Abstract: One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

Abstract: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.

Abstract: A tension stiffened and tendon actuated manipulator is provided performing robotic-like movements when acquiring a payload. The manipulator design can be adapted for use in-space, lunar or other planetary installations as it is readily configurable for acquiring and precisely manipulating a payload in both a zero-g environment and in an environment with a gravity field. The manipulator includes a plurality of link arms, a hinge connecting adjacent link arms together to allow the adjacent link arms to rotate relative to each other and a cable actuation and tensioning system provided between adjacent link arms. The cable actuation and tensioning system includes a spreader arm and a plurality of driven and non-driven elements attached to the link arms and the spreader arm. At least one cable is routed around the driven and non-driven elements for actuating the hinge.

Abstract: One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

Abstract: A system for verifying intent in a card not present transaction is provided. The system includes a late binding token that is distributable to consumers without necessarily being bound to an account. The system also includes a client software that locates a token server configured to facilitate managing and communicating with the late binding token. The system also includes a protocol concerning how to build a verifiably secure structured proposal that carries an offer to the consumer through the client software.

Abstract: One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

Abstract: A system for verifying intent in a card not present transaction is provided. The system includes a late binding token that is distributable to consumers without necessarily being bound to an account. The system also includes a client software that locates a token server configured to facilitate managing and communicating with the late binding token. The system also includes a protocol concerning how to build a verifiably secure structured proposal that carries an offer to the consumer through the client software.

Abstract: For a particular request to access a resource, both a user associated with the request and a service through which the request is made are identified. Whether requested access to a resource is permitted is determined based on a user associated with the requested access and a service through which the access is requested. This determination can be made based on an access control entry of an access control list corresponding to the resource, the access control entry identifying access to the resource that is permitted to the user when accessing the resource through the service.

Abstract: Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions.

Abstract: Software error feedback information, typically that associated with authorization failures due to operating system resource access checks, is automatically communicated to a software vendor with actions needed to prevent the software application error from occurring on the client computer. If possible, information associated with the software error is communicated to the client computer in order to mitigate the error by modifying how the client computer's operating system interacts with the software application so that the error may be avoided and user interaction minimized. Modifications may include automatically redirecting a resource request associated with the authorization failure in a manner such that authorization will be granted by the operating system and prevent the authorization failure due to the access check.

Abstract: Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.

Abstract: Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.

Abstract: One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

Abstract: A method is disclosed for a device to interdependently validate a digital content package having a piece of digital content in an encrypted form, and a corresponding digital license for rendering the digital content. A first key is derived from a source available to the device, and a first digital signature is obtained from the digital content package. The first key is applied to the first digital signature to validate the first digital signature and the digital content package. A second key is derived based on the first digital signature, and a second digital signature is obtained from the license. The second key is applied to the second digital signature to validate the second digital signature and the license.

Abstract: An infant care apparatus having a door latching mechanism that provides a positive latching of a door to the hood of the apparatus. The mechanism has a door latching assembly that is affixed to the door and which is latched to a floating catch housing that is affixed to the hood in a manner that the floating catch housing is vertically movable with respect to the hood. When the door is moved into its closed, latched position, the door latching assembly vertically aligns the floating catch housing so that a movable latch member is correctly oriented with respect to latch openings in the floating catch housing so that the movable catch member can enter the latch openings sufficiently to assure a positive, secure latch therebetween.

Abstract: Embodiments for providing differentiated authentication for accessing groups of compartmentalized computing resources, and accessing each compartmentalized computing resources, as displayed on a desktop environment of an operating system. In one embodiment, a method includes organizing one or more computing resources accessible in a desktop environment into a group. The one or more computing resources include a data content, an application, a network portal, and a device. The method also includes providing an authentication policy for actions that can be performed on each computing resource. The authentication policy is configured to associate an authentication input to each action for a particular computing resource. The method further includes receiving an authentication input when the user intends one of the actions on the particular computing resource.

Abstract: An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.

Abstract: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.

Abstract: A digital content package includes encrypted digital content to be rendered in accordance with a corresponding digital license and is separate and apart from the license. The encrypted digital content is decrypt-able according to a decryption key (KD) obtained from the license. The package also includes a content/package ID that identifies one of the digital content and the package, and license acquisition information including a location of a license provider for providing the license.

Abstract: One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.