Abstract: Embodiments of a mobile device and server system are described. The mobile devices communicate with the server system and present targeted content, such as advertisements to the mobile device users. The content is targeted based on usage statistics stored on the server system which were previously collected from the mobile device. The server receives the usage statistics collected from the mobile device, makes inferences about preferences of users by tracking application and/or content usage behaviors of the users, generates recommendations for advertisements targeted toward the users of the mobile devices based on usage statistics; and transmits the recommendations to one or more of the mobile devices for presentation to the user(s).

Abstract: Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment.

Abstract: The present invention provides systems and methods for conducting electronic transactions in a distributed computing environment. A communications protocol is provided that enables reliable transactional state synchronization for peers participating in a distributed transaction. A transaction processing application is deployed on a local computer system to manage transactions thereon. The local computer system contacts a remote computer system to obtain authorization to execute a transaction. The local computer system initiates a failure-recovery job that is operable to automatically resend status signals and other information to the remote system if the communication with the remote system exhibits certain predefined fault conditions. The remote system is able to dynamically adjust the definition of the predefined fault conditions. If the transaction concludes without triggering the predefined fault conditions, the failure-recovery job is cancelled.

Abstract: Documents and other items can be delivered electronically from sender to recipient with a level of trustedness approaching or exceeding that provided by a personal document courier. A trusted electronic go-between can validate, witness and/or archive transactions while, in some cases, actively participating in or directing the transaction. Printed or imaged documents can be marked using handwritten signature images, seal images, electronic fingerprinting, watermarking, and/or steganography. Electronic commercial transactions and transmissions take place in a reliable, “trusted” virtual distribution environment that provides significant efficiency and cost savings benefits to users in addition to providing an extremely high degree of confidence and trustedness. The systems and techniques have many uses including but not limited to secure document delivery, execution of legal documents, and electronic data interchange (EDI).

Abstract: The present invention provides systems and methods for transfering electronic information from one location to another such that only one original work exists at a given time. The methods and systems of the present invention allow distribution of originals without requiring a registration authority or other entity to vouch for what constitutes an “original” piece of information, thus reducing (or eliminating entirely) the need to centrally record changes in ownership each time originals change hands.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

Abstract: Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment.

Abstract: The present invention provides systems and methods for conducting electronic transactions in a distributed computing environment. A communications protocol is provided that enables reliable transactional state synchronization for peers participating in a distributed transaction. A transaction processing application is deployed on a local computer system to manage transactions thereon. The local computer system contacts a remote computer system to obtain authorization to execute a transaction. The local computer system initiates a failure-recovery job that is operable to automatically resend status signals and other information to the remote system if the communication with the remote system exhibits certain predefined fault conditions. The remote system is able to dynamically adjust the definition of the predefined fault conditions. If the transaction concludes without triggering the predefined fault conditions, the failure-recovery job is cancelled.

Abstract: One embodiment of an inventive networking environment includes clients called sending clients because they send network content through a network, and clients called receiving clients because they receive the network content from the sending clients through the network. Both sending clients and receiving clients are “clients” in that they rely on a management server to orchestrate the secure transfer of information from sending clients to receiving clients.

Abstract: A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.

Abstract: Systems and methods are described for applying digital rights management techniques to tethered devices. In one embodiment, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device. In another embodiment, a method of using extended SCSI commands to communicate over a USB connection is provided.

Abstract: A system for publishing digital content is described which, in one embodiment, includes a beacon device associated with a first user configured to transmit identification information and information indicating its current position. A browsing device includes a display configured and adapted to display to a second user a representation of a local geographical area, and to selectively display to the second user content information associated with the first user, based at least in part on whether the location of the beacon device is within the local geographical area.

Abstract: Systems and methods are described for applying digital rights management techniques to manage zones in electronic content. In one embodiment, zones are defined in a piece of electronic content, and a license is associated with the electronic content that indicates how the zones are to be accessed or otherwise used. A digital rights management engine governs access to or other use of the zoned content in accordance with the license.

Abstract: The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied.

Abstract: One embodiment of an inventive networking environment includes clients called sending clients because they send network content through a network, and clients called receiving clients because they receive the network content from the sending clients through the network. Both sending clients and receiving clients are “clients” in that they rely on a management server to orchestrate the secure transfer of information from sending clients to receiving clients.

Abstract: Systems and methods are provided for protecting electronic content from the time it is packaged through the time it is experienced by an end user. Protection against content misuse is accomplished using a combination of encryption, watermark screening, detection of invalid content processing software and hardware, and/or detection of invalid content flows. Encryption protects the secrecy of content while it is being transferred or stored. Watermark screening protects against the unauthorized use of content. Watermark screening is provided by invoking a filter module to examine content for the presence of a watermark before the content is delivered to output hardware or software. The filter module is operable to prevent delivery of the content to the output hardware or software if it detects a predefined protection mark. Invalid content processing software is detected by a monitoring mechanism that validates the software involved in processing protected electronic content.

Abstract: Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program's local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program's operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program's source code, object code, or executable image.

Abstract: A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.

Abstract: An integrated, modular array of administrative and support services are provided for electronic commerce and electronic rights and transaction management. These administrative and support services supply a secure foundation for conducting transaction-related capabilities functioning over electronic network-s, and can also be adapted to the specific needs of electronic commerce value chains. In one embodiment, a Distributed Commerce Utility having a secure, programmable, distributed architecture provides administrative and support services. The Distributed Commerce Utility may comprise a number of Commerce Utility Systems. These Commerce Utility Systems provide a web of infrastructure support available to, and reusable by, the entire electronic community and/or many of its participants. Different support functions can be collected together in hierarchical and/or networked relationships to suit various business models or other objectives.

Abstract: Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid.