Abstract: An approach is provided for providing alternative route recommendations for a group of nearby users in a privacy preserving manner. A recommendation platform determines at least one group of one or more users within proximity of at least one location-based service, at least one location-based event, or a combination thereof. A recommendation platform processes and/or facilitates a processing of one or more datasets associated with the group to cause, at least in part, a determination of whether to recommend the at least one location-based service, the at least one location-based event, or a combination thereof to the group. A recommendation platform causes, at least in part, a presentation of the at least one location-based service, the at least one location-based event, or a combination thereof to the group, the one or more users, or a combination thereof based, at least in part, on the determination of whether to recommend.

Abstract: An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session.

Abstract: An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session.

Abstract: An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session.

Abstract: A communication network manages key material. A method generates and provides session keys from a security node to an access node for further propagation during handoff procedures, without requiring the security node to take part in the handoff procedures.

Abstract: An approach is provided for providing alternative route recommendations for a group of nearby users in a privacy preserving manner. A recommendation platform determines at least one group of one or more users within proximity of at least one location-based service, at least one location-based event, or a combination thereof. A recommendation platform processes and/or facilitates a processing of one or more datasets associated with the group to cause, at least in part, a determination of whether to recommend the at least one location-based service, the at least one location-based event, or a combination thereof to the group. A recommendation platform causes, at least in part, a presentation of the at least one location-based service, the at least one location-based event, or a combination thereof to the group, the one or more users, or a combination thereof based, at least in part, on the determination of whether to recommend.

Abstract: A key generation system is disclosed that provides for the generation of privileged group keys based on the input of a privileged group. The system performing the key generation has stored component keys corresponding to every possible subset X of the unitary set, where subsets X have k or fewer members. The privileged group key is generated for the privileged set by passing ordered component keys of subsets X that do not contain members of the privileged set to a pseudo random function.

Abstract: A communication network manages key material. A method generates and provides session keys from a security node to an access node for further propagation during handoff procedures, without requiring the security node to take part in the handoff procedures.

Abstract: A communication network manages key material. A method generates and provides session keys from a security node to an access node for further propagation during handoff procedures, without requiring the security node to take part in the handoff procedures.

Abstract: A method, apparatus, system and computer program product are provided for booting up a system using a secure boot framework. In particular, a secure boot mechanism (i.e., a mechanism that enforces that only authenticated programs and/or events are executed on a particular platform) is provided that has an unlimited number of authorized boot configurations, while requiring only a minimal amount of secure/confidential storage. The secure boot mechanism further provides for the separation of run-time and management functionality, which allows other authorization mechanisms to be plugged-in later on. In addition, the authorized secure boot configurations (i.e., the definition of the secure boot state) can be kept in insecure storage, such as a system disk (e.g., flash memory). Finally, the disclosed secure boot mechanism is further beneficial because it builds upon existing TCG techniques, causing it to require minimal implementation where TCG techniques are implemented.

Abstract: The present invention provides an establishment of a trusted relationship between two mutually unknown communication parties in a communication system without the use of a trusted third party. The invention is based on non-interactive proofs-of-work being purpose-bound for establishing the trusted relationship and cryptographically signing information to be transferred between the communication parties using such proofs-of-work for the solving of a problem instance along with verifying the proofs-of-work and generating a session object for a trusted relationship, when the verifying yields an affirmative result.

Abstract: A process and device are disclosed for depositing sequences of layers comprising a plurality of semiconductor components on a plurality of substrates (1), using a loading chamber (2) for loading a substrate carrier (1) with one or more substrates (1), a plurality of processing chambers (4.1, 4.2, 4.3, 4.4, 4.5), each comprising a gas inlet (5.1, 5.2, 5.3, 5.4, 5.5) for admitting process gases, a gas outlet (6.1, 6.2, 6.3, 6.4, 6.5), a closable loading and unloading opening (7, 8) for loading and unloading substrate carriers (3) carrying one or more substrates (1) into or out of the processing chamber (4.1), and a processing chamber heating system (8), as well as an unloading chamber (9) for unloading the substrate carrier (3) with one or more substrates (1), a conveyor (10.1, 10.2, 10.3, 10.4, 10.5 and 10.6) for conveying the substrate carrier (3) carrying one or more substrates (1) step by step from the loading chamber (2) into one of the first processing chambers (4.1, 4.2, 4.3, 4.4, 4.

Abstract: An improved system and method for efficiently implementing a remotely manageable secure boot on a Trusted Computing Group defined Trusted Platform Module. Various embodiments of the present invention enable a boot process which does not require a dependency on prior RIM certificates, while still requiring a dependency on the sequencing of the boot process.

Abstract: An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session.

Abstract: A method and apparatus for providing a mobile terminal with at least one feature setting. The method comprises steps of storing at least a first check-up data in the mobile terminal; linking at least the first check-up data via a feature lock with at least one feature setting, the feature lock protecting the at least one feature setting of the mobile terminal; in response to receiving a configuration message in the mobile terminal, authenticating a sender of the configuration message with the first check-up data; and in response to the sender of the configuration message being authorized to modify the feature setting of the mobile terminal, supplying a configuration data included in the configuration message via the feature lock to be used by the mobile terminal.

Abstract: The invention is in the field of security and trustworthy computing. The invention relates to a method for managing identities in a device comprising a trusted platform module. In the method an identity related command is used for performing identity related action; a delegation agent, a storage key for secure storage, and a delegation for the identity related command are created. Further, said delegation is sealed using the created storage key to a trustworthy system state; and the sealed delegation is delivered to the delegation agent.

Abstract: The invention relates to method for secure interpretation of a program in an electronic device. An interpreted program is loaded and a stub executable is formed using a prototype stub executable. The stub executable is associated with the interpreted program. At least one second capability also is assigned to the interpreted program and further to the stub executable. The stub executable invokes at least one function in a shared interpreter library to interpret the interpreted program. An interpreter engine checks whether the interpreted program refers an external interpreted program code section. The interpreter engine infers at least one second capability for the external interpreted program code section. The interpreter engine disallows the execution of said external interpreted program code section if said at least one first capability is not a subset of said at least one second capability.

Abstract: An improved system and method for efficiently implementing a remotely manageable secure boot on a Trusted Computing Group defined Trusted Platform Module. Various embodiments of the present invention enable a boot process which does not require a dependency on prior RIM certificates, while still requiring a dependency on the sequencing of the boot process.

Abstract: A content encryption/decryption system is disclosed that provides for the use of multiple DRM rights objects. The disclosed system also provides for use in non-connected, connected and mixed mode transmission models.

Abstract: A key generation system is disclosed that provides for the generation of privileged group keys based on the input of a privileged group. The system performing the key generation has stored component keys corresponding to every possible subset X of the unitary set, where subsets X have k or fewer members. The privileged group key is generated for the privileged set by passing ordered component keys of subsets X that do not contain members of the privileged set to a pseudo random function.