Abstract: A network interface controller (NIC). The NIC includes a first physical port, a second physical port, a non-transitory memory, a processor coupled to the first and second physical ports, and a data packet grooming application stored in the non-transitory memory. When executed by the processor, the application is configured to parse datagrams encapsulated within data link layer packets received by the first physical port, analyze the encapsulated datagrams based on a processing policy stored in the non-transitory memory, transmit some of the received data link layer packets via the second physical port to a server computer associated with the NIC, and transmit the remainder of the received data link layer packets via the first physical port to a second server computer.

Abstract: An electronic device. The electronic device comprises a memory comprising a confidential information region and a non-confidential information region, a processor, and an application stored in the memory. When executed by the processor, the application determines if a reboot has occurred after a most recent power-off boot, where a reboot takes place without removing power from the processor and memory and, in response to determining that the reboot occurred after the most recent power-off boot, prevents access of applications to the confidential information region in the memory.

Abstract: An electronic device. The electronic device comprises a memory comprising a confidential information region and a non-confidential information region, a processor, and an application stored in the memory. When executed by the processor, the application determines if a reboot has occurred after a most recent power-off boot, where a reboot takes place without removing power from the processor and memory and, in response to determining that the reboot occurred after the most recent power-off boot, prevents access of applications to the confidential information region in the memory.

Abstract: Embodiments of the disclosure relate generally to methods and systems for delivering digital or media content to a mobile device and associating the digital rights for the content with an identifier of the mobile device or user of the mobile device. In some embodiments, a clearing house may store the digital rights for the content and provide authorization for delivery requests from the mobile device. In some embodiments, the mobile device may receive the content via communication with one or more of: the clearing house, a media provider, and/or a transport provider.

Abstract: A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.

Abstract: A wireless communication system to secure data communications between APIs. The wireless communication system includes a first API for a first sensor in a first wireless communication device and a second API for a second sensor in a second wireless communication device. In the first wireless communication device, identifying an API request to externally share sensor data, and in response, performing a security challenge to verify the first API. If the first API is verified, then the API request is transferred to the second wireless communication device. In the second wireless communication device, performing a security challenge to verify the second API. If the second API is verified, then the API share request is transferred to the second API in the second wireless communication device.

Abstract: A user equipment. The user equipment comprises a processor, a memory, a trusted security zone, wherein the trusted security zone provides hardware assisted trust, a ticket generator stored in the trusted security zone to generate a plurality of access codes, and a code generator stored in the trusted security zone. The code generator generates a different one-time-password for each of the plurality of access codes, wherein the one-time-password is not displayed on the user equipment, stores the one-time-password in the trusted security zone, and transmits the one-time-password to a trusted server through a trusted channel. Responsive to an associated access code from the plurality of access codes being displayed and upon request of a user of the user equipment, the code generator displays the one-time-password and invalidates the one-time-password promptly after the display ends.

Abstract: An electronic device comprises a processor, a permissive sector, a trusted security zone that is separate from the permissive sector, a hardware driver, a first trusted application, stored in the trusted security zone, that is configured to invoke the hardware driver in response to activation instructions, and a second trusted application, stored in the trusted security zone, that when executed on the processor, configures the processor to: amass information about an uncompromised state of the hardware driver, store the information about the uncompromised state of the hardware driver in the trusted security zone, and compare, in response to receipt of activation instructions by the first trusted application, the information about the uncompromised state of the hardware driver with a current state of the hardware driver, and perform an action in response to a result of the comparison.

Abstract: Methods and systems are provided for disabling text messaging while driving. In one embodiment, a mobile station makes a first determination that it is moving at greater than a threshold rate. The mobile station makes a second determination that, while it is moving at greater than the threshold rate, an outgoing text message reflects more than a threshold degradation in typing proficiency. In response to making the first and second determinations, the mobile station disables one or more text-messaging features.

Abstract: Embodiments of the disclosure relate generally to methods and systems for pre-downloading at least a portion of a media event to a mobile device and the protection of the media content once it is downloaded to the device. Media content may be pre-downloaded to a mobile device before the official release of the media event and/or before a user has purchased the media event. The pre-downloaded media may be protected by one or more disruption to the presentation of the media content and/or by storing the pre-downloaded media in a trusted security zone of a mobile device. After the media event is released and purchased, the remaining media may be downloaded and a user may gain access to the full media content on the mobile device.

Abstract: Systems, methods, and software for operating communication systems are provided herein. In one example, method of operating a communication system to establish secure communications between a first user device communicating in a first communication network and a second user device communicating in a second communication network is presented. The method includes, responsive to a communication request received from the first user device, establishing a secure communication link between the first user device and a first security node. When a second security node has a security relationship established with the first security node, the method includes establishing the secure communication link for the secure communications between the first user device and the second user device using at least the security relationship between the first security node and the second security node, and exchanging the secure communications over the secure communication link.

Abstract: Systems and methods disclosed herein relate to the protection of a plurality of protected personas on a protected network that may be isolated from a telecommunication service provider's network that supports a portable electronic device. The plurality of personas may be generated by the owners and/or administrators of the network on which the personas reside. Activating a persona on a device, whether that device is owned and maintained by the business or businesses affiliated with the protected network, enables access to a plurality of data on the business's network and restricts access to at least some of the capabilities and functionality of the device available under the original persona. Data created or modified while the protected persona is activated on the device may not be accessed while the original persona is active and may be uploaded dynamically or manually to the protected network.

Abstract: Systems, methods, and software for operating communication systems are provided herein. In one example, method of operating a communication system to establish secure communications between a first user device communicating in a first communication network and a second user device communicating in a second communication network is presented. The method includes, responsive to a communication request received from the first user device, establishing a secure communication link between the first user device and a first security node. When a second security node has a security relationship established with the first security node, the method includes establishing the secure communication link for the secure communications between the first user device and the second user device using at least the security relationship between the first security node and the second security node, and exchanging the secure communications over the secure communication link.

Abstract: A method of trusted data communication. The method comprises executing a data communication application in a trusted security zone of a processor, wherein the processor is a component of a computer, commanding a controller of a peripheral device to execute a control application in a trusted security zone of the controller, wherein the controller is a component of the computer, commanding at least one of another peripheral device or a user interface device to not access a data bus of the computer, verifying that the controller is executing the control application in the trusted security zone of the controller, sending data from the processor to the controller over the data bus of the computer, and the controller one of transmitting the data sent by the processor on an external communication link, reading a memory storage disk, or writing to a memory storage disk.

Abstract: A method of operating a communication system comprises, in a wireless communication device, acquiring a packet address from a communication network, wherein the communication network assigns the packet address to the wireless communication device, and transmitting the packet address, a device identifier, and a location of the wireless communication device for delivery to a database in the communication network. The method further comprises, in a packet router, receiving a data packet with a destination address of the packet address assigned to the wireless communication device, querying the database with the packet address to determine the device identifier and the location of the wireless communication device, processing the location to select a plurality of output ports of the packet router, and broadcasting the data packet over the plurality of output ports.

Abstract: Examples disclosed herein provide systems, methods, and software for communication using Common Public Radio Interface. In one example, a system for CPRI communication includes a radio equipment control system configured to generate a timing security flag for a basic frame, insert the security flag into the basic frame, and initiate transfer of the basic frame to a radio equipment system. The radio equipment system is further configured to receive the basic frame, identify validity of the timing security flag, and upon validation, update timing on the radio equipment.

Abstract: A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.

Abstract: A method of executing a trusted application on a trusted security zone enabled electronic device. The method comprises responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token, transmitting the temporary trust token to the electronic device, and comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token.

Abstract: Methods and systems are provided for disabling text messaging while driving. In one embodiment, a mobile station makes a first determination that it is moving at greater than a threshold rate. The mobile station makes a second determination that, while it is moving at greater than the threshold rate, an outgoing text message reflects more than a threshold degradation in typing proficiency. In response to making the first and second determinations, the mobile station disables a text-message-sending capability.

Abstract: A method of communicating with a computing device having a trusted security zone comprises mapping a unique identifier for a computing device with a trust zone access control (TZAC) address, composing a message comprising the trust zone access control address, and routing the message to the computing device based on the unique identifier. The computing device comprises a normal security zone and a trusted security zone that is separate from the normal security zone, and the trust zone access control address is a unique identifier associated with a hardware component of the trusted security zone within the computing device. The message is internally routed to the trusted security zone within the computing device using on the trust zone access control address.