Abstract: A method and apparatus for digital-rights management is provided herein. Various forms of authorization are allowed, with each form of authorization being dependent upon an action taken on the digital content. In particular, when server-based authorization is unavailable, less-risky operations are allowed by performing an internal authorization scheme. Thus, higher security offered by a server-based DRM is required for risky actions, yet non-risky actions on the digital content may still be taken when the server is unavailable.

Abstract: At a two-way communications apparatus (200) of choice, one can detect (101) a two-way communications apparatus user instruction and then, in response to detecting that instruction, provide (102) certain information to a nearby two-way communications apparatus (208) via a near field communications link (206). This information can comprise, at least in part, a biometric template as pertains to a user of the two-way communications apparatus and a privacy policy as pertains to further dissemination of the biometric template.

Abstract: New devices (101) are added to an existing domain by obtaining domain information (e.g., domain name and private domain password) from devices (101) already in the domain that preferably are in close proximity. Once the domain information has been transferred from the device already in the domain to the device being added to the domain, the device being added to the domain contacts a key issuer (105) to complete its registration into the domain. The key issuer returns a DRM domain private key (206) as well as a DRM certificate (202). Both are utilized by the device to obtain and render digital content (204).

Abstract: A system and method for accessing digital content purchased by a rights owner for a first computing device. The method receives a proxy from the rights owner that includes rights to the digital content granted to the rights owner, stores the proxy on a second computing device, and determines whether the rights owner is present at the second computing device. When the rights owner is present at the second computing device, the method enables the proxy, and accesses the digital content on the second computing device through the proxy.

Abstract: A system and method to securely create, distribute, install and execute selected features of software on wireless devices combines three different types of licenses, a validation license, a digital rights management (DRM) license, and a feature license with a software application. Each of these three licenses work independent of each other, where the validation license helps prevent malicious code from executing on wireless devices, the DRM license prevents unauthorized copying of the software application and the feature license securely enables or disables specific features of the software application. The system also allows a wireless device to unwrap a DRM protected software application, to validate the software application, to enforce DRM usage rules and to execute selected features of the software application.

Abstract: Disclosed is a method, system and apparatus for transferring protected data having an authorizing entity's outer encryption layer and having a user-fixed inner encryption layer from a first electronic device having a first unique, unalterable identifier to a second electronic device having a second unique, unalterable identifier. A central unit includes a receiver configured to receive from the first electronic device protected data having an authorizing entity's first outer encryption layer corresponding to the first unique, unalterable identifier and having a user-fixed inner encryption layer; a processor configured to decrypt the authorizing entity's first outer encryption layer of the protected data; a processor configured to encrypt an authorizing entity's second outer encryption layer of the protected data corresponding to the second unique, unalterable identifier; and a transmitter configured to transmit protected data to the second electronic device.

Abstract: At a two-way communications apparatus (200) of choice, one can detect (101) a two-way communications apparatus user instruction and then, in response to detecting that instruction, provide (102) certain information to a nearby two-way communications apparatus (208) via a near field communications link (206). This information can comprise, at least in part, a biometric template as pertains to a user of the two-way communications apparatus and a privacy policy as pertains to further dissemination of the biometric template.

Abstract: A vehicle authenticates a service technician and accesses a technician database to determine whether the service technician is indicated as authorized to perform the service operation. If the service technician is indicated as authorized to perform the service operation, the vehicle allows the service technician to perform the service operation.

Abstract: A communications device (300) enabled to support both external voice communications functionality (301) (or other external communications of interest and choice) and other functionality (302) has at least a first and second mode of operation (304 and 305). The first mode of operation permits essentially all functionality while the second mode of operation precludes at least much of the other functionality in favor of preserving the viability of at least some of the external communications functionality. A selector (306) can select a given mode of operation based, at least in part, on a trigger 307 comprising, for example, a user input and/or detection of a condition of concern.

Abstract: Authentication is performed to a confidence level (CL) desired by a verifier (220). A prover (210) picks and sends certain same size, square matrices to the verifier (220). A random request bit is sent (234) from the verifier (220) to the prover (210) after the receipt of a certain square matrix. Depending on the request bit, calculations are made (244, 264) by the verifier (220) to determine if the matrices sent from the prover are verifiable. The prover (210) is iteratively authenticated by the verifier (220). Iterations are continued until (320) a count of the iterations (IL) reaches a number sufficient to achieve the desired confidence level (CL). After a delay, more iterations can achieve a higher confidence level by building on previous result of authentication without having to begin at zero. During this delay, the verifier (220) can perform tasks in reliance on the result of authentication. Digital logic can perform the authentication.

Abstract: A vehicle accesses a configuration database to determine whether a reconfiguration function is authorized. The reconfiguration function may involve, for example, installing the component in the vehicle, removing the component from the vehicle, replacing the component with another component in the vehicle, replacing another component in the vehicle with the component, modifying the component, upgrading the component and rendering the component operable. Upon determining that the reconfiguration function is authorized, the vehicle allows the reconfiguration function to be performed. The reconfiguration function may be authorized based on a type of the vehicle, a type of the component or a combination of configuration elements in a current configuration of the vehicle.

Abstract: The service technician accesses the prospective vehicle and obtains from a certification authority a certification that an authentic vehicle is associated with a cryptographic key. The service technician utilizes the cryptographic key in cryptographic communication with the prospective vehicle via a secure device having limited accessibility but being accessible by the service technician. The service technician determines whether the prospective vehicle is the authentic vehicle based on whether the cryptographic key is successfully utilized in the cryptographic communication with the prospective vehicle.

Abstract: A portable electronic device (110) contains an application revocation list (ARL) in memory (135) comprising at least one application identifier (AI) uniquely identifying an application. The portable electronic device also contains an application list memory (133) for storing at least application identifiers for trusted applications in the device. A processor (120) operatively connected to the memory determines whether an application identifier on the application revocation list matches an application identifier on the portable electronic device, and, if so, processes a revocation of the application. The application revocation list can be wirelessly updated. Application software in a portable electronic device can thus subsequently be revoked through operation of this application revocation list. A remote server (140) makes application revocation lists available to portable electronic devices over a network such as a cellular system.

Abstract: A method and system for registering a user device in a domain of a domain authority (106) using biometric information is provided. The method includes sending (402) a request (by the user device) to the domain authority for joining the domain. The user device making the request is then authenticated (400) and the biometric information of the user is then requested (406). Further, the method includes authenticating (412) the biometric information of the user. The security information of the domain is transferred (414) to the user device once the authentication of the user device and the biometric information are both successful.

Abstract: Disclosed is a method, system and apparatus for transferring protected data (404) having an authorizing entity's outer encryption layer (408) and having a user-fixed inner encryption layer (406) from a first electronic device having a first unique, unalterable identifier to a second electronic device having a second unique, unalterable identifier.

Abstract: A vehicle authenticates a first prospective component by obtaining from a certification authority a certification that an authentic component is associated with a cryptographic key unique to the first prospective component and determining whether the first prospective component is the authentic component based on whether the cryptographic key is successfully utilized in cryptographic communication with the first prospective component. The vehicle authenticates a component class of a second prospective component by obtaining from a certification authority a certification that an authentic component of the component class is associated with a second cryptographic key unique to the component class and determining whether the second prospective component is an authentic component of the component class based on whether the second cryptographic key is successfully utilized in the cryptographic communication with the second prospective component.

Abstract: A vehicle authenticates a prospective component for use in the vehicle by obtaining from a certification authority a certification that an authentic component is associated with a cryptographic key. The vehicle obtains the certification separately from the component. The certification certifies that the cryptographic key is bound to information identifying the authentic component. The vehicle utilizes the cryptographic key obtained from the certification authority in cryptographic communication with the prospective component, and determines whether the prospective component is the authentic component based on whether the cryptographic key is successfully utilized in the cryptographic communication.

Abstract: A component for use in a prospective vehicle obtains from a certification authority a certification that an authentic vehicle is associated with a cryptographic key. The certification certifies that the cryptographic key is bound to information identifying the authentic vehicle. The component utilizes the cryptographic key obtained from the certification authority in cryptographic communication with the prospective vehicle, and determines whether the prospective vehicle is the authentic vehicle based on whether the cryptographic key is successfully utilized in the cryptographic communication. Upon determining the prospective vehicle is the authentic vehicle, the component may allow the prospective vehicle to operate the component.

Abstract: A vehicle authenticates a component class of a prospective component for use in the vehicle by obtaining from a certification authority a certification that an authentic component of the component class is associated with a second cryptographic key. The certification certifies that the second cryptographic key is bound to information identifying an authentic component of the component class. The vehicle utilizes the second cryptographic key obtained from the certification authority in cryptographic communication with the prospective component, and determines whether the prospective component is an authentic component of the component class based on whether the second cryptographic key is successfully utilized in the cryptographic communication.

Abstract: Authentication is performed to a confidence level (CL) desired by a verifier (220). A prover (210) picks and sends certain same size, square matrices to the verifier (220). A random request bit is sent (234) from the verifier (220) to the prover (210) after the receipt of a certain square matrix. Depending on the request bit, calculations are made (244, 264) by the verifier (220) to determine if the matrices sent from the prover are verifiable. The prover (210) is iteratively authenticated by the verifier (220). Iterations are continued until (320) a count of the iterations (IL) reaches a number sufficient to achieve the desired confidence level (CL). After a delay, more iterations can achieve a higher confidence level by building on previous result of authentication without having to begin at zero. During this delay, the verifier (220) can perform tasks in reliance on the result of authentication. Digital logic can perform the authentication.