Abstract: A processor of a device may provision a component of the device with a digital signature algorithm and an authentication key algorithm and/or server-provisioned private and/or public keys. The processor may generate one or more private keys and public keys and/or store them in a secure memory of the device. The processor may transmit the generated public keys to an owner server and receive a pedigree document in response, which may be signed with the private key. The owner server may determine a change in an ownership of the device and append the pedigree document in an immutable fashion in response to the determining to reflect the change in the ownership and/or sign the appended pedigree document with a private key. A chain of ownership of the device is verifiable using only information contained within the appended pedigree document and rooted in the processor itself.

Abstract: A processor of a device may provision a component of the device with a digital signature algorithm and an authentication key algorithm and/or server-provisioned private and/or public keys. The processor may generate one or more private keys and public keys and/or store them in a secure memory of the device. The processor may transmit the generated public keys to an owner server and receive a pedigree document in response, which may be signed with the private key. The owner server may determine a change in an ownership of the device and append the pedigree document in an immutable fashion in response to the determining to reflect the change in the ownership and/or sign the appended pedigree document with a private key. A chain of ownership of the device is verifiable using only information contained within the appended pedigree document and rooted in the processor itself.

Abstract: A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers of security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute title. A client application executing on a user's local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user's local computer system.

Abstract: A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user's local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user's local computer system.

Abstract: A computer readable storage medium includes executable instructions to encrypt a file with a file encryption key to produce an encrypted file. The file encryption key is encrypted with a directory encryption key to produce an encrypted file encryption key. The directory encryption key is encrypted with a public key of a user within a group to produce an encrypted directory encryption key.

Abstract: A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers of security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute title. A client application executing on a user's local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user's local computer system.

Abstract: A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user's local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user's local computer system.

Abstract: A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user's local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user's local computer system.

Abstract: A system for secure delivery of on-demand content over broadband access networks utilizes of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user's local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user's local computer system.

Abstract: Secure wireless communications for a mobile host over any wireless interface within a wireless network is provided by a security gateway. The security gateway is situated and configured within the mobile host's home network of the wireless network such that it provides the only point of access between the wireless network and the home network. Additionally, the security gateway is separate and distinct from the mobile host's home agent within the home network. A single tunnel mode security association is established between the mobile host's wireless interface and the security gateway's network interface on the home network. This single tunnel mode security association remains established as the mobile host moves between foreign networks and provides secure wireless communications to the mobile host whether the mobile host is in the home network or the foreign networks.

Abstract: A system for secure delivery of on-demand content over broadband access networks includes a client application executing on a user's local computer system. The client application interacts with a content server on which a plurality of selectable titles are stored and further interacts with an access server which provides the network address of a title and keying data necessary for to the client process access and execute the title. The client process utilizes an installation abstraction which enables a title to be executed on the local computer system without ever being installed. The abstraction is achieved by mounting a network file system and storing a set of registry entries related to the title on the local computer system. Portions of the title are retrieved from the content server and executed by the local operating system. During title execution, requests from the local operating system are intercepted and redirected to the set of registry entries, as applicable.