Abstract: Various embodiments of a system and method for a single request and single response authentication protocol are described. A client may send to an authentication server a request to authenticate the identity of a user attempting to access an electronic document protected by a rights management policy. The single request may be generated according to rights management configuration information included within the document. Such rights management information may include one or more parameters for requesting authentication from an authentication server. In response to the request, an authentication server may send a single response to the client. The single response may include information indicating that the identity is authenticated (e.g., a license to access the document, or an encryption key to decrypt the document). The client system may be configured to, in response to the single response, provide access to the document according to the rights management policy.

Abstract: Various embodiments of a system and method for secure password-based authentication are described. The system and method for secure password-based authentication may include an authentication component configured to request and receive authentication from an authenticating system according to a secure password-based authentication protocol. The authentication component may be configured to participate in an attack-resistant password-based authentication protocol such that an attacker who has compromised the authorizing system and/or a communication channel between the authentication component and the authenticating system may not determine a user's password and/or impersonate the user. In one embodiment, the authentication component may be configured to provide its attack-resistant password-based authentication functionality to an application (e.g., through a stand-alone application, plugin, or application extension).

Abstract: A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The security component may send the address of the relying party to a reputation service and query the reputation service about the reputation of the relying party. The reputation service may return reputation information about the relying party. The security component may display an indication of the relying party's reputation. If the reputation information indicates the relying party is reputable, the security component will allow the network-enabled application to exchange information with the relying party. Otherwise, the component may not allow the network-enabled application to exchange data with the relying party.

Abstract: An exoskeleton having a first cuff adapted to be coupled to a user's lower limb is disclosed. The exoskeleton also includes a second cuff adapted to be coupled to the user's upper limb and a third cuff adapted to be coupled to the user's body. A first motor is mounted on the third cuff and has a first motor output coupled to the first cuff. A second motor is mounted on the third cuff and has a second motor output coupled to the second cuff. A processor is operatively coupled to the first and second motors to manipulate the first cuff and the second cuff relative to the third cuff such that the first cuff and the second cuff are able to move the user's lower limb and upper limb. A method of operating the exoskeleton is also disclosed.

Abstract: A method, apparatus and computer program product for providing confidentiality, integrity and authenticity for a video file is presented. An encryption header is produced for the video file, the video file including a plurality of packets that carry content, the encryption header containing information necessary to successfully decrypt the video file. The encryption header is added to the video file. An encryption key is generated from a master key identified in the encryption header and, using the encryption key, individual packets of the video file that carry content are encrypted. The video file comprises one of the group consisting of pre-recorded streaming video, live streaming video and randomly accessed video.

Abstract: A security component may be associated with a network-enabled application. The security component may access a secure store, which may include customization information, which may include one or more graphical user interface customizations defined by a user, and one or more instances of card information. The card information may specify how to authenticate a user's credentials to access a relying party (e.g., web site). The security component may initiate the display of an embedded region of a window drawn by the network-enabled application. At least a part of the appearance of the embedded region of the window may be defined according to the customization information and not by the relying party. The embedded region may provide a user interface for determining user authentication credentials. The customization information and the one or more instances of card information may not be accessible to the relying party.

Abstract: Method and apparatus are described wherein, in one example embodiment, a public key certificate issued by a certificate authority includes at least one characteristic that conforms to at least one rule established for the operation of a public key infrastructure. An attribute certificate is issued to be used to modify the public key certificate in accordance with information contained in the attribute certificate to create a modified public key certificate wherein the at least one characteristic is modified so as to be non-conformant with the at least one rule. According to one example embodiment, the attribute certificates may be distributed by a certificate authority, or embedded in an application that includes an engine that is used to modify the conforming public key certificate.

Abstract: A computerized device can implement a content player to access a content stream using a network interface, the content stream comprising encrypted content and an embedded license comprising a content key encrypted according to a global key accessible by the content player. The content player determines whether a token meeting an authorization condition is present and uses the global key to decrypt the content key only if such a token is present. The authorization condition may be evaluated at least in part based on data included in the content stream. The authorization condition can include presence of a token having a content ID matching a corresponding ID in the license; presence of a token with a correct device ID; presence of a token signed according to a digital signature identified in the licenses; and/or presence of a token that is unexpired, with expiration evaluated based on a time-to-live indicator in the token.

Abstract: A security component may be associated with a network-enabled application. The security component may initiate the display of an embedded region of a window drawn according to display information received from a relying party. The security component may define at least a portion of the appearance of the embedded region; the relying party may not define this portion. The embedded region may include customization information configured by a user, and “Card” information received from an assertion provider, indicating how to authenticate user credentials in order to gain access to relying party restricted content. The security component may request authentication of user credentials from the assertion provider, which may be trusted by the relying party. The security component may receive an assertion token from the assertion provider indicating the credentials are authentic. The security component may forward the assertion token to the relying party to gain access to the restricted content.

Abstract: Validating a certificate is disclosed. Whether the certificate was previously determined to be valid by one or more peer entities is determined. The certificate is validated based at least in part on the determination.

Abstract: A system can comprise a processor and a memory embodying an application. The application can comprise code that causes the processor to identify a client key embedded or hard-coded in the application (i.e., included as part of the code comprising the application). Additional code causes the processor to identify data to be accessed according to an encrypted license accessible through use of a machine key. The application can maintain the machine key in an encrypted state using the client key. The application can include code that causes the processor to determine if an encrypted version of the machine key accessible by the processor can actually be decrypted using the client key. If so, the client key can be used to access the machine key. If not, the processor can request a differently-encrypted version of the machine key from a migration service.

Abstract: Method and apparatus are described wherein, in one example embodiment, a first entity shares a digital file such as a digital image with a second entity, and the first entity and the second entity each use the digital file as a seed to generate identical public/private key pairs using the same key generation procedure, such that both entities hold identical key pairs. The first and second entities may use the key pairs to encrypt, decrypt or sign and authenticate communications between the entities.

Abstract: A powered orthosis, adapted to be secured to a corresponding body portion of the user for guiding motion of a user, the orthosis comprising a plurality of structural members and one or more joints adjoining adjacent structural members, each joint having one or more degrees of freedom and a range of joint angles. One or more of the joints each comprise at least one back-drivable actuator governed by a controller for controlling the joint angle. The plurality of joint controllers are synchronized to cause the corresponding actuators to generate forces for assisting the user to move the orthosis at least in part under the user's power along a desired trajectory within an allowed tolerance. One embodiment comprises force-field controllers that define a virtual tunnel for movement of the orthosis, in which the forces applied to the orthosis for assisting the user may be proportional to deviation from the desired trajectory.

Abstract: In one example embodiment, a method is illustrated that includes parsing seed data from digital content, the seed data identifying a signing entity, transmitting identifier data to the signing entity identified by the seed data, transmitting content information relating to the digital content to the signing entity, and receiving digitally signed content information relating to the digital content, the digitally signed content information signed by the signing entity. In another example embodiment, a method is illustrated as including parsing seed data from digital content, the seed data identifying a signing entity, transmitting identifier data to the signing entity identified by the seed data, receiving a credential from the signing entity, the credential used to sign the digital content, and signing the digital content using the credential.

Abstract: Method and apparatus are described wherein, in one example embodiment, a public key certificate issued by a certificate authority includes at least one characteristic that conforms to at least one rule established for the operation of a public key infrastructure. An attribute certificate is issued to be used to modify the public key certificate in accordance with information contained in the attribute certificate to create a modified public key certificate wherein the at least one characteristic is modified so as to be non-conformant with the at least one rule. According to one example embodiment, the attribute certificates may be distributed by a certificate authority, or embedded in an application that includes an engine that is used to modify the conforming public key certificate.

Abstract: A device and method for assisting a user to articulate a limb. The device has an upper section, a lower section, and at least one joint between the upper and lower section. The device comprises an exoskeleton with a first cuff coupled to the lower section of the user's limb, a second cuff coupled to the upper section of the user's limb and a third cuff coupled to a portion of the user's body above the upper section of the limb. At least one cable is attached to the first cuff and at least one cable is attached to the second cuff. A series of drivers located remotely from the exoskeleton are attached to cables and are connected to a processor. The processor transmits signals to the drivers to vary the lengths of the cables to guide articulation of the user's limb.

Abstract: Method and apparatus are described wherein, in one example embodiment, a public key certificate issued by a certificate authority includes at least one characteristic that does not conform to at least one rule established for the operation of a public key infrastructure. An attribute certificate is issued to be used to modify the public key certificate in accordance with information contained in the attribute certificate to create a modified public key certificate wherein the at least one characteristic is modified so as conform to the at least one rule. According to one example embodiment, the attribute certificates may be distributed by a certificate authority, or embedded in an application that includes an engine that is used to modify the non-conforming public key certificate.

Abstract: A method, apparatus and computer program product for providing confidentiality, integrity and authenticity for a video file is presented. An encryption header is produced for the video file, the video file including a plurality of packets that carry content, the encryption header containing information necessary to successfully decrypt the video file. The encryption header is added to the video file. An encryption key is generated from a master key identified in the encryption header and, using the encryption key, individual packets of the video file that carry content are encrypted. The video file comprises one of the group consisting of pre-recorded streaming video, live streaming video and randomly accessed video.

Abstract: A server includes a central processing unit and electronic memory communicatively coupled to the central processing unit. The memory stores a dynamically tunable operating system kernel that includes at least one tunable implemented as a plurality of states. Each application managed by the operating system is assigned to one of these states according to a permission level association with the application. Each state defines a range of automated tuning of the tunable that is authorized to applications assigned to the state.

Abstract: An exoskeleton having a first cuff adapted to be coupled to a user's lower limb is disclosed. The exoskeleton also includes a second cuff adapted to be coupled to the user's upper limb and a third cuff adapted to be coupled to the user's body. A first motor is mounted on the third cuff and has a first motor output coupled to the first cuff. A second motor is mounted on the third cuff and has a second motor output coupled to the second cuff. A processor is operatively coupled to the first and second motors to manipulate the first cuff and the second cuff relative to the third cuff such that the first cuff and the second cuff are able to move the user's lower limb and upper limb. A method of operating the exoskeleton is also disclosed.