Abstract: A system and method for selectively securing data from unauthorized access on a client device storing a plurality of data types with reference to an authorization level indicated in a command. A command is received at a client device comprising an authorization level indicator. Based on at least one predefined rule, which may be implemented in an IT policy stored at the client device, each of the plurality of data types to be secured is determined, and then the data corresponding to those types is secured. The data may be secured by encrypting and/or deleting the data at the client device. The predefined rules associated with each authorization level may be configured by a user or administrator having an authorization level that exceeds the associated authorization level.

Abstract: A click detection method, apparatus and system is provided. An embodiment includes a method that receives a request from a client destined for a server and a unique identifier for the client. The method also includes generating a representation of the unique identifier, and forwarding the representation of the unique identifier and the request to the server.

Abstract: A system includes a first wireless-enabled device that transparently stores confidential information and a second wireless-enabled device that stores the same confidential information. The confidential information is to be used to secure a wireless communication link between the first device and the second device. One or both of the first device and the second device is to delete the confidential information upon fulfillment of one or more conditions related to the communication link. The conditions include general timeout, device inactivity, loss of connection over the communication link, a decline in signal strength, and a predefined number of transactions having occurred between the first device and the second device.

Abstract: A symmetric key to be used to secure a communication link between a first device and a second device is generated as follows: a first symmetric key is generated; a second symmetric key is generated; packets communicated between the first device and the second device over communication link are hashed to create a hash result; the first symmetric key, the second symmetric key and the hash result are hashed to generate a third symmetric key to be used to secure the communication link.

Abstract: This document discusses, among other things, a method for authenticating a browser executing on an auxiliary device with a web service executing on a portable electronic device. The method includes receiving a request for a resource from the browser, determining whether the request identifies a protected resource, and selectively authenticating the request based on whether the request identifies a protected resource.

Abstract: A method and user device for limiting a time for which location data sharing is enabled for a user device of a data sharing group, the data sharing group comprising at least two user devices inclusive of the user device, each user device of the data sharing group configured to store data shared by user devices of the data sharing group on the respective user device and to maintain a list of the user devices in the data sharing group. The method comprises receiving an instruction through a user interface on the user device indicating that location data sharing is to be enabled for a limited time period after which location sharing is to be disabled, obtaining location data for the user device during the limited time period; and sending the location data to at least one other user device of the sharing group during the limited time period.

Abstract: Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an audio signal. The audio signal is transmitted from the first computing device to the second computing device. The password is determined from the audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.

Abstract: Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created.

Abstract: A system and method of selecting messaging settings on a messaging client are provided. A display configured to operate in conjunction with the messaging client displays a compose screen that includes a message portion and a messaging settings portion when an outgoing message is to be composed on the messaging client. Messaging settings selected to control message characteristics of the outgoing message are displayed in the messaging settings portion of the compose screen.

Abstract: A device certificate binds an identity of a first device to a public key of the first device. The first device comprises a certificate authority service that creates for a process on the first device a process certificate certifying one or more capabilities of the process on the first device. The process certificate is presented to the second device. Upon validating the process certificate using the device certificate, the second device permits the process on the first device to have on the second device one or more of the verified certified capabilities.

Abstract: A first device establishes a connection with a second device and attempts access, via the connection to an enterprise server of an enterprise. The first device may have a number of security perimeters, ones of which are allowed to use various communications proxies provided by the second device. If the first device and the second device are associated with a same common enterprise, an enterprise perimeter of the first device may be enabled to access the enterprise using an enterprise proxy of the second device.

Abstract: There is disclosed a user interface for selecting a photo tag. In an embodiment, the user interface embodies a method of selecting a photo tag for a tagged photo, comprising: providing a tag entry field for entering a photo tag; in dependence upon a string entered by a user, displaying in a matching tag list any tags from one or more selected tag sources matching the entered string. The method may further comprise displaying a tag type for each tag appearing in the matching tag list. The method may further comprise allowing user selection of a tag in the matching tag list to complete the tag entry field.

Abstract: Methods and apparatus for enabling content interaction at a connected electronic device re described. An example method includes establishing a web protocol session between a web server executing on a first electronic user device and a client executing on a second electronic user device via a direct radio frequency connection between the first electronic user device and the second electronic user device, wherein the first electronic user device and the second electronic user device are associated with a same user, the establishing including sending an open request from the client to the web server; and transmitting a response to the open request from the web server to the client, the response including a universal resource identifier identifying a location of content for presenting, on the second electronic device, the application executing on the first electronic device.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: A method and system are provided for operating a mobile device, the method comprising: reading a barcode being displayed by another mobile device, to identify a group, by capturing at least one image of the barcode; and joining the group identified by the barcode. Another method and system are provided, the method comprising: storing a barcode on the mobile device, the barcode identifying a group; and displaying the barcode on a display of the mobile device such that the entire barcode is visible on the display to enable another mobile device to scan the barcode to join the group. Another method and system are provided, the method comprising: reading a barcode being displayed by another mobile device, to identify an individual associated with the other mobile device, by capturing at least one image of the barcode; and inviting the individual identified by the barcode to join a group.

Abstract: A system and method for handling e-mail address mismatches between the address contained within a user's certificate or certificate chain, and the account address actually being used is disclosed. In order to resolve address mismatches a canonical or generic domain name or user name may, for example, be used as a lifelong address of a user that is contained in the user's certificate. Upon detection of an address mismatch, the system and method disclosed herein may automatically re-check the certificate or search for a certificate containing the canonical or generic domain name and/or user name to attempt to resolve the mismatch.

Abstract: Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created.

Abstract: Systems, methods, and software for providing digital security to a child message transmitted from a mobile device to a messaging server, where the mobile device typically does not transmit the parent message with the child message to the messaging server. Whether to apply digital security, such as encryption or a digital signature, or both, is determined, and if the mobile device does not include a complete copy of a parent message for insertion into the child message, the mobile device selectively downloads the parent message from the messaging server prior to the computation of a digital signature or prior to encryption. The systems and methods may also provide a check of the child message size, when the child message includes inserted parent content, to ensure that the child message does not exceed any prescribed limits on message size.

Abstract: A content item may be identified at a first electronic device with selection for the content item to be “opened” at a second electronic device. The first electronic device may instruct that the content item be displayed or otherwise made available for further interaction at the second electronic device. A web protocol session may be established between the first electronic device and the second electronic device to allow for an instruction message from the first electronic device to the second electronic device. Upon receiving a user interface command at the first electronic device, the user interface command indicating that the content item should be displayed at the second electronic device, the instruction message is sent to the second electronic device, via the web protocol session. As a result, the content item is caused to be displayed at the second electronic device.

Abstract: A method of providing a password to a handheld electronic device having a reduced keyboard and a non-predictive keystroke interpretation system, wherein the reduced keyboard is of a particular keyboard type and the non-predictive keystroke interpretation system is of a particular system type. The method includes receiving a first character string in an electronic device, such as, without limitation, a PC, that is separate from the handheld electronic device, generating one or more second character strings in the electronic device based on the particular keyboard type, the first character string, and, possibly, the particular system type, and transmitting the one or more second character strings from the electronic device to the handheld electronic device as the password.