Abstract: A method for managing data communication between a communication device (102) and another device (112) in a communication network, comprises providing (500) data for transmission by the communication device (102), and controlling by at least one secure management element (300, 304) operating in a secure environment (218) in the communication device the transmission of the provided data by the communication device so as to manage data transmitted by the communication device. The step of controlling may include at least one of controlling an amount of data transmitted, controlling a time of transmission of data and controlling a periodicity of transmission of data. A communication device and a method of managing data received by a communication device are also described.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: System and methods for managing trust in access control are based on a user identity, in a Universal Plug and Play (UPnP) network. A device has an access control list (ACL), a trusted-to-identify access control list (TIA), and a first TIA management module configured to manage the TIA. A security console is communicatively coupled to the device via the network. The security console has a second TIA management module. The first TIA management module is able to implement an add request from the security console for adding an entry to the TIA. The entry includes a control point identity for a control point communicatively coupled to the device via the network.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: Systems and methods for providing secure identity authentication amongst devices using identity information contained therein to facilitate data synchronization amongst the user devices, wherein the identity information in the devices are compared for authentication but not actually transmitted or exposed for unauthorized access to such information and to the devices.

Abstract: A method for managing data communication between a communication device (102) and another device (112) in a communication network, comprises providing (500) data for transmission by the communication device (102), and controlling by at least one secure management element (300, 304) operating in a secure environment (218) in the communication device the transmission of the provided data by the communication device so as to manage data transmitted by the communication device. The step of controlling may include at least one of controlling an amount of data transmitted, controlling a time of transmission of data and controlling a periodicity of transmission of data. A communication device and a method of managing data received by a communication device are also described.

Abstract: A method and apparatus for modifying a color of an electronics housing (104) based on the device security, authentication, and/or authorization is provided herein. During operation a device (100) will repeatedly gather a current security status and then modify a color or pattern of the housing based on the security status. Because the color of an electronics device indicates the current security, authentication, and/or authorization level, a user of the device can easily determine their security, authentication, and/or authorization level.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: System and methods for managing trust in access control are based on a user identity, in a Universal Plug and Play (UPnP) network. A device has an access control list (ACL), a trusted-to-identify access control list (TIA), and a first TIA management module configured to manage the TIA. A security console is communicatively coupled to the device via the network. The security console has a second TIA management module. The first TIA management module is able to implement an add request from the security console for adding an entry to the TIA. The entry includes a control point identity for a control point communicatively coupled to the device via the network.

Abstract: Systems and methods for providing secure identity authentication amongst devices using identity information contained therein to facilitate data synchronization amongst the user devices, wherein the identity information in the devices are compared for authentication but not actually transmitted or exposed for unauthorized access to such information and to the devices.

Abstract: A machine-implemented method of providing dynamic access to network services may include receiving a request from a client for a type of network service, monitoring an amount and type of network service being provided to the client, and receiving incremental payments from the client for the network service being provided as the network service continues to be provided. The method may include dynamically modifying access to the network service for the client based on a set of rules. The rules may be based on one or more of the monitored amount of network service, the type of network service, and the payments received.

Abstract: During a first time interval, an authentication system produces a fingerprint of a first application, encrypts it and stores the encrypted fingerprint in a memory. In second time interval the authentication system produces a fingerprint of a second application, and retrieves the encrypted fingerprint of the first application from the memory. The encrypted fingerprint of the first application is decrypted to recover the fingerprint of the first application. The second application is authenticated if the fingerprint of the first application is equal to the fingerprint of the second application. The fingerprint may include a hash value of the program of computer instructions of the application. The fingerprint of the first application may be encrypted using an embedded secret key of the authentication system.

Abstract: A preferred technique includes a digital content rendering device (100) and a method used in the device, including acquiring (305) an encrypted digital content (105), acquiring (305) a set of rules (110) associated with the encrypted digital content that specify permissions involving at least one level of rendering of the digital content that are based on a comparison of a set of specified locations with a sensed location, acquiring (305) an encrypted content key (120), extracting (315) the digital content, determining (330) a sensed location of the content rendering device, performing comparisons (335) of the sensed location to each of the set of specified locations; and determining (340) a level of rendering of the digital content in accordance with the set of rules, based on results of the comparisons.

Abstract: Encryption keys are transferred by obtaining a public and private key pair (42, 65) from a source device (21, 61). The public key is transmitted (42, 65) from the source device (43, 66) to a target device (23, 62). The target (23, 62) obtains a traffic key (44, 67) stored within the target device (23, 62). The traffic key is encrypted (45, 68) within the target device using the public key. The encrypted traffic key is transmitted to the source device (46, 69) where it is decrypted (47, 70) using the private key. The replacement encryption key(s) is(are) encrypted using the traffic key by the source device (48, 71) forming an encrypted replacement key message which contains a target slot identification for each of the replacement encryption keys. The encrypted replacement key message is transmitted to the target device (49, 72) where the replacement encryption key(s) is(are) recovered (50, 73). The replacement encryption key(s) is(are) then stored at the target device in an identified target slot (51).

Abstract: Encryption keys are transferred by obtaining a public and private key pair (42, 65) from a source device (21, 61). The public key is transmitted (42, 65) from the source device (43, 66) to a target device (23, 62). The target (23, 62) obtains a traffic key (44, 67) stored within the target device (23, 62). The traffic key is encrypted (45, 68) within the target device using the public key. The encrypted traffic key is transmitted to the source device (46, 69) where it is decrypted (47, 70) using the private key. The replacement encryption key(s) is(are) encrypted using the traffic key by the source device (48, 71) forming an encrypted replacement key message which contains a target slot identification for each of the replacement encryption keys. The encrypted replacement key message is transmitted to the target device (49, 72) where the replacement encryption key(s) is(are) recovered (50, 73). The replacement encryption key(s) is(are) then stored at the target device in an identified target slot (51).

Abstract: A wireless electronic commerce system (10) comprising a wireless gateway (18) to a wireless network (19) with which a wireless device (11) having a unique client identifier (ID) is capable of communicating. A server (15) or servers (15 and 16) is/are coupleable to the wireless gateway, delivering content items (e.g. software products) to the wireless device (11) and maintaining digital content certificates for content items and digital license certificates for licenses for the content items. The server maintains, for each wireless client associated with the system, a record of licenses for that client and a record of content items associated with each license.