Abstract: An approach is provided for shared mobile web services. A community including multiple mobile web servers providing a shared web service is designated. In the event one mobile web server is unavailable to service a request directed to the shared web service, another mobile web server is selected to provide the shared web service.

Abstract: Methods, apparatuses, and computer program products herein enable a communication device to enable the bundling of one or more connection requests in order to reduce overall signaling from a communication device. An example method may include receiving a connection request from an application. In some example embodiments, the connection request defines a connection time indication. The method may further include receiving at least one additional connection request from one or more applications. The method may further include determining a connection time for the application and the one or more applications. In some example embodiments, the connection time is configured to enable the application and the one or more applications to utilize the connection concurrently. The method may further include causing a connection to be established at a connection time. In some example embodiments, the connection time is scheduled prior to an expiration of the connection time indication.

Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar.

Abstract: Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.

Abstract: A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.

Abstract: The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.

Abstract: An approach is provided for shared mobile web services. A community including multiple mobile web servers providing a shared web service is designated. In the event one mobile web server is unavailable to service a request directed to the shared web service, another mobile web server is selected to provide the shared web service.

Abstract: An approach is provided for shared mobile services. A node joins a community of a plurality of mobile servers for sharing a service. The node provides the service to a service consumer.

Abstract: A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.

Abstract: A system and method for using a service discovery device to enable communication between devices within a home network and a remote device. An IP address is provided to each device located within the home network. After the service discovery device makes at least one HTTP request to each of the IP addresses, the service discovery device receives information from a HTML page on each of the devices. A web page is then generated that contains the received information. The generated web page is accessible from the remote device, and the generated web page includes a list of links to device web pages for each of the devices located within the home network.

Abstract: A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar.

Abstract: A method for connecting a first device and a second device. The method comprises associating at a third party temporary unique information with information associated with said first device; receiving from said third party said unique information at said first device; inputting said unique information to said second device; sending said unique information from said second device to said third party; and receiving from said third party at said second device said associated information.

Abstract: Methods, apparatuses and modules for creation of a generic public key infrastructure by use of established trust, wherein trust between a client and a registration authority is established, and an enrolled certificate is furnished in a secure manner to the client by use of the established trust. The present invention also address correspondingly configured servers and/or terminals, client and/or registration authorities and/or certificate authority entities, as well as device security, security-aware control points and security console units, provided with such modules and functions enabling the aspects of the method/s to be carried out. Respective computer programs and circuit arrangements for carrying out the aspects of the methods and/or for operating hardware to carry out the aspects of the above methods are also provided.

Abstract: A method, a terminal, and a server are provided to enable to remotely and securely grant, by an owner of a server, access to the server for a third party. A mechanism is defined to establish a trust relationship between a mobile device and a home gateway while in a home network and later to use that trust relationship when granting access to the home network (via remote access through the home gateway) to other devices.

Abstract: A system for selectively granting access rights within a network. When a requesting device learns that a device is a secure device and is owned by a Security Console, the requesting device calls a listowners action to the secure device, which respond by transmitting a public key hash to the requesting device. The requesting device then multicasts a message including the public key hash. Security Consoles receiving the multicast message then determine whether they recognize the public key hash. If a Security Console recognizes the public key hash, then it responds to the multicast message and subsequently provides the requesting device with access rights to the secure device.

Abstract: A Content Directory Service (CDS) security service specifying, in a user friendly manner, which users of a media server or other UPnP device own which content. The security service also permits the owners of content to control who is permitted to read the content. A CDS account manager is used to define user accounts and associated rights, such as validity periods and default rights. The CDS account manager is used by a security console which owns the media server. A CDS content manager is used to manipulate the rights to objects. The CDS content manager is used by a registered security aware control point (i.e., a control point associated with a user account) and can be used to change read and write access lists on the object.

Abstract: Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.

Abstract: A method and corresponding equipment, for enabling a subscriber device (14) to engage a service provided by a server (12) to give a friend device (15) access to the service, including a step (21) in which the subscriber device (14) engages the server (12) to provide the service and obtains a subscriber certificate corresponding to the service; and a step (24) in which the subscriber device (14) issues to the friend device (15) a friend certificate based on the subscriber certificate, the friend certificate being such that it is recognized by the server as entitling the friend device to the service.

Abstract: A system, apparatus and method for relating a security association to a contact in a namespace familiar to the user, and using this association to make access control decisions. An identifier of a first device is received at a second device. Using the identifier, the second device locates a contact entry corresponding to the identifier in a contact directory. A contact name associated with the identified contact entry is presented to the user of the second device to facilitate user authorization of the wireless proximity connection. An authorization identifier, e.g., a Bluetooth link key, is associated with the contact entry if authorized by the user of the second device. A wireless proximity connection, e.g., a Bluetooth connection, is established between the first and second devices in response to associating the authorization identifier with the entry. When subsequent wireless proximity connection are attempted between the first and second devices, the connection may be automatically established.

Abstract: The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.