the network real time, where all activity inherits a business and security infrastructure that is independent and in addition to the applications, devices, web services, users using the network.

An optical system for remotely optical communications at a high data rate between a base station and a remote station under atmospheric turbulence conditions is disclosed. The remote station includes an entirely different type of retroreflector that does not use the conventional type of retroreflection, but instead consists of two sets of lenslets coupled with single-mode fiber array, called fiber “retro”. Amplified retromodulation is achieved requiring only one single optical amplifier and one single modulator. A transmitter located at the base station sends an interrogating optical beam to the fiber “retro” which modulates the optical beam according to the input signal / data, and redirects the modulated optical beam to the base station for detection by a receiver. The present invention includes the capabilities of providing Identification of Friend-or-Foe (IFF), secure communication, and a means of achieving a wide field-of-view (FOV) with a fiber-coupled lenselet array.