Abstract: A method and a device for data processing are provided comprising a first instance comprising at least one local trusted unit (LTU) and a local trust manager (LTM), the method comprising the step: The local trust manager provides a policy related information to the at least one local trusted unit and/or to a second instance.

Abstract: A method of providing data in response to a search request comprises the steps of a social networking website receiving the search request to provide a pseudonym associated with the real name; the social networking website determining that the search request is for a pseudonym which, within its database, is not associated with the real name; the social networking website referring the search request to a identity management server which contains an association between the pseudonym and the real name; the identity management server determining the pseudonym which is associated with the real name; and the identity management server providing an information item which is related to the pseudonym.

Abstract: A template is described that can be applied to user attribute data in order to generate a pseudonym/virtual identity for the user. The pseudonym includes a subset of the user's overall user attributes. The invention also enables a user to determine whether a particular pseudonym meets the requirements of a template by checking the pseudonym against a template provided, for example, by a service provider.

Abstract: The present invention relates to an improved identity management in which a first authentication request is received from a service provider where the first authentication request requests authentication attributes relating to a user. A second authentication request is transmitted to an identity provider and a first authentication response is received from the identity provider wherein the first authentication response includes at least one authentication attribute relating to said user. At least one predefined policy is applied to the first authentication response to generate a second authentication response and the second authentication response is transmitted to the service provider.

Abstract: A method, a device, and a computer program product detect changes to the connection of a device, such as a mobile device to a network, and initiate at least one measure when changes are detected. Changes might be caused by malicious users or malicious mobile phone SW in order to perform Denial of Service (DoS) attacks to the network. Those changes could be, for example, frequent handover actions, frequent attach/detach actions or frequent Packet Data Protocol context activation, deactivation or modification actions initiated by a mobile device or a group of mobile devices. The changes to the connection are detected by checking if parameters related to the mobile device, or related to network elements, violate defined policy rules. The detection itself is done in a network element, such as a core network element.

Abstract: The invention enables a user to use single-sign-on methodologies to obtain access to a service where that user has more than one account. In addition to querying an identity provider to obtain user credentials in the usual way, the invention enables an application to request and obtain further credentials for that user in order to enable the user to gain access to the desired user account. The user may then be prompted to select which of the available accounts should be used at the application.

Abstract: Based on security parameters previously agreed upon by first and second communication devices, a first security value is determined by the second communication device and transmitted to the first communication device. The first communication device determines second and third security values based on the security parameters and the first security value and transmits the second and third security values to the second communication device. The second communication device determines a fourth security value based on the security parameters and, if the second security value matches the fourth security value, authenticates the first communication device. Upon successful authentication of the first communication device, a shared key is determined by both communication devices based on the third security value and the security parameters.

Abstract: A local identity management module is described that is able to identify each of a plurality of user devices. The user devices communicate with the outside world via a network address translation device that converts an internal address of the user devices to a single internet protocol address, typically the internet protocol address of the network address translation device. An external identity management system can communicate with the local identity management module in order to identify which of said plurality of user devices made a particular request and, in some embodiments, to identify a user of said user device.

Abstract: A method of providing data in response to a search request comprises the steps of a social networking website receiving the search request to provide a pseudonym associated with the real name; the social networking website determining that the search request is for a pseudonym which, within its database, is not associated with the real name; the social networking website referring the search request to a identity management server which contains an association between the pseudonym and the real name; the identity management server determining the pseudonym which is associated with the real name; and the identity management server providing an information item which is related to the pseudonym.

Abstract: A method and a device for data processing are provided comprising a first instance comprising at least one local trusted unit (LTU) and a local trust manager (LTM), the method comprising the step: The local trust manager provides a policy related information to the at least one local trusted unit and/or to a second instance.

Abstract: Digital right management systems are technically constructed for protecting and carrying out wishes of a copyright holder such that the digital content is connected in a cryptographic and unique manner to any particular device and/or data carrier. Use of the digital content on other devices of the person who acquires rights is only possible after previous registration by the copyright holder. The person who acquires rights is enabled to manage the acquired rights thereof themselves on the electronic data object without instructing the intervention of a central copyright holder. This is accomplished by the person who acquires the rights creating partial amounts of the user rights having individual user rights. The digital content can be used, respectively, in the periphery of the created partial amounts of the individual user rights.

Abstract: Based on security parameters previously agreed upon by first and second communication devices, a first security value is determined by the second communication device and transmitted to the first communication device. The first communication device determines second and third security values based on the security parameters and the first security value and transmits the second and third security values to the second communication device. The second communication device determines a fourth security value based on the security parameters and, if the second security value matches the fourth security value, authenticates the first communication device. Upon successful authentication of the first communication device, a shared key is determined by both communication devices based on the third security value and the security parameters.