Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: System and methods for managing trust in access control are based on a user identity, in a Universal Plug and Play (UPnP) network. A device has an access control list (ACL), a trusted-to-identify access control list (TIA), and a first TIA management module configured to manage the TIA. A security console is communicatively coupled to the device via the network. The security console has a second TIA management module. The first TIA management module is able to implement an add request from the security console for adding an entry to the TIA. The entry includes a control point identity for a control point communicatively coupled to the device via the network.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: System and methods for managing trust in access control are based on a user identity, in a Universal Plug and Play (UPnP) network. A device has an access control list (ACL), a trusted-to-identify access control list (TIA), and a first TIA management module configured to manage the TIA. A security console is communicatively coupled to the device via the network. The security console has a second TIA management module. The first TIA management module is able to implement an add request from the security console for adding an entry to the TIA. The entry includes a control point identity for a control point communicatively coupled to the device via the network.

Abstract: Disclosed are a system and method for aggregating micropayment hash chains. An end user (the “payer”) cryptographically signs “commitments” and transmits then to a vendor. The commitments include an “accumulated count” field which tracks the total number of micropayments made thus far in the payment transaction between the payer and the vendor. The payer can also transmit payment tokens to the vendor. These payment tokens include micropayments verified by a hash chain. When the vendor seeks reimbursement from a broker, the vendor tells the broker the total number of micropayments in the payment transaction and sends verification information to the broker. The broker checks this information against a verification system established with the payer. If the information is verified to be correct, then the broker reimburses the vendor for the services provided and charges the payer. The verification information ensures that the payer and vendor cannot cheat each other.

Abstract: A machine-implemented method of providing dynamic access to network services may include receiving a request from a client for a type of network service, monitoring an amount and type of network service being provided to the client, and receiving incremental payments from the client for the network service being provided as the network service continues to be provided. The method may include dynamically modifying access to the network service for the client based on a set of rules. The rules may be based on one or more of the monitored amount of network service, the type of network service, and the payments received.

Abstract: A method and apparatus for a middleware approach to the asynchronous and backward-compatible detection and prevention of Address Resolution Protocol (ARP) cache poisoning is presented. In a Streams-based network subsystem, such as found in the Solaris 2.6 operating system, a Cache Poisoning Checker (CPC) streams module, a CPC streams driver and a CPC user-level application are implemented. The CPC streams module is implemented in a protocol stack that pertains to ARP and is designed to intercept ARP traffic in both the upward and downwards directions that are dictated by the respective Internet Protocol and Ethernet drivers in the network subsystem. The CPC streams driver acts to provide an interface between the CPC streams module and the CPC user-level application. The CPC user-level application gives access to the local ARP cache and raises alarms if an ARP cache attack is detected.