Entries |
Document | Title | Date |
20080201782 | METHOD AND APPARATUS FOR MANAGING DIGITAL CONTENT - A method and apparatus for managing digital content are provided. The apparatus for managing digital content generated by applying digital rights management (DRM) includes: a content execution unit executing digital content; and a control unit confirming whether or not digital content is in a first period in which the digital content can be normally executed, and controlling the content execution unit so that, if the digital content is in the first period, the digital content can be executed normally, and if the digital content is in a second period which is not in the first period, the digital content can be executed in a manner which can be distinguished from that of execution in the first period. According to the apparatus and method, execution of digital content, which is close to expiration, can be controlled, thereby managing the expiration of the digital content for a user. | 08-21-2008 |
20080209570 | Systems, Methods, And A Storage Medium For Storing and Securely Transmitting Digital Media Data - Systems, methods, and a storage medium for storing and securely transmitting digital media data in a networked system are provided. The method includes determining an amount of memory for storing the digital media data. The method further includes querying a plurality of network computers to determine an amount of available memory in a plurality of memory storage devices associated with the plurality of network computers. The method further includes receiving the digital media data and partitioning the digital media data into a plurality of digital media data sets. The method further includes encrypting the plurality of digital media data sets into a plurality of encrypted digital media data sets using at least one encryption key value. The method further includes storing the plurality of encrypted digital media data sets in at least two of the plurality of memory storage devices associated with the plurality of network computers. The method further includes retrieving the plurality of encrypted digital media data sets and transmitting the plurality of encrypted digital media data sets to a decryption device. Finally, the method includes decrypting the plurality of encrypted digital media data sets at the decryption device using at least one encryption key value to obtain the digital media data. | 08-28-2008 |
20080222735 | METHODS AND COMPUTER PROGRAM PRODUCTS FOR SECURING DISPLAY OF MESSAGE CONTENT - The shortcomings of the prior art are overcome and additional advantages are provided by securing display of sensitive messages to prevent third parties from viewing sensitive content. For one or more incoming messages designated as sensitive, substitute content to be displayed in place of sensitive content is received from a message recipient. Alternatively or additionally, an indicia to be displayed with any incoming message designated as sensitive is received from the message recipient. A message having sensitive content is designated as sensitive by a sender, a recipient, or an intermediate system. Upon receipt of a message designated as sensitive, a message window is displayed that includes substitute content different from the sensitive content. The substitute content includes an indicia that the sensitive content is not displayed. | 09-11-2008 |
20080222736 | Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks - The present invention relates to a method for preventing an unauthorized activity including a transaction in a web site comprising the steps of: (a) receiving a response containing at least one HTML page, from said site, by the traffic processor; (b) modifying said response by obfuscating said at least one HTML page of said response; (c) storing de-obfuscation information in a transaction table; (d) forwarding the modified response from said traffic processor to the client's browser; (e) redirecting a request from said browser to the traffic processor, by the redirector; (f) checking said request for an unauthorized command; (g) de-obfuscating said request using the stored information in said transaction table; and (h) forwarding the modified request to said site. | 09-11-2008 |
20080222737 | Apparatus for and a method of copy-protecting a content carrying recording medium - Recording data has content data and navigation control data to enable a legitimate player to navigate the content data. The recording data has a content data set and a spurious data set that is difficult to distinguish from the content data set but will ignored by a legitimate player. The content data is associated with the content data set and the spurious data set. The spurious data set may be associated with control data that inhibit playing or correct playing of the content data. A ghost structure such as a ghost video title set my be provided by causing information in at least one of the video title set information, video manager information and the volume information file structure to reference a non-existent video title set or not reference an existing video title set. The recording medium may be an optical disc such as a DVD or its precursors. | 09-11-2008 |
20080229428 | System and Method For a Dynamic Policies Enforced File System For a Data Storage Device - An autonomous data storage device for storing data files via an external file interface, the external file interface being controllable from an external device, the device comprising: a physical file storage for homogenous storage of files; the external file interface configured to allow sector level access to at least part of the physical file storage to support standard operating file system calls; an internal sector policy management unit located in between the external file interface and the physical file storage for sector level policy enforcement of the physical file storage, for one or more of the sector level managed sectors, the unit having an input for receiving instructions from the external file interface for sector oriented operations, and being configured to carry out sector policy management operations in accordance with. | 09-18-2008 |
20080229429 | Data excess protection - Systems, methods, and computer program products that can be used concurrently or alternatively to detect errors in data as well as to protect access to data are provided. Embodiments enable a coherent data set (CDS) which is a data set guaranteed to be genuine and error-free at run-time. Embodiments provide systems, methods, and computer program programs to create a CDS, identify a CDS, and verify the coherency of a data set purported to be a CDS. Embodiments further enable privileged functions which are functions that can only be accessed by a restricted set of other privileged functions. Embodiments provide systems, methods, and computer program products to create, identify, and protect access to privileged functions. | 09-18-2008 |
20080235805 | Digital Rights Management - Software licence management systems are provided in which a licence to use a software product is represented by a data token. The systems have a software controller for controlling use of the software product at a user device, and a licence management server for communicating with the software controller via a data communications network. The software controller allows use of the software product at the user device substantially only during a use period associated with a current data token supplied to the software controller by the licence management server. An exchange token can be supplied to another, similar software controller when necessary to transfer the licence, e.g. in the event of a breakdown. The software controller is adapted to supply either the current data token, or the exchange token, to the licence management server to be exchanged for a new data token. | 09-25-2008 |
20080235806 | Methods and Apparatus for Implementing Context-Dependent File Security - The present invention concerns methods and apparatus for implementing context-dependent security for files and other computer system resources. In particular, methods and apparatus of the present invention implement context-based permissions that are used in context-dependent file security. In examples of the present invention, the context-based permissions may allow access to a file only when an attempt to access the file is made at a certain time of day, or from an authorized computer system, or from a computer having a certain application program installed. In general terms, the context-based permissions may specify time, location and application information that either alone or in combination may be used to restrict access to a file. | 09-25-2008 |
20080235807 | File System Operation and Digital Rights Management (DRM) - File system interaction with digital rights management (DRM) is facilitated by enabling one or more file system components to be DRM-aware. These one or more file system components may be part of a computer operating system. An exemplary system implementation includes: one or more processors; and one or more media in operative communication therewith, the media storing one or more file system components that are configured to provide content having DRM controls to a requesting program in either a raw form or a decrypted form in dependence on whether the DRM controls comprise simple DRM content controls or complex DRM content controls. In another exemplary system implementation, the one or more file system components are configured to provide files with simple DRM content controls to requesting applications in a decrypted form and to provide files with complex DRM content controls to requesting applications in an unaltered form. | 09-25-2008 |
20080244752 | Detection of Physical Movement For Document Sharing - A system for using accelerometer-based detection of physical movement for document sharing provides easy and intuitive ways to securely share documents, even without passwords, between computing devices. The system of the present invention includes: at least two computing devices that each have a motion detection device capable of detecting sudden movements and generating a unique signature. The unique signature can then be used to generate signatures or shared secrets for controlling the transfer of data between devices. The motion detection device is capable of detecting sudden movement such as the tapping of the two computing devices together, tapping a stack of computing devices, tossing a computing device in the air. The system may optionally include an intermediary device such as a server for transferring the documents or files between computing devices such that only a small decryption key and file pointer is needed to share records between computing devices. The present invention also includes a novel method for accelerometer-based detection of movement for transferring data between computing devices. | 10-02-2008 |
20080244753 | Instruction Transform for the Prevention and Propagation of Unauthorized Code Injection - A method and structure of instruction transformation. Applying the principals of biodiversity to instruction transformation applicable to devices and embedded systems and networks containing many devices not only protects individual devices from attack from unauthorized code, but additionally retards propagation of such unauthorized code to other devices in the system or network in communication with a potentially infected device. | 10-02-2008 |
20080244754 | System and Method for Software License Management for Concurrent License Management and Issuance - The present invention is a method and system for software license management. The License Management System (LMS) is comprised of three components. These three components are the License Client (LC), the License Server (LS) and the Network License Manager (NLM). For the system to function the LC and LS are required. The NLM exists to facilitate and manage concurrent license usage. | 10-02-2008 |
20080244755 | Authorization for media content alteration - A classification method and system for possible content alteration of a media work may include criteria regarding content that is feasible for alteration. Such criteria may be maintained in records that are accessible to an interested party. Some embodiments may include a record of authorization rights applicable to a possible content alteration. Some embodiment implementations may include a derivative version of the media work wherein substitute content, such as an alterable component element having one or more designated aspects, is associated with a real-world entity or person. | 10-02-2008 |
20080250505 | Methods And Systems For Generating A Symbol Identification Challenge - The generation of a representation of a symbol that poses an identification challenge for an automated agent is disclosed. A symbol image of a symbol is generated. At least one non-symbol image is generated. A display mechanism is provided where the display mechanism is operable to display the symbol image and the at least one non-symbol image. | 10-09-2008 |
20080256642 | Anti-Interrogation For Portable Device - A portable consumer device is disclosed. One or more contact regions in the portable consumer device may be provided on the contactless portable consumer device. The user may be required to place a finger on the one or more contact regions while holding the portable consumer device proximate to the interrogation device to enable it to be interrogated. The user's fingers may be used to electrically bridge an open portion of a circuit so as to enable operation of the portable consumer device. | 10-16-2008 |
20080256643 | MULTIPLE ENTITY AUTHORIZATION MODEL - An authorization framework is provided that protects data records in a platform, such as a service-based platform, by requiring multiple level entities to be authorized with respect to the data records. For example, the data records can have an associated owner user that can grant access to other users with respect to the data. Additionally, however, the user can also grant access to certain applications that access the platform such that the data records can be initially closed for a user requiring the user to explicitly grant desired access to applications and/or users. In this regard, applications can be forbidden from accessing the data, even on behalf of the user, unless expressly authorized to do so by the user. Thus, the user can make informed decisions regarding who is to have access to its data. | 10-16-2008 |
20080256644 | Real-time detail information display method of digital rights management contents and portable terminal using the same - A real-time detail information display method of digital rights management (DRM) contents and a portable terminal for practicing that downloads digital rights management (DRM) content information from a server, in real-time. The portable terminal extracts address information of the DRM contents indicated on the display, accesses the server based on the extracted address information, and receives the DRM content information from the server and displays it on the display. | 10-16-2008 |
20080256645 | Digital rights management method and digital rights management-enabled portable device - A DRM method and DRM-enabled portable device for controlling playback of DRM content on the basis of content usage log is disclosed. A digital rights management method for a portable device of the present invention includes playing a content item recording, when an abnormal playback stop event is detected, a stop time point in a playback session of the content item on a usage log and controlling a next playback of the content item with reference to the recorded stop time point. The DRM method and DRM-enabled portable device of the present invention further manages the licenses issued for the DRM content stored in the portable device by updating the licenses even when the DRM content are abnormally closed during its playback session. | 10-16-2008 |
20080271156 | METHODS AND SYSTEMS FOR SEARCHING PROTECTED DIGITAL CONTENT AND NON-PROTECTED DIGITAL CONTENT - A system is provided, the system includes a plurality of electronic devices, the electronic devices having protected digital content and non-protected digital content. The system further comprises a server coupled to the plurality of electronic devices. The server selectively searches the protected digital content and the non-protected digital content and provides a uniform view of search results. | 10-30-2008 |
20080271157 | Evaluating removal of access permissions - Methods and systems are provided for controlling access to a file system. A record of actual accesses by users of the file system is maintained. Before a user is removed from a set of users or before a privilege for a set of users to access a data element is removed, it is determined whether the actual recorded accesses of the user are allowed by residual access permissions that would remain after implementing the proposed removal of access permission. An error condition is generated if the proposed removal of the access permission would have prevented at least one of the actual accesses. In another aspect of the invention, the system determines if the users would have alternate access to the storage element following implementation of the proposal. | 10-30-2008 |
20080271158 | Authorized Domain Policy Method - The present invention relates to a method and a device for determining access to multimedia content from an entry identifier, in a domain which comprises a number of entry identifiers, and where the multimedia content is assigned an access number n indicating the number of entry identifiers which may access the multimedia content. This is obtained by accessing a domain list indicating at least some of said entry identifiers in said network domain and by further determining that the entry identifier may access said multimedia content if said entry identifier is between the n entries in said domain list determined by an evaluation rule. | 10-30-2008 |
20080271159 | Method And System For Restricting Access To User Resources - A user's set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS), which controls access to a walled garden. The walled garden contains links to one or more servers providing network-based services. The client sends a request to the WGPS to access a service provided by a site in the garden. To provide the service, the site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The ACL is a bit-map that specifies which functions of the client's API can be invoked by code from the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The shell receives the message and extracts the ACL. The shell uses the ACL to determine whether the code has permission to execute any called functions in the API. If the code lacks permission, the shell stops execution and sends a message to the site indicating that the site lacks permission. Otherwise, the shell allows the code to call the function. | 10-30-2008 |
20080271160 | METHOD AND SYSTEM FOR PUBLICATION CONTROL OF DIGITAL CONTENT - A method and system for publication control of digital content for validating the rights information registered by a plurality of separate content providers. When receiving a digital content publication application from a content publication unit, a publication control unit queries whether rights information corresponding to the digital content to be published is stored in a rights publication unit, and if stored, allows the publication of the digital content and of a download address thereof. By messaging rights information in this centralized manner, it may be ensured that a content buyer can efficiently obtain the rights object distributed after the digital content is published. | 10-30-2008 |
20080282357 | Method and Device for Determining Whether an Application Should Access Protected Digital Content - A method and device for determining whether an application should access protected digital content. It is determined if a first indicator that is securely bound to the application corresponds to a second indicator that is securely bound to the protected digital content. | 11-13-2008 |
20080282358 | Protecting Caller Function from Undesired Access by Callee Function - Disclosed is a method for restricting access of a first code of a plurality of codes of a first function from a second function. Thee method comprises calling the second function by the first function, addresses of the plurality of codes are stored in a stack page and colored in a first color ( | 11-13-2008 |
20080282359 | SYSTEM FOR CONTROLLING WRITE ACCESS TO AN LDAP DIRECTORY - A method is provided to control access to a software application and, more particularly, to control access to a first software application using a second trusted application. The method comprises extracting data from a decrypted client request and determining a request type from the extracted data. The method further comprises ascertaining an entry type value from at least one of the extracted data and an entry and creating at least one string by prepending the entry type value to one or more attributes associated with the entry. Additionally, the method includes comparing the at least one string to one or more record entries to determine whether a client has permission to perform the request type. | 11-13-2008 |
20080289047 | ANTI-CONTENT SPOOFING (ACS) - A system to prevent content spoofing by detecting phishing attacks is provided. The system checks each webpage visited by a user and determines if the page is legitimate. To determine if a page is legitimate, the system employs fingerprints to check how similar the browsed page is with respect to an original page. If the similarity between browsed page and the original page is found to be more than a preset threshold, then the browsed page is considered to be a spoofed page. Access to the spoofed page is then either denied and/or an alarm is triggered. | 11-20-2008 |
20080289048 | APPARATUS AND METHOD FOR MOVING CONTENTS AFTER MUTUAL AUTHENTICATION - A method and apparatus for moving contents are discussed. According to an embodiment, the method includes determining whether or not a content is to be moved from a first device to a second device based on copy and movement control information, the copy and movement control information indicating whether or not the content is to be moved; performing an authentication to authenticate the first and second devices with each other; and moving the content from the first device to the second device based on the determination result and the authentication result. | 11-20-2008 |
20080295180 | Memory Card, Data Exchange System, and Data Exchange Method | 11-27-2008 |
20080295181 | METHOD FOR PROTECTING COMPUTER PROGRAMS AND DATA FROM HOSTILE CODE | 11-27-2008 |
20080301818 | Method for Retransmission of Use Authorization Information - In order to reduce the multitude of data for transmitting and converting use authorizations, which are received either encoded or non-encoded together with sound and/or picture contents in signals from optional networks, it is proposed to reduce the hierarchically structured use authorization information in the form of a tree structure before transmitting it further, such that non-occupied tree branches are detected and marked as not relevant, wherein the tree branches marked as not relevant are not included during the further transmitting of the use authorization information. | 12-04-2008 |
20080301819 | MOBILITY DEVICE - A mobility device for use in a mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device. The mobility device may comprise a processing unit, a mobility device communications interface for interfacing with cooperating computing environments, a memory storage unit, and an operating system operable to execute web services and/or computing applications. | 12-04-2008 |
20080307531 | Method for Optimizing Reconfiguration Processes in Mobile Radio Network Having Reconfigurable Terminals - Access-protected memory zones in network elements are localized in an operator's network that supporting the reconfiguration of SDR terminals in combination with protected data transmission methods which include methods for authenticating and authorizing the communication partners and for communicating in a protected manner, especially to protect integrity and confidentiality. Such access-protected data is provided by the terminal and is transmitted to the radio access network in the framework of negotiations and is temporarily stored therein or is generated directly in the RAN in the framework of processes related to the terminal. The generation and management of access-protected memory zones by the network operator result in a massive relief of the load to which the air interface is subject while also significantly alleviating the network infrastructure with regard to signaling. | 12-11-2008 |
20080307532 | SECURELY MAINTAINING COMMUNICATIONS NETWORK CONNECTION DATA - An apparatus and computer-readable medium for securely maintaining communications network connection data is disclosed. According to one embodiment, an apparatus is disclosed according to which a user is prompted for network element address substitution data which specifies a substitute network element address for a network element address associated with a network element of a first communications network. The network element address substitution data is then stored within a first storage element, wherein access to the first storage element outside of the first communications network is restricted. Connection monitor data associated with the first communications network is processed utilizing the network element address substitution data. According to the described embodiment, such connection monitor data processing includes a means for identifying metadata of the connection monitor data which specifies the described network element address, and a means for substituting the metadata with metadata which specifies the substitute network element address. | 12-11-2008 |
20080313742 | METHOD AND SYSTEM FOR RESTRICTING THE USERS OF MEDIA CONTENT - A method, a system, a Rights Issuer and a user terminal are provided for restricting the users of media content. For restricting the users of media content, a DRM agent inside a user terminal obtains the copyright control information that carries the user identity of the current media content, receives a rights verification request that carries the identity of the current initiator of the current media content, and checks whether the current initiator can trigger the play of the current media content according to the user identity in the copyright control information mentioned previously and the identity of the current initiator carried in the rights verification request. If the current initiator is allowed to trigger the play of the current media content, the DRM agent provides the current decrypted media content to a media player. Otherwise, the DRM agent forbids the media player to play the current media content. The users of media content can be restricted based on the actual service requirements and thus a media content provider can better control the right to use its media content. | 12-18-2008 |
20080320600 | SECURE DOCUMENT MANAGEMENT SYSTEM AND APPARATUS - A system for authenticating digital files includes an electronic device having means for handling digital files. The electronic device has a unique, hard encoded, device identifier. The system further includes a security key for interacting with the electronic device, the security key having a unique, hard encoded, key identifier. The electronic device further includes means for verifying a predetermined key-to-device association of the key identifier to the device identifier, means for refusing access to the electronic device upon unsuccessful key-to-device association verification, and means for associating both the device identifier and the key identifier with at least one of the handled digital files. | 12-25-2008 |
20090007274 | Rights Engine Including Access Rights Enforcement - A location indicator indicative of a network address where a content item is located or a content item can be received from a rights holder. An indication of access rights, in a computer-readable, canonicalized format, to be associated with the content item is received from the rights holder. The content item or the location indicator is stored in association with the indication of access rights. A searchable repository can be provided to the content consumer. The searchable repository can be utilized by the content consumer to access the content item according to search parameters that comprise the indication of access rights associated with the content item. Transaction and content consumption events may be tracked to facilitate various functions, such as dynamic pricing models, access rights enforcement, and revenue tracking. | 01-01-2009 |
20090007275 | Method and Apparatus for Protecting SIMLock Information in an Electronic Device - The teachings herein present a method and apparatus for protecting usage restriction data that governs usage of an electronic device. A cryptographic circuit supports secure and non-secure accesses. When non-securely accessed, it is operable only to verify the stored usage restriction data, and, when securely accessed, it is operable to generate a new message authentication code for changed usage restriction data, for subsequent authentication of that data. The usage restriction data may be stored in non-secure memory and may include static and dynamic parts. One or more embodiments include a secure circuit indicating whether the device has been initialized. The cryptographic circuit outputs a message authentication code for the static part using a permanent device key from the secure circuit, only if the device has not been initialized, and outputs a message authentication code for the dynamic part as needed to support authorized changes to the dynamic part. | 01-01-2009 |
20090007276 | System for making it ineffective to tamper with a software application by nullifying or removing calls to a license manager because the application can be run without a call to the license manager - Many software applications are protected from illegal or unauthorized use by the use of a License Manager. All installations of the application are required to obtain a license from the License Manager to run. Software pirates routinely circumvent this copy protection by disabling the call to the license manager or change the code of the application so it seems to have passed the license verification. The present invention makes such efforts ineffective. The installed application cannot run, unless the call to the License Manager is made, since important code and data has been extracted from the installation and must be delivered by the License Manager. Obviously, if the call to the License Manager is disabled or manipulated, the extracted code and data will not be delivered to the installed application and it will not run. | 01-01-2009 |
20090007277 | System and Method for Automatically Hiding Sensitive Information Obtainable from a Process Table - The present invention provides a system and method for automatically hiding sensitive information, obtainable from a process table, from other processes that should not access the sensitive information. The system and method include a sensitive command attribute table that is used by a system administrator to designate the commands and command attributes that will typically be associated with sensitive information. The sensitive command attribute table is used when a command is entered that requests information from the process table to be displayed or output. In response, a search of the process table entries is made to determine if a command and/or its attribute in the process table matches an entry in the sensitive command attribute table. If so, the command, its attributes, and/or its attribute values are blanked from the output of the process table information. | 01-01-2009 |
20090007278 | PRIVACY PROTECTION DEVICE, PRIVACY PROTECTION METHOD, AND RECORDING MEDIUM RECORDED WITH PRIVACY PROTECTION PROGRAM - A privacy protection device acquires provider location information and browser location information indicating the current location of a browser terminal used by a browser who intends to browse the content. The privacy protection device stores determination data for determining whether to mask privacy information included in the content. The privacy protection device determines whether to mask the privacy information by comparing the distance, which is calculated based on the current location of the provider terminal indicated by the provider location information and the current location of the browser terminal indicated by the browser location information, to the determination data stored in the determination data storage part. Finally, the privacy protection device edits the privacy information included in the content so that the privacy information is concealed from the browser when the privacy masking determination part determines to mask the privacy information. | 01-01-2009 |
20090013412 | Data Exchanging Device - A data exchanging device ( | 01-08-2009 |
20090019548 | Creating and Validating Cryptographically Secured Documents - Aspects of the subject matter described herein relate to creating and validating cryptographically secured documents. In aspects, documents are encrypted to protect them from unauthorized access. An entity having namespace ownership rights may create a document in an authorized namespace and sign the document with a private key. Other entities may validate that the document was created by an authorized namespace owner by using a public key available in security data associated with a parent document of the document. For a root document, the public key may be available from a directory service. A namespace owner may change the namespace owner(s) that are allowed to create children of a document. | 01-15-2009 |
20090019549 | Updating and Validating Documents Secured Cryptographically - Aspects of the subject matter described herein relate to updating and validating documents secured cryptographically. In aspects, documents are encrypted to protect them from unauthorized access. An entity having write access to a document may create a new version of the document and sign the new version with a private key. Other entities may validate that the new version of the document was created by an authorized entity by using a public key available in security data associated with the version. The entities that are authorized to create a new version may change which security principals are allowed to create subsequent versions. | 01-15-2009 |
20090019550 | TRUSTED HARDCOPY DOCUMENT - A trusted hardcopy document is generated using a two-part confirmation number including a private part and a public part. A public part of the confirmation number is received at a first party creating the trusted hardcopy document. The private part of the confirmation number is sent to an owner of the trusted hardcopy document by a trusted party and is not sent to the first party creating the trusted hardcopy document. A human-readable form and a machine readable form of the public part of the confirmation number are printed on the trusted hardcopy document. | 01-15-2009 |
20090019551 | INFORMATION SECURITY DEVICE AND COUNTER CONTROL METHOD - A method is provided for flexibly setting a shared counter shared by a plurality of security modules sharing a counter in tree structures, while curbing the amount of secure memory used. The shared counter is realized by a first counter group having a tree structure managed by a first secure module and a second counter group having a tree structure managed by a second secure module sharing a node in the tree structure of the first counter group and a node in the tree structure of the second counter group. The method of sharing using tree structures enables flexibly addition, deletion and access restriction setting of modules that use the shared counter. | 01-15-2009 |
20090019552 | Healthcare Medical Information Management System - A medical information management system and corresponding methods are described for providing access to healthcare records. The system includes a database system comprising healthcare records of a patient, a healthcare workstation coupled to the database system and an authentication system comprising a processor coupled to the database system. The healthcare workstation is located at a treatment facility or point of treatment that is remote to the database system. The authentication system generates an image of a finger of the patient at the point of treatment, and generates from the image an identification number. The authentication system compares the identification number to a stored number corresponding to the patient, and authenticates the patient's identity when the comparison produces a match between the identification number and stored number. Access to the healthcare records is controlled via the healthcare workstation in response to authentication of the patient. | 01-15-2009 |
20090025086 | METHOD FOR MAKING CONTENTS PUBLIC OR PRIVATE, INFORMATION PROVIDING SYSTEM, AND INFORMATION PROVIDING PROGRAM - Contents can be made public or private, when to be switched so, by designating a common file identifier before and after the switching. An information providing system reads a second file identifier related to a first file identifier, from a storage device (S | 01-22-2009 |
20090025087 | SYSTEMS AND PROCESSES FOR OBTAINING AND MANAGING ELECTRONIC SIGNATURES FOR REAL ESTATE TRANSACTION DOCUMENTS - Systems and processes may obtain and manage electronic signatures for documents for real estate transactions. Documents for real estate transactions may be received and/or generated by the system. The documents may include metadata or software keys that are associated with signature blocks on the documents. The system may identify the signature blocks using the metadata or software keys and present the positions for signature by the user. | 01-22-2009 |
20090025088 | Method and system for registering domain - A first domain ID information piece for a first domain is sent from a first domain managing entity to a second domain managing entity. The first domain managing entity manages the first domain. The second domain managing entity manages a second domain. A second domain ID information piece for the second domain is sent from the second domain managing entity to the first domain managing entity. The first domain is registered with the second domain as a domain higher in rank than the second domain in response to the first domain ID information piece sent from the first domain managing entity to the second domain managing entity. The second domain is registered with the first domain as a domain lower in rank than the first domain in response to the second domain ID information piece sent from the second domain managing entity to the first domain managing entity. | 01-22-2009 |
20090031428 | SYSTEM AND METHOD TO PROCURE AND AUDIT DIGITAL RIGHTS MANAGEMENT EVENT DATA - A method to procure and audit digital rights management (DRM) event data by collecting a first set of event data in a first event data format, converting the first set of event data to one or more standardized event data formats, and communicating the first set of event data to an event data collection server for storage. The method may also include collecting a second set of event data in a second event data format, converting the second set of event data to one or more standardized event data formats, and communicating the second set of event data to the event data collection server for storage. The method may also include storing the first and second sets of event data in a centralized repository, authorizing access to the event data, and performing an event data audit corresponding to the event data. | 01-29-2009 |
20090031429 | Prevention of software and movie piracy - Preventing digital content piracy includes creating a predetermined pattern including at least one unreadable location on a target digital storage medium, which stores digital content and is configured to be received by a media reader. An error detection software program is provided on the target digital storage medium, which program is executed by a host processor, having an operating system kernel, when the host processor attempts to access the digital content on the target digital storage medium via the media reader. The program causes the host processor to query the media reader via a direct hardware connection independently of the operating system kernel, in order to identify the at least one unreadable location, and to access the digital content responsively to verifying that the identified location corresponds to the pattern. | 01-29-2009 |
20090038016 | Detecting And Reacting To Protected Content Material In A Display Or Video Drive Unit - A system and method to protect content material enforce copy protection by establishing a secure link ( | 02-05-2009 |
20090038017 | SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT - Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed. | 02-05-2009 |
20090038018 | INFORMATION PROCESSING APPARATUS, CLIENT DEVICE, AND LICENSE MANAGEMENT SYSTEM - A license issuing server manages information about a plurality of software applications including an installable software application and a yet uninstallable software application, such as an unreleased software application, in association with a product code. Upon receiving a request for a license file which can identify the product code from a client device, the license issuing server generates a plurality of license files corresponding to information about a plurality of software applications managed in association with the product code and collectively issues the license files to the client device. | 02-05-2009 |
20090044281 | JAVA CONDITIONAL ACCESS APPARATUS - There is provided a Java™ conditional access apparatus which, by describing a CA control unit through a Java™ program, obviates the need for porting a CA control program, enables development of a CA system over plural terminals in a short time, and obviates the need for terminal replacement. The Java™ conditional access apparatus includes a descramble circuit, a key generation information obtaining library, a Java™ VM, a storage unit, a condition-release control unit, an API having a registration unit. Upon receiving a function from a CA control program, the registration unit registers the received function. When the API receives information of a channel, the information of the channel to be reproduced is notified to the CA control program. The CA control program requests the key generation information obtaining library to obtain key generation information corresponding to the received channel information, and passes the received key generation information to the condition-release control unit. | 02-12-2009 |
20090044282 | System and Method for Generating and Displaying a Keyboard Comprising a Random Layout of Keys - Systems and methods for generating and displaying a keyboard comprising a random layout of keys are described here. One embodiment includes displaying a keyboard comprising a random layout of keys, to receive a user entered key phrase to be entered to gain access to secure data, and receiving the user entered key phrase by the user selecting keys of the keyboard via a pointing input device. The displaying includes, individually mapping keys of the keyboard to a separate value within a first value range, selecting a key for the keyboard based on the random value generated, and repeating the generating the random value and selecting a key for the keyboard based on the random value to select a remainder of keys for generating the random layout of keys for the keyboard. | 02-12-2009 |
20090049557 | TRACKING THE ORIGINS OF DATA AND CONTROLLING DATA TRANSMISSION - Provided are methods, apparatus and computer programs for tracking the origins of data and controlling transmission of the data. In one embodiment, transmission of sensitive data by script operations is limited, to prevent transmission to any network location other than to the source of that sensitive data, by a new function within a scripting engine of an HTTP client that is responsive to origin tags placed within the data. Origin tags that are associated with data inputs are propagated to any output data items, so that transmission of derived information can also be controlled. | 02-19-2009 |
20090064341 | Technique for registering a device with a rights issuer system - A technique for registering a device ( | 03-05-2009 |
20090064342 | SENSITIVITY-ENABLED ACCESS CONTROL MODEL - Apparatus, methods, and computer program products are disclosed that determine Rights to an entity. The disclosed technology maintains data structures representing a set of entities. These entities include protected-entities and sensitivity-entities. Each of the sensitivity-entities is associated with a respective sensitivity access-control-list. The sensitivity-entities include a first sensitivity-entity that is associated with a first sensitivity-access-control-list. A first protected-entity being one of one or more of the protected-entities associated with the first sensitivity-entity. The technology evaluates Rights to the first protected-entity with respect to the first sensitivity-access-control-list and enables access to the first protected-entity responsive to the Rights evaluation and presents the first protected-entity when access is enabled. | 03-05-2009 |
20090064343 | ACCESS CONTROL METHOD AND A SYSTEM FOR PRIVACY PROTECTION - A method for protecting information in a distributed stream processing system, including: assigning a principal label to a processing component; assigning a first channel label to a first communication channel that is input to the processing component; comparing the principal label to the first channel label to determine if the processing component can read data attributes of the first channel label; and reading the data attributes of the first channel label when the principal label is equal to or has precedence over the first channel label, wherein the principal label includes a read label and a write label and at least one of a selection label, an addition label or a suppression label. | 03-05-2009 |
20090064344 | METHOD AND APPARATUS FOR MANAGING DIGITAL RIGHTS MANAGEMENT RIGHTS OBJECTS - Provided are a method and apparatus for managing digital rights management (DRM) rights objects, and more particularly, to a method and apparatus for downloading and managing DRM rights objects by accessing a device, which does not support DRM technology, using a universal plug and play (UPnP) network. The method includes requesting a media server, which has downloaded specified content, to provide meta information of the content; determining whether to download a rights object for the content based on the meta information of the content; requesting an approval for the download of the rights object if it is determined to download the rights object; and providing the downloaded rights object to the media server. | 03-05-2009 |
20090070884 | METHOD, SYSTEM AND DEVICE FOR SECURED ACCESS TO PROTECTED DIGITAL MATERIAL - A method, system and device for providing secure access to multimedia content received by a networked digital storage device, such as a set-top box. A mobile device, such as a mobile telephone, obtains appropriate security binding information and application software when coupled to the networked digital storage device at its end user location. The mobile device uploads the security binding information to a randomly located temporary hosting device at its place-shifted location when coupled thereto and, through a logical binding with the temporary hosting device, enables a secure, remote session. The secure binding and transfer of appropriate keys allow the remote hosting device to securely access premium or protected digital material/services available at the networked digital storage device. After completion of the secure, remote access session, termination occurs and the security binding information and the computing activity residue can be removed from the mobile device and the temporary hosting device. | 03-12-2009 |
20090070885 | Integrity Protection - A data processing system comprising data processing means, control means and an integrated circuit chip containing non-volatile storage, wherein the control means is provided between said chip and the processing means and provides all access to said chip by the processing means and the control means is arranged to check, upon the processing means requiring certain material in the non-volatile storage means, the validity of the required material and prevent the use of the required material by the processing means if invalid. The invention also relates to corresponding methods and to programs for implementing those methods. | 03-12-2009 |
20090070886 | METHOD FOR SECURELY DELIVERING AUDIOVISUAL SEQUENCES, DECODER AND SYSTEM THEREFOR - A method for delivering a nominal audiovisual stream including nominal coefficients to a receiving site including a secure gateway includes modifying, in the nominal audiovisual stream, at least one nominal coefficient among the nominal coefficients to generate a main digital stream; generating complementary information so that the nominal audiovisual stream is implemented from the complementary information and main digital stream at the receiving site; performing cryptographic operations on the secure gateway with the complementary information; and causing the gateway to transmit the complementary information to an audiovisual processing peripheral to enable the nominal audiovisual stream to be implemented at the audiovisual processing peripheral. | 03-12-2009 |
20090077670 | E-commerce store management user interface for performing Web site updates - A method for an e-commerce storefront management user interface to enable efficient updating of the Web pages of the storefront. The method begins with the step of accessing a Web page out of a plurality of Web pages of an e-commerce Web site. Log in information is then submitted to the Web site. The log in information can include an authentication to obtain privileges for modifying the Web pages of the Web site. Once logged in, an item on the Web page is selected for editing and modification. The selected item is then edited and the edited data is submitted. Once received by the Web site, an updated version of the Web page is provided for viewing and verification of the edited item. The steps are performed using a Web browser on a client machine to access the Web site and view the Web pages. The logged in manager can be required to log out of the Web site prior to receiving the updated version of the Web page. The updated version of the Web page is viewed using a Web browser to verify the appearance of the edited item, the appearance being the same as the appearance to a standard user accessing the updated version of the Web page. A workflow notification request can be automatically generated in order to obtain an approval of the updated version of the Web page, wherein the updated version of the Web page is not provided until the approval is obtained. | 03-19-2009 |
20090077671 | PROTECTION OF SOFTWARE ON PORTABLE MEDIUM - A portable rewritable medium and a method are provided for preventing unauthorized use of executable software stored on the portable rewritable medium. A portion of the software stored on the portable rewritable medium may include instructions for a processing device to determine whether execution of the executable software is permitted. If execution of the executable software is permitted, the processing device may execute the executable software directly from the portable rewritable medium. Characteristics of the portable rewritable medium may be checked to determine whether functionality of the executable software is to be limited. | 03-19-2009 |
20090077672 | DEPICTION TRANSFORMATION WITH COMPUTER IMPLEMENTED DEPICTION INTEGRATOR - Systems and methods providing computer implemented depiction encoding production constructed from one or more depictions, where, for each of one or more depictions, an encoding collection encoding a narrative account is chosen from the depiction, and where, for each chosen encoding collection, an encoding collection is established from the chosen encoding collection, where one or more expression styles from the chosen encoding collection may be replaced with different corresponding expression styles, and where a depiction encoding is assembled from the established encoding collections, such that the narrative account encoded in the assembled depiction encoding is comprised of the narrative accounts of the chosen encoding collections. | 03-19-2009 |
20090083858 | METHOD OF PROTECTING A PASSWORD FROM UNAUTHORIZED ACCESS AND DATA PROCESSING UNIT - A method of protecting a password from unauthorized access and a data processing unit are provided. An embodiment of the method of protecting a password from unauthorized access comprises storing data representing at least a portion of a password in a memory, assigning the data to at least one of a plurality of instructions, storing the plurality of instructions as processor executable code in the memory, and preventing read-out of the processor executable code as data from the memory. | 03-26-2009 |
20090094701 | On-Demand Physically Secure Data Storage - Safe deposit boxes, services, and methods for physically secure data storage are provided that include securing a network-enabled computer within a safe deposit box, receiving, in the network-enabled computer, data transmitted from a remote computer coupled for data communications with the network-enabled computer; and storing the data in the memory of the network-enabled computer. Securing a network-enabled computer within a safe deposit box may be carried out by providing a locked safe deposit box having the networked enabled computer stored within. Securing a network-enabled computer within a safe deposit box may be carried out by providing a lockable safe deposit box having the networked enabled computer integrated within. | 04-09-2009 |
20090100527 | Real-time enterprise data masking - The invention describes a method, a system and a computer program product for masking data in a database system. The database system includes a database in which sensitive data is stored. The database system also includes a Database Management System (DBMS) which manages the database. Further, the database system includes a plurality of users that run various database queries and commands on the sensitive data. Masking policies are set for users that have access to the sensitive data. Users without privileges to view or manipulate sensitive data may run their queries and commands on masked data, while users with privileges to run and manipulate sensitive data may run their queries and commands on sensitive data. The masked data is generated in real-time and is not stored on the database, thereby preserving its integrity. | 04-16-2009 |
20090113557 | Different permissions for a control point in a media provision entity - The present invention relates to a method, apparatus, computer program product and computer program element for enabling differentiated control point access to services provided in a computing environment, a method, computer program product and computer program element for providing access to a control point from a media provision entity in a computing environment and a network of computing apparatuses. A media provision entity ( | 04-30-2009 |
20090113558 | PROGRESSIVE BOOT FOR A WIRELESS DEVICE - Techniques for performing progressive boot to reduce perceived boot time for a wireless device are described. Program codes to be stored in a bulk non-volatile memory may be partitioned into multiple code images. A first code image may include program codes used to support basic functionality of the wireless device. A second code image may include the remaining program codes. For progressive boot, the first code image may be loaded first from the bulk non-volatile memory. Once the first code image has been loaded, the wireless device may be rendered operational and may appear as functional to a user. While the wireless device is operational, the second code image may be loaded from the bulk non-volatile memory as background task and/or on-demand as needed. | 04-30-2009 |
20090119782 | METHOD AND DEVICE FOR DIGITAL RIGHTS PROTECTION - Data stored in a memory are provided to a host by monitoring how the host accesses the data, and by responding to a deviation of the access from a dynamic access profile that corresponds to the data, e.g. by terminating the access, by issuing a report of the deviation, or by sending spurious data to the host. Preferably, the dynamic access profile is stored in the memory in association with the data. A data storage device includes a memory for storing the data and an access control mechanism. | 05-07-2009 |
20090126025 | System for protecting information - A system in accordance with the present invention protects information. The system includes a processor for processing information and a state machine utilizing tables for determining protection requirements for the information. | 05-14-2009 |
20090126026 | METHOD, APPARATUS AND SYSTEM FOR MANAGING MALICIOUS-CODE SPREADING SITES USING SEARCH ENGINE - Provided is a method for enabling a user terminal to avoid exposure to a malicious code, by classifying web pages including a malicious code and blocking user access to the web pages including the malicious code when a user searches for a web page using a search engine. A method for managing malicious-code spreading sites using a search engine includes: analyzing a currently accessed web site to determine whether a malicious code is included in the web site; if the malicious code is included in the currently accessed web site, registering the web site as a malicious-code spreading site; and, if the web site registered as a malicious-code spreading site is included in a web-site search result from a search engine, blocking user access to the web site. Web pages including a malicious code are classified and user access to the web pages including the malicious code is blocked when a user searches for a web page using a search engine, thereby preventing a user terminal from being exposed to the malicious code. | 05-14-2009 |
20090133127 | DATA COMMUNICATION APPARATUS, METHOD OF CONTROLLING THE SAME, PROGRAM, AND STORAGE MEDIUM - A data communication apparatus that permits the use of a communication function in an appropriate manner even before a license for the communication function is made valid. A CPU of a printing apparatus as the data communication apparatus determines whether or not a trial transmission license is valid. If it is determined that the license is not valid, the CPU performs inhibits execution of processing associated with the transmission function, and restricts processing to be performed on data received using the reception function without inhibiting execution of processing associated with the reception function. | 05-21-2009 |
20090133128 | IMAGE PROCESSING APPARATUS AND REINSTALLATION METHOD THEREFOR - An image processing apparatus includes an installation unit configured to install an application for image processing and license information regarding the application, an information setting unit configured to set, as threshold information, operation restriction information, which is included in the license information, regarding the application, a counting unit configured to count operation information regarding an operation of the application, an application operation restriction unit configured to restrict an operation of the application according to the threshold information and the counted operation information, a reinstallation unit configured to reinstall the application, and an information setting control unit configured to inhibit the information setting unit from setting, as the threshold information, the operation restriction information, which is included in the license information, regarding the application reinstalled by the reinstallation unit. | 05-21-2009 |
20090133129 | DATA TRANSFERRING METHOD - A method of transferring data is provided. The method of transferring data in a data interoperable environment includes: receiving a data transmission request message for requesting the data to be transmitted from a client to at least one destination; gathering information on entities which are to participate in the transmission of the data; and forming a plurality of chains including at least two entities based on the gathered information on the entities and transmitting the data to the at least one destination through the plurality of chains. Accordingly, it is possible to effectively transmit data using multi-chains in a DRM interoperable environment. | 05-21-2009 |
20090144833 | INFORMATION PROCESSING DEVICE AND ITS CONTROL METHOD - According to one embodiment, an information processing device includes power section for supplying electric power to a system, a control section for controlling ON/OFF of the power section, a receiving section for receiving location information, a memory section for storing a first location information received by the receiving section when an instruction for booting the system is received, and a second location information received by the receiving section prior to receipt of the first location information, and a restriction section for executing restriction on the system when the control section determines that information, which is based on comparison of the first and second location information, matches a condition for restricting the system. | 06-04-2009 |
20090144834 | DATA PROCESSING CIRCUIT AND COMMUNICATION MOBILE TERMINAL DEVICE - A data processing circuit includes a rewritable nonvolatile memory and a controller performing nonvolatile memory control and external interface control. A first detector and a second detector are employed to detect respectively whether the operation of the data processing circuit deviates from a first operating condition and a second operating condition, wherein the second operating condition is severer than the first operating condition. When the first detector detects deviation from the first operating condition, reset is instructed to the controller. When the second detector detects deviation from the second operating condition, the controller backs up an internal state and imposes a restriction on external access to a storage region of the nonvolatile memory. Accordingly, when operation of the microcontroller deviates from specific operating conditions within an operation guarantee range and performance degradation is exhibited, an unauthorized access to the data inside the microcontroller can be suppressed. | 06-04-2009 |
20090151002 | DOCUMENT ACCESS MANAGEMENT METHOD AND SYSTEM - This disclosure provides a document access method and system. The document access method and system are based on a social network model which interconnects members of the social network as a function of trust. This framework provides a basis for documents to be accessed by members which are not directly specified by a document's owner, while providing a certain degree of document security. | 06-11-2009 |
20090151003 | RECEIVER CAPABLE OF MANAGING CONDITIONAL ACCESS SOFTWARE OBJECTS, DOWNLOAD-BASED CONDITIONAL ACCESS SYSTEM INCLUDING THE RECEIVER, AND METHOD FOR MANAGING THE CONDITIONAL ACCESS SOFTWARE - Provided are a receiver with a CA function based on software download, a CA system including the receiver, and a method for managing CA software executed by the receiver. The receiver includes a CA software management means, a download means, a demultiplexer, and a descrambler. The CA software management means performs an overall management operation including the download, execution, state control and termination of a plurality of CA softwares. The download means downloads the CA software from a CA software download server at the request of the CA software management means. The demultiplexer receives scrambled multimedia contents and a CA message and transfers the CA message to the CA software management means. The descrambler receives a descrambling key extracted from the CA message by means of the CA software and descrambles the scrambled multimedia contents with the descrambling key. Thus, a plurality of CA softwares can be operated in one receiver (e.g., a settop box). Also, a plurality of CA softwares can be downloaded beforehand or timely. Also, it is possible to provide a rapid change of running CA software. | 06-11-2009 |
20090151004 | Media markup for visual content alteration - A classification method and system for possible content alteration of a media work may include criteria regarding content that is feasible for alteration. Such criteria may be maintained in records that are accessible to an interested party. Some embodiments may include a record of primary authorization rights applicable to a possible content alteration. A further embodiment feature may include a record of secondary authorization rights applicable to substitute altered content incorporated in a derivative version. Various exemplary identifier markup schemes indicative of a location or category of an alterable media content component may be implemented for audio, visual, and audio/video alterable content. | 06-11-2009 |
20090158441 | SENSITIVE INFORMATION MANAGEMENT - Information is identified as sensitive and a lapsed time job (Chron Job) is created that will allow the deletion of sensitive information after a period of time. The interval could be set to be longer than vacation or other planned use, and yet short enough to limit the period where risk to the organization or individual is incurred. The Chron Job could be integrated with the user's calendar, such that the Chron Job considers holiday time as a means of delaying execution of the Chron Job which would allow a shorter interval to be selected. In addition to deletion of the information identified as sensitive, additional steps could also be taken, such as the purging of the recycle bin, modification of the FAT, and optionally the deletion of related information. Once information is identified as sensitive, the information and derivative works are tracked and managed. | 06-18-2009 |
20090172821 | System and method for securing computer stations and/or communication networks - The invention relates to a method for securing computer equipment (client stations) connected by a computer network or communication network and forming at least on information system, said system comprising at least on computer server, characterized in that it comprises two stages wherein digital data relating to the security of the network and/or system(s) is correlated. The invention also relates to a system for securing wireless digital communication networks. | 07-02-2009 |
20090172822 | PRE-BOOT PROTECTED MEMORY CHANNEL - Machine readable media, methods, and computing devices are disclosed which establish a protected memory channel between an operating system loader of a user partition and services of a management partition. One computing device includes protected storage, read only memory, firmware, a storage device and a processor. The storage device is to store the virtual machine monitor and an operating system having an operating system loader. The virtual machine monitor is to establish a protected memory channel between the one or more integrity services of a management partition and the operating system loader of a user partition in response to measuring and verifying the operating system loader based upon the manifest. The processor is to execute the code of the read only memory, the firmware, the virtual machine monitor, the operating system, the operating system loader, the management partition, and the user partition. | 07-02-2009 |
20090178144 | Data Security System and with territorial, geographic and triggering event protocol - The method, program and information processing system secures data, and particularly security sensitive words, characters or data objects in the data, in a computer system with territorial, geographic and triggering event protocols. The method and system determines device location within or without a predetermined region and then extracts security data from the file, text, data object or whatever. The extracted data is separated from the remainder data and stored either on media in a local drive or remotely, typically via wireless network, to a remote store. Encryption is used to further enhance security levels. Extraction may be automatic, when the portable device is beyond a predetermined territory, or triggered by an event, such a “save document” or a time-out routine. Reconstruction of the data is permitted only with security clearance and within certain geographic territories. An information processing system for securing data is also described. | 07-09-2009 |
20090183263 | SIMULTANEOUS TAMPER-PROOFING AND ANTI-PIRACY PROTECTION OF SOFTWARE - Simultaneous tamper-proofing and anti-piracy protection of software is provided by splitting applications into two parts: an application, and an application launcher. The application is subject to the tamper-proofing protections deployed by a networked service, while the application launcher is subject to anti-piracy protections. To ensure that the application benefits from the anti-piracy protection of the application launcher, the application and application launcher share a trusted challenge-response relationship. The application includes a challenger library for issuing challenges to the application launcher, and the application launcher includes a responder library for responding to such challenges. | 07-16-2009 |
20090187994 | Method and system for protecting a virtual community visitor from unauthorized social interaction - There is provided a method of protecting a virtual community visitor from unauthorized social interaction comprising receiving a request from the virtual community visitor seeking access to a virtual community content, determining whether the virtual community content includes at least one social interaction opportunity, prompting the virtual community visitor to provide a visitor identity if the virtual community content includes at least one social interaction opportunity, associating the visitor identity with a socialization level, and utilizing the socialization level in one or more permission database to regulate social interaction. In one embodiment, a system for protecting a virtual community visitor from unauthorized social interaction comprises a virtual community content server, and a processor configured to execute instructions included in a social interaction control software to associate a socialization level with the virtual community visitor and utilize the socialization level in one or more permission database. | 07-23-2009 |
20090193524 | ELECTRONIC COMPUTER DATA MANAGEMENT METHOD, PROGRAM, AND RECORDING MEDIUM - The present invention provides a data management program for performing monitoring so that user data provided to the client cannot be copied and utilized for a purpose other than the intended purpose. | 07-30-2009 |
20090199301 | METHODS TO DEFEND AGAINST TAMPERING OF AUDIT RECORDS - Embodiments of the invention provide systems and methods for maintaining audit records for a database or other resource. According to one embodiment, a method for maintaining audit records for a database can comprise detecting an operation involving at least one record of the database. An audit record can be generated for the operation and the audit record can be stored in an audit table in the database. Insert operations and select operations for the audit table can be supported but other operations for the audit table can be prohibited. Additionally or alternatively, creation of more than one audit table having a same name and schema can be prevented. | 08-06-2009 |
20090199302 | System and Methods for Granular Access Control - A method and system for granular access control. An access control system allows a user or administrator to restrict access to electronic documents on a granular basis. Access may be restricted for individual data objects, types of objects, or even on a byte-by-byte basis. When a user attempts to access the electronic document, the access control system determines what parts, if any, of the document the user is permitted to access, and retrieves only those parts for access by the user. Data objects may include, for example, audio, video, graphics, or text. | 08-06-2009 |
20090199303 | CE DEVICE MANAGEMENT SERVER, METHOD OF ISSUING DRM KEY BY USING CE DEVICE MANAGEMENT SERVER, AND COMPUTER READABLE RECORDING MEDIUM - Provided are a method of issuing a DRM (digital rights management) key by using a CE (consumer electronics) device management server. The method includes: authenticating the CE device; if authentication of the CE device succeeds, transmitting a request for issuing the DRM key to a key server for storing and managing the DRM key; receiving the DRM key from the key server; and transmitting the DRM key to the CE device. Thus, the CE device can conveniently and safely receive the DRM key. | 08-06-2009 |
20090210946 | Media markup for promotional audio content - A classification method and system for possible content alteration of a media work may include criteria regarding content that is feasible for alteration. Such criteria may be maintained in records that are accessible to an interested party. Some embodiments may include a record of primary authorization rights applicable to a possible content alteration. A further embodiment feature may include a record of secondary authorization rights applicable to substitute altered content incorporated in a derivative version. Various exemplary identifier markup schemes indicative of a location or category of an alterable media content component may be implemented for audio, visual, and audio/video alterable content. | 08-20-2009 |
20090210947 | LICENSE CONSIGNMENT METHOD AND SYSTEM FOR PORTABLE DEVICE - A license consignment method and system for a portable device playing a right-protected content with a license is provided for improving utilization reliability and manageability of a license by enabling a license server to manage the license consigned by the portable device. The method includes selecting a license to be consigned to a license server, transmitting the license server license information corresponding to the selected license, and transmitting, when the license is not downloaded in a certain time, a download trigger message to the portable device. | 08-20-2009 |
20090210948 | REMOTE COMPUTER REBOOTING TOOL - A method is presented for rebooting a local data processing entity requiring an access code to boot. The method may include receiving, on a local entity, an access code from a remote entity. The access code may be stored on an auxiliary device coupled to the local entity. The local entity may receive a reboot command from the remote entity and begin rebooting in response thereto. The auxiliary device may provide the access code to the local entity in response to the beginning of the reboot. The access code may then be deleted from the auxiliary device. | 08-20-2009 |
20090217385 | Cryptographic control for mobile storage means - A system and method that regulates the various operations between computing stations and storage devices. Storage devices are the storage means that are contained upon devices that are able to have data stored upon them. Any operation that involves or may lead to the exchange or accessing of content (data) between a storage device and computing station may be regulated by means of a policy which comprise a set of rules. Rules may be defined according to specific criteria, including the type of storage device, the type of content, the attributes of the content, and other attributes associated with the storage device and/or the content. The policy will be dynamically installed upon a computing station for specific user(s) and will regulate the data operations that may take place between the computing stations and storage devices based on evaluation of the policy. Based on the evaluation of the policy, the requested operation is permitted, restricted in some areas, or denied. | 08-27-2009 |
20090222929 | METHOD, PROGRAM, AND SERVER FOR BACKUP AND RESTORE - A recording device which backs up a content α in a recording medium and a recording device which restores the content are registered in a server so as to belong to the same domain group. When the recording device tries to restore the content, the restore is permitted only when both the recording devices belong to the same domain group. When there is a refresh request of the domain group, the domain group is invalidated only when a refresh period has passed. When a refresh number recorded in the recording device is less than or equal to the refresh number recorded in the recording device, the recording device backs up and locally merges the content recorded in the recording device into the recording medium. | 09-03-2009 |
20090235363 | IMAGE FORMATION DEVICE AND LICENSE MANAGEMENT SYSTEM - An image formation device enables an optional function that is invalid in an initial state with the entry of a license code. The image formation device includes a storage part for storing specific information unique to the image formation device, and authenticates a license code input thereto using the specific information stored in the storage part. When this license code is recognized as a proper license code as a result of authentication, the image formation device enables an optional function. The image formation device also includes a function disabling part for disabling an optional function that has been enabled. Disabling the optional function causes the function disabling part to change the specific information stored in the storage part to information different from previous information. As a result, an optional function of the image formation device is prevented from being enabled many times using a license once granted to the image formation device. Further, a license management server is allowed to precisely manage the usage of a license at all times. | 09-17-2009 |
20090241200 | SECURITY MEMORY DEVICE AND METHOD FOR MAKING SAME - A security memory device includes a memory cell array that stores a plurality of contents, including a mine, which is stored as a portion of the plurality of contents. The mine is triggered when it is accessed, typically such that the mine erases the memory contents. Also, control logic is included that controls access to the plurality of contents. In one aspect, the memory cell array can include a protected-cell zone and a free-cell zone. In this aspect, the security memory device can further include a lock that provides protection for contents stored in the protected-cell zone from access and a key that is capable of unlocking the lock. | 09-24-2009 |
20090249492 | Fabrication of computer executable program files from source code - A method for protecting a computer program against manipulation and for shielding its communication with other programs against eavesdropping and modification is presented. The method comprises the creation of individualized program copies to different groups of users, the insertion of or the derivation of individual cryptographic keys from the program code, the obfuscation of the program code, and the self-authentication of the program towards other programs. The method is suitable for the protection of online banking, online investment, online entertainment, digital rights management, and other electronic commerce applications. | 10-01-2009 |
20090254995 | CLIENT CONTROLLED LOCK FOR ELECTRONIC DEVICES - An electronic device can be locked and secured by activating a hardware locking mechanism on the device. The locking mechanism is controlled by a locking policy that is defined and implemented from the client side. If the locking mechanism is activated, then the device operates in a limited mode of operation instead of in a normal mode of operation. The locking mechanism can be deactivated, placing the device into the normal mode of operation, when a specified condition is satisfied. | 10-08-2009 |
20090254996 | Security module for audio/video data processing unit - The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterised in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit. | 10-08-2009 |
20090254997 | Method and apparatus for content rights management - The instant invention relates to a method and apparatus for restricting access to digital content through the use of an exemplary form of digital encryption which ties the delivered content to a user, a specific destination device, a specific network, or one or more of the above. Specifically, the encryption/decryption keys are unique in each content consumption session, whether download or stream, which permits the content owner to provide multiple levels of access, i.e. different users may purchase different levels of access to the same content. For example, one user might want to use content on multiple playback devices, while another user might only need access on a single playback device. | 10-08-2009 |
20090254998 | WEB-BROWSER BASED GRID COMPUTING SYSTEM - A system and method for web-based grid computing are disclosed herein. A method for web-based grid computing includes receiving a data component request from a node computer of a grid computing system. The request indicates that the node computer is configured to process the data component as a part of the grid computing system. A data component is sent to the node computer in response to the request. The data component is configured to be processed by a grid computing system web-based processing program executing in a web browser of the node computer. A grid computing client program is provided that is included on a web page accessed by the node computer. The client program is configured to be executed in the web browser of the node computer, and when executed causes the node computer to operate as a part of the grid computing system. | 10-08-2009 |
20090271870 | METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING DISTRIBUTED ACCESS RIGHTS MANAGEMENT USING ACCESS RIGHTS FILTERS - An apparatus may include a processor configured to generate an access rights filter based upon a set of access rights settings. The processor may be further configured to generate an authorization key accepted by the generated access rights filter. The processor may be additionally configured to distribute one or more of the access rights filter and authorization key to an access rights management entity. | 10-29-2009 |
20090276858 | INFORMATION COMMUNICATIONS APPARATUS, SERVER, AND CONTENTS PROVISION METHOD - Providing an information communications apparatus, a server, and a contents providing method which fuel a user's willingness to browse, view, or purchase contents. | 11-05-2009 |
20090276859 | MEDIA CONTENT TRANSCODING - A software product for media content transcoding is a software component configured to be executed under a software application and contains a plurality of internal transcoding subcomponents for transcoding a plurality of audio and/or video formats. It also contains DRM support code for digital rights management [‘DRM’], wherein the DRM has at least an enabled state and wherein the DRM support code contains subcomponents for supporting a plurality of media container formats. At least when the DRM is in the enabled state, the software product is configured to perform the transcoding without intermediate files and by using only the internal transcoding subcomponents for transcoding. | 11-05-2009 |
20090282491 | Intelligent digital audiovisual playback system - Payment-based audiovisual playback system characterized by comprising a microprocessor device associated with a payment device primarily including means for storing, inter alia, in digital format the visual and sound information to be used. The system is associated through interfaces with display means and sound playback means for providing a multimedia environment. The system is controlled by a multitask operating system including a tool and service library integrated into the storage means. The system, which is also associated through an interface with a telecommunications modem, is optionally connected to an audiovisual data distribution network by a telecommunications modem and telecommunications links, said telecommunications function also being controlled by said multitask operating system. | 11-12-2009 |
20090282492 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - A main control unit acquires a security attribute of object data and a security attribute of a storage destination directory and compares the acquired security attributes. The main control unit determines whether target object data is storable based on the comparison result. If the main control unit determines that the target object data is not storable, the main control unit presents alternative options. | 11-12-2009 |
20090288173 | Method for controlling access to user-selectable content - A method of controlling access to user selectable content includes receiving, by a storage controller, an indication of an initial purchase transaction; and managing access to the pre-loaded content. The indication of the initial purchase transaction is associated with pre-loaded content in a storage that is controlled by the storage controller, the indication including user-selected identification of or criteria for delineating a particular portion of the pre-loaded content. The access management includes limiting the access to the particular portion of the pre-loaded content and making such limited access subject to and performed according to the indication of the initial purchase transaction. | 11-19-2009 |
20090293132 | MICROPROCESSOR APPARATUS FOR SECURE ON-DIE REAL-TIME CLOCK - An apparatus providing for a secure execution environment. The apparatus includes a microprocessor and an external crystal. The microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus and the secure application program is accessed from a secure non-volatile memory via a private bus coupled to the microprocessor. The microprocessor has a secure real time clock that is configured to provide a persistent time, where the secure real time clock is only visible and accessible by the secure application program when the microprocessor is executing in a secure mode. The external crystal is coupled to the secure real time clock within the microprocessor and is configured to cause an oscillator within the secure real time clock to generate an oscillating output voltage that is proportional to the frequency of the external crystal. | 11-26-2009 |
20090300773 | SYSTEMS, METHODS AND APPARATUS FOR REDUCING UNAUTHORIZED USE IN A TELEVISION DISTRIBUTION SYSTEM - Systems, method and apparatus are described for reducing unauthorized usage in a television distribution system. A television receiver communicates with base stations of a wireless communication network. Based on the communications with the base station, the television receiver identifies its location and transmits the location information to a data collection system through the wireless communication network. The data collection system utilizes the location information to identify unauthorized uses of the television receiver. | 12-03-2009 |
20090300774 | ERROR AND EXCEPTION MESSAGE HANDLING FRAMEWORK - Described are systems and methods for counteracting attempts at unauthorized use of information systems. An error message generated in response to an error in the information system is received, where the error message includes a set of information describing the error. The received error message is then translated into an obfuscated message, where the obfuscated message replaces at least a portion of the set of information describing the error with a set of alternative information. The obfuscated message is then presented to a user via a user interface. | 12-03-2009 |
20090300775 | METHOD FOR SHARING RIGHTS OBJECT IN DIGITAL RIGHTS MANAGEMENT AND DEVICE THEREOF - A Digital Rights Management (DRM), and particularly a method for sharing a Rights Object (RO) of a certain DRM content between devices, wherein a certain device requests a Rights Issuer (RI) to upgrade its existing RO, and moves or copies the upgraded RO by the request to at least one or more other devices via a wired/wireless medium, thereby sharing the RO with the other devices. | 12-03-2009 |
20090307780 | USING TRUSTED THIRD PARTIES TO PERFORM DRM OPERATIONS - Various embodiments utilize a third party, such as a trusted third-party, to perform DRM operations such as “move” operations. In at least some embodiments, the trusted third-party is utilized for both “move” operations as well as local content access such as playback and the like. In at least some embodiments, a third-party maintains a database that includes an association of clients, content, and move version numbers. A client—termed a “source client” maintains at least a move version number locally in a secure fashion. The version number is incremented each time the source client performs a move operation. Both the source client and the third-party increment the version number each time a piece of content is moved. When the client attempts to perform a move operation, it contacts the third-party to ascertain the third-party's move version number. If the move version numbers match and the source client owns the license/content, then, in at least some embodiments, a move operation is permitted. | 12-10-2009 |
20090307781 | PROGRAM EXECUTION CONTROL METHOD, ITS DEVICE, AND EXECUTION CONTROL PROGRAM FOR SAME - Provided are a program execution control method, its device, and an execution control program safely executing an application program containing an untrusted code while reducing overhead. Execution environment creating means ( | 12-10-2009 |
20090313702 | CONTENT TRANSFER CONTROL - Some embodiments provide one or more of systems, methods, software, and data structures to control locations where files may be stored. Some such embodiments include receiving a request to perform a file management function affecting a location where a first file is stored and querying a repository of file management rules as a function of at least one of a file type of the first file, a location where the first file is stored, a destination of where the first file is to be stored, and an identity of a user to retrieve a first set of file management rules. These embodiments further include determining if the destination is an authorized location where the first file may be stored as a function of the first set of retrieved file management rules and preventing the file management function when the determining identifies that the destination is not an authorized location. | 12-17-2009 |
20090313703 | File-Based Chat System And Method - A method for computer-based chat includes coupling a plurality of clients to at least one chat file residing in a file system. The method also includes appending a first text from at least one of the plurality of clients to the at least one chat file. In addition, the method includes updating the plurality of clients with changes made to the at least one chat file. | 12-17-2009 |
20090320141 | DOCUMENT DATA SECURITY MANAGEMENT METHOD AND SYSTEM THEREFOR - The present invention discloses a system for document security control to improve the security of document data, and the system comprises: an application, embedded in a machine readable medium, which performs a security control operation on abstract unstructured information by issuing an instruction to a platform software; the platform software, embedded in a machine readable medium, which accepts the instruction from the application and performs the security control operation on storage data corresponding to the abstract unstructured information; wherein, said abstract unstructured information are independent of a way in which said storage data are stored. | 12-24-2009 |
20090328233 | SENDING LOG OF ACCESSED DATA PRIOR TO EXECUTING DISABLE COMMAND IN LOST COMPUTER - Prior to disabling itself in response to a disable command, a lost or stolen portable computer first constructs a log of data that has been accessed recently and sends the log to the rightful owner's address, so the owner knows specifically what data might have been compromised. | 12-31-2009 |
20090328234 | METHOD AND SYSTEM FOR PERFORMING INTEROPERABLE DIGITAL RIGHTS MANAGEMENT AMONG DIFFERENT OPERATING SYSTEM PLATFORMS - A method for performing interoperable digital rights management among different operating system platforms is disclosed. Digital rights management programs are coded and compiled based on specific operating systems. Directories and auto-run folders relating to the directories for the compiled digital rights management programs are set up in a memory device of an electronic device. The compiled digital rights management programs are stored in the auto-run folders, respectively. When the memory device is inserted in the electronic device, an auto-run function of an operating system of the electronic device is automatically activated to select an auto-run folder, and one of the compiled digital rights management programs stored in the selected auto-run folder is accessed and executed. | 12-31-2009 |
20090328235 | Declared Origin Policy - A declared origin policy may be provided. First a plurality of records comprising addresses that an application is allowed to access may be received. The received plurality of records may be placed in a manifest. Then, a request containing an address may be received and compared to the plurality of records in the manifest. Access to the address may be allowed when one of the plurality of records in the manifest matches the address or when an ambiguity is encountered as to whether the one of the plurality of records in the manifest matches the address. Access to the address may be denied when none of the plurality of records in the manifest matches the address. Moreover, any request to change any of the plurality of records in the manifest may be denied when the application is updated, uninstalled, or reinstalled. | 12-31-2009 |
20100011446 | VERIFICATION OF UN-TRUSTED CODE FOR CONSUMPTION ON AN INSECURE DEVICE - Disclosed is a code verification service that detects malformed data in an automated process and rejects submission and distribution if any malicious code is found. Once the submission is verified it may be packaged in container. The container may then be deployed to a mobile device, and the public key may be used to verify that the container authentic. The device can load trusted managed libraries needed to execute the application and a manager can ensure that only trusted libraries access native resources of the device. | 01-14-2010 |
20100011447 | SECURE FILE PROCESSING - Apparatus, systems, and methods may operate to receive requests to securely process files on an untrusted client. Additional activity may include transparently redirecting file management operations associated with applications running on the untrusted client to file content associated with the files, where the file content is located in a sandbox on the untrusted client, where the sandbox is inaccessible to the applications. A data store, shared across the applications, may be used to share information associated with the file content. Additional apparatus, systems, and methods are disclosed. | 01-14-2010 |
20100011448 | MAINTAINING CONTACT WITH A DOCUMENT STORAGE FILE OWNER - Systems and methods of the present invention allow a file owner to upload and store a file to a File Storage Area. The file owner may synchronize a periodic clock to a time-based approval period during which the file owner may grant permissions to access the file. A file owner interface may store contact information for the file owner, and ping the information, substituting alternate contact information as necessary, alerting the file owner of any failure of the contact information prior to expiration of the time-based approval period. After expiration of the time-based approval period, grant of file permissions may be automatically approved. | 01-14-2010 |
20100024043 | METHOD FOR CONTROLLING ACCESS TO A SCRAMBLED DIGITAL CONTENT - A method for controlling access by a secret key K to a scrambled digital content distributed, along with the security data D(K) calculated on the basis of K, by an operator equipped with a content server and an access-rights server to at least one receiving terminal comprising a plurality of access-control modules, each access-control module implementing a specific technology for determining the secret key K. The rights server prior to distribution incorporates into said security data D(K) a selection criterion for selecting an access-control module from among the plurality of the terminal's access-control modules to process said security data D(K), after which when one of said access-control modules receives said security data D(K), said access-control module analyses the data D(K) to obtain said selection criterion and, on the basis of its value, terminates processing the data D(K) in order to attempt to obtain the secret key K or transmits a portion or the entirety of said security data D(K) to at least one of the other access-control modules. | 01-28-2010 |
20100024044 | SPECIFYING RIGHTS IN A DIGITAL RIGHTS LICENSE ACCORDING TO EVENTS - A digital license specifies rights with regard to corresponding digital content, and in particular specifies at least one event and for the at least one event at least one of a condition precedent to allowing the event to proceed and an action to be taken once the event has occurred. To respond to a request for an event from a rendering application with regard to the content, event code corresponding to the event is located in the license, and the condition within the event code is evaluated. If evaluated as true, the requested event is allowed to proceed, whereby the rendering application performs the event, and the action within the event code is executed. If evaluated as false, the requested event is denied. | 01-28-2010 |
20100031369 | SECURE DISTRIBUTED ITEM-LEVEL DISCOVERY SERVICE USING SECRET SHARING - A method and a system for a secure distributed item-level discovery service using secret sharing. The discovery service publishes a plurality of uniform resource locators that correspond to a resource identification key on a plurality of servers in a P2P ring. A uniform resource locator (URL) is split in a plurality of shares applying a secret sharing algorithm. For each share of the URL is generated share identifier by applying a hash function to the resource identification key. A share identifier is sent to a target node through a first proxy node applying Peer-to-Peer (P2P) routing. A share of the URL, corresponding to the share identifier is sent to the target node through a second proxy using a network address of the target node. Access rights for reading the share of the URL from the target node are published in an access control node. | 02-04-2010 |
20100031370 | SOFTWARE ENHANCED TRUSTED PLATFORM MODULE - Computer-executable instructions can implement a software-based Trusted Platform Module (TPM) that can have more computational power than the hardware TPM. The software TPM can be protected from modification, or other unauthorized access, via a memory partitioning scheme that enables other computer-executable instructions to access the software TPM in a predefined manner, but yet prohibits other access. A tri-partied partitioning scheme can be used wherein the computer executable instructions of the software TPM reside in a first region, a jump table to appropriate ones of those instructions resides in a second region, and everything else resides in the third region. The storage key of the software TPM can be sealed by the hardware TPM to be released only if the software TPM, and the computing device, are in a known good state, as determined by the Platform Configuration Registers of the hardware TPM, thereby further protecting the software TPM from tampering. | 02-04-2010 |
20100031371 | System and Method for Handling Peripheral Connections to Mobile Devices - Systems and methods for establishing a data connection between a mobile device and a peripheral. The mobile device is configured to determine whether to handle user approval of the data connection between the mobile device and the peripheral. Through the mobile device, an input mechanism is provided for the user to provide input. The input is used in determining whether to approve the data connection between the mobile device and the peripheral. | 02-04-2010 |
20100037324 | COMPUTER FILE CONTROL THROUGH FILE TAGGING - In embodiments of the present invention improved capabilities are described for providing data protection through the detection of tags associated with data or a file. In embodiments the present invention may provide for a step A, where data may be scanned that is intended to be communicated from the client computing facility. In response to step A, at step B, restricted data may be identified by identifying an absence of a tag associated with the data. And finally, in response to step B, at step C, an interruption to the intended communication may be caused. | 02-11-2010 |
20100043077 | TRUST BASED DIGITAL RIGHTS MANAGEMENT SYSTEMS - A system and method for allowing access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access to content protected by a different type of digital rights management system. Hierarchical levels of access to the content may be granted based on at least one of license metadata and credentials. | 02-18-2010 |
20100043078 | SECURE COMPACT FLASH - Methods and apparatus are provided, such as a memory card with a processor and nonvolatile memory coupled thereto. The nonvolatile memory has a secure area configured to store a user password and a serial number in encrypted form. The card is configured to grant access to the secure area when the card receives a password that matches the stored user password and the card is coupled to a system having the serial number. | 02-18-2010 |
20100050267 | METHOD AND SYSTEM FOR THE AUTOMATED TRANSFORMATION OF ACCESS CONTROL MANAGEMENT INFORMATION IN COMPUTER SYSTEMS - A system for the automatic transformation of access control data between a source and a target is described. The system includes a source module comprising access control data for a first computing system, a target module comprising access control data for a second computing system, a source transformer module to create an access control matrix based on the access control data in the source module, and a target transformer module to convert the data from the access control matrix according to the access of the target module for the second computing system. | 02-25-2010 |
20100050268 | PASSWORD PROTECTION SYSTEM AND METHOD - A method, system, and device for password protection for a computer or other electronic device are provided, including providing one or more false passwords that outwardly cause the computer or other electronic device to behave as if a correct password was entered and that inwardly cause the computer or other electronic device to behave differently than as if the correct password was entered; and taking a predetermined action when one of the false passwords is entered. | 02-25-2010 |
20100050269 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - Whether a combination method defined in an output rule satisfies a combination condition of each content specified in a play list is judged in order of priority defined in a priority list. Based on the judgment result, the output rule is edited in such a manner that the combination condition of each content specified in the play list is satisfied. The resources of the combination target contents specified in the play list are combined in accordance with the combination method of the edited output rule. | 02-25-2010 |
20100058483 | METHOD FOR PROTECTING SIGNATURES STORED IN A DATABASE - A method of protecting the privacy of a signature that may be used in, for example, a vote by mail system, that includes creating a distorted version of the registration signature, storing the distorted version of the registration signature, and storing a mechanism for converting the distorted registration signature into an undistorted registration signature. The stored mechanism may later be used to reverse the distortion so that the undistorted signature can be used in a verification process. | 03-04-2010 |
20100058484 | Methods for estimating playback time and handling a cumulative playback time permission - Methods for estimating playback time and handling a cumulative playback time permission are provided. In one embodiment, a file is streamed from a first device to a second device for playback. The amount of data of the file that was streamed to the second device is determined, and a playback time of the file is estimated using a time rate associated with the file and the determined amount of data of the file that was streamed to the second device. If the file is associated with a permission specifying an allowed cumulative playback time of the file, the estimated playback time can be accrued against the allowed cumulative playback time. Other embodiments are disclosed, and each of the embodiments described herein can be used alone or in combination with one another. | 03-04-2010 |
20100058485 | CONTENT PROTECTION AND DIGITAL RIGHTS MANAGEMENT (DRM) - An end to end content protection system that includes enhanced digital rights management (DRM). The system provides content delivery to devices over a managed multimedia home network. The system includes a domain manager for receiving content, wherein the domain manager includes a cable card, conditional access component and a MSO security application and a managed client device, coupled to and registered with the domain manager, the managed client device running a security DRM application client, the managed client device communicates with the MSO security application in the domain manager, wherein the MSO security application of the domain manager and the security DRM application client of the managed client instantiate a preferred DRM as an overlay on top of any other content protection scheme. | 03-04-2010 |
20100064374 | Launching Of Multiple Dashboard Sets That Each Correspond To Different Stages Of A Multi-Stage Medical Process - A robust window pane display system and method for coordinating window pane displays in the form of dashboards to assist nurses and doctors in the treatment of a medical patient based upon various medical situations. The window pane display system may be linked to a computer or computer network. The system may involve multiple dashboards for a multi-stage procedure or operation having discrete dashboards for each stage of the multi-stage procedure. A method for creating new dashboards for use in the window pane display system. | 03-11-2010 |
20100071072 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO LICENSE PROTECTED ASSETS USING USING RFID TECHNOLOGY - Access to a license protected asset is limited by storing license information associated with the asset on at least one radio frequency identification (RFID) tag. Access to the asset is allowed only upon successful retrieval and verification of the license information by a device having at least one RFID reader. | 03-18-2010 |
20100071073 | TECHNIQUES FOR SHUFFLING VIDEO INFORMATION - An apparatus, system, method, and article for shuffling video information are described. The apparatus may include a media processing node to receive video information. The media processing node may include a shuffling module to shuffle the video information according to a shuffle order and a trusted entity programmed based on the shuffle order to provide access to the video information. The video information may be provided in an unshuffled manner when accessed through the trusted entity. Other embodiments are described and claimed. | 03-18-2010 |
20100077485 | INFORMATION PROCESSING APPARATUS AND COMPUTER PRODUCT - An apparatus having a communication section operable to communicate with a central apparatus, and a storage control section operable to control writing onto, and reading from, a storage medium. The apparatus receives a control command transmitted from the central apparatus. The apparatus, if the received command is a security command, acquires process information indicating information on the security process. The apparatus transmits the process information acquired to the central apparatus. The apparatus, if the received command is a security command, executes the security process. The apparatus, if the received command is an inquiry command, acquires the status of the execution of the security process. The apparatus transmits the security process execution status acquired to the central apparatus. The apparatus, if the execution of the security process is completed, transmits the fact that the execution of the security process in the storage medium is completed to the central apparatus. | 03-25-2010 |
20100083384 | Secure Operation of Programmable Devices - According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory, a plurality of connection control elements and a logic unit. The logic blocks are grouped into one or more programmed partitions. The memory stores authentication information and partition information. The connection control elements controllably interconnect different ones of the logic blocks. The logic unit controls external access to the one or more partitions based on the authentication information, controls reprogramming of the one or more partitions based on at least some of the partition information and configures the connection control elements based on at least some of the partition information. | 04-01-2010 |
20100100967 | SECURE COLLABORATIVE ENVIRONMENT - A secure collaborative environment to facilitate the sharing of confidential information between organizations, which can be used in conjunction with existing infrastructure. | 04-22-2010 |
20100107260 | DEVICE FOR RECEIVING DIGITAL BROADCASTS - A device comprising a receiver for receiving a broadcast; a processor for processing said broadcast to extract at least one data channel or service from said broadcast means for connecting said device to user equipment, said connecting means being arranged to establish a connection with said user equipment whereby said extracted data channel or service can be transferred securely to said user equipment. | 04-29-2010 |
20100115623 | SYSTEM AND METHOD FOR ENABLING DISTRIBUTION OF MEDIA CONTENT USING VERIFICATION - A system and method are provided to enable distribution of media content across a network using physical verification. The system includes a media server configured to send media content across a local network. A storage device can be in communication with the media server, and the storage device may store media content having encryption and provide the media content to the media server. A media reader that is in communication with the media server can be checked by the media server to determine whether a recording of the media content on removable physical media is loaded in the media reader in order to allow the media server to distribute the media content previously stored on the storage device. An output device can be enabled to receive media content from the media server and to reproduce the media content for an end user. | 05-06-2010 |
20100115624 | METHOD AND SYSTEM FOR SECURING DATA FROM A POINT OF SALE DEVICE OVER A LAN - A data control system for a local area network ( | 05-06-2010 |
20100115625 | POLICY ENFORCEMENT IN TRUSTED PLATFORMS - Embodiments of the invention relate to a trusted entity ( | 05-06-2010 |
20100115626 | INTERACTIVE KEY CONTROL SYSTEM AND METHOD OF MANAGING ACCESS TO SECURED LOCATIONS - A security system associated with places physically protected by corresponding security mechanisms used to gain physical entry to the places by security mechanism users is managed using a searchable database that stores information on a plurality of places, a plurality of security mechanisms, and a plurality of security mechanism users. Program code provides access to the searchable database and interacts with database users using an Internet-accessible web site. The program code further authenticates each database user attempting to connect to the searchable database, and after authentication, interactively communicates a plurality of screens to database users, where each screen includes only hotlinks associated with security management operations for which those database users are authorized such that the screens do not include any hotlinks associated with security management operations for which the database users are not authorized. | 05-06-2010 |
20100122349 | Systems and methods for preventing unauthorized use of digital content - Theft, distribution, and piracy of digital content (software, video, audio, e-books, any content of any kind that is digitally stored and distributed) is generally accomplished by copying it, if possible, or, if it is protected from being copied in any fashion, such piracy is based upon a number of reverse engineering techniques. Aside from the straightforward copying of unprotected content, all of these other methods require first an understanding of the protective mechanism(s) guarding the content, and finally an unauthorized modification of that protection in order to disable or subvert it. Methods which prevent a skilled individual from using reverse engineering tools and techniques to attain that level of understanding and/or prevent anyone from performing such modifications can offer significant advantages to content creators who wish to protect their products. | 05-13-2010 |
20100132047 | SYSTEMS AND METHODS FOR TAMPER RESISTANT MEMORY DEVICES - Systems and methods for tamper resistant memory devices are provided. In one embodiment, a memory device comprises a memory cell for storing digital data, the memory cell having a plurality of memory addresses accessible for read and write operations through a memory interface; and a tamper detection circuit coupled to the memory cell, the tamper detection circuit comprising: a communications decoder coupled to the memory interface, wherein the communications decoder observes sequences of memory access operations to the memory cell; at least one timer for counting a duration of time; a tamper detect state machine responsive to the communications decoder and the at least one timer; and a data destruct engine responsive to the tamper detection state machine, wherein upon receiving an activation signal from the tamper diction state machine, the data destruct engine overwrites digital data stored in the memory cell. | 05-27-2010 |
20100132048 | Protecting Isolated Secret Data of Integrated Circuit Devices - A circuit arrangement, method, and design structure for controlling access to master secret data disposed in at least a portion of at least one persistent region of an integrated circuit device is disclosed. The circuit arrangement includes a clock circuit responsive to an external clock signal, a security state machine configured to control a security state of the integrated circuit device, and a master secret circuit in communication with the security state machine and configured to control access to the master secret data. The security state machine and master secret circuit are isolated from the clock circuit, and the master secret circuit is responsive to the security state machine to selectively erase at least a portion of the master secret data. The master secret circuit may be configured to erase the portion of the master secret data in response to a null or triggered security state. | 05-27-2010 |
20100132049 | LEVERAGING A SOCIAL GRAPH FROM A SOCIAL NETWORK FOR SOCIAL CONTEXT IN OTHER SYSTEMS - A social network contains information describing information about members of the social network and about various connections among the members. An external system that interacts with users (such as a website) communicates with the social network to access information about the members of the social network. In particular, the external system may determine whether a user is a member of the social network and then obtain information about the member and the member's connections within the social network. This allows an external system to use information from the social network to enhance a user's experience on the external system, while enforcing each member's privacy settings. | 05-27-2010 |
20100138931 | METHOD AND SYSTEM FOR REAL TIME CLASSIFICATION OF EVENTS IN COMPUTER INTEGRITY SYSTEM - Method and system using a designated known secure computer for real time classification of change events in a computer integrity system are disclosed. In the embodiment of the invention, the known secure computer is dedicated for providing permissible change events, which are compared with change events generated on client operational computers. An alert is raised when the change event at the client operational computer and the respective permissible change event provided by the known secure computer differ. | 06-03-2010 |
20100162410 | DIGITAL RIGHTS MANAGEMENT (DRM) CONTENT PROTECTION BY PROXY TRANSPARENCY CONTROL - Embodiments of the present invention provide a method, system and computer program product for protecting digital content through visual proxy transparency control. In an embodiment of the invention, a method for digital content access control for multi-party rights management can be provided. The method can include creating a transparent overlay window over a target window, identifying permissions associated with digital rights management (DRM) protected content rendered in the target window, intercepting in the transparent overlay window a user interface event for a portion of the target window displaying the DRM protected content, and quashing the user interface event if permissions associated with the DRM protected content do not allow access to the DRM protected content, but otherwise passing the event to an event handler for the target window. | 06-24-2010 |
20100162411 | APPARATUS AND METHOD FOR MANAGING HYBRID CONTENTS GENERATED BY COMBINING MULTIMEDIA INFORMATION AND GEOSPATIAL INFORMATION - An apparatus for managing hybrid contents generated by combining multimedia information and geospatial information includes an input/output unit that is connected with a contents storage and a contents using device to control input/output of the hybrid contents; a structure calculating unit that generates the hybrid contents having a layer structure using an XML format by interconnecting the multimedia information having the layer structure using the XML format provided from the input/output unit and the geospatial information having the layer structure using the XML format; and a relationship establishing unit that is connected with the input/output unit or the structure calculating unit to establish and provide the relationship of the multimedia information having the layer structure, the geospatial information having the layer structure, and the hybrid contents. | 06-24-2010 |
20100169980 | PERSONAL INFORMATION PROVIDING APPARATUS AND METHOD - A personal information providing method and apparatus is provided. The personal information providing apparatus may extract personal information about at least one characteristic corresponding to a predetermined standard from a database storing personal information of a plurality of characteristics, embed the personal information about the at least one characteristic in a predetermined image, generate a personal information image, generate a watermark having trace information embedded, and embed the watermark in the personal information image. | 07-01-2010 |
20100169981 | Web-Based Asset Management - The method and system of the present invention provides an improved technique for replacing, implementing and managing computer-related assets. A technician accesses the World Wide Web through a user's computer. The information resident on the computer, including information regarding the computer and the user's preferences, are downloaded to a remote storage medium through the World Wide Web. Once downloaded, all information may be removed from the user's computer. Subsequently, the technician accesses another computer such as, for example, a new computer that has been assigned to the same user. The technician accesses the World Wide Web through the new computer and downloads the information previously stored on the remote storage medium. This information can then be used to install the user's prior applications, settings and preferences on the new computer. | 07-01-2010 |
20100186095 | METHOD AND SYSTEM FOR GAP BASED ANTI-PIRACY - In order to achieve a more robust level of piracy protection, a gap protection scheme is utilized. This protection scheme may utilize the notion of a gap, which may comprise any entity or component that is withheld from a distribution that is required in order to run or execute a software title or is required in order to play and enjoy any other type of protected asset. | 07-22-2010 |
20100199357 | SECURE HOSTING FOR UNTRUSTED CODE - Various technologies and techniques are disclosed for increasing security in execution environments. A system is described for handling DLL calls made from untrusted code. An execution environment instantiates a lower trust process when a high trust process determines a need to call untrusted code. When the untrusted code calls a method in an original DLL, the execution environment loads a shim DLL into the lower trust process. The shim DLL has a clone of the method from the original DLL. A method for increasing security when processing calls from untrusted code is described. A shim DLL is created from an original DLL, and is deployed so an execution environment will load the shim DLL instead of the original DLL. When an execution environment receives a call from a caller DLL to the original DLL, the call is routed through the shim DLL. A pluggable validation system is also described. | 08-05-2010 |
20100199358 | Information Exchange Apparatus, Method and Managing System Applied Thereto - An information exchange apparatus in accordance with the present invention has a processing unit, a wireless communication unit, a storage unit, a mainframe connection port and an identification module. The wireless communication unit has a transmitter and a receiver connected to the processing unit. The storage unit is connected to the processing unit and stores a device identification (ID) code, user information and data exchange records. The mainframe connection port is connected to the processing unit for connecting to an electronic device. The identification module is connected to the processing unit, has a secure memory and stores an identification procedure. The secure memory stores the device ID code and an identification key. The identification module allows the processing unit to access data in the storage unit and exchange data in the storage unit with other information exchange apparatus when the processing unit passes the identification procedure. | 08-05-2010 |
20100212021 | Decrement software - Computer system that detects license characteristics, and detects if the use of specified software is within those license characteristics. If not, the software use is limited to less than the specified use. This allows all versions of the software to have all features, but limits the amount by which those features can be used. | 08-19-2010 |
20100212022 | DEVICE AND METHOD FOR DIGITAL RIGHTS MANAGEMENT - A digital rights management method includes: storing information on a rights object in a memory area, wherein the rights object has been transferred from a first device to a second device, and wherein the rights object includes permissions linked to a digital media object; receiving a rights object at the first device; and accessing the memory area to check whether information on the received rights object is stored in the memory area and to set up the received rights object on the first device in case the information on the received rights object is not stored in the memory area, and to reject the received rights object in case the information on the received rights object is stored in the memory area. | 08-19-2010 |
20100212023 | SHORTCUT MANAGEMENT UNIT AND METHOD, AND STORAGE MEDIUM - A shortcut management device capable of improving user-friendliness of a portal application. The shortcut management device is capable of executing shortcuts which use functions of an electronic apparatus, and manages at least part of the functions used by the shortcuts. A storage unit registers shortcuts. An invalidation detecting unit detects that the license is invalidated. A retrieval unit retrieves a shortcut made inexecutable in association with the license of which the invalidation is detected. An invalidation unit invalidates the retrieved shortcut. | 08-19-2010 |
20100212024 | DIGITAL VIDEO SYSTEM USING NETWORKED CAMERAS - A digital video system including a computer connected via a network to a number of video servers and cameras. The computer includes a program that provides a grid of display windows, each of which displays an image received from the camera associated with that window. The program sequentially polls each camera, accessing and displaying an image from the camera in its associated window. The program can access the cameras at different frame rates. The program stores image streams in a single file, concatenating each successive image onto the end of the file. The file is then indexed using SOI and EOI markers to permit fast access to individual images within the file. The program can monitor received video and automatically start recording upon detecting motion within the video stream. Motion detection is implemented by comparing color component values for pixels from different images. | 08-19-2010 |
20100218261 | ISOLATING PROCESSES USING ASPECTS - A system and method for receiving a request to load a computer application into a memory for execution, analyzing the computer application to identify one or more join points, injecting aspect computer code into the computer application at the one or more join points, wherein the aspect computer code to regulate the execution of restricted operations initiated by the computer application based on a restricted operations profile associated with the aspect computer code, and executing the computer application having the aspect computer code injected therein. | 08-26-2010 |
20100229242 | PROGRAM EXECUTION CONTROL SYSTEM, PROGRAM EXECUTION CONTROL METHOD AND COMPUTER PROGRAM FOR PROGRAM EXECUTION CONTROL - When a program is introduced into a computer terminal from an external source via a wired or wireless network or by using an external memory card, unauthorized access by the introduced program to various functions within the terminal is prevented by verifying the source from which the program was distributed and performing execution control appropriately according to the identity of the program. In order to reference the security policy data which specifies functions available to each program given from an external source and restrict functions used by the program, the information concerning the security domain or the certificate or signature attached to the program is extracted, and the extracted information is associated with one of a plurality of function access types held as security policy data. | 09-09-2010 |
20100229243 | APPLICATION PROGRAMMING INTERFACE FOR TRANSFERRING CONTENT FROM THE WEB TO DEVICES - A tagging structure is used in web pages to identify content in such web pages that can be dragged and dropped into a wireless device when such web pages are rendered as a component of a web page served by a media management service. | 09-09-2010 |
20100229244 | TRAFFIC MANAGER FOR DISTRIBUTED COMPUTING ENVIRONMENTS - Techniques suitable for facilitating communications between various computer programs operating on various nodes in a distributed computing environment are disclosed. The techniques can be used by a traffic manager operating in such environments. The traffic manager is capable of monitoring traffic exchanged between client and server programs operating in the distributed computing environment. Moreover, the traffic manager can be used to implement a variety of desirable features across different computing environments. These computing environments are typically separated by one or more distinguishing characteristics. As will be appreciated, the traffic manager provides an integral and cost effective solution which can bridge these distinguishing characteristics as well as define and enforce policies across disparate computing environments. This is achieved by centralizing the generation of interfaces which allow interaction between any of the nodes in a distributed computing system. This avoids the redundancy and inefficiency inherent in building these capabilities in each node, particularly in complex systems. | 09-09-2010 |
20100235924 | Secure Personal Medical Process - A process of accessing and controlling medical information data by a Secure Process that includes two schemas—Medical Access Permission Schema (MAPS) information access system and encryption schema. In particular, the invention relates to a secure process for creating an access control and authentication methodology that identifies specific roles found in the medical field, applies these roles to content attributes, and binds those attributes to secret keys associated with an encryption schema. | 09-16-2010 |
20100242120 | Mitigating and managing privacy risks using planning - System and methods are provided for managing and mitigating privacy risks in a system having a network of processing elements. According to one method, there is receive a request for at least one output product from the system. The request includes a set of privacy parameters. At least one set of workflow generating strategies are created that results in the output product having a privacy risk value below a predefined threshold. At least one of the workflow generating strategies is deployed for automatically producing the at least one output product. | 09-23-2010 |
20100251384 | System for a digital content distributing service and the method thereof - A method and system for a digital content distributing service, wherein the system comprises a central broadcast station, an audit trails unit, and a distributing control unit. The central broadcasting station includes at least one unicast streaming server, at least one multicast streaming server, and a digital content storage unit, wherein the digital content storagre unit provides a plurality of digital contents to be displayed for consumers connected to the central broadcasting station via a transmission media. The audit trails unit receives and records the individual expenditure information of consumers. The distributing control unit controls the distribution of the digital contents in accordance with the individual expenditure information of consumers, wherein when consumers watch one identical digital content, the distributing control unit will determine to distribute the identical digital content to the consumers by the at least one unicast streaming server or the at least one multicast streaming server. | 09-30-2010 |
20100263055 | METHOD AND SYSTEM FOR CONTROLLING THE USE OF AN ELECTRONIC DEVICE - A system and method for controlling the use of an electronic device by at least one user, comprising means for verifying if at least one restriction condition related to the use of the electronic device is satisfied; means for applying a restriction action to the electronic device for constraining its use; means for variably determining at least one non-agreed request to the user; means for doing the determined non-agreed request accessible to the user; means for receiving a non-agreed input from the user in response to the request; means for verifying if the received non-agreed input from the user corresponds to the expected input; and means for cancelling the restriction action applied to the electronic device. | 10-14-2010 |
20100263056 | SYSTEM AND METHOD FOR REDISTRIBUTING AND LICENSING ACCESS TO PROTECTED INFORMATION AMONG A PLURALITY OF DEVICES - A method and apparatus of encouraging distribution, registration, and purchase of free copyable software and other digital information which is accessed on a User's System via a Programmer's Program. Software tools which can be incorporated into a Programmer's Program allow the User to access Advanced Features of the Programmer's Program only in the presence of a valid Password which is unique to a particular Target ID generated on an ID-Target such as the User's System. Advanced features will thus re-lock if the Password is copied to another ID-target. If a valid Password is not present, the User is invited to obtain one, and provided with the means of doing so, and of installing that Password in a place accessible to the User's System on subsequent occasions. The present invention also provides Programmers with means to invoke business operations as well as computational operations with their programs, and thus to automatically obtain payment from Users who elect to obtain passwords. | 10-14-2010 |
20100263057 | SYSTEM AND METHOD FOR MANAGING TRANSFER OF RIGHTS USING SHARED STATE VARIABLES - A method, system and device for transferring rights adapted to be associated with items from a rights supplier to a rights consumer, including obtaining a set of rights associated with an item, the set of rights including meta-rights specifying derivable rights that can be derived from the meta-; determining whether the rights consumer is entitled to the derivable rights specified by the meta-rights; and deriving at least one right from the derivable rights, if the rights consumer is entitled to the derivable rights specified by the meta-rights, wherein the derived right includes at least one state variable based on the set of rights and used for determining a state of the derived right. | 10-14-2010 |
20100287620 | COMPUTER SYSTEM LOCK-DOWN - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, a method is provided for locking down a computer system. A customized, local whitelist database is stored with a memory of the computer system. The whitelist database forms a part of an authentication system operable within the computer system and contains therein cryptographic hash values of code modules expressly approved for execution by the computer system. A kernel mode driver of the authentication system intercepts a request to create a process associated with a code module. The authentication system determines whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated against the whitelist database. The authentication system allows the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values. | 11-11-2010 |
20100293619 | LICENSE MANAGEMENT SYSTEM AND LICENSE MANAGEMENT METHOD - An information processing apparatus that acquires a license from a license server and installs application software permitted by the license and executable by a virtual server that operates on the information processing apparatus determines a license type of the application software according to whether the license type is in a unit of the information processing apparatus unit or in a unit of the virtual server, transmits the license type to the license server, and acquires a license to execute the application software from the license server. | 11-18-2010 |
20100293620 | IDENTIFICATION, STORAGE AND DISPLAY OF LAND DATA ON A WEBSITE - Disclosed is a land website that provides a personalized database on which data can be stored, retrieved, customized and communicated (e.g., by e-mail) relating to a particular piece of property. The database can be accessible via a password and a security code over the Internet and may be encrypted for transmission. Land websites can be established that contain image data, map libraries, virtual tours, legal descriptions, title information, e-documents, actual pictures of property and various other information. Unique 3-D imaging of composite images can be provided on the land website as well as fly-around composite 3-D images. The land website provides a unique way of packaging information relating to a piece of land in a single, accessible location. A boundary applet tool is provided on the land website portal that allows a user to simply and easily draw boundaries around the property of interest and then submit an order for more detailed information about the property of interest. Various map data and image data are provided to assist the user in drawing the boundaries. Acreage amounts are automatically calculated based upon the size and area drawn by the user. Properties of interest can be easily accessed by a global coordinate system or by searching on map data that is provided on a wide range of scales. | 11-18-2010 |
20100306856 | SYSTEM AND METHOD FOR FILTERING EMAIL DATA - A software and/or hardware facility for filtering email data. The facility receives an indication of an SMTP event associated with an email and processes a script corresponding to the SMTP event. The script is comprised of a language for processing emails and may include one or more filters. If the script includes one or more filters, the facility executes the one or more filters and takes action on the associated email in accordance with the executed one or more filters. The action taken by the facility includes configuring the email system to affect not only the associated email but other emails. | 12-02-2010 |
20100306857 | DATA STORAGE DEVICE AND DATA STORAGE SYSTEM INCLUDING THE SAME - A data storage device protecting security code stored therein and a data storage system including same are disclosed. The data storage device efficiently prevents unauthorized access to the security code by allowing command descriptor block (CDB) information to be read using only a read-only memory (ROM). | 12-02-2010 |
20100325736 | REMOTE ACCESS CONTROL OF STORAGE DEVICES - An access control device can be communicationally coupled to a storage device and can control access thereto. The access control device can comprise information, such as identities of authorized entities, to enable the access control device to independently determine whether to provide access to an associated storage device. Alternatively, the access control device can comprise information to establish a secure connection to an authorization computing device and the access control device can implement the decisions of the authorization computing device. The access control device can control access by instructing a storage device to execute specific firmware instructions to prevent meaningful responses to data storage related requests. The access control device can also comprise storage-related cryptographic information utilized by the storage device to encrypt and decrypt data. In such a case, the access control device can control access by not releasing the storage-related cryptographic information to the storage device. | 12-23-2010 |
20110030067 | APPARATUS AND METHOD FOR CONTROLLED SHARING OF PERSONAL INFORMATION - An apparatus and method for controlled sharing of personal information are provided which allow confident and accurate indications of, and alterations to, the level of personal information being shared by all personal information sharing capable (i.e. source) applications of a portable electronic device. Controlled personal information sharing is achieved through the application of sharing modes which are enabled through the cooperation of a plurality of applications which share personal information, a detecting module which detects requests to control the continued sharing of personal information and a controlling module controls the continued sharing of personal information by the plurality of applications. A universal sharing toggle is provided which allows a user of a portable electronic device to control the sharing of all personal information by the device. A personal information sharing icon is provided which gives a user of a portable electronic device a quick indication of the present state of the device's sharing mode. In cooperation, the universal sharing toggle and personal information sharing icon provide a user of a portable electronic device with a highly useable and efficient mechanism to control the amount of privacy provided by the device by restricting or allowing personal information to be shared. | 02-03-2011 |
20110030068 | IMAGE PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - There is provided an image processing apparatus which suppresses reduction in security due to increase in output products without any restriction without losing the convenience of a re-output function using a history. A method for controlling an image processing apparatus includes displaying a list of jobs executed based on a job history information stored in the storing means on display means, determining whether the job selected by a user from the displayed list of jobs is the one which output an output product whose copy is restricted, and restricting to output an output product in accordance with the job selected by the user if it is determined that the job is the one which output an output product whose copy is restricted. | 02-03-2011 |
20110035807 | Devices and Methods of Clustered Displays - Disclosed are devices and methods of communication devices that are configured to be a part of clustered displays. A communication device may be a mobile communication device. Such a device may include a cluster module configured to determine that the device is a license owning unit, a content module configured to receive data including content via a transceiver when it is determined that the device is a license owning unit and a distribution module configured to transmit output data via a transceiver, the output data being at least one portion of the data. The license owning unit is determined based on the reception characteristics of the devices of the cluster. The distribution by the license owning unit to other devices in the cluster is at the lowest resolution of any of the devices of the cluster. | 02-10-2011 |
20110035808 | ROOTKIT-RESISTANT STORAGE DISKS - Rootkit-resistant disks (RRD) label all immutable system binaries and configuration files at installation time. During normal operation, the disk controller inspects all write operations received from the host operating system and denies those made for labeled blocks. To upgrade, the host is booted into a safe state and system blocks can only be modified if a security token is attached to the disk controller. By enforcing immutability at the disk controller, a compromised operating system is prevented from infecting its on-disk image. | 02-10-2011 |
20110035809 | AGENT SERVICE - One embodiment of the present invention is directed to a method for compressing data generated by multiple data sources. The method includes steps of partitioning data generated by the multiple data sources into data partitions, the data included in each data partition containing inter-data-source redundancies and, for each data partition, compressing the data in the data partition to remove the inter-data-source redundancies. | 02-10-2011 |
20110035810 | SYSTEM AND METHOD FOR GRANTING ACCES TO AN ITEM OR PERMISSION TO USE AN ITEM BASED ON CONFIGURABLE CONDITIONS - A method, system, device, and computer program product for processing plural rights expressions associated with an item for use in a system for controlling use of the item in accordance with the rights expressions, including receiving a request to use an item, the item having associated rights expressions governing use of the item; returning one or more rights expressions including conditions that must be satisfied in order to use the item; and processing the returned rights expressions in a manner to facilitate selection of the returned rights expressions in order to use the item in accordance with the selected rights expressions. | 02-10-2011 |
20110055930 | CORRELATING PRIVATE AFFINITIES - The claimed subject matter relates to an architecture that can leverage private affinities in order to facilitate or enrich relationships between people. In particular, the architecture can receive a profile associated with a user wherein the profile includes a set of private affinities that are cryptographically protected from public inspection. The architecture can decrypt and/or cryptographically compare a private affinity from the profile to an affinity in a disparate profile (associated with a disparate user) in order to identify a matching affinity. Once a matching affinity is identified, a message indicating such can be provided to the user along with a request to publish certain revealed information to the disparate user, possibly based upon a mutual exchange of commensurate information from the disparate user. | 03-03-2011 |
20110055931 | METHOD AND APPARATUS FOR PROTECTING ACCOUNT NUMBERS AND PASSWORDS - A method and apparatus are provided for protecting confidential information. The method includes the steps of providing a plurality of files where each file contains at least one item of secret information, password protecting the plurality of files with a master password, detecting entry of passwords into a master password entry field, comparing entered passwords with the master password to identify incorrect master passwords and deleting the plurality of files upon successive entry of incorrect master passwords a predetermined number of times. | 03-03-2011 |
20110055932 | Data Access Control with Flexible Data Disclosure - A method for presenting data, the method including presenting via a first computer output device an indicator indicating a data item whose value is prevented, in accordance with predefined access control criteria, from being presented via the first computer output device, receiving from a requestor a request to present the data item value, maintaining a record of an identity of the requestor together with a description of the requested data item, and presenting via a second computer output device the data item value. | 03-03-2011 |
20110055933 | PERSONAL LIBRARY ON NET - A personal library on a network enables content to be distributed in a manner that is able to be regulated to prevent users from violating copyright law yet allows user to use the content on more than one device. The personal library receives content from a store and/or contains content and then provides the content including a content management implementation to user devices. | 03-03-2011 |
20110061108 | METHOD AND APPARATUS FOR MEDIA RELAYING AND MIXING IN SOCIAL NETWORKS - An approach is provided for relaying media and creating new content from the media via a social network. Audio content is caused to be received from one of a plurality of devices. The one device is associated with a member of a first list of contacts. New audio content is generated based on the received audio content. The new audio content is caused, at least in part, to be transmitted to another one of the devices. The other one device is associated with a member of a second list of contacts. | 03-10-2011 |
20110061109 | Controlling Access to Content and/or Services - The exemplary embodiments of the method and system according to the present invention provide a system and method for controlling access to audiovisual content such as television shows, video-on-demand services or streaming video which can be delivered by cable, satellite, wired or wireless networks, cell phones, the Internet, etc. More particularly, the present invention provides a capability to define certain criteria which can be used to restrict access to content based on combinations of various parameters including, but not limited to, time of day, day of the week, type of content, source of content, content display device, etc. These criteria may also be provided by data storage arrangements or a network, and access restrictions specified by such criteria can be associated with a plurality of display devices. | 03-10-2011 |
20110067113 | Classification Separation Router - A method and system are provided to classify and convey data to satisfy a client request. The classification system is a two dimensional data classification system, including a first dimension pertaining to subject matter and a second dimension pertaining to data security. A partition is dynamically created, and data that satisfies the request populates the created partition to convey parsed data based satisfying both dimensions of the request. | 03-17-2011 |
20110072519 | Privileged user access monitoring in a computing environment - Methods and systems for monitoring privileged user access of a database using a computer having at least one processor are provided. The system monitors database transactions. If a transaction is made by a privileged user, the system records information relating to the transaction in an audit database and/or in an audit file. If a transaction is made by a terminated or otherwise unauthorized privileged user, the system can be adapted to alert management of a possible security breach. | 03-24-2011 |
20110072520 | System And Method For Protecting Files Stored On An Electronic Device - An electronic device includes a security system which provides for protection of designated files stored on an electronic device. For example, an electronic device may receive user input selecting a file for protection processing. The user input may select the file for encryption and automatic decryption under certain predetermined conditions and/or for automatic saving to a remote storage device after the device has been reported stolen, for instance. After receiving the user input selecting the file for protection processing, the electronic device may automatically receive theft information from a remote server, wherein the theft information indicates whether the electronic device has been reported stolen. After determining whether the electronic device has been reported stolen, the electronic device may automatically process the selected file according to the selected protection processing, wherein the processing is contingent on whether the electronic device has been reported stolen. Other embodiments are described and claimed. | 03-24-2011 |
20110083193 | REMOTE VIEWING OF MULTIMEDIA CONTENT - A method and system for remote viewing of multimedia content using a multimedia content distribution network (MCDN) is configured to duplicate multimedia content displayed on a first MCDN terminal device and route the duplicate multimedia content to a second MCDN terminal device. The MCDN terminal devices may be coupled to a local network at an MCDN client premises. The MCDN terminal devices may also include wireless telephony devices for mobile remote viewing functionality. The method may include transcoding of the multimedia content into a format suitable for the second MCDN terminal device. | 04-07-2011 |
20110083194 | SECURITY WITHIN INTEGRATED CIRCUITS - A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time. Related apparatus and methods are also described. | 04-07-2011 |
20110083195 | PROTECTION OF PROPRIETARY EMBEDDED INSTRUMENTS - A network of storage units has a data path which is at least a portion of the network. The network also has a key storage unit and a gateway storage unit. If the key storage unit stores a key value, the key storage unit transmits a key signal to the gateway storage unit. If the gateway storage unit does not store a gateway value or the key signal is not transmitted to the gateway storage unit, the gateway storage unit does not insert a data path segment in the data path. If the gateway storage unit stores a gateway value and the key signal is transmitted to the gateway storage unit, the gateway storage unit inserts the data path segment. | 04-07-2011 |
20110083196 | CONTENT RIGHTS MANAGEMENT FOR DOCUMENT CONTENTS AND SYSTEMS, STRUCTURES, AND METHODS THEREFOR - A document comprises a body having at least one defined portion therein, each defined portion being represented in the body of the document as a body object, each of the document and each body object therein being rights-managed as protected content based on license terms specified in a digital license. A recipient of the document can render the protected content of each of the document and each body object therein by acquiring the digital license and satisfying the license terms set forth in the digital license. | 04-07-2011 |
20110088099 | On demand visibility services and smart directory - An on-demand communication system, device, method and program are provided which allows a consumer to request information from an on-demand visibility service. The on-demand visibility service places a request with the on-demand directory service that may then choose a relevant provider to be queried for this information based on situation-based access control logic. The on-demand visibility service then queries the relevant providers with the request for information. Providers may then gather information by optionally using sensors, and may then transmit a provider response to the on-demand visibility service. The on-demand visibility service may then forward this provider response in the form of an answer to the consumer, thereby satisfying the consumer request for information. | 04-14-2011 |
20110099639 | METHOD AND APPARATUS FOR PREVENTING AUTORUN OF PORTABLE USB STORAGE - Provided is a technology which creates an autorun file that is used in autorun for preventing the autorun of a USB-based portable storage, thereby allowing an arbitrary user or worm virus not to manipulate the autorun file. A method for preventing autorun of portable storage accesses at least one of a master file table entry of a root directory and a master file table entry of an autorun file, and sets non-autorun in the at least one accessed master file table entry. | 04-28-2011 |
20110099640 | METHOD AND SYSTEM FOR SELECTIVELY CONTROLLING ACCESS TO PROTECTED MEDIA ON A MEDIA STORAGE DEVICE - A method of preventing unauthorized reproduction of media disposed on a media storage device according to one embodiment is described. The method comprises installing a compliance mechanism on the computer system. The compliance mechanism is communicatively coupled with the computer system when installed thereon. The compliance mechanism is for enforcing compliance with a usage restriction applicable to the media. The method further includes obtaining control of a data input pathway operable on the computer system. The method further includes accessing data that is disposed on the media storage device that is associated with the usage restriction. The method further includes preventing the computer system from accessing the media digitally via the data pathway while enabling presentation of the protected media. | 04-28-2011 |
20110099641 | Trial Access for Media Files from a Media List - A portable media device includes a processor and a memory. The memory stores instructions that when executed cause the processor to access a media file stored in the portable media device based on a trial access term for the media file, determine that a trial period within the trial access term for the media file has expired, and set the media file as inaccessible to the portable device in response to determining that the trial period within the trial access term has expired. | 04-28-2011 |
20110107430 | UPDATING AN OPERATING SYSTEM OF A COMPUTER SYSTEM - The present invention provides a processor-implemented method and system of updating an operating system of a computer system, where the operating system is subject to a system lockdown that does not allow changes to a list of approved executables of the operating system and that does not allow changes to a base system configuration of the operating system. In an exemplary embodiment, the method and system include, (1) identifying at least one trusted updater process in the operating system and (2) allowing the trusted updater process to make at least one change to the list of approved executables. In an exemplary embodiment, the method and system include, (1) identifying at least one trusted updater process in the operating system and (2) allowing the trusted updater process to make at least one change to the base system configuration. | 05-05-2011 |
20110107431 | METHOD AND APPARATUS FOR PROTECTING AN EMBEDDED CONTENT OBJECT - An approach is provided for protecting an embedded content object. A content object binding manager receives a request, from a user, for a content object. In response to the request, the binding manager causes, at least in part, actions that result in transmission of the content object including an unassociated binding key to the user. The user may embed the content object in a displayable medium. The binding manager then detects a first access of the content object in the displayable medium at a host and binds the content object to the host using the unassociated binding key in response to the detection. | 05-05-2011 |
20110107432 | COMPUTER READABLE MEDIUM STORING INFORMATION PROCESSING PROGRAM, INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING SYSTEM - A computer readable medium storing a program causing a computer to execute a process for information processing includes: reading, from a storage unit, setting information used in processing performed by an apparatus and prohibited matter information including at least a setting to avoid a prohibited matter at setting in the apparatus; and extracting a setting to avoid the prohibited matter changeable regarding at least a part of restricted setting information in the setting information read at the reading step, and making a setting not to perform the extracted setting. | 05-05-2011 |
20110107433 | System and Method for Creating and Marketing Authentic Virtual Memorabilia - An advertising engine, system and method of using is described. The engine includes at least one vault including a plurality of media assets, a recommendation engine that matches at least one media asset from the vault with at least one requested creative, a delivery engine that integrates the requested creative with the matched media assets from the vault, and a management engine that regulates and/or tracks ones of the at least one media asset. | 05-05-2011 |
20110113492 | METHOD FOR CONTROLLING THE USE OF A CONDITIONAL ACCESS CONTENT AND MULTIMEDIA UNIT FOR IMPLEMENTING SAID METHOD - The present invention concerns a method for controlling the use of a conditional access content (C | 05-12-2011 |
20110119767 | CONTENT BINDING AT FIRST ACCESS - A method and system of binding content at first access is disclosed. A non-volatile storage device may provide a content access script and a content binding script in order to access protected content. An accessing application may attempt to access the protected content by executing a content access script. The accessing application must have permission to access and execute the content access script. If the accessing application cannot access or execute the content access script, the accessing application may access and execute the content binding script. The content binding script contains instructions that enable the accessing application to successfully execute the content access script. The content binding script, when executed, may disable itself from being executed again by moving critical information associated with the access to protected data. Thus, the content binding script may be executed once to enable an accessing application to successfully execute the content access script. | 05-19-2011 |
20110119768 | COMMUNICATION ARRANGEMENT - The present invention relates to a method, node and system for efficient handling of sharing a set of data and in particular where the data set is shared in a volatile manner. Each node with access to the data set sharing group controls the access of data set from the node and each node stores data set received from other nodes in the group in a volatile manner providing removal of data set received from a node that has left the sharing group. | 05-19-2011 |
20110119769 | Rechargeable Media Distribution and Play System with Tracking Cookies - An electronic media distribution/play system includes a service facility that has a communications network interface and maintains a data file catalog. The catalog is sent over the network to requesting users, and the system processes payments from customers in establishing file access authorizations. Encrypted user-selected files and a player program are transmitted to each customer for metered access to received data files as limited by the authorization, and customers can make additional selections and play the encrypted files freely while the authorization remains established. The system can transmit the data files from local storage, and also provide links to encrypted files that are stored at remote vendor facilities. Authorizations can be for selected portions or class levels of the catalog, and for terms measured as calendar time, play time, and collective number of plays. Also disclosed is a method for facilitating the distribution and accessing of electronic files. | 05-19-2011 |
20110126295 | DISPERSED STORAGE NETWORK DATA SLICE INTEGRITY VERIFICATION - A method begins with a processing module issuing a retrieval request, receiving secret shares of a set of secret shares to produce received secret shares, and receiving encoded data slices of a set of encoded data slices. The method continues with the processing module decoding the received secret shares to recapture a message authentication key when a threshold number of the secret shares is received. The method continues with the processing module identifying a received encoded data slice of the received encoded data slices having an authentication code associated therewith when a threshold number of the encoded data slices is received. The method continues with the processing module verifying the authentication code based on the message authentication key and the received encoded data slice. The method continues with the processing module decoding the received encoded data slices to recapture a data segment when the authentication code is verified. | 05-26-2011 |
20110138476 | Software Fault Isolation Using Byte-Granularity Memory Protection - Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked. | 06-09-2011 |
20110138477 | Location Sensitive Solid State Drive - A data storage system including a SSD includes a capability to detect whether its location is acceptable for function, and a capability to self-disable in the event the location of the device is unacceptable, or to self-enable only while the location of the device is acceptable. | 06-09-2011 |
20110138478 | Metadata Broker - The present invention provides methods and apparatuses for obtaining selected metadata from a user device. The user device has a metadata engine that stores and accesses metadata in response to a metadata query. A metadata broker verifies the authenticity of the metadata query from a service provider and returns selected metadata if the service provider has rights to obtain the metadata. The user device has a communications interface that sends a service request that is indicative of the selected service over a communications channel and receives the metadata request that is indicative of the selected metadata. An authorization center receives a metadata request from a service provider, accesses a rule set to determine selected metadata in accordance with predetermined rights, and returns a signed metadata request to the service provider. The signed metadata request has an electronic signature of an authorizing party and is indicative of the selected metadata. | 06-09-2011 |
20110154505 | UNOBTRUSIVE ASSURANCE OF AUTHENTIC USER INTENT - Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions. | 06-23-2011 |
20110162083 | SYSTEM AND METHOD FOR SECURING DATA - The invention relates to a system and method for making data secure. The inventive system is characterized in that it comprises:—a monotonic counter;—a computational entity;—a physical data medium comprising one or a plurality of data blocks, a first master block comprising the last value recovered from the monotonic counter, an identifier of the last data block written on said medium, a first authentication code guaranteeing the authenticity of the written data block or blocks, a second authentication code calculated from the last written data block, said data being fixed at a neutral value, and a third authentication code guaranteeing the authenticity of the first master block, and a second master block forming a replica of the first master block; and—an authentication key. The invention is used, in particular, to make data secure against playback and sudden interruptions in service in embedded systems. | 06-30-2011 |
20110167498 | Software License Management - A method of managing a software license comprises loading a software program into volatile memory, obtaining authorization data, modifying a portion of the volatile memory relied upon by the program in accordance with the authorization data, executing the program, and causing the modifications to be deleted from the volatile memory. In some embodiments, selection criteria compared with the authorization data does not contain information corresponding to all of the content of the authorization data, thereby denying a software attacker the benefit of identifying and exploiting the selection criteria. | 07-07-2011 |
20110167499 | Policy For Digital Rights Management - This document describes policies for digital rights management that enable distribution of full-function versions of applications that, while fully functional, have functions limited by an associated policy. A policy may be replaced or updated, thereby enabling use of previously limited functions without distribution of another version of the application. | 07-07-2011 |
20110173704 | EFFECTUATING CLINICAL ORDERS UPON RECEIPT OF AUTHORIZATION FROM TWO PRIVILEGED CLINICIANS - Computerized methods and systems methods and systems in a clinical computing environment for effectuating clinical orders only upon receipt of an authorization from at least two privileged clinicians, i.e., two clinicians having appropriate ordering privileges, are provided. Upon receipt of an order from a privileged clinician that requires authorization by at least two privileged clinicians, such order is assigned a non-effectuated status until such time as the required review by one or more other privileged clinicians is completed. While in the non-effectuated status, the order is not exposed to clinicians or others that do not have appropriate ordering privileges to prescribe and/or authorize the order. | 07-14-2011 |
20110179498 | SYSTEM FOR MANAGING ACCESS RIGHTS TO AN OBJECT OF AN OBJECT ORIENTED PROGRAMMING LANGUAGE | 07-21-2011 |
20110185435 | FLASH MEMORY STORAGE SYSTEM, AND CONTROLLER AND ANTI-FALSIFYING METHOD THEREOF - A flash memory storage system having a flash memory controller, a flash memory chip and a smart card chip is provided. The flash memory chip is configured to store security data. The flash memory controller generates a signature corresponding to the security data according to, a private key and the security data with a one-way hash function, and stores the signature into the smart card chip. | 07-28-2011 |
20110191858 | OFFLINE ACCESS IN A DOCUMENT CONTROL SYSTEM - Systems and techniques to provide offline access in a document control system. In general, in one implementation, the technique includes: receiving a request from a client, and pre-authorizing the client, in response to the request, to allow actions by a user as a member of a group of users by sending to the client offline access information including a first key associated with the group, the first key being useable at the client to access an electronic document by decrypting a second key in the electronic document. Receiving a request can involve receiving a request from the client to take an action with respect to a second document. The technique can also include verifying the user at the client as an authenticated user, and the offline access information can include user-specific keys, group-specific keys, a policy, and a document revocation list. | 08-04-2011 |
20110191859 | Digital Rights Management in User-Controlled Environment - A method of controlling access to content comprises receiving, at a domain gateway ( | 08-04-2011 |
20110191860 | Midlet Signing and Revocatoin - The present invention is related to a method of securing integrity and authenticating origin and privileges of a piece of code. According to the invention, a method of securing integrity and authenticating origin and privileges of a piece of code in a communication network by digitally signing said piece of code, is characterized by the steps of: providing an aggregator (C), which is a holder of a valid signing certificate, —submitting a developer material to the aggregator, inserting a revocation code into the developer material, building a complete piece of code using the developer material and the revocation code, digitally signing the complete piece of code using the certificate held by the aggregator, making the digitally signed complete piece of code retrievable to the holder (B) of the developer material, providing a server (C | 08-04-2011 |
20110197285 | Systems and Methods for Secure Transaction Management and Electronic Rights Protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.” | 08-11-2011 |
20110197286 | PROCUREMENT AND AUDIT OF DIGITAL RIGHTS MANAGEMENT DATA - A method and computer program product to procure digital rights management (DRM) event data comprises collecting a first set of event data in one or more standardized event data formats, and communicating the first set of event data to an event data collection server for storage. A second set of event data may also be collected in one or more standardized event data formats, which is also communicated to the event data collection server for storage. The method and computer program product may also include storing the first set, and optional second set, of event data in a centralized repository, authorizing access to the event data, and responding to at least one query from an authorized audit computer to provide event data associated with at least one of the first set of event data and the second set of event data retrieved from the centralized repository. | 08-11-2011 |
20110209224 | DIGITAL MULTIMEDIA ALBUM - A virtual or digital multimedia album. The digital album may include a collection of related media to provide virtually, what a traditional band album provides, and more. The digital album may include a set of digital audio files that replicate or substantially resemble the set of tracks found on a traditional album. Additional media, such as videos, lyric text, other text, images, and user-imported content may all be included in the digital album. The content initially provided with the digital album may be exclusively oriented to a single artist or music group. In this way, the digital album can create a much greater immersion into the themed music than a mere collection of digital audio files can provide. | 08-25-2011 |
20110209225 | DISPLAY CONTROL DEVICE, IMAGE PROCESSING DEVICE AND DISPLAY CONTROL METHOD - There is disclosed a technique capable of improving operatability for registered users and capable of displaying an interface screen for guest users with security levels maintained. | 08-25-2011 |
20110209226 | AV COMMUNICATION CONTROL CIRCUIT FOR REALIZING COPYRIGHT PROTECTION WITH RESPECT TO RADIO LAN - An AV communication control circuit suitable for a radio LAN-LSI in a radio AV transmission/reception device is formed by a copyright protection processing unit configured to carry out a copyright protection processing with respect to AV data entered from an AV stream signal line, a selection unit configured to select either one of AV data entered from an AV stream signal line through the copyright protection processing unit and AV data entered from a general purpose bus, and a transmission control unit configured to carry out control for transmitting AV data selected by the selection unit to a network. | 08-25-2011 |
20110231939 | MEMORY CARD WITH EMBEDDED IDENTIFIER - A software installation system comprises an interface component that receives a request to access data resident upon a flash memory card. An installation component compares a unique identifier associated with the data with a unique identifier embedded within the flash memory card, and the installation component determines whether to allow access to the data based at least in part upon the comparison. The installation component prohibits access to the data if the unique identifier associated with the data does not match the unique identifier embedded within the flash memory card. | 09-22-2011 |
20110247078 | INFORMATION PROCESSING APPARATUS - According to one embodiment, an information processing apparatus is provided. The information processing apparatus includes: a body case;
| 10-06-2011 |
20110247079 | SYSTEMS AND METHODS TO DISTRIBUTE CONTENT OVER A NETWORK - The present embodiments provide methods, apparatuses, and systems to distribute content over a network. Some embodiments provide methods to distribute content within a local media network. These methods receive a request for a first content to be transferred to a sink device, request from the source an access criteria for a first content that is protected according to a first digital rights management (DRM), forward the access criteria to the sink device, receive an evaluation of the access criteria from the sink device regarding at least whether the sink device can interpret the first DRM, determine according to the evaluation received from the sink device whether the sink device can utilize the first content that is protected according to the first DRM, and initiate a transfer of the first content from the source device to the sink device when the sink device can utilize the first content. | 10-06-2011 |
20110265187 | System and method for user selectable privacy protections on portable communication devices - This invention discloses an apparatus for running an application in a network-based communication system. The apparatus comprising a processing element comprising a processor coupled to a memory. The processing element further provides a user interface to execute a privacy protection application permits the user to enter a plurality of privacy data to selectively disclose the privacy data for running another application executable from the apparatus. | 10-27-2011 |
20110277038 | INFORMATION FLOW TRACKING AND PROTECTION - Embodiments of the invention are generally directed to systems, methods, devices, and machine-readable mediums for implementing gesture-based signature authentication. In one embodiment, a method may involve generating a data protection policy from an un-trusted software environment to govern access to protected data stored in memory in the local computer system. Then the method maps the data protection policy to an enforceable system-level data protection policy managed by an Information Flow and Tracking Protection (IFTP) logic. Next, the method flags the first memory page containing the protected data. Finally, the method enforces the generated data protection policy for the first memory page containing the protected data using the IFTP logic and the enforceable system-level data protection policy. | 11-10-2011 |
20110314554 | MANAGING LICENSES OF MEDIA FILES ON PLAYBACK DEVICES - Embodiments are described herein for managing licenses of media files on playback devices in a media system. In some embodiments, each media file is purchased based on a number of licenses, each license granting permission to store the media file on a single playback device. Each media file may have an associated number of one or more licenses that specifies the maximum number of playback devices on which the media file may be stored at the same time (concurrently). The media system may comprise a home central licensing (HCL) device, a primary storage device, and playback devices coupled via a network. The primary storage device may be used to initially store newly purchased media files. The HCL device may allow or prohibit distribution of the media files on the primary storage device to playback devices by using a license manager data structure storing licensing information for each media file. | 12-22-2011 |
20110314555 | ABSTRACTIONS AND AUTOMATION FOR ENHANCED SHARING AND COLLABORATION - The present invention provides methods for using abstractions of people, including dynamic and static groups of people, to enhance the efficiency of the specification and automation of policies for sharing information between users with a “need-to-know.” An instance of the present invention can also provide these users information based on a “time-to-know.” By providing access to information based on group affiliation and properties of the content of the information, the present invention maintains optimal information privacy while minimizing encumbrances to sharing data with appropriate users and even at appropriate times. The present invention can be integrated with other communication technologies to facilitate access to information in a time appropriate manner. Other instances of the present invention employ automated and semi-automated, mixed-initiative techniques, to make information-sharing decisions. Additional instances of the present invention include the employment of machine-learning techniques to facilitate construction of access policies from the actions or profile of a single user or a community of users, including the construction of automated sharing agents that work in an automated or mixed-initiative manner to respond to real-time requests for information. | 12-22-2011 |
20110314556 | TIME-SLICING METHOD AND SYSTEM FOR DIGITAL BOOKS - A method is provided in which time slicing data, including an indication of available time blocks for loaning an e-book from an e-book lending library, are provided to a user in response to the user requesting to borrow an e-book that is not currently available for being loaned. When the user selects an available time block via an electronic device, the e-book lending library provides to an electronic device that is associated with the user, via the communications network, a lending license for the e-book that is valid only during the selected available time block. The e-book lending library enables access to the first e-book via the electronic device, during the selected time block, using the provided lending license. | 12-22-2011 |
20110314557 | Click Fraud Control Method and System - The disclosed subject matter relates to methods, systems, and computer-usable storage mediums for detecting and reducing the occurrence of fraud in obtaining virtual currency from advertisers for use in network-based virtual persistent worlds. | 12-22-2011 |
20110321172 | MANAGEMENT APPARATUS, LICENSE MANAGEMENT SERVER, ELECTRONIC EQUIPMENT, ELECTRONIC EQUIPMENT MANAGEMENT SYSTEM, MANAGEMENT METHOD, PROGRAM, AND RECORDING MEDIUM - A management apparatus has a storage unit that stores software information and license information. The management apparatus periodically acquires software information introduced into an information processing apparatus communicably connected to the management apparatus from the information processing apparatus and compares the software information with the software information in the storage unit. Upon detecting any difference between the software information, the management apparatus notifies a user of the detection of a change in software configuration and updates the corresponding software information in the storage unit with the acquired software information. Then, upon detecting the change request of the software configuration from the user, the management apparatus makes a request to the information processing apparatus for changing the software configuration using the corresponding license information in the storage unit and notifies the user of the result of the request. | 12-29-2011 |
20110321173 | Multimode Retail System - A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input. | 12-29-2011 |
20110321174 | Apparatus and Method for Securing Portable USB Storage Devices - An apparatus and method for controlling and securing information stored on portable USB storage devices. Using the software application stored on the USB storage device in conjunction with functionality performed by a designed server, use of the storage device is limited to authorized users, PCs and locations, and other criteria while information contained within the device is protected from unauthorized access. | 12-29-2011 |
20120005760 | SYSTEM AND METHOD FOR RENDERING CONTENT ASSOCIATED WITH A DIGITAL WORK - A method, system and software for permitting use of digital works having rights associated therewith in a system having repositories configured to enable use of the digital work in accordance with the rights, including associating a transfer right with a digital work, the transfer right specifying that the digital work is transferred from a first repository to a second repository; transferring the digital work from the first repository to the second repository in accordance with the transfer right; and in response to the transferring, step updating transfer right information in respect of the digital work. | 01-05-2012 |
20120011593 | IMAGE DISTRIBUTION APPARATUS AND METHOD OF CONTROLLING THE SAME, IMAGE TRANSMISSION APPARATUS AND METHOD OF CONTROLLING THE SAME, WHICH ARE EXCELLENT IN USER LOCATION INFORMATION SECURITY, AND STORAGE MEDIUM - An image distribution apparatus capable of preventing a third party from knowing that a photographer is away from a specific place, based on information indicative of shooting date and time or a shooting location, which is stored in a manner associated with an image shot by the photographer. A blog server receives an image from an camera-equipped cellular phone. The image has location information added thereto which is indicative of a location where the cellular phone existed during shooting processing of the image. The blog server stores the image, and determines whether a location indicated by the location information is within a predetermined area. The blog server permits distribution of the image via a network if the location is determined to be within the predetermined area, but inhibits distribution of the image if the location is not determined to be within the predetermined area. | 01-12-2012 |
20120017285 | SYSTEMS AND METHODS OF DETERMINING A TRUST LEVEL FROM SYSTEM MANAGEMENT MODE - Systems and methods of determining a trust level from system management mode are disclosed. One such method includes: responsive to a system management mode interrupt (SMI), determining a trust level associated with code invoking the SMI; and responsive to determining that the trust level is untrusted, granting or denying a request made by the code invoking the SMI based at least in part on a type of the request. | 01-19-2012 |
20120023590 | Systems and Methods Providing a Separable Digital Rights Management Application - Systems and methods providing content having digital rights management (DRM) applications separable from other authorization applications are provided. A system may include a distribution service provider system in communication with a content provider system and consumer premise equipment (CPE) for the transmission of content from the content provider system to the CPE device. The distribution service provider system may: receive A/V content provided by the content provider system, wherein the A/V content includes a DRM application; apply a conditional access system (CAS) application to the A/V content that is independent of the DRM application; and transmit the A/V content including the CAS and the DRM applications to the CPE for presentation. The CPE device can perform DRM authorizations with the content provider or a third-party DRM provider. | 01-26-2012 |
20120023591 | PRE-BOOT PROTECTED MEMORY CHANNEL - Machine readable media, methods, and computing devices are disclosed which establish a protected memory channel between an operating system loader of a user partition and services of a management partition. One computing device includes protected storage, read only memory, firmware, a storage device and a processor. The storage device is to store the virtual machine monitor and an operating system having an operating system loader. The virtual machine monitor is to establish a protected memory channel between the one or more integrity services of a management partition and the operating system loader of a user partition in response to measuring and verifying the operating system loader based upon the manifest. The processor is to execute the code of the read only memory, the firmware, the virtual machine monitor, the operating system, the operating system loader, the management partition, and the user partition. | 01-26-2012 |
20120036583 | COMPUTER READABLE MEDIUM STORING PROGRAM, INFORMATION PROCESSING APPARATUS, AND METHOD - A computer readable medium stores a program for controlling access to electronically stored information. The program causes a computer to execute a process including receiving first user information indicating a first user who performs an operation of changing an access right, second user information indicating a second user having the access right, and operation information indicating the operation; extracting grantor information corresponding to grantee information representing the second user information from access right grantor/grantee correspondence information in which grantor information indicating a grantor who has granted an access right to perform an operation on information is related to grantee information indicating a grantee granted the access right by the grantor; determining whether or not the extracted grantor information represents the first user information; and changing the access right indicated by the operation information if it is determined that the extracted grantor information represents the received first user information. | 02-09-2012 |
20120042390 | METHOD AND APPARATUS FOR SECURE REVOCABLE LOCATION SHARING - Techniques for a secure revocable location sharing network service include determining a first identifier for a subscriber at a first service. A location access key stored at a second service in association with a second identifier for the subscriber is determined. At least one ciphered location is determined based on the location access key and at least one location associated with the subscriber. It is determined to send the at least one ciphered location to the first service in association with the first identifier. In some embodiments, the first identifier and second identifier are identical. Another technique includes associating a subscriber with an access key and an identifier at a first service for contacts. However, the access key is not associated with the subscriber at the first service. | 02-16-2012 |
20120079605 | Methods and Arrangements for Rendering Real-Time Media Services - The present invention relates to methods and arrangements for rendering a radio service. The radio service signal broadcasted to radio devices is divided into a plurality of different signals. The different signals may be retrieved via different channels and from different sources. Hence, the radio service signal is at least divided into a DJ signal containing a program guide and e.g. DRM keys, which may be retrieved from a media server e.g. hosted by a provider providing a radio channel and a payload signal, which may be retrieved from memory storage in device or a content server, with the payload (typically music). According to an embodiment of the present invention the radio signal comprises further a host signal. The host signal comprises voice content, commercial advertisements etc. The host signal may be retrieved from a content server e.g. hosted by the provider providing the radio channel. The radio service may be created by combining the DJ signal, the radio host signal and the payload signal, wherein the service is mastered by the DJ signal. | 03-29-2012 |
20120084869 | CLAIMS-AWARE ROLE-BASED ACCESS CONTROL - The formulation of a security token that specifies role information corresponding to one or more roles of a requesting entity that is to request an action to be performed on a resource. The formulation begins by accessing one or more claims, each having an expression regarding the requesting entity. The expression for at least one of the claims is evaluated to thereby assign the requesting entity to one or more identities. The identities are then used determine role information to include in a role-based security token that may be submitted to the computing system that manages the resources. | 04-05-2012 |
20120090036 | METHOD AND APPARATUS FOR PROVIDING DRM SERVICE - An apparatus for providing a Digital Rights Management (DRM) service includes a Media Presentation Description (MPD) information configurer for determining a DRM system required in each of representations of content provided by an adaptive streaming service, classifying the representations into one or more groups according to predetermined criteria, and configuring MPD information by inserting content protection information including representation group information representing classified groups and information about DRM systems corresponding to the representation group information; and a communication unit for transmitting the MPD information to a user terminal receiving the content. | 04-12-2012 |
20120096566 | FIRST COMPUTER PROCESS AND SECOND COMPUTER PROCESS PROXY-EXECUTING CODE ON BEHALF OF FIRST PROCESS - Upon a first process encountering a triggering device, a second process chooses whether to proxy-execute code corresponding to the triggering device of the first process on behalf of such first process based at least in part on whether a license evaluator of the second process has determined that the first process is to be operated in accordance with the terms and conditions of a corresponding digital license. The license evaluator at least in part performs such determination by running a script corresponding to the triggering device in the code of the first process. Thus, the first process is dependent upon the second process and the license for operation thereof. | 04-19-2012 |
20120096567 | SYSTEMS AND METHODS FOR MANAGEMENT OF SECURE DATA IN CLOUD-BASED NETWORK - Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud. | 04-19-2012 |
20120117659 | Apparatus and Method for Secure Distribution of Media Data - A technique for distributing media data in a secured fashion that mitigates unwanted or illegal copying/distribution of such data. An initial, degraded version of the media data is sent to one or more recipient(s). After confirming identity of a recipient at a receiving system, a supplemental version of the media data is sent to the receiving system which augments the degraded version such that it can then be played by the recipient(s). The degraded version of the media data has a reduced quality that is obtained by removing portions of the data and filling in the removed portions with dummy data. During a subsequent rebuilding of the media data, a supplemental version of the media data is sent to the receiving data processing system where it is merged/combined with the degraded version to form a copy that corresponds to the original, high-quality version of the media data. | 05-10-2012 |
20120124672 | Multi-Dimensional User-Specified Extensible Narrowcasting System - Narrowcast communication to one or more narrowcast communication recipients is provided through the use of an extensible method and apparatus. A narrowcast communication sender determines a set of attributes that define who will be eligible to receive a narrowcast communication. The set of attributes characterize potential recipients according to qualities such as interests, location, or another descriptor of a potential narrowcast communication recipient. Through the use of a privacy sphere, attributes associated with the narrowcast communication are matched to the qualities of potential recipients to identify the network addresses of the narrowcast communication recipients. The narrowcast communication is then transmitted to those network addresses. The narrowcast communication can be then expired from recipients who are no longer eligible to receive it and transmitted to recipients who become eligible to receive the narrowcast communication. | 05-17-2012 |
20120124673 | TIME CHECK METHOD AND BASE STATION - A time check method and a base station are provided. The base station receives an authentication interaction message sent by an authentication interaction device; extracts time information in the authentication interaction message; and uses the time information to check local time. Before an Internet Key Exchange (IKE) connection is set up between the base station and a security gateway, relatively accurate time is obtained from an external authentication interaction device and is used for aligning the local time. Therefore, the cost of installing a clock component and a battery is saved, the time on the base station is trustworthy, and the security gateway is authenticated securely. | 05-17-2012 |
20120124674 | RIGHT MANAGEMENT APPARATUS, RIGHT MANAGEMENT PROGRAM, AND CONTENT PLAYBACK SYSTEM - In a content playback system | 05-17-2012 |
20120151602 | Method and Apparatus for Digital Rights Decomposition - Various methods for digital rights decomposition are provided. One example method includes receiving a set of digital rights, and identifying conditions within the set of digital rights that have relationships with more than one permission and create copies of the identified conditions based on the number of relationships an identified condition has with the permissions. The example method also associating each condition with a respective permission based on the relationships to generate fundamental condition-permission components, and constructing a fundamental decomposition of the set of digital rights based on the fundamental condition-permission components. Similar and related example methods, example apparatuses, and example computer program products are also provided. | 06-14-2012 |
20120159640 | Acquiring Access To A Token Controlled System Resource - Acquiring access to a token controlled system resource, including: receiving, by a token broker, a command that requires access to the token controlled system resource, where the token broker is automated computing machinery for acquiring tokens and distributing the command to the token controlled system resource for execution; identifying, by the token broker, a first need state, the first need state indicating that the token broker requires access to the token controlled system resource to which the token broker does not possess a token; requesting, by the token broker, a configurable number of tokens to gain access to the token controlled system resource, without dispatching an operation handler for executing the command until at least one token is acquired; assigning, by the token broker, an acquired token to the operation handler; and dispatching, by the token broker, the operation handler and its assigned token for executing the command. | 06-21-2012 |
20120159641 | Power Meter Arrangement - An electric power meter arrangement, includes a metrology unit configured to be coupled to a power line and to determine power consumption and provide measurement data representing the power consumption. A programmable control unit including a memory is configured to store software configured to run on the control unit. A security unit is configured to store at least one key and to validate that software stored in the memory of the programmable control unit is authorized. | 06-21-2012 |
20120159642 | Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 06-21-2012 |
20120159643 | Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 06-21-2012 |
20120159644 | Method for Managing Keys and/or Rights Objects - One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file. By finding out whether a particular location in a RO file contains a valid RO or not in this manner, it is possible to delete ROs without having to go through an authentication process. The process of finding an empty slot in the RO file for storing a new RO is also simplified. This greatly increases the efficiency of RO management. A similar system may be used for management of content encryption/encryption keys for protecting content files. | 06-21-2012 |
20120159645 | TECHNIQUES FOR VALIDATING AND SHARING SECRETS - Techniques for validating and sharing secrets are presented. A secret is divided into a plurality of parts. Each part is represented by a unique value. Each value is distributed to a unique user that shares in the secret. The secret is recreated when each user presents each user's unique value. Each unique value is then used to recreate its corresponding part of the key and when all parts are present and validated, the secret is reproduced. | 06-21-2012 |
20120167231 | CLIENT-SIDE ACCESS CONTROL OF ELECTRONIC CONTENT - Systems, methods and computer program products for controlling access to electronic content on a client device are provided. Whether access to electronic content is allowed or blocked is based on information and processes performed at the client device. Controlling access to electronic content on a client device can involve locally determining whether access to the electronic content will be allowed, blocked, or will depend upon further analysis performed by a remote device, such as a server. If a webpage is requested, for example, a client device may compare the URL address of the requested webpage, along with keywords and phrases found on the webpage, to locally-stored updateable lists of banned URL addresses and banned keywords and phrases to determining whether access to the electronic content will be allowed, blocked, or will depend upon further analysis. | 06-28-2012 |
20120174236 | Online Privacy Management - A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon for display on webpages being monitored/controlled in realtime by the PMS. | 07-05-2012 |
20120192286 | Privileged Document Identification and Classification System - A litigation discovery document system is provided to help identify documents that might be privileged. In particular, a system is described in which documents within a document set are compared against one or more data sources which store data that indicate whether a particular document is privileged or potentially privileged. Human reviewers can confirm whether such determinations are accurate. Analytic reports can be provided which characterize the underlying methodology used to make such determinations. Related apparatus, systems, techniques and articles are also described. | 07-26-2012 |
20120198562 | DIGITAL WORKS HAVING USAGE RIGHTS AND METHOD FOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party. | 08-02-2012 |
20120198563 | DIGITAL WORKS HAVING USAGE RIGHTS AND METHOD FOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party. | 08-02-2012 |
20120210443 | SECURING AND MANAGING APPS ON A DEVICE - Apps are secured or security-wrapped either before they are downloaded onto a device, such as a smartphone or tablet device, or after they are downloaded but before they are allowed to access the device operating system and cause any potential damage to the device. An app provider, such as an employer or a cellphone provider, can secure its apps before consumers download an app from their app store or marketplace. The app is secured before it is allowed to access the operating system of the device, thereby preventing the app from malicious behavior. Core object code of the app is obtained and the digital signature is removed. App object code is substituted with security program object code, thereby creating a security-wrapped app. The security-wrapped app is prepared for execution on the device and is re-signed with a new key. | 08-16-2012 |
20120216290 | Partial Access to Electronic Documents and Aggregation for Secure Document Distribution - Partial access to electronic documents and aggregation for secure document distribution is disclosed. The embodiments herein relate to providing access to electronic documents and, more particularly, to providing access to portions of electronic documents and aggregating such portions in secure document distribution environment. Existing document distribution mechanisms do not provide means to access partial documents based on the attributes such as roles of the agents within an organization, location of access, time of access, device ID and so on. The disclosed method allows agents to access partial contents of documents based on the attributes. Meta data tags are attached to the documents in order to control the access of the documents by the defined attributes. The agent who wishes to access the document enters his credential and based on the credentials he is provided access to the content that is assigned for him | 08-23-2012 |
20120216291 | DATA SECURITY MANAGEMENT SYSTEMS AND METHODS - Data security management system and methods are provided. First, a first system having a management authority is provided. The first system displays an input interface on an input device. A switch switches the management authority from the first system to a second system, wherein the second system operates with a secure mechanism. When the management authority is switched to the second system, the first system transmits layout information of the input interface and an input device characteristic of the input device to the second system. The second system receives input data via the input device, and decodes the input data according to the layout information and the input device characteristic. | 08-23-2012 |
20120216292 | User Account Creation Involving a Mobile Device - Mobile devices may often communicate with network (“cloud”) services that require an account. Because it may be undesirable to require user interaction when creating an account, it may be desirable to create an account associating a mobile device to a network service without requiring a user to explicitly enter authentication information, such as a username and password. In an embodiment, data corresponding to a mobile device is obtained to generate authentication information which is then sent to messaging address of a user. In another embodiment, in response to an event, a mobile device obtains an identifier for a user, sends the identifier to a server, where the server transmits one set of authentication information to a messaging address associated with the user and another set of authentication information to the device. | 08-23-2012 |
20120216293 | MEDIA SERVICE DELIVERY SYSTEM PROVIDING CONDITIONAL ACCESS TO MEDIA CONTENT FROM VARIOUS CLIENT DEVICES - A system for protecting the digital rights of content owners allows digital media to be delivered to only those media rendering client devices that have been approved for the media content. Before delivering requested media, the media service provider may determine whether the media rendering client device that requested the media is the type of device that is authorized to receive the request media. If it is, the media service provider may transmit the media to a middleman server over a network (such as the Internet). A middleman server may then serve the media to the client device over a local network. By allowing the media content to be distributed to approved devices only, the media service provider can prevent a user from using the media in a way that is not authorized by the content owner. | 08-23-2012 |
20120216294 | Software Protection Using an Installation Product Having an Entitlement File - Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product. | 08-23-2012 |
20120216295 | EMBEDDED DEVICE AND STATE DISPLAY CONTROL - A browser is requested to display a text file having a description of a screen structure. The state information on a current state of the embedded device is acquired. An access request for requesting the browser to update, with the acquired state information, a value of at least one node in a document object model (DOM) tree generated from the text file by the browser, is submitted by a state display control program. The at least one node is recorded in an access history list. At a subsequent time, it is determined whether to permit a subsequent access request. If the source of the subsequent access request is not the state display control program, and the at least one node is recorded in the access history list, the subsequent access request is denied. | 08-23-2012 |
20120222129 | SYSTEM AND METHOD FOR SECURE MOBILE APPLICATION DOWNLOAD - Methods and systems for downloading applications to a mobile communicator and for protecting access to stored mobile applications are disclosed. | 08-30-2012 |
20120222130 | APPARATUS AND METHOD FOR GUARANTEEING INTEGRITY OF REAL-TIME VEHICLE DATA AND VEHICLE BLACK BOX SYSTEM USING THE SAME - A vehicle black box technique guarantees the integrity of vehicle data stored in a black box in real time by forming input data streams as block data and performing a signature using a signing key and nested hashing. Each vehicle black box includes a reliable unique signing key supporting a non-repudiation function. An error correction function is provided by a unique algorithm for generating integrity verification data even when an error occurs from the vehicle data. | 08-30-2012 |
20120222131 | RADIO-FREQUENCY COMMUNICATION CONTROLLED BY A MICROCIRCUIT - The invention relates to a method for the radio-frequency communication of data, in which the receiving of and/or access to said data is controlled by control means, including an electronic microcircuit, on the basis of access rights. The transmitted data includes time information, and the access rights are controlled on the basis of said time information. The invention also relates to a device for controlling access rights as well as to a radio-frequency receiving device including same. | 08-30-2012 |
20120246737 | METHOD FOR GENERATING A HUMAN LIKENESS SCORE - One embodiment of the invention is a method utilizing a CAPTCHA to generate a human likeness score including blocks: a) receiving a user solution to the CAPTCHA; b) receiving a user interaction pattern descriptive of an interaction undertaken by the user, through a graphical interface of the CAPTCHA, to achieve the user solution; c) determining the accuracy of the user solution; d) comparing the user interaction pattern against an interaction model generated from interaction patterns of previous users; e) calculating the human likeness score based upon the determination of block c) and the comparison of block d), wherein the human likeness score lies within a continuum of human likeness scores. | 09-27-2012 |
20120255031 | SYSTEM AND METHOD FOR SECURING MEMORY USING BELOW-OPERATING SYSTEM TRAPPING - In one embodiment, a system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more portions of memory for which attempted accesses will be trapped and comprising criteria by which the attempted access will be trapped, trap an attempted access of the memory that originates from the operational level of the operating system, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic device accessing the memory. | 10-04-2012 |
20120255032 | METHOD, A SYSTEM AND AN APPARATUS FOR DELIVERING MEDIA LAYERS - A system for facilitating access to multiple layer media items over communication network. The system comprises a media database which is used for storing multiple layer media items as independently accessible channels. The system further comprises plurality of subscriber applications which are connecting via a communication network, e.g. The Internet, to the media database. Users can use the subscriber application to access to each channel of the multiple layer media items independently. | 10-04-2012 |
20120266257 | SYSTEM AND METHOD FOR BLOCKING OBJECTIONABLE COMMUNICATIONS IN A SOCIAL NETWORK - A system and method blocks objectionable communications in a social network. A first user of the social network determines when communications from a second user to the first user that are displayed and viewed by third party users of the social network are objectionable. In response, the first user blocks further display of communications from the second user to the first user that were intended by the second user to be displayed and viewed by third party users of the social network. | 10-18-2012 |
20120272331 | METHOD AND SYSTEM FOR ABUSE ROUTE AGGREGATION AND DISTRIBUTION - In one exemplary embodiment, a computer-implemented method includes receiving a request to block a host, wherein the host provides a prohibited content via a computer network. A spider program can verify that the host provides the prohibited content. An abuse route list can be generated. The abuse route list can include an internet protocol address of the host. The abuse route list is provided to a network operator with a computer networking protocol. A search engine of a database of infringing hosts can be provided. The database of infringing hosts can include the internet protocol address of the host. Whether the host provides the prohibited content can be reverified with a third-party review. The host from can be removed from the abuse route list if the third-party review determines that the host does not provide prohibited content. | 10-25-2012 |
20120272332 | SYSTEMS AND METHODS FOR DYNAMICALLY GENERATING A PRIVACY SUMMARY - A system and method for is provided. The present invention provides a system and method for dynamically generating a privacy summary. A profile for a user is created. One or more privacy setting selections are received from the user associated with the profile. The profile associated with the user is updated to incorporate the one or more privacy setting selections. A privacy summary is then generated for the profile based on the one or more privacy setting selections. | 10-25-2012 |
20120272333 | METHODS, DATA PROCESSING SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR ASSIGNING PRIVACY LEVELS TO DATA ELEMENTS - Methods, data processing systems and computer program products for assessing and assigning privacy levels to data elements are provided. A method of assigning privacy levels to data elements (e.g., text files, web page files, image files, audio files, video files, and portions thereof) includes assigning a predetermined privacy level to a data element; storing the data element with the assigned privacy level; determining if the assigned privacy level for data element is proper; and assigning a different privacy level to the data element in response to determining that a currently assigned privacy level for the data element is not proper. A predetermined privacy level may be assigned to a data element under various conditions, such as when the data element arrives at a device, when the data element is created by a device, and/or when the data element is modified by a device. | 10-25-2012 |
20120272334 | METHOD AND APPARATUS FOR PROCESSING RIGHTS OBJECT - A method for upgrading a Rights Object (RO) includes: acquiring, by a Digital Rights Management (DRM) Agent, RO related information of the RO that requires updating from a Secure Removable Media (SRM) Agent; providing, by the DRM Agent, the RO related information to a Rights Issuer (RI), and obtaining a new RO from the RI; and interacting, by the DRM Agent, with the SRM Agent to upgrade the RO that requires updating on the SRM by means of the new RO. According to the embodiments of the present invention, the DRM Agent acquires RO related information which is stored on the SRM and does not have Move rights, and interacts with the RI to move the RO out from the SRM, so as to move the RO without the Move rights out from the SRM. | 10-25-2012 |
20120278898 | System and Method for Controlling Multicast Geographic Distribution - A content distribution network includes first and second controllers, and multicast enabled routers. The first controller is configured to select a multicast channel for distributing content, to determine that the content has a geographic restriction associated with a restricted area in the content distribution network, to link an exclusion policy for the content to the multicast channel while the multicast channel provides the content, and to deny a request for the content from a client system within the restricted area based on the exclusion policy. The second controller is configured to distribute the exclusion policy to the multicast enabled routers including a first router configured to store the exclusion policy, and to ignore a multicast join message from the client system within the restricted area based on the exclusion policy. | 11-01-2012 |
20120284802 | METHOD FOR PLAYING DIGITAL CONTENTS PROTECTED WITH A DRM (DIGITAL RIGHT MANAGEMENT) SCHEME AND CORRESPONDING SYSTEM - The method and system are for playing digital contents protected by a DRM scheme, wherein the digital contents are stored in a server and downloaded or streamed to a user device. The approach includes executing a DRM application inside the user device implementing a proxy between the server and a native player of the user device, and connecting the DRM proxy application to the server, selecting a digital content to be downloaded and retrieving a corresponding remote playlist. Also, the approach includes transforming the remote playlist into a local playlist having a format readable from the native player and executing a plurality of local packets of the local playlist inside the native player. Executing the local playlist includes, for each packet, requesting a corresponding remote packet from the DRM proxy application to the server, returning the remote packet to the DRM proxy application, acquiring a license to access the remote packet, accessing the remote packet in the DRM proxy and returning the accessed packet to the native player as a local packet to be displayed. | 11-08-2012 |
20120284803 | METHOD AND APPARATUS FOR DISTRIBUTING ENFORCEABLE PROPERTY RIGHTS - An enforceable property right and a system for controlling the manner of use of an item in accordance with usage rights. The enforceable property right includes an item ticket having a security mechanism incorporated therein and specifying an item for which the item ticket can be redeemed and a license associated with the item ticket. The license includes usage rights specifying a manner of use for redeeming the item ticket and a mechanism for unlocking said security mechanism. | 11-08-2012 |
20120291138 | INFORMATION PROCESSING APPARATUS AND METHOD FOR PREVENTING UNAUTHORIZED COOPERATION OF APPLICATIONS - An information processing terminal ( | 11-15-2012 |
20120304304 | MINIMIZING SENSITIVE DATA EXPOSURE DURING PREPARATION OF REDACTED DOCUMENTS - A document review and security technique is provided that presents a first portion of a document to a first reviewer, wherein the first portion includes less than the entire document, presents a second portion of the document to a second reviewer, wherein the second portion includes less than the entire document, wherein the second portion is at least partially different from the first portion, and wherein the first reviewer and the second reviewer are different reviewers, receives from the first reviewer a review action input associated with the first portion, receives from the second reviewer a review action input associated with the second portion, and determines a disposition of the document in accordance with the review action inputs. | 11-29-2012 |
20120304305 | SYSTEMS AND METHODS FOR A WEBSITE APPLICATION FOR THE PURPOSE OF TRADING, BARTERING, SWAPPING, OR EXCHANGING PERSONAL PROPERTY THROUGH A SOCIAL NETWORKING ENVIRONMENT - A system is provided for facilitating a personal property trading system and social networking environment that allows users to interact and create dialogue and socialize in relation to possible trades of personal property or services. This application will allow users who are willing to trade an item, service or favor to obtain similar wants or needs. This form of haggling and the feeling of success are proven to be mentally stimulating, proving another benefit for users. Users will be able to comment and haggle, as well as suggest other users that they believe may have a match on their ‘TRADING ITEMS’ and ‘STUFF I WANT’ lists. The system will promote environmentally conscious trading by bringing unwanted items back to use. | 11-29-2012 |
20120311719 | DOCUMENT - The invention relates to a document comprising a document body ( | 12-06-2012 |
20120311720 | METHOD FOR PROTECTING APPLICATION AND METHOD FOR EXECUTING APPLICATION USING THE SAME - An application protection method and an application execution method using the same are provided. The application protection method generates a key needed to execute the application which is provided to a user terminal using information on the user terminal, information on the application, and a part of text; and transmits the generated key to the user terminal. Therefore, the application is executed on the device which has a legal right for the application, thereby preventing the illegal use of the application. | 12-06-2012 |
20120311721 | PROGRESSIVE DOWNLOAD OR STREAMING OF DIGITAL MEDIA SECURELY THROUGH A LOCALIZED CONTAINER AND COMMUNICATION PROTOCOL PROXY - Various embodiments are directed towards employing a container and communication protocol proxy component within a client device to receive securely real-time streamed, progressively downloaded, or adaptively streamed container over a network using one container and communication protocol, and to securely decrypt the container and provide it to a media player using a different container and communications protocol. In one embodiment, the container is in Flash Video (FLV) file format. A browser or the media player on the client device may be used to request the container. The requested container is sent over one communication protocol and intercepted by the container and communication protocol proxy component. The container may be received as selectively encrypted container. The container and communication protocol proxy component then may enable decryption of the container and providing of it to the media player using another container and communication protocol combination. | 12-06-2012 |
20120317651 | INFORMATION TERMINAL AND INFORMATION LEAKAGE PREVENTION METHOD - An information terminal includes: a nonvolatile storage unit which stores a flag that indicates whether or not the information terminal is in a state in which information leakage should be prevented; a start control unit which starts the information terminal and manages a power source of the information terminal; a device group which operate upon starting of the information terminal; and a device operation control unit which controls operation of at least one of the device group. The device operation control unit controls the at least one device so as to suppress operation that appeals to at least one of the five senses of human being when the flag indicates the state in which information leakage should be prevented. | 12-13-2012 |
20120317652 | UNSOLICITED COOKIE ENABLED CONTEXTUAL DATA COMMUNICATIONS PLATFORM - Systems and methods for an unsolicited cookie enabled contextual data platform are provided. According to one embodiment, a mobile device is able to reconfigure a browser menu. An HTTP request is transmitted to a server device relating to a service supported by the server device. The request contains therein an unsolicited cookie including data indicative of information regarding (a) an end user of the mobile device, (b) the mobile device, (c) a location of the mobile device and/or (d) a network to which the mobile device is connected. Responsive to the request, an HTML file is received from the server device having embedded therein contextual menu information based on the service and the unsolicited cookie. The contextual menu information is extracted from the HTML file. End user interaction with the service is then customized by dynamically reconfiguring a browser menu of the mobile device based on the contextual menu information. | 12-13-2012 |
20120317653 | SYSTEM AND METHOD FOR UTILIZING CONTENT IN ACCORDANCE WITH USAGE RIGHTS - Apparatus, method, and media for utilizing content. An exemplary method comprises storing, on a removable storage device, a description structure comprising one or more usage rights, storing, on a removable storage device, content associated with the one or more usage rights, receiving a request for the content, the request corresponding to a utilization of the content, determining whether the utilization corresponds to at least one of the one or more usage rights, and utilizing the content in accordance with the at least one of the one or more usage rights that is determined to correspond to the utilization, wherein utilization of the content in accordance with the at least one of the one or more usage rights that is determined to correspond to the utilization is subject to fulfillment of a condition. | 12-13-2012 |
20120317654 | METHOD AND SYSTEM FOR SUBSCRIPTION DIGITAL RIGHTS MANAGEMENT - A system and method for managing use of items having usage rights associated therewith. The system includes an activation device adapted to issue a software package having a public and private key pair, the public key being associated with a user, a license device adapted to issue a license, a usage device adapted to receive the software package, receive the license and allow the user to access the item in accordance with the license, and a subscription managing device adapted to maintain a subscription list including the public key associated with the user. License's is issued by the license device upon verifying presence of the public key in the subscription list corresponding to requested content. | 12-13-2012 |
20120324588 | DATA MODEL OPTIMIZATION - A name of one or more entity classes of the data model may be refined to conform to a naming convention. A semantic meaning of each of the names and one or more attributes of each entity class may be determined. It may be determined that the name of a first entity class is semantically similar to the name of a second entity class based on a semantic distance between the semantic meaning of the names, where a substantial similarity may be determined between the first entity class and the second entity class by comparing the semantic meaning of the one or more attributes of the first entity class to the semantic meaning of the one or more attributes of the second entity class. The data model may be normalized based on the substantial similarity. | 12-20-2012 |
20120331563 | Retrieval of Data Across Multiple Partitions of a Storage Device Using Digital Signatures - A system and method for exchanging data among partitions of a storage device is disclosed. For example, data stored in a first partition is exchanged with an application included in the first partition or with a second application included in a second partition. In one embodiment, the second application is associated with a global certificate while the first application is associated with a different platform certificate. A verification module included in the first partition receives a request for data and determines if the request for data is received from the first application. If the request for data is not received from the first application, the verification module determines whether the request is received from the second application and whether the global certificate is an authorized certificate. For example, the verification module determines whether the global certificate is included in a listing of authorized certificates. | 12-27-2012 |
20120331564 | INFORMATION PROCESSING APPARATUS, SERVER, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - There is provided an information processing apparatus, including a behavior information generating unit that generates behavior information, a behavior pattern analyzing unit that analyzes a behavior pattern based on the behavior information, a similarity determining unit that performs a similarity determination of the analyzed behavior pattern and a protection target behavior history pattern, a protection selecting unit that selects a protection level of the behavior information based on a result of the similarity determination, and a behavior information protecting unit that protects the behavior information based on the selected protection level. | 12-27-2012 |
20120331565 | SYSTEM AND METHOD FOR ENFORCING UTILIZATION OF CONTENT BASED ON HISTORY LISTS - Apparatus, method, and media for enforcing utilization of content. An exemplary method comprises receiving a request to utilize content, the request corresponding to a utilization of the content, determining whether the utilization corresponds to at least one usage right associated with the content, wherein the usage rights include status information relating to the state of the utilization of the content, the status information including a history list comprising information associated with events relating to the content, determining whether the request should be granted based at least in part on whether the utilization corresponds to at least one of the usage rights, and enforcing utilization of the content in accordance with the at least one of the usage rights that is determined to correspond to the utilization based at least in part on a determination that the request should be granted. | 12-27-2012 |
20130007891 | SERVER SYSTEM, CONTROL METHOD, AND STORAGE MEDIUM FOR SECURELY EXECUTING ACCESS TO DATA OF A TENANT - In a multitenant service, security of the entire service is guaranteed by logically separating data for each tenant, and performing control to prevent access to data of another tenant. In an operation of the multitenant service, there are some special cases in which an access to data of another tenant becomes necessary. Further, processing executable across tenants needs to be subjected to restrictions on an executor of the processing and a processing target in addition to restrictions on a processing content. In data access control of the multitenant service, a control operation to determine whether processing is executable across tenants for each API and a control operation to determine whether processing is executable across tenants according to tenant categories of the executor and the processing target are performed. | 01-03-2013 |
20130007892 | ELECTRONIC CONTENT PROCESSING SYSTEM, ELECTRONIC CONTENT PROCESSING METHOD, PACKAGE OF ELECTRONIC CONTENT, AND USE PERMISSION APPARATUS - A game playing system includes a use permission tag provided for use in a game disk for a user of a game, a disk drive, and a reproduction device for reproducing the game. The disk drive reads out a disk ID from the game disk. When the game is to be played, the reproduction device conveys the disk ID and a player ID to the use permission tag. The use permission tag stores the terms of use of the game and determines whether a combination of the disk ID and the player ID conveyed from the reproduction device fulfills the terms of use or not. | 01-03-2013 |
20130007893 | PREVENTING ON-LINE VIOLATIONS OF LEGAL REGULATIONS ON USERS OF A COMMUNICATION SYSTEM - A system for preventing on-line violations of open meeting regulations and similar laws, in which one or more special classes of users are defined for an electronic communication system. The definition of each special class may include quorum requirements, including the number of group members that make up a quorum for that special class. Users identified as members of special classes may be reminded of the restrictions on communications using the communication system arising from that special class membership. When a user composes a message for posting or sending through the communication system, the user's identity is checked to determine whether they are a member of a restricted special class. If the user is a member of a special class, a determination is made as to whether posting or sending the message would violate any legal restrictions associated with that special class. | 01-03-2013 |
20130007894 | METHOD AND APPARATUS FOR DIGITAL RIGHTS MANAGEMENT - A method and apparatus for digital rights management (DRM) with steps and means for receiving a registration request from one of a plurality of DRM agent devices requesting to register one of a plurality of user accounts and the one DRM agent device to one of a plurality of rights issuers, completing a registration process in the one rights issuer, including establishment of a relationship among the one user account, the one DRM agent device and the one rights issuer; and returning a registration completion response to the one DRM agent device. The invention provides support to the many-to-many relationships among DRM entities, such as DRM agent device, user account and rights issuer, so that the DRM system can be applied to more business modes. | 01-03-2013 |
20130014276 | Method for protecting data contents - A method for protecting data contents, in particular video data, is provided. The data contents are provided by a distribution application available in a communications network and may be loaded onto an output unit to be played back on this output unit. A current system utilization of the output unit is monitored or measured during playback of the loaded data contents on the output unit. This current system utilization is compared to an estimated standard system utilization of the output unit for the playback of data contents. If the current system utilization of the output unit exceeds the estimated standard system utilization during a predefined period, appropriate protective measures, such as interrupting playback of the data contents, a corresponding message to the distribution application, etc., are taken and carried out to protect the data contents. | 01-10-2013 |
20130014277 | Methods, Systems, Devices and Computer Program Products for Presenting Information - The life history of a person or entity can be presented in a graphical representation of a highway. Life events may be represented by simple data strings, or by files such as photographs, dissertations, job offers, and love-letters, among others. For ease in viewing, the information representing the life history is categorized according to type (medical, educational, photographic, etc.) and placed in lanes corresponding to the type of information. The information is also organized by date, being placed between miles corresponding to temporal periods, for instance, years. Other graphical arrangements of stored information are also included. | 01-10-2013 |
20130019318 | System and Method of Owner Application Control of Electronic Devices - Systems and methods of owner application control of an electronic device are provided. Owner application control information is stored on the electronic device and/or one or more remote servers. Owner application control information is consulted to determine if one or more required applications are available for execution on the electronic device. If not, one or more required applications not available are downloaded and installed. This could be in a manner transparent to the user of the electronic device. If one or more required applications are not available on the electronic device, the device can be functionally disabled in whole, or in part, until one or more required applications are available. | 01-17-2013 |
20130019319 | Selective Content Accessibility in a Social Network - A social networking service encourages users to post content to a communication channel with varying levels of accessibility to other users. Users may select how content will be published and control the accessibility of uploaded content using a privacy setting for each content item that the user posts. The privacy setting defines, or identifies, the set of connections who may view the posted content item. The posted content item is placed in a particular communication channel in the social networking service, such as a newsfeed or stream, where the content item can be viewed by those who are permitted to view it according to its associated privacy setting. Varying granularities of privacy settings provide flexibility for content accessibility on a social networking service. | 01-17-2013 |
20130024944 | CONFIDENTIAL INFORMATION LEAKAGE PREVENTION SYSTEM, CONFIDENTIAL INFORMATION LEAKAGE PREVENTION METHOD AND CONFIDENTIAL INFORMATION LEAKAGE PREVENTION PROGRAM - Provided are first monitoring unit | 01-24-2013 |
20130024945 | MAKING SYSTEM CONSTRAINTS OF A SPECIFIED PERMISSION IN DIGITAL RIGHTS MANAGEMENT - A method and a terminal device for making multi-system constraint of a specified permission in a digital rights. A rights object related to content object is obtained by an executing device. The specific permission descriptions of the rights object include system constraint descriptions of a plurality of systems of the same type. The executing device obtains a corresponding system information in the device according to the system constraint descriptions and compares the system information in the device with the system information in the system constraint descriptions, so as to judge whether there is any system permitted in system constraint descriptions. If yes, it determines to permit executing the specific permission for the content object; otherwise, it determines not to permit executing said specific permission for the content object. | 01-24-2013 |
20130031638 | DYNAMIC LOCATION OF A SUBORDINATE USER - Providing location information to a supervisory user includes providing a parental control, using a computer automatically to determine a location of a subordinate user, and storing location information indicative of the location of the subordinate user in a database. A request of the supervisory user to locate the subordinate user is received and a user interface informs the supervisory user of the location of the subordinate user based on the stored location information. At least one of the storing and/or the informing are based on the parental control. | 01-31-2013 |
20130036475 | ACCESS RIGHTS MANAGEMENT IN ENTERPRISE DIGITAL RIGHTS MANAGEMENT SYSTEMS - Systems and methods for obtaining access rights to an encrypted document are described. The method comprises receiving a request for obtaining access rights to the encrypted document from a requestor, through an eDRM interface. The method further comprises generating a request inbox corresponding to a granter of the encrypted document. The request inbox contains at least the request received from the requestor. The generated request inbox is sent to the granter through the eDRM interface. The method furthermore comprises obtaining a response to the request from the granter, and providing a status alert indicative of the response to the requestor through the eDRM interface. | 02-07-2013 |
20130036476 | RIGHTS-BASED SYSTEM - A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed. | 02-07-2013 |
20130036477 | Method and Apparatus Encoding a Rule for a Lookup Request in a Processor - In one embodiment, a method includes encoding a key matching rule having at least one dimension by storing in a memory (i) a header of the key matching rule that has at least one header field, and (ii) at least one rule value field of the key matching rule corresponding to one of the dimensions. | 02-07-2013 |
20130047259 | METHOD AND APPARATUS FOR TOKEN-BASED VIRTUAL MACHINE RECYCLING - According to one embodiment, an apparatus may store a virtual machine token associated with a virtual machine running on a particular device and a secure image of the virtual machine. The virtual machine token may include a timestamp indicating when the virtual machine was established. The apparatus may receive a token indicating that the particular device is attempting to access a resource. In response, checking the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine. If the virtual machine is invalid, then the apparatus may communicate at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine. | 02-21-2013 |
20130047260 | COLLABORATIVE CONTENT RATING FOR ACCESS CONTROL - Methods, systems, devices, and computer program products are described for controlling access to electronic content. Content ratings for electronic content are received from each of a number of reviewers, and the input value for each of the reviewers is weighted. Content analysis for the electronic content is also received on each of a number of factors, and each factor is weighted. These weightings may be based on community standards, be specific to a geographic region, or be personalized. The weighted content ratings and the weighted content analysis may be combined to generate an access metric. Access to the electronic content may be controlled based on the access metric. | 02-21-2013 |
20130047261 | Data Access Control - A set of data is provided to an application executed in an environment within which the application is restricted from making its output available outside the environment. An operation performed on the set of data by the application is inspected. A determination of whether an output of the application is satisfactory is reached based on the inspection. If the output is determined satisfactory, the output of the application is made available outside the environment. | 02-21-2013 |
20130047262 | Method and Apparatus for Object Security Session Validation - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token associated with access to the resource by a device. The apparatus may receive a first token indicating that an alarm associated with the device has been triggered. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated. | 02-21-2013 |
20130047263 | Method and Apparatus for Emergency Session Validation - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token. The session token may be associated with access to the resource by a user. The apparatus may receive a first token indicating that an emergency has been declared. The emergency may be associated with the user. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated. | 02-21-2013 |
20130047264 | Method and Device for Communicating Digital Content - A method for establishing a secured communication channel, between a first processing component and a second processing component; the method comprising executing a digital rights management agent on a processing unit, the digital rights management agent being configured to enforce permissions associated with digital content based on a digital rights management protection mechanism; receiving, by the digital rights management agent at least a security data item, the security data item including a session key data item; verifying authenticity of the received session key data item by the digital rights management agent using said digital rights management protection mechanism; providing the verified session key data item by the digital rights management agent to at least the second processing component; establishing a secured communication channel between the first and second processing components using at least the provided session key data item. | 02-21-2013 |
20130055408 | Techniques for defining, using and manipulating rights management data structures - A descriptive data structure provides an abstract representation of a rights management data structure such as a secure container. The abstract representation may describe, for example, the layout of the rights management data structure. It can also provide metadata describing or defining other characteristics of rights management data structure use and/or processing. For example, the descriptive data structure can provide integrity constraints that provide a way to state rules about associated information. The abstract representation can be used to create rights management data structures that are interoperable and compatible with one another. This arrangement preserves flexibility and ease of use without compromising security. | 02-28-2013 |
20130061330 | METHOD AND SYSTEM FOR CONFIGURING CONSTRAINTS FOR A RESOURCE IN AN ELECTRONIC DEVICE - The present invention provides a method and system for configuring constraints for a resource in an electronic device. The method includes identifying context of use/access of a resource and implementing permissions/constraints as per the identified context. The method includes identifying an existing work environment of a resource by capturing information through an application program interface (API), identifying constraints for the resource with respect to the identified work environment from a constraint specification file for the resource which contains constraint details for all work environments, and either configuring the identified constraints for the resource, or modifying the identified work environment for the resource and configuring corresponding constraints for the resource. | 03-07-2013 |
20130067590 | COMBINING CLIENT AND SERVER CLASSIFIERS TO ACHIEVE BETTER ACCURACY AND PERFORMANCE RESULTS IN WEB PAGE CLASSIFICATION - In one embodiment, an internet monitor service may use a final content rating to determine access to a webpage. A monitor client | 03-14-2013 |
20130067591 | METHOD FOR FILTERING WEB PAGE CONTENT AND NETWORK EQUIPMENT WITH WEB PAGE CONTENT FILTERING FUNCTION - A method for filtering web page content is disclosed in this invention. In the method, a web page request to obtain a web page from a web server is received from a client through a network equipment after the client builds a connection with the web server. The network equipment transmits the web page request to a cloud server for determining if the web page needs to be blocked according to the web page request. A first disconnection request and a second disconnection request is generated according to the web page request if it is determined that the web page needs to be blocked. The first disconnection request is transmitted to the client and the second disconnection request is transmitted to the web server through the network equipment. Subsequently, the connection between the client and the web server is disconnected. | 03-14-2013 |
20130067592 | SYSTEM AND METHOD FOR ROLE BASED ANALYSIS AND ACCESS CONTROL - A system and method for program access control includes, for a typestate, providing typestate properties and assigning a role to the typestate in a program in accordance with the typestate properties. Access to operations is limited for the typestate in the program based on the role assigned to the typestate and an access permission level. | 03-14-2013 |
20130067593 | SYSTEMS AND METHODS TO DISTRIBUTE CONTENT OVER A NETWORK - The present embodiments provide methods, apparatuses, and systems to distribute content over a network. Some embodiments provide methods to distribute content within a local media network. These methods receive a request for a first content to be transferred to a sink device, request from the source an access criteria for a first content that is protected according to a first digital rights management (DRM), forward the access criteria to the sink device, receive an evaluation of the access criteria from the sink device regarding at least whether the sink device can interpret the first DRM, determine according to the evaluation received from the sink device whether the sink device can utilize the first content that is protected according to the first DRM, and initiate a transfer of the first content from the source device to the sink device when the sink device can utilize the first content. | 03-14-2013 |
20130081144 | STORAGE DEVICE AND WRITING DEVICE - According to an embodiment, a storage device connected to an external device includes a data storage, a key storage, a random number generating unit, a random number storage, a random number transmitting unit, a data receiving unit, a calculating unit, a determining unit, and a storage control unit. The data receiving unit receives write data to be written into the data storage and first authentication information. The key storage stores a key. The calculating unit calculates second authentication information for data generated from the write data and the random number by using the key. The determining unit determines whether the first authentication information and the second authentication information are identical. The storage control unit stores the write data into the data storage when the first authentication information and the second authentication information are determined to be identical. | 03-28-2013 |
20130081145 | ANONYMOUS ASSOCIATION SYSTEM UTILIZING BIOMETRICS - Various exemplary embodiments relate to an anonymous database system. The system includes a plurality of biometric nodes in communication with one another. Each of the plurality of biometric nodes includes a biometric input that receives biometric data from a user. The system also includes at least one central database in communication with the plurality of biometric nodes; and a plurality of institution databases in communication with the plurality of biometric nodes. A first node of the plurality of biometric nodes is configured to receive a message from a second node of the plurality of biometric nodes, the message requesting authorization of data access by the second node. Various embodiments relate to a method for performing an action requiring multiple levels of authentication using an anonymous database system. | 03-28-2013 |
20130091584 | Distributed System and Method for Tracking and Blocking Malicious Internet Hosts - Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked” IP address for a period of time. A network appliance can then “receive” an email and perform analysis and provide results of the analysis to a reputation service. Thereby, the temporarily allowed communication can be used to learn information about a threat which would not have been available if all communication from that IP address had actually been blocked at the network appliance. | 04-11-2013 |
20130091585 | MOBILE WIRELESS COMMUNICATIONS DEVICE HAVING VALIDATION FEATURE AND RELATED METHODS - A mobile wireless communications device may include a wireless transceiver and a controller coupled to the wireless transceiver. The controller may be configured to determine if an email address is associated with the mobile wireless communications device. The controller may further be configured to wirelessly send a validation request to a validation server based upon the email address, and wait for a validation email to be wirelessly received from the validation server based upon the validation request if the email address is associated with the wireless communications device, and if the validation email is wirelessly received, then validate access an application based upon the validation email. | 04-11-2013 |
20130091586 | Electronic Permission Slips for Controlling Access to Multimedia Content - An administrator controls viewer access to restricted multimedia programs using electronic permission slips. In response to a viewer's request to view a restricted multimedia program, the viewer may initiate the generation of an electronic permission slip that is sent to an electronic device associated with the administrator. The electronic permission slip may include text-based information, graphical information, audio information, and the like. The electronic permission slip may enable input of permission data regarding whether the viewer is allowed to receive the blocked program. In response to the administrator granting permission, a service provider network allows the viewer to access the restricted multimedia program. | 04-11-2013 |
20130097716 | METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR DETERMINING MEDIA ITEM PRIVACY SETTINGS - An apparatus for determining media item privacy settings may include a processor. The processor may be configured to receive media item capture data associated with a media item. The media item capture data may include at least a capture location. The processor may also be configured to identify a privacy context that corresponds to the media item capture data. In this regard, the capture location of the media item capture data may be within a geographic zone of the privacy context. The processor may be further configured to determine a privacy setting for the media item based on the corresponding privacy context, and, in some embodiments,control access to the media item in accordance with the determined privacy setting. Associated methods and computer program products may also be provided. | 04-18-2013 |
20130111602 | System and/or Method for Distributing Media Content | 05-02-2013 |
20130111603 | INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING MEDIUM, AND PROGRAM | 05-02-2013 |
20130111605 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD | 05-02-2013 |
20130117857 | Method for Processing Data in One or More Control Devices of a Vehicle, in Particular a Motor Vehicle - The invention relates to a method for processing data in one or more control devices of a vehicle, in particular a motor vehicle. According to the invention, a data protection mode for the control device(s) can be activated by a user of the vehicle. In this data protection mode the predetermined data, to which the control device(s) has and/or have access during usage of the vehicle, are prevented from being transmitted out of the vehicle; or transmission of said predetermined data is permitted exclusively after entry of a confirmation requested by the user of the vehicle. As an alternative or in addition, in the data protection mode the predetermined data, which are stored in the control device(s) during usage of the vehicle, are deleted after a predefined period of time. | 05-09-2013 |
20130117858 | Method and System for Ensuring a Sharing Violation Free Environment for a Trusted Software Agent - A method and system is provided by which a trusted software agent can perform in a sharing violation free environment, which reduces complexity and eliminates interference with applications. A method for handling sharing violations in a computer system comprises intercepting a request by an application for access to a file, capturing a sharing violation raised by the operating system, determining whether the sharing violation is due to the trusted agent, and if so holding the request by the application for access to the file until the trusted agent no longer holds the file, and then reprocessing the request by the application for access to the file. The application is not aware that the sharing violation due to the trusted agent occurred, or that the request was pending and reprocessed because at the end of the process the application receives a file handle as if a sharing violation did not occur. | 05-09-2013 |
20130133080 | LICENSE MANAGEMENT SYSTEM AND METHOD - When hardware connected to an image forming apparatus is detected, a check is performed as to whether the hardware was used with another image forming apparatus, and, if used, a license of an application that is operated by the hardware is automatically transferred so that the application can be used in the image forming apparatus to which the hardware is connected. | 05-23-2013 |
20130133081 | SYSTEM AND METHOD FOR AN ELECTRONIC READER THAT ALLOWS ACCESS TO ADDITIONAL CONTENT AND TOOLS - A method, system and non-transitory computer-readable medium are provided for controlling display of content on an electronic device with a touch screen display, which content may, in response to detection of a squeeze gesture, be reduced on the display screen to reveal additional content, tools and features associated with the one or more pages of the content. | 05-23-2013 |
20130133082 | DIGITAL RIGHTS MANAGEMENT LICENSE ARCHIVING - An arrangement is provided where a media server temporarily stores a DRM license that is associated with downloaded media content prior to copying the DRM license to a physical archival medium such as an optical disc. When the media server confirms that the DRM license is successfully copied to the physical archival medium, it destroys the temporarily stored DRM license. | 05-23-2013 |
20130133083 | MEDIATION PROCESSING METHOD, MEDIATION APPARATUS AND SYSTEM - A disclosed mediation apparatus collects data of transactions between a provider holding data of a user and a terminal of the user, for authorizing utilization of the data of the user by a consumer, and stores matching data to determine whether response data received from the provider at next time and subsequent times is substantially the same as the response data previously received and reply data used when sending answer data to the provider into an automatic response data storage unit. Thus, the mediation apparatus automatically respond on behalf of the terminal of the user at the next time and subsequent times. Therefore, it is possible to simplify user operations. | 05-23-2013 |
20130139271 | CONTENT PROVIDER WITH MULTI-DEVICE SECURE APPLICATION INTEGRATION - Methods and systems for providing access to content are disclosed. The method is performed at least in part at a client computer system having a processor and memory. The method includes executing a host application associated with a first party. In some implementations, the host application is a media player. The method further includes initiating a secure communication channel between the host application and a server associated with the first party. The method further includes executing a supplemental application associated with a second party. The method further includes accessing, with the supplemental application, content licensed to the first party, wherein the licensed content is accessible to the supplemental application via the secure communication channel subject to terms of a licensing agreement. In some implementations, the content is media content, such as music, movies, and the like. | 05-30-2013 |
20130145478 | SYSTEMS AND METHODS FOR ELECTRONICALLY PUBLISHING CONTENT - Systems and methods for electronically publishing content are disclosed. An example method includes receiving a content selection and receiving a selection of rights assigned to the content. The method also includes receiving a selection of one or more tags and associating the content with the rights assigned and the tag to enable a security trimmed rank adjusted search return of the content. | 06-06-2013 |
20130145479 | Systems and Methods for Clinical Study Management - Electronic systems and methods for managing and auditing Clinical Trial data includes using storage and classification of all data. New data is added to the data storage system and designated as a current version, rather than deleting previous data and storing only a single version. Further identifying information about the data, including the user name who modified it and the date of modification, may also stored. Computer users are authenticated by the systems and methods and may then add and alter data according to user permissions. Further systems and methods include electronic billing for clinical trials based on statuses of clinical trial procedures. Prices for procedures may be assigned by appropriate users and billing mechanisms may proceed based on statuses of the procedures and not necessarily on the status of the entire clinical trial. | 06-06-2013 |
20130145480 | E-MAIL WITH SECURE MESSAGE PARTS - A method for preventing a recipient of an electronically transmitted message from taking at least one action in relation to the message is disclosed. The message has at least two parts with one of the parts having a higher level of security than the other part. The method includes the step of extracting information from the message. The information indicates that the higher level security part is not permitted to have the action taken on it while the other part is so permitted. The method also includes the step of preventing the higher level security part from having the action taken on it in reaction to said recipient making an offending request. | 06-06-2013 |
20130145481 | RECORDING MEDIUM APPARATUS AND CONTROLLER - A storage unit | 06-06-2013 |
20130160138 | NETWORK INFORMATION COLLECTION AND ACCESS CONTROL SYSTEM - An approach is provided for collecting and controlling access to network information. A network information anonymizer receives network information associated with a device, separates the network information into anonymized network information and user identifiable information, and enables access to the anonymized network information independently of the user identifiable information based on a privacy setting. | 06-20-2013 |
20130160139 | Volume Encryption Lifecycle Management - Aspects of the subject matter described herein relate to encryption lifecycle management. In aspects, an orchestrating agent is installed on a device upon which encryption management is desired. During the lifecycle of the device, the orchestrating agent facilitates performing actions to protect the data of the device. For example, at certain points during the actions, the orchestrating agent may deduce the presence of external entities needed to perform the actions and interact with those entities to protect the data. During its facilitating activities, the orchestrating agent may also escrow protector data to use to unlock the data for legitimate stakeholders of the data. | 06-20-2013 |
20130160140 | MACHINE-TO-MACHINE COMMUNICATIONS PRIVACY PROTECTION METHOD AND SYSTEM, MACHINE-TO-MACHINE COMMUNICATIONS SERVICE MANAGEMENT ENTITY, AND RELATED DEVICE - Embodiments of the present invention provide a machine-to-machine communications privacy protection method and system, a machine-to-machine communications service management entity, and a related device. The method includes: after receiving a location access message, determining, by a service management entity and according to locating information, an entity that performs privacy inspection; and triggering, by the service management entity, the entity that performs privacy inspection to perform privacy inspection. The M2M service management entity determines in advance the entity that performs privacy inspection and triggers the entity that performs privacy inspection to perform privacy inspection. Therefore, with the method provided in the present invention, message interaction on an mId interface is reduced, thereby reducing a message overhead. In this way, a network load is reduced, and especially for a wireless network with an air interface, benefit that reduction of a signaling overhead brings is greater. | 06-20-2013 |
20130167248 | METHOD FOR GENERATING SMART CONTENTS, METHOD FOR EXECUTING SMART CONTENTS AND METHOD FOR PROVIDING N-SCREEN SERVICE OF SMART CONTENTS - A method for generating smart contents includes contents protected by a digital right management (DRM) technology; and metadata including information necessary to use the contents. Further, the method includes a smart code for protecting copyright of the contents and position information which the smart code is downloaded. | 06-27-2013 |
20130174271 | DEVICE AUTHENTICATION FOR SECURE KEY RETRIEVAL FOR STREAMING MEDIA PLAYERS - Systems and methods are disclosed that authenticate devices or users, and enable playback of secured streaming content through a media player. In one embodiment, the invention is a system for receiving secure content over an unmanaged network, including a security application configured operate on a user device with access to a network, where the security application is configured to receive a request for playlist data from the media player, send a playlist request to a content server, receive playlist data from the content server, send playlist data to a media player, receive a security access request from the media player, send a security access request to a security server, receive security access data from the security server; and send security access data to a media player. | 07-04-2013 |
20130179988 | Secure Profile System And Method - A computer implemented method for a secure profile system for an identity management system having: on a computer device having one or more processors and a memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for: defining a structure; storing data associated with a profile, where the profile contains an object; securely granting access to the profile and a subject; configuring an audit log to provide an account of an access to data housed within the profile; implementing a security-related algorithm and protocol; exchanging data between two or more subjects; and providing secured, externalized content. Also, a computer system and non-transitory computer-readable storage medium adapted for the same. | 07-11-2013 |
20130179989 | METHOD AND APPARATUS FOR ENFORCING SOFTWARE LICENSES - A method and apparatus for enforcing software licenses for resource libraries such as an application program interface (API), a toolkit, a framework, a runtime library, a dynamic link library (DLL), an applet (e.g., a Java or ActiveX applet), or any other reusable resource. The resource library can be used by authorized end user software programs. A “per-program” licensing scheme for a resource library can allow a resource library to be licensed only for use with particular software programs. | 07-11-2013 |
20130185805 | METHOD AND APPARATUS FOR ESTABLISHING USAGE RIGHTS FOR DIGITAL CONTENT TO BE CREATED IN THE FUTURE - Usage rights for a digital work are established prior to creation of the corresponding content. The rights can be associated with the content after the content is created. A content creation, such as a video recorder or a still camera, device can store labels of the rights and can associate usage rights with content in real time as the content is created. | 07-18-2013 |
20130185806 | PERSONAL-INFORMATION TRANSMISSION/RECEPTION SYSTEM, PERSONAL-INFORMATION TRANSMISSION/RECEPTION METHOD, PERSONAL-INFORMATION PROVISION APPARATUS, PREFERENCE MANAGEMENT APPARATUS AND COMPUTER PROGRAM - Disclosed is a personal-information (PI) transmission/reception system and the like which makes it possible to, even when the number of apparatuses possessing PI has increased, reduce a burden of a user who sets preferences (PRFs) with respect to disclosures of the PI on the individual apparatuses. | 07-18-2013 |
20130191928 | ENFORCING CONTENT BLACKOUT - A system includes a network interface, a memory, and a processor. The network interface is configured to communicate, over a network, with a user device associated with a user. The memory is configured to store instructions to be executed by the processor. The processor is configured to execute the instructions to: receive, from the user device via the one or more network interfaces, a request for content; initiate an upload of the requested content to the user device in response to the request; receive a request for a license key from the user device in response to the initiation of the upload; determine whether the user device is outside a blackout region associated with the content; generate a license key when the one or more processors determine that the user device is outside the blackout region; and send the license key to the user device. | 07-25-2013 |
20130198854 | APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS PROVIDING DYNAMIC PROVABLE DATA POSSESSION - In one exemplary embodiment, a method includes: storing data for a file, organized as blocks, each having a portion of the file; and maintaining a skip list for the data. The skip list is an ordered tree structure having a root node, internal nodes and leaf nodes. Each leaf node corresponds to a block. Each node has a rank value corresponding to size of a subtree rooted at the node. The skip list employs a hashing scheme. The hash value of the root node and internal nodes is computed from a level of the node, the rank value and an interval between the node and another linked node to the right of or below the node. The hash value of the leaf nodes is computed from a level of the node, the rank value and an interval associated with the node. | 08-01-2013 |
20130198855 | DYNAMIC SELECTION OF AUTHORIZATION PROCESSES - Systems, methods, and software are disclosed herein for licensing applications using a preferred authorization process dynamically identified based on conditions associated with an initiation of an application. Authorization is then attempted using the preferred authorization process. In some examples, the preferred authorization process is selected from at least a keyless authorization process and a key-based authorization process. | 08-01-2013 |
20130198856 | USER BASED LICENSING FOR APPLICATIONS - A method, system, and computer-readable storage media for providing user based licensing of an application are provided herein. The method includes receiving user log-in information from a computing device at a licensing service in response to an input by a user and providing a license for an application to the computing device, wherein the license includes device specific information associated with the user. The method also includes activating the application on the computing device using the device specific information. | 08-01-2013 |
20130198857 | PROCESSING OF RESTRICTED ACCESS DATA - Embodiments related to processing of restricted-access data. An aspect includes receiving a request for data from a user by a storage system infrastructure comprising a centralized database that stores non-restricted access data and a local system that stores restricted-access data associated with a first set of areas or entities and comprising a federated database for providing a federated view, wherein the requested data comprises restricted-access first data and non-restricted access second data. Another aspect includes based on an association of the user, routing, by a routing entity, the request to the local system. Another aspect includes receiving the request at the at least one federated database of the local system. Another aspect includes retrieving from the federated database the restricted-access first data and the non-restricted access second data. Another aspect includes displaying the federated view comprising the restricted-access first data and the non-restricted access second data to the user. | 08-01-2013 |
20130198858 | SYSTEMS AND METHODS FOR A CONTENT AUTHORIZATION SERVICE - A content authorization service is described, including receiving, from a first source, information comprises a key for accessing content recorded on a disc; storing the key, a pre-recorded media serial number (PMSN), and a product serial number (PSN); receiving, from a second source, another PSN, the another PSN; determining that the PSN and the another PSN is a same code; recording data that indicates the disc is authenticated if the PSN and the another PSN is the same code; receiving, from a third source, at least one of the PSN and the PMSN; determining that the at least one of the PSN and the PMSN identifies the disc; and if the at least one of the PSN and the PMSN identifies the disc, transmitting the key to the third source, the key enables access to the content recorded on the disc. | 08-01-2013 |
20130198859 | SYSTEMS AND METHODS FOR A PRODUCT AUTHORIZATION SERVICE - A product authorization service is described, including receiving, from a first source, an item serial number (ISN) of a product and an item-specific key (ISK) for the product; receiving, from a second source, a product-package serial number (PPSN) associated with the product and information about the second source; storing the received PSN with an authorized indication based on the information about the second source indicating an authorized source; receiving, from the product, the PSN and the ISN; determining whether the PSN is the same as the receive PSN with the authorized indication; and if the PSN is the same as the receive PSN, transmitting the ISK to the product, the ISK enables activation of one or more features of the product. | 08-01-2013 |
20130205403 | MAINTAINING SECURE DATA ISOLATED FROM NON-SECURE ACCESS WHEN SWITCHING BETWEEN DOMAINS - A data processing apparatus including circuitry for performing data processing, a plurality of registers; and a data store including regions having different secure levels, at least one secure region (for storing sensitive data accessible by the data processing circuitry operating in the secure domain and not accessible by the data processing circuitry operating in a less secure domain) and a less secure region (for storing less secure data). The circuitry is configured to determine which stack to store data to, or load data from, in response to the storage location of the program code being executed. In response to program code calling a function to be executed, the function code being stored in a second region, the second region having a different secure level to the first region, the data processing circuitry is configured to determine which of the first and second region have a lower secure level. | 08-08-2013 |
20130205404 | PROTECTING PRIVACY OF SHARED PERSONAL INFORMATION - Methods and apparatus are described to protect personal information by decoupling it from user identity. According to specific embodiments, this is accomplished by associating each user with an anonymous token that is decoupled from the user's identity. Personal information (e.g., a user's physical or geographic location) is stored in association with this anonymous token, with no apparent connection to the user. Those allowed to access the personal information—including the owner himself—are granted the ability through a variety of mechanisms to connect the anonymous token back to the owner. The personal information can then be retrieved by locating the data stored in association with the anonymous token in the data store. | 08-08-2013 |
20130205405 | DATA PROCESSING SYSTEM AND DATA PROCESSING METHOD - Provided is a system that improve security of data processing by determining whether processing of the data received from an image processing apparatus is restricted, communicating with the image processing apparatus when processing of the data is restricted, and receiving a response whether the processing of the data is permitted. It is determined in the portable terminal whether processing of the data received from the image processing apparatus is restricted. If processing of the data is restricted, the portable terminal communicates with the image processing apparatus, and the portable terminal processes data when it received information that indicates the processing of the data is permitted. If processing of the data is restricted, the portable terminal processes the data without communicating with the image processing apparatus. | 08-08-2013 |
20130205406 | Data protection method and device - An apparatus and method for encoding and decoding additional information into a digital information in an integral manner. More particularly, the invention relates to a method and device for data protection. | 08-08-2013 |
20130212699 | METHODS AND SYSTEMS FOR FACILITATING PERSONAL DATA PROPAGATION - Methods and systems for facilitating the propagation of personal data include a Personal Data Propagation Environment (“PDP environment”), which facilitates the propagation of personal data items between secure personal data stores and various consumers of the personal data items. One PDP environment includes a personal data manager and a personal data subscriber. The personal data manager manages personal data items on a secure data store associated with a user computing device. The personal data manager provides access to personal data items stored on the secure data store in accordance with a personal data subscription associated with the personal data subscriber. | 08-15-2013 |
20130212700 | EXCEPTION HANDLING IN A DATA PROCESSING APPARATUS HAVING A SECURE DOMAIN AND A LESS SECURE DOMAIN - A data processing apparatus and method are provided for handling exceptions, including processing circuitry configured to perform data processing operations in response to program code, said circuitry including exception control circuitry. A plurality of registers are provided including a first and second subsets of registers, and a data store. The data store includes a secure region and a less secure region, wherein the secure region is for storing data accessible by the processing circuitry when operating in a secure domain and not accessible by the processing circuitry when operating in a less secure domain. The exception control circuitry performs state saving of data from the first subset of registers before triggering the processing circuitry to perform an exception handling routine corresponding to the exception. Where background processing was performed by the processing circuitry in the secure domain, the exception control circuitry performs additional state saving of the data. | 08-15-2013 |
20130212701 | METHOD AND SYSTEM FOR CLASSIFYING AND REDACTING SEGMENTS OF ELECTRONIC DOCUMENTS - A method for classifying and redacting electronic documents, for example an email message, is described. The classification and redaction of segments of the email message are based on rules. Using the rules, multiple versions of the email message, each corresponding to recipients with specific clearance levels are generated. A selective redacting of certain segments of the email message concurrently with sending previously redacted segments of the same email message is described. A corresponding system for classifying and redacting electronic documents is also provided. | 08-15-2013 |
20130219510 | DRM/CAS SERVICE DEVICE AND METHOD USING SECURITY CONTEXT - A DRM/CAS service device is provided. The device includes a registration service server that authenticates a device and an STP of the device and generates a device-based context according to a registration request and a DRM/CAS service request from the device; a DRM/CAS service server that receives the device-based context and generates DRM/CAS security contexts; and a DRM/CAS SW service server that receives the DRM/CAS security contexts, generates the DRM/CAS software package including the DRM/CAS security contexts and DRM/CAS software, and enables the DRM/CAS software package to be provided for the device. The DRM/CAS service device reduces the amount of processing and simplifies the process by installing and using content and service protection software, that is, DRM/CAS software by using a security context. | 08-22-2013 |
20130219511 | Methods, Media, and Systems for Monitoring Access to Computer Environments - Method, media, and systems for monitoring access to computer environments are provided. Methods for monitoring access to a computer environment by a technician workstation are provided, the methods comprising: setting tip a remote desktop access session between a hardware processor of a proxy and the technician workstation; connecting the remote desktop access session to the computer environment; providing access to the computer environment from the technician workstation using the remote desktop access session; recording remote desktop access messages; and replaying the remote desktop access messages. | 08-22-2013 |
20130219512 | APPARATUSES AND METHODS FOR PROCESSING FILE CONTENT USING DIGITAL RIGHTS MANAGEMENT (DRM) IN WEB BROWSER - An electronic device for processing file content using Digital Rights Management (DRM) is provided with a DRM agent, a plug-in, and a web browser. The DRM agent module processes DRM-protected content associated with an electronic file. The plug-in enables access of electronic file. The web browser includes a module which is to be invoked during loading of the DRM-protected content associated with electronic file and is installed with the DRM agent. Upon receiving a request for electronic file, the module determines whether electronic file is DRM protected. After determining that electronic file is DRM protected, the module activates the processing of the DRM-protected content by the DRM agent to obtain electronic file portion-by-portion such that the web browser directly accesses or uses a corresponding native player or a corresponding plug-in of the web browser to access electronic file with obtained portions, respectively. | 08-22-2013 |
20130219513 | BLADE, COMPUTER PRODUCT, AND MANAGEMENT METHOD - A determining unit determines whether housing specific information decrypted from a license key is identical to housing specific information acquired from the housing to confirm legitimacy of license, thereby ensuring security. The determining unit determines that the license can be activated if a usage number in the housing does not exceed a usable number. Only when the determining unit determines that the license can be activated, the setting unit activates the license to make software usable so that any blade can freely use the software within a limit of the usable number. | 08-22-2013 |
20130219514 | APPLICANT SCREENING - Systems and methods for screening applicants are disclosed herein. A method of screening applicants is performed by a screening server. The server begins by receiving a selection of screening services and an applicant profile that identifies an applicant. The screening continues by generating screening results specified by the selection of screening services based on the applicant profile. A property manager is then notified that the screening results are available for the applicant based upon the applicant profile. The screening results are then provided to the property manager based upon the applicant profile. Based on these screening results, the screener or property manager can make a decision about the applicant and communicate a decision action to the applicant. | 08-22-2013 |
20130219515 | System and Method for Providing Tools VIA Automated Process Allowing Secure Creation, Transmittal, Review of And Related Operations on, High Value Electronic Files - Embodiments are described of systems and methods for the creation, transmittal, review of, and related operations on, as well as the prevention, detection, and such, of unauthorized manipulation (e.g., substitution) of, high-value data files, including electronic documents. | 08-22-2013 |
20130227704 | PROCESSOR AND DATA PROCESSING METHOD WITH NON-HIERARCHICAL COMPUTER SECURITY ENHANCEMENTS FOR CONTEXT STATES - Disclosed are a processor and processing method that provide non-hierarchical computer security enhancements for context states. The processor can comprise a context control unit that uses context identifier tags associated with corresponding contexts to control access by the contexts to context information (i.e., context states) contained in the processor's non-stackable and/or stackable registers. For example, in response to an access request, the context control unit can grant a specific context access to a register only when that register is tagged with a specific context identifier tag. If the register is tagged with another context identifier tag, the contents of the specific register are saved in a context save area of memory and the previous context states of the specific context are restored to the specific register before access can be granted. The context control unit can also provide such computer security enhancements while still facilitating authorized cross-context and/or cross-level communications. | 08-29-2013 |
20130227705 | TERMINAL AND METHOD FOR HIDING AND RESTORING MESSAGE - A terminal to hide a message includes an input unit to receive a signal to hide a message and a signal to restore a hidden message; a display unit to display the message and the hidden message; and a control unit to control display of the message. The terminal hides messages or applications on a separate screen. The separate screen may be a virtual screen or a different display screen. A hidden message may be displayed on the separate screen according to a conversation partner. A hidden message may be restored to a location in which the message would have originally been displayed. A portion of the stored message may be extracted and provided to an application of the terminal. | 08-29-2013 |
20130227706 | METHOD, APPARATUS AND SYSTEM FOR CONTROLLING READ RIGHTS OF DIGITAL CONTENTS - A method for controlling read rights of digital contents includes receiving, by a first service node, digital content information from a second service node implemented by a second server, wherein the digital content information includes digital contents and read rights of the digital contents, and both the first service node and the second service node are service nodes authenticated by a root service node, transmitting, by the first service node, a verification request to the root service node to verify whether the digital content information is authorized by the root service node, and parsing, by the first service node, the digital content information to obtain the digital contents and the read rights of the digital contents if a verification result shows that the digital content information is authorized by the root service node. An apparatus and system for implementing the method are also provided. | 08-29-2013 |
20130227707 | RELATIONSHIP MANAGEMENT SYSTEM AND METHOD OF OPERATION THEREROF - A communication method to publish a user message suitable for one or more vendors. The communication method may be performed by one or more controllers and may include one or more acts of receiving a message from a user station of a user; processing the received message to anonymize the message to conceal an identity of the user; publishing the anonymized message and anonymous link information; receiving a request from a vendor of the one or more vendors for user context information corresponding to the user in response to the published anonymized message; receiving restriction information in accordance with a user persona selected by the user from a plurality of user personas that are each associated with the user; and providing the user context information in accordance with the restriction information. | 08-29-2013 |
20130227708 | SYSTEM AND METHOD FOR DELIVERING GEOGRAPHICALLY RESTRICTED CONTENT, SUCH AS OVER-AIR BROADCAST PROGRAMMING, TO A RECIPIENT OVER A NETWORK, NAMELY THE INTERNET - A system and method for delivering geographically restricted content, including but not limited to over-air broadcast programming, to a recipient over a computer network, namely the Internet. The content is only delivered over the computer network if the recipient's computer or network device requesting the content over the network is verified to be located in the geographically restricted area. A conventional tuner is employed by the recipient's computer to receive one or more over-air signals having a broadcast range deemed to be synonymous with the geographically restricted area for the requested content. If the tuner is able to receive such over-air signal(s), the requested content is delivered over the network to the recipient's computer. This is because the recipient is known to be physically located in the geographically restricted area by the ability of the tuner to receive the over-air signal(s). | 08-29-2013 |
20130239227 | GROUP LICENSES FOR VIRTUAL OBJECTS IN A DISTRIBUTED VIRTUAL WORLD - A group licensing scheme for validating groups of virtual objects within a distributed virtual world is provided. Each of a number of distributed virtual world servers hosts a cell, or virtual space, of the virtual world. In operation, a first virtual world server categorizes virtual objects into a number of groups. Either before or after creating the groups, the first virtual world server validates each virtual object individually. Once the virtual objects are validated and the groups are formed, the first virtual world server generates a group license for each of the groups. When a group of virtual objects or an avatar associated with one or more groups of virtual objects moves to a virtual space hosted by a second virtual world server, the corresponding group licenses are provided to the second virtual world server, which validates the one or more groups of virtual objects based on the group licenses. | 09-12-2013 |
20130239228 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PUBLICLY PROVIDING WEB CONTENT OF A TENANT USING A MULTI-TENANT ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for publicly providing web content of a tenant using a multi-tenant on-demand database service. These mechanisms and methods for publicly providing web content of a tenant using a multi-tenant on-demand database service can allow the web content to be published by a tenant using the multi-tenant on-demand database service for use by non-tenants of the multi-tenant on-demand database service. | 09-12-2013 |
20130239229 | METHOD, APPARATUS AND SYSTEM FOR MANAGING DOCUMENT RIGHTS - Embodiments of the present invention provide a method, an apparatus and a system for managing document rights. In the method, the apparatus and the system for managing document rights which are provided in the embodiments of the present invention, a server receives a rights request from a client, where the rights request is used for obtaining rights information of a document; determines, according to the rights request, whether the first rights information of the document is saved; when the first rights information is not saved, sends, to the client, the second rights information corresponding to the document confidentiality level, so that the client decrypts the document according to the second rights information; and when the first rights information is saved, sends the first rights information to the client so that the client decrypts the document according to the saved first rights information. | 09-12-2013 |
20130247215 | INFORMATION PROCESSING DEVICE FOR DETECTING AN ILLEGAL STORED DOCUMENT,ILLEGAL STORED DOCUMENT DETECTION METHOD AND RECORDING MEDIUM - The present invention provides an information processing device which can detect illegal authorization setting efficiently in a short period of time. The information processing device includes a database which stores electronic documents, a means for storing rank values of users of the database, a means for storing the authorization degree of an electronic document or an electronic document group and authorization degrees of respective document classes of the database, a means for analyzing the electronic documents and combining together documents having mutual similarity in a degree equal to or higher than a certain level into a similar document group, and a means for analyzing authorization degrees of respective document classes in the database with reference to the rank values of the users, and thus detecting an electronic document or an electronic document group whose authorization setting is improper. | 09-19-2013 |
20130247216 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PUBLICLY PROVIDING WEB CONTENT OF A TENANT USING A MULTI-TENANT ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for publicly providing web content of a tenant using a multi-tenant on-demand database service. These mechanisms and methods for publicly providing web content of a tenant using a multi-tenant on-demand database service can allow the web content to be published by a tenant using the multi-tenant on-demand database service for use by non-tenants of the multi-tenant on-demand database service. | 09-19-2013 |
20130247217 | ON-DEMAND SERVICE SECURITY SYSTEM AND METHOD FOR MANAGING A RISK OF ACCESS AS A CONDITION OF PERMITTING ACCESS TO THE ON-DEMAND SERVICE - In accordance with embodiments, there are provided mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can enable embodiments to help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability of embodiments to provide such management may lead to an improved security feature for accessing on-demand services. | 09-19-2013 |
20130247218 | System And Method For Verifying Authenticity Of Documents - A system and method for verifying the authenticity of documents is provided. The method and system includes incorporating a machine readable code ( | 09-19-2013 |
20130247219 | SYSTEM AND METHOD FOR ONLINE ACTIVATION OF WIRELESS INTERNET SERVICE - The present invention is related to method and system for online activation of a wireless internet service, which are capable of automatically transferring a MAC address required for an online activation of wireless internet services to an online activation server, thereby eliminating the subscriber burden of having to know the MAC address and preventing incorrect input of the MAC address. | 09-19-2013 |
20130269039 | DATA ACCESS CONTROL - The presently disclosed subject matter includes a system and method for protecting data stored in a physical storage space of a storage system. According to the teachings disclosed herein, a block key is provided together with a read and a write request and is applied on data, which is related to a logical data block, for calculating a data block signature. A read request according to the presently disclosed subject matter includes, in addition to data indicative of a requested data block, a block key for the purpose of verifying the data block signature that was stored upon the last write of the requested data block. A write request according to the presently disclosed subject matter includes, in addition to data indicative of a data block to be written, a block key for generating a respective data block signature. | 10-10-2013 |
20130276132 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR UTILIZING CODE STORED IN A PROTECTED AREA OF MEMORY FOR SECURING AN ASSOCIATED SYSTEM - A security system, method, and computer program product are provided. In use, code is stored in a protected area of memory. In addition, the stored code is utilized for securing a system associated with the protected area of memory. | 10-17-2013 |
20130276133 | METHODS AND APPARATUS FOR INFORMATION ASSURANCE IN A MULTIPLE LEVEL SECURITY (MLS) COMBAT SYSTEM - Methods and apparatus are provided for information assurance in a multiple level security (MLS) combat system. A plurality of tasks are executed, where at least one of the tasks requiring a transition from a first security level to a second security level. At least one of the tasks are executed on a cloud computing system; and a kernel is employed to prevent a leakage of data between at least two of the tasks. The cloud computing system comprises a virtualization layer and provides one or more operating systems, as well as interface access control to data. The kernel provides a mechanism for the transition from the first security level to the second security level. The kernel optionally tags one or more data records with a security classification to allow one or more classification levels to be segregated for role-based data access. | 10-17-2013 |
20130276134 | EVENT DRIVEN PERMISSIVE SHARING OF INFORMATION - The disclosed subject matter provides for event driven permissive sharing of information. In an aspect, user equipment can include information sharing profiles that can facilitate sharing information with other devices or users, such as sharing location information. The information sharing profiles can include trigger values, such that when a target value transitions the trigger value, a permission value is updated to restrict access to sharable information. As such, event driven permissive sharing of information allows for designation of temporary friend information sharing with user-defined triggers. | 10-17-2013 |
20130276135 | FILTERING ACCESS TO NETWORK CONTENT - A system receives a request to filter access by a client device to content over a network and causes access to network content by said client device to be filtered. | 10-17-2013 |
20130276136 | Online Privacy Management - A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may employ pattern recognition software to evaluate analytics data and potentially block private information from being sent within the analytics data. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed as well as private information settings indicating what types of private information should be blocked. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon and/or lock and unlock icons for display on webpages being monitored/controlled in realtime by the PMS. | 10-17-2013 |
20130276137 | Method and system for creating a protected object namespace for a WSDL resource description - A method and system is presented to parse a WSDL description and build a hierarchical protected object namespace for authorization of access to the resource, wherein the protected object namespace is based on the abstract part of a WSDL but can be used to assist in authorization decisions for multiple different concrete bindings of this WSDL, wherein the concrete binding/request is based on the WS-Addressing endpoint reference. | 10-17-2013 |
20130276138 | COPYRIGHT DETECTION AND PROTECTION SYSTEM AND METHOD - A method for detecting against unauthorized transmission of digital works comprises the steps of maintaining a registry of information permitting identification of digital copyrighted works, monitoring a network for transmission of at least one packet-based digital signal, extracting at least one feature from the at least one digital signal, comparing the extracted at least one feature with registry information and applying business rules based on the comparison result. | 10-17-2013 |
20130276139 | METHOD AND APPARATUS FOR ACCESSING CONTENT PROTECTED MEDIA STREAMS - A method and apparatus for recovering a content signal from media stream protected by a digital rights management (DRM) system. A content access device includes a network interface configured to receive the protected media stream from a remote content provider via a network and a plurality of distinct DRM components corresponding to DRM systems supported by the content access device. A content extraction unit is operable to select a DRM component of the plurality of DRM components and execute the selected DRM component to recover a content signal from the protected media stream. When a search engine is used to discover available content, a list of references to available content is presented to the user, the presentation being dependent upon whether or not the content is protected by a DRM system supported by the content access device. | 10-17-2013 |
20130276140 | TRANSACTION SYSTEM FOR BUSINESS AND SOCIAL NETWORKING - A wireless face-to-face bilateral communication method between at least two users of a service provider, each having a token device, and at least one having a user-defined profile, comprising: between a sending token device and a receiving token device, transmitting unique electronic transaction tokens between a consenting sending party and a consenting or optionally consenting receiving party wherein said transaction tokens may be used for single use, party-approved after-contact, computer-network facilitated access to each other's profile. | 10-17-2013 |
20130283393 | METHOD FOR PLAYING DIGITAL CONTENTS PROTECTED WITH A DRM (DIGITAL RIGHT MANAGEMENT) SCHEME AND CORRESPONDING SYSTEM - A method for playing DRM-protected contents, the protected contents being downloaded by a user device from a media server in the form of protected segments, comprises executing a DRM proxy inside the user device, the DRM proxy interfacing the media server and a player configured to implement the HLS protocol; executing an HLS server in the DRM proxy; registering the DRM proxy to handle HTTP requests; producing by the DRM proxy a playlist in HLS format including a list of URLs locating the individual protected segments on the user device; processing the playlist in the player; in the DRM proxy, acquiring a license to access the protected segment identified by the URL of a current request; decrypting the protected segment in the DRM proxy based on the license; and returning a segment based on the decrypted segment to the player in response to the current URL request. | 10-24-2013 |
20130283394 | AUTHENTICATING USE OF A DISPERSED STORAGE NETWORK - A method begins with a managing unit authenticating an access request regarding a set of encoded data slices, which represents an encoded data segment. The method continues, when the access request is authenticated, by generating storage unit access requests based on the access request regarding the set of encoded data slices. The method continues with the managing unit authenticating the storage unit access requests. When the storage unit access requests are authenticated, the method continues with the storage units executing the storage unit access requests to fulfill the access request regarding the set of encoded data slices. | 10-24-2013 |
20130283395 | CONTENT PROTECTION IN A WIRELESS NETWORK - A method for operating a device to protect an application from unauthorized operation is provided. The application will fail to operate on the device when the device is defined outside a selected operating region. The method includes transmitting the selected operating region for the application, and receiving the application and a geographic identifier associated with the application. The geographic identifier is configured to identify the selected operating region wherein the application will operate on the device. The method further includes transmitting a request to execute the application on the device. The request includes the geographic identifier. Further included in the method is receiving a code. The code prevents an execution of the application on the device if the code is a disable code. The disable code indicates that the device is operating outside the selected operating region. An apparatus for content protection in a wireless network is also provided. | 10-24-2013 |
20130291120 | METHOD AND SYSTEM FOR USER DEFINED LOCAL STORAGE OF INFORMATION AND OBJECTS IN A VIRTUAL WORLD - The invention provides a method and system for securing information for a virtual world environment. The method includes creating information for a virtual world environment, transmitting the information to the virtual world environment from the memory, selectively removing the information from the virtual world environment, and selectively storing the information on a memory external to the server to prevent access from the server. | 10-31-2013 |
20130298257 | DEVICE FOR RIGHT MANAGING WEB DATA, RECORDING MEDIUM FOR PERFORMING METHOD FOR RIGHT MANAGING WEB DATA ON COMPUTER, AND DEVICE AND METHOD FOR PROVIDING RIGHT MANAGEMENT INFORMATION - Disclosed are a device for right managing web data, a recording medium for performing a method for right managing web data on a computer, and a device and a method for providing right management information. In the device for right managing web data, a message processing unit adds agent information, which shows support for right management, to the header of a web data request message that is sent to a web server from a web browser, and sends same to the web server, parses and outputs the right information included in the header of a web data reply message that is sent to the web browser from the web server, and sends web data that is included in the web data reply message to the web browser. Also, a right managing unit controls the output of web data, which is included in the web data reply message, through a web browser based on the parsed right information which is input from the message processing unit. | 11-07-2013 |
20130305384 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO ELECTRONIC DEVICES - A computer implemented method for controlling access to an electronic media source is disclosed. An access control system receives achievement goals and degree of access information. Assessment information is also received by the access control system from one or more input data sources. The access control system determines whether the achievement goals are met based on the received assessment information and forwards an access signal to the electronic media source based on the access determination. The access signal, including a grant signal, is forwarded when the achievement goals are met. | 11-14-2013 |
20130305385 | STREAMING AUDIO PLAYBACK SERVICE AND METHODOLOGY - A service for streaming digital audio files to subscribing consumers is provided in a manner compliant with all applicable licenses. A method of using such service may include downloading licensed audio files onto a server configured to be managed automatically to ensure compliance, employing a playlist algorithm associated with the server that is configured to monitor and record certain attributes about the digital audio files, including the performing rights organization, the composer of the audio files, and/or the identify of the copyright owner of the audio file, and tracking the frequency of regeneration of the audio files on the server. An algorithm may be employed that constrains the streaming of the audio files so that consumers may influence the music that is streamed to them pursuant to consumer subscriptions, but limits the direct control over the specific audio files streamed to the subscribing consumers. | 11-14-2013 |
20130305386 | METHOD FOR PROTECTING SECURITY OF DATA, NETWORK ENTITY AND COMMUNICATION TERMINAL - The present invention relates to communication technologies and discloses a method and an apparatus for protecting security of data, so as to solve the problem of the prior art in which the security of data transmission between a communication terminal which has a characteristic of small data transmission and the network cannot be guaranteed. Information relevant to security context is stored if a communication terminal has a characteristic of small data transmission; current security context is obtained according to the information relevant to security context; and security protection of communication data is performed by employing the current security context. The embodiments of the present invention may be applied to a communication system having a characteristic of small data transmission, such as an MTC and the like. | 11-14-2013 |
20130312111 | EMBEDDING SUPPLEMENTAL CONSUMER DATA - Embodiments of the invention broadly described, introduce systems and methods for combining multiple field values into a normalized value, generating codes using the normalized value, and using the codes as activation codes. One embodiment of the invention discloses a computer-implemented method for generating a code. The method comprises receiving a plurality of field values associated with a set of fields, each of the fields being associated with a field radix, converting the field values into numeric field values, combining, by a processor, numeric field values, each associated with a field, each of the fields associated with a field radix, to generate a normalized value, and generating, by the processor, a code representative of the plurality of field values using the normalized value. | 11-21-2013 |
20130312112 | LICENSING PROTECTED WORKS WITHIN ELECTRONIC INFORMATION NETWORKS - License information, including a license identifier (if present) is associated with a protected work that is published within an electronic information network. The license information indicates a purported license to publish the protected work. The license information may be audited by or on behalf of a licensing entity to determine whether the purported license is a valid license. The protected work may take the form of a protected audio work included within an audio component of a composite media content item that further includes a video component. Publication of a protected work may be granted or denied, access to the protected work may be enabled or blocked, and/or a beneficiary of revenue generated from publication of the protected work may be redirected based on a result of the audit. | 11-21-2013 |
20130318625 | METHOD FOR PROTECTING DATA STORED IN DEVICE AND DEVICE THEREOF - The present invention provides a method for protecting data stored in a device, comprising: automatically acquiring, by the device, fingerprint information of a current user of a device; judging whether the acquired fingerprint information of the current user of the device is the same as registered user's fingerprint information preset in the device; and if the judgment result is the same, calling private data stored in the device, and otherwise calling non-private data stored in the device. The present invention further provides a corresponding device. Through the present invention, it is able to protect the private data of the user in a more hidden manner and to improve the security of the private data. | 11-28-2013 |
20130318626 | SECURING ACCESS TO DISTRIBUTED DATA IN AN UNSECURE DATA NETWORK - A method, a system, a registry, a repository and a computer program product are disclosed for securely accessing sensitive medical data records stored in a repository. Before accessing security-critical data in the repository, a registration inquiry with a separate registry must be carried out in order to obtain a security token having limited temporary validity, for example in the form of a barcode. A data source and/or a data sink can then use the security token to access the security-critical data in that an index module indexes the data record inquired about on the repository. | 11-28-2013 |
20130318627 | Secure Handling of Information Related to a User - Methods and arrangements in a client node and a server node for supporting secure handling of information related to a user, said information being stored by the server node and comprising certain data. The user is assumed to be authenticated towards the server node and to employ a first and a second web application in a web browser supporting cross-Origin resource sharing. The methods and arrangements involve determining whether the first web application is permitted to access the certain data owned by the second web application, and allowing or denying the first web application to access the certain data, based on whether the first web application is permitted to access the data. The methods and arrangements further involve providing user input related to a permission for accessing the certain data, to the server node, and establishing and declaring a mutual trust relation between the first and the second web application. | 11-28-2013 |
20130326634 | Simple Product Purchase for Multisystem Accounts - A system and method are disclosed for managing the assignment of digital goods licenses. A user selects digital goods to be assigned to a group of target systems, followed by the retrieval of digital goods entitlement records for each system in the group. Systems that are not entitled to the selected digital goods are removed, along with any systems that already have the digital goods installed. If an insufficient number of licenses are available for the remaining systems in the group, then the number of required licenses is determined, followed by their procurement. The available and procured digital goods licenses are then respectively assigned to each system in the group. | 12-05-2013 |
20130326635 | TELECOMMUNICATIONS APPARATUS AND METHOD, STORAGE MEDIUM, AND PROGRAM - The present invention relates to a telecommunications apparatus and a method, a storage medium, and a program for determining whether or not an other side communicating apparatus is near in a network. In a transmitting apparatus, a transmitting unit transmits a sending-message, and a control unit receives a response message to the sending-message, which includes acknowledgement information based on shared data and transmission information in the sending-message. The transmitting apparatus also includes a first judging unit that judges whether a response time of the acknowledgement message is less than a predetermined time. A receiving apparatus includes a generating unit that generates the acknowledgment information and transmits the response message to the transmitting apparatus. | 12-05-2013 |
20130333052 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM - An information processing system includes an external system having an external server managing public information, and an internal system having an internal server managing secure information and a terminal outputting information. The external server sends an information generating module to the terminal at an acquisition request source, and the terminal executes the received information generating module, in order to generate information to be provided, using the public information acquired from the external server and the secure information acquired from the internal sever. | 12-12-2013 |
20130340089 | SYSTEMS AND METHODS FOR SECURING SOCIAL MEDIA FOR USERS AND BUSINESSES AND REWARDING FOR ENHANCING SECURITY - The disclosed system and method enhances security of people, organizations, and other entities that use what has been termed “social media.” Recent trends have shown that information posted to social media may cause tremendous damage to individuals and other entities. This includes information that was posted deliberately or unintentionally, including social security numbers, financial data and other sensitive information. Further, information that previously may have been viewed as innocuous, such as location data, has caused harm on certain occasions and may need to be protected. The disclosed system provides a novel method of screening, identifying, and preventing certain information from being posted on social media and other public locations. In addition, the disclosed system and method improves security by motivating people to use security software by offering rewards for its use. | 12-19-2013 |
20130340090 | System Utilizing A Secure Element - A device includes a receiver configured to receive a request to perform a function. A secure element connected with the receiver, the secure element to verify the request to perform the function, where the secure element is configured to operate in either a report mode or a silent mode. Details about a status of the performance of the function are displayed when the device operates in the report mode, and no details about the status of the performance of the function are displayed when the device operates in the silent mode. | 12-19-2013 |
20130340091 | METHOD OF CREATING UI LAYOUTS WITH DESIRED LEVEL OF ENTROPY - A machine-controlled method can include visually presenting to a first user a first user interface for a first transaction involving user-sensitive information, the first user interface having a first user interface layout, and performing processing based on user-sensitive information received by way of user interaction by the first user with the first user interface. The method can also include visually presenting to a second user a second user interface for receiving a second transaction involving user-sensitive information, the second user interface having a second user interface layout that is visually distinct from the first user interface layout and has a desired level of entropy. | 12-19-2013 |
20130340092 | SOFTWARE LICENCE CONTROL - A system for software license control is described that is particular useful for use in a virtualized system, such as a cloud computing system. A module can be made available for use within the virtualized network, wherein a license fee is payable for use of the module. The module includes a license file that can be located wherever it is required. In addition, a central license file is provided at an administration node. The central license file is configured such that it can only be operated from that administration node, thereby preventing the copying of that file. The license file operating in the virtual network communicates with the central license file. The central license file controls the use of the licensed module. | 12-19-2013 |
20130347124 | Accessing Restricted Resources In Computer Programming - A computerized method for providing a computer code an access to a restricted resource of a computer program, comprising modifying an at least one duplicate of an at least one declaration file of the computer program by removing a restriction definition of an at least one resource of the computer program that is referred to by the computer code, thereby generating an at least one modified declaration file, and building a computer application comprising the computer code and also the computer program as being dependent on the at least one modified declaration file, thereby providing access to the at least one resource originally defined as restricted, and an apparatus for performing the same. | 12-26-2013 |
20130347125 | Secondary Asynchronous Background Authorization (SABA) - A system for identify threats to the security of an owner's electronic information by performing a secondary background authorization (SABA) that is transparent to the requester to verify or flag unauthorized access to systems, data or company offices being requested. The secondary background authorization relies on a proprietary security, big data pattern-matching, and modeling approach made possible by the creation, expansion, and analysis of new “data streams” that, together with Operating systems, applications, and devices data, uniquely allows the system to determine a security access risk and provide information to the owner. | 12-26-2013 |
20140007254 | SELECTION OF SANDBOX FOR INITIATING APPLICATION | 01-02-2014 |
20140007255 | Privacy Control in a Social Network | 01-02-2014 |
20140007256 | Remotely Defining Security Data for Authorization of Local Application Activity | 01-02-2014 |
20140013440 | USER LICENSE CALCULATION IN A SUBSCRIPTION BASED LICENSING SYSTEM - Embodiments of the present invention may provide a method of calculating a user license for a software application. The method may include compiling, by a server, user interface components associated with a business role; generating a logical set for each compiled user interface component, the logical set including at least one license type required to access the user interface component; applying an intersection process on the logical sets to generate a result set including at least one result license type that can provide access to all the compiled user interface components, and assigning at least one result license type as the user license for the business role. | 01-09-2014 |
20140013441 | Private Anonymous Electronic Messaging - Private anonymous electronic messaging between a message originator and a message recipient within an organization encourages open communication which can provide information to the organization that might otherwise be secreted from the organization, and can allow the message originator to obtain desired help (e.g., counseling). By profiling of the message originator based on current and previous electronic messaging within the system as well as external organizational information (e.g., behavioral or financial information), the system can assess concerns yet act as a gateway to protect the message originator's true identity through escalating levels of concern unless a genuine concern about the health, well-being, and/or safety of the message originator, others, or the organization is indicated, in which case the system can reveal the true identity of the message originator as appropriate. | 01-09-2014 |
20140013442 | INFORMATION MONITORING APPARATUS AND INFORMATION MONITORING METHOD - The present invention provides an information monitoring apparatus and an information monitoring method which make it possible to prevent personal information from being acquired by a disclosure requester for the purpose of an unfair use thereof. The information monitoring apparatus includes: a means for storing therein acquired attribute information corresponding to at least one acquired attribute which has already been acquired by an acquisitor, a means for, on the basis of the acquired attribute information and disclosed attribute information corresponding to a disclosed attribute targeted for disclosure to the acquisitor, determining whether or not attribute synthetic information resulting from synthesizing the acquired attribute and the disclosed attribute satisfies each of predetermined one or more determination conditions, and a means for executing predetermined protection processing on an attribute on the basis of the result of the determination. | 01-09-2014 |
20140013443 | Location Sensitive Solid State Drive - A data storage system including a SSD includes a capability to detect whether its location is acceptable for function, and a capability to self-disable in the event the location of the device is unacceptable, or to self-enable only while the location of the device is acceptable. | 01-09-2014 |
20140020113 | Mechanism to Synchronize Clients in a Digital Rights Management Environment - Disclosed are embodiments for determining where a license period for consuming content is expired. An exemplary embodiment involves receiving content for consumption on a client device, the content being associated with a license agreement defining a license period for consumption and determining whether the license period has expired based at least in part on a current time received from a server, the server being separate from the client device. The embodiment then involves terminating access to the content based on a determination that the license period has expired. | 01-16-2014 |
20140020114 | METHODS AND APPARATUSES FOR INTEGRATING A PORTION OF SECURE ELEMENT COMPONENTS ON A SYSTEM ON CHIP - A method, an apparatus, and a computer program product for wireless communication are provided in connection with providing efficient SE functionality. In one example, a communications device includes a SE which includes a processor, RAM, and NVM, and secured and unsecured components. The SE may be equipped to receive a request to access a function that is accessible through information stored in the SE, retrieve a first portion of the information associated with the function that is stored in the secured component, obtain a second portion of the information associated with the function that is stored in the unsecured component, and facilitate access to the function using the first retrieved portion of the information to enable access to the second obtained portion of the information. In an aspect, the secured component may include the processor and the RAM, and the unsecured component may include substantially all of the NVM. | 01-16-2014 |
20140026228 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD - According to one embodiment, an information processing apparatus includes a management module and a control module. The control module detects an event of requesting install of an application program, and transmits, prior to execution of the install, install event information including an application name of the application program to the management module. The management module notifies the install event information to a determination program, and transmits to the control module a determination result indicative of permission or prohibition of the install, the determination result being received from the determination program. | 01-23-2014 |
20140033321 | METHOD AND APPARATUS FOR SECURELY EXECUTING MULTIPLE ACTIONS USING LESS THAN A CORRESPONDING MULTIPLE OF PRIVILEGE ELEVATION PROMPTS - A method and apparatus for securely executing a plurality of actions requiring elevated privilege using less than a corresponding plurality of prompts for privilege elevation, and in some embodiments, only a single prompt for privilege elevation, comprising: receiving a request to perform a first action requiring an elevated privilege; acquiring the elevated privilege to perform the first action; executing the first action, wherein the first action is executed based on the elevated privilege; receiving a request to perform a second action requiring an elevated privilege; and executing the second action using the elevated privilege acquired for the first action. | 01-30-2014 |
20140033322 | METHOD AND APPARATUS FOR MAPPING - A mobile device including a mobile device computer memory, a mobile device computer processor, a mobile device computer display, a mobile device computer interactive device, and a mobile device transmitter/receiver; and a server computer including a server computer memory, and a server computer processor. The mobile device computer processor may be programmed to allow a user by use of the mobile device computer interactive device to store a plurality of data objects in the server computer memory via transmission by the mobile device transmitter/receiver to the server computer, wherein each of the plurality of data objects includes data concerning a geographic location, such that there are a plurality of geographic locations, one geographic location for each of the plurality of data objects. The computer server processor may be programmed to restrict access to information concerning each geographic location such that this information is not available to the general public. | 01-30-2014 |
20140033323 | Secure Time for Mobile Devices - Methods and devices for clock roll-back detection in non-secure mobile platforms are disclosed. A first time is received from a secure time source. The first time is recorded as a last known good time (“LKGT”) in secure storage on the mobile device. The LKGT is advanced and stored whenever a triggering event occurs. The mobile device receives a second time from the secure time source and records the second time as a subsequent stored LKGT in secure storage. | 01-30-2014 |
20140033324 | SYSTEM AND METHOD FOR ADVANCED CONTROL TOOLS FOR ADMINISTRATORS IN A CLOUD-BASED SERVICE - A cloud-based platform (e.g., cloud-based collaboration and/or storage platform/service) is described that provides advanced control tools for administrators of an enterprise account. The advanced control tools permit the administrator to set mobile security settings for mobile devices running applications that allow a user to access enterprise data in the cloud-based platform; activity notification archiving; support for multiple email domains; automation processes; and policies. The settings selected by the administrator are applied enterprise-wide within the cloud-based platform. | 01-30-2014 |
20140033325 | NON-VOLATILE MEMORY FOR ANTI-CLONING AND AUTHENTICATION METHOD FOR THE SAME - A method and a non-volatile memory apparatus for cloning prevention is provided. The non-volatile memory apparatus includes an Enhanced Media Identification (EMID) area, which is located in a specific area of the non-volatile memory, and stores an identification for identifying the non-volatile memory; and an EMID encoder for modifying the identification by a preset operation in conjunction with an arbitrary value, wherein the EMID area includes a first area in which reading by an external device is prevented, and a second area in which reading from the non-volatile memory by the external device is permitted in response to a read command. | 01-30-2014 |
20140041043 | DIGITAL RIGHTS MANAGEMENT USING DEVICE PROXIMITY INFORMATION - A method and system utilizing proximity information in managing digital rights is provided. An example method includes receiving a request to access a content item at an electronic device, determining proximity information using at least one processor, the proximity information indicating proximity of the electronic device to a designated base electronic device and using the proximity information for granting or denying access to the content item. | 02-06-2014 |
20140041044 | CONTROLLING ACCESS TO A SHARED FILE - A shared data store may be accessible to a plurality of electronic devices and used to share files in a collaboration setting. A shared file is shared by a first electronic device with a second device via a connection between the first electronic device and the shared data store. A coordinating electronic device associated with the shared data store monitors the connection with the first electronic device. If a loss in the connection is detected, the coordinating electronic device may cause access to the shared file to become restricted to the second electronic device responsive to the loss of the connection. | 02-06-2014 |
20140041045 | DIGITAL RIGHTS MANAGEMENT (DRM) LOCKER - Methods, apparatuses and storage medium associated digital rights management (DRM) using DRM locker is disclosed herein. In embodiments, a DRM locker is provided to a client device. The DRM locker may be configured to store a number of DRM licenses or keys for a number of DRM protected contents. The DRM locker, on presentation of an associated locker key, may respond to a request for one or more of the stored DRM licenses or keys, to enable consumption of the corresponding DRM protected contents using the client device. Other embodiments may be disclosed or claimed. | 02-06-2014 |
20140041046 | SYSTEMS AND METHODS FOR CONDITIONAL ACCESS AND DIGITAL RIGHTS MANAGEMENT - Conditional access (CA) and digital rights management (DRM) in digital media delivery, processing, and storage systems. Methods and apparatuses are provided for managing digital rights under the protection of multiple CA and/or DRM systems. Some embodiments provide secure and robust methods for bridging multiple DRM systems in the digital media content distribution and playback systems. The present invention simplifies content repurposing, after it has been bridged to a secondary DRM system, but still under the control of the original DRM system. | 02-06-2014 |
20140041047 | PRIVACY PRESERVING METHOD FOR SUMMARIZING USER DATA - A method includes, in a server residing in a network of interconnected computers, receiving user data, dissecting the received user data into a plurality of key/value pairs, iterating through the plurality of key/value pairs, generating a new data structure in the memory of the server for each key/value pair that do not exist, inserting a UserID into a set associated for a specific key/value pair, storing the key/value sets, and destroying the received user data. | 02-06-2014 |
20140041048 | Online Privacy Management - A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon for display on webpages being monitored/controlled in realtime by the PMS. | 02-06-2014 |
20140041049 | METHOD AND APPARATUS FOR VARIABLE PRIVACY PRESERVATION IN DATA MINING - Improved privacy preservation techniques are disclosed for use in accordance with data mining. By way of example, a technique for preserving privacy of data records for use in a data mining application comprises the following steps/operations. Different privacy levels are assigned to the data records. Condensed groups are constructed from the data records based on the privacy levels, wherein summary statistics are maintained for each condensed group. Pseudo-data is generated from the summary statistics, wherein the pseudo-data is available for use in the data mining application. Principles of the invention are capable of handling both static and dynamic data sets | 02-06-2014 |
20140041050 | METHOD FOR DISPLAYING INFORMATION ON A DISPLAY DEVICE OF A TERMINAL - The invention relates to a method for displaying information on a display device (D | 02-06-2014 |
20140047554 | APPARATUS CAPABLE OF EXECUTING ADJUSTING OPERATION, CONTROL METHOD FOR CONTROLLING ADJUSTING OPERATION OF APPARATUS, AND STORAGE MEDIUM - The apparatus includes a management unit configured to manage an access right that is assigned to each of a plurality of users, and a storage unit configured to store a plurality of scenarios including the adjusting operation of the apparatus and a first access level that is assigned to each of the scenarios. Furthermore, the apparatus determines whether or not a scenario can be executed with the access right given to a user, by comparing the access right of the user with the first access level stored in the storage unit, and displays, before the scenario is executed, at least one of the plurality of scenarios on a display unit such that the determination result can be displayed identifiably. | 02-13-2014 |
20140047555 | METHOD AND SYSTEM FOR SECURING A SOFTWARE PROGRAM - The invention relates to a method for securing an original software program using a secret, comprising the following steps consisting in: partitioning ( | 02-13-2014 |
20140053277 | METHOD AND APPARATUS FOR PROVISIONING SUBSCRIPTION PRODUCTS - A method and apparatus for provisioning a subscription product is disclosed. The method comprises receiving a request for a subscription product; retrieving a profile and at least one subscription associated with the profile, wherein the at least one subscription comprises a plurality of subscription details; validating the plurality of subscription details; retrieving product data for the subscription product based on the validated subscription details; determining a dominant subscription product when there are at least two subscriptions associated with the profile; and sending the product data for the dominant subscription product, wherein the product data enables activation of a product license. | 02-20-2014 |
20140053278 | DATA AND KEY SEPARATION USING A SECURE CENTRAL PROCESSING UNIT - A computing system, comprising includes a first central processing unit (CPU) and a second CPU coupled with the first CPU and with a host processor. The second CPU and the host processor may both request the first CPU to generate keys that have access rights to regions of memory to access specific data. The first CPU may be configured to, in response to a request from the second CPU, generate a unique key with a unique access right to a region of memory, the unique key usable only by the second CPU, not the host processor. | 02-20-2014 |
20140053279 | AUTHENTICATION METHOD FOR AUTHENTICATING A FIRST PARTY TO A SECOND PARTY - This invention relates to an authentication method for authenticating a first party to a second party, where an operation is performed on condition that the authentication succeeds. If the first party is not authenticated, then if the first party qualifies for a sub-authorization, the operation is still performed. Further, a device that comprises a first memory area holding a comparison measure, which is associated with time, and which is also used in said authentication procedure, a second memory area holding a limited list of other parties which have been involved in an authentication procedure with the device, and a third memory area, holding compliance certificates concerning parties of said list. | 02-20-2014 |
20140059699 | INDEXED SECURITY FOR USE WITH DATABASES - A computer-implemented method for providing security in a relational database hosted by a first server, and configured to interact with a second server, includes associating a first ownership vector with an object in the relational database, detecting a change to the object, and associating a second ownership vector with the object in response to detecting the change to the object. | 02-27-2014 |
20140059700 | DEVICE AND METHOD FOR DETERMINING CONTENT OF ACCESS CONTROL OF DATA - Determining the content of access control to data based on classification results obtained by classifying data includes recording setting information that sets a plurality of classification engines for predetermined conditions related to either data or to the access to the data and acquiring data subject to access when access to the data subject to access is requested. Responsive to satisfaction of predetermined conditions related to either the data subject to the access or access to the data subject to access, classification of data subject to access by the plurality of classification engines set for predetermined conditions in the setting information is indicated using a processor. Further, using the processor, the content of access control to the data subject to access based on classification results obtained by the plurality of classification engines classifying data subject to access is determined based on the indicating classification of data. | 02-27-2014 |
20140059701 | METHOD OF PROTECTING AND MANAGING DIGITAL CONTENTS AND APPARATUS THEREOF - A method and an apparatus for protecting and managing digital contents are provided. The method of protecting and managing digital contents includes receiving the digital contents, determining whether the digital contents are secure contents whose use is limited, and storing secure contents in a secure memory which is refreshed at a life cycle of a predetermined period when the digital contents are the secure contents. | 02-27-2014 |
20140059702 | System and Method to Associate a Private User Identity with a Public User Identity - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record. | 02-27-2014 |
20140068786 | Securing Operating System/Web Server Systems and Methods - Systems and methods for securely operating web servers, operating systems, etc. Methods of embodiments include creating virtual roots for executive jails and corresponding administrative jails within parent operating systems. Embodiments also include setting privileges associated with each of the executive jails to disk read-only. Moreover, administrative jails are hidden from executive jails and the parent operating system is hidden from both sets of jails. Also, the methods include cross mounting user configuration information and/or applications from the administrative jails and in to the corresponding executive jails. Methods can include password protecting the administrative jails and/or restricting the executive jails from initiating outbound communications. Methods can also include storing security related syslog data in locations associated with parent file structure of the parent operating systems. Methods can also include storing web log related syslog data in locations associated with the administrative jails thereby providing, as desired, compliance/auditing reporting functions. | 03-06-2014 |
20140075568 | Security Layer and Methods for Protecting Tenant Data in a Cloud-Mediated Computing Network - A system for protecting data managed in a cloud-computing network from malicious data operations includes an Internet-connected server and software executing on the server from a non-transitory physical medium, the software providing a first function for generating one or more security tokens that validate one or more computing operations to be performed on the data, a second function for generating a hash for each token generated, the hash detailing, in a secure fashion, the operation type or types permitted by the one or more tokens, a third function for brokering two-party signature of the one or more tokens, and a fourth function for dynamically activating the one or more signed tokens for a specific time window required to perform the operations permitted by the token. | 03-13-2014 |
20140075569 | DISPLAY APPARATUS AND DISPLAY PROGRAM - Provided are a display apparatus and a display program that may prevent data for personal use from becoming known to a third party, when the third party unexpectedly appears while a user is using the display apparatus. The display apparatus includes a display unit configured to display a screen based on specific data of a specific user for personal use; a detection unit configured to detect a person and determine whether the detected person is the specific user or a third party other than the specific user; and a display control unit configured to convert the screen of the display unit into a screen hiding the specific data when the third party is detected by the detection unit. | 03-13-2014 |
20140082744 | AUTOMATIC SHARING OF USER INTERACTIONS - The subject disclosure relates to a method comprising steps for receiving reference object information, wherein the reference object information is based on a first user's interaction with a content item, determining that a second user is interacting with the content item, receiving item object information, wherein the item object information is based on the second user's interaction with the content item and determining that the second user has access rights to the reference object information based on the second user and the second user's interaction with the content item. In certain aspects, the method can further comprise steps for providing at least a portion of the reference object information for an electronic device associated with the second user. Systems and computer-readable media are also provided. | 03-20-2014 |
20140082745 | CONTENT-DRIVEN SCREEN POLARIZATION WITH APPLICATION SESSIONS - The disclosure relates to rendering content on a display. An embodiment creates a plurality of sessions between the display and a content delineating device, determines, by the content delineating device, a sensitivity level of content, and renders content having a first sensitivity level in a first session and content having a second sensitivity level in a second session. | 03-20-2014 |
20140082746 | EXTENSIBLE PROTOCOL FOR LOW MEMORY AGENT - A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server. | 03-20-2014 |
20140090079 | BUSINESS DATA BROWSING SYSTEM MANAGING THE RETENTION PERIOD OF BUSINESS DATA - In a server of a business data browsing system, a management unit makes retention period information associated with business data of a user to be stored into a database. A determining unit is operative in response to a browsing inquiry of the business data held in a user terminal to reference the retention period information of the business data stored in the database to thereby determine whether or not browsing of the business data is permitted to produce a determination result. A transmitting unit transmits the determination result toward the user terminal. Thus, it is possible to improve the security level and convenience of business data held in the user terminal. | 03-27-2014 |
20140090080 | ELECTRONIC APPARATUS AND CONTROL METHOD - According to one embodiment, an electronic apparatus includes a close proximity communication module and a controller. The close proximity communication module executes close proximity communication. The controller receives, by using the close proximity communication, first account information from an external apparatus close to the electronic apparatus in response to an account setting request from the external apparatus, and sets the first account information in the electronic apparatus. The first account information is information for logging in to a server system configured to provide a certain service. | 03-27-2014 |
20140090081 | Privacy Preserving Data Search - Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights. A search key can be generated based on the received query, and the selected index can be searched using the search query. Database entries mapped to the values of the selected index returned in response to the search can be outputted. Each index is associated with a different granularity defining the number and/or ambiguity of search results returned in response to searching an index. | 03-27-2014 |
20140090082 | DATA ISOLATION IN SHARED RESOURCE ENVIRONMENTS - A data connection of a shared resource is placed in isolation mode to remove its ability to communicate with other data connections of the shared resource. This ability to isolate the data connection is dynamic in that it can be turned on/off at any time. This provides increased data security for the entities using the data connection. | 03-27-2014 |
20140090083 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - The present invention enables execution of predetermined content usage control processing without depending on a framework of a content playback program (application). Upon content playback processing, a flag which sets information of determination as to whether or not it is necessary to refer to a management information file such as a token or a usage control information file associated with content is recorded in a content file including encrypted content to be stored in a recording medium. Upon the content playback processing, a playback apparatus acquires the content file including the encrypted content stored in the recording medium, refers to a flag recorded in the content file and determines whether or not it is necessary to refer to the management information file based on a setting of the flag. When the setting of the flag indicates that it is necessary to refer to the management information file, it is possible to select a correct management information file based on a content file identifier as a search key. | 03-27-2014 |
20140096263 | SYSTEMS AND METHODS FOR ENABLING AN AUTOMATIC LICENSE FOR MASHUPS - Systems and methods for managing digital rights settings are provided. In some aspects, the systems and methods described include receiving user input including an order for obtaining access rights to a media asset. Control circuitry determines whether the media asset is associated with a first package of media assets. The control circuitry cross-references a database of user order history to determine whether the user has obtained access rights for each media asset in the first package of media assets. If the user has obtained access rights for each media asset in the first package of media assets, the control circuitry generates digital rights settings for each media asset in the first package of media assets to enable the user to create a mashup. The mashup includes portions of at least one media asset in the first package. The control circuitry generates a display based on the digital rights settings. | 04-03-2014 |
20140096264 | ANALYTE DATA RETRIEVER - Methods and apparatus, including computer program products, are provided for processing analyte data. In some example implementations, a method may include receiving, at a first processing system including a user interface, an installation package including a plug-in and code configured to provide at the first processing system an interface between a sensor system configured to measure an analyte concentration level in a host and a second processing system; storing, by the first processing system, the installation package in a location based on a role of a user initiating the installation of the code; installing the plug-in for the user interface to enable the plug-in to control one or more aspects of an installation of the code; and initiating, by at least the plug-in, the installation of the code at the first processing system to provide the interface. Related systems, methods, and articles of manufacture are also disclosed. | 04-03-2014 |
20140101775 | METHOD AND SYSTEM FOR DELIVERING ENCRYPTED DATA FROM A GATEWAY SERVER BASED ON A SENDER PREFERENCE - A method, system and computer program product configured for providing a recipient with an email message or data according to a delivery preference definition. According to an embodiment the delivery preference definition is defined by a sending enterprise, and comprises one or more secure delivery mechanisms. The system comprises an encrypted gateway server configured to receive the email message or data and apply, e.g. encrypt, the email according to one of the secure delivery mechanisms selected according to the delivery preference definition. The encrypted gateway server attempts delivery of the encrypted email message or data. According to an embodiment, another secure delivery mechanism may be selected and delivery attempted if the first or previous attempt does not succeed. | 04-10-2014 |
20140101776 | Digital Asset Distribution Media - Content distribution devices and systems are presented. A content distribution device can include a memory storing a secured media asset where a media player is restricted from fully rendering the asset. The memory of the device can also store an asset descriptor key, which can be used, in conjunction with media player identification information, to obtain an asset access key from a rights management server. The asset access key can include authorization parameters that govern an extent to which the media player can render the asset. | 04-10-2014 |
20140101777 | APPARATUS AND METHOD FOR PROTECTING DATA IN TERMINAL - An apparatus and a method for protecting data in a lock-screen state of a terminal are provided. The apparatus includes a controller for preventing access to data by performing a protection function for the data in a lock screen mode and controlling to release the protection function for the data in a lock screen release mode, and a memory protection area for the protection function in the lock screen mode. | 04-10-2014 |
20140101778 | METHOD, A SYSTEM AND AN APPARATUS FOR DELIVERING MEDIA LAYERS - A system for facilitating access to multiple layer media items over communication network. The system comprises a media database which is used for storing multiple layer media items as independently accessible channels. The system further comprises plurality of subscriber applications which are connecting via a communication network, e.g. The Internet, to the media database. Users can use the subscriber application to access to each channel of the multiple layer media items independently. | 04-10-2014 |
20140101779 | Software Distribution Service Federation - Software update distribution techniques are disclosed. Authentication information is received, from a content source authenticator, by an update agent included in a client device. The authentication information comprises a list of a plurality of content sources, wherein the plurality of content sources have been verified by the content source authenticator as being authentic content sources for legitimate software applications. The update agent selects a first content source of the plurality of content sources, where the first content source is configured to provide updates for a first software application. The update agent checks the first content source for updates for the first software application. | 04-10-2014 |
20140109234 | SYSTEMS AND METHODS FOR LIMITING THE NUMBER OF ELECTRONIC DEVICES ACCESSING DIGITAL RIGHTS MANAGEMENT (DRM) CONTENT IN A PORTABLE MEMORY DEVICE - A system for managing access to DRM content is provided with a portable memory device and an electronic device coupled to the portable memory device. The portable memory device includes a public area for storing software and the DRM content, and a hidden area for storing data on predetermined addresses among all addresses in the hidden area. The software is executed by the electronic device for obtaining a first identification associated with an electronic device in response to the portable memory device being coupled to the electronic device, and only allowing the electronic device to access the DRM content in response to the first identification being equal to the data on one of the predetermined addresses, or the first identification being different from the data on the predetermined addresses and the data on one of the predetermined addresses being equal to a predetermined number. | 04-17-2014 |
20140109235 | Directing Users to Preferred Software Services - A mechanism is provided for directing users to preferred software services. An indication from a user for a software service that provides a function identified by the user is identified. One or more software services that provide the function identified by the user are identified and a determination is made as to whether an existing subscription is in place for a subset of the one or more software services. Responsive to the existing subscription being in place for the subset of the one or more software services, the subset of software services that have existing subscriptions are presented to the user. | 04-17-2014 |
20140109236 | LICENSE INFORMATION ACCESS BASED ON DEVELOPER PROFILES - Disclosed herein are systems, methods, and software for facilitating application licensing. In at least one implementation, license information for an application is identified based at least in part on a developer profile associated with the application and a state of a license for the application identified from at least a portion of the license information. Presentation of the application in accordance with the state of the license for the application can then be initiated. | 04-17-2014 |
20140109237 | APPLICATION MODES DETERMINED FROM PREVIOUS AND CURRENT STATES OF A LICENSE - Disclosed herein are systems, methods, and software for facilitating application licensing. In at least one implementation, a previous state of a license for an application is identified upon launching or otherwise engaging the application. In addition, a current state of the license for the application is identified. A determination is made with respect to in which mode to present the application based on the previous state and the current state. Presentation of the application in the determined mode may then be initiated. | 04-17-2014 |
20140109238 | Business Partner Data Deletion For Privacy - Various embodiments illustrated and described herein include at least one of systems, modules, processes, methods, and software that operate to keep customer, vendor, and business partner private information private. | 04-17-2014 |
20140109239 | Collaborative cloud-based sharing of medical imaging studies with or without automated removal of protected health information - The present invention teaches a method wherein medical imaging studies are transformed from Identifiable Imaging Studies into Cleared Imaging Studies that can be legally and securely shared, either by automated removal of protected health information (PHI) or by verification that the studies belong to a Patient or Patient's Legal Representative and that a valid effective waiver, such as a HIPAA Waiver, is on file. Cleared Imaging Studies are shared by cloud-based storage and transmission to one or more Third Parties using one or more network-enabled devices. Methods are also provided for one or more users of network-enabled devices to view medical imaging studies simultaneously, with caching of imaging studies in local devices and separation of additional data streams used for collaborative image viewing to ensure that medical images are not degraded. | 04-17-2014 |
20140109240 | SECURING ACCESS OF REMOVABLE MEDIA DEVICES - A securing apparatus includes a security adapter configured to be engaged with an electronic device. The security adapter includes an interface to couple to a host device. The securing apparatus further includes a securing structure that is lockable. When the security adapter is engaged with the electronic device, the securing structure is configurable to transition from an unlocked configuration to a locked configuration to constrain communication of one or more requests from the host device for read access or write access to the electronic device, such that the communication between the host device and the electronic device occurs via the security adapter. | 04-17-2014 |
20140115718 | Set Top Box Architecture With Application Based Security Definitions - A media processing device, such as a set top box, having selectable hardware and software components for forming media pathways compliant with security definitions provided by downloaded or preinstalled software applications. Such applications may include, for example, a downloadable conditional access security or DRM element/definition. A corresponding certification process can entail certifying a portion of an overall secure pathway, with one or more applications providing the final portion of the certification. Alternatively, predefined conditional access mechanisms are provided, with an application establishing which mechanism is to be used. In various embodiments, a set top box or resident software application may exchange capabilities with other devices in a media consumption network to compare against the requirements of the software application. Once the information exchange is complete, the software application may select which one or more modes of operation or media pathways, if any, that it will permit. | 04-24-2014 |
20140115719 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD - An information processing apparatus includes a storage and a processor. The storage stores threat access information and resource information. The threat access information indicates a resource to which an access causes a threat to protection of data to be protected if the resource is accessed within a period from a starting to an ending of a first program that handles the data. The resource information indicates a resource to be accessed based on a second program. The processor is coupled to the storage and configured to control execution of the second program to prohibit an access to the data by the second program within the period in accordance with the threat access information and the resource information. | 04-24-2014 |
20140115720 | LICENSE VERIFICATION METHOD AND APPARATUS - A method and apparatus are provided for verifying a license of software including binary files. The license verification method includes acquiring a binary file; extracting a symbol and a command sequence from the binary file; and verifying the symbol and the command sequence using a database including licenses to be verified. | 04-24-2014 |
20140115721 | Media Resource Access Control Method and Device - A media resource access control method and device, where the method includes: receiving, by a universal plug and play (UPnP) media server, a media resource identifier sent by a control point and acquiring preset verification information corresponding to the media resource identifier; receiving a media resource acquisition request sent by a UPnP media player, where the media resource acquisition request contains to-be-verified information; and verifying the to-be-verified information by using the preset verification information, and if the verification is passed, sending a media resource corresponding to the media resource identifier to the UPnP media player. | 04-24-2014 |
20140123305 | METHODS AND SYSTEMS FOR MANAGING DATA - Computationally implemented methods and systems include acquiring data regarding a device having a particular protected portion for which the device is configured to selectively allow access, facilitating presentation of an offer to carry out at least one service, said at least one service at least partly related to the device, in exchange for access to the particular protected portion of the device, and facilitating performance of at least a portion of the at least one service that is at least partly related to the device, in response to a grant of access to the particular protected portion of the device. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 05-01-2014 |
20140123306 | METHODS AND SYSTEMS FOR MANAGING DATA - Computationally implemented methods and systems include identifying one or more services configured to be provided to a user of a device, said identifying at least partly based on data regarding one or more properties of the device, requesting access to data collected by one or more portions of the device, in exchange for providing at least a portion of one of the one or more identified services, and providing at least a portion of the one or more services after receiving access to the data collectable by one or more portions of the device. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 05-01-2014 |
20140123307 | METHODS AND SYSTEMS FOR MANAGING DATA - Computationally implemented methods and systems include acquiring data regarding a device having a particular protected portion for which the device is configured to selectively allow access, facilitating presentation of an offer to carry out at least one service, said at least one service at least partly related to the device, in exchange for access to the particular protected portion of the device, and facilitating performance of at least a portion of the at least one service that is at least partly related to the device, in response to a grant of access to the particular protected portion of the device. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 05-01-2014 |
20140123308 | METHODS AND SYSTEMS FOR MANAGING DATA AND/OR SERVICES FOR DEVICES - Computationally implemented methods and systems include determining that a device has particular data that is designated as potentially valuable wherein access to the particular data is restricted, determining one or more services configured to be carried out on the device, said one or more services using the particular data to which the access is restricted, and facilitating presentation of an offer to facilitate carrying out one or more services that use the particular data. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 05-01-2014 |
20140123309 | METHODS AND SYSTEMS FOR MANAGING DATA AND/OR SERVICES FOR DEVICES - Computationally implemented methods and systems include determining that a device has particular data that is designated as potentially valuable wherein access to the particular data is restricted, determining one or more services configured to be carried out on the device, said one or more services using the particular data to which the access is restricted, and facilitating presentation of an offer to facilitate carrying out one or more services that use the particular data. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 05-01-2014 |
20140123310 | VEHICLE BATTERY DATA STORAGE AND ACCESS SYSTEM AND METHOD - A storage battery comprises a data storage device that allows for storing and retrieving data that may be useful during the life of the battery. The device may include a radiofrequency tag applied to the surface of the battery. Data stored in the device may be accessed by various devices, such as battery analyzers that perform remaining life other analyses. Some or all of the data may be encrypted to require that approved or licensed devices only access and use the data. Some data may be encrypted in one manner, requiring a first key, and other data in a different manner, requiring a different key. The different data sets may have different purposes, such as for battery analysis (using no encryption or requiring the first key), and for warranty, manufacturing, retail tracking and other purposes (using the second key). | 05-01-2014 |
20140123311 | PROGRESSIVE UNLOCKING OF E-BOOK CONTENT - Approaches for progressively unlocking e-book content are provided wherein access is granted to a first set of e-books, wherein the first set is a subset of a second set of e-books to which access is restricted. Data is received indicating that one of the e-books in the first set has been read, and then it is determined whether access to an e-book in the second set should be granted. If so, access to an e-book in the second set is granted, wherein the e-book in the second set is chosen based upon an analysis of previously-read e-books in the first set. | 05-01-2014 |
20140130179 | SYSTEM AND METHOD FOR PROVIDING A MULTIMEDIA DEGITAL RIGHTS TRANSFER FOLLOW ME SERVICE - A method for transferring digital multimedia rights, the method including but not limited to requesting permission from the destination end user to transfer the digital multimedia rights to the destination end user device; and if the permission is received from the destination end user, canceling the source set of digital multimedia rights associated with the source end user and transferring the source set of digital multimedia rights associated with the source end user to the destination end user device. A system and computer program product are disclosed for performing the method. | 05-08-2014 |
20140130180 | CONTROL OF ACCESS TO FILES - A method, system and program product for using access-control lists to control access to categorized computer files. Two or more computer files are each associated with one of a set of possible classifications that fall within a single category and an access-control list associates a user with a subset of these classifications. In response to the user's request for access to one of these files, where the request specifies the requested file but does not specify the category of the requested file, the processor identifies the requested file's category based on that file's associated classifications, checks the access-control list to determine that the user is authorized to access files of the identified category, and then grants the requesting user access to the requested file. | 05-08-2014 |
20140130181 | DRM SYSTEM - A method of and system for digital rights management, in which access to a piece of content is granted in accordance with a license owned by a license owner to a client who is a member of a domain. This requires successfully verifying that a membership relation exists between the client and the domain as reflected in a first state variable, and that an association relation exists between the license owner and the domain as reflected in a second state variable. Both relationships are revoked by executing an online protocol between the parties in the relationship after which both remove the corresponding state variable. The domain controller propagates the state administration relating to the domain is propagated to the client so that the client can update its state administration. | 05-08-2014 |
20140130182 | Controlled Grant Of Access To Media Content - A computer implemented method and system for controlling grant of access to first media content (FMC) is provided. A content access management application (CAMA) dynamically analyzes user characteristics on detection of a user attempt to access the FMC on a content display interface. The CAMA receives decision criteria, for example, preset rules, user segments, etc., via a criteria reception interface, dynamically creates one or more dynamic media content objects including a locking media content object and a non-locking media content object, and dynamically inserts the dynamic media content objects into one or more sections of the content display interface based on the analyzed user characteristics and one or more of the decision criteria. Each dynamic media content object either restricts access to the FMC displayed on the content display interface until an access condition is met or grants access to the FMC while displaying second media content, for example, advertisements. | 05-08-2014 |
20140130183 | Managing Confidential Information - An information processing apparatus, method, and program product for appropriately setting confidentiality of a target electronic document even when copied data is pasted into a document from an electronic document including confidential information, without limiting replication from an electronic document including confidential information depending on attributes of the target electronic document. Also provided is an information processing apparatus, method and program product that saves content data specified by the user and a label indicating the confidentiality of the electronic document including the content data in a clipboard; pastes the user-specified content data to a target electronic document; temporarily saves the label for the electronic document including the user-specified content data in a data table which stores electronic document labels, as a label for the target electronic document; checks the confidentiality of the target electronic document; and establishes or deletes the temporarily saved label. | 05-08-2014 |
20140130184 | System and Method for Providing Access to Verified Personal Background Data - Access to verified personal background data is provided in the form of an electronic document that includes a data record having personal background data and corresponding verification information as well as an electronic authentication of the contents of the data record. The data record is associated with a unique identifier. The electronic document may be distributed over a communication network to a person providing the identifier. | 05-08-2014 |
20140137264 | METHOD AND APPARATUS FOR PRIVACY-ORIENTED CODE OPTIMIZATION - Methods and apparatuses are provided for automatically optimizing application program code for minimized access to privacy data. A privacy-oriented code optimizing module process and/or facilitate a processing one or more code segments, one or more execution logs associated with the one or more code segments, or a combination thereof to determine at least one privacy intrusion signature associated with the one or more code segments. Further, the privacy-oriented code optimizing module determines one or more recommendations for one or more alternate code segments based, at least in part, on the at least one privacy intrusion signature. | 05-15-2014 |
20140137265 | System and Method For Securing Critical Data In A Remotely Accessible Database - A system and method for securing data on data network accessible server including computer implement the steps of receiving user data from a remote application over a write-only data interface, and identifying in the first database a subset of received user data as selectively replicated user data and transmitting the identified selectively replicated user data over a secured data interface. The method also includes receiving the transmitted selectively replicated user data over a communicatively coupled second secured data interface and storing the received selectively replicated user data in a transactional database. The method further includes receiving a request for requested user data from a remote application at the transactional database over a read-only data interface and transmitting at least a portion of the stored selectively replicated user data as the requested user data responsive to the received request. | 05-15-2014 |
20140137266 | ACCESS SYSTEM AND METHOD THEREOF - An access system including a storage medium and a host is disclosed. The storage medium includes an identification code. The host includes a processor, at least one connection port and an identification port. The processor executes a mass-production application program. The connection port is coupled to at least one electronic product. The identification port is coupled to the storage medium. When the mass-production application program is executed, the processor determines whether the identification code matches a key code. When the identification code matches the key code, the processor writes mass-production data to the electronic product. | 05-15-2014 |
20140137267 | DISTRIBUTING OVERLAY NETWORK INGRESS INFORMATION - Aspects of the present disclosure relate to providing secure access to resources of a private network. For example, a client device may transmit a request identifying the protected resource to an authentication server. The authentication server queries a network address lookup table to identify a network address of the protected resource based on the identifying information of the request. If the network address denotes a network location that is not generally accessible, the authentication server generates a resource record that identifies a bastion host, a port, and a connection method for accessing the protected resource. The resource record and the network address may then be transmitted to the client device. In response, the client device may use the information in the resource record to establish a tunnel connection with the bastion host, and the client device uses the tunnel connection to access the protected resource via the bastion host. | 05-15-2014 |
20140143885 | FIRMWARE-IMPLEMENTED SOFTWARE LICENSING - A device receives a request to use a software program, determines a comparison indicator based on receiving the request, and determines whether a license for the software program is valid based on a license validity indicator, stored in a secure environment, and the comparison indicator. The device permits execution of secure code stored in the secure environment when the license is determined to be valid, and prevents execution of the secure code stored in the secure environment when the license is determined to be invalid. | 05-22-2014 |
20140143886 | Personal Data Management System With Sharing Revocation - A data vault system allows for centralized storage of personal data about a consumer associated with sharing permissions designating how that data may be shared and including an option to revoke permission of previously shared data. Data may be collected into cards describing a subset of globally stored data to be shared with individual vendors and providing separate sharing statuses for fine resolution control. Both intentionally entered personal data and data collected about the consumer may be protected in this data vault system. | 05-22-2014 |
20140143887 | SECURITY MEASURES FOR DATA PROTECTION - This document discusses, among other things, security measures for shielding or protecting data or sensitive signals on an integrated circuit (IC). The systems and methods disclosed herein can allow erasing sensitive data when access is not locked, locking out access to sensitive data during normal operations through both indirect and direct means, and shielding sensitive signals from invasive probing or manipulation. | 05-22-2014 |
20140143888 | METHOD AND SYSTEM FOR SOFTWARE LICENSING UNDER MACHINE VIRTUALIZATION - A method and system implementing software licensing management under machine virtualization are disclosed. According to one embodiment, a system comprises a virtual platform running on a physical machine; a binding agent running on a host operating system of the virtual platform; a license enforcement module running on a virtual machine instance of the virtual platform. The license enforcement module is in communication with the binding agent. The binding agent enforces a mutex lock to ensure that only a specified number of license enforcement modules are running on the physical machine. | 05-22-2014 |
20140143889 | SYSTEMS AND METHODS FOR SECURE TRANSACTION MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION - The present disclosure provides systems and methods for electronic commerce including secure transaction management and electronic rights protection. Electronic appliances such as computers employed in accordance with the present disclosure help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Secure subsystems used with such electronic appliances provide a distributed virtual distribution environment that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Secure distributed and other operating system environments and architectures, employing, for example, secure semiconductor processing arrangements that may establish secure, protected environments at each node. These techniques may be used to support an end-to-end electronic information distribution capability that may be used, for example, utilizing the “electronic highway.” | 05-22-2014 |
20140143890 | DYNAMIC CONSTRAINTS FOR CONTENT RIGHTS - A device for playing digital media comprises a connection for receiving content over a network and a digital rights management (“DRM”) module that identifies rights for the received content by accessing a DRM data structure. The DRM data structure can be a temporal cache. The device receives content and the DRM module identifies identifiers associated with the content and/or the device. The DRM module uses the identifiers to access the DRM data structure and identify rights associated with the content. The identified rights are applied to the content to prevent and/or permit activities with respect to the content. Permitted activities for the content may be presented in a display of the device and can be updated as the content changes and/or as rights associated with content change. Content providers and other authorized entities can change the rights associated with particular content by updating the DRM data structure. | 05-22-2014 |
20140157430 | Secure Data Transmission System - A secure messaging system that requires pairing of second and receiving devices via user identification credentials and the associated media access control addresses (MAC addresses) of the paired devices. Paired devices may communicate encrypted messages and deletion parameters may be established by a sending device, including immediate deletion requests. The message and the instructions are automatically decrypted by the receiving device and interpreted to provide the data and configure the deletion parameters. The system preferably manages device pairing via a remote server that is accessed by a device application. | 06-05-2014 |
20140157431 | DYNAMIC NEGOTIATION AND AUTHORIZATION SYSTEM TO RECORD RIGHTS-MANAGED CONTENT - A content recording system comprises a digital media recording device to record content. A rights-management module is in electrical communication with the digital media recording device to detect a desired recording performed by the digital media recording device. The rights-management module further communicates digital rights information of a rights-managed content to the digital recording device. The recording of the rights-managed content is performed according to the digital rights information. | 06-05-2014 |
20140157432 | SEMICONDUCTOR DEVICE AND ACCESS RESTRICTION METHOD - The present invention prevents unauthorized functions from being installed to a predetermined storage unit in the background through a communication function that is being used for authorized communication operations and further prevents confidential information from being read out and stolen from the predetermined storage unit. A semiconductor device adopts an exclusive control unit that exclusively controls communication performed by a communication unit capable of communicating with the outside and access to a predetermined storage unit. For example, the communication status of the communication unit is determined based on whether a communication clock is active or inactive, and the exclusive control is exercised based on the determination result. | 06-05-2014 |
20140165211 | HANDLING MASQUERADING ELEMENTS - Embodiments include a method, a computing device, and a computer program product. An embodiment provides a method implemented in a computing environment. The method includes receiving a designation of an individualized digital identifier. The method also includes associating a human-perceptible form of the designated individualized digital identifier with each element of a group of human-perceivable elements displayed by the computing environment. | 06-12-2014 |
20140173746 | APPLICATION REPOSITORY - Methods of providing an application repository based on an age level of a user to create an age-appropriate experience for younger users of an electronic device are disclosed. Certain applications can be associated with the application repository. The content of any application associated with the repository can then be based on the associated age level. For example, if an educational application is associated with an application repository, then the educational elements of the application can be targeted to the specific age level associated with the repository. | 06-19-2014 |
20140173747 | DISABLING ACCESS TO APPLICATIONS AND CONTENT IN A PRIVACY MODE - Methods of disabling access to applications and content in a privacy mode are provided. One or more private applications can be selected on an electronic device. A privacy mode can be enabled, and access to the private applications can be disabled. Additionally, access from public applications to content associated with the private applications can be disabled. Such a feature makes for a more robust privacy mode that can maintain the privacy of content that may otherwise be accessible. | 06-19-2014 |
20140173748 | SOCIAL NETWORKING WITH DEPTH AND SECURITY FACTORS - An online interactive communication and chatting system and method for providing information to a web site having different levels of user interactions, with the provided information being available to or shareable with registered users of the system at specific levels thereof. The provided information is keyed to the different levels of user interaction, with different Key Phrases being respectively linked to the different levels. The correct entry of a Key Phrase provides access to a linked level with communication, chatting and information available therein to registered users correctly entering the Key Phrase. Incorrect entry of a Key Phrase provides access to incorrect information generated by the system. | 06-19-2014 |
20140173749 | METHOD AND APPARATUS FOR PROVIDING A SPECIFIC USER INTERFACE IN A SYSTEM FOR MANAGING CONTENT - A method and apparatus for managing use of protected content by providing a specific user interface to an application program used to render the content. The method includes identifying a user interface description associated with content, building a specific user interface based on the user interface description, and replacing the standard user interface of an application program used to render the content with the specific user interface. The specific user interface can be unique to the user, unique to a Web site, or otherwise customized. | 06-19-2014 |
20140173750 | Provisioning a Computing System for Digital Rights Management - Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage. | 06-19-2014 |
20140181992 | MULTI-TENANT CONTENT PROVIDER - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a user login request originating from a user device, the user login request including a user identifier; authenticating, based on the user identifier, the user as having access to information associated with a particular tenant of a plurality of tenants; identifying a tenant specified theme associated with the particular tenant of a plurality of tenant themes, the theme being specified by the tenant for use in presenting data to authenticated users; obtaining data associated with the particular tenant; and providing the data associated with the particular tenant to the user device for presentation, wherein the data is presented on a user interface of the user device, the data being formatted based on the identified tenant theme. | 06-26-2014 |
20140181993 | Storage Device and Method for Using a Common Digital Rights Management Module to Enforce an Association between Content and a User Interface Application - A storage device, host device, and method are provided for using a common digital rights management (DRM) module to enforce an association between content and a user interface application. In one embodiment, a storage device is provided with a DRM module that receives a request from a user interface application to play back content protected by DRM. The DRM module determines if the user interface application is authorized to play back the content and also if rights associated with the content are valid. If the DRM module determines both that the user interface application is authorized to play back the content and that the rights associated with the content are valid, the DRM module provides the content to a playback module for playback. In another embodiment, the DRM module is located in the host device. Other embodiments are possible, and each can be used alone or in combination. | 06-26-2014 |
20140189880 | SYSTEM AND METHOD FOR ADMINISTRATING ACCESS CONTROL RULES ON A SECURE ELEMENT - System and method for managing access control rules in a multi-application environment. Access control rules are managed in a secure element issuer security domain. When a method invocation attempting access to a rule, a verification is performed to ensure that the calling manager application is located in a security domain corresponding to the access control rule. Other systems and methods are disclosed. | 07-03-2014 |
20140189881 | ENHANCED SECURITY FOR ACCESSING VIRTUAL MEMORY - A disclosed method includes obtaining a physical address corresponding to a virtual address responsive to detecting a virtual address associated with a memory access instruction and, responsive to identifying a memory page associated with the physical address as a sensitive memory page, evaluating sensitive access information associated with the memory page. If the sensitive access information satisfies a sensitive access criteria, invoking a sensitive access handler to control execution of the memory access instruction. | 07-03-2014 |
20140189882 | SYSTEM AND METHOD FOR THE PROGRAMMATIC RUNTIME DE-OBFUSCATION OF OBFUSCATED SOFTWARE UTILIZING VIRTUAL MACHINE INTROSPECTION AND MANIPULATION OF VIRTUAL MACHINE GUEST MEMORY PERMISSIONS - A system and method operable to programmatically perform runtime de-obfuscation of obfuscated software via virtual machine introspection and manipulation of virtual machine guest memory permissions. | 07-03-2014 |
20140189883 | DISTRIBUTING CONTENT TO SUBSCRIBERS OF A COMMUNICATIONS SERVICE PROVIDER - A system, method, and server for distributing content. The system includes a number of servers in communication with the Internet and configured to provide subscribers of the communications service provider with access to content stored on the number of servers without having to access external networks including the Internet. The system further includes a remote content management application operating on at least one of the number of servers and configured to provide content providers with: (1) digital rights management (DRM) and (2) guaranteed quality of service (QoS) to the subscribers of the communications service providers, wherein the content providers establish the DRM and the QoS. | 07-03-2014 |
20140189884 | Lengthy Hosting Internet System - The disclosed internet/web/cloud/online hosting system is a system hosting internet sites for extended periods of time or indefinitely, thus the site surviving its creator. There may be provided a guarantee of the period of hosting. The guarantee may be based on an insurance policy from a third party, or conservative financial policy of the hosting service provider with or without a mandatory financial reserve, or other means. The information contained in an internet site can be in the form of text, audio or video signals, or of any other type. The hosting system may provide for migration of the stored information to new, yet to emerge technological platforms, if needed. The stored information may be accessible by wide public or may be made—partially or in its entirety—protected by a password or other security measures limiting access to the information to trusted recipients of the information, such as descendants or other, perhaps yet to be born, people. The system may be built in a purpose-created internet domain. The system may be operated on commercial basis with fees possibly dependent on the size of information stored and possibly collected upfront. | 07-03-2014 |
20140196155 | DIGITAL RIGHTS MANAGEMENT (DRM) LOCKER - Methods, apparatuses and storage medium associated digital rights management (DRM) using DRM locker is disclosed herein. In embodiments, a DRM locker is provided to a client device. The DRM locker may be configured to store a number of DRM licenses or keys for a number of DRM protected contents. The DRM locker, on presentation of an associated locker key, may respond to a request for one or more of the stored DRM licenses or keys, to enable consumption of the corresponding DRM protected contents using the client device. Other embodiments may be disclosed or claimed. | 07-10-2014 |
20140201848 | Method for Sharing Multiple Data Items Using a Single URL - A way of sharing a set of data where each data item is stored at a different file path. The data items may be files or folders that reside on different remote storage servers or within the same file system. One or more data items in the set of data do not share a common root folder. Data items in the set of data that share a common root folder are stored amongst other data items in the common root folder that do not belonging to the set of data items to be shared. A single URL or link is generated to provide immediate access to the set of data to recipients of the URL or link. | 07-17-2014 |
20140208438 | DOWNLOAD MANAGEMENT METHOD AND DEVICE BASED ON ANDROID BROWSER - The present disclosure provides a download management method and device based on Android browser. The download management method includes the following steps: obtaining a physical address of a network card of a television when a download request input from a user through the browser is received; and judging whether the television corresponding to the physical address is granted a download permission corresponding to the download request; if the physical address is granted the download permission, implementing the download according to the download request; otherwise, if the physical address is not granted the download permission, preventing the download. The method and device of the present disclosure can effectively control the download contents of the television and thus prevent random downloads from reducing the safety and stability of the system and further thus improves the user experience. | 07-24-2014 |
20140215636 | PORTABLE TERMINAL, DOCUMENT MANAGEMENT METHOD, AND PORTABLE TERMINAL PROGRAM - Provided is content management coping with a complicated security policy. | 07-31-2014 |
20140215637 | SECURITY ARRANGEMENTS FOR EXTENDED USB PROTOCOL STACK OF A USB HOST SYSTEM - Security arrangements for a universal serial bus (USB) protocol stack of a USB host system are provided. The security arrangements prevent an unauthorized or suspicious USB device from communicating with the host system, detect suspicious activity originating from a device which is already communicating with the host system and may provide notification to a user. | 07-31-2014 |
20140215638 | METHOD TO CONTROL THE ACCESS OF PERSONAL DATA OF A USER - A system and method give a user control of personal data. A trusted center comprises a database for personal data, access conditions for the personal data, and a counter. A user loads personal data into the database and assigns access conditions to said data. The personal data is divided into at least two categories, each associated with a user's value. A third party requests access to personal data of a plurality of users, the request comprising search criteria. The trusted center identifies a first set of users matching the search criteria and returns the quantity of users in, and a sum of user's values for, the first set. The third party acknowledges all or part of the sum, and the trusted center returns the personal data of a second set of users for which the sum covers the user's values and updates the counters of user in the second set. | 07-31-2014 |
20140223574 | SECURE DATA ACCESS - Technologies are generally disclosed for methods and systems for providing secure document storage and retrieval services. In an example embodiment, a method includes receiving an exclusive address at which to send secure links, receiving a request to store a document, storing the document with a remote storage service, receiving location information from the remote storage service, transmitting the location information at which the document is stored to the exclusive address, and updating the location information dynamically. | 08-07-2014 |
20140223575 | PRIVACY PROTECTION IN RECOMMENDATION SERVICES - The present subject matter discloses a system and a method for privacy protection to protect the confidential and personal information of end users using a client device ( | 08-07-2014 |
20140223576 | Method and System for Improving the Data Security of Cloud Computing - A method and system for improving the data security of cloud computing comprising: users establishing an index information table for physical LUN devices available to cloud computing service instances, and setting mapping rules of virtual LBA address space for virtual LUN devices and physical LBA address space for data storage according to the index information table; according to the mapping rules, users establishing and saving a mapping relationship between virtual LBA address space and physical LBA address space for data storage; according to the mapping relationship, acquiring storage position information of actual data mapping to the virtual LBA address space pointed by read/write requests, and completing I/O redirection. The system includes an establishment module, setting module, establishment and saving module, and redirection module. The invention enables data owners to master metadata generation method, preservation method and position, and LUN devices of user data not to be illegally mounted, thus guaranteeing security of user data. | 08-07-2014 |
20140223577 | METHOD AND SYSTEM FOR AUTHENTICATING OPTICAL DISC APPARATUS - Provided are a method and system for authenticating an optical disc apparatus. The method includes capturing an image code attached to the optical disc apparatus, acquiring authentication information on the optical disc apparatus by using the image code, comparing information received from the optical disc apparatus with the authentication information on the optical disc apparatus, and authenticating the optical disc apparatus according to a comparison result. | 08-07-2014 |
20140237622 | SYSTEM AND METHOD FOR INSERTING SECURITY MECHANISMS INTO A SOFTWARE PROGRAM - A system and method for protecting a software program from unauthorized modification or exploitation. A software security mechanism according to the present invention is difficult for a hacker or cracker to detect and/or defeat, but does not impose excessive runtime overhead on the host software program. The present invention further comprises a system and method for automating the injection of a software security mechanism according to the present invention into a host software program. | 08-21-2014 |
20140237623 | COMPUTING SYSTEM WITH PROTOCOL PROTECTION MECHANISM AND METHOD OF OPERATION THEREOF - A computing system includes: a control unit configured to: determine a protocol profile including a first protocol and a second protocol for communicating between a first device and a second device, generate a unified-protocol privacy mechanism for a privacy protection scenario, the unified-protocol privacy mechanism based on combining the first protocol and the second protocol; and a communication unit, coupled to the control unit, configured to communicate content information according to the unified-protocol privacy mechanism between the first device and the second device. | 08-21-2014 |
20140245458 | Document Server and Client Device Document Viewer and Editor - A method of storing a document on a server, including: extracting document content from a document stored on the server, using a processor on the server; dividing the document content into a plurality of document content sections; generating a parallel data structure for the plurality of document content sections based on a viewing size, where the parallel data structure includes a plurality of selectors, and the plurality of selectors includes pagination selectors; and storing the plurality of document content sections in a plurality of locations on the server. The method may further include storing the parallel data structure in a location on the server separate the plurality of document content sections; generating a table of contents based on the pagination; and rendering the plurality of document content sections into a plurality of document pages based on the plurality of selectors in the parallel data structure. | 08-28-2014 |
20140250536 | ADD-IN DIGITAL RIGHTS MANAGEMENT - The subject matter disclosed herein relates to regulating the operation of component object model add-ins associated with a user interface. | 09-04-2014 |
20140259178 | LIMITING ENTERPRISE APPLICATIONS AND SETTINGS ON DEVICES - Installing apps and setting configuration on a device. A method includes receiving user input. The user input indicates a level of control that a user is willing to give an enterprise over the device. The method further includes determining, based on the level of control indicated by the user input, a set of apps allowed to install on the device. The set of apps allowed to install on the device is limited by the level of control indicated by the user. The method further includes authorizing installation of the set of apps on the device while restricting installation of other apps that would be authorized had the user selected a different level of control that the user is willing to give the enterprise over the device. | 09-11-2014 |
20140259179 | METHOD AND APPARATUS FOR MANAGING CROWD SOURCED CONTENT CREATION - A method, apparatus, computer program product and system are provided for managing crowd sourced content creation. In this regard, a method is provided that includes receiving information regarding at least one content recording device and information regarding a recording subject. The method further includes determining whether the at least one content recording device is eligible to receive at least one permission indicator, based at least in part on the information regarding the at least one content recording device and the information regarding the recording subject. The method also includes causing the at least one permission indicator to be provided to the at least one content recording device in an instance in which it is determined that the at least one content recording device is eligible to receive the at least one permission indicator. | 09-11-2014 |
20140259180 | BLACKOUTS ARCHITECTURE - In embodiments, apparatuses, methods and storage media are described that are associated with blackout rules for media content. In embodiments, one or more segments may be generated from the media content, one or more of the generated segments containing a blackout rule identifier. The blackout rule identifier may identify a blackout rule describing one or more limitations to access to the piece of media content. When displaying the media content, a client device may retrieve the blackout rule based at least in part on the blackout rule identifier. The client device may then limit access to the media content if directed to do so by the blackout rule. | 09-11-2014 |
20140259181 | ELECTRONIC SUPPORT ALLOWING ACCESS TO REMOTE AUDIO/VIDEO ASSETS - A physical device, the possession of which may provide access to digital media content in a fashion similar to the possession of a DVD providing access to the media content stored thereupon on a suitable DVD player. The possession of the physical device grants access to digital content stored on a remote server using a suitable device such as e.g., a set-top box or media player having Internet connectivity. The physical device provides for convenient and possibly anonymous access to content stored on a remote server and has certain advantages over known techniques for storing rights to access the content. | 09-11-2014 |
20140283105 | METHOD AND SERVICE FOR USER TRANSPARENT CERTIFICATE VERIFICATIONS FOR WEB MASHUPS AND OTHER COMPOSITE APPLICATIONS - Embodiments for providing user transparent certificate verifications for web mashups and other composite applications are generally described herein. In some embodiments, a content buffer is provided for holding content until receiving verification results that allow the content to be presented in a browser user interface. A browser core receives an aggregation of content from a plurality of sources and performing local verification of digital certificates associated with the content received form the plurality of sources. A browser content interface intercepts content associated with verified digital certificates from the browser core to provide content associated with verified digital certificates to the content buffer for holding. An online certification module is arranged to receive untrusted certificates from the browser content interface and to perform verification of the received untrusted certificates using online certification services and/or local certificate store on the client device. | 09-18-2014 |
20140283106 | DOMAIN PROTECTED MARKS LIST BASED TECHNIQUES FOR MANAGING DOMAIN NAME REGISTRATIONS - A facility comprising systems and methods for preventing or protecting against the registration of domain names that exactly match, contain, or are similar to a mark is provided. The facility maintains a data structure for recording strings that an entity, such as an individual, company, or other organization, has an interest in protecting, such as a domain name that exactly matches, contains, or is similar to a mark owned or held by the entity. In response to requests to register a domain name that includes a recorded string, the facility can prevent registration of that domain name even if the domain name is not registered. The facility may periodically share or publish the data structure with any number of domain name registrars or registries. In this manner, a mark holder can prevent or protect against registration of domain names under any number of top-level domains with a single request. | 09-18-2014 |
20140283107 | SECURE DATA MANAGEMENT - The disclosed subject matter includes a method. The method includes identifying an attempt to access, by an application instance running in a user space of an operating system, a first security zone of a computer readable medium, where the first security zone is associated with a first security level. The method further includes determining whether a restriction level associated with the application instance is higher than the first security level, where the restriction level is a function of previous security zones that have been accessed by the application instance. When the restriction level associated with the application instance is higher than the first security level, the method would prevent the application instance from writing to the first security zone. When the restriction level associated with the application instance is not higher than the first security level, the method would authorize the application instance to access the first security zone. | 09-18-2014 |
20140283108 | PROVIDING CONTENT ITEMS FROM ALTERNATE SOURCES - Systems and methods for providing content items to users. A computer system may provide to a first user an indication of a plurality of available content items. The computer system may receive from the first user an indication of a first content item selected from the plurality of content items. The computer system may determine whether a content provider service associated with the computer system is authorized to stream the first content item to the first user. When the content provider service is not authorized to stream the first content item to the first user, the computer system may identify an alternate source for the first content item. The computer system may initiate playback of the first content item to the first user from the alternate source. | 09-18-2014 |
20140283109 | USING A URI WHITELIST - A method and/or system for using a URI whitelist may include receiving a request to approve an application for release in an application store. The request may comprise application data. The application data may comprise a resource manifest and/or a Uniform Resource Identifier (URI) whitelist. The resource manifest may comprise, for example, one or more resource items. The URI whitelist may comprise, for example, one or more URI items. The request may be analyzed based on application data. A determination may be made whether the applications may be released in the application store based on the analyzing of the applications data. A request to access a particular URI may be received. A determination of whether to grant the request may be based on a resource manifest and/or a URI whitelist associated with the application. | 09-18-2014 |
20140283110 | USING A FILE WHITELIST - A method and/or system for using a file whitelist may include receiving a request to approve an application for release in an application store. The request may comprise application data. The application data may comprise a resource manifest and/or a file whitelist. The resource manifest may comprise, for example, one or more resource items. The file whitelist may comprise, for example, one or more file items. The request may be analyzed based on application data. A determination may be made whether the applications may be released in the application store based on the analyzing of the applications data. A request to access a particular file may be received. A determination of whether to grant the request may be based on a resource manifest and/or a file whitelist associated with the application. | 09-18-2014 |
20140283111 | SPATIAL SECURITY FOR STORED DATA - Systems and methods of providing spatial security of data stored on a hard disk drive. A method includes associating a user with at least one track and/or sector of the hard disk drive. The method also includes locking the at least one track and/or sector as a default setting. The method additionally includes determining the user has moved into a predefined area. The method further includes unlocking the at least one track and/or sector based on the determining the user has moved into the predefined area. | 09-18-2014 |
20140283112 | Operating a Computer with a Touchscreen - Disclosed are computers and methods of operating those computers. In the methods, a computer in a touch lock state displays a lock screen image showing a cover layer superimposed over, and obscuring, a background layer. A user enters a touch input to a touch screen of the computer, thereby specifying a portion of that touchscreen. The lock screen image is then modified so that the cover layer does not obscure the background layer in the specified portion of the touchscreen. The cover layer in the region of the touchscreen that is not specified in the touch input continues to obscure the background layer in those regions. If the portion of the touchscreen specified by the touch input exceeds a threshold amount the computer may be changed from being in a touch lock state to being in a touch unlock state. | 09-18-2014 |
20140283113 | EFFICIENT PREVENTION OF FRAUD - This disclosure is directed to methods and systems for managing difficulty of use and security for a transaction. A transaction manager operating on a computing device may determining a range of possible steps for a transaction comprising security measures available for the transaction. The transaction manager may identify a threshold for a security metric to be exceeded for authorizing the transaction, the security metric to be determined based on performance of steps selected for the transaction. The transaction manager may select for the transaction at least one step from the range of possible steps, based on optimizing between (i) a difficulty of use quotient of the transaction from subjecting a user to the at least one step, and (ii) the security metric relative to the determined threshold. | 09-18-2014 |
20140283114 | RIGHTS MANAGEMENT FOR CONTENT AGGREGATORS - An arbitrator receives a request to use a plurality of content in an aggregation. The arbitrator determines whether there exist proper rights to use the plurality of content in the aggregation. The requestor is communicated whether permission is granted. The determination may include negotiating for extending right of use by an arbitrator. This negotiation may communicate with content hosting service(s) or the content author(s). The determining step retrieves, stores, and maintains rights information to and from an information store which is accessible by the rights management system. | 09-18-2014 |
20140283115 | METHOD AND SYSTEM FOR MONITORING ACCESS ATTEMPTS OF SHARED MEMORY OF DATABASES - An approach for auditing database access attempts within a computer system. In one implementation, the computer system provides a target server for directing client requests for database access to the target server. In another implementation, the computer system provides a plurality of filtering agents which intercept the client requests and each filtering agent forwards a respective set of client requests which match a respective filter profile to a processing entity. | 09-18-2014 |
20140283116 | METHOD FOR PROTECTED EXECUTION OF CODE AND PROTECTION OF EXECUTABLE CODE AND DATA AGAINST MODIFICATIONS - A method for an automated protection of a programmable code and data without using dedicated components for calculation of the checksums and/or hash values is provided. Execution of each machine instruction uses data from several small blocks of protected code or data. Each of the blocks can be used in forming several machine instructions. If an intruder changes even one of the code blocks or data, it results in incorrect decoding of several machine instructions. Thus, the entire application does not work correctly. The intruder cannot neutralize a code protection mechanism. | 09-18-2014 |
20140283117 | PROTECTION UNIT AND METHOD FOR CONTROLLING ACCESS BY PLURAL PROCESSES TO A STORAGE UNIT - A data processing apparatus is provided, comprising plural processing units configured to execute plural processes, a storage unit configured to store data required for the plural processes; and a protection unit configured to control access by the plural processes to the storage unit. The protection unit is configured to define an allocated access region of the storage unit for each process of the plural processes, wherein the protection unit is configured to deny access for each the process outside the allocated access region and wherein allocated access regions are defined to be non-overlapping. The protection unit is configured to define each allocated access region as a contiguous portion of the storage unit between a lower region limit and an upper region limit, and the protection unit is configured such that when the lower region limit is modified the lower region limit cannot be decreased and such that when the upper region limit is modified the upper region limit cannot be decreased. | 09-18-2014 |
20140283118 | OS Security Filter - A system and method for protecting against the unauthorized use of operating system level commands is disclosed. The system includes a computer module including: a processor configured for performing data operations; a memory unit configured to store instructions executable by the processor; and an operating system module for supporting basic functions of the computer module, such as scheduling tasks, executing applications, and controlling peripherals. A virtual keyboard is connected to the computer module for creating one or more events or sequences of events recognizable by the operating system module. A system level command filter module is provided for filtering system level commands from the one or more recognizable events or sequences of events. | 09-18-2014 |
20140289865 | CIRCUIT DEVICE AND A COMMUNICATION APPARATUS - An application program relating to a process of an integrated circuit is stored in a virtual integrated circuit storage area server apparatus. Following a mutual authentication between the IC and the virtual storage area server apparatus through a portable communication function unit, the server apparatus executes the application program. Additionally, through the IC, the portable communication function unit, a wireless communication line, and a network, communicate with an IC_R/W apparatus and perform a process relating to a service in collaboration with each other. | 09-25-2014 |
20140298481 | ENTITLEMENTS DETERMINATION VIA ACCESS CONTROL LISTS - Entitlements to resources can be determined by using access rules that are organized as respective ranges in an entitlement space. An access rule can represent a range between two rational numbers in the entitlement space; the range can be represented by a single rational number. Due to the way the rational numbers are chosen, a child rule is completely covered by its parent, and a parent has remaining room in the entitlement space for unlimited additional children. Entitlement checking for a large batch of resources can be performed quickly based on reusing calculated permitted ranges in the entitlement space. Implied permissions can be supported. Content can easily be added, and the access rules can be modified without unduly impacting the underlying tree structure, if at all. | 10-02-2014 |
20140298482 | TERMINAL DEVICE AND DATA PROCESSING METHOD - A terminal device comprising: a memory configured to store data that has been appended with respective permissibility data representing whether or not provision of the data is permitted and that has been classified into a plurality of different usages; and a processor configured to execute procedure, the procedure comprising: associating a specific application that requests provision of data stored in the memory with a prescribed usage that has been prescribed from out of the plurality of usages; and out of data of the prescribed usage that was associated in the associating, not providing to the application that requested data provision any data appended with the permissibility data representing that provision is not permitted, and providing to the application that requested data provision any data appended with the permissibility data representing that provision is permitted. | 10-02-2014 |
20140298483 | MANAGEMENT DEVICE, MANAGEMENT SYSTEM, CONTROL METHOD, AND STORAGE MEDIUM - Provided is a management device that manages trust relationship information between service providing devices and trust relationship information between a holding device and a service providing device. When the management device determines, based on the acquired trust relationship information, that a second service providing device trusts a first service providing device, the holding device trusts the first service providing device, and the holding device trusts the second service providing device, the management device sets a transfer of access rights to the holding device held by the first service providing device to the second service providing device. | 10-02-2014 |
20140298484 | SYSTEMS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR MANAGING ACCESS CONTROL - Systems, methods, and computer program products are provided for managing access control. A first set of access control rules is stored in a memory of mobile communication device. The mobile communication device receives from a trusted server over a communication network a notification message indicating that an access control rule has been updated in a secure element. In response to receiving the notification message, the mobile communication device retrieves from the secure element a second set of access control rules including at least the access control rule that has been updated. The first set of access control rules is updated based on the second set of access control rules retrieved from the secure element. An applet stored on the secure element is accessed via an application running on the mobile communication device, in accordance with the updated first set of access control rules. | 10-02-2014 |
20140298485 | PERSISTENT AGENT SUPPORTED BY PROCESSOR - A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server. | 10-02-2014 |
20140304830 | GENERATING A DATA AUDIT TRAIL FOR CROSS PERIMETER DATA TRANSFER - A computing device is disclosed having two or more perimeters, where each perimeter is a logical separation of computing resources. A computing device and method are also disclosed for generating a data audit trail for data transfers between two perimeters. | 10-09-2014 |
20140304831 | REMOTE DATA ACCESS TECHNIQUES FOR PORTABLE DEVICES - A wide-area network (“WAN”)-based service enables remote data access transactions between participating endpoints within a group of participating endpoints that includes at least one server and at least one portable electronic device. Each participating endpoint is configured for communication via one or more communication networks and stores the same or different data items on behalf of a user. The WAN-based service maintains information about each participating endpoint in the group and its network accessibility, and also maintains one or more catalogs of available data items. The WAN-based service identifies a communication network available to both participating endpoints, and a direct or proxied communication session is established between the portable electronic device and the other participating endpoint via the communication network. Selected data items are downloaded, uploaded, accessed or synchronized via the communication session. The use of digital rights and identity management techniques in combination with the WAN-based service is also discussed. | 10-09-2014 |
20140304832 | Secure Information Access Over Network - Embodiments herein relate to accessing secure information over a network. The secure information is read and/or modified based on a request received over the network, regardless of an operating state of an operating system (OS) of the device and/or a power state of the device. | 10-09-2014 |
20140310821 | ELECTRONIC SINGLE ACTION SOFTWARE DISTRIBUTION - Deep linking to a URL of a download is obviated by the generation of a dynamic symbolic system link. When a user is at a download page, the HTML source for the displayed download button does not contain the URL of the download site. Selection of the button sends as form values the product ID and a session ID to the server which generates a dynamic link. This link is returned to the browser to redirect it to the download site. The link is further set to expire after the session so that, even if the link is captured, after expiration it will be unable to reach the download site. | 10-16-2014 |
20140317757 | USB drive with multiple printed circuit board layers for storing data in a memory - A multi-layer USB drive for storing data in a memory has at least two printed circuit board assemblies, each one including a memory for storing data and a control microprocessor controlling the flow of data to and from the memory. The circuit board assemblies are operatively connected to one another in a serial manner for exchange of data between adjacent assemblies upon access by a user and wherein at least one of the control microprocessors is security enabled requiring a user defined security input for accessing the memory of the printed circuit board assembly of that security enabled control microprocessor. A USB connector is for connecting to a USB slot of a device and the USB connector is operatively connected to only one of the printed circuit board assemblies. A USB hub is provided on at least one of the assemblies for recognising the circuit board assemblies of the USB drive. An opaque housing completely encloses the circuit board assemblies preventing at least the printed circuit board assembly or assemblies other than the one connected to the USB connector from being viewed. | 10-23-2014 |
20140317758 | FOCUSED PERSONAL IDENTIFYING INFORMATION REDACTION - Personal information is retrieved from at least one data source and personal information associated with a first individual is identified. A document is generated that is a version of a first document, wherein the personal information associated with the first individual cannot be discerned. | 10-23-2014 |
20140325672 | METHOD OF PROVIDING LAWFUL INTERCEPTION OF DATA IN A SECURE COMMUNICATION SYSTEM - A communication system including one or more end points, each end point interconnected to a wireless network. The communication system also includes a media network system, the network system contains a registration server for registering device IDs of the end points in the communication system, a database for storing device IDs, one or more media servers for routing calls between end points and a signaling server for selecting one or more media servers to route a call between end points in the communication system based on an algorithm that evaluates one or more predetermined conditions. | 10-30-2014 |
20140325673 | LIVE BROADCAST CONTENT PROTECTION BASED ON WATERMARKING - Techniques for thwarting piracy of real-time content such as broadcast streams are described. In one technique, when portions of a real-time content is received at a user device, the device embeds a particular code in the received content that associates the real-time content to that user device. When further portions of the real-time content that has one or more codes is received at the user device, the device determines if the particular code matches the one or more codes that are incorporated into the real-time content, and if a match if found, one of more actions is initiated at the user device to thwart further dissemination of the real-time content. The initiated actions can interfere with the playback of the real-time content or provide warning messages, and thus eliminate or discourage the use of the user device as a source of real-time content piracy. | 10-30-2014 |
20140325674 | TERMINAL APPARATUS AND METHOD FOR ADJUSTING PERMISSION FOR DRM CONTENT - A method for adjusting permission for digital rights management (DRM) content of a terminal apparatus, the method comprising: using advertisement content included in the DRM content by using a license for the DRM content; updating advertisement content usage state information depending on the use of advertisement content; comparing the updated advertisement content usage state information with policy information regarding the use of advertisement content; and adjusting permission information for digital content included in the DRM content in the license based on the comparison result. | 10-30-2014 |
20140325675 | METHOD AND DEVICE FOR SUPPLYING OF A DATA SET STORED IN A DATABASE - Method and device for supplying of a data set stored in a database to supply of a data set, e.g. the content of a copy protected audio CD, which is stored in a database, e.g. to a user PC on which said content of a copy protected audio CD cannot be accessed, the following steps are performed: receiving a serial code of a set of serial codes assigned to said data set, verifying of said received serial code, in case of a positive verification, accessing said data set correspond to said received and positively verified serial code from said database and outputting of at least parts of said accessed data. | 10-30-2014 |
20140325676 | METHOD AND SYSTEM FOR DIGITAL CONTENTS LENDING - A method for transferring a digital right management-protected digital content from a first device ( | 10-30-2014 |
20140331331 | Computer-Implemented System And Method for Correlating Activity Within A User Interface With Special Information - A computer-implemented system and method for correlating activity within a user interface with special information is provided. A user interface with data entry fields is provided. One or more of the data entry fields is designated for special information. A first screen shot of the user interface is captured, and a second screen shot of the user interface is captured at a later time. The first and second screen shots are compared. A change comprising at least a portion of an entry within one of the data entry fields for special information in the second screen shot is identified between the first and second screen shots. The entry is rendered unintelligible. | 11-06-2014 |
20140331332 | CONTENT PROVIDER WITH MULTI-DEVICE SECURE APPLICATION INTEGRATION - Methods and systems for providing access to content are disclosed. The method is performed at least in part at a client computer system having a processor and memory. The method includes executing a host application associated with a first party. In some implementations, the host application is a media player. The method further includes initiating a secure communication channel between the host application and a server associated with the first party. The method further includes executing a supplemental application associated with a second party. The method further includes accessing, with the supplemental application, content licensed to the first party, wherein the licensed content is accessible to the supplemental application via the secure communication channel subject to terms of a licensing agreement. In some implementations, the content is media content, such as music, movies, and the like. | 11-06-2014 |
20140337997 | METHOD AND SYSTEM FOR BLOCKING TRANSMISSION OF DATA ON A MOBILE DEVICE - A software application stored in a memory in a mobile device for selectively blocking data transmission via a mobile device over a communication network, comprising means for identifying a software application of interest from among a plurality of software applications stored in a memory of the mobile device, means for determining a categorization of the software application of interest based on data provided over the communication network from a database, and means for selectively restricting transmission of data to or from the software application of interest over the communication network based on the determined categorization, wherein personally identifiable information is prevented from being transmitted by the software application of interest if the determined categorization indicates that transmission of date to or from the software application of interest is to be restricted. | 11-13-2014 |
20140337998 | AUTOMATIC APPLICATION DEPENDENT ANONYMIZATION - Disclosed are various embodiments for facilitating the anonymization of unique entity information when transmitting data to services. A content server may store entity identifiers that respectively represent entities associated with the content server. The content server may send anonymized responses to requests for data from multiple services, the data being associated with entity identifiers. The anonymized responses may comprise the data requested in association with anonymous entity identifiers as opposed to the entity identifiers. The requesting services may each receive a different anonymous identifier representing a single entity. | 11-13-2014 |
20140337999 | SYSTEM AND METHOD FOR ACCESS CONTROL AND IDENTITY MANAGEMENT - In a computer environment, a mechanism for the flow of access by means of derivation is provided. Typically, access rights granted with respect to an access point flow (or derive from) an access provider to an access recipient. Typically, the access provider is a function and the access recipient is a function. The access point may be any object, such as files or functions, to which the access recipient is granted access rights by the access provider. Access is typically represented by a relationship object referencing the access provider function, the access recipient function, and the access point object, and a set of access rights. There are typically different types of access, including read access, right access, and membership access. Therefore, the membership access relationship is typically represented as a subtype of the general/abstract access relationship. Membership is the idea that a first function can gain access to a second function, so that the first function becomes the member of the second function. The membership access relationship (MAR1) maps the access provider role to a function A, maps the access recipient to function B, and maps the access point to function C, wherein, function A is a function doing the membership inviting and therefore providing access (as the access provider), function B is the function being invited and therefore receiving access (as the access recipient), and function C (the access point) is the function into which function B is obtaining membership. When a membership access relationship (MAR1) is created, typically a new associated persona function is generated, representing the new identity created for the access recipient function (function B) while serving as a member of the access point function (function C). Because the persona (persona1) is typically a function, additional rights may be granted to or granted by persona1, such as rights granted by persona1 (as the access provider in a new access relationship) or rights granted to persona1 (as the access recipient in a new access relationship). After a persona (persona1) is created, it may itself be invited by a function 3 to become a member in another function (function 4), thereby creating another membership access relationship (MAR2) in which MAR2's access recipient is persona 1, MAR2's access provider is function 3, and MAR's access point is function 4. A second persona (persona2) is then typically automatically created representing the new membership access (MAR2). Persona2 is then said to derive from persona1, since persona 2 is based on persona1. In this way, identity derivation is provided so that persona1 has a derived persona2 (and persona 2 derives from persona 1). Persona1 may have a plurality of derived personas, including persona2, persona3, and persona4. Since these derived personas are based on the persona1, if persona1 is deleted, persona2, persona3, and persona4 (the derived personas) may also be deleted. So, a new technique is provided by which a function may be invited to participate in a plurality of other functions, wherein each membership “invite” is expressed by a new membership access relationship and each such membership access relationship results in the creation of a new and associated persona. When a persona function is invited to be a member in another function, that in turn generates a membership and a second persona that is derived from the first persona, resulting in identity derivation. | 11-13-2014 |
20140338000 | Apparatus, Method And Computer-Readable Storage Medium For Securing Javascript - Systems, related methods and other means for providing the securing of JavaScript source code are provided herein. Circuitry may be configured to determine whether a debugging console is active on a client device and deny access to the JavaScript if the debugging console is active. Additionally or alternatively, the circuitry may receive a request to access the JavaScript source code form a client device, and may determine whether the request is from a trusted referrer. When the request is from an untrusted referrer, the circuitry can deny access to the JavaScript. When the request is from a trusted referrer, the circuitry can grant access to the JavaScript. | 11-13-2014 |
20140344950 | APPARATUS AND METHOD FOR PROVIDING MEDIA SERVICES SUBJECT TO VIEWING RESTRICTIONS - A system that incorporates teachings of the present disclosure may include, for example, determining that a communication device is outside of a restricted viewing area associated with media content and transmitting the media content for presentation at the communication device responsive to that determination. Other embodiments are disclosed. | 11-20-2014 |
20140351951 | APPLICATION AUTHENTICATION SYSTEM AND METHOD - A system and method are provided for validating executable program code operating on at least one computing device. Program instructions that include a request for access to sensitive information are executed on a first computing device. An authentication request for access to the electronic information is sent from the first computing device to a second computing device. In response to the authorization request, a challenge is sent from the second computing device to the first computing device. The first computing device executes the challenge and generates an authentication response that includes at least one memory object associated with the program instructions. The response is sent to the second computing device from the first computing device, and the second computing device generates and sends a verification to the first computing device confirming that at least some of the first program instructions have not been altered or tampered with, and further grants the first computing device access to at least some of the electronic information. | 11-27-2014 |
20140351952 | CONTROLLING ACCESS RIGHTS OF A DOCUMENT USING ENTERPRISE DIGITAL RIGHTS MANAGEMENT - Systems and methods for controlling access rights of a document using enterprise digital rights managements are described. A document is encrypted for generating a protected document and access rights are assigned to a user upon receiving a request from an owner of the document. The access rights include offline access of the protected document by the user. Upon assign the access rights, access information of the user is monitored. Based on the access information, the user is locked from accessing the protected document when the access information indicates misusing of the protected document by the user. | 11-27-2014 |
20140351953 | PERMISSIONS FOR EXPLOITABLE CONTENT - Examples described herein facilitate managing exploitation permissions for exploitable content files relative to an exploitation entity. | 11-27-2014 |
20140351954 | PROVIDING LIMITED VERSIONS OF APPLICATIONS - Disclosed are various embodiments for providing limited versions of applications. A limited version of an application is automatically generated from a full version of the application. The limited version has a smaller data size than the full version. The limited version of the application is sent to the client computing device in response to a request for a trial of the application. | 11-27-2014 |
20140351955 | GENERATION OF A VISUALLY OBFUSCATED REPRESENTATION OF AN ALPHANUMERIC MESSAGE THAT INDICATES AVAILABILITY OF A PROPOSED IDENTIFIER - This disclosure relates to a system and related operating methods. A computer-implemented server device receives a request from a device that includes an identifier proposed for a potential account holder. The computer-implemented server device determines whether the identifier is available for use with a new account, and communicates a response to the device that indicates whether the identifier is available for use with the new account. The response is presented at the device and includes an image that contains a visually obfuscated representation of an alphanumeric message that indicates either a success or a failure. | 11-27-2014 |
20140359785 | Security for Displayed Electronic Content from Unauthorized Access During Application Idle Periods - Security for displayed information during periods in which the displayed information may be accessed before being locked from view is provided. When a computing device operating system notifies an application that processing for the application will be suspended due to idle operation, the application may automatically overlay the document with a security cover to prevent unauthorized review or screen capture of the document. If the application becomes active prior to the elapse of a predetermined allotted time after the notification, the security cover may be automatically removed. However, if the predetermined allotted time after the notification elapses prior to the application becoming active, the application document may be encrypted, and password entry may be required to gain subsequent access to the document. | 12-04-2014 |
20140359786 | MATCHED CONTENT USE RESTRICTION SYSTEM - A system may be configured to receive an upload, from a first user device, of a basis content item that includes first content; determine whether a first user of the first user device has a right to restrict a use of the first content in an in-use content item uploaded by a second user device when the in-use content includes the first content; in response to determining that the first user has the right, store the basis content in the system; in response to determining that the first user does not have the right, discard the basis content; receive an upload, from a second user device, of a first in-use content item; and determine whether the first in-use content item matches the basis content item. | 12-04-2014 |
20140359787 | Content Management System and Method for Managing and Classifying Data About Entities and for Providing Content Including the Classified Data - A content management system manages data about entities and provides content including data about the entities. The content management system receives data about entities from originators associated with the entities. The content management system classifies the data and stores the classified data. The content management system may authenticate the data by determining an authenticator of the classified data. The authenticator may be the most appropriate person to authenticate the data. The content management system may determine an authenticator by determining the entity most related to the classified data and determining an originator representing or designated to authenticate the information. As such, the content management system may determine the originator in the best position to authenticate the data. The content management system may also receive a request from subscribers for content and create the content in response to the request. The data included in the content may be based on one of: the request from the at least one subscriber, a preference of the at least one subscriber, the at least one subscribers' relationship with the classified data, and authentication of the classified data. | 12-04-2014 |
20140359788 | PROCESSING SYSTEM - A processing system is disclosed. The system comprises: a processing unit; a memory adapted to store firmware code and application code for execution by the processor; and a memory access control unit adapted to control access of the processing unit to firmware code and application code stored in the memory. The memory access control unit is adapted to disable access to firmware code when access to application code is enabled, and to disable access to application code when access to firmware code is enabled. | 12-04-2014 |
20140366155 | METHOD AND SYSTEM OF PROVIDING STORAGE SERVICES IN MULTIPLE PUBLIC CLOUDS - A system and a method implement a cloud storage gateway configured to provide secure storage services in a cloud environment. A method can include implementing storage provisioning for a virtual machine (VM) in a hybrid cloud environment that includes an enterprise network in communication with a cloud. Enterprise network includes enterprise storage, and cloud includes cloud storage. The storage provisioning is implemented by deploying a cloud storage gateway in the cloud that facilitates secure migration of data associated with the VM between enterprise storage and cloud storage. A nested virtual machine container (NVC) is also deployed in the cloud, where NVC abstracts an interface that is transparent to a cloud infrastructure of the cloud. Cloud storage gateway can then be executed as a virtual machine within NVC. Such storage provisioning is further implemented by deploying the VM in a NVC in the cloud and directly attaching storage to the VM. | 12-11-2014 |
20140366156 | METHOD AND DEVICE FOR PROTECTING PRIVACY INFORMATION WITH BROWSER - A method and device for protecting privacy information with a browser are provided. The method includes: monitoring a file to be uploaded by the browser when an uploading process of the browser is executed; determining whether the file to be uploaded includes preset identification information; and blocking the file that is determined to include the preset identification information from being uploaded. With the technical solution, a privacy file is prevented from being stolen when an illegitimate website is accessed by the browser, and accordingly the security of user information is effectively improved. | 12-11-2014 |
20140373170 | SYSTEM AND METHOD FOR INITIALLY ESTABLISHING AND PERIODICALLY CONFIRMING TRUST IN A SOFTWARE APPLICATION - Systems and methods for providing trust provisioning are disclosed. A utilization request requesting to utilize data stored by a secure element associated with the device may be processed by a software application. In response to processing the utilization request, a registration request message for registering the software application may be communicated to a management server. A validation code may be received from the management server in reply to the registration request message. The received validation code may be verified to match a second validation code. Subsequent to successful verification, a passcode and an identifier of the secure element may be communicated to the management server. In response to communicating the passcode and the secure element identifier, an acknowledgement may be received from the management server specifying whether registration of the software application was successful. | 12-18-2014 |
20140373171 | SECURITY PROTECTION OF SOFTWARE LIBRARIES IN A DATA PROCESSING APPARATUS - A processing apparatus | 12-18-2014 |
20140373172 | SYSTEM AND METHOD FOR A PARALLEL WORLD OF SECURITY FOR NON SECURE ENVIRONMENTS - A system and method is introduced for combining a secure device with a non secure user machine for using and sharing secure data seamlessly through the non secure user machine. The secure device runs in a separate, “parallel world” to the user machine so that the user machine cannot access secure data while it is being used. Even if the user machine is already compromised, the secure data and its usage remain protected from the likes of key logging and screen captures. The secure device authenticates secure data handling to the user so that the user is able to differentiate between a secure and a non secure data usage, as well as identify false imitations of the secure environment. | 12-18-2014 |
20140373173 | METHOD FOR REQUIRING USER ACTIONS FOR THE ACCESS OR DELIVERY OF ITEMS OF VALUE - The present invention is directed to a method for providing items of value to consumers, and more specifically is a method that provisions access to items as the result of consumer action. Methods are provided that: 1) allow an administrator do define actions which must be performed by a user to obtain access to items; 2) validate that the actions have been performed by the user; and 3) provide access to the items. The present invention permits content producers to easily increase the value of their content, grow their audience, drive consumer engagement, improve data quality and increase revenues. The invention also permits consumers to more fairly exchange value for their social and commerce-related transactions. | 12-18-2014 |
20140373174 | INSTANT PERSONALIZATION SECURITY - Some embodiments involve methods and systems for instant personalization security. For example, a social networking system can provide a platform for a user to open applications and/or access external websites. In some cases, an application does not have access to the user's fully identifying profile (e.g., UID or other public information). Instead, the application has access to a pseudonymous profile corresponding to a hashed ID that is generated by the platform and provided to the application. Access to the pseudonymous profile enables the application or an external website to personalize its environment without breaching the security of the platform. | 12-18-2014 |
20140380498 | ANONYMIZATION DEVICE - The present invention enables comparison of the number of data items between groups. The anonymization device according to the present invention refers to a user information storage unit storing data items including user information, detects a singularity group that does not satisfy a predetermined anonymity metrics when the data items corresponding to a plurality of users are grouped based on the user information, selects an acquired data item from each group based on a predetermined rule corresponding to the anonymity metrics, such that all groups satisfy the anonymity metrics when a data item is acquired from each of the groups other than the singularity group and the user information is generalized into the same value together with a data item of the singularity group, generates an anonymized data item by generalizing the user information of the data item of the singularity group and the acquired data items into the same value, and stores the generated anonymized data items in an anonymized user information storage unit, together with a data item of each group other than the singularity group, with this data item being other than the acquired data items. | 12-25-2014 |
20140380499 | DELEGATING AUTHORITY OF LICENSES TO USE COMPUTER PRODUCTS IN A DISCONNECTED NETWORK - Techniques are provided for delegating authority over licenses to use computer products in a disconnected network. In one example, a collector device receives a delegation of authority from a license manager device to manage entitlements for a plurality of computer products installed in a network infrastructure. The collector device receives an identifier from each computer product. The collector device receives a configuration state of each computer product, wherein each configuration state includes a set of features that are enabled on the first computer product. The collector device sends to the license manager device a report that includes each identifier and each configuration state. | 12-25-2014 |
20140380500 | APPARATUS AND METHOD FOR CONTROLLING ACCESS TO WEBSITES USING HISTORY OF ACCESS OF ADMINISTRATOR - An apparatus and method for controlling access to websites using a history of access of an administrator are disclosed. The apparatus includes a privilege checking unit, an access control release unit, and an access control unit. The privilege checking unit determines whether the access privileges of a user are administrator privileges when the user attempts to access a website. The access control release unit sets the website to an access-allowed state if the access privileges of the user are administrator privileges. The access control unit controls access to the website if the access privileges of the user are not administrator privileges, nor is the website in an access-allowed state. | 12-25-2014 |
20140380501 | AUTHENTICATION METHOD FOR A PASSENGER AND CORRESPONDING SOFTWARE - Authentication method and corresponding software for a passenger of an aircraft of an airline, wherein a data processing apparatus of the airline generates flight-specific authentication data for the use of an on-board communication device, and the authentication data are transmitted to a portable passenger device of the passenger by means of a communication network. The authentication data allow the authentication of the passenger device by wirelessly transmitting the authentication data to the onboard communication device. | 12-25-2014 |
20140380502 | LICENSE INSTALL SUPPORT SYSTEM, LICENSE INSTALL SUPPORT METHOD - A license install support method includes receiving input of a first license identifier used for receiving license data, the license data being used by an electronic device for determining whether activation of a program is allowable; sending, to a license source determining device connected via a network, an acquisition request specifying the first license identifier for acquiring issuing source information including issuing source identification information of the license data; receiving the issuing source information returned from the license source determining device; and using a license install processing unit to acquire the license data corresponding to the first license identifier from a license management device relevant to the issuing source information included among plural license management devices connected via the network, and to send the license data to the electronic device. | 12-25-2014 |
20140380503 | PROGRAM EXECUTION DEVICE - A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program. | 12-25-2014 |
20140380504 | LEARNING METHOD AND SYSTEM THAT RESTRICTS ENTERTAINMENT - Method and system to help a student to focus on study materials on a computer by restricting the student from enjoying entertainment materials on the computer. The study materials are presented through a study program, and the entertainment materials are presented through an entertainment program. The entertainment program needs a device to entertain. The device can be a speaker or a position-pointing device, such as a mouse. The computer includes an access filter, which separates the programs from the device. The access filter can be modified to restrict coupling between the device and the entertainment program, but simultaneously allow coupling between the device and the study program. The restriction in the access filter can be removed under a predetermined condition, such as the amount of time the student has been working on the study materials, the student's performance in the study materials, and the time of day. | 12-25-2014 |
20150020209 | AUTO-SHARING OF SENSITIVE DATA - A method, computer system, and/or computer program product shares sensitive data. Sensitive data about a user of a first device is stored within the first device. The sensitive data within the first device is classified into different sensitive data tiers. A determination is made, by one or more processors, as to which tier level of sensitive data from the different sensitive data tiers is appropriate for sharing with a second device, where determining an appropriateness of sharing a particular tier level of sensitive data is based on a current contextual circumstance of the user of the first device. The appropriate tier level sensitive data is transmitted from the first device to the second device. | 01-15-2015 |
20150020210 | SYSTEMS AND METHODS FOR SECURING PROTECTED CONTENT - Systems and methods for securing protected content are provided. In one embodiment, a method comprises determining, at a computing device, that a first digital data includes protected content; determining that an unsecured rendering target is an output destination of the first digital data; masking, in response to determining that the unsecured rendering target is the output destination of the first digital data, the protected content of the first digital data to produce a second digital data, wherein at least a portion of the second digital data is masked protected content; overlaying unprotected content on the masked protected content to produce a third digital data, wherein at least a portion of the third digital data is the unprotected content overlaying the masked protected content; and outputting, for display at the unsecured rendering target, the third digital data. | 01-15-2015 |
20150020211 | SECURE PROTECTION METHOD AND PROCESSOR - A secure protection method executed by a processor is provided. The secure protection method includes the following steps. Perform a security checking before or after executing an instruction according to an instruction security attribute (ISA) of the instruction and a security attribute (SA) of an operational event (OE). Ignore the OE, defer the OE, or raise a security exception when the security checking fails. The OE is generated as a side effect when the processor fetches or executes the instruction, or generated as a monitoring result on the instruction, or generated in response to an external input of the processor. | 01-15-2015 |
20150020212 | Font Protection Management - Font protection management is described. In one or more implementations, a font package is obtained for an application and includes fonts that are protected by obfuscation. When the application is launched, a request to determine whether use of the protected fonts is authorized in connection with the application may be communicated to a font protection service. A response that is indicative of authorization to use the protected fonts in connection with the application may be received from the font protection service. When the response indicates that use of the protected fonts is authorized, the protected fonts may be de-obfuscated and subsequently used in connection with the application. When the response indicates that use of the protected fonts is not authorized in connection with the application, however, default fonts may be used with the application instead. | 01-15-2015 |
20150020213 | METHOD AND APPARATUS GENERATING AND APPLYING SECURITY LABELS TO SENSITIVE DATA - The disclosure comprises a method, an apparatus, and instructions for controlling a computer to implement a security labeling service (SLS) to tag an electronic record or data stream with security labels to ensure compliance with access restriction requirements. The SLS tags a record or data stream with security labels according to constraints including jurisdictional (government regulation), organizational policy, and authorization of a subject of record (e.g. patient consent). The SLS consumes a vocabulary dictionary to interpret the record and the constraints to generate rules for tagging the data. The original record or data stream is then tagged according to the rules. The tagged output is used to ensure compliance with the security labels. | 01-15-2015 |
20150020214 | SYSTEM AND METHOD FOR ACCESS CONTROL USING NETWORK VERIFICATION - A system for controlling access includes a computing device, configured to: determine a first identifier associated with a first access point being used by the computing device to access a network; determine first access control data associated with the first identifier and a first application executing on the computing device; and control access to data over the network by the first application based on the first access control data. | 01-15-2015 |
20150026819 | SELECTIVELY ALLOWING REFERENCE TO OBJECT ON UNLOCK DISPLAY SCREEN - Methods and devices for selectively allowing a reference to an object to be included on an unlock display screen are described. In one embodiment, a processor-implemented method is described. The method includes: providing a plurality of perimeters on the electronic device, the perimeters including a low-security perimeter and a high-security perimeter; associating one or more objects with the low-security perimeter and one or more objects with the high-security perimeter; and based on the associations between the one or more objects and the one or more perimeters, selectively allowing one or more of the objects to be referenced on an unlock display screen. | 01-22-2015 |
20150026820 | ALTERNATE CONTENT PLAYLIST FOR LOCKED MEDIA CONTENT - Systems, and methods disclosed herein include systems and methods for providing alternative content playlists for locked media content. Media content may be locked according to certain pre-conditions, such as a release date. Prior to the pre-conditions being met, e.g., on a date earlier than the release date, the content may be locked to prevent user access. During such locked period, a user may be presented with an alternative content playlist with media content that is available to be accessed by the user. | 01-22-2015 |
20150026821 | MANAGEMENT OF DIGITAL INFORMATION - According to an embodiment of the present invention, a system provides secure access to a digital item and includes at least one processor. The system partitions the digital item into a plurality of segments each containing a portion of the digital item and associated with a corresponding sensitivity level. The portion of the digital item within each segment is encrypted in accordance with the corresponding sensitivity level, and the plurality of segments are randomly stored among a plurality of storage units. Embodiments of the present invention further include a method and computer program product for providing secure access to a digital item in substantially the same manner described above. | 01-22-2015 |
20150026822 | PROTECTION OF PROPRIETARY EMBEDDED INSTRUMENTS - A network of storage units has a data path which is at least a portion of the network. The network also has a key storage unit and a gateway storage unit. If the key storage unit stores a key value, the key storage unit transmits a key signal to the gateway storage unit. If the gateway storage unit does not store a gateway value or the key signal is not transmitted to the gateway storage unit, the gateway storage unit does not insert a data path segment in the data path. If the gateway storage unit stores a gateway value and the key signal is transmitted to the gateway storage unit, the gateway storage unit inserts the data path segment. | 01-22-2015 |
20150033360 | METHOD AND APPARATUS FOR SECURING CONFIGURATION SCAN CHAINS OF A PROGRAMMABLE DEVICE - Scan chain circuitry on an integrated circuit device includes a plurality of memory elements, and a plurality of control elements. Each of the control elements is located between respective ones of the plurality of memory elements for controllably connecting the plurality of memory elements into a scan chain. A plurality of respective scan enable activation elements controls a respective subplurality of the plurality of control elements for connecting a respective subplurality of the plurality of memory elements into the scan chain. Each scan enable activation element is actuated, to connect its respective subplurality of the plurality of memory elements into the scan chain, by a first enable signal common to more than one of the scan enable activation elements, and a second enable signal for that one of the scan enable activation elements. Such scan chain circuitry may be used for entering configuration data into a programmable integrated circuit device. | 01-29-2015 |
20150033361 | Method for Invoking Application in Screen Lock Environment - A method for invoking an application in a Screen Lock screen is disclosed herein. The method for invoking an application in a user equipment includes the steps of selecting at least one unlock application that is to be displayed on a Screen Lock screen among multiple applications, and displaying an unlock application icon respective to each of the select at least one unlock application on the Screen Lock screen. | 01-29-2015 |
20150033362 | Notification and Privacy Management of Online Photos and Videos - Systems and methods for notification and privacy management of online photos and videos are herein disclosed. According to one embodiment, a computer-implemented method includes detecting a first feature from a first image belonging to an image source. The first image includes a tag. The computer-implemented method further includes determining a first feature location of the first feature, determining a first tag location of the tag, extracting a first feature signature from the first feature based on a relationship between the first feature location and the first tag location, detecting a second feature from a second image belonging to the image source, extracting a second feature signature from the second feature, performing a first comparison between the first feature signature and the second feature signature, and deriving a first similarity score based on a result of the first comparison. | 01-29-2015 |
20150033363 | CONTROLLED USE MEDICAL APPLICATION - Various systems, machine-readable media, and methods for controlled use of medical applications using virtualization are described herein. In various embodiments, a virtualized medical application container can be created, including creating an image of a clean version of an operating system, installing a medical application on the image, and initializing the medical application on the image. Various embodiments include receiving an indication of a request for metered use of the medical application; requesting permission for metered use of the medical application, wherein the metered use includes at least one of a single use, a defined number of uses, unlimited use, or timed use; executing at least a portion of the medical application; and controlling usage of the medical application to comply with at least one of medical informatics standards and medical informatics regulations. | 01-29-2015 |
20150040243 | LIMITED-ACCESS STATE FOR INADVERTENT INPUTS - Techniques for a computing device operating in access-states are provided. One example method includes receiving, by the computing device operating in a first access state, an indication of first input and responsive to determining that at least one value of a characteristic of the first input exceeds a predetermined characteristic threshold, transitioning the computing device to operate in a second access state. While the computing device is operating in the second access state, the method further includes outputting instructions for transitioning the computing device from operating in the second access state. The method further includes receiving, by the computing device operating in the second access state, an indication of a second input and responsive to determining that the indication of the second input satisfies a threshold of compliance with the instructions, transitioning the computing device from operating in the second access state to operating in the first access state. | 02-05-2015 |
20150040244 | System And Method For Communications Routing - Provided is a system which allows a user to efficiently locate and contact those individuals the user would like to communicate with. The system can also collect or access data about users in order to determine the best contact point to use at a particular time. Some of the data may include information pertaining to a user's appointments, schedule, activities, location and/or contact point usage. The system can monitor the data and may determine an individual's usage patterns in order to select or suggest contact points that are the best to contact a particular user at a particular time. The system may also determine or receive settings that allow for the routing of communications to particular contact points based on how the user receiving the communication would prefer to be contacted. Further, the system may securely route sensitive communications and prevent or limit forwarding of the sensitive information. | 02-05-2015 |
20150047051 | Managing Access to Secured Content - Techniques for preventing unauthorized access to protected network resources include accessing, from a client appliance connected in a distributed network, a computing appliance through the world wide web, the computing appliance including a DNS server addressed by a particular domain name; receiving, from the computing appliance, a portion of code at the client appliance through a web browser of the client appliance, receiving, to a server appliance connected in the distributed network, a request to access secure content stored on the server appliance by the portion of code; comparing the domain name of the DNS server with a server-origin of the secure content; and based on the domain name of the DNS server being exclusive of a set of server-origin values that includes the server-origin, denying access to the request. | 02-12-2015 |
20150047052 | METHOD AND SYSTEM FOR PROVIDING A DIGITAL TICKET FOR ACCESS TO AT LEAST ONE DIGITAL OBJECT - A method of providing a digital ticket allowing access to at least one digital object comprising the following steps: following a selection by a first user of at least one digital object, a step of submission of a request to a management server to obtain a digital ticket comprising a unique identification code, a first step of generation of said digital ticket, a first step of transmission of said digital ticket to the first user, and a step of activation of the digital ticket. | 02-12-2015 |
20150052616 | PROTECTED MODE FOR SECURING COMPUTING DEVICES - Methods and systems are disclosed for testing and/or validating that an untrusted device is operating according to an expected state or configuration. The methods and systems may be designed such that the volatile memory of the untrusted device is brought to a known state for validation, for example upon ingress to or egress from a protected mode of operation. The device may execute a first operating system when operating outside of the protected mode. Upon determining to transition to protected mode, an operational image of a second operating system may be loaded into the device. The device may write a pattern to unused memory for validation. The device may receive a first challenge request from a trusted monitor (TM). In order to be successfully validated, the device may answer the challenge correctly within a given response window based on the current state of its volatile memory. | 02-19-2015 |
20150052617 | SECURITY POUCH FOR AN ELECTRONIC DEVICE - Provided is a pouch for covering a mobile device to block electronic signals and/or provide and antibacterial function. In one example, a pouch includes a shield configured to envelope the mobile device, a covering configured to envelope the shield, and a seal composed of offset rib structures configured to fully encase the mobile device in order to prevent electronic signals from reaching the device. | 02-19-2015 |
20150052618 | EMERGENCY INFORMATION ACCESS ON PORTABLE ELECTRONIC DEVICES - Improved techniques for facilitating emergency access to one or more contacts stored on a portable electronic device are disclosed. One or more contacts on the portable electronic device are designated as emergency contacts. While the portable electronic device is password-locked, a request to display the one or more emergency contacts on the password-locked portable electronic device is received. Without requiring a password, the one or more emergency contacts are displayed on the portable electronic device. | 02-19-2015 |
20150059000 | METHOD AND ELECTRONIC DEVICE FOR PROTECTING DATA - A method and an electronic device for protecting data for a first electronic device with a data transmission interface are provided. A basic I/O system of the first electronic device is provided with a verification program for verifying a second electronic device. The method includes: loading the verification program into a memory of the first electronic device; verifying the second electronic device to acquire a verification result by the memory running the verification program via the memory; disabling the data transmission interface to cause the second electronic device to be unable to perform data transmission with the first electronic device by the data transmission interface in a case that the verification result indicates that the second electronic device is not a valid device. | 02-26-2015 |
20150059001 | PERSONAL CONTENT CONTROL ON MEDIA DEVICE USING MOBILE USER DEVICE - A method for controlling personal content on a media device includes establishing, at the media device, a wireless connection with a mobile user device using a wireless communication circuit of the media device; receiving, from the mobile user device, account information for an account associated with personal content, the personal content of the account accessible by the media device from a server computer over a communication network or from a memory of the media device; receiving, from the mobile user device, a usage term for accessing or using the personal content of the account; and controlling access to or usage of the personal content of the account by the media device based on the received account information and the usage term. | 02-26-2015 |
20150067883 | COMPUTING SYSTEM WITH IDENTITY PROTECTION MECHANISM AND METHOD OF OPERATION THEREOF - A computing system includes: a communication unit configured to access a target account including a feature; a control unit, coupled to the communication unit, configured to: calculate a comparison result based on the feature, determine an anonymity threshold for conforming the target account with a comparison account, and determine the feature for the target account based on the comparison result and the anonymity threshold for displaying on a device. | 03-05-2015 |
20150067884 | METHOD AND SYSTEM FOR PROTECTING SOFTWARE - Provided is a method for protecting software. Software license information of an authorized user is used to generate an identifying code of software license. The identifying code of software license is analyzed by the software system of the authorized client terminal wherein the software license information and valid period of said identifying code of software license. The software system of an authorized client terminal then determines whether the current time is within the validation time period. If the current time is within the validation time period, then the protected software is enabled. | 03-05-2015 |
20150067885 | PRIVACY PROTECTION FOR A LIFE-LOG SYSTEM - Technologies are generally described for privacy protection for a life-log system. In some examples, a method performed under control of a life-log system may include receiving, from a user account, a request to change one or more real life-log data entries relating to a real event that are stored in a first part of a database; removing the one or more real life-log data entries relating to the real event from the first part of the database; and storing, in the first part of the database, one or more misleading life-log data entries relating to a false event corresponding to the real event. | 03-05-2015 |
20150067886 | DYNAMIC DATA MASKING SYSTEM AND METHOD - A system and method for providing dynamic data asking for databases through a data masking apparatus. | 03-05-2015 |
20150067887 | DIGITAL CONTENT RIGHTS MANAGEMENT METHOD AND SYSTEM - A digital content rights management method and system belongs to the digital content rights management technique field. The method of the invention includes the steps: registering the system, generating the time stamp, verifying the time stamp when the system starts up, acquiring the certificate, verifying the time before accessing the digital content. The system of the invention comprises a device for accessing the digital content and a server, wherein the device for accessing the digital content comprises: a registering module, a time stamp generating module, a time stamp verification module, a certificate of authorization acquiring module, and a time verification module. The method and system have solved the problem that the digital content can still be used beyond the time limit. | 03-05-2015 |
20150067888 | ENVIRONMENTAL MONITORING DEVICE - An environmental monitoring device that monitors the operation of a legacy electronic device is described. In particular, a sensor in the environmental monitoring device provides sensor data that represents an environmental condition in an external environment that includes the environmental monitoring device. This environmental condition is associated with the operation of the legacy electronic device in the external environment. The environmental monitoring device analyzes the sensor data and provides feedback about the operation of the legacy electronic device based on the analyzed sensor data. Moreover, the sensor provides the sensor data without or excluding communication and/or electrical coupling between the environmental monitoring device and the legacy electronic device. In this way, the environmental monitoring device facilitates monitoring, analysis and feedback of the sensor data without directly interacting with the legacy electronic device. | 03-05-2015 |
20150074818 | FAST-EXPIRING LICENSES USED TO SPECULATIVELY AUTHORIZE ACCESS TO STREAMING MEDIA CONTENT - Techniques are disclosed for improving user experience of multimedia streaming over computer networks. More specifically, techniques presented herein reduce (or eliminate) latency in playback start time for streaming digital media content resulting from digital rights management (DRM) authorizations. A streaming media client (e.g., a browser, set-top box, mobile telephone or tablet “app”) may request a “fast-expiring” license for titles the streaming media client predicts a user is likely to begin streaming. A fast-expiring license is a DRM license (and associated decryption key) which is valid for only a very limited time after being used for playback. During the validity period of such a license, the client device requests a “normal” or “regular” license to continue accessing the title after the fast-expiring license expires. | 03-12-2015 |
20150074819 | SHARING ARTIFACTS IN PERMISSION-PROTECTED ARCHIVES - Among other things, we describe techniques for receiving a list of artifacts that are stored in an archive and are responsive to a search query issued by an entity. A set of artifacts are identified that each have a permission attribute indicating that the respective artifact is accessible to the entity when the respective artifact is responsive, above a threshold responsiveness value, to the search query issued by the entity. | 03-12-2015 |
20150074820 | SECURITY ENHANCEMENT APPARATUS - A security enhancement apparatus is provided which is capable of preventing infection by malware that requires writing of important files of the OS or system, by protecting the important files from writing if data protection is implemented in units of files. The security enhancement apparatus relays IO of a PC, control device, or the like. A hard disk, USB device, display, or the like is connected via the security enhance apparatus. As for data protection in a storage, data is handled not only in units of sectors but also in units of files. The apparatus directly performs secure data transfer or display, setting/input therefor, or the like, thereby being able to correctly make an alert or inquiry to the user even in the case where a vulnerability of the OS or application program is attacked and control of the PC or control device is taken by an unauthorized program. Also, during communication, the security enhancement apparatus can authenticate a communication-partner device and encrypt communication content. | 03-12-2015 |
20150074821 | DEVICE MANAGEMENT APPARATUS, DEVICE MANAGEMENT SYSTEM AND DEVICE MANAGEMENT METHOD - A device management apparatus includes a first storage part storing license information regarding a license of an application for each of a plurality of devices and a processor executing a program to perform a license validating process and a function restricting process. The license validating process changes, when the license information includes invalidity information indicating that the license is invalid, the invalidity information into validity information indicating that the license is valid. The function restricting process restricts, when the license information includes the invalidity information, an execution of a function of the device management apparatus with respect to the application of each of the devices. | 03-12-2015 |
20150074822 | SECURE AUTHENTICATED DISTANCE MEASUREMENT - The invention relates to a method for a first communication device to perform authenticated distance measurement between the first communication device and a second communication device, wherein the first and the second communication device share a common secret and the common secret is used for performing the distance measurement between the first and the second communication device. The invention also relates to a method of determining whether data stored on a first communication device are to be accessed by a second communication device. Moreover, the invention relates to a communication device for performing authenticated distance measurement to a second communication device. The invention also relates to an apparatus for playing back multimedia content comprising a communication device. | 03-12-2015 |
20150082454 | SYSTEMS AND METHODS FOR LICENSING OF MOBILE APPLICATIONS - System and methods for licensing of dynamic mobile applications are disclosed herein. In one embodiment, a non-transitory computer readable medium storing executable instructions is provided. The instructions, when executed by a processor, cause the processor to communicatively couple to a mobile device and to receive a user login, a user password, and a client identification from the mobile device. The instructions additionally cause the processor to validate a client as a licensed client based on the based on the user login, user password, and client identification and to derive a connectivity data based on the user login, user password, and client identification if the client is a valid licensed client, wherein the connectivity data comprises a first connectivity data configured to communicatively couple the mobile device to a first system; and wherein the mobile device is configured to download a first API from the first system. | 03-19-2015 |
20150082455 | Data Collection Privacy - Various implementations of data collection privacy techniques for web content are described herein. Web content that is authored via content authoring service may be associated with data that describes collection behaviors of the web content in accordance with an established data collection privacy scheme. In one approach, data collection privacy is implemented using mark-up constructs contained in a manifest that is included with or otherwise associated with the web content. A content rendering application, such as a browser, may be configured to parse the content and recognize the collection behaviors based on the corresponding data indicative of the behaviors. The content rendering application may then output a notification to inform the user regarding the collection behaviors and provide a set of options available for management of data collection. | 03-19-2015 |
20150082456 | DATA EXFILTRATION PREVENTION FROM MOBILE PLATFORMS - Technology is disclosed for preventing an exfiltration of a data associated with an application executing on a mobile device. The technology can migrate the application from a computing platform of the mobile device to a secure computing platform, where the secure computing platform is independent of the computing platform of the mobile device. The technology can further receive a request to access the application through the mobile device, execute the requested application on the secure computing platform, and provide an access to the requested application executing on the secure computing platform through the mobile device. The access provided through the mobile device includes displaying information on the mobile device, where the displayed information includes data generated by the execution of requested application on the secure platform. | 03-19-2015 |
20150082457 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND RECORDING MEDIUM STORING INFORMATION PROCESSING PROGRAM - An information processing apparatus includes a memory that includes a first storage area and a second storage area and a processor that generates link information to access the file stored in the first storage area, in the second storage area associated with the user identification information associated with the first storage area, requests a notification server that transmits a notification, with identification information that identifies a communication apparatus that corresponds to the user identification information associated with the first storage area, and transfers, in response to a request from the communication apparatus that receives the notification, the link information stored in the second storage area associated with the user identification information corresponding to the communication apparatus and that further transfers, in response to access of the file by the communication apparatus using the link information, the file obtained from the first area to the communication apparatus. | 03-19-2015 |
20150082458 | METHODS AND SYSTEMS FOR UPGRADE AND SYNCHRONIZATION OF SECURELY INSTALLED APPLICATIONS ON A COMPUTING DEVICE - Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application. | 03-19-2015 |
20150089663 | DATA REDACTION SYSTEM - An electronic data storage and retrieval system comprising one or more first computing devices and a second computing device. The one or more first computing devices comprise a plurality of first data files, wherein, each of the plurality of first data files is associated with a first authentication level. The second computing device is associated with a second authentication level. Upon receiving a request to provide at least one of the plurality of first data files from the second computing device, the one or more first computing devices compares the first authentication level with the second authentication level, and creates a copy of the at least one of the plurality of first data files. The copy of the at least one of the plurality of first data files comprises a portion of the at least one of the plurality of first data files. | 03-26-2015 |
20150089664 | ELECTRONIC DEVICE AND UNLOCKING METHOD THEREOF - An electronic device and an unlocking method thereof are provided. The electronic device has a touch screen, and the unlocking method includes following steps. When the electronic device is at a locking state, a first input and a second input corresponding to each other are received. Symbol information displayed on the touch screen is obtained according to the first input, and direction information is obtained according to the second input. When the symbol information and the direction information are matched to a predefined unlocking condition, the electronic device is switched to an unlocking state. When the symbol information and the direction information are not matched to the predefined unlocking condition, the electronic device is maintained in the locking state. | 03-26-2015 |
20150089665 | Document Management Server That Reduces Information Leakage of Non-Public Document Information - A document management server includes a document information managing unit, a location information acquisition unit, and an information transmitting unit. The document information managing unit controls public document information and non-public document information. The public document information is freely browsable. The non-public document information is browsable inside a permission area. The location information acquisition unit acquires location information of a mobile terminal to browse the non-public document information. The information transmitting unit determines whether or not the mobile terminal is inside the permission area based on the acquired location information and transmits the non-public document information to the mobile terminal while the mobile terminal is determined to be in the permission area. | 03-26-2015 |
20150089666 | APPARATUS AND METHOD FOR PROTECTING PRIVACY IN TERMINAL - Provided is an apparatus and method for protecting privacy in a terminal that may verify or determine whether a lock screen unlock input corresponds to an unlock input to enter a secret mode or an unlock input to enter a standard mode in response to sensing the lock screen unlock input, set a secret database (DB) to be inaccessible in response to a verification or determination that the lock screen unlock input corresponds to an unlock input to enter the standard mode, and set the secret DB to be accessible in response to a verification or determination that the lock screen unlock input corresponds to an unlock input to enter the secret mode. | 03-26-2015 |
20150089667 | DYNAMIC NETWORK CONSTRUCTION - A dynamic network is disclosed herein. The dynamic network can include a central server, one or several user devices, one or several remote servers, and a database server. The dynamic network can be created in response to a user request for content to be used in a compilation. The central server can identify one or several of the remote servers as potentially containing the requested content, and can communicate with the identified one or several of the remote servers to receive that content. Additionally, the server can identify and connect with one or several servers containing terms of use information for the requested content. | 03-26-2015 |
20150096047 | COMMUNICATION APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - A communication apparatus has an auto-complete function using an LDAP protocol. The apparatus inputs character information, and verifies a certificate of an LDAP server. The apparatus obtains, by the LDAP protocol, address information including the character information input by the input unit after verifying the certificate of the LDAP server. | 04-02-2015 |
20150096048 | ALTERNATE FILES RETURNED FOR SUSPICIOUS PROCESSES IN A COMPROMISED COMPUTER NETWORK - Methods and systems are presented of presenting false and/or decoy content to an intruder operating on a computer system by obfuscating critical files on a computer storage device with data that directs subsequent infiltration and propagation to designated decoy hosts and decoy applications. | 04-02-2015 |
20150096049 | MULTI-LAYER SYSTEM FOR PRIVACY ENFORCEMENT AND MONITORING OF SUSPICIOUS DATA ACCESS BEHAVIOR - A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy. | 04-02-2015 |
20150096050 | Enhanced Security For Accessing Virtual Memory - A disclosed method includes obtaining a physical address corresponding to a virtual address responsive to detecting a virtual address associated with a memory access instruction and, responsive to identifying a memory page associated with the physical address as a sensitive memory page, evaluating sensitive access information associated with the memory page. If the sensitive access information satisfies a sensitive access criteria, invoking a sensitive access handler to control execution of the memory access instruction. | 04-02-2015 |
20150096051 | Method, Apparatus, and System for Manageability and Secure Routing and Endpoint Access - A solution is presented to securing endpoints without the need for a separate bus or communication path. The solution allows for controlling access to endpoints by utilizing a management protocol by overlapping with existing interconnect communication paths in a packet format and utilizing a PCI address BDF (Bus number, Device number, and Function number) for verification. | 04-02-2015 |
20150106955 | Methods, Devices, and Computer Readable Storage for Sharing Sensitive Content Securely - Sensitive content is securely shared. A request is received from a first communication device to share sensitive content. The first communication device is associated with an account for a communication service provided by a network provider. A message including a link to the sensitive content is sent to a second communication device associated with a phone number. That message is addressed to the second communication device. An authentication message is received, indicating that the second communication device is associated with the phone number. Responsive to receipt of the authentication message, the sensitive content is made accessible via the second communication device without requiring that the second communication device be associated with an account for the communication service provided by the network provider. | 04-16-2015 |
20150113664 | Preventing Unintentionally Violating Privacy When Sharing and/or Publishing Content - Embodiments of this invention relate to the field of sharing and publishing content. It is inter-alia disclosed to obtain content at a device, to determine whether or not the content is associated with at least one potentially sensitive entity and, in case that it is determined that the content is associated with at least one potentially sensitive entity, non-modally notifying a user of the device that the content is associated with at least one potentially sensitive entity and/or preventing an at least unintentional sharing and/or publishing of the content by a user of the device. | 04-23-2015 |
20150113665 | SYSTEMS AND METHODS FOR PREVENTING DATA REMANENCE IN MEMORY - A system for preventing data remanence in memory is provided. The system includes a computing device, a memory chip coupled to the computing device and including memory, and a heater, the heater configured to prevent data remanence in a memory by providing heat to at least a portion of the memory. The memory includes a plurality of bits configured to electronically store data. | 04-23-2015 |
20150121540 | Software and Inventory Licensing System and Method - A system for distributing a license key for upgrading an access control system. A portable token that includes first and second identifiers, such as a visible serial number and a concealed control number that can be derived from the serial number. The access control system is identified by a third identifier, such as a MAC address. A license server generates a license key from the first, second and third identifiers that is operative to allow access to software features that are resident on the access control system without the need for an Internet connection. | 04-30-2015 |
20150121541 | AUTOMATICALLY PRESENTING RIGHTS PROTECTED CONTENT ON PREVIOUSLY UNAUTHORIZED DEVICE - A first consumer electronics device includes a computer readable storage medium bearing instructions executable by a processor, and a processor configured for accessing the computer readable storage medium to execute the instructions to configure the processor for receiving a signal indicative of close proximity of the first CE device to a second CE device. The instructions also configure the processor for providing a private key to the second CE device in response to receiving the signal. The private key is associated with a digital rights management (DRM) account for which the first CE device has been configured to access, and is configured for a single use by the second CE device to access a first audio video (AV) content without the second CE device communicating any other authentication information associated with the DRM account to access the first AV content to a content provider associated with the first AV content. | 04-30-2015 |
20150121542 | INFORMATION PROCESSING DEVICE, NON-TRANSITORY COMPUTER READABLE MEDIUM, AND INFORMATION PROCESSING METHOD - An information processing device includes a processing-type accepting unit that accepts a type of first processing of data, a data accepting unit that accepts post-processing data, the post-processing data being data on which the first processing accepted by the processing-type accepting unit has been executed, and a data processing unit that determines a data confidentiality level indicating a degree of confidentiality of the post-processing data, on a basis of a first confidentiality level associated with the type of the first processing, and executes second processing according to the data confidentiality level with respect to the post-processing data. | 04-30-2015 |
20150121543 | Method and Terminal Device for Protecting Application Program - The present disclosure relates to a method for protecting an application program in a terminal device, and a terminal device thereof. The method includes: intercepting a request for starting an application program; determining whether the application program needs protection; and starting a protection interface before starting the application program, if the application needs protection. According to the present disclosure, the protection interface is launched before starting the application program when the terminal device detects that the application program needs protection, thereby protecting the application program comprehensively and thoroughly. | 04-30-2015 |
20150121544 | ACCOUNT MANAGEMENT METHOD AND ASSOCIATED APPARATUS AND SYSTEM - A method, apparatus and system for securely managing account information are disclosed. In some embodiments, the method is performed at a computer system having one or more processors and memory for storing programs to be executed by the one or more processors. The method includes receiving a request associated with an account. The request includes location verification information. The method includes retrieving, in response to the request, information of a set of predefined locations associated with the account. The method also includes comparing information of the set of predefined locations with the received location verification information to determine whether the received location verification information satisfies a predefined condition. The method further includes sending a response to the request to a destination associated with the account when the received location verification information satisfies the predefined condition. The response includes confidential information associated with the account. | 04-30-2015 |
20150121545 | SECURITY DESCRIPTORS FOR RECORD ACCESS QUERIES - Embodiments regard security descriptors for record access queries. An embodiment of a method includes: receiving a record access query, the query regarding records for a certain one or more users, groups, or both at a certain access level; searching one or more sharing tables of entities in a computing environment for security descriptors, each security descriptor being associated with a set of one or more users, groups, or both having access to one or more records of a set of records at an access level; identifying any security descriptors in the one or more sharing tables that relate to the certain one or more users, groups, or both with at least the certain access level; and searching the one or more records associated with each of the identified security descriptors according to the record access query. | 04-30-2015 |
20150128286 | PREVENTING CHANGES TO COMPUTING DEVICES IN A COMPUTING SYSTEM SERVICING A CRITICAL JOB - Preventing changes to computing devices in a computing system servicing a critical job, including: identifying, by a job protection module, a critical job executing in the computing system; identifying, by the job protection module, one or more computing devices in the computing system utilized during execution of the critical job; and locking, by the job protection module, each of the one or more computing devices in the computing system utilized during execution of the critical job from undergoing a configuration change during execution of the critical job. | 05-07-2015 |
20150128287 | Dynamic De-Identification And Anonymity - Various systems, computer-readable media, and computer-implemented methods of providing improved data privacy, anonymity and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent that is desired—are disclosed herein. Embodiments include systems that create, access, use, store and/or erase data with increased privacy, anonymity and security, thereby facilitating the availability of more qualified and accurate information. When data is authorized by subjects to be shared with third parties, embodiments may facilitate sharing information in a dynamically controlled manner that enables delivery of temporally-, geographically-, and/or purpose-limited information to the receiving party. In one example, anonymity measurement scores may be calculated for the shared data elements so that a level of consent/involvement required by the Data Subject before sharing the relevant data elements to third parties may be specified. | 05-07-2015 |
20150128288 | Private photograph storage in digital camera user interface - This invention relates in general to a digital information/imaging system such as a digital camera which captures and processes an image for immediate or future viewing, and more particular to a digital information/imaging system having an immediate switch for quickly routing subsequent photos into a separate secured area. | 05-07-2015 |
20150128289 | DISTRIBUTED MANAGEMENT FRAMEWORK FOR PERSONAL ATTRIBUTES - A technique for distributed management of attributes includes propagating attributes based upon attribute-granularity permissions. An example of a system according to the technique may include a server, coupled to a first client and a second client, that includes a module that receives attribute data from the first client; a permissions database where first permissions associated with the first client are set at the individual attribute level for the second client; an engine for updating the permissions database and for validating the first permissions for the second client; and an engine for distributing first client updates based on validated permissions to destinations associated with the one or more second destination stores. | 05-07-2015 |
20150135331 | MULTIPROTOCOL ACCESS CONTROL LIST WITH GUARANTEED PROTOCOL COMPLIANCE - An approach to multiprotocol ACL implementation with guaranteed protocol compliance is described. In one approach, a method of access rights validation for a multiprotocol supported file server is detailed. The method involves receiving a request to store a file with a security descriptor and storing the security descriptor in an extended attribute associated with the file. Subsequently, the security descriptor is expanded to extract a set of ACEs. Access to the file can then be validated against the ACEs expanded from the security descriptor according to the specifications of the protocol that created the security descriptor. | 05-14-2015 |
20150143535 | Method and System to Warn the User in the Event of Potential Confidential Document Security Violations - A method and system to warn the user in the event of potential confidential document security violations. The method includes using a computer, electronically embedding a digital marker in an electronic document to create a marked document; storing the document on a non-removable non-transitory computer readable medium of the computer; upon a request for transmission of the marked document from the computer or for copying the marked document to a removable non-transitory computer readable medium, determining that the marked document contains the digital marker and displaying a warning on a display unit of the computer of the request based on the marked document containing the digital marker; and allowing the transmission or the copying only upon approval of release of the marked document by a human user of the computer. | 05-21-2015 |
20150143536 | SYSTEM AND METHOD FOR LOCATING AND RETRIEVING PRIVATE INFORMATION ON A NETWORK - A system for document retrieval in a network environment is provided where documents are stored with corresponding privacy codes. A query server computer is in communication with the network and is programmed to generate a privacy index of all documents available on the network indexed by their corresponding privacy codes. The privacy codes define document access permissions that are securely associated with the documents and are assigned by document custodians. A search engine in communication with the network is configured to receive a query from a requester and generate a list of documents from the privacy index which match search parameters of the query and privacy codes of the requester. | 05-21-2015 |
20150150145 | METHOD AND SYSTEM FOR FAST PERMISSION CHANGES FOR VIRTUAL ADDRESSES - A method for accessing shared memory, the method includes loading a private context ID into a private context ID register, where the first private context ID enables a thread to access a private memory region only accessible by the thread. The method further includes receiving, from the thread, a first request to access a shared memory region, loading a shared context ID into a shared context register, permitting, by a memory management unit (MMU), the thread to access the shared memory region using the shared context ID, and receiving, from the thread, a second request to disable access to the shared memory region. The method further includes removing, in response to the second request, the shared context ID from the shared context ID register, where after removing the shared context ID from the shared context ID register the thread is no longer able to access the shared memory region. | 05-28-2015 |
20150150146 | PROVIDING CONTENT ITEMS FROM ALTERNATE SOURCES - Systems and methods for providing content items to users. A computer system may provide to a first user an indication of a plurality of available content items. The computer system may receive from the first user an indication of a first content item selected from the plurality of content items. The computer system may determine whether a content provider service associated with the computer system is authorized to stream the first content item to the first user. When the content provider service is not authorized to stream the first content item to the first user, the computer system may identify an alternate source for the first content item. The computer system may initiate playback of the first content item to the first user from the alternate source. | 05-28-2015 |
20150302211 | REMOVABLE STORAGE MEDIUM SECURITY SYSTEM AND METHOD THEREOF - A mobile storage medium safety system and method is disclosed. The mobile storage medium safety system provided at a host includes a file manager module for recognizing at least one file stored in a mobile storage medium when the mobile storage medium is connected to the host and a control unit for mounting on the host only a selective file selected by a predetermined method from at least one file recognized through the file manager module. | 10-22-2015 |
20150302212 | System for Meetings Documentation that Enables Access to the Documentation only by the Consent of the Participants - A system for audio and visual documenting of personal meetings between two or more persons whereby the documentation is stored in a memory means where the access to the memory means can be done only by consent of said participants and by a positive action made by each of them. The system includes a casing, a memory means, a recording voice means or a video recording means, a locking means and authorized keys. The memory means is saved in the casing and locked by the locking means. Opening the locking means and the casing can be done only by using authorized keys. The locking means is a locking means selected from the group consisting of a mechanical locking, an electronic lock, an electric lock, a lock based on magnetic cards, a biometric lock, a locking means based on finger print, retina or DNA sample. | 10-22-2015 |
20150304329 | Method and apparatus for managing access rights - In accordance with an example embodiment of the present invention, there is provided an apparatus, configured to compare reputation information of a first user to access criteria relating to data of a second user, and to decide on an extent of access to the data based at least in part on the comparison, and a transmitter configured to cause an indication of the decision to be transmitted. The apparatus may receive the reputation information from a reputation source. | 10-22-2015 |
20150310222 | SYSTEM AND METHOD FOR PREVENTING ACCESS TO DATA ON A COMPROMISED REMOTE DEVICE - This invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified. | 10-29-2015 |
20150310224 | ABSTRACTIONS AND AUTOMATION FOR ENHANCED SHARING AND COLLABORATION - The present invention provides methods for using abstractions of people, including dynamic and static groups of people, to enhance the efficiency of the specification and automation of policies for sharing information between users with a “need-to-know.” An instance of the present invention can also provide these users information based on a “time-to-know.” By providing access to information based on group affiliation and properties of the content of the information, the present invention maintains optimal information privacy while minimizing encumbrances to sharing data with appropriate users and even at appropriate times. The present invention can be integrated with other communication technologies to facilitate access to information in a time appropriate manner. Other instances of the present invention employ automated and semi-automated, mixed-initiative techniques, to make information-sharing decisions. Additional instances of the present invention include the employment of machine-learning techniques to facilitate construction of access policies from the actions or profile of a single user or a community of users, including the construction of automated sharing agents that work in an automated or mixed-initiative manner to respond to real-time requests for information. | 10-29-2015 |
20150310225 | PRIVACY VERIFICATION TOOL - Systems and methods for protecting the privacy of users by controlling access to the users' data. In particular, some embodiments provide for a higher-level declarative language for expressing privacy policies which can be verified using a computer-aided verification tool. The verification tool uses the expressed privacy policies along with language-level assumptions and assertions in the verification process. For example, high-level models of the privacy policies can be reduced to a simpler verification representation (e.g., a Boolean representation) based on a set of assertions. This verification representation can then be submitted to a constraint solver (e.g., Satisfiability Modulo Theories solver) for verification. | 10-29-2015 |
20150317474 | EXCEPTION HANDLING IN A DATA PROCESSING APPARATUS HAVING A SECURE DOMAIN AND A LESS SECURE DOMAIN - Processing circuitry can operate in a secure domain and a less secure domain. In response to an initial exception from background processing performed by the processing circuitry, state saving of data from a first subset of registers is performed by exception control circuitry before triggering an exception handling routine, while the exception handling routine has responsibility for performing state saving of data from a second subset of registers. In response to a first exception causing a transition from the secure domain from a less secure domain, where the background processing was in the less secure domain, the exception control circuitry performs additional state saving of data from the second set of registers before triggering the exception handling routine. In response to a tail-chained exception causing a transition from the secure domain to the less secure domain, the exception handling routine is triggered without performing an additional state saving. | 11-05-2015 |
20150324555 | CONTENT DISCOVERY IN MANAGED WIRELESS DISTRIBUTION NETWORKS - A content store is maintained in a device, the device being one of multiple devices in a managed wireless distribution network that allows portions of protected content to be transferred among the multiple devices via multiple wireless networks hosted by various ones of the multiple devices. The content store is configured to maintain portions of protected content that can be consumed by a user of the device only if the user of the device is licensed to consume the protected content. An indication of portions of protected content stored in the content store is provided to each of a set of the multiple devices or to a network management service. Routes to portions of content in the managed wireless distribution network can be identified by the network management service or the multiple devices. | 11-12-2015 |
20150324594 | CONTENT PROVIDER WITH MULTI-DEVICE SECURE APPLICATION INTEGRATION - Methods and systems for providing access to content are disclosed. The method is performed at least in part at a client computer system having a processor and memory. The method includes detecting, via a supplemental application associated with a host application at the client computer, a user selection of content. The supplemental application is unauthorized to independently access the content. The method further includes accessing the content at a server computer via a communication channel between the host application and the server computer, in response to the user selection detected via the supplemental application. The communication channel is inaccessible to applications executed separately from the host application at the client computer. The method further includes initiating presentation of the content at the client computer. | 11-12-2015 |
20150324597 | A SYSTEM FOR PROTECTION OF EMBEDDED SOFTWARE CODES - A system for securing embedded software codes having an industrial application from unauthorized access and use is disclosed. The system for code security according to the present invention provides protection for embedded software codes implemented in an automated application. According to the disclosed invention, the code is divided into plurality of segments and parts of the algorithm are distributed and executed in multiple environments, thereby preventing hacking of the code. | 11-12-2015 |
20150324600 | MULTI-LEVEL PRIVACY EVALUATION - An multi-level privacy evaluation technology is described for increasing the performance of applications or services that experience high volumes of queries for data with privacy attributes. The multi-level privacy evaluation technology evaluates data using a subset of privacy policy rules and privacy information determined for the data at a backend server and thereby reduces the volume of data that need to be filtered at a frontend server. The multi-level privacy evaluation technology first applies an initial privacy check on a large data set at the backend to authoritatively filter out any data that a viewing user is not permitted to view or access and return as results a smaller data set that the viewing user may be permitted to view or access. A full privacy check is then performed at the frontend on the smaller data set, resulting in reduction in the overall cost of performing privacy checks and reducing latency in displaying data to the viewing user. | 11-12-2015 |
20150326618 | METHOD OF PROVIDING EVIDENCE COLLECTION TOOL, AND APPARATUS AND METHOD FOR COLLECTING DIGITAL EVIDENCE IN DOMAIN SEPARATION-BASED MOBILE DEVICE - A method of providing an evidence collection tool, and an apparatus and method for collecting digital evidence in a domain separation-based mobile device are disclosed. The apparatus includes a target device information collection module, a collection module, a transmission module, and a control module. The target device information collection module collects the system feature information and user identification information of a domain separation-based mobile device. The collection module collects digital evidence using a received evidence collection tool. The control module transfers the user identification information and a previously inputted the investigator authentication key value to a server, transfers the security key from the server to the encryption unit of transmission module, the transmission module encrypts the digital evidence using a received security key and transmits the system feature information to the server, and transfers the evidence collection tool from the server to the collection module. | 11-12-2015 |
20150332041 | RELAY APPARATUS, SYSTEM, RELAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A relay apparatus includes a memory that stores a user management table used to manage user information including state information indicating a state of a right of use of a service for every user; a receiving unit that receives a request to delete the right of use of the user from a client apparatus; a changing unit that changes a value of the state information about the user corresponding to the request in the state information to a value indicating deletion; a transmitting unit that transmits a response to the received request; and a process executing unit that executes a process for deleting data concerning the user the state information about whom has the value indicating the deletion from a storage area of the relay apparatus, in which the data is stored, and a storage area of another relay apparatus, in which the data is stored, at predetermined timing. | 11-19-2015 |
20150332066 | MANAGING PERSONAL PRIVACY SETTINGS - Various systems and methods for managing user information on mobile devices are described herein. A selection of user information is received from a user operating a user device. A privacy setting for the selection of user information is received from the user, the privacy setting to permit or deny access to the user information to a third-party application. The selection of user information and the privacy setting is transmitted from the user device to a receiving device, where the receiving device is configured to enforce the privacy setting for the third-party application executing on the receiving device. | 11-19-2015 |
20150334117 | Content Access Control in Social Network - Disclosed are systems and methods associated with a social network application. A plurality of posts associated with a client system user is displayed. First and second posts in the plurality of posts are respectively associated with first and second recipient groups. While the posts are displayed, a post input area independent of the plurality of posts is also displayed. When the user selects the post input area, it is expanded by displacing the plurality of posts. Concurrently, a content item area is displayed within the expanded post input area. An input, comprising a content item, is received from the user in the content item area. An affordance is presented that enables the user to designate access control information corresponding distribution entities. The content item and the access control information are transmitted to a system whereupon access to the content item is restricted in accordance with the access control information. | 11-19-2015 |
20150339487 | DOCUMENT MANAGING APPARATUS AND DOCUMENT MANAGING METHOD - Provided is a document managing apparatus that can eliminate the complexity of operation related to designation of confidential information, and yet reliably prevents leakage of confidential information. First, a receiving circuit receives target files from a client terminal. Therefore, a file managing circuit manages, of the received target files, a file that is designated as confidential, having been subjected to output restriction, as a confidential designated file. In addition, the file managing circuit manages a file that is not designated as confidential, as a user file. In addition, the file analyzing circuit compares the user file with the confidential designated file. If the content of the user file is similar to the content of the confidential designated file at a rate equal to or higher than a certain value (for example, 80%), the file analyzing circuit applies output restriction to the user file. | 11-26-2015 |
20150341358 | METHOD AND SYSTEM FOR DETERMINING TRUSTED WIRELESS ACCESS POINTS - Disclosed are systems and method for determining trusted wireless access points. An example method includes identifying, by a mobile device, one or more wireless access points are available to connect to a network resource; obtaining a plurality of access point characteristics of the one or more wireless access points; obtaining a plurality of network resource characteristics for connecting to the network resource; comparing the plurality of access point characteristics and the plurality of network resource characteristics; determining based on the comparison at least one trusted wireless access points that is acceptable for establishing a connection to the network resource; and establishing a connection to the network resource via the trusted wireless access point. | 11-26-2015 |
20150341362 | METHOD AND SYSTEM FOR SELECTIVELY PERMITTING NON-SECURE APPLICATION TO COMMUNICATE WITH SECURE APPLICATION - A method and system of selectively permitting a non-secure application to communicate with a secure application are described herein. The method can be practiced in a system that support an environment designed to restrict secure applications from processing requests from non-secure applications. In particular, a request can be received from a non-secure application by a system framework and, through the system framework, it can be determined that a secure application is capable of processing the request. The request can be delegated from the system framework to a secure framework. In addition, through the secure framework, it can be determined whether the non-secure application is an authorized non-secure application. If the non-secure application is an authorized non-secure application, the secure application can be permitted to process the request from the non-secure application. | 11-26-2015 |
20150356323 | APPARATUS, METHODS AND COMPUTER-READABLE STORAGE MEDIA FOR SECURITY PROVISIONING AT A COMMUNICATION DEVICE - Apparatus, methods and computer-readable storage medium are provided for security provisioning at a communication device. In some embodiments, a method can include: executing a high security application on a communication device based, at least, on detecting that high security is enabled for the communication device and detecting execution of a low security application; outputting, via a user interface (UI), information configured to detect an entry to the communication device; detecting an entry at the UI of the communication device; determining whether the entry corresponds to security access information stored in the communication device; and providing access to the communication device based, at least, on determining that the entry corresponds to the security access information. | 12-10-2015 |
20150358357 | PROCESSING DEVICE AND METHOD OF OPERATION THEREOF - A processing device ( | 12-10-2015 |
20150363599 | MECHANISMS FOR CONTROLLING TAG PERSONALIZATION - A tag and a method of writing data to memory of a tag are provided. The tag includes memory that stores data elements as well as an access control list that maps access keys to the data elements. An authentication protocol is employed by the tag to determine whether a data element received from a writing device will be written to the memory. | 12-17-2015 |
20150365416 | ENTERPRISE MOBILITY MANAGEMENT AND VERIFICATION OF A MANAGED APPLICATION BY A CONTENT PROVIDER - A non-SDK based scalable technology for integrating multiple mobile device management (MDM) service providers into a content provider platform (or server) is described herein. More specifically, the technology described herein facilitates enterprise mobility management through verification of a managed application associated with an enterprise via the content provider platform. In some embodiments, the content provider platform comprises a cloud-based collaboration and/or storage environment (“cloud-based platform server”) that prevents an unmanaged application from gaining access to the cloud-based collaboration and/or storage server. | 12-17-2015 |
20150371016 | USER-SPECIFIC VISUALIZATION OF DISPLAY ELEMENTS - A user input is received for accessing a page in an application. Page display element metadata is retrieved that defines how the display elements are related to other objects in the application. It is determined whether the user has license rights and user permissions to access the information represented by the related objects. If not, the display elements are removed, hidden or disabled and a remainder of the page is rendered. | 12-24-2015 |
20150379285 | SECURE ACCESS TO RUNNING CLIENT APPLICATION FEATURES FROM A BROWSER APPLICATION - A secure access is provided to a plurality of software application features associated with a plurality of software applications running on a user's device, wherein the secure access is provided from a web browser application associated with the user's device. This may include providing an open connection between a server and at least one software application within the plurality of software running on the user's device. This may also include sending a message from the web browser application to the server. This may further include detecting the sent message from the web browser application to the server. Additionally, the open connection may be used to send data from the server to the at least one software application. | 12-31-2015 |
20150379287 | CONTAINERIZED APPLICATIONS WITH SECURITY LAYERS - Systems, methods, and software described herein provision secure application containers. In one example, a method of operating a provisioning system to provision secure application containers includes identifying an application to provision. The method further includes, in response to identifying the application, provisioning a secure application container for the application, the secure application container comprising a security layer for the application and the application. | 12-31-2015 |
20150381632 | Information Processing Method And Electronic Apparatus - The present application provides an information processing method and an electronic apparatus that can automatically adjust the electronic apparatus to an information inaccessible state, thus the information security is enhanced. The method includes the steps of when a current state of the electronic apparatus is an information accessible state, obtaining an information of at least one parameter for determining whether it is necessary to adjust the current state from the information accessible state to an information inaccessible state or not; determining whether the at least one parameter meets a first preset condition or not to obtain a first determination result; when the first determination result is YES, adjusting the current state of the electronic apparatus to the information inaccessible state. | 12-31-2015 |
20160004846 | COMMUNICATION APPARATUS, COMMUNICATION METHOD, COMPUTER PROGRAM, AND COMMUNICATION SYSTEM - [Object] To suppress a use exceeding a personal use range when transmitting a content accumulated at home via an external network according to DTCP. | 01-07-2016 |
20160004849 | METHOD AND DEVICE FOR PLAYING CONTENTS - The present invention provides a method for playing contents, which are stored in a storage device connected via at least one interface, the method comprising: detecting a connection of the storage device; transmitting transaction information stored in the detected storage device to a license server, wherein the transaction information includes transaction identification information which identifies a corresponding transaction and a user; receiving, from the license server, license information allowing to play the contents; and playing the contents on the basis of the license information, wherein the license information includes a license file and a license key. | 01-07-2016 |
20160004875 | Data protection method and device - An apparatus and method for encoding and decoding additional information into a digital information in an integral manner. More particularly, the invention relates to a method and device for data protection. | 01-07-2016 |
20160004876 | Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device - A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key. | 01-07-2016 |
20160004881 | Data Processing Apparatus, Data Processing System, and Data Processing Method - A data processing apparatus includes a first communication interface configured to acquire the history data; a memory configured to store the acquired history data; a data processing module configured to generate first data including the first identifier and the time information by using the acquired history data, and store the generated first data into the memory; an ID conversion processing module configured to generate second data by converting the first identifier into a second identifier, which is effective for the first data including the time information indicating a time that falls within a first period, and store the generated second data into the memory; and a maintenance module configured to delete the history data and the first data from the memory. | 01-07-2016 |
20160012213 | METHODS AND SYSTEMS FOR VERIFYING THE SECURITY LEVEL OF WEB CONTENT THAT IS EMBEDDED WITHIN A MOBILE APPLICATION AND THE IDENTITY OF WEB APPLICATION OWNERS FIELD OF THE DISCLOSURE | 01-14-2016 |
20160014160 | COMMUNICATION WITH COMPONENT-BASED PRIVACY | 01-14-2016 |
20160019398 | HOSTING ARCHITECTURE - A service provider can maintain one or more host computing devices that can be accessed as host computing device resources by customers. A hosting platform includes components arranged in a manner to limit modifications to software or firmware on hardware components. In some aspects, the hosting platform may include a master latch that indicates whether the components may be configured, and the master latch may be set once and only reset upon completion of a power cycle. In another aspect, the hosting platform can implement management functions for establishing control plane functions between the host computing device and the service provider that is independent of the customer. Additionally, the management functions can also be utilized to present different hardware or software attributes of the host computing device. | 01-21-2016 |
20160026786 | DEVICE-BASED APPLICATION SECURITY - Disclosed are techniques and apparatuses for implementing device-based application security. These techniques enable a computing device to assign a security level from a hierarchy of security levels to an application. Once the security level is assigned to the application, authentication techniques associated with the security level can be initiated in response to a request to launch the application. When an indication is received that the security level for the application has been satisfied, the application can then be launched, availing a user of the application's full functionality. | 01-28-2016 |
20160026802 | Tailored Protection of Personally Identifiable Information - Methods, systems, and products protect personally identifiable information. Many websites acquire the personally identifiable information without a user's knowledge or permission. Here, though, the user may control what personally identifiable information is shared with any website. | 01-28-2016 |
20160026823 | CONTROLLING MEDIA CONSUMPTION PRIVACY SETTINGS - Embodiments related to controlling media privacy settings are disclosed. One disclosed embodiment provides a media server system including a configured to receive media consumption data for each media content item of a plurality of media content items consumed by a user. Media consumption data for each media content item includes an item-specific privacy status and a media content item identifier. The server is also configured to receive, from one or more of another user and a media content item recommendations program, a request for access to the media consumption data for a media content item, and to provide one or more of the other user and the media content item recommendations program with access to the media consumption data based on the item-specific privacy status of the media consumption data. | 01-28-2016 |
20160034672 | DYNAMIC SELECTION OF AUTHORIZATION PROCESSES - Technology is disclosed herein for licensing applications using a preferred authorization process dynamically identified based on conditions associated with an initiation of an application. Authorization is then attempted using the preferred authorization process. In some examples, the preferred authorization process is selected from at least a keyless authorization process and a key-based authorization process. | 02-04-2016 |
20160034699 | MOBILE DEVICE, INFORMATION MANAGEMENTSYSTEM AND STORAGE MEDIUM - A location information acquisition unit ( | 02-04-2016 |
20160034702 | Apparatus For And Method Of Preventing Unsecured Data Access - Shown and depicted is preventing sensitive information from being exfiltrated from an organization using hypervisors. A Data Loss Prevention system is composed using virtual machines or domains to segment memory between domains which are assumed to be untrusted and domains which are known to be trusted. Sensitive information is cypher text when observed by software in Untrusted Domains, and clear text when observed by software in Trusted Domains. Sensitive information is unencrypted when it is in the address space of a protected process running inside a trusted domain. | 02-04-2016 |
20160034703 | DATA PRIVACY EMPLOYING A K-ANONYMITY MODEL WITH PROBABALISTIC MATCH SELF-SCORING - According to one embodiment of the present invention, a system for protecting data determines a desired duplication rate based on a level of desired anonymity for the data and generates a threshold for data records within the data based on the desired duplication rate. The system produces a data record score for each data record based on comparisons of attributes for that data record, compares the data record scores to the threshold, and controls access to the data records based on the comparison. Embodiments of the present invention further include a method and computer program product for protecting data in substantially the same manners described above. | 02-04-2016 |
20160042158 | SYSTEMS AND METHODS FOR PROVIDING MEDIA CONTENT - The present disclosure provides for systems and methods for delivering and unlocking restricted media content on physical media. The disclosed methods and systems provide restricted media assets on a physical media. The restricted media assets may be ad-sponsored media content. Restrictions on the restricted media assets may be removed by providing an unlock code, either on an online or offline media player. In the ad-sponsored media context, an unlocked version might comprise an ad-free version. | 02-11-2016 |
20160044039 | PRIVACY-AWARE PERSONAL DATA STORE - A capability for privacy-aware personal data storage is presented. The capability for privacy-aware personal data storage enables secure storage of data within a personal data store. The data stored in the personal data store may be data produced by a set of connected end devices associated with an entity for which the personal data store stores data of the set of connected end devices. The capability for privacy-aware personal data storage may support visualization of and control over privacy level for data of a connected end device(s) that is stored in the personal data store. The visualization of and control over data stored in the personal data store may be supported by a privacy meter, which may be an object or device that may be integrated with or independent of the connected end device(s) for which the visualization of and control over data stored in the personal data store is supported. | 02-11-2016 |
20160048695 | METHOD OF PREVENTING ACCESS TO SENSITIVE DATA OF A COMPUTING DEVICE - A technique is provided for controlling access by an application to data or a service supported by a computing system, a computer program product and an access control unit. The technique includes identifying a request from an application for access to data or a service supported by the system, determining whether access has been restricted to the data or service, and, if so, indicating to the application that the request for access has been granted by the system and emulating the data or service when the data or service is accessed by the application. | 02-18-2016 |
20160055340 | LOCATION BASED DISK DRIVE ACCESS - Methods, apparatuses, systems, and devices are described for providing data security. In one method, data security is provided for a computing device having a data storage drive. A predetermined geographical area within which access to the data storage drive of the computing device is permitted may be identified. A geographical location of the computing device also may be identified. When the identified geographical location of the computing device is outside of the identified geographical area, access to at least a portion of the data storage drive may be denied. When the identified geographical location of the computing device is within the identified geographical area, access to the portion (or all) of the data storage drive may be allowed. | 02-25-2016 |
20160057498 | CORPORATE AND ENTERTAINMENT MANAGEMENT INTERACTIVE SYSTEM USING A COMPUTER NETWORK - A system, method, and apparatus is provided for computerized management of a method of corporate, business or sports management by a remote party comprising relating a current database of an entity. For instance, in sports management substantially real time management is possible. Data of a player together with a historical database related to that player and decisions can be transmitted. This is communicated between a central database processing resource and at least one remote party. A remote party is permitted to access the database and access designated data from the database, and input and output data. Voting and other management of the player, team, or business is possible in substantially real time or near real time by the remote party. A remote user can vote on financial compensation for a player, a coach or a team and/or for a bonus for a player, team or game. Similarly hiring and firing decisions can be made. Shareholders, fans or customers of an entertainment business such as sports can be more interactively involved in all aspects of management and ownership duties and thus be more thoroughly entertained. | 02-25-2016 |
20160063237 | SECURE PERSONAL STORAGE DEVICE - A storage device includes a memory and two physical interfaces. The first physical interface is configured to provide read-only memory access to a connected device. The second physical interface is configured to provide read/write memory access to a connected device. | 03-03-2016 |
20160063281 | SYSTEM AND METHOD FOR IMPROVED SECURITY FOR A PROCESSOR IN A PORTABLE COMPUTING DEVICE (PCD) - Systems and methods for improved security for a core in a portable computing device (PCD), such as a core operating a high level operating system (HLOS) are presented. In operation, a monitor module on the SoC is initialized. The monitor module sends a request to the core of the SoC and the monitor module receives a response from the core. A timer in communication with the monitor module is checked. The timer is reset or disabled by the monitor module if the response from the core is received at the monitor module before the expiration of the timer. Otherwise, the monitor module applies at least one security measure to the core as a result of the timer expiring. | 03-03-2016 |
20160063283 | ELECTRONIC DEVICE AND METHOD FOR UNLOCKING THE ELECTRONIC DEVICE - In a method for unlocking an electronic device with a touch screen and a distance sensor, a triggering signal to unlock the electronic device is received. Objects within a predetermined distance of the distance sensor is determined. The touch screen is activated to display an unlocking area if no object is detected within the predetermined distance of the distance sensor. Touch signals are received from the unlocking area to determine whether an unlocking operation is performed. A time duration that the touch screen has been activated is calculated to determine whether the unlocking operation is performed within a preset time period from activation of the touch screen. The electronic device is unlocked if the unlocking operation is performed within a preset time period from activation of the touch screen, and a predetermined application is executed when the electronic device is unlocked. | 03-03-2016 |
20160063575 | CONTENT ACQUISITION AND CONVERSION SYSTEM - The technologies presented herein relate to a centralized system for generating media content in response to a job request, particularly for transmission over radio waves. A plurality of individuals can subscribe to the centralized system to review the job request, and based thereon, can provide one or more submissions for potential incorporation into media desired by the job requester. The job requester can review the one or more submissions received from the individuals, and can select the submission(s) meeting their needs. The centralized system can be operated by a radio station, while the individuals subscribe to the centralized server as freelancers, and accordingly, an individual only gets paid if their submission is selected for use by the job requester. The individuals can contribute to various portions of the media content; for example, the individuals can have skillsets which include for example, writing, musical, voice, and production. | 03-03-2016 |
20160065577 | SYSTEMS AND METHODS FOR PROVIDING DYNAMICALLY SELECTED MEDIA CONTENT ITEMS - Systems, methods, and non-transitory computer-readable media can identify a set of media content items associated with a first user of a social networking system. It can be determined that a second user of the social networking system is attempting to access at least a portion of the set of media content items associated with the first user. A first subset of media content items can be dynamically selected out of the set of media content items. In some cases, each media content item in the first subset can satisfy specified selection criteria. The second user can be provided with access to a representation of the first subset of media content items. In some instances, the representation of the first subset can be provided in a media access interface associated with the first user. | 03-03-2016 |
20160070918 | OBFUSCATING ACCESS TO A DATA STORE BY A SOFTWARE APPLICATION - There is described a method of obfuscating access to a data store by a software application. The method comprises accessing the data store using access operations. The access operations comprise real access operations and dummy access operations. Each real access operation is operable to access the data store as part of the execution of the software application. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above method. There is also described a computer readable medium storing the above computer program. There is also described a system configured to carry out the above method. | 03-10-2016 |
20160070927 | DISTRIBUTED TOKENIZATION USING SEVERAL SUBSTITUTION STEPS - A method for distributed tokenization of sensitive strings of characters, such as social security numbers, credit card numbers and the like, in a local server is disclosed. The method comprises the steps of receiving from a central server at least one, and preferably at least two, static token lookup tables, and receiving a sensitive string of characters. In a first tokenization step, a first substring of characters is substituted with a corresponding first token from the token lookup table(s) to form a first tokenized string of characters, wherein the first substring of characters is a substring of the sensitive string of characters. Thereafter, in a second step of tokenization, a second substring of characters is substituted with a corresponding second token from the token lookup table(s) to form a second tokenized string of characters, wherein the second substring of characters is a substring of the first tokenized string of characters. Optionally, one or more additional tokenization steps is/are used. | 03-10-2016 |
20160072818 | Using a URI Whitelist - A method and/or system for using a URI whitelist may include receiving a request to approve an application for release in an application store. The request may comprise application data. The application data may comprise a resource manifest and/or a Uniform Resource Identifier (URI) whitelist. The resource manifest may comprise, for example, one or more resource items. The URI whitelist may comprise, for example, one or more URI items. The request may be analyzed based on application data. A determination may be made whether the applications may be released in the application store based on the analyzing of the applications data. A request to access a particular URI may be received. A determination of whether to grant the request may be based on a resource manifest and/or a URI whitelist associated with the application. | 03-10-2016 |
20160078243 | SECURED FILE SYSTEM MANAGEMENT - Systems and methods for establishing a secure file system are disclosed, in which system endpoints such as files and directories in a file system are protected using a security appliance. The security appliance protects each endpoint in the file system from unauthorized access by making those endpoints invisible to unauthorized users. The security appliance organizes users and endpoints into various communities of interest (COI). A user COI groups users such that all users associated with that particular COI have authorization to view the same one or more endpoints located in file storage. | 03-17-2016 |
20160085975 | Constrained Information Transfer - A secure processing facility has a plurality of workstations, with associated computers to provide data to, and/or receive data from, the workstations. The computers are provided with a visual display unit, and display machine-readable data codes on the display. The computers are provided with a scanner to read the machine-readable data codes on the display of another of the computers. The computers have no other connection to receive or transmit machine readable data. A method of operating the facility includes processing a workpiece at a first workstation. A display of the computer of the first workstation displays a data code containing data related to the processing of the workpiece. The scanner of the computer associated with a second workstation scans the data code. The workpiece is transferred from the first workstation to the second workstation. The workpiece is processed at the second workstation. | 03-24-2016 |
20160085991 | Persona-Notitia Intellection Codifier - A persona-notitia intellection codifier (P-NIC) server intelligently codifies and disburses personal user information from a user device (smartphone, laptop, etc.) to a multiplicity of designee devices. Masking Persona-Notitia Intellection Codes (a.k.a. PICs) are created that each stipulate control(s) and parametric limitation(s) for the associated one of a variety of personal user information. The Persona-Notitia Intellection Codifier (P-NIC) server rapidly produces a mask comprising a multiple bit “key” value (i.e., a persona-notitia intellection code (PIC)) that is uniquely distinguishable from every other PIC that's ever been generated for a given user. The value of the PIC is typically many bytes in length, and associates attributes to a unique key value that describes a desired subset of all the user's available personal user information to be unlocked by the key value (i.e., by the PIC). | 03-24-2016 |
20160085992 | SECURE APPLICATION DEBUGGING - A method, system, and/or computer program product enables secure debugging of a software application. A first computer receives a secure software application from a second computer. Access to data used by the secure software application is protected by a security object, which allows a processor to access the data used by the secure software application without permitting data to exit unprotected from the processor. The first computer receives from the second computer an encrypted secure sidecar debugging application that is designed to debug the secure software application. In response to detecting an error in execution of the secure software application within the first computer, the first computer transmits the secure software application and the secure sidecar debugging application to the second computer, such that the second computer is enabled to decrypt the secure sidecar debugging application and to debug the secure software application. | 03-24-2016 |
20160092666 | ANTI-PASSBACK ALGORITHM FOR READING A PUBLIC OR SECURE OBJECT - An anti-passback algorithm for an access control system is described. The anti-passback algorithm prevents the use of valid credentials to gain access to an access-controlled area by more than one person within a given period of time. The algorithm is capable of distinguishing between credentials intentionally presented to the access control system and credentials that are unintentionally read by the access control system. Certain variables may be set by the access control system manufacturer or a trusted individual to adapt the algorithm for applications. | 03-31-2016 |
20160092690 | SECURE COPY AND PASTE OF MOBILE APP DATA - Secure transfer of mobile application content is disclosed. A state-related event associated with a managed application in a managed set of applications may be detected. It may be determined that content from the managed application is stored at a public storage location on a mobile device. At least a portion of the content may be transferred to a secure storage location accessible to the managed set. | 03-31-2016 |
20160098573 | Securing a Distributed File System - System and methods for a secured distributed file system (DFS) achieved by providing access control to the data stored in the DFS based on mapping of access privileges from a data warehouse to the DFS. A preferred embodiment of the invention uses a Hive data warehouse in concert with a Hadoop Distributed File System (HDFS). The invention provides an enhanced access control framework in HDFS. Since direct data access requests to files in HDFS corresponding to Hive tables, objects or other constructs can be unrestricted, present invention overcomes this problem by mapping the access privileges on Hive tables, objects and other constructs as defined in Hive metastore to file permissions on the corresponding files in HDFS. It then uses this mapping to provide access control for file(s) stored in HDFS. | 04-07-2016 |
20160098579 | SYSTEMS AND METHODS FOR UNLOCKING A WEARABLE DEVICE - Systems and methods allow a user to interact with an augmented reality device. In one implementation, a lockable, wearable device is provided. The wearable device comprises a display; at least one sensor configured to provide an output indicative of a viewing direction of a user; and at least one processing device. The at least one processing device is configured to track a pattern of the viewing direction of the user; and unlock the lockable, wearable device to provide the user with access to information on the display of the device when the tracked pattern of movement matches a predetermined pattern of movement. | 04-07-2016 |
20160103983 | CAPTCHA CHALLENGE INCORPORATING OBFUSCATED CHARACTERS - A method for determining if a user of a computer system is a human. A processor receives an indication that a computer security program is needed and acquires at least one image depicting a first string of characters including at least a first and second set of one or more characters. A processor assigns a substitute character to be used as input for each of the second set of one or more characters. A processor presents the at least one image and an indication of the substitute character and when to use the substitute character to the user. A processor receives a second string of characters from the user. A processor determines whether the second string of characters substantially matches the first string of characters based on the substitute character assigned to each of the second set of one or more characters and determines whether the user is a human. | 04-14-2016 |
20160104012 | Location Sensitive Solid State Drive - A data storage system including a SSD includes a capability to detect whether its location is acceptable for function, and a capability to self-disable in the event the location of the device is unacceptable, or to self-enable only while the location of the device is acceptable. | 04-14-2016 |
20160105448 | Method, Apparatus, and Computer Program Product for Privacy Management - An apparatus for privacy management may include a processor. The processor may be configured to access one or more privacy options. In this regard, each privacy option may be configured to provide members of one or more groups access to content. The processor may also be configured to provide for selection of a privacy option in association with the content. Associated methods and computer program products may also be provided. | 04-14-2016 |
20160110554 | TECHNOLOGIES FOR SECURE INPUT AND DISPLAY OF VIRTUAL TOUCH USER INTERFACES - Technologies for secure input and display of a virtual touch user interface include a computing device having a security monitor that may protect memory regions from being accessed by untrusted code. The security monitor may use hardware virtualization features such as extended page tables or directed I/O to protect the memory regions. A protected touch filter driver intercepts requests for touch input and allocates a transfer buffer. The transfer buffer is protected by the security monitor. A touch screen controller may write touch input data into the protected transfer buffer. The touch input data may be shared by the touch filter driver with authorized applications through a protected communication channel. A graphical virtual user interface may be generated by trusted code and rendered into a hardware overlay surface. The user interface may include a virtual keyboard. The security monitor may protect the overlay surface. Other embodiments are described and claimed. | 04-21-2016 |
20160110559 | IDENTIFYING AND BLOCKING PROHIBITED CONTENT ITEMS IN A CONTENT MANAGEMENT SYSTEM - To identify whether a content item is prohibited, a content management system can generate a content item fingerprint for the content item and then compare the generated content item fingerprint to a blacklist of content item fingerprints for prohibited content items. If the generated content item fingerprint matches any of the content item fingerprints included in the blacklist, the content management system can determine that the content item is prohibited. The content management system can deny requests to share prohibited content items and/or requests to assign prohibited content items to a user account on the content management system. The content management system can generate the content item fingerprint using the content item as input in a fingerprinting algorithm that was used to generate the content item fingerprints on the blacklist. | 04-21-2016 |
20160112385 | LOCATION-SPECIFIC OR RANGE-BASED LICENSING SYSTEM - A system and method are provided for providing content to a user terminal based on the location of the user terminal within a specific range. If the user is proximate the boundary of the range, the user is prompted to make a decision concerning purchase or authorized use of the content. User options can be, before leaving the range, to purchase the content, to end the current session or leave the range with less than full functionality of the content, and to return to operating the user terminal within the range. | 04-21-2016 |
20160112425 | SYSTEMS AND METHODS FOR PROVIDING DYNAMICALLY SELECTED MEDIA CONTENT ITEMS - Systems, methods, and non-transitory computer-readable media can identify a set of media content items associated with a first user of a social networking system. It can be determined that a second user of the social networking system is attempting to access at least a portion of the set of media content items associated with the first user. A first subset of media content items can be dynamically selected out of the set of media content items. In some cases, each media content item in the first subset can satisfy specified selection criteria. The second user can be provided with access to a representation of the first subset of media content items. In some instances, the representation of the first subset can be provided in a media access interface associated with the first user. | 04-21-2016 |
20160117266 | SELECTIVE MANAGEMENT OF SECURITY DATA - Security techniques may be selectively performed on data based on a classification of the data. One example technique includes receiving a memory access command specifying a target data block on a storage medium storing both security data and non-security data. The technique further includes determining whether data affected by the access command is security data. Response to such determination, one of multiple data management schemes is selected to implement the memory access command, where each of the data management schemes is adapted to implement the memory access command via a different series of processing operations to provide a different level of security protection for data affected by the memory access command. | 04-28-2016 |
20160117513 | APPLICATION EXECUTING METHOD AND DEVICE, AND RECORDING MEDIUM THEREOF - A system and method for setting windows to either a traceable mode or a non-traceable mode, and selectively executing an application in a window to restrict data storage related to the application execution is provided. The method includes selecting at least one window displayed by a device based on a user input sensed by the device, setting the selected window to a non-traceable mode, executing an application in the window and restricting storage of data generated according to the execution of the application in the window set to the non-traceable mode. | 04-28-2016 |
20160117517 | PROVIDING POLICY TIPS FOR DATA LOSS PREVENTION IN COLLABORATIVE ENVIRONMENTS - A policy tip or end user notification is provided for data loss prevention in collaborative environments. A document interactivity application detects an action or trigger by an end user that affects a document. The document is processed, through a classification engine and a unified policy engine, with policies based on the action to detect a matched policy. A policy tip associated with the matched policy is identified and displayed on the display device in association with the document. | 04-28-2016 |
20160117524 | ENHANCED VIEW COMPLIANCE TOOL - An apparatus comprises a network interface and a processor communicatively coupled to the network interface. The network interface communicates with a database comprising a plurality of columns and a plurality of views. Each view is associated with at least one column of the plurality of columns. The processor receives a request to determine one or more noncompliant views of the database. For each view and each column associated with the view, the processor determines whether the column is associated with a privacy indicator that indicates that the column should be masked and whether the view masks the column. The processor then determines that the view is noncompliant if the view does not mask at least one column that should be masked, and generates a report that indicates whether each view of the database is noncompliant. The network interface communicates the report. | 04-28-2016 |
20160132687 | SECURING DATA ON A COMPUTING SYSTEM - The present subject matter relates to securing data on a computing system. In an example, a request to execute an application instance of the application is received. After receiving the request a role to be associated with the application instance may be identified based on one of user inputs, an object-role mapping, and a set of rules. Further, the application is executable in a plurality of application instances and the role of the application instance is indicative of a nature of activity to be performed in the application instance. The identified role is then associated with the application instance. Based on the role, data pertaining to the application instance may be stored in a memory location allocated to the role of the application instance. Further, each role has a dedicated memory location. | 05-12-2016 |
20160142420 | METHOD AND SYSTEM FOR DYNAMICALLY CONTROLLING A REMOTE TERMINAL BASED ON RUNTIME AUTHORIZATION AND RULES - A content validation server is provided. The server can include at least one processor and a memory operatively coupled to the processor, the memory storing program instructions that when executed by the processor, causes the processor to perform a number of processes. These processes can include receiving a uniform resource locator from a client device and generating a recommendation for the uniform resource locator. In addition, the processes can include providing the recommendation to an administrator device and receiving a response from the administrator device based on the recommendation. The processes can also include allowing or denying access to the uniform resource locator for the client device based on the response. | 05-19-2016 |
20160148017 | TRANSMITTING MEDICAL DATA RECORDS - The present embodiments relate to a method for transmitting medical data records. The method includes receiving a patient data record from an internal data storage unit, selecting an anonymization setting from a set of predetermined anonymization settings, generating an anonymized patient data record on the basis of the selected anonymization setting or rule, and transmitting the anonymized patient data record to an external data storage unit. | 05-26-2016 |
20160156632 | SYSTEM ON CHIP AND METHOD THEREFOR | 06-02-2016 |
20160162681 | COMMUNICATION DEVICE AND QUICK SELECTION METHOD - A quick selection method executable on a touch screen communication device for quickly initiating communication includes designating a predetermined quick selection action and a quick selection region of the touch screen, choose one or more quick contacts from a list of previously entered contacts to initiate quick communication with, and performing the predetermined quick selection action on the predetermined quick selection region of the touch screen. | 06-09-2016 |
20160171242 | SYSTEM, METHOD, AND COMPUER PROGRAM PRODUCT FOR PREVENTING IMAGE-RELATED DATA LOSS | 06-16-2016 |
20160171243 | HISTORY INFORMATION ANONYMIZATION METHOD AND HISTORY INFORMATION ANONYMIZATION DEVICE FOR ANONYMIZING HISTORY INFORMATION | 06-16-2016 |
20160180073 | CAPTCHA PROCESSING METHOD AND DEVICE, TERMINAL AND SERVER | 06-23-2016 |
20160180100 | SYSTEM AND METHOD FOR SECURELY CONNECTING NETWORK DEVICES USING OPTICAL LABELS | 06-23-2016 |
20160180103 | SYSTEM, METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR ACTIVATING A SOFTWARE FUNCTIONALITY ON AN APPLIANCE | 06-23-2016 |
20160180106 | Method for Improving Mean Time to Data Loss (MTDL) in a Fixed Content Distributed Data Storage | 06-23-2016 |
20160182536 | ADAPTING USER TERMINAL APPLICATION OPERATION RESPONSIVE TO MEASURED USER BEHAVIOR | 06-23-2016 |
20160182643 | ENHANCED PRIVACY AND AGENT CONTROL IN A CO-BROWSING SESSION | 06-23-2016 |
20160188904 | METHOD AND SYSTEM OF PRIVACY PROTECTION IN ANTAGONISTIC SOCIAL MILIEU/DARK PRIVACY SPOTS - An efficient and robust system | 06-30-2016 |
20160196441 | PHOTOGRAPHIC COPY PREVENTION OF A SCREEN IMAGE | 07-07-2016 |
20160197931 | Using a File Whitelist | 07-07-2016 |
20160197935 | SYSTEM FOR AUTHORIZING ELECTRONIC COMMUNICATION OF CONFIDENTIAL OR PROPRIETARY DATA TO EXTERNAL ENTITIES | 07-07-2016 |
20160255084 | GENERATION OF A VISUALLY OBFUSCATED REPRESENTATION OF AN ALPHANUMERIC MESSAGE THAT INDICATES AVAILABILITY OF A PROPOSED IDENTIFIER | 09-01-2016 |
20160379003 | PROTECTION OF SENSITIVE DATA - Particular embodiments described herein provide for an electronic device that can be configured to monitor access to data in a secured area of memory at a hypervisor level, receive a request from a process to the data in the secured area, and deny the request if the process is not a trusted process. In an example, the electronic device is a point of sale device. | 12-29-2016 |
20180025179 | METHOD/SYSTEM FOR THE ONLINE IDENTIFICATION AND BLOCKING OF PRIVACY VULNERABILITIES IN DATA STREAMS | 01-25-2018 |
20180026807 | SYSTEMS AND METHODS FOR DETECTING AND INTERFERING WITH COMPROMISED DEVICES AND UNAUTHORIZED DEVICE RELOCATION IN A COMMUNICATION NETWORK | 01-25-2018 |
20190147145 | SOFTWARE LICENSE MANAGEMENT SYSTEM AND MANAGEMENT METHOD | 05-16-2019 |
20190147179 | METHOD FOR PREVENTING IMPERMISSIBLE ACCESS TO SOFTWARE APPLICATIONS IN FIELD DEVICES | 05-16-2019 |
20220138335 | ADMITTANCE MECHANISM - One embodiment is a first computing system configured to control a second computing system, a software module configured to attempt to interact with the second computing system once the second computing system is brought to a first state by the first computing system, and an admittance mechanism configured to determine if the interaction is allowed to occur. | 05-05-2022 |