Abstract: A client communications device and method for generating a user message comprising an assertion for verification by a remote server device is described. Payload data for the user message as generated by a secure application resident on the communications device is received. Biometric authentication of the user is performed as a first level security mechanism. If biometric authentication of the user is successful, a digital signature is generated based on the message payload as a second level security mechanism. The digital signature is generated using a private signature key stored in a secure element of the client device. A third level security mechanism is applied by authenticating the user message using a secure application-specific key. In implementations, the digital signature is generated in a secure environment of the client device which has sole access to the secure element after successful biometric authentication.

Abstract: A communications server apparatus for managing authentication of a user based on one or more authentication events in a session is provided, to, in one or more data records, generate, for each authentication event, data indicative of a trust score corresponding to the authentication event; and generate, data indicative of a security score based on the trust scores corresponding to the one or more authentication events in the session, and, in response to receiving request data indicative of an authentication request associated with the user corresponding to a transaction in the session, the transaction having a value indicator, authenticate the user if the security score satisfies a condition for authentication corresponding to the transaction according to the value indicator, wherein security scores for satisfying the condition are variable according to value indicators of transactions.

Abstract: A communications device for managing an authentication event is provided, which is configured to generate location data indicative of a geolocation associated with the communications device, retrieve, from a key that is obfuscated and stored in the communications device, the key, sign the location data with the retrieved key, and transmit request data to a communications server apparatus for requesting the authentication event, the request data comprising the signed location data. A method and a communications system for managing an authentication event are also provided.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Security protocols for mobile operator networks are described. In embodiments, mobile communication link is established between a mobile phone and a media content provider via a communication service provider with which the mobile phone is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement. The media content provider receives a security policy request from the mobile phone to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile phone for data communication security. The media content provider then communicates a security policy response to the mobile phone to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network.

Abstract: Various embodiments are disclosed that relate to the automated identification of one or more computer program functions for potentially placing on a remote computing device in a split-computational computing environment. For example, one disclosed embodiment provides, on a computing device, a method of determining a factorable portion of code to locate remotely from other portions of the code of a program to hinder unauthorized use and/or distribution of the program. The method includes, on a computing device, receiving an input of a representation of the code of the program, performing analysis on the representation of the code, the analysis comprising one or more of static analysis and dynamic analysis, and based upon the analysis of the code, outputting a list of one or more functions determined from the analysis to be candidates for locating remotely.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Embodiments are disclosed that relate to hindering unauthorized use or distribution of a middleware program contained within an application. One example embodiment provides a method for hindering unauthorized use or distribution of a middleware program contained within an application. The method comprises acquiring factored middleware code, the factored middleware code having a missing function residing on a remote computing device, and building an application around the factored middleware code such that the application is configured to call to the remote computing device for execution of the missing function during use. The application may be configured to send a call to the remote computing device for execution of the missing function during use.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.

Abstract: Various embodiments are disclosed that relate to decommissioning factored code of a program on a computing device. For example, one disclosed embodiment provides a method of operating a computing device. The method includes executing a program on the computing device, and while executing the program, identifying a remote location of a factored function via a code map, sending a call to the factored function and receiving a return response. The method further comprises, upon occurrence of a decommissioning event, receiving a copy of the factored function; and updating the code map with a location of the copy of the factored function.

Abstract: Embodiments are disclosed that relate to hindering unauthorized use or distribution of a middleware program contained within an application. One example embodiment provides a method for hindering unauthorized use or distribution of a middleware program contained within an application. The method comprises acquiring factored middleware code, the factored middleware code having a missing function residing on a remote computing device, and building an application around the factored middleware code such that the application is configured to call to the remote computing device for execution of the missing function during use. The application may be configured to send a call to the remote computing device for execution of the missing function during use.

Abstract: Various embodiments are disclosed that relate to the automated identification of one or more computer program functions for potentially placing on a remote computing device in a split-computational computing environment. For example, one disclosed embodiment provides, on a computing device, a method of determining a factorable portion of code to locate remotely from other portions of the code of a program to hinder unauthorized use and/or distribution of the program. The method includes, on a computing device, receiving an input of a representation of the code of the program, performing analysis on the representation of the code, the analysis comprising one or more of static analysis and dynamic analysis, and based upon the analysis of the code, outputting a list of one or more functions determined from the analysis to be candidates for locating remotely.

Abstract: Identifying a mobile operator account associated with a user to apply charges incurred by the user at a mobile marketplace service. The mobile operator provides an account identifier for the account to a billing token service associated with the mobile marketplace service. The billing token service creates a billing token including the account identifier, and provides the billing token to the user. When subsequently ordering from the mobile marketplace service, the user sends order requests with the billing token to the mobile marketplace service. The mobile marketplace service extracts the account identifier from the billing token and provides the order requests and the extracted account identifier to a mobile operator billing service. The mobile operator billing service applies a charge to the mobile operator account identified by the account identifier. Based on a charge status from the mobile operator billing service (e.g.

Abstract: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g.

Abstract: Security protocols for mobile operator networks are described. In embodiments, mobile communication link is established between a mobile phone and a media content provider via a communication service provider with which the mobile phone is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement. The media content provider receives a security policy request from the mobile phone to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile phone for data communication security. The media content provider then communicates a security policy response to the mobile phone to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network.