A method and system for generating and processing an authenticity certificate. A request for a step certificate is received from a requester entity. The step certificate authenticates an involvement of the requester entity about an object. The request includes an object identifier, a requester entity type of the requester entity, and a requester identity certificate of the requester entity. The object identifier is hashed. A signature is created and includes the hashed object identifier, the requester entity type, a certifier identity certificate, and the requester identity certificate. A hashing result is generated by hashing a concatenation of the object identifier, the requester entity type, the certifier entity certificate, the requester identity certificate, and the signature. The step certificate is generated and includes the hashing result. The step certificate is encrypted. The encrypted step certificate is sent to the requester entity for subsequently storing the step certificate on a media.

A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be checked out of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content. A trust plugin is disclosed, along with a method of using the trust plugin so that a media player designed for use with unprotected content may render protected content without the necessity of requiring any changes to the media player. In one aspect, the streamed content may be in a number of different formats, including MPEG-4, MP3, and the RMFF format.

A virtual private network (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices.

Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device. Prior to allowing the management device to use the management tunnel to perform management functionality in relation to the managed device, credentials of the management device are verified by the managed device by comparing the PKI-authenticated unique identifier of the management device to that which is stored within the managed device.

A data decoding system can comprise one or more computers communicatively coupled to a network. The computers can execute at least one decoding process. The decoding process can be configured, responsive to receiving a decoding request comprising an image of decodable indicia, to locate the decodable indicia within the image, and to decode the decodable indicia into a decoded message. The decoding process can be further configured, responsive to completing a decoding operation, to transmit to the client the decoded message and/or the decoding operation completion code.

Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.

Systems, methods and devices for providing digital certificates are disclosed. In a method conducted at a remotely accessible server, a request, including an identifier, for a digital certificate is received. A communication address of a mobile device, having a certificate store module in communication therewith, associated with the identifier is then obtained. A request for a digital certificate is transmitted to the certificate store module via the mobile device and the certificate store module is configured to prompt a user thereof, via the mobile device, for a passcode before releasing the certificate. The digital certificate is received from the certificate store module via the mobile device in response to entry of a passcode into the certificate store module which corresponds to an offset stored in the certificate store module. The digital certificate is then transmitted to a communication device for use in digitally signing or encrypting a data message.

A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.

Techniques for authenticating the identity of a caller in a telephone call are disclosed. The device generating the call implements encrypting caller identification information and initiating the telephone call, said initiating comprising providing a voice carrier signal including the caller identification information; and simultaneously providing a data carrier signal including the encrypted caller identification information. The receiving device implements receiving the telephone call; decrypting the encrypted caller identification information at the recipient device; and verifying the identity of at least an unknown caller at the recipient device by at least one of verifying the authenticity of a certificate used to encrypt the caller identification information; and comparing the decrypted caller identification information with the caller identification information from the voice carrier signal. A telephony device implementing such an authentication technique is also disclosed.

A wireless communications system comprises a sector controller that includes a wireless transmitter, and a mobile subscriber station that includes a wireless receiver, and a memory. The wireless transmitter continuously transmitting frames. Each frame comprising a control field and the control field comprising a portion of an encryption certificate associated with the sector controller. The wireless receiver receives each frame and extracts the portion of the encryption certificate and stores the portion of an encryption certificate in the memory. The mobile subscriber station combines the portions of the encryption certificate stored in the memory and verifies that a complete encryption certificate has been received. After this the mobile subscriber station transmits its encryption certificate to the sector controller. The encryption certificates are based on an elliptic curve digital signature algorithm.