A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.

A method for providing and searching a searchable encrypted database. The system obtains plain text data and first and second encryption keys. The plain text data is parsed using a priori knowledge of the plain text data structure to identify data blocks and associated metadata components. The data blocks are encrypted using the first encryption key to provide encrypted data blocks. The metadata components are encrypted with the second encryption key to provide encrypted metadata components. The encrypted data blocks and encrypted metadata components are stored in a storage vault to provide a searchable encrypted database whilst discarding the plain text data and the first encryption key. A search term is encrypted with the second encryption key to provide an encrypted search term used to search the searchable encrypted database to determine whether it matches one or more of the encrypted metadata components, and a search result is returned.

The present invention provides a method and an apparatus for securing data packets and control messages in a mobile broadband network environment. In one embodiment, a mobile station and a data gateway are peers for securing data packets. That is, security context for data packets is maintained at the mobile station and the data gateway. Further, security processing for data packets is performed by the mobile station and the data gateway. In another embodiment, the mobile station and a base station are peers for securing control messages. That is, security context for control messages is maintained at the mobile station and the base station(s). Further, security processing for control messages is performed by the mobile station and the base station(s).

This invention relates to a method in a communication system comprising a gateway and a server. The method comprises: sending a request for establishment of a communication tunnel from the gateway to the server; transmitting a secret from the server to the gateway in response to receiving the request in the server; establishing a communication tunnel by connecting a tunnel client in the gateway to a tunnel server in the server using the received secret; receiving data from a device connected to the gateway and transmitting at least a portion of the data to the tunnel server via the communication tunnel.

An addressing method is provided, including: determining, by a UE, configuration information of an uplink position signal; and transmitting, by the UE, the uplink position signal carrying an identifier of the UE to a network side in accordance with the determined configuration information, to enable the network side to determine addressing information of the UE in accordance with the identifier of the UE, and address the UE in accordance with the identifier and the addressing information of the UE in the case that it is necessary to address the UE.

Rules are applied at a network perimeter to outbound network communications that contain file attachments. The rules may, in a variety of circumstances, require wrapping of an outbound file from the endpoint in a portable encrypted container. The network perimeter may be enforced locally at the endpoint, or at any network device between the endpoint and a recipient.

In one implementation, a computer-implemented method can identify abnormal computer behavior. The method can receive, at a computer server subsystem and from a web server system, computer code to be served in response to a request from a computing client over the internet. The method can also modify the computer code to obscure operational design of the web server system that could be determined from the computer code, and supplement the computer code with instrumentation code that is programmed to execute on the computing client. The method may serve the modified and supplemented computer code to the computing client.

Systems, methods, and apparatus for a virtual transponder utilizing inband commanding are disclosed. In one or more embodiments, a disclosed method comprises receiving, by a payload antenna on a vehicle via a hosted receiving antenna, encrypted hosted commands transmitted from a hosted payload (HoP) operation center (HOC). The method further comprises receiving, by the vehicle, encrypted host commands transmitted from a host spacecraft operations center (SOC). Also, the method comprises reconfiguring a payload on the vehicle according to the unencrypted host commands and/or the unencrypted hosted commands. In addition, the method comprises transmitting, by the payload antenna, payload data to a host receiving antenna and/or the hosted receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, the encrypted host telemetry to the host SOC. Further, the method comprises transmitting, by a hosted telemetry transmitter, the encrypted hosted telemetry to the HOC via the host SOC.

Described in detail herein are systems and methods for a group of mobile devices including a stateless application virtualizing an instance of a stateful virtual application. In exemplary embodiments, a mobile monitor within a controller is configured to initialize a session between the stateless application of at least one of the mobile devices and the stateful virtual machine of the controller in response to a first request message from the at least one of the mobile devices. The mobile monitor is further configured to intercept a second request message from the at least one mobile device to the controller intended for the stateful virtual machine that includes encrypted data, transmit the encrypted data to a remote system for decrypting the encrypted data, receive the decrypted data from the remote system, and transmit the second request message and the decrypted data to the stateful virtual machine. The stateful virtual machine is configured to receive the second request message and the decrypted data and process the second request message using the decrypted data.

One embodiment provides a system that facilitates mutating and caching content in a CCN. During operation, the system receives, by an intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level. The system re-encrypts the content object based on the encrypted payload and the parameter to obtain a new encrypted payload and a new signature, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload. The system transmits the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object and verify the new signature.