Abstract: A method for implementing zone-restricted behavior of a computing device includes identifying wireless access points using the computing device, determining a number of authorized wireless access points from the wireless access points identified by the computing device, determining that the computing device is located within a restricted access zone when the number of authorized wireless access points identified by the computing device exceeds a predetermined threshold of authorized wireless access points identified, and enabling a zone mode of the computing device when the computing device is determined to be located within the restricted access zone.

Abstract: A device-bound certificate authority binds a certificate to one or more devices by including digital fingerprints of the devices in the certificate. A device only uses a device-bound certificate if the digital fingerprint of the device is included in the certificate and is verified. Thus, a certificate is only usable by one or more devices to which the certificate is explicitly bound. Such device-bound certificates can be used for various purposes served by certificates generally such as device driver authentication and authorization of access to secure content, for example.

Abstract: An authentication server determines that a user entering authentication data is in physical possession of a client device by determining that the user has observed changes in the state of hardware elements of the client device that are effected outside of a remote desktop protocol. The authentication server causes the client device to prompt the user to observe the hardware element of the client device for state changes and receives data generated by the user representing observed state changes. If the data accurately represents the changes in the state of the hardware element, the user is determined to be in physical possession of the client device.

Abstract: A method for near field authentication of sources using an audio transceiver computing device includes scanning a plurality of predetermined frequencies for a free frequency, selecting the free frequency from the plurality of predetermined frequencies, generating a periodic enclosed content message, generating a modulated carrier wave representing the periodic enclosed content message, and transmitting the modulated carrier wave at the free frequency. A method for near field authentication of sources using a microphone input of a receiving computing device includes scanning a plurality of predetermined frequencies to detect a signal using the microphone input, verifying, responsive to detecting the signal, that the signal includes at least one enclosed content message, and extracting a content from the enclosed content message.

Abstract: A method for implementing zone-restricted behavior of a computing device includes identifying wireless access points using the computing device, determining a number of authorized wireless access points from the wireless access points identified by the computing device, determining that the computing device is located within a restricted access zone when the number of authorized wireless access points identified by the computing device exceeds a predetermined threshold of authorized wireless access points identified, and enabling a zone mode of the computing device when the computing device is determined to be located within the restricted access zone.

Abstract: A method for implementing zone-restricted behavior of a computing device includes identifying wireless access points using the computing device, determining a number of authorized wireless access points from the wireless access points identified by the computing device, determining that the computing device is located within a restricted access zone when the number of authorized wireless access points identified by the computing device exceeds a predetermined threshold of authorized wireless access points identified, and enabling a zone mode of the computing device when the computing device is determined to be located within the restricted access zone.

Abstract: An e-mail server decrypts attachments of an e-mail message with a key associated with a sending device such that failure of the decryption indicates the e-mail message can be harmful. The sending device inserts its device identifier into the e-mail message as a header and uses an encryption key associated with the device identifier and a digital fingerprint of the sending device to encrypt all attachments of the e-mail message. The delivering e-mail server processes the e-mail message. If the e-mail message contains no identifier, if no key is associated with the parsed identifier, or if attempted encryption fails, the e-mail server determines that the e-mail message is potentially harmful and disarms the e-mail message.

Abstract: A method for near field authentication of sources using an audio transceiver computing device includes scanning a plurality of predetermined frequencies for a free frequency, selecting the free frequency from the plurality of predetermined frequencies, generating a periodic enclosed content message, generating a modulated carrier wave representing the periodic enclosed content message, and transmitting the modulated carrier wave at the free frequency. A method for near field authentication of sources using a microphone input of a receiving computing device includes scanning a plurality of predetermined frequencies to detect a signal using the microphone input, verifying, responsive to detecting the signal, that the signal includes at least one enclosed content message, and extracting a content from the enclosed content message.

Abstract: A method for near field authentication of sources using an audio transceiver computing device includes scanning a plurality of predetermined frequencies for a free frequency, selecting the free frequency from the plurality of predetermined frequencies, generating a periodic enclosed content message, generating a modulated carrier wave representing the periodic enclosed content message, and transmitting the modulated carrier wave at the free frequency. A method for near field authentication of sources using a microphone input of a receiving computing device includes scanning a plurality of predetermined frequencies to detect a signal using the microphone input, verifying, responsive to detecting the signal, that the signal includes at least one enclosed content message, and extracting a content from the enclosed content message.

Abstract: A device identification server identifies a “household” to which a particular device belongs by associating the device with a LAN MAC address of the router through which the device connects to a wide area network such as the Internet because the LAN MAC address (i) is unique to the router and (ii) is not readily discoverable by interaction with the router through the wide area network, impeding spoofing by malicious entities. The device queries and receives the LAN MAC address of the router through the local area network. The device passes the LAN MAC address of the router along with its digital fingerprint to the device identification server. Devices that report the same LAN MAC address of the router through which they connect to the wide area network are determined to be from the same “household”, i.e., to be managed by one and the same entity.

Abstract: A method for registering a computing device to a user account using at least one user-selected fingerprintable device externally accessible to the computing device including transmitting a registration information request to the computing device, receiving at least one device fingerprint of the at least one user-selected fingerprintable device accessible by the computing device, and primary identification data of the computing device, generating a skeleton key, recording the primary identification data, and associating the skeleton key and the primary identification data with the user account.

Abstract: A method for near field authentication of sources using an audio transceiver computing device includes scanning a plurality of predetermined frequencies for a free frequency, selecting the free frequency from the plurality of predetermined frequencies, generating a periodic enclosed content message, generating a modulated carrier wave representing the periodic enclosed content message, and transmitting the modulated carrier wave at the free frequency. A method for near field authentication of sources using a microphone input of a receiving computing device includes scanning a plurality of predetermined frequencies to detect a signal using the microphone input, verifying, responsive to detecting the signal, that the signal includes at least one enclosed content message, and extracting a content from the enclosed content message.

Abstract: A method for near field authentication of sources using an audio transceiver computing device includes scanning a plurality of predetermined frequencies for a free frequency, selecting the free frequency from the plurality of predetermined frequencies, generating a periodic enclosed content message, generating a modulated carrier wave representing the periodic enclosed content message, and transmitting the modulated carrier wave at the free frequency. A method for near field authentication of sources using a microphone input of a receiving computing device includes scanning a plurality of predetermined frequencies to detect a signal using the microphone input, verifying, responsive to detecting the signal, that the signal includes at least one enclosed content message, and extracting a content from the enclosed content message.

Abstract: A device authentication server authenticates a remotely located device using data representing pixel irregularities of a display of the device. Since each display will deteriorate in a unique and randomized way, a unique mapping of pixel irregularities of a display of a device will be unique. By combining unique map of pixel irregularities of a display of the remotely located device, the device can be distinguished from similar devices when other attributes alone are insufficient to uniquely identify the device.

Abstract: A method for registering a computing device to a user account using at least one user-selected fingerprintable device externally accessible to the computing device including transmitting a registration information request to the computing device, receiving at least one device fingerprint of the at least one user-selected fingerprintable device accessible by the computing device, and primary identification data of the computing device, generating a skeleton key, recording the primary identification data, and associating the skeleton key and the primary identification data with the user account.

Abstract: A method for registering a computing device to a user account using at least one user-selected fingerprintable device externally accessible to the computing device including transmitting a registration information request to the computing device, receiving at least one device fingerprint of the at least one user-selected fingerprintable device accessible by the computing device, and primary identification data of the computing device, generating a skeleton key, recording the primary identification data, and associating the skeleton key and the primary identification data with the user account.

Abstract: An authentication server determines that a user entering authentication data is in physical possession of a client device by determining that the user has observed changes in the state of hardware elements of the client device that are effected outside of a remote desktop protocol. The authentication server causes the client device to prompt the user to observe the hardware element of the client device for state changes and receives data generated by the user representing observed state changes. If the data accurately represents the changes in the state of the hardware element, the user is determined to be in physical possession of the client device.

Abstract: An e-mail server decrypts attachments of an e-mail message with a key associated with a sending device such that failure of the decryption indicates the e-mail message can be harmful. The sending device inserts its device identifier into the e-mail message as a header and uses an encryption key associated with the device identifier and a digital fingerprint of the sending device to encrypt all attachments of the e-mail message. The delivering e-mail server processes the e-mail message. If the e-mail message contains no identifier, if no key is associated with the parsed identifier, or if attempted encryption fails, the e-mail server determines that the e-mail message is potentially harmful and disarms the e-mail message.

Abstract: A device user being authenticated is determined to be in physical possession of the device according to data in one or more user input device buffers that indicates whether data received from a user input device is injected or is generated by physical manipulation of the user input device. If the events recorded in the buffer are not injected, the user entering the authentication data is determined to be in physical possession of the device and the user can be authenticated if the authentication data entered by the user matches predetermined reference data. Conversely, if the events are injected, the user is determined to not be in physical possession of the device and authentication fails regardless of whether the authentication data matches the predetermined reference data.

Abstract: A DVR parses advertising audiovisual content, i.e., commercials, from a received audiovisual signal during recording. The DVR stores only commercial-free content and replaces parsed commercials with their URLs for retrieval during playback. During playback, the DVR requests commercial audiovisual content to be played back in place of the parsed commercials using the stored URLs, determines whether the commercial is played back in its entirely at a normal rate (not skipped), logs whether the commercial was skipped, and periodically sends a log of playback of all commercials to the commercial server. As a result, the commercial server has a complete record of all impressions of commercials played back through the DVR.