82results about "Security arrangement" patented technology

A mobile ad-hoc network (MANET) may include a plurality of nodes for transmitting data therebetween and a policing node. The policing node may detect intrusions into the MANET by monitoring transmissions among the plurality of nodes to detect transmissions during an unauthorized period and generate an intrusion alert based thereon. The policing node may also detect intrusions based upon one or more of integrity check values which do not correspond with respective data packets, usage of non-consecutive media access control (MAC) sequence numbers by a node, and collisions of packet types and/or MAC addresses.

A communication apparatus capable of easily identifying a communication partner and securely sharing a session key between the communication apparatus and the communication partner even if the communication apparatus has a processing power that is not so high includes a short-range active communication unit 101 transmitting an inquiry signal to a short-range external communication apparatus by electromagnetic waves and waiting for a response to the inquiry signal; a long-range communication unit 104 capable of communication by the electromagnetic waves in a range wider than the communication area of the short-range active communication means; a switching unit 111 switching to either the short-range active communication unit or the long-range communication unit; and an asymmetric key generator 102 generating a pair of an encryption key and a decryption key corresponding to the encryption key. The communication apparatus is characterized by using the decryption key to decrypt an encrypted session key transmitted from the external communication apparatus and transmitting to the external communication apparatus a communication switching request signal to request the switching to the long-range communication unit and communication by using the long-range communication unit.

An apparatus and method are disclosed for variable authentication requirements. The apparatus includes an operating status module identifying a change in an operating status of a device and maintaining a history of operating statuses, and an access control module comparing a current operating status with a previous operating status. The apparatus also includes a profile module maintaining a trust indicator for each operating status. The access control module determines a level of authentication required to unlock the device in response to the trust indicator associated with the current operating status. The method includes identifying a change in an operating status of a device and maintaining a history of operating statuses, and comparing a current operating status with a previous operating status. The method also includes maintaining a trust indicator for each operating status, and determining a level of authentication required to unlock the device in response to the trust indicator associated with the current operating status.

Disclosed herein is a system and method for communicating data from a base computer to a remote device via a central server system without the necessity of specialty software on the remote device. Remote devices such as laptop computers and cellular telephones communicate with the central server system, while the central server system likewise communicates with base computers. Communications between the central server system and the base computers are facilitated by an intermittent query from base computers to the central server system in a manner which allows communication even in a firewall-constrained environment. The system and method provides a means for facilitating both persistent connections and dialup communications between the base computers and the central server system.

The invention relates to a method, which comprising initiating the establishment of a security association between a client node and a gateway node. User data is obtained from an authentication server and the user is au-thenticated. Authorization is obtained for the user for certain network services from a separate authorization node. An authorized address is provided to the client node. The authorization is checked by the gateway node for the allowing outbound packets to specific destinations.

Embodiments of the invention provide key distribution and authentication methods, devices and systems. The methods comprise the following steps that a business center server receives a first key request message sent by a user management server, generates a first-layer key of the user management server according to the first key request message and sends the first-layer key to the user management server; and the user management server generates a second-layer key of a terminal device according to the first-layer key and sends the second-layer key of the terminal device to the terminal device in order to make the terminal device and a network authentication server carry out mutual authentication according to the second-layer key. The business center server and the user management server distribute the different keys to each terminal device, each terminal device carries out mutual authentication with the network authentication center based on the respective key, and a communication key of the terminal device and a function network element is finally obtained, a method for establishing a safety communication channel is provided for the terminal device, and the application range is wide.

Disclosed is a method for a security configuration in a wireless communication system and an apparatus using the same. Specifically, in a method for performing a security configuration by a UE (User Equipment), the method may comprise steps of transmitting a security capability of the UE to a network, receiving security information determined by the network from the network, and determining an action of the UE, based on a configuration of a security control configured in the UE and the security information received from the network, and the configuration of the security control may includes a security capability item, a control condition of the security capability item, and the action of the UE in accordance with the control condition.

A disclosure of the present specification provides a method in which a network node processes an access request from a user equipment (UE). The method may comprise the steps of: receiving an access request message from a UE; and selecting a control plane (CP) function node on the basis of information associated with the UE, in response to the access request message. Here, the selected CP function node may perform a common or basic function, which is shared among slice instances of a network. Each slice instance may include a service-specific or non-common CP function node, which is not shared with other slice instances. The method may include a step of transferring the access request message to the selected CP function node.

The invention discloses a telecommunication fraud prevention system and method based on big data and machine learning. The system comprises a mobile terminal, a big data analysis terminal and a fraud interdiction governance terminal, wherein the mobile terminal is used for performing fraud detection determination on current telecommunication data according to predetermined constraint rules when receiving a short message or an incoming call message, a machine learning algorithm is adopted to detect whether the telecommunication data is a telecommunication fraud, and if the detection result is that the telecommunication data is determined as a telecommunication fraud, fraud data information is uploaded to the big data analysis terminal; the big data analysis terminal is used for performing real-time statistics on the fraud data information uploaded and reported from the mobile terminal and sending fraud early-warning information to the fraud interdiction governance terminal according to a bank card account or/and a phone number with the number of received reports exceeding a certain threshold value; and the fraud interdiction governance terminal is used for taking corresponding measures in time to interdict occurrence of a telecommunication fraud event when receiving the fraud early-warning information. The system can unite the mobile terminal, an operator, a public security institution, a bank and other institutions, quick and effective prevention can be realized, and the telecommunication fraud can be cracked down in time.

The invention discloses a safety authentication method and a safety authentication system for a wireless network. The system comprises a signal fingerprint monitoring and processing module and a wireless network access authentication module at an access point. The method comprises the following steps that: at a network access point, the signal fingerprint monitoring and processing module performsdown-conversion and digitized sampling on a detected steady-state communication signal and extracts the conventional signal characteristic and the spurious signal characteristic of the steady-state signal by a communication signal processing method; after a higher-dimension spurious signal characteristic is reduced and optimized, the conventional signal characteristic and the spurious characteristic are fused into a steady-state signal fingerprint; and a signal fingerprint matching and safety authentication module matches the monitored steady-state fingerprint of unknown communication equipment and provides a corresponding safety strategy service according to a recognition result by a network authentication protocol. The method and the system are used for performing safety authentication on wireless communication equipment and enhancing the safety of a wireless communication network in combination with a software authentication system and have the characteristics of high concealment, high stability and safe management.

In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.

The invention discloses a backup method, a mobile terminal and a backup system for contact person information. The backup method for the contact person information comprises the following steps of: deriving information of one or more contact persons in an address book of the mobile terminal; encrypting the derived information of one or more contact persons; uploading the encrypted information of one or more contact persons to a cloud server; downloading the encrypted information of one or more contact persons from the cloud server by the mobile terminal or another mobile terminal; and successively encrypting the downloaded and encrypted information of one or more contact persons by users and then looking up the decrypted information of one or more contact persons, only saving the decrypted information of one or more contact persons, or looking up and then saving the decrypted information of one or more contact persons by the users. According to the backup method, the mobile terminal and the backup system disclosed by the invention, the information of the contact persons can be backed up to the cloud server and the information of the contact persons, which are backed up by the person or other people, can be downloaded from the cloud server and saved.

The embodiment of the invention provides an authentication method and system which are applied in a Dynamic Host Configuration Protocol (DHCP), wherein the method comprises the following steps: a DHCP server receives a DHCP DISCOVER message from a DHCP client, wherein the DHCP DISCOVER message contains first information encrypted by a DHCP client; the DHCP server acquires a digital certificate corresponding to the DHCP client from an authentication server, and using a public key of the digital certificate to decrypt and verify the first encrypted information; the authentication of the DHCP client is finished if the verification is successful; the DHCP server sends a DHCP OFFER message to the DHCP client so that the DHCP client decrypts and verifies the second encrypted information, wherein the DHCP OFFER message contains second encrypted information; and the authentication of the DHCP server is implemented if the verification is successful. According to the application of the embodiment of the invention, the DOS (Denial of Service) attack is avoided, and the preset shared key is prevented from being used for authentication, therefore, the safety of the DHCP is further guaranteed.

A communication method is between a handset device having a slot hosting a first IC card, and a second IC card. The method uses a plurality of commands based on a handset device-IC card interface and intended to drive a communication between the first IC card and the handset device. The method may include providing a second device, including a slot for hosting the second IC card, providing the first IC card and the second IC card with a wireless personal interface supporting a wireless communication, and inserting the second IC card inside the slot. A communication between the handset device and the second IC card is driven by forwarding a command received by the first IC card on the handset device/IC card interface to the wireless personal interface.

The invention discloses a telecommunication broadband wireless network access method and wireless network access equipment and aims at providing a shared telecommunication wired access broadband to simultaneously provide a shared broadband access circuit service for wired broadband contracted users and public wireless roaming users. The invention uses the following method to realize the wireless broadband access: the public wireless roaming user can get an access to the wireless network access equipment through a special wireless interface; and after the necessary information processing, the public wireless roaming user can get an access to operator certificate and service devices via a broadband route rented by the wired user to complete the data recovery, security certificate and public network service provision. The wireless network access equipment comprises more than one wireless circuit access modules which can identify internal users and public roaming users through special design; the wireless network access equipment can lead the identified internal users to be linked with an internal local area network firstly; and for identified external roaming users, the wireless network access equipment provides public network broadband services by building up a link which is connected with the certificate and service device of the telecommunication operator via a wired broadband circuit.

The invention is applicable for use in conjunction with a system for connected vehicle communications in which each vehicle in the system is issued a limited number of unique pseudonym certificates that are used by the vehicle to establish trust in messages sent by the vehicle by signing each message with a pseudonym certificate. A method is set forth for selecting a pseudonym certificate for use, from among the vehicle's pseudonym certificates, so as to protect the privacy of the vehicle's activity against attacks by eavesdroppers, including the steps of: tracking and storing vehicle location data; computing, from inputs that include the vehicle location data, the vehicle's relative achievable anonymity in particular geographical regions; prioritizing the pseudonym certificates; and selecting a pseudonym certificate for use from among the pseudonym certificates having a priority that is determined by the relative achievable anonymity for the geographical region in which the certificate is to be used. The method includes authenticating a safety message using the selected pseudonym certificate, and transmitting the authenticated message.

A system and method for mobile application virtualization. The system includes a server based architecture for mobile application virtualization. The architecture includes a single operating system instantiation resident on a server computer system. The single operating system includes a session management module and a plurality of service modules. The architecture further includes a plurality of user sessions each session comprising a plurality of applications and a unique session ID. The plurality of user sessions are operable to call services of the single operating system. The architecture further includes a plurality of virtual device sets each set comprising a unique session ID and associated with a respective user session of the plurality of user sessions. Upon receiving an application programming interface (API) call from an application of a first user session to a first service module of the plurality of service modules, the single operating system is operable to map the API call to a first set of virtual devices that shares a same session ID as a session ID of the first user session for fulfillment of the API call by the first service module.

A method of managing a file of a subscriber authenticating module embedded in a terminal device and a module for authenticating a subscriber by using the method. The method of managing the file includes configuring a file structure for one or more profiles and managing one or more files included in the file structure in response to a request. Thus, the method is efficient for a multiple-profile environment.

A cryptographic device may include a cryptographic module and a communications module removably coupled thereto. The cryptographic module may include a first housing and a first connector carried thereby, and the communications module may include a second housing and a second connector carried thereby and being removably mateable with the first connector of the cryptographic module.

A method and system for detecting manipulation when control data are transmitted from a first control unit to a second control unit via a network, which includes generating integrity check information data for the control data transmitted by the first control unit via an integrity check generating unit on the transmitter side, calculating a cryptographic checksum for the integrity check information data generated on the transmitter side via the integrity check generating unit, transmitting the integrity check information data and the cryptographic checksum to an integrity check verifying unit that verifies the cryptographic checksum on the receiver side, generating integrity check information data on the receiver side for the control data received by the second control unit using the integrity check verifying unit, and comparing the integrity check information data and the integrity check information data with the cryptographic checksum to detect the manipulation of the transmitted control data.

The invention provides an interference blocking scheme switching method for millimeter wave cellular network uplink secure transmission. The interference blocking scheme switching method specificallycomprises the following steps: the step 1, taking an optimal cooperative user in K-1 cooperative users to carry out interference blocking and taking full duplex interference blocking of a base stationas an interference blocking scheme respectively; the step 2, calculating the safety throughput of a communication link when the K-1 cooperative users in the step 1 interfere, and taking the cooperative user corresponding to the maximum safety throughput as an interference node of an interference blocking scheme, meanwhile, calculating the safety throughput during full duplex interference of the base station in the step 1; and the step 3, comparing the communication link security throughput obtained in the step 2 with the communication link throughput when the base station interferes, and taking the interference blocking scheme corresponding to the maximum security throughput as the interference blocking scheme of the current time slot; According to the invention, the safety throughput istaken as an evaluation index, and the user position information is utilized to efficiently and flexibly switch between the two interference blocking schemes, so that the system always works in an environment with the optimal safety throughput.

A masklike device that provides privacy to a user during a telephone conversation conducted while the user is in a public location, and that prevents the user from making utterances or noises that would disturb others in close proximity (e.g., a distance that would normally be considered within earshot) of the user.