Abstract: Mobile phone billing for content payment is described. In embodiments, a media content provider receives a billing identifier that is associated with a mobile phone. The billing identifier is received from a communication service provider that authenticates the mobile phone for communications, and a network communication link is established between the mobile phone and the media content provider via the communication service provider. The media content provider receives a request from the mobile phone to purchase and download a media asset. The media content provider determines the billing identifier that is associated with the mobile phone for the purchase of the media asset, and communicates a charge for the media asset to the communication service provider that then bills a user associated with the mobile phone. The user that is associated with the mobile phone is billed for the media asset in a mobile phone service bill.

Abstract: A Personal Game Services Commerce System is disclosed. The system allows a user to contract with another user to perform service within a virtual environment. The services may include operating in a virtual environment on behalf of another user, operating as a team member, or operating as an opponent in competition. Memory state may be copied and used by the service-providing user. The user requesting the service may confirm that the service has been satisfactorily rendered before making the copied memory state permanent and/or before paying for the service. Users may select service-providing users based on any available criteria. Funds to pay for the service may be frozen while the service is being performed and until the recipient of the service confirms successful performance of the service.

Abstract: A platform (e.g. game console) and application (e.g. game title) independent ecosystem for the creation, consumption and trade of user generated digital content permits any application operating on any platform to participate in a market driven economy for user generated digital objects (UGDOs). The trading system is independent of (i.e. external to) all participating applications. A metadata attribution method for UGDOs in combination with heterogeneous application support through well-defined interfaces facilitates unlimited participation. Attributed metadata may be understood and consumed across platforms and applications. Flexible UGDO rights enforcement techniques in combination with a flexible fair exchange service for those rights support all manner of UGDOs and commercial transactions therefore. Participating application may provide rights enforcement in some instances. The nature of enforcement may rest on the nature of UGDO content, rights in UGDOs or author preferences.

Abstract: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.

Abstract: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding.

Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.

Abstract: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g.

Abstract: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding.