A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection. The client exchanges the cryptographically protected application data with a service application via the cryptographically protected network connection. The client and service applications acquire matching application-layer cryptographic keys by leveraging shared secrets negotiated as part of establishing the cryptographically protected network connection. The shared secrets may include information that is negotiated as part of establishing a TLS session such as a pre-master secret, master secret, or session key. The application-layer cryptographic keys may be derived in part by applying a key derivation function, a one-way function or a cryptographic hash function to the shared secret information.

A method of transmitting an electronic attack signal includes obtaining channel information about each of objects to be attacked, generating a beamforming matrix, based on the channel information, determining respective intensities of electronic attack signals to be respectively transmitted to the objects, based on the channel information and the beamforming matrix, and transmitting the electronic attack signals of the intensities respectively determined for the objects to the objects, respectively.

A method of transmitting an electronic attack signal includes obtaining channel information about each of objects to be attacked, generating a beamforming matrix, based on the channel information, determining respective intensities of electronic attack signals to be respectively transmitted to the objects, based on the channel information and the beamforming matrix, and transmitting the electronic attack signals of the intensities respectively determined for the objects to the objects, respectively.

A light enabled security system for allowing a user device access to files or data on a network, each user device having a user ID and each file/data having a file/data ID. The system has a plurality of light enabled user access points for allowing access to the network via a light communication channel, each light enabled user access point being associated with a unique location ID, and each being operable to construct a network access request in response to a file/data request from a user device, the network access request including the user device ID, the unique user access point location ID and the requested file ID. The system is adapted to receive the network access request and use it to determine whether access to the file/data is allowed or denied based on the user ID, the location ID and the file ID.

A method in a receiver includes receiving from a transmitter a sequence of communication packets, which carry data encrypted with an encryption scheme. The encryption scheme depends on a counter value that is incremented independently by each of the transmitter and the receiver. Attempts are made to decrypt the data of a received packet multiple times using different, respective counter values, to produce multiple respective decrypted outputs. A decrypted output in which the data has been decrypted correctly is identified, the counter value is corrected, and the data of the received packet is recovered from the identified decrypted output.

A method in a receiver includes receiving from a transmitter a sequence of communication packets, which carry data encrypted with an encryption scheme. The encryption scheme depends on a counter value that is incremented independently by each of the transmitter and the receiver. Attempts are made to decrypt the data of a received packet multiple times using different, respective counter values, to produce multiple respective decrypted outputs. A decrypted output in which the data has been decrypted correctly is identified, the counter value is corrected, and the data of the received packet is recovered from the identified decrypted output.

A method of secure communication in a transmitter, includes determining a method of generating a training sequence that is shared with a receiver. The method further includes generating the training sequence based on the method of generating the training sequence, and secret information. The method further includes communicating with the receiver based on channel information derived from the training sequence.

A method of secure communication in a transmitter, includes determining a method of generating a training sequence that is shared with a receiver. The method further includes generating the training sequence based on the method of generating the training sequence, and secret information. The method further includes communicating with the receiver based on channel information derived from the training sequence.

A method, computer-readable storage device and apparatus for encrypting a broadcast message of a base station are disclosed. For example, the method selects an encryption key for the broadcast message and encrypts the broadcast message using the encryption key to create an encrypted broadcast message. The method then transmits an identifier of the encryption key and transmits the encrypted broadcast message over a broadcast channel. A method for decrypting a broadcast message that is encrypted is also disclosed.

A method, computer-readable storage device and apparatus for encrypting a broadcast message of a base station are disclosed. For example, the method selects an encryption key for the broadcast message and encrypts the broadcast message using the encryption key to create an encrypted broadcast message. The method then transmits an identifier of the encryption key and transmits the encrypted broadcast message over a broadcast channel. A method for decrypting a broadcast message that is encrypted is also disclosed.