Apparatus, method, and media for permitting use of content. An exemplary method comprises associating a transfer right with content, the transfer right specifying that the content is permitted to be transferred from a first computing device to a second computing device, transferring the content from the first computing device to the second computing device in accordance with the transfer right, updating information associated with the transfer right based on the transfer of the content from the first computing device to the second computing device, and associating a usage right with the content, the usage right corresponding to a utilization of the content, wherein the first computing device includes at least a server mode of operation, and wherein the second computing device includes both a requester mode of operation and a server mode of operation.

A system and method for providing digital data content to a wireless device. Although a fee is typically charged for access to the digital data content, e.g., electronic books, the system and the method provides controlled access to this content for free while the wireless device is accessing the content in a specified location, e.g., a retail location. A content control server receives a request from the wireless device requesting access to the digital data content. The request is received over a secure connection, preferably a virtual private network (VPN). The content control server monitors how much of the digital data content has been provided to the wireless device, and/or an amount of time the wireless device has been accessing the digital data content. This content control server uses this monitored data to control, throttle, the provision of the digital data content to the wireless device.

Systems and methods for authenticating a party are disclosed. A transaction may be initiated between a relying party and a presenter. The relying party can send the presenter a message with transaction information and requirements for authentication. The presenter can forward the message to a third party, which can authenticate the presenter to the relying party.

A system meters execution of an application module at an edge computing device. A secure workload package is transmitted securely from a workload provisioning service to the edge computing device. The secure workload package includes the application module, a trusted metering application, and a provisioning service authentication token. The provisioning service authentication token is verified in the secure workload package based on an edge device authentication token generated at the edge computing device. The trusted metering application is executed in a trusted execution environment of the edge computing device, responsive to verifying the provisioning service authentication token. The application module of the edge computing device is executed, wherein the trusted metering application is configured to monitor execution metrics of the application module on the edge computing device. The execution of the application module is managed based on the monitored execution metrics.

A provisioning system includes a provisioning apparatus configured to be electrically connected with at least one of a plurality of electronic devices for provisioning at least one electronic device. The provisioning apparatus is configured to obtain device type information about the electronic device type of the plurality of electronic devices and to issue a request for provisioning data based on the device type information. The provisioning system has a provisioning security module configured to receive the request for provisioning data from the provisioning apparatus and generate provisioning data in response to the request. The provisioning security module is configured to transmit the provisioning data to the provisioning apparatus to provide at least one electronic device with provisioning data. The provisioning security module is configured to maintain a provisioning counter indicative of a remaining number of the plurality of electronic devices that can be provisioned with provisioning data.

A provisioning system is provided for provisioning a plurality of electronic devices with provisioning data. Each of the plurality of electronic devices is associated with an electronic device type. The provisioning system includes a provisioning control apparatus, and a provisioning equipment configured to be electrically connected with at least one of the plurality of electronic devices for provisioning the at least one electronic device. The provisioning system includes a provisioning security module configured to receive the device type information from the provisioning control apparatus and to generate provisioning data on the basis of the device type information. The provisioning security module transmits the provisioning data to the provisioning equipment for provisioning the at least one electronic device with provisioning data. The provisioning security module maintains a provisioning counter indicative of a remaining number of the plurality of electronic devices that can be provisioned with provisioning data.

A provisioning control apparatus couples to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The provisioning control apparatus has a communication interface which transmits the program code to the provisioning equipment server for provisioning the electronic device(s) with the program code and to receive an electronic provisioning token having provisioning control data. The provisioning control apparatus includes a processor that controls the transmission of the program code via the communication interface to the provisioning equipment server. The electronic provisioning token has time adjustment information for adjusting the clock, and the processor adjusts the time of the clock. A provisioning control system includes the provisioning control apparatus and a method involves provisioning the electronic device(s).

An authentication device authenticates a user using biometric information. The authentication device including: a storage unit, a first acquisition unit, a second acquisition unit, a controller, an authentication processing unit, and an update processing unit. When the first acquisition unit acquires identification information, and a combination for which the number of successes for the acquired identification information is greater than or equal to a predetermined number is present in combination information, the controller sets a threshold such that a false acceptance rate for erroneously authenticating a person other than a registered user becomes lower than when the combination is not present.

Systems, methods, logic, and devices may support machine learning-based anomaly detections for embedded software applications. In a learning phase, an anomaly model training engine may construct an anomaly detection model, and the anomaly detection model configured to provide a determination of whether the embedded software application exhibits abnormal behavior based on activity measure and application parameter inputs. In a run-time phase, an anomaly detection engine may sample the embedded software application to obtain an activity measure and application parameters during the run-time execution and provide, as inputs to the anomaly detection model, the activity measure and the application parameters sampled during the run-time execution. The anomaly detection engine may further determine whether the embedded software application exhibits abnormal behavior based on an output from the anomaly detection model for the provided inputs.

The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.