Abstract: A method and a system for combining data with an apparatus which is provided for processing the data includes the following steps: (a) determining an identifier associated with the apparatus; (b) generating a first key by using the identifier and a second secret key, which is independent of the identifier; (c) generating a decryption algorithm to be used for the second key and providing the decryption algorithm to the apparatus; (d) encrypting a rights object, which allows access to the data, using the first key and the second secret key; (e) transmitting the data and the rights object to the apparatus; (f) decrypting the rights object with the apparatus by using the identifier associated with the apparatus and the decryption algorithm associated with the apparatus; and (g) decrypting the data using a key selected by a rights owner and included in the decrypted rights object.

Abstract: A method for enabling a first party to provide a second party with personalized digital content includes at a network unit: in response to receiving a request from a first party, the request including an identifier identifying a second party, retrieving identity credentials of the second party; and transmitting the identity credentials of the second part to a first party or to a content providing system; and in a content providing system: in response to receiving: a) an identifier from the first party, the identifier identifying digital content in a digital content storage, and b) the identity credentials of the second party, personalizing digital content using the identity credentials, the personalizing adapted to enable the second party to reproduce the digital content but to prevent any unauthorized party to reproduce it; and delivering the personalized digital content to the first party.

Abstract: An ordering scheme is described, for example an ordering and payment scheme for mobile communication devices. The ordering scheme enables an Internet shop or another service provider to issue binding offers to a mobile communication device or the like and to receive an acceptance of the offer from the mobile device. The acceptance is encrypted using a private key of mobile device and the offer may be encrypted using a private key of the service provider. The service provider liaises with a payment broker and a charging system for controlling the transfer of funds from the user to the service provider. An identity management system may be provided to control access to the modules of the ordering scheme.

Abstract: A protocol with constant-time complexity solves the problem of private identification of tags in low-cost, large-scale radio frequency identification (RFID) systems—assuming that an adversary has complete control over the communication channel. Each RFID tag has an internal counter, c, and is preloaded with a unique pseudonym, ?, and a secret key, k. A RFID reader attempting to identify and authenticate a tag within its range generates and transmits a random nonce to the RFID tag, which returns a first hash of its current pseudonym and counter, and a second hash that is a function of the secret key. The reader uses the returned data to identify the RFID tag and its secret key by reference to a database and returns other hash values that authenticate the reader to the RFID tag. The most expensive operation that RFID tags are required to perform is a hash function.

Abstract: A method for processing rights granted to an operator of a device or a group of devices using a rights object, wherein the method comprises at least the steps of receiving a rights object from the computer of a third party, generating at least one derived rights object based on the rights object received from the computer of the third party, and forwarding the at least one derived rights object to the device or individual devices from the group of devices. A system is provided which operates in accordance with the method. An apparatus that performs the method is also provided.

Abstract: A method and a device for operating a technical installation using data from a third party are provided, the data being protected against unauthorized use. A first and a second rights object are used for protecting the data, the first rights object specifying an authorized use of the data with a variable not defined in respect of its value and the second rights object defining a value for the variable.

Abstract: The invention discloses a method and a system for combining data with an apparatus which is provided for processing the data, with the following steps: (a) determining an identifier associated with the apparatus; (b) generating a first key by using the identifier and a second secret key, which is independent of the identifier; (c) generating a decryption algorithm to be used for the second key and providing the decryption algorithm to the apparatus; (d) encrypting a rights object, which allows access to the data, using the first key and the second secret key; (e) transmitting the data and the rights object to the apparatus; (f) decrypting the rights object with the apparatus by using the identifier associated with the apparatus and the decryption algorithm associated with the apparatus; and (g) decrypting the data using a key selected by a rights owner and included in the decrypted rights object.

Abstract: Digital right management systems are technically constructed for protecting and carrying out wishes of a copyright holder such that the digital content is connected in a cryptographic and unique manner to any particular device and/or data carrier. Use of the digital content on other devices of the person who acquires rights is only possible after previous registration by the copyright holder. The person who acquires rights is enabled to manage the acquired rights thereof themselves on the electronic data object without instructing the intervention of a central copyright holder. This is accomplished by the person who acquires the rights creating partial amounts of the user rights having individual user rights. The digital content can be used, respectively, in the periphery of the created partial amounts of the individual user rights.

Abstract: A method for enabling a first party to provide a second party with personalized digital content includes at a network unit: in response to receiving a request from a first party, the request including an identifier identifying a second party, retrieving identity credentials of the second party; and transmitting the identity credentials of the second part to a first party or to a content providing system; and in a content providing system: in response to receiving: a) an identifier from the first party, the identifier identifying digital content in a digital content storage, and b) the identity credentials of the second party, personalizing digital content using the identity credentials, the personalizing adapted to enable the second party to reproduce the digital content but to prevent any unauthorized party to reproduce it; and delivering the personalized digital content to the first party.

Abstract: Based on security parameters previously agreed upon by first and second communication devices, a first security value is determined by the second communication device and transmitted to the first communication device. The first communication device determines second and third security values based on the security parameters and the first security value and transmits the second and third security values to the second communication device. The second communication device determines a fourth security value based on the security parameters and, if the second security value matches the fourth security value, authenticates the first communication device. Upon successful authentication of the first communication device, a shared key is determined by both communication devices based on the third security value and the security parameters.

Abstract: A cryptographic key pair is formed using an Internet-based authentication method, in order to transmit communication configuration data from a first communication unit to a second communication unit in a secure cryptographic manner.

Abstract: In the method and the arrangement for checking the authenticity of a first communication subscriber in a communications network, a first fault information item is formed in the first communication subscriber using a fault detection data item of the first communication subscriber and an information item relating to a random data item. In a second communication subscriber in the communications network, a second fault information item is formed using a fault detection data item of the second communication subscriber and the information relating to the random data item. The authenticity of the first communication subscriber is checked using the first fault information and the second fault information.

Abstract: Method and arrangement for checking the authenticity of a first communication subscriber in a communications network In the method and the arrangement for checking the authenticity of a first communication subscriber in a communications network, a first fault information item is formed in the first communication subscriber using a fault detection data item of the first communication subscriber and an information item relating to a random data item. In a second communication subscriber in the communications network, a second fault information item is formed using a fault detection data item of the second communication subscriber and the information relating to the random data item. The authenticity of the first communication subscriber is checked using the first fault information and the second fault information.

Abstract: A very efficient authentication and authorisation check in n:m relationships is possible with a method for checking the entitlement of a user of a telecommunication terminal (1) to a service, whereby an access device (4) on a telecommunication network (3) obtains at least one certificate and a proof of identity (10) from the telecommunication terminal (1), whereupon NMT (5) together with a certification device (7) carries out a check of whether the certificate giving the identity is valid and has a positive status and whether particular authorisation may be obtained from complementary certificates. Should the above be the case, a secret (for example a session key) is transmitted (15) to the access device (4) which is also sent (15, 16) to the telecommunication terminal (1, 2), encoded with at least the public key. The access device (4) is then activated with a policy corresponding to the rights of the telecommunication user.

Abstract: In the method and the arrangement for checking the authenticity of a first communication subscriber in a communications network, a first information item is formed in the first communication subscriber using a fault detection data item of the first communication subscriber and an information item relating to a random data item. In a second communication subscriber in the communications network, a second fault information item is formed using a fault detection data item of the second communication subscriber and the information relating to the random data item. The authenticity of the first communication subscriber is checked using the first fault information and the second fault information.

Abstract: In the method and the arrangement for checking the authenticity of a first communication subscriber in a communications network, a first information item is formed in the first communication subscriber using a fault detection data item of the first communication subscriber and an information item relating to a random data item. In a second communication subscriber in the communications network, a second fault information item is formed using a fault detection data item of the second communication subscriber and the information relating to the random data item. The authenticity of the first communication subscriber is checked using the first fault information and the second fault information.

Abstract: In the method and the arrangement for checking the authenticity of a first communication subscriber in a communications network, a first fault information item is formed in the first communication subscriber using a fault detection data item of the first communication subscriber and an information item relating to a random data item. In a second communication subscriber in the communications network, a second fault information item is formed using a fault detection data item of the second communication subscriber and the information relating to the random data item. The authenticity of the first communication subscriber is checked using the first fault information and the second fault information.