1792 results about "Secure communication" patented technology

A wireless media player and a related system and methodology are disclosed. One aspect of the wireless media player system pertains to a virtual connector system, apparatus, and method for the automatic establishment of wireless connectivity with other electronic devices. In one embodiment, the media player device employs the use of integrated Radio Frequency Identification (RFID) technology to exchange communication settings, media capability, and other parameters with an external device that also has integrated RFID technology. The automatic exchange of settings and other information via a proximity-based RFID data exchange allows a media player to quickly establish a secure communication link with another device via a commonly supported wireless protocol such as Ultra Wideband (UWB) or Bluetooth. Another aspect of the media player system pertains to a method of using the captured media capability of the connecting device to customize certain menu options and software parameters in the media player.

A lightweight secure tunneling protocol or LSTP permits communicating across one or more firewalls by using a middle server or proxy. Three proxies are used to establish an end-to-end connection that navigates through the firewalls. In a typical configuration, a server is behind a first firewall and a client behind a second firewall are interconnected by an untrusted network (e.g., the Internet) between the firewalls. A first inside firewall SOCKS-aware server-side end proxy connects to the server inside the first firewall. A second inside firewall SOCKS-aware client-side end proxy is connected to by the client inside the second firewall. Both server-side and client-side end proxies can address a third proxy (called a middle proxy) outside the two firewalls. The middle proxy is usually started first, as the other two end proxies (server and client) will initiate the connection to the middle proxy some time after they are started. Since the middle proxy is mutually addressable by both inside proxies, a complete end-to-end connection between the server and client is established. It is the use of one or more middle proxies together with the LSTP that establishes the secure communications link or tunnel across multiple firewalls.

A disclosed gaming machine may securely communicate with devices over a public network such as the Internet. The gaming machine utilizes a combination of symmetric and asymmetric encryption that allows a single gaming machine to securely communicate with a remote server using a public network. The secure communication methods may be used to transfer gaming software and gaming information between two gaming devices, such as between a game server and a gaming machine. For regulatory and tracking purposes, the transfer of gaming software between the two gaming devices may be authorized and monitored by a software authorization agent.

A disclosed gaming machine may securely communicate with devices over a public network such as the Internet. The gaming machine utilizes a combination of symmetric and asymmetric encryption that allows a single gaming machine to securely communicate with a remote server using a public network. The secure communication methods may be used to transfer gaming software and gaming information between two gaming devices, such as between a game server and a gaming machine. For regulatory and tracking purposes, the transfer of gaming software between the two gaming devices may be authorized and monitored by a software authorization agent.

Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

PCT No. PCT/RU95/00241 Sec. 371 Date Jan. 27, 1998 Sec. 102(e) Date Jan. 27, 1998 PCT Filed Nov. 10, 1995 PCT Pub. No. WO97/05557 PCT Pub. Date Feb. 13, 1997An electronic gaming system is disclosed that includes a central computer station, a plurality of peripheral computer stations, and a data exchange network for coupling the peripheral computer stations to the central computer station. The central computer station includes an administrative subsystem, a player's registration subsystem, a game accounts managing subsystem, an information tabulating, storing and searching subsystem, a game recording subsystem, a scoring subsystem, a wagering and betting subsystem, an executive gaming subsystem, an electronic payment subsystem, an information protection subsystem, a secure communications subsystem, and a game selection subsystem. Each of the peripheral computer stations include a subsystem for admitting and registering players with the central computer station and a gaming interface subsystem. To ensure security of the electronic gaming system, a player seeking to enter the system transmits an encoded message from their peripheral computer station to the central computer station that includes a set of key attributes associated with the player. The central computer station decodes and compares the transmitted set of key attributes with individual information previously stored in the information protection subsystem in order to identify each player during registration based upon the set of key attributes transmitted by each player. The system may automatically control money transactions with each player's bank accounts based upon the player's scoring and wagers in each selected game.

An integrated medication management and compliance system for enabling a care provider to remotely manage and deliver individual doses of therapeutic products to a patient, in a non-sequential fashion. The system includes delivery apparatus remotely located from the care provider, wherein the apparatus stores a plurality of sealed unit dose packages that are delivered to a patient at a scheduled dosing time. The delivery apparatus is coupled to a control facility and to a computer terminal of the care provider by way of a secure communications network. The system enables the patient's medication regimen to be remotely tailored in real-time to accommodate fluid medical conditions.

Methods of creating a secure channel over which credit card personalization data can be transmitted over the air (OTA) are provided. In particular, Generic Authentication Architecture (GAA) may be used to establish a secure communication channel between the user equipment (UE) and a personalization application server or bureau acting as a network application function (NAF) server. An user equipment, personalization application service (e.g., a NAF server), a system embodying a personalization application server and an user equipment, and a computer program product are also provided for creating a secure channel, such as via GAA, over which credit card personalization data can be transmitted OTA.

A method and apparatus for establishing a secure communication connection between a Java application or applet and a secure server is provided. An HTTPS handler is provided that may be used by Java applications or applets to establish secure communication connections with secure Web servers.

An approach for establishing secure multicast communication among multiple event service nodes is disclosed. The event service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the event service nodes include the group session key and the private keys of the event service nodes that are members of the multicast or broadcast groups. The private keys provide unique identification values for the event service nodes, thereby facilitating distribution of such keys. Because keys as well as key version information are housed in the directory, multicast security can readily be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service. Replication of the directory accomplishes distribution of keys. Event service nodes may obtain current key information from a local copy of the replicated directory.

A system for use with a trusted service manager (TSM) and a mobile device having a subscriber unique identifying data, according to one embodiment, includes: a server in which the server validates an application against the unique and identifying data of the mobile device and provides the validated application for the mobile device; and a secure element (SE) acting as a client in which the SE is present in the mobile device as client; the validated application from the server is installed in the SE; and the SE is adapted to execute the validated application to perform a service process. The service process includes enablement of payment functions on the mobile device, in which enablement of payment functions includes: providing secure communication between the mobile device and the server; secure provisioning of a payment instrument on the mobile device, wherein authentication and verification for the payment instrument on the mobile device is provided by the server; and binding the payment instruments and the validated application to the mobile device to provide a strong ID management for enhanced user protection and system security and integrity.

A system enabling service communications in distributed Web applications between servers otherwise inaccessible due to cross-origin security restrictions in pre-HTML5 compliant Web-browser clients. A Web-browser client executes a client-side Web application received from a source origin server having a defined source origin and requests connections to request identified Web-application services. Execution of an emulation client library establishes a bidirectional capable HTTP-based communications connection between the Web-browser client and a gateway server, having a target origin outside the scope of the source origin, providing access to the request identified Web-application service. The bidirectional capable HTTP-based communications connection includes a cross-origin communications bridge providing a secure communications path between the source and target origins. The gateway server can establish an HTML5 compliant connection to a target defined service, provided by a target server, having a predefined relation to the request identified Web-application service.

The present invention relates to communications, and in particular though not exclusively to forming a secure connection between two untrusted devices. The present invention provides a method of securely connecting a first device (A) to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb). The method comprises receiving a request from the first device at the authentication server; the authentication server and the first device both generating a first device key (K_A) using the first device shared secret data in response to a first device random number (RANDa) sent from the authentication server to the first device; the authentication server and the second device both generating a second device key (K_B) using the second device shared secret data in response to a second device random number (RANDb) sent from the authentication server to the second device; and the authentication server securely forwarding to the second device (B) and the first device (A) a common key (K_AB) using the second and first device keys (K_B, K_A).

Systems and methods are described to allow secure undisrupted communication from wireless clients that roam a wide area network. System architectures and communication protocols are provided to ensure that wireless clients can seamlessly associate and reassociate with controllers on the network, without disruption to ongoing secure communications.

This invention addresses environmental social and commercial uses and includes a monitoring system which is a network of on, in, out and off-board devices working together with people through software and interfaces to provide services and make accountable humanity's machines and their actions through safe secure communication. Control devices are used to provide accountability for their socio-economic and environmental impact. Along with these systems networked together, additional devices and variations needed to complete these operations nationally and world wide are also provided. Unique ways interface a network of separate devices or IC circuits to create an interactive secure control system or center that can be remotely controlled. A control device for society to fairly and accurately monitor and control the impact of equipment use on the world environment, and a nation's infrastructure while developing commercial companies to fulfill these needs and services for the equipment and the people who own and operate them for today and into the future are also provided. A set of secure devices and systems are also included to analyze society and machine interaction.

A method and system for efficiently establishing secure communications between mobile devices in a radio network. The present invention utilizes public key cryptography and unique hardware identifiers to enable authorizations for access to wireless networks, such as picocells. The present invention prevents the mobile user from maintaining a plurality of secrets such as user identifier/password pairs, PINs, or encryption keys, for access to each device to which he might require access.

A secure disk drive is disclosed comprising a disk for storing data, and an input for receiving an encrypted message from a client disk drive, the encrypted message comprising ciphertext data and a client drive ID identifying the client disk drive. The secure disk drive comprises a secure drive key and an internal drive ID. A key generator within the secure disk drive generates a client drive key based on the client drive ID and the secure drive key, and an internal drive key based on the internal drive ID and the secure drive key. The secure disk drive further comprises an authenticator for verifying the authenticity of the encrypted message and generating an enable signal, the authenticator is responsive to the encrypted message and the client drive key. The secure disk drive further comprises a data processor comprising a message input for receiving the encrypted message from the client disk drive, and a data output for outputting the ciphertext data to be written to the disk. The data processor further comprises an enable input for receiving the enable signal for enabling the data processor, and a key input for receiving the internal drive key, the internal drive key for use in generating a message authentication code. The data processor outputs reply data comprising the message authentication code. The secure disk drive outputs a reply to the client disk drive, the reply comprising the reply data and the internal drive ID.

A method for secure communications between a client and one of a plurality of servers performed on an intermediary device coupled to the client and said plurality of servers. In one aspect, the method comprises: establishing an open communications session between the intermediary device and the client via an open network; negotiating a secure communications session with the client; establishing an open communications session with said one of said plurality of servers via a secure network; receiving encrypted data from the client via the secure communications session; decrypting encrypted application data; forwarding decrypted application data to the server via the secure network; receiving application data from the server via the secure network; encrypting the application data; and sending encrypted application data to the client. In a further aspect, an apparatus including a network interface communicating with the public network and the secure network at least one processor, programmable dynamic memory addressable by the processor, and a communications channel coupling the processor, memory and the network communications interface is provided. The apparatus further includes a proxy TCP communications engine, a proxy SSL communications engine, a server TCP communications engine; and a packet data encryption and decryption engine.

Methods and systems are provided for non-cryptographic capabilities of a token such as a smartcard to be used as an additional authentication factor when multi-factor authentication is required. Smartcards are configured to generate a transaction code each time a transaction is attempted by the smartcard. The transaction code is dynamic, changing with each transaction, and therefore is used as a one-time password. When a user attempts to access a service or application requiring at least two authentication factors, a secure processor is used to read transaction code from the smartcard. The secure processor establishes a secure communication with the remote computer hosting the service or application. The transaction code can then be encrypted prior to transmission over the public Internet, providing an additional layer of security.

A method and system for enabling wireless devices distributed throughout an enterprise to be efficiently initialized for secure communications. The method and system utilize well known public key cryptography and machine unique identifiers to establish a secure channel and initialize the wireless devices.

In a system where client and server components (or actors) of an application are organized as complementary hierarchical graphs, a method and apparatus for creating server applications and dynamically deploying server applications on a client system are described. The server graph comprises, as a minimum, server nodes corresponding to the union of all possible client nodes, whereas each client graph corresponds to a subset of the related server nodes. The server graph is a compound tree from which all possible combinations of client trees can be dynamically created. At a desired time, for example, when the client requests for a client tree representation, the server creates the client tree representation using a peeling process to determine which nodes in the server actor tree should be included in the client tree representation. The peeling process involves determining the server actor nodes that meet a set of criteria for the particular client. The generated client tree structure contains objects that are shipped via a secured communication interface to the client in a tree structure.

In one embodiment of the present invention, a messaging program at a remote computer can send a first message to a portal computer according to a one-way protocol such as HTTP. A portal program at the portal computer can receive the first message and determine if information should be sent to the portal computer. If so, the portal computer can generate a reply message that includes the information and send the reply message to remote computer on the same connection over which the first message was received. In this manner, the portal computer can send configuration control information and other information to the messaging program without requiring leased lines, dial-up connections or a VPN. Moreover, since the communication according to the one-way protocol was initiated at the remote computer, a firewall will allow the remote computer to receive the reply message.

The invention relates to a subscriber identity module for a mobile communication terminal, comprising a processing device, a memory device, an I/O device and a wireless communication device, in particular an interrogatable transponder such as an RFID transponder. The RFID transponder is operatively controllable by said processing device, and comprises a memory which contains identification data, configurable by the processing device. The RFID-enabled subscriber identification module may be used as an authentication token. A method for providing secure communications between the subscriber identification module and an RFID interrogating device is also provided.

A security platform connected to a private network permits access to the private network from a public network (such as the Internet) through a variety of mechanisms. A reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the public network. The reverse proxy rewrites requests and responses so that the browser directs requests to the reverse proxy, from which the requests can be directed to the appropriate server on the public network or the private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling system permits fat clients to access the private network through an SSL connection. The SSL tunneling system employs a server component operating on the security platform and components downloaded to the client computer from the security platform. The client components include a control component operating in a browser window, a server-proxy component that sets up secure communications with the private network, and an adapter component between the server-proxy and the fat client. The adapter component operates in kernel space. Data is directed from the fat client to the adapter, and then forwarded to the server-proxy; data from the server-proxy is directed to the adapter, and then forwarded to the fat client. Security is provided through the use of multiple authentication realms, each of which provides a set of authentication stages for authenticating users and providing client integrity validation.

A method for secure communications between a client and a server. The method includes the steps of managing a communications negotiation between the client and the server; receiving encrypted data packets from the client; decrypting each encrypted packet data; forwarding unencrypted data packets to the server; receiving data packets from the server; encrypting the data packets from the server; and forwarding encrypted data packets to the client. In a further embodiment, an apparatus communicating with a client via a public network and communicating with one of a plurality of servers via a secure network is disclosed. The apparatus includes a network communications interface, at least one processor, programmable dynamic memory, and a communications channel coupling the processor, memory and network communications interface. In addition, the apparatus includes a client/server open communications session manager, a client secure communication session manager, a client/server secure communications session tracking database; and a data packet encryption and decryption engine.

An apparatus for capturing and storing medical emergency information under the adverse circumstances of the emergency scene, without relying on multiple computers and remote communications for support during use. To accomplish data capture and storage, use of a single ruggedized hand held computer with a graphical user interface employing a touch sensitive display screen, and pen stylus for simplifying documentation of patient demographic, history and medications data, focal patient complaints and problems, vital signs, physical exam findings, medication administration, routes and quantities, motorized vehicle crash history, case disposition, emergency crew, and case review and notes. Collection of focal patient complaints and problems is simplified through a body graphical user interface. Easily accessed reference databases for drugs and protocols support the emergency medical technician. Handwriting recognition, signature capture and numerical data entry enable obtaining of necessary crew and patient signatures and other data, including patient refusal of care. Through the use of a variety of secure communication interfaces, printing or transfer of all data collected is provided to other systems. Full compliance with NHTSA and Utstein minimal data reporting set requirements.

An integrated medication management and compliance system for enabling a care provider to remotely manage and deliver individual doses of medications to a patient, in a non-sequential fashion. The system includes delivery apparatus remotely located from the care provider, wherein the apparatus stores a plurality of sealed unit dose packages that are delivered to a patient at a scheduled dosing time. The delivery apparatus is coupled to a control facility and to a computer terminal of the care provider by way of a secure communications network. The system enables the patient's medication regimen to be remotely tailored in real-time to accommodate fluid medical conditions.

A communication patching system includes a platform configured to support a plurality of cables and a first panel pivotably mounted to the platform, the first panel having at least one holder for securing communications adapters to the first panel. A first set of communications adapters is connected to the platform, and a second set of communications adapters mounted in the at least one holder. The first panel is pivotable between a first position in which the second set of communications adapters is spaced from the first set of communications adapters by a first distance and a second position in which the second set of communications adapters is spaced from the first set of communications adapters by a second distance greater than the first distance.

Methods and systems are provided to link two Universal Plug and Play (“UPnP”) networks to enable the devices in one to communicate directly with the devices in the other. Specifically, a mobile station visiting a first UPnP network may establish communication with a second UPnP network via Web Services (“WS”) protocol with a network gateway of the second UPnP network. The UPnP devices in the first UPnP network can then communicate with those in the second. According to another aspect, a secure communication link is provided between the UPnP network and the remotely located mobile station. Specifically, a network gateway acts as an entry point to the UPnP network and authenticates and authorizes messages from the mobile station. According to yet another aspect, a mobile station lacking UPnP capabilities can communicate with UPnP devices using a network gateway that converts between WS messages and UPnP commands.

Some embodiments are implemented in a communication system that includes a first wireless communication system and a second wireless communication system that includes a Femtocell access point (FAP) and a network controller that can communicatively couple the FAP to the first wireless communication system. In some embodiments, the network controller can communicatively couple to the first wireless communication system through a UTRAN Iu interface. In some embodiments, the FAP can communicatively couple to a user equipment using a short-range licensed wireless frequency. Some embodiments provide method of securing communication between the FAP and the network controller. The method establishes a secure tunnel between the FAP and the network controller. The method communicatively couples the FAP and several user equipments (UEs) to the network controller by using the secure tunnel. The UEs are communicatively coupled to the FAP through an air interface.