Abstract: An electronic device includes a first communication device operable across a first medium of communication and a second communication device operable across a second medium of communication that is different from the first medium of communication. One or more processors operable with the first communication device and the second communication device obtain a client certificate digest from a prospective client device using the first communication device. Thereafter, the one or more processors receive a client certificate from a remote electronic device using the second communication device. The one or more processors then verifying that the prospective client device and the remote electronic device are the same device prior to establishing a secure communication session.

Abstract: An electronic device includes a first communication device operable across a first medium of communication and a second communication device operable across a second medium of communication that is different from the first medium of communication. One or more processors operable with the first communication device and the second communication device obtain a client certificate digest from a prospective client device using the first communication device. Thereafter, the one or more processors receive a client certificate from a remote electronic device using the second communication device. The one or more processors then verifying that the prospective client device and the remote electronic device are the same device prior to establishing a secure communication session.

Abstract: A method, a communication device and a computer program product for protecting communication devices from access by unauthorized users. The method includes retrieving, from a memory, a biometric sensor disable time range and determining, via a processor of the communication device, if a current time is within the biometric sensor disable time range. In response to determining that the current time is within the biometric sensor disable time range, the method further includes determining if the communication device is in a sleep mode and in response to determining that the communication device is in the sleep mode, disabling at least one biometric sensor.

Abstract: A method, a communication device and a computer program product for managing communication device calls based on facial recognition. The method includes detecting, via a processor of a communication device, an incoming call and triggering an image capture device to capture image data from a field of view of the image capture device. The method further includes receiving the image data from the image capture device and retrieving reference image data from a memory. The method further includes determining if the image data is substantially similar to the reference image data and in response to the image data being substantially similar to the reference image data, stopping at least one notification associated with the incoming call.

Abstract: A method, a communication device and a computer program product for protecting communication devices from access by unauthorized users. The method includes retrieving, from a memory, a biometric sensor disable time range and determining, via a processor of the communication device, if a current time is within the biometric sensor disable time range. In response to determining that the current time is within the biometric sensor disable time range, the method further includes determining if the communication device is in a sleep mode and in response to determining that the communication device is in the sleep mode, disabling at least one biometric sensor.

Abstract: A method for managing data communication between a communication device (102) and another device (112) in a communication network, comprises providing (500) data for transmission by the communication device (102), and controlling by at least one secure management element (300, 304) operating in a secure environment (218) in the communication device the transmission of the provided data by the communication device so as to manage data transmitted by the communication device. The step of controlling may include at least one of controlling an amount of data transmitted, controlling a time of transmission of data and controlling a periodicity of transmission of data. A communication device and a method of managing data received by a communication device are also described.

Abstract: A method is provided for updating identity data on network-enabled devices. The method provides for providing certificate signing requests and/or device identifiers to an external trust authority, which in response generates digital certificates and/or key pairs. The generated digital certificates and/or key pairs can be provided to a network-enabled device in response to an update request.

Abstract: A method and system generates and distributes unique cryptographic device keys. The method includes generating at least a first device key and encrypting the first device key with a first encrypting key to produce a first encrypted copy of the device key. The method also includes encrypting the first device key with a second encrypting key to produce a second encrypted copy of the device key. The second encrypting key is different from said first encrypting key. The first and second encrypted copies of the device keys are associated with a device ID identifying a computing device being manufactured. The second encrypted copy of the device key is loaded onto the computing device. The first encrypted copy of the device key and the device ID with which it is associated are stored onto at least one server for subsequent use after the computing device has been deployed to a customer.

Abstract: A method and apparatus for managing security state transitions within a device is provided herein. During operation a security token will indicate whether or not a device is operating in a secured or unsecured state. The security token controls whether or not image validation will take place and if access to security critical resources is allowed. When a switch to a non secure state is made, the security token will be eliminated and blocked from recreation in the non-secure state, thus preventing non-secure code from spoofing a secure state indication. In the non-secure state, image validation is bypassed and the non-secure code is allowed to execute. Once a switch back to a secure state takes place, the secure token is recreated and all images on the device are analyzed to determine if they are approved.

Abstract: A server, e.g., a client (105, 107, 109), receives a request for a digital signature to be applied to digital information, obtains a representation of the information, determines a designation of key pair(s) to be applied thereto; and transmits a request for the digital signature to a front end server (103a, 103b). The front end server determines one or more of whether the client is authentic and authorized, the user identifier is authentic, and the user identifier is permitted to make the request. If so, the front end server transmits a request to generate a digital signature to a back end server (101). The back end server determines one or more of whether the front end server is authentic and the designated key pair correspond to the requesting front end server. If so, the back end server generates the digital signature based on the information and the key pair(s).

Abstract: A method for managing data communication between a communication device (102) and another device (112) in a communication network, comprises providing (500) data for transmission by the communication device (102), and controlling by at least one secure management element (300, 304) operating in a secure environment (218) in the communication device the transmission of the provided data by the communication device so as to manage data transmitted by the communication device. The step of controlling may include at least one of controlling an amount of data transmitted, controlling a time of transmission of data and controlling a periodicity of transmission of data. A communication device and a method of managing data received by a communication device are also described.

Abstract: A method for controlling subsidy locking of a handset device includes storing, in a handset device, an asymmetrically digitally signed subsidy unlock data block that has been modified based on a password after signing (505); modifying the stored unlock data block based on a received subsidy unlock password (510); and granting subsidy unlock status if the asymmetric digital signature of the modified, stored unlock data block properly verifies (510). A method (110) for controlling subsidy locking of a handset device includes storing, in the handset device, an asymmetrically digitally signed subsidy unlock data block that comprises a password portion that has been modified after signing (112); replacing the contents of the modified password portion with a received subsidy unlock password to produce an updated subsidy unlock data block (116); and granting subsidy unlock status if the asymmetric digital signature of the updated subsidy unlock data block properly verifies (118).

Abstract: A handset device (100) enabled for subsidy control via a SIM card (150) includes memory (110) operative to store an activation file (112) and a public key (114) and a controller (120) operatively coupled to the memory. The controller (120) is operative to send an activation file request to a SIM card (150), to receive an asymmetrically digitally signed activation file (214) from the SIM card (150), to verify the asymmetric digital signature of the activation file (214) via the public key (114) and to install the activation file (112) in the memory (110). A SIM card device (150) enabled for subsidy control of a handset device (100) includes memory (110) operative to store an activation file template (162) and a private key (164) and a controller (170) operatively coupled to the memory (160).

Abstract: A method for controlling subsidy locking of a handset device includes storing, in a handset device, an asymmetrically digitally signed subsidy unlock data block that has been modified based on a password after signing (505); modifying the stored unlock data block based on a received subsidy unlock password (510); and granting subsidy unlock status if the asymmetric digital signature of the modified, stored unlock data block properly verifies (510). A method (110) for controlling subsidy locking of a handset device includes storing, in the handset device, an asymmetrically digitally signed subsidy unlock data block that comprises a password portion that has been modified after signing (112); replacing the contents of the modified password portion with a received subsidy unlock password to produce an updated subsidy unlock data block (116); and granting subsidy unlock status if the asymmetric digital signature of the updated subsidy unlock data block properly verifies (118).