When, for example, an information processing apparatus additionally assigns a license in an information processing system in which plural information processing apparatuses perform a license check, the information processing apparatus adds an additional license count to an assigned license count stored in an internal memory thereof, and transmits the additional license count to an information processing apparatus started first and an information processing apparatus started immediately after the information processing apparatus to which the license is additionally assigned. In the first started information processing apparatus, the additional license count is added to an assigned license count stored in an internal memory thereof. Likewise, in each of the information processing apparatuses that were started after the information processing apparatus to which the license is additionally assigned, the additional license count is added to an assigned license count stored in an internal memory thereof, in a startup order.

In a credential recovery process, a user is authenticated using an application running on a mobile communications device, and requests recovery of a credential. The application generates a session key encrypted with the public key of a gateway, and sends the encrypted key to the gateway. The gateway recovers the credential from a depository, encrypted using a symmetric key shared with the depository. The gateway decrypts the credential and re-encrypts the credential using the session key. Preferably, the decryption and re-encryption is performed within a hardware secure module within the gateway. The re-encrypted credential is sent to the application, which decrypts the credential and outputs it to the user. In this way, the credential is provided securely to the user and may be made available for use immediately, or nearly so.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

The present disclosure is directed to secure computations and transmission of encrypted data over a network. Two unequal unsigned integer numbers are used as keys, which are kept secret by users. Each key is supplied as the seed to a uniform pseudorandom number generator, and follows an algorithm to encrypt and decrypt a communications channel between two endpoints on the network. The communications channel is a stream of bits representing any data that may be represented or stored by a computer capable of processing binary data. In one illustrative embodiment, a network has multiple endpoints, such as different terminals disposed at different locations (for example, terminals at various branches of a financial institution that are connected to a common network). Using keys that are specific to transactions between specified terminals allows for greater security of the encrypted transmissions.

A system is provided and includes a broadcasting device configured to emit a beacon signal over a predefined range and a mobile computing device. The mobile computing device is configured to run a host operating system at any location. The mobile computing device is further configured to run a virtual machine associated with the beacon signal within the host operating system but only when the computing device is in range of the beacon signal of a predefined strength.

A computer enabled system for facilitating electronic micropayments in which an accounting application receives a vendor submission a remote vendor server via a public communications network. This includes identifiers for the vendor, the customer and an item selected by the customer. The accounting application then checks the status of the customer's account. If it has sufficient funds, the transaction proceeds. The customer account is conditionally debited, and the vendor account conditionally credited with the transaction amount, including fees. A transaction confirmation is sent to the vendor application which then confers usage rights for the item to the customer. The accounting application periodically reconciles the vendor and customer accounts, deducts any service fees, and makes a single payment to each vendor. This single payment only incurs a single per-transaction credit-card company fee, thereby spreading it across multiple purchases and clients, making micro-transactions profitable.

There is described a challenge-response method for a client device. The method comprises steps of: (a) receiving challenge data, wherein the challenge data is content encrypted using an encryption key, the content including a nonce; (b) using a secured module of the client device to access the content by decrypting the challenge data using a decryption key of the secured module, the decryption key corresponding to the encryption key; (c) processing a version of the content output by the secured module so as to obtain the nonce; and (d) providing the nonce as a response. There is also described a client device for implementing the above challenge-response method. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above challenge-response method. Finally, there is described a computer readable medium storing the above-mentioned computer program.

A first network device of a first communication network obtains a challenge, generates a first PFS parameter, obtains a first verification code for the first PFS parameter, and sends the challenge, the first PFS parameter and the first verification code to a communication device, which in turn receives the challenge, the first PFS parameter and the first verification code, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first PFS parameter is authentic, and if the determination is positive generates and sends the second PFS parameter to the first network device, which in turn verifies the second PFS parameter.

A method for registering one of a plurality of assembly modules operatively coupled to one another in a modular assembly system is provided. A first message including a first identifier of the assembly module is received from one of the plurality of assembly modules. A second message including a second identifier for the assembly module is transmitted to the assembly module. The second identifier is generated based on at least the first identifier. A third message including the second identifier is received from the assembly module. In response to determining that the third message is received, the assembly module is registered as a new assembly module of the modular assembly system. At least one of the receiving, transmitting, determining, and registering is performed by a control module of the plurality of assembly modules.

A trust relationship can be established between two or more identities without the need of a certificate authority. Trust relationships between identities can be maintained in a distributed ring of trust between two or more identities. The distributed ring of trust can be on a signed identity list. A node desiring to add an identity to the ring of trust sends a request to a member of the ring of trust. The receiving member can determine whether or not to approve the request. In some aspects, approval can be based on a previously shared key or a two-party verification. Upon approval, the requested identity is added to a trusted identity list indicating identities associated with current members of the ring of trust. The updated trusted identity list can then be distributed to the members of the ring of trust.