Abstract: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorized; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorized to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.

Abstract: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorized; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorized to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.

Abstract: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorised; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorised to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.

Abstract: Devices for providing flexible control of rendering of protected media comprising first and second content objects are provided. An instruction database combines with traditional use of digital rights objects for determining, at rights parsing and instruction handler, conditions for rendering of first content object. Conditions may force the user to render second content objects or to input requested data and may adapt to environmental conditions exemplary relating to user profile, location, or time of day. A set of second content objects may be pre-determined and specified in provided instructions. User selection, from a list of second content objects, of a specified number of second content objects, provides for generation of a key enabling successful rendering of first content object.

Abstract: It is presented a security server arranged to set up communication between a merchant device and a customer payment application. The security server comprises: a receiver arranged to receive a first message comprising a customer identifier, an application identifier and a security token; a determiner arranged to determine whether the merchant device is authorised; a transmitter arranged to send a second message to the merchant device, the second message indicating that the merchant device is authorised to effect payment; and a channel establisher arranged to set up a secure channel between the merchant device and the customer payment application in a secure element being adapted to be comprised in a mobile communication terminal, wherein all communication between the merchant device and the customer payment application is controlled by the security server. Corresponding methods, merchant device, computer programs and computer program products are also presented.

Abstract: A tamper-resistant electronic circuit is configured for implementation in a device. The electronic circuit securely implements and utilizes device-specific security data during operation in the device, and is basically provided with a tamper-resistantly stored secret not accessible over an external circuit interface. The electronic circuit is also provided with functionality for performing cryptographic processing at least partly in response to the stored secret to generate an instance of device-specific security data that is internally confined within said electronic circuit during usage of the device. The electronic circuit is further configured for performing one or more security-related operations or algorithms in response to the internally confined device-specific security data. In this way, secure implementation and utilization device-specific security data for security purposes can be effectively accomplished.

Abstract: A method and apparatus for distributing time-controlled media. A media chunk is encrypted using cryptographic materials and sending the encrypted media chunk over a media channel. The cryptographic materials are distributed over a time-guaranteed control channel such that the cryptographic materials are received by a remote receiver node after the remote receiver receives the encrypted media chunk. The receiver node receives the encrypted media chunk over the media channel and stores the encrypted media chunk in a memory at the receiver node. The receiver node also receives the cryptographic materials over the time guaranteed channel, and uses the cryptographic materials to decrypt the encrypted media chunk. In this way, the receiver node cannot render the media chunk until it has received the cryptographic materials.

Abstract: A module (2) for integrity protection of messages transmitted from a mobile software defined radio (SDR) terminal (1), the module provided with a confined cryptographic key K and arranged to receive loaded SDR-code. The module derives an integrity protecting key Rk from at least said cryptographic key K, and provides a periodic integrity protection on-line of generated messages using said key integrity protecting key Rk, and the integrity of said messages is verified by an integrity checking node (10) of the access network.

Abstract: The invention generally relates to management of cryptographic key generations in an information environment comprising a key-producing side generating and distributing key information to a key-consuming side. A basic concept of the invention is to define, by means of a predetermined one-way key derivation function, a relationship between generations of keys such that earlier generations of keys efficiently may be derived from later ones but not the other way around. A basic idea according to the invention is therefore to replace, at key update, key information of an older key generation by the key information of the new key generation on the key-consuming side. Whenever necessary, the key-consuming side iteratively applies the predetermined one-way key derivation function to derive key information of at least one older key generation from the key information of the new key generation. In this way, storage requirements on the key-consuming side can be significantly reduced.

Abstract: The invention concerns a tamper-resistant electronic circuit configured for implementation in a device. The electronic circuit securely implements and utilizes device-specific security data during operation in the device, and is basically provided with a tamper-resistantly stored secret not accessible over an external circuit interface. The electronic circuit is also provided with functionality for performing cryptographic processing at least partly in response to the stored secret to generate an instance of device-specific security data that is internally confined within said electronic circuit during usage of the device. The electronic circuit is further configured for performing one or more security-related operations or algorithms in response to the internally confined device-specific security data. In this way, secure implementation and utilization device-specific security data for security purposes can be effectively accomplished.

Abstract: The invention refers to monitoring usage of digital content provided from a content provider (30) over a network (40) to a client system (10). In the client system (10), a logging agent (150) generates and stores information concerning usage of the digital content individually for each usage to be monitored. The generated information is entered in a usage log (170; 175), either stored in the client system (10) or at a trusted party. The logged usage information is also authenticated allowing identification of the client using the associated digital content. The entries (172) of the log (170; 175) may include a representation (172-1) of the content, information about usage quality (172-2) and/or usage time (172-N). The logging agent (150) is preferably implemented in a portable tamper-resistant module (400), e.g. a network subscriber identity module. The module (400) may be pre-manufactured with the logging agent (150), or the agent (150) can be downloaded thereto.

Abstract: A system, method and transcoding proxy are described herein that are capable of transcoding encrypted content, like an encrypted multimedia message or a multimedia message containing encrypted elements parts, which is transmitted between two devices (e.g., mobile phones). Basically, the transcoding proxy receives an encrypted multimedia message from a first device (e.g., mobile phone). The transcoding proxy then requests and receives a transcoding rights object (TRO) message from a rights issuer which includes a content encryption key (CEK) and a transcoding permission message (optional). After receiving the TRO message, the transcoding proxy is able to (1) decrypt the encrypted multimedia message (2) transcode the decrypted multimedia message so it matches the capabilities of a second device and could be accessed by a user of the second device (e.g., mobile phone) and (3) re-encrypt the transcoded multimedia message.

Abstract: In a procedure for delivering streaming media, a Client (1) first requests the media from an Order Server (3). The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server (5). The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs.

Abstract: The present invention relates to an arrangement, system and method for managing rights to streaming media using a management mechanism based on a content object and a rights object. In accordance with the invention the content object comprises means for initiation of the streaming media and the rights object comprises usage rules defining the rights to use said streaming media. The invention also relates to a method of delivering and protecting digital streaming media. The initiation may comprise a session description of the streaming media, a SDP description, a URL to said streaming media or a SMIL file. Preview and super-distribution are provided. The content object is delivered like a downloadable object in a rights management system for download, thereby reusing the mechanisms for rights management of said latter system for rights management in a system for transmission of streaming media.