Abstract: Disclosed is a method for generating a privilege-based key using a computer. In the method, a privilege is received from an application, and verified as being associated with the application. The computer cryptographically generates a second key using a first key and the privilege. The second key is provided to the application.

Abstract: A method of providing access to content within a user device is disclosed and may include determining a location of the content, determining whether the content is within an allowed region, and selectively prompting a user to purchase a license to access the content. In a particular aspect, the user may be prompted to purchase the license to the access the content when the content is not within an allowed region. If the license is purchased, the user may be allowed to access the content. The license may be an unlimited license, a limited license, or a transfer license.

Abstract: A method for operating a device to protect an application from unauthorized operation is provided. The application will fail to operate on the device when the device is defined outside a selected operating region. The method includes transmitting the selected operating region for the application, and receiving the application and a geographic identifier associated with the application. The geographic identifier is configured to identify the selected operating region wherein the application will operate on the device. The method further includes transmitting a request to execute the application on the device. The request includes the geographic identifier. Further included in the method is receiving a code. The code prevents an execution of the application on the device if the code is a disable code. The disable code indicates that the device is operating outside the selected operating region. An apparatus for content protection in a wireless network is also provided.

Abstract: Methods, apparatus, and systems are described for providing an accessor device an access credential to interact with a device resource on an accessee device. An authorization entity having a trust relationship with the accessee device, or a linked subordinate authorization entity, generates the access credential. The access credential includes a modification detection indicator, at least one access privilege, and an accessor public key. The at least one access privilege corresponds to at least one device resource on the accessee device. The authorization entity forwards the access credential to the accessor device, which presents the access credential to the accessee device for authentication. Once authenticated, the accessee device grants access to one or more device resources, and controls requests to insure they are within the scope of the at least one access privilege.

Abstract: Methods, apparatus, and systems are described for providing an accessor device an access credential to interact with a device resource on an accessee device. An authorization entity having a trust relationship with the accessee device, or a linked subordinate authorization entity, generates the access credential. The access credential includes a modification detection indicator, at least one access privilege, and an accessor public key. The at least one access privilege corresponds to at least one device resource on the accessee device. The authorization entity forwards the access credential to the accessor device, which presents the access credential to the accessee device for authentication. Once authenticated, the accessee device grants access to one or more device resources, and controls requests to insure they are within the scope of the at least one access privilege.

Abstract: A method for operating a device to protect an application from unauthorized operation is provided. The application will fail to operate on the device when the device is defined outside a selected operating region. The method includes transmitting the selected operating region for the application, and receiving the application and a geographic identifier associated with the application. The geographic identifier is configured to identify the selected operating region wherein the application will operate on the device. The method further includes transmitting a request to execute the application on the device. The request includes the geographic identifier. Further included in the method is receiving a code. The code prevents an execution of the application on the device if the code is a disable code. The disable code indicates that the device is operating outside the selected operating region. An apparatus for content protection in a wireless network is also provided.

Abstract: Methods, apparatus, and systems are described for providing an accessor device an access credential to interact with a device resource on an accessee device. An authorization entity having a trust relationship with the accessee device, or a linked subordinate authorization entity, generates the access credential. The access credential includes a modification detection indicator, at least one access privilege, and an accessor public key. The at least one access privilege corresponds to at least one device resource on the accessee device. The authorization entity forwards the access credential to the accessor device, which presents the access credential to the accessee device for authentication. Once authenticated, the accessee device grants access to one or more device resources, and controls requests to insure they are within the scope of the at least one access privilege.

Abstract: Disclosed is a method for generating a privilege-based key using a computer. In the method, a privilege is received from an application, and verified as being associated with the application. The computer cryptographically generates a second key using a first key and the privilege. The second key is provided to the application.

Abstract: Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.

Abstract: Methods and systems streamline remote device management by eliminating the need to download device configuration data when no configuration changes have been made since the last device management session. A device may record data enabling it to determine whether configurations have changed since a last session with a device management server. Device management servers may record configurations of devices. While initiating a device management session, a device can inform the device management server whether an intervening configuration change has occurred. If no intervening configuration changes have occurred, the device management server can forgo obtaining the device's configuration data, saving communication time and bandwidth. If an intervening configuration change has occurred, the remote device may inform the server of the URI of the changed configuration item, enabling the server to request download of just the changed item.

Abstract: Methods, apparatus, and systems are described for providing an accessor device an access credential to interact with a device resource on an accessee device. An authorization entity having a trust relationship with the accessee device, or a linked subordinate authorization entity, generates the access credential. The access credential includes a modification detection indicator, at least one access privilege, and an accessor public key. The at least one access privilege corresponds to at least one device resource on the accessee device. The authorization entity forwards the access credential to the accessor device, which presents the access credential to the accessee device for authentication. Once authenticated, the accessee device grants access to one or more device resources, and controls requests to insure they are within the scope of the at least one access privilege.

Abstract: A method of providing access to content within a user device is disclosed and may include determining a location of the content, determining whether the content is within an allowed region, and selectively prompting a user to purchase a license to access the content. In a particular aspect, the user may be prompted to purchase the license to the access the content when the content is not within an allowed region. If the license is purchased, the user may be allowed to access the content. The license may be an unlimited license, a limited license, or a transfer license.