Abstract: Various systems and methods for managing identity credentials on a mobile device are described herein. A verifier device may perform operations including receiving one or more data elements associated with a credential, wherein the data elements are signed with a signature associated with an issuer of the data elements, analyzing the signature to determine a confidence score, the confidence score enumerated into a plurality of confidence levels, configuring a verification process based on the confidence score, and executing the verification process.

Abstract: A method comprises transferring information that includes a response uniform resource locator (URL) between a primary device and a secondary device using a primary communication channel between the primary device and the secondary device; determining, using the secondary device, status of connectivity of a network separate from the primary communication channel; transmitting, by the secondary device, a response to a request from the primary device via the network using the response URL when the status indicates the network is available, and transmitting the response via the primary communication channel when the status indicates the network is unavailable.

Abstract: A computing device implemented method of identity authentication comprises receiving a biometric token; performing a biometric capture of a user; converting the biometric capture into a biometric bitstream; recovering a predictable seed of data using the biometric bitstream and the biometric token; using the recovered predictable seed of data to produce challenge response data sent to a verifier device in response to a challenge message received from the verifier device; and verifying the challenge response data using identity data of the user.

Abstract: Various systems and methods for using credentials are described herein. In an example, the system is configured to generate and issue electronic credentials that may include aggregate credentials from various issuers. In another example, a query statement is used to express relationships between credential data elements and obtain a subset of data corresponding to the query.

Abstract: Various systems and methods for managing identity credentials on a mobile device are described herein. A verifier device may perform operations including receiving one or more data elements associated with a credential, wherein the data elements are signed with a signature associated with an issuer of the data elements, analyzing the signature to determine a confidence score, the confidence score enumerated into a plurality of confidence levels, configuring a verification process based on the confidence score, and executing the verification process.

Abstract: Various systems and methods for securely sharing private information are described herein. A method of using disambiguation data to confirm the association with an online web service prior to engaging in a transaction, includes receiving, at an unresolved credential application executing on a mobile device, a disambiguation payload, wherein the disambiguation payload is purportedly associated with a web service, and wherein at least a portion of the disambiguation payload is signed with a cryptographic key associated with the web service; extracting a network location from the disambiguation payload; obtaining verification data from a resource at the network location to verify the web service; and validating the disambiguation payload using the verification data.

Abstract: Method for utilizing digital content is provided. The method includes controlling a throughput rate for utilizing the digital content by an accessing system, where the throughput rate is associated with information related to the digital content and is stored as a file. The throughput rate is controlled by a storage system that is operationally coupled to the accessing system.

Abstract: A method and system of managing data in a storage device is provided. The method includes receiving a request to store content in a storage device. If the content is discardable content, the content is divided into a plurality of discardable data objects, each associated with at least one type of discarding priority data. The discardable data objects in the storage device are managed based on the discarding priority data associated with each discardable data object. Management of discardable objects may include selection and deletion of discardable objects based on discarding priority data, as well as further subdivision of existing discardable objects, to maintain a desired amount of free space on the storage device. The system may include a host having a processor and a storage device interface configured to execute the method, or a storage device having a processor configured to execute the disclosed methods.

Abstract: A method and system of managing data in a storage device is provided. The method includes receiving a request to store content in a storage device. If the content is discardable content, the content is divided into a plurality of discardable data objects, each associated with at least one type of discarding priority data. The discardable data objects in the storage device are managed based on the discarding priority data associated with each discardable data object. Management of discardable objects may include selection and deletion of discardable objects based on discarding priority data, as well as further subdivision of existing discardable objects, to maintain a desired amount of free space on the storage device. The system may include a host having a processor and a storage device interface configured to execute the method, or a storage device having a processor configured to execute the disclosed methods.

Abstract: In some implementations, a method receiving, from a NFC system integrated into a mobile device, a notification of a detected RF field from a terminal or an NFC tag. A transaction element inserted into an external port of the mobile device receives the notification. A transaction is performed using information and a transaction application stored in a secure element in the transaction card.

Abstract: In order to create and access a secure storage account in a non-volatile memory device, an account identification value is calculated. A memory identification value is read from a first non-volatile memory device. The memory identification value and the account identification value are transmitted to a second non-volatile memory device, and a calculated credential is received. A command is transmitted to create a secure storage account in the first non-volatile memory device, where the command contains the credential and the account identification value. To access the account, a sequence is transmitted, containing the account identification value and a value based on the credential. A secure storage system contains a first non-volatile memory device that stores a memory identification value and contains a secure partition accessible using a credential, a second non-volatile memory device that can compute the credential, and a host adapted to create and access the secure partition.

Abstract: One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file.

Abstract: Systems and methods of predictive data acquisition are disclosed. A personal proxy server is configured to acquire first data in response to a first request to access the first data and to acquire second data prior to receiving a second request to access the second data. The first request and the second request are received from a common source. The personal proxy server is also configured to store the acquired first data and the acquired second data so that the acquired first data and the acquired second data are accessible to the personal proxy server.

Abstract: Method for utilizing digital content is provided. The method includes controlling a throughput rate for utilizing the digital content by an accessing system, where the throughput rate is associated with information related to the digital content and is stored as a file. The throughput rate is controlled by a storage system that is operationally coupled to the accessing system.

Abstract: A memory device is provided. The memory device includes a memory configured to store information. The memory device also includes a memory controller in communication with the memory. The memory controller is configured to encrypt the information to define a parameter and access an account on a second memory device based on the parameter to gain access to content. The content is stored in the second memory device and the memory device and the second memory device are configured to be removably coupled to a computing device.

Abstract: A method and system of binding content at first access is disclosed. A non-volatile storage device may provide a content access script and a content binding script in order to access protected content. An accessing application may attempt to access the protected content by executing a content access script. The accessing application must have permission to access and execute the content access script. If the accessing application cannot access or execute the content access script, the accessing application may access and execute the content binding script. The content binding script contains instructions that enable the accessing application to successfully execute the content access script. The content binding script, when executed, may disable itself from being executed again by moving critical information associated with the access to protected data. Thus, the content binding script may be executed once to enable an accessing application to successfully execute the content access script.

Abstract: Method for utilizing digital content is provided. The method includes controlling a throughput rate for utilizing the digital content by an accessing system, where the throughput rate is associated with information related to the digital content and is stored as a file. The throughput rate is controlled by a storage system that is operationally coupled to the accessing system.

Abstract: A method for interfacing with a memory card is provided. In this method, a selection of a program instruction is provided and the program instruction associated with the selection is read from the memory card. The program instruction thereafter is executed. Systems and computing devices for interfacing with the memory card also are described.

Abstract: A mechanism or structure may be provided to divide a memory into partitions and so that at least some data in the partitions can be encrypted with a key, so that in addition to authentication that is required for accessing some of the partitions, access to one or more keys may be required to decrypt the encrypted data in such partitions. All of the content that the user wishes to access may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.

Abstract: An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller.