Entries |
Document | Title | Date |
20080209578 | Protecting system management mode (SMM) spaces against cache attacks - A computing system may comprise a processor and a memory controller hub coupled by an external bus such as the front side bus. The processor may also comprise a cache. The processor may operate in SMM and the memory coupled to the memory controller hub may comprise SMM spaces such as compatible, HSEG, and TSEG areas. A software-based attack may write malicious instructions into the cache at an address corresponding to the SMM spaces. The illegal processor memory accesses that occur entirely inside the processor caches due to the cache attack may be forced to occur on the external bus. The memory controller hub may be capable of handling the memory accesses occurring on the external bus thus, protecting the SMM spaces against cache attack. | 08-28-2008 |
20080235812 | Method for Licensing and/or Authorizing Access to Software Modules in a Switching Device - The invention relates to a switching device for which a license database is used in which the software modules and respective license information associated therewith are stored, and wherein a configuration of at least one of these software modules triggers an interaction between the license database and a computer-readable data carrier, thereby generating hardware characteristic information. Said hardware characteristic information and the license information of the at least one software module are transmitted by the switchboard computer via a communication link to a license manager. Said license manager generates a license confirmation information and retransmits the same to the switchboard computer. The license confirmation information in the switchboard computer decides on the authorization of the at least one software module. | 09-25-2008 |
20080263678 | Path Protection - A software configuration management system receives a request to prevent code change to code within a filesystem path. The system also receives parameters for a trigger-based rule to protect code within the filesystem path against changes. Metadata for the trigger-based rule is extracted and dumped into a file. The file is replicated to a server. When the server receives a submission to change code within the filesystem path, the server compares the submission against the metadata in the replicated file. The submission is denied based at least in part on the trigger-based rule with which the metadata in the replicated file is associated. | 10-23-2008 |
20080263679 | STORING INFORMATION IN CLOSED COMPUTING DEVICES - Mechanisms for securely storing unsigned information in closed computing devices are disclosed. Unsigned media entities, such as independently developed games, can be stored in a closed computing device, such as a gaming console. The storing of media entities can include preventing any content, whether residing on the closed console or remotely, from accessing the unsigned media entities. In this aspect, unsigned media entities can be isolated from such content on a per unsigned media entity basis (the media entity being the unit of isolation). Moreover, the media entities can be stored in directory structures that logically isolate the unsigned media entities from any other content. The closed computing device can also use a directory structure to guarantee that a specified signed loader can load unsigned media entities. Once stored, the media entities can also be secured from tampering by using a unique hardware key associated with the closed computing device. | 10-23-2008 |
20080263680 | Portable Electronic Entity Capable of Receiving Broadcast Multimedia Data Flow - A portable electronic entity includes a communication interface ( | 10-23-2008 |
20080271163 | ACTIVE VERIFICATION OF BOOT FIRMWARE - Techniques are described for generating and actively verifying a boot code associated with a peripheral device of a computer system to prevent potential security threats the boot code may introduce into the computer system. The techniques for generating boot code entail generating the boot code from a high-level programming language using a verification application program interface (API). The API aids in generating a certificate, which is associated with the boot code in that the certificate describes operation of the boot code. After generating the boot code and associated certificate, the two are loaded onto a memory module of the peripheral device. Once the peripheral device is connected to the computer system, the computer system may retrieve the boot code and certificate. The computer system utilizes techniques to actively verify the boot code by performing a security check on the boot code in accordance with the associated certificate. Finally, the computer system executes the boot code based on a result of the security check. | 10-30-2008 |
20080271164 | METHOD AND SYSTEM FOR ALLOWING NO CODE DOWNLOAD IN A CODE DOWNLOAD SCHEME - Aspects of a method and system for allowing no code download in a code download scheme are provided. A system-on-a-chip (SoC) may comprise a security processor, a ROM, and a one-time-programmable (OTP) memory. The security processor may enable fetching code from a restricted function portion of the ROM. The restricted functions may comprise code for booting up the SoC and code that prevents enabling security algorithms within the SoC. The security processor may then enable booting up of at least a portion of the SoC based on the fetched code. The remaining portion of the ROM may comprise code for downloading security code from an external memory, such as a FLASH memory, to an internal memory, such as a RAM, to boot up the SoC. Access to the restricted function portion or the remaining portion of the ROM is based on at least one bit from the OTP memory. | 10-30-2008 |
20080271165 | PARAMETER-BASED INTERPRETATION OF DRM LICENSE POLICY - To enforce content access restrictions, a license associated with protected content is generated. This license may have at least one evolving parameter. That is, the parameter value may change; e.g., depending upon content access, copying, etc. For example, each successive generation of a license may have an incremented value in an evolving “generation” parameter. The license may also have evolving rules that describe different content access rules for different values in the evolving parameter | 10-30-2008 |
20080282360 | ACTIVATION CODE SYSTEM AND METHOD FOR PREVENTING SOFTWARE PIRACY - A system and method for preventing piracy of a given software application limits the number of times that such software application is activated. A given software application must be activated in order to become fully functional. The user must provide a unique software identification code, relating to the specific software which the user is attempting to activate, to a remote provider. The remote provider determines the number of times that such specific software has already been activated, and provides an activation code to the user unless the number of activations exceeds a predetermined threshold. Once activated, the software becomes fully operational, and the user is allowed complete access to its functions. | 11-13-2008 |
20080307533 | Content Distribution System, Distribution Server, Receiving Terminal, and Computer Readable Medium - A system and method for distributing content data and license information. A distribution server includes a transmitting section for transmitting the content data and the license information, including information regarding a time limit that indicates a period for reproducing the content data, to the one or more receiving terminals. The distribution server also includes a request receiving section for receiving, from the one or more receiving terminals, a request for the content data and a request for the license information a second time without the content data, wherein the request for the license information a second time is transmitted in response to a notice indicating the status of the license information. | 12-11-2008 |
20090013413 | Systems and methods for providing privacy settings for applications associated with a user profile - Systems and methods for providing privacy settings for applications associated with a user profile are provided. Exemplary methods include receiving a request from a member of a web-based social network to install an application in association with a member profile, installing the requested application, providing privacy settings selections to control access to data associated with the installed application, receiving a privacy settings selection from the member, and displaying data associated with the application based on the privacy settings selection. | 01-08-2009 |
20090025092 | SECURE ONLINE DATA STORAGE AND RETRIEVAL SYSTEM AND METHOD - In a preferred embodiment, a secure online data storage and retrieval system and method is provided. This may include a secure database capable of storing personal data provided by users, and a website in communication with the database which may be accessible to users who enter personal information. The website can securely receive and securely transfer user personal data to or from one or more third parties, such as private and/or state and/or federal governmental entities, upon a user's request. An API source code interface or other secure method of transmission may be used for this purpose. Portions of the personal data may be authenticated by one or more third parties prior to storage in the database. In this manner, users may be permitted to quickly obtain authenticated copies of various documents or send such copies to desired recipients. This can be especially advantageous should such documents (e.g., birth certificates, passports, etc.) be lost, stolen or destroyed. | 01-22-2009 |
20090031430 | SOFTWARE ACTIVATION CONTROL METHOD - A software application installation method installs a software application on a device such that the installed application can only be activated on said device. Thereto, an authorization application is installed as well on the device. During installation, the authorization application generates a software release code that is stored in a first and a second memory location, of which at least one is a memory location not accessible to a user. When the software application is later activated on the device, the authorization application compares the software release codes stored in said two memory locations. The application is only started if the software release codes correspond. Further, an authorization verification method is disclosed. A second party may verify the legitimacy of the installed application by storing device specific identification data and application specific installation data when a first connection is established and later comparing said data if a second or further connection is established. | 01-29-2009 |
20090031431 | DYNAMIC MEDIA ZONES SYSTEMS AND METHODS - Systems and methods are described for applying digital rights management techniques to manage zones in electronic content. In one embodiment, zones are defined in a piece of electronic content, and a license is associated with the electronic content that indicates how the zones are to be accessed or otherwise used. A digital rights management engine governs access to or other use of the zoned content in accordance with the license. | 01-29-2009 |
20090044284 | System and Method of Generating and Providing a Set of Randomly Selected Substitute Characters in Place of a User Entered Key Phrase - Systems and methods of generating and providing a set of randomly selected substitute characters in place of a user entered key phrase are described here. One embodiment includes receiving a key phrase input by a user to gain access to secured data, and, in response to receiving the user entered key phrase, randomly selecting a set of substitute characters and providing the set of substitute characters in place of the key phrase entered by the user. In one embodiment, the randomly selecting comprises using a random number generator to select from a substitute character from a pre-generated set of substitute characters for each character, number, or text of the user entered key phrase. In one embodiment, the providing the set of substitute characters further comprises providing the randomly selected set of substitute characters in a display buffer as the user entered key phrase. | 02-12-2009 |
20090055938 | SYSTEM, METHOD AND MACHINE-READABLE MEDIUM FOR PERIODIC SOFTWARE LICENSING - A system and method for periodically licensing a software having a server configured to receive a first request code for a term extension of a software license, the request code being initiated by a user of an application unit, the term extension allows the software to operate within a predetermined period of time, provide adverting information to the application unit, and provide the term extension for the software license. | 02-26-2009 |
20090077673 | COPYRIGHT DETECTION AND PROTECTION SYSTEM AND METHOD - A method and system for a website to detect unauthorized transmission of digital works. In one embodiment, the method includes obtaining data pertaining to content transmitted during a data transmission transaction, sending the data pertaining to the transmitted content to a copyright detection system, and receiving, from the copyright detection system, information indicating that at least a portion of the transmitted content corresponds to at least a portion of one of multiple registered works. The information also specifies one or more business rules associated with this registered work. The method further includes performing one or more actions with respect to the transmitted content, where the actions are defined by the business rules associated with the above registered work. | 03-19-2009 |
20090100531 | Latches-Links as Virtual Attachments in Documents - A system and method are disclosed for managing target documents referred to by referring documents. A user sends a delete request for a referring document from a user client computer to a master server computer. Next, the master server computer accesses and deletes the referring document, updates a counter for a target document hypertext linked to the referring document, and updates a database, which contained the deleted referring document. The master server computer then determines whether the count for the counter of the target document equals zero. If the counter for the referring document is not equal to zero, the master server computer sends a message to the user indicating that the referring document has been deleted and sends a message to the user asking whether the user wants to delete another referring document. If the user wants to delete another referring document the process goes back to the initial process step, and the user sends another delete request for a referring document. However, if the counter for the referring document equals zero, the master server computer sends a message to the user indicating that the referring document has been deleted and then sends a message to an author of the target document (author client) asking whether the author client wants to delete the target document. Automatic deletion of target documents is also disclosed. Further disclosed are systems and methods for viewing, creating, and providing security for target documents referred to in referring documents. | 04-16-2009 |
20090106850 | CONDITIONAL ACCESS TO DIGITAL RIGHTS MANAGEMENT CONVERSION - The present invention provides for an interface between two seemingly incompatible and different content protection systems. Accordingly, protected content may be transferred between the respective security kernels of a conditional access (CA) and digital rights management (DRM) systems, while maintaining security of the content and any associated protection information. The transfer and consumption of protected content and the associated content protection information may be achieved by temporarily or permanently binding the respective security kernels of the CA and DRM systems, transcribing content protection information, and potentially transcribing the content. | 04-23-2009 |
20090126028 | Securing electronic control unit code - Methods and systems are provided for securing electronic control unit code. In one implementation, a method is provided. According to the method, an order for the program code may be transmitted to a developer. The order may include specifications and an authentication key. The method may further include receiving the program code and the authentication certification from the developer and verifying the authentication certificate to determine whether the developer was an authorized source of the program code. The method may generate metadata identifying the authorized source of the program code and embed the metadata in the program code. | 05-14-2009 |
20090133132 | Secure Authoring and Execution of User-Entered Database Programming - A secure framework for authoring and execution of user-entered database scripts, rules, procedures and other forms of programming is provided. A performance management application is used as an interface between a client data modeling, manipulation or analysis application and one or more data sources or analysis services to prevent malicious or inadvertent implementation of harmful, damaging and/or unauthorized new or modified scripts, rules, procedures or other forms of programming to one or more data sources or data analysis/manipulation services that may be used for retrieving, storing, modifying or using data contained in or affected by the one or more data sources or data analysis/manipulation services. | 05-21-2009 |
20090144836 | DECODING/DECRYPTING BASED ON SECURITY SCORE - A security system provides a security score ( | 06-04-2009 |
20090144837 | SYSTEMS AND METHODS FOR SOFTWARE APPLICATION CERTIFICATION SERVICE - An embodiment relates to a method of providing certification. The method includes providing for a software application and applying a set of certification metatags to the software application. The set of certification metatags configured to provide at least one parameter to become certified with the software application. The method also includes querying the set of certification metatags by a second application to determine whether the second application can be certified with the software application. | 06-04-2009 |
20090151007 | DIGITAL RIGHTS MANAGEMENT FOR RETRIEVING MEDICAL DATA FROM A SERVER - The invention relates to a method of and system for retrieving medical data from a server, the method comprising: requesting the medical data from the server by an uncertified client; installing a certified digital rights management service on the uncertified client; managing the requested medical data according to the installed certified digital rights management service thereby retrieving the medical data from the server; the system comprising means for requesting the medical data from the server by an uncertified client means for installing a certified digital rights management service on the uncertified client; means for managing the requested medical data according to the installed certified digital rights management service thereby retrieving the medical data from the server. | 06-11-2009 |
20090151008 | Media markup system for content alteration in derivative works - A classification method and system for possible content alteration of a media work may include criteria regarding content that is feasible for alteration. Such criteria may be maintained in records that are accessible to an interested party. Some embodiments may include a record of primary authorization rights applicable to a possible content alteration. A further embodiment feature may include a record of secondary authorization rights applicable to substitute altered content incorporated in a derivative version. Various exemplary identifier markup schemes indicative of a location or category of an alterable media content component may be implemented for audio, visual, and audio/video alterable content. | 06-11-2009 |
20090151009 | SYSTEMS AND METHODS FOR END-TO-END RESOURCE RESERVATION AUTHENTICATION - A network device constructs an outgoing resource reservation message and determines an authentication value, using, for example, a cryptographic algorithm and at least a portion of the outgoing message. The network device identifies a destination node for the message and inserts the authentication value in the message. The network device sends the message across a network to the destination node for authentication at the destination node using the authentication value. | 06-11-2009 |
20090165148 | METHOD FOR AUTHENTICATING APPLICATIONS OF A COMPUTER SYSTEM - The invention relates to a method for authenticating applications of a computer system including: a microprocessor, a plurality of applications, a general operating system (OS2) which can execute and manage the applications and which can associate each application identifier ( | 06-25-2009 |
20090193525 | IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, AND STORAGE MEDIUM - An image processing apparatus includes a generation unit configured to scan a document and generate an original image, a decoding unit configured to decode a two-dimensional code on the original image generated in the generation unit to obtain original information, and a determination unit configured to determine whether the original information obtained in the decoding unit contains a password. The image processing apparatus also includes a conversion unit configured to convert the original image generated by the generation unit into an electronic file attaching the password if the determination unit determines that the original information contains the password, and convert the original image generated by the generation unit into an electronic file without attaching the password if the determination unit determines that the original information does not contain the password, and a sending unit configured to send the electronic file obtained by the conversion in the conversion unit. | 07-30-2009 |
20090193526 | POSTED MOVE IN ANCHOR POINT-BASED DIGITAL RIGHTS MANAGEMENT - An anchor-point based digital rights management provides for a posted move of one or more digital rights between two devices. By executing a posted move, a user (1) disables a binding record of a source user device, thereby terminating authorized use of the digital property instance through at the source anchor point; and (2) enables a different binding record of a target user device, thereby allowing authorized use of the digital property instance through that target anchor point. Such a “move” can accomplished through secure communications links mediated by one or both of a content handler and an anchor point message system. | 07-30-2009 |
20090199304 | METHOD OF GENERATING VERIFICATION DATA - To prevent dissemination of content stored on a DVD-RW disc, CPRM is provided. However, this does not provide a watertight system. The invention proposes to arrange a stream to be recorded such that the input for verification data and therefore verification data is different for different authorisation levels. Various embodiments for implementing the invention are disclosed and comprise re-arranging data packs to be recorded and/or modifying data in data packets. | 08-06-2009 |
20090199305 | CONTROLLING DISTRIBUTION OF DIGITAL CONTENT - A method of controlling distribution of digital content ( | 08-06-2009 |
20090205053 | Confidential information protection system and method - Efficient and effective permission confidential information protection systems and methods are described. The secure information protection systems and methods facilitate storage of confidential information in a manner safe from rogue software access. In one embodiment, a confidential information protection method is implemented in hardware and facilitates protection against software and/or Operating System hacks. In one exemplary implementation, a confidential information protection method includes setting a permission sticky bit flag to a default state upon system set up. The permission sticky bit flag access permission indication is adjusted at system reset in accordance with an initial application instruction. Access to the confidential information is restricted in accordance with the permission sticky bit and the permission sticky bit is protected from adjustments attempting to violate the permission indication. For example, another software application can not access or alter confidential information (e.g., an encryption key, initialization vector, etc.) if a permission sticky bit is designated as the highest security rating (e.g., disabling read permission and write permission until system reset). | 08-13-2009 |
20090205054 | PROCESS FOR PROTECTING STORED OPERATING DATA OF MACHINERY OR SIMILAR EQUIPMENT - A process is provided for protecting stored operating data of machinery or similar equipment. The operating data are stored by means of a computer system belonging to a control system or by means of a similar computer system belonging to the equipment and wherein the operating data are acquired continuously in the form of data sets and stored in a data storage medium for later analysis. A security code is generated with the storage of a data set from the currently stored operating data on the basis of parameters (k, l, m, n) of a preset determination rule and stored in the computer system. A comparison code is determined in at preset time intervals on the basis of the same determination rule from the operating data currently recorded in the data storage medium for verifying the operating data currently present in the data storage medium. The comparison code is compared with the security code generated originally, and a warning signal is generated or a protective action is triggered in a fourth step in case of a deviation between the comparison code and the security code generated originally. | 08-13-2009 |
20090217386 | Stateless challenge-response broadcast protocol - A broadcast stateless protocol by which a client broadcasts a request to a server group is described. In one embodiment, the client broadcasts the request to a server group. A tamper-evident challenge including the request is received from any one server of the server group. A response to the tamper-evident challenge is broadcast to any one server of the server group, the response including the request. A result to the request is received upon any one server of the server group verifying the response being valid and the request being unmodified. | 08-27-2009 |
20090222930 | SYSTEM AND METHOD FOR MULTIMEDIA DATA VALIDATION - There is disclosed a media file distribution system and method. An asset management and delivery system and method for the distribution of digital files and data is provided. There are two major functions, with sub-functions within each. The system first serves as a fully automated management system for a company involved in video/file distribution, such as in video on demand (VOD) or other digital file industries. The system can ingest, prepare, schedule, transmit, track and report on any aspect of the business chain. Secondly, it also serves as a product for both content providers and recipients to be able to view, manage and run their entire content offering remotely from anywhere through the Internet. | 09-03-2009 |
20090265794 | METHOD AND APPARATUS FOR ENABLING ACCESS TO CONTACT INFORMATION - A method, an apparatus and a processor readable medium for enabling access to contact information. The contact information for contacting a recipient may be accessed in accordance with a rights object. | 10-22-2009 |
20090271874 | METHOD AND SYSTEM FOR SECURE LIGHTWEIGHT STREAM PROCESSING - A system and method for processing an information unit/packet (IU) in a stream processing system includes decomposing an IU into sub-information units persisted other than in the IU. An index or reference is generated in the IU for retrieving the persisted sub-information units during processing. | 10-29-2009 |
20090271875 | Upgrade Module, Application Program, Server, and Upgrade Module Distribution System - An upgrade module is configured to perform necessary upgrade of firmware to enable a function related to an operation of a device, and operates as part of an application program that uses the operation of the device. As a result, only those users that satisfy a special condition can upgrade the firmware. | 10-29-2009 |
20090271876 | IC CARD, AND ACCESS CONTROL METHOD THEREOF - There has been no access control method combining two different authentication methods, i.e., authentication by password collation or secret key encryption and authentication by public key encryption. | 10-29-2009 |
20090276860 | METHOD OF PROTECTING CONFIDENTIAL FILE AND CONFIDENTIAL FILE PROTECTING SYSTEM - There is provided a method of protecting confidential files to securely protect business confidential files in accordance with a security policy. In the method of protecting confidential files according to the present invention, information of a business application which is allowed to access confidential files is registered in a management server in advance and the registered application information is distributed to each client as needed. When the business application references confidential files, it is judged (application is authenticated) at the time of starting up the business application whether the business application is the application registered in advance in the server. Only when the application authentication is allowed, process information of the business application is registered in an I/O acquisition module. The I/O acquisition module allows only the process which is consistent with the registered process information to access confidential information, and rejects other processes. | 11-05-2009 |
20090276861 | System and method for effectively performing data restore/migration procedures - A system and method for effectively supporting data transfer procedures includes a source device that registers with an account server to participate in a data backup service. The source device then encrypts and stores user data onto a datacenter. The source device later may request a data transfer task from a vendor. The datacenter responsively transfers the encrypted user data to a vendor server, and an escrow server generates and sends a temporary key to the vendor server. A destination device may then utilize the temporary key to decrypt and securely store the user data onto the destination device. | 11-05-2009 |
20090276862 | CONTENT PROVIDING SYSTEM - When the portable reproduction device | 11-05-2009 |
20090288174 | SOFTWARE CONTROL FLOW WATERMARKING - The present invention is a system and method of software control flow watermarking including the steps of obtaining a program for protection, generating at least one watermark value using a formula or process from an external file, and placing the at least one watermark value in CASE values of the program. The system and method may further include determining the at least one watermark value by a formula with at least one variable. The formula may also contain a variable from outside of the program. The system may also stop the program if the variable from outside of the program is incorrect. | 11-19-2009 |
20090307783 | DATA PROCESSING DEVICE, METHOD, PROGRAM, INTEGRATED CIRCUIT, AND PROGRAM GENERATING DEVICE - A data processing apparatus controls execution of debugging of a program performed by a debugger. The program includes a verification value used for judgment on whether to permit the debugging, and an access control list that shows whether to permit an access to each of parts constituting the program. The data processing apparatus acquires a debugger ID of the debugger from the debugger, and the verification value and the access control list included in the program. The data processing apparatus judges whether to permit the debugging, according to the result of comparison between the debugger ID and the verification value. The data processing apparatus permits an access to a part of the program to be debugged when the access control list shows that the access is permitted. The data processing apparatus does not permit the access to the part when the access control list shows that the access is not permitted. | 12-10-2009 |
20090313705 | SECURITY MEASURES FOR COUNTERING UNAUTHORIZED DECRYPTION - After a predetermined limit for decryption attempts has been exceeded by a user attempting to decrypt an encrypted electronic message or attempting to decrypt a encrypted electronic certificate associated with an electronic message, access to the electronic message may be restricted. | 12-17-2009 |
20090313706 | METHOD AND SYSTEM FOR DETECTING WHEN AN OUTGOING COMMUNICATION CONTAINS CERTAIN CONTENT - A method and system for detecting whether an outgoing communication contains confidential information or other target information is provided. The detection system is provided with a collection of documents that contain confidential information, referred to as “confidential documents.” When the detection system is provided with an outgoing communication, it compares the content of the outgoing communication to the content of the confidential documents. If the outgoing communication contains confidential information, then the detection system may prevent the outgoing communication from being sent outside the organization. The detection system detects confidential information based on the similarity between the content of an outgoing communication and the content of confidential documents that are known to contain confidential information. | 12-17-2009 |
20090328236 | COPYRIGHT DETECTION AND PROTECTION SYSTEM AND METHOD - A method for detecting against unauthorized transmission of digital works comprises the steps of maintaining a registry of information permitting identification of digital copyrighted works, monitoring a network for transmission of at least one packet-based digital signal, extracting at least one feature from the at least one digital signal, comparing the extracted at least one feature with registry information and applying business rules based on the comparison result. | 12-31-2009 |
20100031374 | Security-activated operational components - Various methods and systems include exemplary implementations for a security-activated operational component. Possible embodiments include but are not limited to obtaining access to an object data file configured to implement various functional operation regarding one or more objects; verifying validity of an authorization code associated with the object data file; and controlling operation of the operational component to enable or prevent its activation pursuant to the authorization code in accordance with one or more predetermined conditions. | 02-04-2010 |
20100043081 | Detecting and Revoking Pirate Redistribution of Content - Disclosed are methods, systems and articles for tracing and disabling one or more unauthorized distributors of content originally transmitted by a distribution center. In some embodiments, a method includes receiving rebroadcast transmissions of a data segment previously transmitted by the distribution center, the received segment including embedded information associated with a subset of recipients that includes at least one of the unauthorized distributors, and identifying the subset based on the embedded information. The method further includes assigning recipients in the identified subset into two or more new subsets such that the at least one unauthorized distributor is assigned to one of the two or more new subsets, and coding a subsequent data segment to be transmitted with additional embedded information associated with the two or more new subsets. The above operations may be repeated until the at least unauthorized distributor is identified. | 02-18-2010 |
20100058487 | COPYRIGHT PROTECTION DATA PROCESSING SYSTEM AND REPRODUCTION DEVICE - If playback devices are prohibited from playing back contents recorded in R media, there occurs a problem that it takes more time to manufacture commercial ROM media. Conversely, if playback devices are permitted to play back contents recorded in R media, there occurs a problem that copyrights might be infringed. In view of these, the aim of the present invention is to provide a content protection data processing system and a playback device capable of determine whether to permit playback of a content recorded in a recording medium, based on a medium type of the recording medium and a signature type of a signature attached to a program. This enables both the protection of the copyright of the content and the efficient manufacturing of commercial ROM media. | 03-04-2010 |
20100071074 | APPARATUS FOR EXECUTING INTEROPERABLE DIGITAL RIGHTS MANAGEMENT USING CONTENTS DEVICE AND METHOD OF PERFORMING OPERATIONS BETWEEN CONTENTS DEVICE AND DIGITAL RIGHTS MANAGEMENT TOOL FOR INTEROPERABLE DIGITAL RIGHTS MANAGEMENT - Provided are an apparatus for executing interoperable digital rights management (DRM) using a contents device and a method of performing an operation between the contents device and a DRM tool for interoperable DRM, and more particularly, a method and apparatus for executing a DRM tool in various environments, regardless of the type of device or type of DRM tool, using an interfaced DRM executing apparatus including a DRM processor or a DRM tool agent. | 03-18-2010 |
20100077488 | DATA TRANSMISSION APPARATUS, DATA RECEPTION APPARATUS, AND DATA TRANSMISSION AND RECEPTION SYSTEM - A data transmission and reception system and the like are provided, which are capable of preventing: unauthorized copying between a server and a client; and unnecessary use limit when a copyright constraint is conformed. A server generates and manages overall use permission information indicating that the overall data accumulated in the server can be used and distributes the overall use permission information together with copied data to the client determined to exist within a private use range. The client manages the overall use permission information and the data received from the server in such a manner associated with each other and enables use of the data received from the server only when the overall use permission information is valid. When the client moves only within the private use range, the server continuously manages the overall use permission information so as to enables use of the copied data. Meanwhile, use of the copied data in the client which has moved out of the private use range is inhibited. | 03-25-2010 |
20100077489 | METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR ISOLATING PERSONAL DATA - A method, user equipment, network device, and software product that protects data confidentiality where data transmission is required between distant systems. The invention comprises splitting data into confidential and non-confidential data. The invention further includes an isolating indexation responsible for data transmission, processing and reconciliation. Also, the invention comprises data confidentiality protection where multiple systems are involves. | 03-25-2010 |
20100083385 | RIGHT MANAGEMENT METHOD, ITS SYSTEM, SERVER DEVICE USED IN THE SYSTEM, AND INFORMATION DEVICE TERMINAL - There is provided an authority management system in which, when a data user discloses secret information only to a specific partner having the authority to receive the disclosure of the secret information, the information can be disclosed only if the correctness of the partner is confirmed in a face-to-face manner. A holder of disclosure data encrypts data, generates and divides a decryption key of the data, and sends a partial decryption key to a disclosure partner beforehand. At the time of data disclosure, the data holder physically meets a disclosure partner terminal. The partial decryption key is sent in a proximate state, and the decryption key is reproduced. With this, the data is decrypted and disclosed. Thus, the data holder meets the disclosure partner having the authority to receive the disclosure, and visually confirms the correctness of the partner. | 04-01-2010 |
20100088772 | SECURE SYSTEM AND APPARATUS FOR DATA DELIVERY - A system and apparatus for data delivery facilitates secure and controlled delivery of digital information, particularly in the context of an event, but also in the context of commercial and educational forums and the like. Preferably an administrator is positioned between parties wishing to share digital information and parties wishing to obtain such information. The administrator ensures that the digital information falls within certain security and formatting criteria so that parties may obtain the information without fear of damage to or abuse of their computing devices. | 04-08-2010 |
20100095384 | Realest Invention - The new process (invention) named the realest invention is a new process in which information is stored on the computer. Information is stored in bulk at a policing agency. What this policing agency does is store drivers license, birth certificate and social security and others of this like. This enables for added security to the theft of music and movies on the internet. What the policing agency does is check to make sure that every thing is legate on the website individual is putting on the internet. Majority of times people use credit card and check and a thorough check can be done to make sure every thing matches on the website that they are putting on the internet. | 04-15-2010 |
20100095385 | Method And Device For Classifying And Processing Data In Instant Messaging System - The embodiment of this invention provides a method for classifying and processing data in an instant messaging system, which includes: classifying the data of every service included in the instant messaging system into confidential data and non-confidential data; obtaining and processing the non-confidential data of every service after a first authentication is passed successfully; and obtaining and processing the confidential data of every service after a second authentication is passed successfully. The embodiment of this invention also provides a device for classifying and processing data in an instant messaging system. According to the embodiment of the present invention, the security requirements of the instant messaging system are met, and the user is facilitated to use various services provided by the instant messaging system. | 04-15-2010 |
20100100969 | COPYRIGHT PROTECTION DATA PROCESSING SYSTEM AND REPRODUCTION DEVICE - If playback devices are prohibited from playing back contents recorded in R media, there occurs a problem that it takes more time to manufacture commercial ROM media. Conversely, if playback devices are permitted to play back contents recorded in R media, there occurs a problem that copyrights might be infringed. In view of these, the aim of the present invention is to provide a content protection data processing system and a playback device capable of determining whether to permit playback of a content recorded in a recording medium, based on a medium type of the recording medium and a signature type of a signature attached to a program, and switching a procedure relating to a digital signature for each signature type of the digital signature. This enables both the protection of the copyright of the content and the efficient manufacturing of commercial ROM media. | 04-22-2010 |
20100100970 | ENFORCING ALIGNMENT OF APPROVED CHANGES AND DEPLOYED CHANGES IN THE SOFTWARE CHANGE LIFE-CYCLE - On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed. | 04-22-2010 |
20100107261 | COMMUNICATION MANAGEMENT SYSTEM AND COMMUNICATION MANAGEMENT METHOD - In a communication management system, a communication control apparatus includes: a normal signature list which stores a list of signatures of normal communication; a search circuit which acquires communication data and searches the normal signature list storing signatures of normal communication to check if the signature of the communication data appears in the list; and a process execution circuit functioning as a warning unit which issues a warning when there is detected communication data of which the signature does not match any signature of normal communication stored in the normal signature list. An operator terminal includes: a determination result acquisition unit which acquires a determination result indicating whether or not communication data against which a warning has been issued is normal; and a normal signature list update unit which, when the determination result acquisition unit acquires a determination result that communication data against which a warning has been issued is found to be normal, adds the signature of the communication data to a normal signature list. | 04-29-2010 |
20100115629 | METHOD FOR OPERATING A NETWORK AS WELL AS A LOCAL NETWORK AND NETWORK COMPONENT - The invention relates to a method for operating a network as well as a local network comprising network components and to network components, in particular of a home network, where a functional command is generated, which is configured to execute an assigned function in a network station, wherein a user identification, which is derived from the collected user data, is assigned to the functional command, the assigned user identification is evaluated in the network station in response to executing the functional command and the functional command is executed when, in response to the evaluation of the corresponding user identification, it is established that the functional command is approved in connection with the assigned user identification. | 05-06-2010 |
20100115630 | ARCHITECTURE OF AN OPEN LOCAL AREA NETWORK FOR AUDIO SERVICE SUPPORT BETWEEN USERS OF PARTITIONED DOMAINS - The invention relates to a system for data exchange between at least two communication networks using the IP Internet protocol, a first network having a security level N | 05-06-2010 |
20100115631 | SYSTEM AND METHOD FOR PLAYING CONTENT ON CERTIFIED DEVICES - Systems and methods of ensuring a predetermined quality of playback of media content are provided. The predetermined quality is determined by an encoder placing a passive flag or data field within a media file having a predetermined quality. The contents of the media file in which the passive flag or data field is located is not encrypted or designated within a particular standard. A decoder plays the media content within the media file upon detection of the passive flag or data field or in accordance with a value within the passive flag or data field and the certification of the device. | 05-06-2010 |
20100122352 | Method for Operating an Installation Using Data Protected Against Unauthorized Use - A method and a device for operating a technical installation using data from a third party are provided, the data being protected against unauthorized use. A first and a second rights object are used for protecting the data, the first rights object specifying an authorized use of the data with a variable not defined in respect of its value and the second rights object defining a value for the variable. | 05-13-2010 |
20100132053 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND PROGRAM - An illegal use of a privileged instruction and a library function by an application process is prevented. A concept of “security gate” is provided, and an instruction is located at a head of the library function in a high-reliability memory area which is not easy changed such as a ROM, to request a security gate entry to an OS. An instruction is located at the last of the library function to request a security gate exit to the OS. The security level is changed to a higher level and a privileged instruction is allowed to be executed, only when the application process in a security gate entry state. | 05-27-2010 |
20100138933 | DATA MANAGEMENT DEVICE, STORED DATA MANAGEMENT METHOD AND COMPUTER PROGRAM - Provided is a data management device for managing data recorded onto a readable and writable recording medium by an application that is verified based on a digital certificate. The recording medium has a plurality of areas and access to each area is restricted to a different application. The data management device includes an application authentication module, a mapping module, and a local storage display module. The application authentication module verifies that an application is an authentic application based on a digital certificate attached to the application. The mapping module associates, if the application is verified, an area accessible by the application with a subject name described in the digital certificate used for the verification. The local storage display module displays information regarding the area accessible by the application, with the use of the subject name associated with the area. | 06-03-2010 |
20100138934 | INFORMATION PROCESSOR - An information processor for controlling a storage device for storing content information, includes: a controller for receiving content information from the exterior and storing the content information in the storage device; and a generator for generating unique information that is unique to combination of the content information and the information processor through an operation of identification information of the content information and the information processor; wherein when the controller receives content information, the controller checks whether the content information includes information matching with the unique information and upon confirmation of both the information allows the content information to be stored in the storage device. | 06-03-2010 |
20100154066 | System and Method for Managing Security Testing - The subject matter relates generally to a system and method for managing security testing. Particularly, this invention relates to maintaining a security database by correlating multiple sources of vulnerability data and also to managing security testing from plural vendors. This invention also relates to providing secure session tracking by performing plural authentications of a user. | 06-17-2010 |
20100162413 | Two Part Code - A graphically representable, machine readable code having first and second parts wherein the first part may be associated with data and a second part may be associated with the first part, such that a relationship between the parts, or lack thereof may be discerned by reading both parts of the code, in order to verify the authenticity of the code. | 06-24-2010 |
20100169984 | METHOD AND APPARATUS FOR CONTENT MANAGEMENT - The present application relates generally to content management (e.g., managing audio and video items in portable devices). One claim recites a method including: utilizing electronic memory housed in a portable device, maintaining a listing of up to N identifiers associated with previously accessed audio or video items, where N is an integer, and where each previously accessed audio or video item has an identifier associated therewith; utilizing a programmed electronic processor housed in the portable device, restricting access to a new audio or video item if: i) an identifier associated with the new content item is one of the N identifiers associated with the previously accessed audio or video items, or ii) less than N audio or video items have been accessed within a predetermined time. Of course, other claims and combinations are provided as well. | 07-01-2010 |
20100175138 | SYSTEM AND METHOD FOR PROVIDING CONTENT FOR DIGITAL RIGHTS MANAGEMENT - A method of providing DRM content, including transmitting, by a content issuer, when a request for a specific main content of a communication terminal is input, a DRM content including the main content and a preset sub-content corresponding to the main content to the communication terminal; transmitting, by a rights issuer, a rights object having constraint condition information for securing reproduction of the sub-content to the communication terminal; and reproducing, by the communication terminal, when the DRM content and the rights object are received, the sub-content by analyzing the rights object and reproducing, when reproduction of the sub-content is complete, the main content. Reproduction of a sub-content in a communication terminal can be secured through constraint condition information of a rights object, and waste of resources required for providing a sub-content can be suppressed. | 07-08-2010 |
20100180349 | SYSTEM AND METHOD OF POLICY DRIVEN CONTENT DEVELOPMENT - A system and method for implementing a policy driven environment for the development of electronic content is provided. Such a policy driven system and method controlling the introduction of digital content into electronic content under development by monitoring the development environment for file alteration events and analyzing the file alteration event and associated metadata of the electronic content and externally introduced digital content with policy engines that address aspects such as copyright, licensing, source, file type, file length etc according to the policies established by the development organization. The system and method helping to protect the development organization by detecting policy breaches, determining the appropriate course of action, and implementing corrective actions. | 07-15-2010 |
20100186096 | IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, COMPUTER PROGRAM AND COMPUTER-READABLE RECORDING MEDIUM - An image processing apparatus includes an alteration unit and a control unit. The alteration unit alters a first image file stored in a removable storage medium in order to generate a second image file. The control unit controls to store the second image file in the storage medium without deleting the first image file from the storage medium, if the first image file includes authentication data that is used to authenticate whether the first image file has been altered. | 07-22-2010 |
20100192234 | ACCESS RESTRICTED FILE AND ACCESS RESTRICTED FILE CREATING APPARATUS - Disclosed are an access restricted file and an restricted file creating apparatus for creating the access restricted file concerned, which makes it possible for an information processing apparatus to request a management server to determine whether the access right is present or absent. The apparatus includes a creating section to create the access restricted file that includes data, an accessing operation for which is restricted, and confirming destination information that represents the management server that confirms a presence or absence of the access right in regard to the operation for accessing the data. On the other hand, the access restricted file includes a program, being executable by a CPU of the information processing apparatus provided with a communicating function, to cause the CPU to perform a processing for requesting the management server, represented by the confirming destination information, to confirm the presence or absence of the access right. | 07-29-2010 |
20100199359 | Operation apparatus, content parental lock setting method, and electronic apparatus - An operation apparatus includes a communication section to communicate with an electronic apparatus capable of communicating, through a first transmission medium, with an accumulation apparatus capable of accumulating contents, the communication section communicating with the electronic apparatus through a second transmission medium, a content selection section to select a content to which a parental lock is to be set from among the contents accumulated in the accumulation apparatus, a release key setting section to set a key for releasing the parental lock for the content selected, a storage section to associate identification information of the content selected with the key set by the release key setting section and stores the identification information and the key associated with each other, and a parental lock notification section to notify the accumulation apparatus in which the content is accumulated of the identification information of the content to which the parental lock is set. | 08-05-2010 |
20100223675 | CERTIFICATE BASED DISTRIBUTED POLICY ENFORCEMENT - An apparatus and a method for a certificate-based distributed policy system is described. A policy server receives over a communication channel a data structure associated with an object to be managed across a communication boundary between a client and the policy server. The policy server generates an object certificate upon validation of the object and validation of an initiator of the object. The data structure includes a serialized representation of public properties of the object, a hash of the object in a canonical serialized form, and a signature of the public properties and hash using the initiator's private key. | 09-02-2010 |
20100223676 | Device And Method For Publishing Multimedia Contents By Rendering Them Accessible To The Public - The device for publishing multimedia contents by rendering them accessibility to the public comprises an electronic processor connected to publication units for multimedia contents. The electronic processor carries stored in its memory the multimedia contents to be published, and information relative to the dates and times of publication. The processor supports control software for controlling the publication of the multimedia contents via the publication unit on the set dates and times; first communication software for downloading online the information relative to the dates and times of publication; and second communication software for downloading online said multimedia contents to be published and/or their updating. The method enables publication of the multimedia contents via the publication unit on the set dates and times to be automatically commanded. | 09-02-2010 |
20100223677 | DIGITAL CONTENT LICENSING METHOD - Disclosed herein is a method of licensing the use of digital content on a digital content execution device including providing a total number of licensed tokens from a licensed token pool for executing digital executable content on the digital content execution device, assigning a number of tokens to each distinct digital executable content, controlling use of the total licensed tokens provided to the digital content execution device by a license manager separate from and in communication with the digital content execution device and in response to a request to execute digital content on the digital content execution device, the license manager allowing execution of the requested digital content on the digital content execution device through the allocation of the number of tokens assigned to the digital content from the licensed token pool. | 09-02-2010 |
20100235925 | METHOD FOR EXECUTING DIGITAL RIGHT MANAGEMENT AND TRACKING USING CHARACTERISTIC OF VIRUS AND SYSTEM FOR EXECUTING THE METHOD - A method of performing Digital Rights Management (DRM) and tracking using a virus characteristic and a system for executing the method are provided. The method of performing DRM and tracking with respect to a digital content, includes the steps of: providing a DRM code to the digital content in a DRM system, wherein the DRM code includes a virus characteristic; and performing the DRM and tracking with respect to the digital content, based on DRM information, wherein the DRM information is generated based on the DRM code. | 09-16-2010 |
20100251389 | LICENSE REGISTRATION DEVICE THAT REGISTERS LICENSE FOR USE OF PROGRAM ON DATA PROCESSING DEVICE - A storage medium storing a set of program instructions that becomes executable on a data processing device if license information is input to the data processing device within a limiting period set for the license information. The license information is provided by a license registration device after registration of a license for use of the program instructions on the data processing device. The instructions includes storing time information in association with the license information, the time information indicating a cancelable time that arrives at or after an expiration time of the limiting period, accepting input of a disabling command, disabling use of the program instructions, and providing, if the cancelable time has arrived and if the disabling command has been accepted, license cancel information necessary for canceling the license. | 09-30-2010 |
20100251390 | ELECTRONIC CAMERA, STORAGE MEDIUM, AND DATA TRANSFER METHOD - Image data obtained by photographing an object using a camera is stored in a storage medium that can be attached to and detached from the camera. The camera includes a device program storage unit and an information writing unit. A device program that can be executed by an information processing device, which is different to the camera, is stored in the device program storage unit. The information writing unit is constituted to be capable of writing the device program to the storage medium attached to the camera. While writing the device program to the storage medium, the information writing unit writes the device program in a format enabling the information processing device to read and execute the device program automatically when the storage medium is attached to the information processing device. | 09-30-2010 |
20100263060 | Method and System for Generating Trusted Security Labels for Electronic Documents - A method and system for generating trusted security labels in electronic documents is disclosed. The method comprises determining parts of the document to be cryptographically bound to the security label and hashing them; hashing the security label; specifying any necessary policies as signable signature properties; and digitally signing the collection of these items. The resulting security label is trusted, because it is digitally signed and its digital signature also covers the parts of the document to be protected, thus allowing any tampering of the security label or the covered parts of the document to be detectable. A corresponding system for generating trusted security labels is also provided. | 10-14-2010 |
20100269179 | Security Client Translation System and Method - Systems and methods for controlling the use of audio, video and audiovisual content are provided. Usage rights and entitlement translation permit numerous devices to store and view media content. The usage rights may be encoded in the content or otherwise bound to the content. Security packages may be created by mapping Conditional Access System entitlements to DRM in hardware security elements. Playback devices are configured to access the translated usage rights and verify rights prior to the viewing of media. | 10-21-2010 |
20100275271 | Form Production System - The present invention relates to an on-line system for facilitating the production of forms, such as business cards, stationery, catalogues and generally any printed matter. Relatively permanent material for the production of forms is stored as a form structure in a computing system repository. The system receives copy information input by a user and combines it with the form structure to produce a finished artwork which is transmitted to a printery. | 10-28-2010 |
20100275272 | METHOD AND SYSTEM FOR PROVIDING LOCATION-OBSCURED MEDIA DELIVERY - One embodiment of the present invention enables delivery of “on-demand” high fidelity media content to computers via the Internet while restricting unauthorized users from directly retrieving media content from its source database. Once the computer receives the media, it is stored using hidden directories so that it may not be easily shared with others. Within the present embodiment, there are different functionality that are implemented in order to protect and monitor the media content source. For example, the actual address location of the media database is hidden from content recipients while its address directory is periodically change making past addresses obsolete. Additionally, an access key procedure and rate control restrictor may also be implemented to monitor and restrict suspicious media content requests. By implementing these and other functionality, the present embodiment restricts redistribution of delivered media content and provides a means for compensating owners of copyrighted media content. | 10-28-2010 |
20100281545 | Using Embedded Data with File Sharing - Peer-to-peer file sharing is increasing in popularity on the Internet, faster than any product known in history. Although file-sharing can enable massive piracy, it has many advantages for distribution of information including scalability. Alternatively, file-sharing can be sabotaged with falsified files and used to distribute viruses. To this end, a solution that maintains the scalability of file-sharing and promotes reliability is proposed. The solution involves embedding data within the file or content and using the data to identify the content, demonstrate its completeness and lack of viruses, and verify the file can be shared. The embedded data can be checked when the file is registered with the database for sharing, and before or while the file is being uploaded and/or downloaded. Ideally, the embedded data is added at the time of creation for the file. The embedded data may include a watermark and be linked to other copy management systems, such as those proposed in DVD and SDMI. Finally, the embedded data can be used to enable purchases of files that owners do not have rights to share. | 11-04-2010 |
20100287623 | METHOD FOR DISTRIBUTING A COMPUTER DATA STRUCTURE TO NODES OF A NETWORK - A method for spreading a computer data structure to nodes of a network is provided. The computer data structure has at least one interface for the interaction with the nodes of the network and useful data. After integrating the computer data structure into a first node, the useful data is installed on the first node of the network via the interface. The first node then detects at least one second node of the network. The computer data structure is then transmitted from the first node to the at least one second node. The useful data is then installed on the at least one second node via the interface. The above-mentioned steps carried out for the second node are repeated for a third, fourth etc. node; the third, fourth etc. node correspond to the second node, and the second node corresponds to the first node. | 11-11-2010 |
20100293621 | METHOD AND APPARATUS FOR IDENTIFYING AND CHARACTERIZING ERRANT ELECTRONIC FILES - A computer system includes a server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory. The file identification application provides the functions of: (1) selecting a file stored in said memory; (2) generating a unique checksum corresponding to the stored fire; (3) comparing said unique checksum to each of a plurality of previously generated checksums, wherein the plurality of previously generated checksums correspond to known errant files; and (4) marking the file for deletion from the memory if the unique checksum matches one of the plurality of previously generated checksums. | 11-18-2010 |
20100299763 | Secure Workflow and Data Management Facility - Disclosed is a computer program that provides a secure workflow environment through a cloud computing facility, wherein the secure workflow environment may be adapted to (1) provide a plurality of users with a workspace adaptable to provide secure document management and secure communications management, wherein the users comprise at least two classes of user, including a participant and a subscriber, the subscriber having control authority within the workspace that exceeds that of the participant and the participant having control over at least some of the participants own interactions with the workspace, (2) maintain a secure instance of each communication provided by each of the users such that each communication can be managed, (3) maintain a secure instance of each document interaction provided by each user such that each interaction can be managed; and extending the secure workflow environment to the users through a secure network connection. | 11-25-2010 |
20100299764 | System for dynamically encrypting information for secure internet commerce and providing embedded fulfillment software - A data distribution system is provided which supplies customers with an executable for requested secured data files to provide the customer with fulfillment software, obviating the need for the customer to download fulfillment software prior to requesting secure data. The data distribution system is characterized by server technology which can dynamically encrypt secured data files just prior to a customer request to download the data file. A framework for building a universal data distribution infrastructure is provided which employs Requesters. | 11-25-2010 |
20100313277 | METHOD FOR MANAGING ACCESS RIGHTS IN A SMART CARD - A method of managing access rights in a smart card, to subordinating execution of a command (Cmd | 12-09-2010 |
20100313278 | ASSOCIATING FIRST AND SECOND WATERMARKS WITH AUDIO OR VIDEO CONTENT - The present invention relates generally to processing audio or video content. One claim recites an apparatus comprising: electronic memory, and an electronic logic processor. The electronic memory is for storing data representing audio or video content, in which the data includes a protect watermark embedded therein, the protect watermark providing an indication that the data is protected, and in which the data further includes a rights watermark embedded in the data, the right watermark providing an indication of user rights associated with rendering the audio or video content, the protect watermark being more difficult to remove from the data relative to the rights watermark. The electronic logic processor is programmed for analyzing the data to retrieve the protect watermark only when the rights watermark does not exist in the data. Other claims are described and provided as well. | 12-09-2010 |
20110004943 | Online personal library - A method and an apparatus for creating an online library by establishing an account for a user on a first server computer, allocating storage space for the user on the first computer, the receiving from a second server computer a document to be stored in the first server computer in the user's allocated storage space. The library is made accessible to selected groups of others by the user based on access criteria. The library holds documents, which can be modified by another person who is authorized to so modify, whereupon the modifications may be transmitted to or approved by a group of users. | 01-06-2011 |
20110004944 | METHODS AND SYSTEMS FOR FINGERPRINT-BASED COPYRIGHT PROTECTION OF REAL-TIME CONTENT - The present invention provides methods and systems for fingerprint-based copyright protection of real-time content. A first fingerprint is provided for content from a fingerprint ingesting device to a central server. The first fingerprint is associated with one or more business rules for the content at the central server. At least one of (a) a second fingerprint is provided for the content from a broadcast device to the central server, and (b) a third fingerprint is provided for the content from a receiving device to the central server. The first fingerprint is then compared with the at least one of the second and third fingerprints at the central server. One or more corresponding business rules may then be determined for the content based on the comparing. | 01-06-2011 |
20110004945 | DEVICE MANAGING APPARATUS, DEVICE MANAGING SYSTEM, AND RECORDING MEDIUM STORING A SOFTWARE MANAGEMENT PROGRAM - A device managing apparatus for managing software installed in at least one device includes a determination unit configured to determine whether a software item to be installed in the device requires license validation; a validation unit configured to perform a license validation operation on the software item for which the determination unit determines that license validation is required, depending on an available license for the software item; and a setting unit configured to set a license issued by the validation unit in the device in which the software item is installed. | 01-06-2011 |
20110004946 | TEXT-BASED COMMUNICATION CONTROL FOR PERSONAL COMMUNICATION DEVICES - Systems, devices, and methods are provided for enabling a user to control the content of text-based messages sent to or received from an administered device. In some embodiments, a message will be blocked (incoming or outgoing) if the message includes forbidden content. In other embodiments, the objectionable content is removed from the message prior to transmission or as part of the receiving process. The content of such a message is controlled by filtering the message based on defined criteria. The criteria may be defined according to a parental control application. These techniques also may be used, in accordance with instructional embodiments, to require the administered devices to include certain text in messages. These embodiments might, for example, require that a certain number of Spanish words per day be included in e-mails for a child learning Spanish. | 01-06-2011 |
20110010778 | STANDALONE SOLUTION FOR SERIAL COPY MANAGEMENT SYSTEM (SCMS) COMPLIANCE - Standalone serial copy management system (SCMS) compliance with respect to distributing and receiving protected digital media is disclosed. In general, when a digital media file is selected for transfer or reception between a computing system and another device, serial copy management system copy/playback information for the digital media file is accessed. If the serial copy management system copy/playback information comprises unrestricted copy/playback information the SCMS may utilize a common transfer pathway for the transfer or reception. However, if the serial copy management system copy/playback information comprises controlled copy/playback information the SCMS utilizes a new pathway distinct from said common transfer pathway for the transfer or reception of digital media, providing complete copyright protection from point of entry. In so doing, standalone SCMS compliance uses technological measures that effectively control access to the copyright protected work, as described in 17 U.S.C. sections 1201, 1202 and 1001. | 01-13-2011 |
20110010779 | INFORMATION PROCESSING APPARATUS, SYSTEM MANAGEMENT METHOD, AND RECORDING MEDIUM - In an information processing apparatus, software is installed to build a system providing a predetermined function. The information processing apparatus includes a generating unit configured to generate system identification information for identifying the system built by installing the software, the system identification information being generated from authentication information obtained by performing license authentication on the software; and a registering unit configured to send the system identification information generated by the generating unit to a management device that manages a plurality of the systems via a predetermined data transmission line, to register the system identification information in the management device as management information. | 01-13-2011 |
20110023132 | SYSTEM AND METHOD FOR GENERATING TARGET AREA INFORMATION OF A BATTLEFIELD USING INFORMATION ACQUIRED FROM MULTIPLE CLASSIFICATION LEVELS - A system and method for generating target area information. The system comprises a first processor effective to receive first information of a first classification level and a second processor effective to receive second information of a second classification level distinct from the first classification level. A cross domain processor is in communication with the first and second processors. The second processor is effective to receive a request from a requesting entity about a region of interest and interrogate a first sensor regarding the request. The second processor is further effective to receive first information from the first sensor and send the request through the cross domain processor to the first processor. The first processor is effective to interrogate a second sensor regarding the request and receive second information from the second sensor. The first processor is further effective to filter the second information based on the first and second classification levels to produce filtered information and send the filtered information through the cross domain processor to the second processor. The second processor is further effective to integrate the first information and the filtered information to produce integrated information and send the integrated information to the requesting entity. | 01-27-2011 |
20110023133 | GRID LICENSING SERVER AND FAULT TOLERANT GRID SYSTEM AND METHOD OF USE - A system and method for managing licensed and non-licensed resources in a grid network is provided. A license server receives and processes requests for a license and determines whether a license is available and, if necessary, causes a new configuration to be created on a server for satisfying the request. A new grid node may also be created and configured to be added to the grid for creating additional capacity for grid processing. The configuration may be performed at a time prior to an actual need by the grid, perhaps due to a faulted node, and quickly brought on-line with a simple configuration update. The new grid node may also have a virtual IP address reassigned to quickly redirect processing from the faulted node to the newly configured node. Also, an external resource dispatcher may add new resources such as storage or processing capacity to the grid and may coordinate the new resources with the license server. | 01-27-2011 |
20110041189 | SYSTEM AND METHOD TO PROVIDE A USER-GENERATED IMAGE GALLERY - In various exemplary embodiments, a system and an associated method to provide a user-generated image gallery is provided. Initially, a product category of a product infrastructure associated with an item represented by an image is determined. A new product category may be generated based on a determination that the product category is not adequately associated with the item represented by the image. Subsequently, an upload of the image is received from the user. The uploaded image may then be stored whereby the uploaded image is associated with the user and the product category or the new product category is based on the determination. | 02-17-2011 |
20110061112 | SYSTEM AND METHOD FOR ENFORCING DATA ENCRYPTION ON REMOVABLE MEDIA DEVICES - A system and method of enforcing encryption of information is provided. An information or content parameters list may be associated with a repository of information and may be updated to reflect information stored in said repository. A hash parameter may be computed and may further be used to validate integrity of information stored in the repository. At least one parameter identifying an entity storing information from said repository on a designated device may be used in order to determine that the entity is storing information obtained from said repository. Other embodiments are described and claimed. | 03-10-2011 |
20110067117 | EQUIPMENT MANAGING SYSTEM, EQUIPMENT MANAGING METHOD, AND COMPUTER-READABLE STORAGE MEDIUM - An equipment managing system includes an intermediating apparatus and an equipment managing apparatus. The intermediating apparatus is connected to a license management apparatus and a program management apparatus via a network. The equipment managing apparatus is connected to an electronic equipment via a network. The intermediating apparatus stores a program acquired from the program management apparatus and a license file acquired from the license management apparatus to an external storage medium. The equipment managing apparatus sends the program and the license file recorded in the external storage medium to the electronic equipment. | 03-17-2011 |
20110078802 | DISPLAY DEVICE, DRIVE RECORDER, DISPLAY METHOD AND COMPUTER-READABLE MEDIUM - A display device displays data recorded in a portable recording medium by a drive recorder on a display unit. A code recording unit records a security code in the recording medium in which data is recorded by the drive recorder. A nonvolatile storage device stores a security code which is the same as the security code for use at the time of recording in the recording medium. A code acquisition unit acquires the security code from recorded contents of the recording medium in which the data is recorded by the drive recorder. A code authentication unit enables the display unit to display the data recorded in the recording medium when the security code acquired from the recording medium coincides with the security code stored in the storage device. | 03-31-2011 |
20110099643 | Automated Privacy Enforcement - A system and method of protecting the privacy of data is presented. The system and method may include receiving data from a data warehouse and determining an access level for each data element received. The access value may be based on the assigned business purpose of the user attempting to access the data. If a user with an assigned business purpose is authorized to access the data then access will be given, if not, access to the data will be denied. In some examples, the requesting user may request to override the security settings in order to obtain access to the data. | 04-28-2011 |
20110107437 | SYSTEM FOR PROVIDING MOBILE DATA SECURITY - A system transfers applications and datasets (files) from a server to a client device and assigns to each file a lease key that will expire at a specified time. A file cannot be accessed unless its lease key is validated. Upon expiration of a lease key, the client device will connect to the server to determine if the lease key may be renewed. If the lease key may be renewed, a new lease key is created and access to the associated application or dataset is restored. If the lease key may not be renewed, the file may be deleted or rendered inaccessible. If rendered inaccessible, the file may be restored in the future without having to re-transmit it from the server to the client device. The server may also revoke a lease key before it expires. | 05-05-2011 |
20110113493 | SOFTWARE LICENSE MANAGEMENT IMPACT ANALYSIS - A computer implemented method, program product, and system for managing software licenses is presented. A licensing management logic executes an initial reconciliation run for an initial system. The licensing management logic detects a change to an initial subunit to create a changed subunit, and executes an impact analysis for the changed subunit. The licensing management logic identifies a subunit reconciliation section from the initial reconciliation run, and executes a subunit reconciliation run for the changed subunit to create a changed subunit reconciliation report. The licensing management logic replaces the initial subunit reconciliation report with the changed subunit reconciliation report to create an updated reconciliation report for a changed system. | 05-12-2011 |
20110131666 | VEHICLE DATA STORAGE SYSTEM, VEHICLE DATA STORAGE APPARATUS, VEHICLE DATA STORAGE SERVER, AND VEHICLE DATA STORAGE METHOD - A vehicle data storage system, in which vehicle data obtained from a vehicle-mounted device is stored, includes a vehicle data storage portion in which the vehicle data is stored; a country determination portion that determines a country in which a vehicle exists, based on position data of the vehicle; a selection table storage portion in which a type of the vehicle data that should be stored in the vehicle data storage portion is stored in association with country data; a data determination portion that determines the type of the vehicle data that should be stored in the vehicle data storage portion, based on the country determined by the country determination portion, by referring to the selection table storage portion; and a data processing portion that stores, in the vehicle data storage portion, the vehicle data determined by the data determination portion. | 06-02-2011 |
20110138485 | MONITOR METHOD AND MONITOR APPARATUS FOR MONITORING DATA OF HARDWARE - A monitor method and a monitor apparatus for monitoring a data of hardware are provided. The data has private information, identification information and at least one first network transmission address. The monitor apparatus comprises a storage unit and a processing unit. The data is stored in the storage unit according to the identification information. The processing unit is configured to record the identification information and the at least one first network transmission address of the data in a mark information table. In response to a sending system call, when a transmission is arranged to transmit the private information of the data to a second network transmission address which is different from the at least one first network transmission address, the processing unit will output a signal to cease the transmission. | 06-09-2011 |
20110138486 | Methods and Apparatus for Secure Distribution of Protected Content - Systems and techniques for protection and delivery of content. Upon initiation of a user account for use in conducting transactions involving delivery of content to a user, digital rights management (DRM) information is created and stored in association with user information. A copy of the DRM information is provided to or made accessible to the user in such a way that the DRM information can made accessible to a suitable playback device to allow playing of content protected with the DRM information. When a user enters into a transaction to receive content, the DRM information associated with the user is used to protect the content before delivery to the user. When the user wishes to play the content, the removable media device storing the user's DRM information must be present in order to allow playing of the content. | 06-09-2011 |
20110145933 | SYSTEMS AND METHODS FOR SITUATIONAL APPLICATION DEVELOPMENT IN THE ENTERPRISE ENVIRONMENT - Embodiments of the invention broadly contemplate a situational application development framework that provides consumable software components that are accessed as services and monitored in a standardized fashion through a mediator service and thus suitable for use in a controlled development environment. At least one embodiment of the invention thus facilitates on the fly application creation using mashup makers in an enterprise setup. | 06-16-2011 |
20110145934 | AUTONOMOUS DISTRIBUTED PROGRAMMABLE LOGIC FOR MONITORING AND SECURING ELECTRONIC SYSTEMS - Methods and apparatuses are described herein for securing a mission logic system using one or more distributed, independent programmable security logic blocks. The security logic blocks may monitor subsystems of the mission logic system and/or communication between subsystems. If the security logic blocks determine that the mission logic system is operating in an unauthorized manner, the security logic blocks may enforce a protection mechanism. The security logic blocks may include an interface for receiving communications from the subsystems, an analysis instrument for analyzing the communications, a transport instrument for routing communications from the interface to the analysis instrument, and a control instrument for enforcing the protection mechanism on the basis on an analysis performed by the analysis instrument. | 06-16-2011 |
20110145935 | INTERCONNECT DEVICE TO ENABLE COMPLIANCE WITH RIGHTS MANAGEMENT RESTRICTIONS - To help ensure that only authorized media content that is associated with rights management (RM) restrictions is delivered from a compliant RM interface of a source device to a non-compliant RM interface of a destination device, an interconnect device provides a compliant RM interface to connect to the source device and monitors media content received from the source device to detect an embedded digital watermark. The interconnect device takes the necessary steps to determine if the watermark is authentic and control delivery of the media content to the destination device accordingly. The interconnect device may go back to the source device or to a remote service to authenticate the watermark. If the watermark is authentic, the media content is passed by the interconnect device to the non-compliant interface of the destination device outside of normal RM restrictions. Otherwise, the delivery of the media content is restricted by the interconnect device. | 06-16-2011 |
20110162089 | Method and System for Policy Driven Data Disclosure - A method, system and computer-usable medium are disclosed for controlling access to attribute information. A request is received from an application for attribute information. An attribute release policy associated with the requesting application is used to filter attributes stored in a datastore. The filtered attributes are then provided to the requesting application. | 06-30-2011 |
20110162090 | APPARATUS, METHOD AND SYSTEM FOR BROADCAST CONTENT EXPIRATION - An apparatus, method, and system for a Media Expiration System (MES) that improves upon current content control systems by better managing media recordings. The MES enables media owners to disable recordings of their broadcast content and/or advertising, locally, after the content has been recorded by a consumer. In one embodiment, the MES places expiration stamps into broadcast media as it is recorded by a consumer electronics device. The MES tracks viewing habits, enables the purchasing of extended views of programs, and removes expired media programming content. The manner and way in which this is achieved results in the expiration of stale media content. | 06-30-2011 |
20110185438 | REGULATOR OF COMMANDS WHICH ARE DESTINED FOR A SENSITIVE APPLICATION - The present invention describes a method and a software module making it possible to secure communications with a sensitive application, for which exchanges with the outside have been delegated to a so-called interfacing application. Accordingly, the present invention describes the application of security rules to all or some of the commands destined for this sensitive application. | 07-28-2011 |
20110197287 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR EVALUATING METADATA BEFORE EXECUTING A SOFTWARE APPLICATION - Systems and methods are provided for managing license objects to applications in an application platform database system. The method includes associating an LMA with an application installed to the application platform by a developer, notifying a license manager to which the license manager application is installed of the installation of the application to the application platform, and managing subscriber access to the application using the license manager application. | 08-11-2011 |
20110219460 | NETWORK BASED DIGITAL RIGHTS MANAGEMENT SYSTEM - A network-based DRM system manages digital media assets stored in the network. The system provides consumers with access to the digital media from any device connected to an electronic network such as the internet, while enforcing the intended uses by the copyright owners. | 09-08-2011 |
20110219461 | NETWORK BASED DIGITAL RIGHTS MANAGEMENT SYSTEM - A network-based DRM system manages digital media assets stored in the network. The system provides consumers with access to the digital media from any device connected to an electronic network such as the internet, while enforcing the intended uses by the copyright owners. | 09-08-2011 |
20110239308 | SYSTEM AND METHOD OF VETTING DATA - Systems and methods for vetting data include receiving a notification at a second processor that a first processor has written first output data to an output data buffer in an output device. A hardware-implemented buffer access flag controls a permission for the first processor to write data to the output data buffer. The second processor sets the hardware-implemented buffer access flag to a first setting that prevents the first processor from writing additional output data to the output data buffer while the first output data in the output data buffer is being inspected. The second processor has a read-write permission to the hardware-implemented buffer access flag. The first processor has a read-only permission to the hardware-implemented buffer access flag. | 09-29-2011 |
20110239309 | DATA DEPENDENCE ANALYZER, INFORMATION PROCESSOR, DATA DEPENDENCE ANALYSIS METHOD AND PROGRAM - A data dependence analyzer includes: inter-process communication detection means which, on the basis of a processing content of inter-process communication performed for transferring data to be copied between resources, detects the inter-process communication; access detection means which successively detects an access event to the data in the resource due to the process; recording means which, for each of the access events detected by the access detection means, records the access target data in the access event; and analysis means which, among the access target data recorded by the recording means, searches data respectively corresponding to the copy source and the copy destination of the data transferred through the inter-process communication detected by the inter-process communication detection means and imparts a dependence relationship between the searched data. | 09-29-2011 |
20110247084 | METHOD AND APPARATUS FOR AUTHORIZING DELIVERY OF STREAMING VIDEO TO LICENSED VIEWERS - Licensed access to selected videos is provided by a licensing service organization that obtains licenses from video content providers and combines these licenses into a new license for selected videos for a licensee organization. Administrators at the licensee organization then obtain a video authorization key for each video selection from the licensing service organization and embed those keys into web pages that are accessible via an intranet. Navigating to a web page for that selection from a computer connected to the intranet causes a viewing request that includes the embedded video authorization key and an IP address of the computer to be sent to a server at the licensing service organization. The server uses the incoming information to determine whether the request is from a predetermined intranet computer and if so to determine whether the request can be granted based on the new license conditions. | 10-06-2011 |
20110247085 | ELECTRONIC DEVICE AND METHOD OF PROTECTING SOFTWARE - In an electronic device and method of protecting software, a software program of the electronic device is invoked. The media access control (MAC) address of the electronic device and a serial number of a hard disk drive that stores the software program in the electronic device are searched. The MAC address and the serial number are compared with MAC addresses and serial numbers included in the software program, to determinate whether it is licensed to run the software program in the electronic device. Usage logs of the software program are further obtained to determine whether running of the software program in the electronic device is expired. | 10-06-2011 |
20110258709 | METHOD, SYSTEM AND SIMULATION ANALYSIS MODEL FOR DATA PROCESSING - The method of the invention for preprocessing data before providing the data to a user of the data for further processing the data at the user of the data, comprising the steps of (a) selecting, by the data provider, at least one part of the data from the entire data to be provided to the user for further processing, depending on at least one give criterion which the user fulfils; (b) hiding the selected data such that despite being hidden from the user, the selected data can be further processed and/or executed after the provision. | 10-20-2011 |
20110265190 | SYSTEM AND METHOD FOR PROCESSING SIGNATURE-VERIFICATION OPERATION - A system and method for processing a signature-verification operation, includes storing configured categories of signature-verification files and elements with respect thereto, wherein the elements each include at least a signature-verification level and relevant data corresponding thereto; retrieving from the stored signature-verification files and elements a signature-verification file and element corresponding to a request for a signature-verification operation; and executing the signature-verification operation on the signature-verification file according to the retrieved element. | 10-27-2011 |
20110277041 | CIRCUIT CARD DATA PROTECTION - The present invention provides for a method data of achieving protection in a circuit card such as a UICC arranged for storage of a plurality of data elements and providing protection on the basis of a domain protection-element serving to define operations that can be permitted on a data element, and on the basis of a password protection-element serving to control access to a data element and wherein at least one of the plurality of data elements is associated with both a domain protection-element and a password-protection element, and the invention further provides for a circuit card arranged for the secure storage of such data elements and for a ME arranged to employ such a circuit card. | 11-10-2011 |
20110283367 | SECURING A COMMUNICATION PROTOCOL AGAINST ATTACKS - A method, system, and computer usable program product for securing a data communication against attacks are provided in the illustrative embodiments. A segment in the data communication is received at a first application executing in a first data processing system. The segment is formed according to a data communication protocol and includes an option. The option includes a current clue and a next clue. The current clue is compared with a saved next clue, the saved next clue being a next clue in a previous segment. The segment is accepted as being a valid segment in the data communication if the current clue matches the saved next clue. A part of the segment is sent to a consumer application. | 11-17-2011 |
20110283368 | IDENTIFICATION AND END-USE DIFFERENTIATION IN DIGITAL MEDIA - A method for operating a media player includes extracting a set of identifiers from a digital medium holding an encoded video content, using a media player. The method further includes transmitting the set of identifiers to an identification service to obtain status information indicating a title for the video content, an authorization status of the digital medium, and an end-use designation for the digital medium selected from rental or sell-through. The method further includes controlling at least one function of the media player used to provide video output from the media player, in response to the status information. Extracting the set of identifiers may include extracting five identifiers comprising a volume name, a book type, and a time stamp for the digital medium, a file directory hash, and a watermark description. The method may be embodied in a media player or encoded instructions for a media player. | 11-17-2011 |
20110283369 | METHOD OF MANUFACTURING SECURITY DOCUMENT AND METHOD FOR AUTHENTICATING THE DOCUMENT - A method of manufacturing a security document is provided, comprising: providing a first security element article having a corresponding predetermined first unique identification code which is detectable from the first security element article; incorporating the first security element article into a document; generating a machine-readable security feature containing document data representative of the first unique identification code corresponding to the first security element article and of at least a second unique identification code corresponding to a second security element applied to the document; and applying the machine-readable security feature to the document. | 11-17-2011 |
20110289600 | DETECTION OF HIDDEN OBJECTS IN A COMPUTER SYSTEM - System and method for detecting a security compromise of a service module of an operating system running on a computer. At least one native service module returns a first set of requested information relating to at least one object in the computer system in response to a request made by at least one process or thread. A secondary service module generates and returns a second set of requested information relating to the at least one object in the computer system in response to a request made by at least one authorized process or thread, bypassing the at least one native service module. Access of threads is limited to the secondary service module such that only predetermined threads generated by a trusted security application are permitted to access the secondary service module. | 11-24-2011 |
20110289601 | DIGITAL RIGHTS MANAGEMENT OF STREAMING CAPTURED CONTENT BASED ON CRITERIA REGULATING A SEQUENCE OF ELEMENTS - A captured content rights controller detects a first portion of streaming captured content and a second portion of the streaming captured content after the first portion of the streaming captured content is detected. The captured content rights controller determines whether rendering the second portion of the streaming captured content after the first portion of the streaming captured content is subject to at least one digital rights management protection rule for streaming captured content as specified by at least one owner of at least one restricted element within the streaming captured content captured independent of distribution of the content by the owner of the at least one restricted element within the streaming captured content. The captured content rights controller applies the at least one digital rights management protection rule to restrict rendering of the second portion of the streaming captured content after the first portion of the streaming captured content. | 11-24-2011 |
20110296533 | DYNAMIC ASSERTION PROVIDERS FOR LOGIC-BASED SECURITY POLICY LANGUAGES - Architecture that employs dynamic assertion providers in logic-based security policy languages. The dynamic assertion providers provide a mechanism by which data can be processed in an efficient, goal-directed manner. The application of dynamic assertion providers enables the inferencing over type hierarchies, including hierarchies of personally identifiable information and also for file systems which are hierarchal in nature. When searching for facts to bind against for a given subgoal, dynamic assertion providers are also queried. These objects follow an interface which can implement an arbitrary method to provide facts to the logic engine in a goal-directed, on-demand manner. Hierarchical types can be implemented using a hierarchy provider. | 12-01-2011 |
20110296534 | SECURITY THREAD FOR PROTECTING MEDIA CONTENT - Disclosed herein is a system and method for protecting copyrighted media content. The copyright and playback management information is embedded into at least one data field of the media content. The media content is then encoded for a serial copy management system (SCMS) that utilizes the copyright and playback management information to ensure the appropriate copyright protection of the media content based at least in part on the embedded copyright and playback management information. | 12-01-2011 |
20110296535 | CHECKING DATA INTEGRITY - A network interface device for connection to a data processing device and to a data network so as to provide an interface between the data processing device and the network for supporting the network of packets of a transport protocol, the network interface device being configured to: identify within the payloads of such packets data of a further protocol, the data of the further protocol comprising payload data of the further protocol and framing data of the further protocol, and the framing data including verification data for permitting the integrity of the payload data to be verified; on so identifying data of the further protocol, process at least the payload data for determining the integrity thereof and transmit to the data processing device at least some of the framing data and an indication of the result of the said processing. | 12-01-2011 |
20110296536 | Processing of metadata content and digital content received by a media distribution system - The disclosed embodiments relate generally to the submission of metadata content and digital content, such as media content, to a media distribution system. The media content can include, for example, audio, video, image, or podcast data. In accordance with one embodiment, a client submitting metadata content can validate the metadata content prior to submission of the metadata content and/or associated media content. A media distribution system receiving metadata content can also validate the metadata content. | 12-01-2011 |
20110302663 | Method and System for Securing a Home Domain From External Threats Received by a Gateway - A method and system are provided in which a broadband gateway may handle at least one physical layer connection to at least one corresponding network access service provider. The broadband gateway may receive content comprising an application through the at least one network access service provider and may store the content in a first portion of a memory. A software agent may be utilized to request the content and/or to store the received content in the first portion of the memory. The broadband gateway may execute the application after access by the application to a second portion of the memory is disabled. After the execution of the application is completed, access to the second portion of the memory may be enabled. In some instances, the application may be verified to determine whether it is secure for utilization and/or distribution. When verification fails, the application may be deleted. | 12-08-2011 |
20110321178 | SYSTEM FOR AND METHOD OF DYNAMIC EXTENSION ASSIGNMENT - A system for and method of system for performing dynamic extension assignment is presented. In one exemplary embodiment, the method may comprise receiving, via a network, an extension assignment request associated with a network endpoint, identifying the network endpoint based on one or more properties of the network endpoint, applying one or more rules to identify an extension to be assigned to the network endpoint based on the one or more properties of the endpoint, and assigning the extension to the network endpoint. | 12-29-2011 |
20120005762 | SYSTEM AND METHOD FOR RENDERING CONTENT ASSOCIATED WITH A DIGITAL WORK - A method, system and software for permitting use of digital works having rights associated therewith in a system having repositories configured to enable use of the digital work in accordance with the rights, including associating a transfer right with a digital work, the transfer right specifying that the digital work is transferred from a first repository to a second repository; transferring the digital work from the first repository to the second repository in accordance with the transfer right; and in response to the transferring, step updating transfer right information in respect of the digital work. | 01-05-2012 |
20120005763 | SYSTEM AND METHOD FOR RENDERING CONTENT ASSOCIATED WITH A DIGITAL WORK - A method, system and software for permitting use of digital works having rights associated therewith in a system having repositories configured to enable use of the digital work in accordance with the rights, including associating a transfer right with a digital work, the transfer right specifying that the digital work is transferred from a first repository to a second repository; transferring the digital work from the first repository to the second repository in accordance with the transfer right; and in response to the transferring, step updating transfer right information in respect of the digital work. | 01-05-2012 |
20120005764 | Systems and Methods for Governing Content Rendering, Protection, and Management Applications - System and methods are disclosed for governing digital rights management systems and other applications through the use of supervisory governance applications and keying mechanisms. Governance is provided by enabling the supervisory applications to revoke access keys and/or to block certain file system calls, thus preventing governed applications from accessing protected electronic content. | 01-05-2012 |
20120011596 | SYSTEM AND METHOD OF PROTECTING DIGITAL MEDIA CONTENTS - A system and method of protecting digital media contents, which maintain compatibility with an existing system and block any attempt to illegally use the digital media contents having various formats, and which reduce a system load and maximize a possibility of reusing the digital media contents. The system includes a packager for analyzing a format of contents and encoding at least a portion of a data region located in a payload of the contents, and for generating encoded contents by inserting encoding information including at least one of an encoding key value and contents information into the contents; and a digital rights management (DRM) server for receiving a request for a license and the encoding information from an external device which receives the encoded contents, for confirming the encoding information and then generating a license which is used to decode the encoded contents, and for providing the generated license to the external device. | 01-12-2012 |
20120017287 | SYSTEM AND METHOD FOR PROVIDING INFORMATION ACCESS ON A PORTABLE DEVICE - A system and method of providing information stored in a memory is provided. The system comprises an information repository for storing information and an access module for providing access to the information in response to a predetermined operation performed on a man-machine interface. The method includes the steps of storing information in a memory and providing access to the information in dependence upon at least one predetermined operation. | 01-19-2012 |
20120023597 | MAGNETICALLY-IMPLEMENTED SECURITY DEVICES - Security devices and methods of securely coupling electronic devices and peripherals are provided. In one embodiment, a peripheral has a first coded magnet on a first surface of a first device. The first coded magnet has at least two different polarity regions on the first surface. A second coded magnet on a second surface of a second device is also provided. The first coded magnet is configured to securely provide data to a device associated with the second coded magnet, if the first and second coded magnets' patterns are keyed to one another. | 01-26-2012 |
20120030774 | Method For Encrypting And Embedding Information In A URL For Content Delivery - A method for accessing a remote network includes identifying a content server associated with the remote network, generating a uniform resource locator, embedding additional data in the uniform resource locator, encrypting the uniform resource locator, and accessing a server in the remote network identified by the uniform resource locator. The method further includes wherein the additional data comprises authentication data, a delivery session identification, a time stamp, or comprises subscriber identification data. The URL may provide access to the content server for a time period indicated by the time stamp. The method includes wherein at least the subscriber identification data prevents unauthorized sharing of the URL. | 02-02-2012 |
20120036585 | METHOD AND SYSTEM OF DETERRING UNAUTHORIZED USE OF MEDIA CONTENT BY DEGRADING THE CONTENTS WAVEFORM - In one embodiment, the present invention pertains to a method and system for deterring unauthorized use of media content in a computing system and network. In one embodiment, the invention comprises detecting an unauthorized use of the media content in a computing system or network, the media content having a characteristic digital waveform format and an associated indicator for indicating to a compliance mechanism an unauthorized use of the media content. On detecting an unauthorized use of the media content, the media content characteristic digital waveform format is degraded. In this embodiment of the invention, unauthorized use is non-compliance with a use restriction applicable to the presentation of the media content in the computing system or network. In accordance with this embodiment of the invention, the media content is rendered incomprehensible to an unauthorized user experiencing the media content, thereby likely deterring further unauthorized use of the media. | 02-09-2012 |
20120042395 | SYSTEMS AND METHODS FOR SECURE AGENT INFORMATION - Semantic information may be secured by an agent using one or more semantic security labels (e.g., security predicates). The agent may be configured to allow other agents to access the semantic information according to a set of semantically expressed policies, strategies, and/or rules. A request to receive information may be mapped to a negotiation policy of the agent. The agent may evaluate the request against a semantic information sharing policy. If the information is accessible under the information sharing policy, the information may be provided. If not, the agent may negotiate information sharing terms using the negotiation ontology, strategy, and rules. Similarly, the agent may request information from other entities. Terms of the information requests may be negotiated using the negotiation ontology, strategy, and rules. | 02-16-2012 |
20120042396 | Methods and Systems for Mobile Device Security - A method of securing a mobile wireless telecommunication device to restrict access to data stored in the device. The method including registering the device with a network-based server associated with a given user. In the event that the user wishes to restrict access to data stored on the device when the user does not have access to the device, but has access to an alternative communication device, the user is authenticated, via said alternative communication device, to an IP Multimedia Subsystem (IMS) network and, on the basis of such authentication, the user is allowed to access the server and send to the server an instruction to lock the mobile wireless telecommunication device. | 02-16-2012 |
20120072998 | Electronic Meeting Management System For Mobile Wireless Devices - A device management system includes a meeting support system that is configured to generate and transmit a plurality of electronic meeting invitations to a plurality of mobile wireless devices that correspond to a plurality of meeting participants and receive responses indicating whether the plurality of participants will attend the electronic meeting. The device management system receives identification data that identifies one or more documents or information that will be made available to the plurality of participants. The meeting support system determines whether the plurality of participants is authorized to access the one or more electronic documents or information. If any of the participants are not authorized to access any of the electronic documents or information, the meeting support system notifies the meeting organizer. The device management system may also include a meeting session management system that is configured to share information among the plurality of mobile wireless devices. | 03-22-2012 |
20120072999 | SYSTEM AND METHOD OF PROCESSING DOCUMENTS PROTECTED UNDER A DIGITAL RIGHTS MANAGEMENT SCHEME - A method of processing a document having digital rights management privileges may include receiving a document to be processed according a workflow. The received document may be associated with a license including one or more digital rights management (DRM) privileges. The method may include identifying one or more document production operations associated with the workflow and for each document production operation, determining whether the document production operation violates any of the DRM privileges associated with the document, in response to the document production operation violating one or more of the DRM privileges, assigning a first status to the document production operation, and in response to the document production operation not violating one or more of the DRM privileges, assigning a second status to the document production operation. The method may include automatically causing only document production operations to which the second status is assigned to be performed on the document. | 03-22-2012 |
20120079608 | SYSTEMS AND METHODS TO PROVIDE A SOFTWARE BENEFIT WHEN A CONSUMER OBJECT IS RECOGNIZED IN AN IMAGE - According to some embodiments, it may be recognized that a consumer has placed a consumer object, such as a toy or action figure, into a field of view of a camera (e.g., a video camera incorporated into a portable computer). A software benefit associated with the consumer object may then be automatically determined, and, responsive to the recognition and determination, it may be arranged for the consumer to receive that software benefit (e.g., in a virtual world). | 03-29-2012 |
20120079609 | METHOD FOR ESTABLISHING A PLURALITY OF MODES OF OPERATION ON A MOBILE DEVICE - A method, device and system for establishing plural modes of operation on a mobile device, including: associating each application on the mobile device with one of a plurality of modes; and restricting access to data on the mobile device to only a subset of applications based on the mode associated for the each application. A system includes connection of an untrusted device to a trusted device and restricting data access for restricted data to a subset of trusted applications on the untrusted device. | 03-29-2012 |
20120079610 | CONTENT MANAGEMENT PROGRAM, METHOD AND DEVICE - An encrypted content and its encryption key under a copy right use condition of prohibiting a copy by the device having received a content are stored, and the encrypted content is copy-transferred with another device through the network, and at the same time, the encryption key is transferred through the network, so that it is stored in either one of the devices. | 03-29-2012 |
20120084870 | APPARATUS AND METHOD FOR EMBEDDING AND EXTRACTING INFORMATION IN ANALOG SIGNALS USING DISTRIBUTED SIGNAL FEATURES AND REPLICA MODULATION - Apparatus and methods are provided for embedding or embedding digital data into an analog host or cover signal. A distributed signal feature of the cover signal in a particular domain (time, frequency or space) is calculated and compared with a set of predefined quantization values corresponding to an information symbol to be encoded. The amount of change required to modify the signal feature to the determined target quantization value is calculated and the cover signal is modified accordingly to so change the feature value over a predefined interval. Information symbols are extracted by the opposite process. In one embodiment, the predefined value is a short term auto correlation value of the cover signal. | 04-05-2012 |
20120090038 | ELECTRONIC IDENTIFICATION - A method may include forwarding, by a mobile device, a request for identification information associated with a user of the mobile device. The method may also include receiving, from an identification provider, the identification information, and displaying, by the mobile device, at least some of the identification information. | 04-12-2012 |
20120102576 | Scalable Memory Protection Mechanism - An apparatus to protect contents of a memory region is presented. In one embodiment, the apparatus includes a non-volatile memory, memory check logic to generate check values for protected memory regions, and comparison logic to compare stored check values from the non-volatile memory with generated check values from the memory check logic. The apparatus also includes security logic to prevent executing code in the protected memory regions if the comparison logic detects a mismatch between the stored check values and the generated check values. | 04-26-2012 |
20120102577 | INTEGRATING SECURITY PROTECTION TOOLS WITH COMPUTER DEVICE INTEGRITY AND PRIVACY POLICY - At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access. | 04-26-2012 |
20120102578 | CONTROLLING INTERACTION BETWEEN PROTECTED MEDIA - A method, server system, and computer program storage product are disclosed. At least a first unique identifier from a first remote processing system is received. The first unique identifier is associated with a first remote software package that is on the first remote processing system. The first unique identifier and a second unique identifier are compared. The second unique identifier is associated with a second remote software package that is on a second remote processing system. The first unique identifier indicates that the first remote software package is one of a parent and a child copy of a software package executable. The second unique identifier indicates that the second remote software package is one of a parent and a child copy of the software package executable. An operation of at least one of the first remote software package and the second remote software package is authorized based upon the comparing. | 04-26-2012 |
20120102579 | METHOD FOR CONTROLLING UNAUTHORIZED SOFTWARE APPLICATION USAGE - According to the present invention there is provided a method to ensure authorized usage of software, by creating and then verifying and validating with the software's registered information in the vendor's online server, at frequent intervals, software activation file and computer's motherboard id. | 04-26-2012 |
20120110680 | METHOD AND APPARATUS FOR APPLYING PRIVACY POLICIES TO STRUCTURED DATA - An approach is provided for applying privacy policies to structured data. A privacy policy management infrastructure receives a request for an exchange of structured data among a plurality of devices. The privacy policy management infrastructure determines one or more elements of the structured data. The privacy policy management infrastructure also determines one or more privacy policies corresponding to the structured data, respective ones of the one or more elements, or a combination thereof. The privacy policy management infrastructure further determines to apply the one or more privacy policies to the structured data, respective ones of the one or more elements, or a combination thereof when initiating the exchange. | 05-03-2012 |
20120110681 | SYSTEMS FOR EMAIL COMMUNICATIONS - Systems and methods are provided for email communications between senders and receivers. In accordance with one implementation, a computerized method is provided that allows composing an email by a sender in Send Location of Send City at Send Time through the sender's mobile device. In the implementation, in composing the email, the sender's company may monitor the sender's Send Location, without awareness of the sender. In addition, when composing the email, the GPS receiver included in the sender's mobile device may be configured to locate the Send Location. Moreever, to prevent the sender's realization that the sender is being monitored, the Send location may be included only as header information of the composing email of the composing email. | 05-03-2012 |
20120117664 | SYSTEM FOR SECURE WEB-PROMPT PROCESSING ON POINT OF SALE DEVICES - A point of sale system including at least one proxy server having an internet connection, a web browser operative to download web pages from the internet via the proxy server, and a real time user input limiting trusted computing base module communicating with the web browser and being operative to limit user input to the web pages in real time. | 05-10-2012 |
20120117665 | METHODS AND COMPUTER PROGRAM PRODUCTS FOR CONTROLLING RESTRICTED CONTENT - A method and computer program product for managing restricted content, such as confidential or classified content, using content signatures are provided. A registry is established within an indexed archive system for content signatures of restricted files. Participants enroll in the registry and submit content signatures of all their files to the registry. The registry compares the submitted content signatures to those stored previously in the registry. The registry initiates a control action whenever there is a match between a participant's content signature and a previously stored content signature of a file to which the participant does not have access rights. When there is no match, the participant retains access to the restricted file. | 05-10-2012 |
20120131685 | Mobile Posture-based Policy, Remediation and Access Control for Enterprise Resources - A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device. | 05-24-2012 |
20120137377 | METHOD AND SYSTEM FOR SAFEGUARDING DIGITAL OBJECTS CONSISTING OF DIGITAL ASSETS - Provided is a system and method for safeguarding digital objects consisting of digital assets. The system includes a unique identifier in each digital asset and a database with a record of each unique identifier, the database further structured and arranged to correlate at least two digital assets as distinctly related. A client is in communication with the database. The client is adapted to receive a subset of the digital assets and analyze each digital asset to determine the unique identifier embedded therein. The client is further adapted to query the database with the determined unique identifier to validate each digital asset, the validation further including confirmation of distinctly related digital asset received. An associated method is also provided. | 05-31-2012 |
20120144502 | DIRECTORY SERVICE DISTRIBUTED PRODUCT ACTIVATION - In some embodiments, an activation object used to activate a software product is stored in a directory service. The activation object may, for example, comprise a proof of purchase token and/or information about the directory service, and may be communicated from the directory service to a client computer after the directory service authenticates a request from a client computer for access to the activation object. In some embodiments, a directory service is interrogated for an activation object used to activate software on a client computer. A client computer may, for example, receive an activation object from the interrogated directory service, and use the received activation to object to activate a software product on the client computer. In some embodiments, a non-transitory computer-readable medium has instructions stored thereon that, when executed by a computer, cause the computer to interrogate a directory service for an activation object used to activate software on the computer. The computer may, for example, receive the activation object from the directory service, and use the received activation object to activate a software product. | 06-07-2012 |
20120185951 | METHOD AND APPARATUS FOR MEDICAL INFORMATION ENCRYPTION - Provided is an apparatus, system and method for protecting medical output to be stored on a portable computer-readable medium. Access to the medical output is restricted and a key is established to grant access to the medical output stored on the portable computer-readable medium. An identifier is assigned to the portable computer-readable medium and stored on both the portable computer-readable medium and a computer memory. The medical output is stored on the portable computer-readable memory, and access to the medical output on the portable computer-readable medium is restricted, requiring the key for accessing and viewing the medical output. The key is also stored in the computer memory and a relationship associating the identifier with the key is established to enable identification of the key with knowledge of the identifier. A security utility and a medical presentation utility can also be stored on the portable computer-readable medium. The security utility and medical presentation utility can be executable by the user computer to grant access to, and present the medical output on the portable computer-readable medium to the intended recipient in response to entry of the key. | 07-19-2012 |
20120185952 | CONTEXT AWARE DATA PROTECTION - A method, for context aware data protection is provided. Information about an access context is received in a data processing system. A resource affected by the access context is identified. The identification of the resource may include deriving knowledge about resource by making an inference from a portion of contents of the resource that the access context affects the resource, making an inference that the access context affects a second resource thereby inferring that the resource has to be modified, determining that the access context is relevant to the resource, or a combination thereof. The resource is received. A policy that is applicable to the access context is identified. A part of the resource to modify according to the policy is determined. The part is modified according to the policy and the access context to form a modified resource. The modified resource is transmitted. | 07-19-2012 |
20120192292 | CATEGORIZED CONTENT SHARING, IDENTICAL CONTENT MAINTANANCE AND USER PROTECTION IN A PEER-TO-PEER NETWORK - Methods and apparatus for sharing content between devices over a peer-to-peer (P2P) network without servers. The content is distributed to all the devices connected to the network. The distributed content may be identical and/or categorized. The content may be marked with a trust rating, and a user is enabled to both report and delete inappropriate/defective content and also report trusted content. A user may also be protected from using inappropriate/defective/non-trusted content and may prevent re-sharing of such content by other users. | 07-26-2012 |
20120198568 | Security Classification Applying Social Norming - An embodiment of the invention provides a method for security classification applying social norming. More specifically, content is received from a user via an interface; and, a data repository connected to the interface stores the content. A portal connected to the data repository identifies an attempt to access the content from a non-user. A program processor connected to the portal determines whether the content includes a security classification. When the content does not include a security classification, a communications module connected to the program processor sends an alert to the user. The alert includes a request to assign a security classification to the content. When the content includes a security classification, the communications module sends a message to the user, wherein the message includes a request to verify the security classification. | 08-02-2012 |
20120198569 | ASSOCIATED WITH ABNORMAL APPLICATION-SPECIFIC ACTIVITY MONITORING IN A COMPUTING NETWORK - Embodiments herein disclosed provide for computer network security and, more specifically, monitoring application-based access to secure data and monitoring predetermined actions conducted on applications to determine abnormal access or abnormal actions. Specific embodiments of the invention provide for improved database which implements time period-structured tables and file directories. Such structuring of the database provides for automated data purging, backing-up of data and data recovery. Additional embodiments provide for tracking data attributes related to the monitored data, such as the quality of the monitored data, the quality of the monitored data and the origin of the monitored data. In addition, embodiments provide for validating the source of the monitored data to assure that data is received from a valid application. | 08-02-2012 |
20120198570 | Geo-Enabled Access Control - Aspects described herein provide methods and systems that monitor mobile data processing devices used for remote access to a computer network or system, and allowing or preventing access to the computer system or network based at least in part on a determined geographical location of the mobile device. Different datasets stored on the network or system might have different geographical limitations associated with each. Different users also might have different geographic access limitations for the same dataset. User location may be based on GPS information associated with the device from which the user is attempting access, based on Wi-Fi, triangulation, or the like, or may be based on a photograph taken by the remote access device contemporaneously with the access request. | 08-02-2012 |
20120198571 | DIGITAL WORKS HAVING USAGE RIGHTS AND METHOD FOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party. | 08-02-2012 |
20120216300 | METHOD AND CLIENT AGENT FOR MONITORING THE USE OF PROTECTED CONTENT - A method and apparatus are provided for controlling use of content protected with a digital rights management license which contains conditions for the use. When a request to use the content is received by a client agent controlling the use of the content, the conditions of use are checked. Within this check, a determination is made that the use of the content is conditional upon an obligation to perform a parental control operation on the content. A request for authorization to use the content is then transmitted from the controlling client agent to a parental control management module. After a parental control operation has been performed on the content by the parental control management module, the agent receives a result of the parental control operation. If the result is negative, a denial of use of the content is notified in response to the request to use the content. | 08-23-2012 |
20120222136 | ACCESS MANAGEMENT SYSTEM AND ACCESS MANAGEMENT METHOD - An SE unit holding service data used by an application is provided in a UIM card. Thus, when the UIM card is transferred between portable terminals, service data and accompanying information of the application can be moved together with the UIM card to another portable terminal. In addition, an access management unit included in a portable terminal compares UIM information of a UIM information storage unit with UIM information, held by an authority information holding unit, of a UIM card of which use authority is possessed by an application. If they do not agree, access to service data stored in the SE unit is restricted. | 08-30-2012 |
20120222137 | Validating the Origin of Web Content - Described herein is a technique of protecting users against certain types of Internet attacks. The technique involves obtaining certificates from visited web sites and qualifying communications with those web sites based on the content of the certificates. | 08-30-2012 |
20120222138 | Methods, Systems & Products for Distributing Digital Content - Methods, systems, and products distribute digital content based on digital rights license. A digital file may be fragmented into a plurality of unusable fragments. Each unusable fragment is separately unusable. Each unusable fragment may be tagged with a tag to generate tagged unusable fragments. The digital rights license is generated based on the tag, such that the tagged unusable fragments may be reassembled into the digital file. | 08-30-2012 |
20120227115 | LICENSE MANAGEMENT PLATFORM APPARATUSES, METHODS AND SYSTEMS - The LICENSE MANAGEMENT PLATFORM APPARATUSES, METHODS AND SYSTEMS (“LMP”) transform content seed selections and recommendations via LMP components such as discovery and social influence into events and discovery of other contents for users and revenue for right-holders. The LMP may detect a request to engage a universally resolvable media content (“URMC”) item. The LMP may obtain an expiration date for a URMC license token associated with the URMC item and may determine whether the license token is expired. The LMP may facilitate discarding of a license key associated with the expired license token and may deny the request to engage the URMC item with the associated expired license token. The LMP may provide a request for an updated token and requisite credentials for the updated token, obtain a response including an updated token and facilitate engaging of the requested URMC item with an associated valid updated token. | 09-06-2012 |
20120227116 | IMPLEMENTING BROWSER BASED HYPERTEXT TRANSFER PROTOCOL SESSION STORAGE - A computer implemented method, apparatus, and computer usable program product for managing session data. The process determines whether preexisting session data associated with a request for content is present in response to receiving the request. Responsive to an absence of the preexisting session data being associated with the request, the process generates session data associated with the request. The process then generates a response page having a set of forms including a set of hidden fields. The set of hidden fields include the session data. Thereafter, the process sends the response page to a client browser. | 09-06-2012 |
20120233706 | System and Method for Secure Licensing for an Information Handling System - Systems and methods for reducing problems and disadvantages associated with traditional approaches to secure licensing for an information handling system are provided. In accordance with additional embodiments of the present disclosure, a method may include: (i) booting an information handling system to an operating system stored on a memory of a secure licensing device coupled to a port of the information handling system; (ii) establishing a secure wireless network connection between the secure licensing device and a licensing server; (iii) retrieving information regarding one or more hardware components of the information handling system; (iv) retrieving a license key for a software program associated with information handling system from the licensing server; (v) generating a unique marker binding the license key to the one or more hardware components; and (vi) storing the unique marker on the information handling system. | 09-13-2012 |
20120233707 | DIGITAL WORKS HAVING USAGE RIGHTS AND METHOD FOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party. | 09-13-2012 |
20120233708 | System and Method for Unlocking Content Associated with Media - There is presented a system and method for unlocking a content associated with media. In one aspect, the method comprises identifying the media, generating an authentication key using at least one key data from a set of key data contained in the media, determining an address in the media of at least one content unit corresponding respectively to each of the at least one key data used to generate the authentication key; requesting the at least one content unit by providing the address; receiving user data in response to the requesting; comparing the user data with the at least one key data used to generate the authentication key; and unlocking the content associated with the media if the user data matches the authentication key. | 09-13-2012 |
20120233709 | DIGITAL WORKS HAVING USAGE RIGHTS AND METHODFOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party. | 09-13-2012 |
20120233710 | DIGITAL WORKS HAVING USAGE RIGHTS AND METHOD FOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party. | 09-13-2012 |
20120233711 | DIGITAL WORKS HAVING USAGE RIGHTS AND METHOD FOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party. | 09-13-2012 |
20120233712 | Method and Device for Accessing Control Data According to Provided Permission Information - A method and device for accessing control data SD according to provided permission information RI, wherein a virtual engine VM is generated according to the provided permission information RI that serves to access the control data SD. As a result, a user can access control data SD solely via the virtual engine VM, thus ensuring that the user does not receive any access permission to the control data SD that are not described in the permission information RI. | 09-13-2012 |
20120255038 | Dual Trust Architecture - Mechanisms for executing a software routine in an application executing as a multi-user single address space subsystem in an operating environment having a trusted mode of operation for trusted routines and a reduced-trust mode of operation for untrusted routines. The application includes a control module for execution as a trusted routine and a trusted routine table including identifiers of trusted routines. The control module performs switches between a trusted mode of operation for execution and a reduced trust mode of operation based on various determinations regarding the nature of a calling routine being trusted or untrusted, a call stack, and whether the calling routine is being restored or not from the call stack. | 10-04-2012 |
20120266259 | APPROACHES FOR FIRMWARE TO TRUST AN APPLICATION - Techniques for determining whether firmware should trust an application sufficiently so as to provide a service to the application. Firmware, executing on a device, receives an indication that an application, also executing on the device, is requesting a service provided by the firmware. The firmware obtains (a) an operating system signature associated with the application and (b) a firmware signature associated with the application. The operating system signature is a signature that is used by the operating system, executing on the device, to authenticate the application, while the firmware signature is a signature that is used by the firmware to authenticate the application. If the firmware determines that the operating system signature matches the firmware signature, then the firmware storing trust data that permits the application to access the service provided by the firmware. The firmware need not calculate a signature based on the in-memory image of the application. | 10-18-2012 |
20120272338 | UNIFIED TRACKING DATA MANAGEMENT - Methods and apparatuses that collect tracking data items into a plurality of data stores for one or more domain in response to resources received from the domains are described. Each tracking data item may be accessible for one of the domains. Relationships of the domains may be identified among the tracking data items across multiple data stores according to the resources received. One or more of the domains may be selected according to the identified relationships to control accessibility of the tracking data items for the domains. The data stores may be updated to prohibit accessing at least a portion of the tracking data items for the selected domains. | 10-25-2012 |
20120272339 | METHOD AND SYSTEM FOR ACCESSING PASSWORD-PROTECTED DATA ON A DEVICE - A password is stored to be associated with a sender sending data for exploitation on a network-connected device associated with a user. Password-protected data is received from the sender via a network connection. The password-protected data is automatically retrieved to access the password-protected data and the accessed data is sent via network connection to a device associated with the user. | 10-25-2012 |
20120284807 | Method of Producing and Distributing Copyrighted Content - The present disclosure teaches methods for producing and distributing content through a network in a way that is practicable and economical for both the owners of the content and the delivery service providers. The present disclosure teaches methods of using content to drive multiple revenue streams from a website that distributes such content. | 11-08-2012 |
20120291142 | METHOD AND APPARATUS FOR PROVIDING DRM SERVICE - Methods and apparatus are provided for providing a DRM service by a user terminal apparatus consuming DRM content in a service environment that provides the DRM content using a plurality of incompatible DRM systems. A license corresponding to the DRM content is acquired from a service providing apparatus that provides the DRM content. It is determined whether the license is a common license having a common DRM interface format. The common DRM interface format of the common license is converted to a format of a first DRM system installed in the user terminal apparatus, when the license is the common license. The license having the format of the first DRM system is applied in reproducing the DRM content. The common license is provided from the service providing apparatus to the user terminal apparatus through a common DRM interface when the service providing apparatus does not support the first DRM system. | 11-15-2012 |
20120291143 | INFORMATION PROCESSING APPARATUS - According to an embodiment, an information processing apparatus stores user information including user attribute information and stores accessibility information indicating whether a use of the user attribute information is allowed, for each piece of user attribute information and each attribute value. The apparatus receives, from a server, a program for access to the user information, analyzes the program to extract the user attribute information to be used, and determines whether the use of the attribute value of the user attribute information is allowed by using the accessibility information of the extracted user attribute information. When the determination is negative, the apparatus does not execute the program to deny access to the attribute value of the user attribute information from the program, but when the determination is positive, the apparatus executes the program to allow access to the attribute value of the user attribute information from the program. | 11-15-2012 |
20120291144 | SYSTEM AND METHOD FOR PRIVACY PROTECTION USING IDENTIFIABILITY RISK ASSESSMENT - A risk assessment system and method includes an information system configured to disclose information to a third party. A risk determination model is configured to compute identifiability risk for on one or more records in storage. The identifiability risk is compared to a threshold prior to being disclosed wherein the information system is informed of the identifiability risk exceeding the threshold prior to disclosure to the third party. | 11-15-2012 |
20120304315 | METHOD AND APPARATUS FOR MANAGING DIGITAL RIGHTS OF SECURE REMOVABLE MEDIA - A terminal for managing digital rights of a memory card inserted into the terminal and has a processor and a memory, the digital rights allowing the terminal to access digital contents. The terminal includes a processor configured to manage a digital rights and to exchange information with the memory card, the information including a terminal ID and a memory card ID; perform a mutual authentication procedure with the memory card; receive, from a contents provider, a trigger message which indicates to the terminal that a digital rights for the memory card is prepared in the contents provider; if a parameter included in the trigger message does not indicate the memory card, perform a procedure for obtaining a digital rights for the terminal; and if a parameter included in the trigger message indicates the memory card, perform a procedure for requesting a digital rights for the memory card. | 11-29-2012 |
20120304316 | Validating Access to a Group of Related Elements - A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context. | 11-29-2012 |
20120311727 | SYSTEM AND METHOD FOR CONTROLLING THE USE OF A DIGITAL WORK IN ACCORDANCE WITH USAGE RIGHTS ASSOCIATED WITH THE DIGITAL WORK - Methods, apparatus, and media for controlling the use of a digital work in accordance with usage rights associated with the digital work. An exemplary server-side method comprises storing a description file associated with a content file of a digital work, the description file including usage rights for the content file, the usage rights indicating a permitted use for the content file of the digital work, communicating with a rendering device, receiving a request to render the content of the digital work originating from the rendering device, processing the request to render including enforcing the usage rights by granting or rejecting the request to render in accordance with the usage rights, and performing closing transaction steps upon detecting that the rendering device has finished rendering the content of the digital work. | 12-06-2012 |
20120324591 | SYSTEM AND METHOD TO PROTECT A RESOURCE USING AN ACTIVE AVATAR - A data source owner in a computing system protects that source via a “virtual” or surrogate entity or “avatar.” The entity is an object whose presence in the system is human-like, and it is given the specific task of protecting the data source for the owner. The avatar is associated with (or defined by) a non-human userid that has the same accesses and privileges of all (or defined) users, user groups and other resources that have access to the data source to be protected. During an initial setup, one or more actions to be performed by the non-human userid upon an occurrence of an actionable event with respect to the data source are specified, and a “baseline” associated with the data source is determined. Following setup, a monitor process is executed under the non-human userid, and this process records one or more accesses to the data source. Periodically, or upon a given occurrence, the monitor process spawns one or more ancillary processes to determine whether an actionable event has been triggered. If the avatar's monitoring efforts indicate an actionable event (such as an access violation), an action as defined in an action matrix is taken. The action typically includes reporting to the data source owner and, optionally, a security administrator, and restricting access to the data source. | 12-20-2012 |
20120324592 | SYSTEM AND METHOD FOR FLEXIBLE SECURITY ACCESS MANAGEMENT IN AN ENTERPRISE - Some embodiments provide a method and system for flexibly managing access to enterprise resources. To flexibly manage security, some embodiments secure the enterprise resources and provide a security access manager (SAM) to control access to the secured resources. The SAM controls access to the enterprise and the secure resources through one or more configurable management modules of the SAM. Each management module of the SAM is configurable to facilitate control over different security services of an enterprise security hierarchy (e.g., authentication, authorization, role mapping, etc.). Specifically, each management module is configurable to leverage security services that are provided by different security systems. In some embodiments, the management module is configured to interface with one or more adapters in order to establish the interfaces, logic, and protocols necessary to leverage the security functionality of such security systems. | 12-20-2012 |
20120331571 | SYSTEM AND METHOD OF MANAGING MULTIPLE LEVELS OF PRIVACY IN DOCUMENTS - There is provided a method and system to manage multiple levels of privacy in a document having a plurality of elements. In accordance with the method, a selection of a first element in the document is received. The first element is tagged with a selected first privacy level of a hierarchical privacy level list. The list includes a plurality of hierarchical levels of privacy associated with a controlling authority. A selection of a second element in the document is received. The selected second element is tagged with a selected second privacy level of the hierarchical privacy level list. | 12-27-2012 |
20120331572 | METHOD AND APPARATUS FOR IDENTIFYING AND CHARACTERIZING ERRANT ELECTRONIC FILES - A computer system includes a server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory. The file identification application provides the functions of: (1) selecting a file stored in said memory; (2) generating a unique checksum corresponding to the stored fire; (3) comparing said unique checksum to each of a plurality of previously generated checksums, wherein the plurality of previously generated checksums correspond to known errant files; and (4) marking the file for deletion from the memory if the unique checksum matches one of the plurality of previously generated checksums. | 12-27-2012 |
20130007900 | HIDING A CONTACT FIELD ON A WIRELESS HANDSET - A wireless handset configured to hide contact information fields associated with selected contacts is described. The wireless handset comprises a processor, a display, and a handset memory. The processor stores a list of contact entries on the handset memory. Each contact entry comprises a plurality of contact information fields. A user may select one or more of the contact entries to lock. The list is updated such that the contact information content of at least one contact information field is hidden when the locked contact entry is shown on the handset display. Additionally, a method for displaying contact entries on a wireless handset with one or more contact information fields hidden is described. | 01-03-2013 |
20130007901 | Concurrent web based multi-tasks support for computer system - The traditional web based computing system did no support user space multitasking, therefore, if a task is submitted by a user from a web browser window via a user interface (“UI”), the user has to wait the task to be completed before the user can submit another task. Thus the web browser window will experience being blocked or hanged and the user can not do anything but wait. A method is disclosed herein for controlling each user initiated task to be run in background of the web based computing system for solving such problem. | 01-03-2013 |
20130007902 | Apparatus for Selecting and Displaying a File Associated with a Current Geographic Location - An apparatus includes a storage device, a position comparison processor coupled to the at least one storage device, and a display coupled to the position comparison processor. A plurality of files is stored on the storage device, wherein each file contains at least one item of confidential information and wherein a geographic location of use is associated with the file. The position comparison processor compares a current geographic location with each of the geographic locations of use associated with the plurality of files and the display displays contents of a selected file, wherein the geographic location of use associated with the selected file matches the current geographic location. | 01-03-2013 |
20130014286 | METHOD AND SYSTEM FOR MAKING EDRM-PROTECTED DATA OBJECTS AVAILABLE - A method and a system make EDRM-protected data objects available to users. Access rights to an EDRM-protected data object are produced depending on partial access rights to at least one or more data objects, which data objects are contained in the respective EDRM-protected data object. The access rights to the EDRM-protected data object are calculated by a client computer of the user using an access right differentiation function depending on the partial access rights which are made available by different EDRM servers. A data object key of the EDRM-protected data object is calculated by the client computer of the user using a key differentiation function depending on partial keys which are made available by the different EDRM servers. | 01-10-2013 |
20130014287 | MEASUREMENT DATA MANAGEMENT METHOD AND MEASUREMENT DATA MANAGEMENT SYSTEM - Remote meter reading terminal devices | 01-10-2013 |
20130019323 | Methods, Secure Element, Server, Computer Programs and Computer Program Products for Improved Application ManagementAANM Arvidsson; PetterAACI BrommaAACO SEAAGP Arvidsson; Petter Bromma SEAANM Eld; MattiasAACI SpangaAACO SEAAGP Eld; Mattias Spanga SE - It presented a method, performed in a secure element, the secure element being arranged to enable user applications of the secure element to verify authenticity of incoming user application commands. The method comprises the steps of: receiving a command from a secure element reader for a user application on the secure element, the command comprising an application identifier of the user application; determining whether there is a matching user application in the secure element; invoking the matching user application; and establishing, when there is an absence of any matching user applications, a communication channel with a remote application manager server and sending an absent user application message to the application manager server indicating that the user application has been requested on the secure element. A corresponding secure element, method for an application manager server and application manager server are also presented. | 01-17-2013 |
20130024951 | Method and Device for Imposing Usage Constraints of Digital Content - A method for imposing one or more usage constraints on digital content, the method comprising communicating a digital content data item to a digital content receiver system; wherein the digital content data item includes the digital content and a usage constraint data item different from a digital license data item, or a reference to said usage constraint data item, the use case item being indicative of the one or more usage constraints. | 01-24-2013 |
20130036480 | SYSTEM AND METHOD FOR SHARING OF DATA SECURELY BETWEEN ELECTRONIC DEVICES - A system for securely sharing data and conducting transactions in an electronic environment. The system may include a personal information device having a processor, memory and biometric sensor. Personal data is stored in the memory of the personal information device. The personal information device may be registered with a centralized system. Data stored on the personal information device may be uploaded to an access device upon verification of a user's identity using a biometric recognition technique. | 02-07-2013 |
20130047271 | Author Authorization of Electronic Works - Described is a system, device and method for granting rights or authorizing access to or delivery of a second, subsequent or other electronic copy of an author's work to consumers and others who have previously purchased a copy of the same or other author's work. The second copy of the work is for use on or through a consumer device such as a second consumer device that is also owned by the consumer who purchased or leased a first copy of the first work. An authentication credential or proof of purchase provides the system a means to determine if authorization may be granted for an electronic copy of an author's work. | 02-21-2013 |
20130055411 | APPARATUS AND METHOD FOR CONTROLLING PERMISSIONS IN MOBILE TERMINAL - A mobile terminal and a method for preventing leakage of information and unauthorized use of resources is provided. The mobile terminal includes a monitoring unit to receive an application execution request and to generate an authority request for the application, a setting unit to determine whether the application execution request corresponds to a set permission limitation, and a processor to apply the permission limitation to the application according to the set permission limitation. The method includes receiving a request to execute an operation of the application, generating an authorization request for the application, determining whether the application corresponds to a set permission limitation stored in a data storage, and applying a permission limitation to the application according to the set permission limitation. | 02-28-2013 |
20130055412 | DATA SECURITY AUTHENTICATION SYSTEM AND RELATED MULTI-FUNCTION MEMORY CARD AND COMPUTER PROGRAM PRODUCT - A multi-function memory card is disclosed including: a memory card interface for coupling with a memory card connection port of a terminal device; a storage module for storing one or more specific files transmitted from the terminal device; a protocol converter for retrieving the one or more specific files from the storage module and extracting data contained in the one or more specific files; and a smart card module for conducting an operation on extracted data from the protocol converter using a private key to generate one or more response data and transmitting the one or more response data to the protocol converter; wherein the protocol converter converts the one or more response data into one or more response files and writes the one or more response files into the storage module so that the one or more response files are accessible by the terminal device. | 02-28-2013 |
20130055413 | System and Method of Managing Protected Video Content - A method includes inspecting a packet stream sent from a set-top box device via a network. The packet stream includes video content that is divided into a plurality of subsections. The method includes generating a plurality of signatures by applying a wavelet transform to each of the plurality of subsections, and determining a match between the video content and protected video content based at least in part on a comparison of the plurality of signatures to one or more stored signatures generated based on the protected video content. | 02-28-2013 |
20130055414 | DOWNLOAD TERMINAL, AND CONTENT UTILIZATION SYSTEM - A download terminal acquires and stores a content from a content server, acquires from a license server, a writing-out license including a use condition for writing out of the content to an exchangeable medium and writes out the content to the exchangeable medium according to the writing-out license. The writing-out license includes a pack identifier given to a content group to which the content belongs, and viewing term information of the content, as the use condition. The download terminal determines based on the viewing term information, a viewing time limit of the content to be written out, and synchronizes a viewing time limit of other content having a same pack identifier as that of the content. | 02-28-2013 |
20130061336 | STANDING ORDER DATABASE SEARCH SYSTEM AND METHOD FOR INTERNET AND INTRANET APPLICATION - An internet and/or intranet based system and method for limiting access to confidential records to properly authorized and authenticated parties. The system's central premise is that the person to whom such records pertain should control access rights through specific, informed consent. It reinforces the widely held conception of privacy in general, while also providing an expedited and cost efficient means to find and transfer confidential records. It also gives the repositories where these records are held the right to stipulate the specific terms and conditions that must be fulfilled before they will release documents. And it carries out all of these legitimate interests in a way that is fast, simple to use and easy to audit. The system optionally includes a billing mechanism to pay for any added cost associated with providing this additional protection; and in its preferred embodiment, is applicable to both digital as well as non-digital records. | 03-07-2013 |
20130061337 | SECURING SHIPMENT INFORMATION ACCESSED BASED ON DATA ENCODED IN MACHINE-READABLE DATA BLOCKS - Example embodiments provide a Shipment Preparation System (“SPS”), which facilitates the preparation of shipments, such as by producing shipping labels. In one embodiment, the SPS is configured to receive shipment preparation information from a bar code or other machine-readable data block in a packing list. The shipment preparation information identifies a uniform resource identifier (“URI”) that identifies a code module that is remote from the SPS. The shipment preparation information and/or the URI further includes an access token. The SPS then uses the URI to communicate with the code module in order to access shipment information (e.g., to read a read a shipping address, to store an indication that a shipment is ready for pick up). The code module restricts access to the shipment information based on the access token, such as by only allowing a limited number or duration of access via the token. | 03-07-2013 |
20130067600 | SELECTIVE FILE ACCESS FOR APPLICATIONS - Methods, systems, and computer program products are provided for enabling selective file system access by applications. An application is installed in a computing device. An application manifest associated with the application is received. The application manifest indicates one or more file types that the application is allowed to access. The indicated file type(s) are registered in a location accessible by a broker service. The application is launched as an application process. The application process is isolated in an application container. The application container prevents direct access by the application process to file system data. An access request related to first data of the file system data is received at the broker service from the application process. Access by the application process to the first data is enabled when the broker service determines that a file type of the first data is included in the registered file type(s). | 03-14-2013 |
20130067601 | GENERATING DEVELOPER LICENSE TO EXECUTE DEVELOPER APPLICATION - One or more techniques and/or systems are disclosed for generating a developer license that allows a developer application to run on developer machine. A user identification (userID) used to register a user can be used by the user to register as a developer. The userID can be authenticated for the registered developer. Further, a machine used by the developer for the developer application can be registered, and a resulting hardware identification (hardwareID) can be authenticated for the registered developer machine. Additionally, a developer certificate can be generated for the registered developer. The developer certificate can be authenticated and used to sign the developer application. The developer license can be generated for the developer, allowing the developer machine to execute the developer application, based at least upon the authenticated userID, the authenticated hardwareID, and the authenticated developer certificate. | 03-14-2013 |
20130074198 | METHODS AND SYSTEMS TO FINGERPRINT TEXTUAL INFORMATION USING WORD RUNS - The present invention provides methods and systems to enable fast, efficient, and scalable means for fingerprinting textual information using word runs. The present system receives textual information and provides algorithms to convert the information into representative fingerprints. In one embodiment, the fingerprints are recorded in a repository to maintain a database of an organization's secure data. In another embodiment, textual information entered by a user is verified against the repository of fingerprints to prevent unauthorized disclosure of secure data. This invention provides approaches to allow derivative works (e.g., different ordering of words, substitution of words with synonyms, etc.) of the original information to be detected at the sentence level or even at the paragraph level. This invention also provides methods and systems for enhancing storage and resource efficiencies by providing approaches to optimize the number of fingerprints generated for the textual information. | 03-21-2013 |
20130091588 | METHOD AND APPARATUS FOR IMPROVED DIGITAL RIGHTS MANAGEMENT - A method and apparatus for improved digital rights management is provided. | 04-11-2013 |
20130104249 | Verification Of Integrity Of Peer-Received Content In A Peer-To-Peer Content Distribution System - Structures and methods are disclosed for verifying integrity of peer-supplied content in a peer-to-peer content distribution system, for example, to verify that content supplied from a sending peer node to a receiving peer node corresponds to the content that was requested by the receiving node. | 04-25-2013 |
20130104250 | ELECTRONIC DEVICE FOR PROTECTING DATA - An electronic device generates an access signal according to user input. The electronic device includes a processor, a key circuit to generate a key signal according to press of the user, a storage unit to store data, a clock generator circuit to generate a clock signal, and a protection circuit. The protection circuit generates an enable signal or a disable signal according to the key signal and the clock signal to control the storage unit to unlock or lock, and transmits the access signal to the storage unit to access the data. | 04-25-2013 |
20130104251 | SECURITY SYSTEMS AND METHODS FOR USE WITH STRUCTURED AND UNSTRUCTURED DATA - Disclosed herein are systems and methods including hardware, software and electronic service components and systems to provide large-scale, reliable, and secure foundations for distributed databases and content management systems combining unstructured and structured data, and allowing post-input reorganization to achieve a high degree of flexibility. | 04-25-2013 |
20130111610 | TEMPORALLY CONTROLLING ACCESS TO SOFTWARE ASSETS ON USER DEVICES | 05-02-2013 |
20130117864 | AUTHENTICATION SYSTEM - An authentication system includes: a host device; a storage device which is electrically connected to the host device through a first interface and which is configured to store contents; and an authentication device which is electrically connected to at least one module included in the storage device and which is configured to store copy protection information for the contents. | 05-09-2013 |
20130117865 | MESSAGE CONTROL SYSTEM FOR A PORTABLE DEVICE - A message control system for a portable device that communicates through a link with a packet switched network. Integrated sensors in the portable device are configured to generate speed data. The system comprises a message manager that logs when and where messages are received, monitors the speed data, and uses the data to determine if an incoming message is authorized. If the message is authorized it is displayed on the portable device, and if it is not authorized the system sends an outgoing message over the network link indicating that the incoming message is not authorized. | 05-09-2013 |
20130117866 | METHOD AND SYSTEM FOR SECURING ACCESS TO CONFIGURATION INFORMATION STORED IN UNIVERSAL PLUG AND PLAY DATA MODELS - A method and system for securing access to configuration information stored in universal plug and play data models are provided. The method includes receiving a request to operate on at least one node of a data model from a Control Point (CP), where the data model includes a plurality of nodes and each of the plurality of nodes represents configuration information, determining a role associated with the CP, determining whether the role of CP is in a recommended role list, allowing, if the role is present, the CP to operate on the at least one node, and determining, if the role is not present, whether the CP has a role appropriate for operating on the at least one node based on ACL data associated with the at least one node. Accordingly, the CP is allowed to operate on the at least one node or an error message is returned on a display of the CP. | 05-09-2013 |
20130125249 | Remote Access Control Of Storage Devices - An access control device can be communicationally coupled to a storage device and can control access thereto. The access control device can comprise information, such as identities of authorized entities, to enable the access control device to independently determine whether to provide access to an associated storage device. Alternatively, the access control device can comprise information to establish a secure connection to an authorization computing device and the access control device can implement the decisions of the authorization computing device. The access control device can control access by instructing a storage device to execute specific firmware instructions to prevent meaningful responses to data storage related requests. The access control device can also comprise storage-related cryptographic information utilized by the storage device to encrypt and decrypt data. In such a case, the access control device can control access by not releasing the storage-related cryptographic information to the storage device. | 05-16-2013 |
20130152219 | ELECTRONIC DEVICE WITH FILE LOCKING FUNCTION AND METHOD THEREOF - An electronic device includes a data storage, a display unit, and a processing unit. The data storage stores a plurality of files. The display unit is operable to display drawing interfaces. The electronic device selects a file requiring locking, activates a drawing tool to generate the drawing interface in response to an file locking operation, records an image file drawn by the drawing tool as a locking password following a drawing operation on the drawing interface, and associates the file with the locking password to lock the file. | 06-13-2013 |
20130152220 | Method, Apparatus and System for Software Management - A method, apparatus and system are disclosed for software management, relating to the technical field of communications, and allowing software installed on a UPnP device by a service provider to be managed only by that service provider. The method comprises: receiving a software installation command sent by a first control device, installing software according to the software installation command and storing a first authentication information required during management of the software; receiving a software management command sent by a second control device, and acquiring a second authentication information corresponding to the software management command, which command is used in managing the software; when the second authentication information is consistent with the first authentication information, executing the software management command. | 06-13-2013 |
20130160146 | STARTUP TIMES OF STREAMING DIGITAL MEDIA PLAYBACK - Techniques are provided for streaming digital media content. In one embodiment, metadata associated with a digital media content title is retrieved prior to receiving any user request to play the digital media content title. Upon receiving a user request to play the digital media content title, a license is requested based on the retrieved metadata. Upon receiving the license, streaming playback of digital media content title begins. | 06-20-2013 |
20130160147 | PROTECTED APPLICATION PROGRAMMING INTERFACES - Mechanisms are provided to allow particular parties and applications access to protected application programming interfaces (APIs) without the use of security domains. Trusted parties and applications may have access to protected APIs while unfrosted parties and applications may be restricted to a more limited set of APIs. Public keys associated with individual applications that are used to enforce licensing policies can be repurposed for use in a verification process to prevent unauthorized access to APIs. A credential storage manager can be used to maintain permission and certificate information. An application authorization manager may access credential storage and maintain trusted application information. | 06-20-2013 |
20130160148 | SYSTEMS, METHODS, AND PROGRAM APPLICATIONS FOR SELECTIVELY RESTRICTING THE PLACESHIFTING OF COPY PROTECTED DIGITAL MEDIA CONTENT - Systems, methods, and program products are provided for selectively restricting the transmission of copy protected digital media content from a computer system, over a network, and to a remote display. In one embodiment, a method includes the steps of capturing digital media content rendered on the local display by a media player application executed by the computer system; determining whether the media player application is accessing copy protected digital media content; and, if the media player application is not accessing copy protected digital media content, converting the captured digital media content to a media stream and transmitting the media stream over a network for presentation on a remote display. | 06-20-2013 |
20130167254 | Universal Serial Bus Shield - A system for thwarting malicious malware attacks on computing devices potentially introduced by flash drives and similar universal serial bus (“USB”) devices. The system disclosed herein includes a USB shield that treats both a hosting computer and a newly inserted USB device with appropriate caution and monitors interactions between the host and the device based on its own logic. In some embodiments, the USB shield is configured independently of its intended host or intended target device. Once configured, the shield is typically plugged into a host computer, and then a desired USB device is plugged into the shield and then monitors and blocks all communications inconsistent with its configuration parameters. In some embodiments, the USB shield modifies certain communications (such as filenames) as a safety precaution if so configured to defeat auto-run logic even if configured on a host computer. | 06-27-2013 |
20130174280 | DOCUMENT CONTROL BASED ON COPYRIGHT PERMISSION WHEN PRINTING COMPILATION OF WORKS - A method for controlling copyright permissions when assembling multiple copyrighted works into a compiled file. The copyright permission level of each file is analyzed, either based on the copyright permission information present in metadata associated with the file or based on the digital file format of the file which reflects the permission level. The compiled file is assigned a permission level which is the same as or more restrictive than all of the permission level of the files in the compilation, and is generated in a format that enforces the assigned permission level. A notification may be displayed to the user to notify the use of the permission level assigned to the compiled file. | 07-04-2013 |
20130174281 | MESSAGING STAMP AUTHORITY - Electronic messages may be processed using a stamp authority by receiving an electronic message, identifying a stamp associated the message, determining if the stamp is valid, and, if the stamp is determined to be valid, distinguishing the message from messages with which a valid stamp is not identified. | 07-04-2013 |
20130179992 | SYSTEMS AND METHODS FOR ACCESSING DIGITAL CONTENT USING ELECTRONIC TICKETS AND TICKET TOKENS - Systems and methods for accessing digital content using electronic tickets and ticket tokens in accordance with embodiments of the invention are disclosed. In one embodiment, a user device includes a processor, a network interface, and memory configured to store an electronic ticket, and a ticket token, and the processor is configured by an application to send a request for digital content, receive a ticket token from a merchant server, wherein the ticket token is generated by a DRM server and associated with an electronic ticket that enables playback of the requested digital content, send the ticket token to a DRM server, receive an electronic ticket that enables playback of requested digital content, request the digital content associated with the electronic ticket, and play back the requested digital content using the electronic ticket. | 07-11-2013 |
20130179993 | System and Methods for Host Enabled Management in a Storage System - A storage system that includes a management communication interface coupled to a storage management layer and further includes a data communication interface. Upon receiving a request for accessing the storage management layer, from the host, via the data communication interface, the management layer sends to the host, access information necessary for allowing access of the host to the storage management layer via the management communication interface; and upon receiving a management command, from the host via the management communication interface, the host is provided with access to the storage management layer, in cases where the management command conforms to the access information. | 07-11-2013 |
20130179994 | Dual Trust Architecture - Mechanisms for executing a software routine in an application executing as a multi-user single address space subsystem in an operating environment having a trusted mode of operation for trusted routines and a reduced-trust mode of operation for untrusted routines. The application includes a control module for execution as a trusted routine and a trusted routine table including identifiers of trusted routines. The control module performs switches between a trusted mode of operation for execution and a reduced trust mode of operation based on various determinations regarding the nature of a calling routine being trusted or untrusted, a call stack, and whether the calling routine is being restored or not from the call stack. | 07-11-2013 |
20130185815 | PASSWORD-LESS LOGIN - User profiles stored on a server control access to private data. Access control to the user profiles themselves is provided without a password. In more detail, the user profile is functionally handicapped by at least a portion of digital data (or a cryptographic key) associated with the user profile being removed and discarded after being sent to an enabling device. A human gesture from the user first provides a key to reconstitute the key or restore the missing data portion in the enabling device which is then transmitted to the server to reconstitute the key or restore the missing data portion in order to reconstitute the user profile for access. | 07-18-2013 |
20130185816 | INFORMATION PROCESSING APPARATUS, METHOD, PROGRAM, AND INTEGRATED CIRCUIT - A content display apparatus which processes protected information configured, with an aim to prevent access from any unauthorized program, to include: a process managing unit which manages a plurality of processes operable in the content display apparatus; and an access detecting unit configured to detect access to the protected-information access detecting unit which detects access to the protected information. The process managing unit includes an application execution control unit which temporarily stops the operation of each of at least one process other than a process which accesses the protected information among the plurality of processes when the access to the protected information is detected by the protected-information access detecting unit. | 07-18-2013 |
20130191930 | SYSTEMS AND METHODS FOR GOVERNING CONTENT RENDERING, PROTECTION, AND MANAGEMENT APPLICATIONS - System and methods are disclosed for governing digital rights management systems and other applications through the use of supervisory governance applications and keying mechanisms. Governance is provided by enabling the supervisory applications to revoke access keys and/or to block certain file system calls, thus preventing governed applications from accessing protected electronic content. | 07-25-2013 |
20130198869 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR MESSAGING IN AN ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for messaging in an on-demand database service. These mechanisms and methods for messaging in an on-demand database service can enable embodiments to more flexibly message in on-demand database environments. The ability of embodiments to provide such feature may lead to enhanced messaging features which may be used for providing more effective ways of messaging in the context of on-demand databases. | 08-01-2013 |
20130198870 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR MESSAGING IN AN ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for messaging in an on-demand database service. These mechanisms and methods for messaging in an on-demand database service can enable embodiments to more flexibly message in on-demand database environments. The ability of embodiments to provide such feature may lead to enhanced messaging features which may be used for providing more effective ways of messaging in the context of on-demand databases. | 08-01-2013 |
20130198871 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR MESSAGING IN AN ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for messaging in an on-demand database service. These mechanisms and methods for messaging in an on-demand database service can enable embodiments to more flexibly message in on-demand database environments. The ability of embodiments to provide such feature may lead to enhanced messaging features which may be used for providing more effective ways of messaging in the context of on-demand databases. | 08-01-2013 |
20130198872 | METHOD FOR COMPONENT ACCESS CONTROL AND ELECTRONIC DEVICE - Disclosed are a method for component access control and electronic device. The method comprises: acquiring a target component list corresponding to the first application, which list includes at least one target component required by the first application, with the at least one target component belonging to at least one basic component; after a component selection command is received, generating information about those basic components accessible by the first application from the target component list according to the component selection command; and storing the information about those basic components accessible by the first application. In the present solution, it is unnecessary to set access to all the component when applying for an application; rather, those component accessible by the application can be controlled during the installation or use of the application according to system or user requirements, thereby increasing the flexibility of the application in accessing components and reducing the probability of the user privacy being stolen. | 08-01-2013 |
20130205413 | DATA PROCESSING APPARATUS AND METHOD USING SECURE DOMAIN AND LESS SECURE DOMAIN - A data processing apparatus | 08-08-2013 |
20130205414 | METHOD FOR NEAR FIELD COMMUNICATION OPERATION, A DEVICE AND A SYSTEM THERETO - A method, a user terminal and a system for performing a NFC operation by a NFC equipped user terminal. According to a method a common application residing in a secure element of the user terminal can be authenticated by receiving, in the common application, an authentication request message including identification information on at least service provider of the NFC reader. Based on the identification information authentication related data on a service provider of NFC service is retrieved from a database. Furthermore, a data request message is received from the NFC reader. The data is retrieved, on the basis of identification information on at least service provider of the NFC reader and identification information for data, from the database residing in the secure element of the user terminal. The data requested is delivered to the NFC reader. | 08-08-2013 |
20130205415 | NETWORK LINKER FOR SECURE EXECUTION OF UNSECURED APPS ON A DEVICE - An app is made secure using an app wrapping security technique and a network linker that creates an executable binary file of the wrapped app that does not use custom dynamic libraries. The network linker includes a client-side linker component and a server-side linker component. When the app is created and the developer decides to have it security wrapped, an extra parameter is inserted in the client-side linker component for invoking the network linker of the present invention. If a call is being made from app security wrapping code, then the invocation resolves to normal system libraries and the call is not shimmed. Once all the symbols have been resolved on the server-side linker, the executable binary is transmitted back to the client-side linker component where it is digitally signed by the app developer and put in a suitable form for uploading to an app store or marketplace. | 08-08-2013 |
20130212710 | Data Leakage Prevention for Cloud and Enterprise Networks - Apparatuses, methods and articles of manufacture for performing data leakage prevention are provided. Data leakage prevention may be performed by determining a signature of a transmitted document, the transmitted document being in transit to a location beyond a network boundary. The signature of the transmitted document is compared with one or more signatures of documents authorized to be transmitted beyond the network boundary. The transmitted document is prevented from being transmitted beyond the network boundary if the signature of the document does not correspond to a signature of a document authorized to be transmitted beyond the network boundary. | 08-15-2013 |
20130212711 | Solution for Continuous Control and Protection of Enterprise Data Based on Authorization Projection - Extracting data from a source system includes generating an authorization model of the data protection controls applied to the extracted data by the source system. The authorization model is used to map the data protection control applied to the extracted data to generate corresponding data protection controls provided in target system. The extracted data is imported to the target system including implementing the corresponding data protection controls. | 08-15-2013 |
20130212712 | SYSTEM AND METHOD FOR CREATING BOUNDED PACKETS OF PERSONALLY-IDENTIFIABLE INFORMATION (PII) - A system and method is disclosed, which allows registered visitors the opportunity to create bounded packets (QYouBs) containing a range of personally-identifiable information (PII) selected by the subscriber to meet a specific need, which can then be quickly transferred to a receiving party. | 08-15-2013 |
20130219520 | SYSTEMS AND METHODS FOR CONTROLLING RIGHTS ASSOCIATED WITH A PRODUCT - Controlling rights associated with a product is described, including receiving, from a source, a first code of a media product, the first code is unique to the media product; authorizing the media product based on the first code and information about the source; receiving, from another source, the first code and a second code of media the product, the second code is unique to the media product; determining whether the first code is authorized; if the first code is authorized, identifying an encryption key for the media product based on the second code, and transmitting the encryption key to the second source, the encryption key enables access to content of the media product | 08-22-2013 |
20130219521 | MUSIC-CONTENT USING APPARATUS CAPABLE OF MANAGING COPYING OF MUSIC CONTENT, AND PROGRAM THEREFOR - When new music content is generated on the basis of replication of original music content, additional information including information indicating that the generated new music content is based on replication and replication source information identifying a replicated-from source of the replicated content is generated and added to the new music content based on the replication. When the new (i.e., replicated) music content is to be used, a search is made for original music content on the basis of information identifying a replicated-from source and use of the new (replicated) music content is permitted only when the c original music content has been successfully found. Such arrangements reliably allow the replicated content to be used by a given person only when the person possesses the original music content. | 08-22-2013 |
20130219522 | DATA PROCESSING METHOD AND DEVICE - A data processing method pertains to a step (E | 08-22-2013 |
20130219523 | SELECTIVELY EXPOSING BASE CLASS LIBRARIES BASED ON APPLICATION EXECUTION CONTEXT - Allowing access to APIs based on application context. A method includes determining an application context for an application. A layer is determined for a base class library. Layers of the base class library are defined by one or more developer defined attributes associated with an API, where the API is included in the base class library. The base class library is divided into layers based on the developer defined attributes. The one or more attributes define which application contexts can access the API. If the layer matches the application context then access by the application to the API is allowed. | 08-22-2013 |
20130219524 | System and/or Method for Distributing Media Content - The subject matter disclosed herein relates to distribution of media content. | 08-22-2013 |
20130227712 | METHOD AND SYSTEM FOR RESOURCE MANAGEMENT BASED ON ADAPTIVE RISK-BASED ACCESS CONTROLS - Systems, methods, and computer program products are provided for adaptively controlling access to resources, such as selectively granting a user's request to access a confidential document. In one embodiment, the method may include making real-time access control decisions that respond promptly to changing organizational environments, thus reducing risks of the unauthorized use or access of resources. In addition, the method may include selectively granting a user's request to access a resource based on dynamic risk factors including, for example, the user's trust level, the sensitivity of the information resource requested, and the overall system status. Furthermore, the method may include adjusting those factors based on a change in conditions or organizational need. | 08-29-2013 |
20130227713 | METHOD FOR ENCRYPTING AND EMBEDDING INFORMATION IN A URL FOR CONTENT DELIVERY - A method for accessing a remote network includes identifying a content server associated with the remote network, generating a uniform resource locator, embedding additional data in the uniform resource locator, encrypting the uniform resource locator, and accessing a server in the remote network identified by the uniform resource locator. The method further includes wherein the additional data comprises authentication data, a delivery session identification, a time stamp, or comprises subscriber identification data. The URL may provide access to the content server for a time period indicated by the time stamp. The method includes wherein at least the subscriber identification data prevents unauthorized sharing of the URL. | 08-29-2013 |
20130232586 | METHODS AND APPARATUS FOR LOCATING AN UNAUTHORIZED VIRTUAL MACHINE - Methods and apparatus of locating an unauthorized virtual machine are disclosed. A virtual machine is registered with a management system. When the virtual machine is requested to start, the system determines whether the virtual machine is in an authorized environment. In an authorized environment, the virtual machine is enabled to operate normally. In an unauthorized environment, the virtual machine is disabled. The disabled virtual machine gathers information about the unauthorized environment and transmits the information to the virtual machine owner. | 09-05-2013 |
20130247229 | USING FLASH STORAGE DEVICE TO PREVENT UNAUTHORIZED USE OF SOFTWARE - A flash storage device and a method for using the flash storage device to prevent unauthorized use of a software application are provided. An identifier may be encoded within specific sectors of the flash storage device. One bits of the identifier may be encoded as unusable ones of the specific sectors and zero bits of the identifier may be encoded as usable one of the specific sectors. Alternatively, the zero bits of the identifier may be encoded as the unusable ones of the specific sectors and the one bits of the identifier may be encoded as the usable ones of the specific sectors. The software application may be permitted to execute on a processing device connected to the flash storage device only when the identifier is encoded within the flash storage device. | 09-19-2013 |
20130247230 | METHODS AND DEVICES FOR TRUSTED PROTOCOLS FOR A NON-SECURED, DISTRIBUTED ENVIRONMENT WITH APPLICATIONS TO VIRTUALIZATION AND CLOUD-COMPUTING SECURITY AND MANAGEMENT - The present invention discloses methods for trusted protocols for a non-secure computing-environment. Methods include the steps of: upon request for determining that an untrusted computing resource is trustworthy, vouching for the untrusted resource as trustworthy by a trusted computing resource upon satisfying at least one criterion of: the trusted resource was directly involved in setting up and/or activating the untrusted resource; and/or has access to a database of identifying credentials and/or information which allow the trusted resource to verify that the untrusted resource is trustworthy; and concealing at least one secret that needs to be present on any computing resource, wherein at least one secret is concealed differently on each computing resource; and transmitting at least one secret from any computing resource to any other computing resource in a way that changes the step of concealing at least one secret without any computing resource knowing at least one secret. | 09-19-2013 |
20130254904 | IC CARD AND IC CARD CONTROL METHOD - According to one embodiment, an IC card includes a communication unit, data memory, selector, and inheriting unit. The communication unit performs data communication with an external apparatus. The data memory stores files managed by a hierarchical. structure, a folder as an upper layer of the files, and information concerning the inheritance of a security status between a plurality of folders. If information indicating the inheritance of a security status from the first folder to the second folder exists, the inheriting unit inherits, even while the second file is selected, the security status established while the first folder is selected. | 09-26-2013 |
20130254905 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 09-26-2013 |
20130263287 | Access control list for applications on mobile devices during a remote control session - A method of implementing access restrictions on mobile devices during a remote control session Network based restrictions; User controlled restrictions, or User controlled access list restrictions. A remote support technician connects to a mobile device to perform remote access to the mobile device. As part of the remote control session a policy can be pushed to the device that would have a list of applications that would need to be allowed by the user to be shared with remote technician. Alternatively no policy is pushed and the user must allow remote support technician access. | 10-03-2013 |
20130263288 | Password protect feature for application in mobile device during a remote session - Disclosed is a method of password protection applied to applications on mobile devices during a remote control session. When a mobile device is connected to a remote support technician providing said remote support technician access to the mobile device, when a user highlights a password field the password is contextually hidden on remote support technician's console. A toast message is displayed on the remote access console and the user's mobile device and the remote support technician is denied the ability to edit the user's password field. | 10-03-2013 |
20130276147 | SEMICONDUCTOR DEVICE, CONFIDENTIAL DATA CONTROL SYSTEM, CONFIDENTIAL DATA CONTROL METHOD - A semiconductor device, confidential data control system and confidential data control method are provided capable of safeguarding confidential data even in cases of unauthorized access to a single storage medium. Capacities of each of confidential data segments, necessary when reading each of confidential data segments from an external memory and an internal memory, are acquired as control data from a register. Then each of the confidential data segments is read based on the acquired control data. It is accordingly rendered difficult to determine data related to the capacity of the confidential data even in cases of unauthorized access (hacking). Moreover, reading of the full confidential data does not occur even if unauthorized access to a single storage medium occurs (either the external memory or the internal memory). Consequently, unauthorized access can be suppressed. | 10-17-2013 |
20130276148 | Proof-of-Purchase Watermarks - A third-party watermark is inserted into a file or files uploaded by a client to a storing party such as a file backup server. The third-party watermark may contain information about the upload itself, such as time and date of the upload and the identity of the client. The third-party watermark may also contain authentication information received from the client or elsewhere that establishes that the client is in proper possession of the file, e.g., it is not a bootlegged copy. | 10-17-2013 |
20130276149 | SECURE MEMORY MANAGEMENT SYSTEM AND METHOD - The present invention describes a system and a method for securely loading digital information from an external storage device in a non-trusted environment into a memory module in a trusted environment within a data processing system. A master mode and a service mode are described, the master mode being when the secure loading is requested by a secure processor residing within the trusted environment and the service mode being when the loading is requested by an element which is external to the trusted environment i.e. in the non-trusted environment. The system comprises at least one storage device, one memory module and at least one first processor, and further comprises a memory access controller module connected between the processor and the memory module, and a secure memory management module connected to the processor, the memory module, the storage device and the memory access controller. Requests for data made by either the first processor or the external element are passed to the secure memory management module, which loads the data from the storage device to the memory module and configures the memory access controller such that the processor will have access to the data. | 10-17-2013 |
20130283400 | Secure Configuration of Mobile Applications - Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data. | 10-24-2013 |
20130283401 | INFORMATION CONTENT VALIDATION FOR ELECTRONIC DEVICES - A circuit device comprises a processing device connected to a memory. The processing device comprises a detection module that detects information content received in the memory from an electronic device. A validation module validates the information content in real time. Validating the information content includes analyzing the information content to detect selected content and preventing dissemination of the selected content from the electronic device. | 10-24-2013 |
20130283402 | APPARATUS AND METHOD FOR EMBEDDING AND EXTRACTING INFORMATION IN ANALOG SIGNALS USING DISTRIBUTED SIGNAL FEATURES AND REPLICA MODULATION - Apparatus and methods are provided for embedding or embedding digital data into an analog host or cover signal. A distributed signal feature of the cover signal in a particular domain (time, frequency or space) is calculated and compared with a set of predefined quantization values corresponding to an information symbol to be encoded. The amount of change required to modify the signal feature to the determined target quantization value is calculated and the cover signal is modified accordingly to so change the feature value over a predefined interval. Information symbols are extracted by the opposite process. In one embodiment, the predefined value is a short term autocorrelation value of the cover signal. | 10-24-2013 |
20130291126 | Electronic Document Delivery, Display, Updating, and Interaction Systems and Methods - System and methods for actively updating, revising, and supplementing content of an electronic document, such as a book. A book-like interface with active regions and page links may be utilized. In one example, a method of modifying a remote electronic document in an electronic file with updated information from an active document server or remote service involving connecting an active document reader which resides on a computing device having the electronic file and active document reader to the active document server via a network; identifying one or more subsets of the information in the document file package to be updated; providing via the network a set of updated information for the one or more subsets; and replacing the one or more subsets with the updated information without replacing the entire electronic file. | 10-31-2013 |
20130291127 | ENTERPRISE-LEVEL DATA PROTECTION WITH VARIABLE DATA GRANULARITY AND DATA DISCLOSURE CONTROL WITH HIERARCHICAL SUMMARIZATION, TOPICAL STRUCTURING, AND TRAVERSAL AUDIT - Access is obtained to a plurality of intermediately transformed electronic documents (with a plurality of sections and subsections) which have been transformed, by topical analysis and text summarization techniques, from a plurality of original electronic documents comprising at least some unstructured electronic documents. Audit and retrieval agent code is appended to the sections and subsections to create a plurality of finally transformed electronic documents. Users are allowed to access the finally transformed electronic documents. The users are provided with accountability reminders contemporaneous with the access. The access of the users to the sections and subsections of the finally transformed electronic documents is logged. An audit report is provided based on the logging. Also provided is a cloud service for enterprise-level sensitive data protection with variable data granularity, using one or more one guest virtual machine images. | 10-31-2013 |
20130291128 | ANONYMIZING APPARATUS AND ANONYMIZING METHOD - It is an object of the present invention to enable appropriate generalization of attribute information even when data sets are likely to be repeatedly provided and attribute information of a data entry added later substantially deviates from a range of values of attribute information of a known data entry. For each data entry of a data set having a plurality of data entries each including at least one attribute data forming a quasi-identifier, which is information that can identify an individual, and at least one attribute data other than the quasi-identifier, a value of the at least one attribute data forming the quasi-identifier is generalized on the basis of a predetermined generalization rule. Among the plurality of data entries included in the data set, a data entry which, when generalized on the basis of the generalization rule, becomes a factor for the data set to fail to satisfy a predetermined standard of anonymity is selected, and at least one data entry of which generalization target attribute data has a value that is common to that data entry to thereby enable the data set to satisfy the predetermined standard of anonymity is also selected. For the selected data entries, the value of the generalization target attribute data is changed to a predetermined common value irrespective of the predetermined generalization rule. | 10-31-2013 |
20130291129 | ACCEPTING THIRD PARTY CONTENT CONTRIBUTIONS - Accepting a third party new article submission is disclosed. A first submission, including a first URL of a first news article that is different from a second URL of a previously accepted second news article submission, is received. One or more automated checks are performed on at least a portion of the first submission. Whether to accept the first submission is automatically determined based at least in part on the performed checks. | 10-31-2013 |
20130291130 | Protection of Memory Field Using Illegal Values - An electronic device ( | 10-31-2013 |
20130305394 | INFORMATION PROCESSING DEVICE PERFORMING SOFTWARE LICENSE AUTHENTICATION, COMMUNICATION SYSTEM, AND SOFTWARE LICENSE AUTHENTICATION METHOD - An information processing device performs software license authentication while sharing the license between an operational system and a standby system in a closed network. A license file and a license key are installed in the operational system. License synchronization starts between the operational system and the standby system. When the operational system fails, the operational system is separated from the closed network, and when a different device is provided, license synchronization is performed between the different device serving as a new standby system and a new operational system (old standby system). When the standby system fails, the standby system is separated from the closed network, and license synchronization is performed between a different device serving as a new standby system and the operational system. A device which retains the license monitors whether or not an unauthorized use of the license is conducted in the closed network. | 11-14-2013 |
20130312117 | Systems and Methods for Providing and Managing Distributed Enclaves - A method for operating a distributed data management and control enclave comprises providing a policy that identifies a set of data to be managed and controlled. The policy further identifies devices upon which the data may be transferred and the conditions under which that data may be transferred to the identified devices. A first data management and control system to be used on a first device is then defined in the policy. A second management and control system to be used on a second device is then defined in the policy. The second data management and control system can be distinct from the first data management and control system. The specified data management and control system is then instantiated on a device. The specified data management and control system is then used to manage and control data on the device in accordance with the policy. | 11-21-2013 |
20130312118 | DEVICE MANAGING APPARATUS, DEVICE MANAGING SYSTEM, AND RECORDING MEDIUM STORING A SOFTWARE MANAGEMENT PROGRAM - A device managing apparatus for managing software installed in at least one device includes a determination unit configured to determine whether a software item to be installed in the device requires license validation; a validation unit configured to perform a license validation operation on the software item for which the determination unit determines that license validation is required, depending on an available license for the software item; and a setting unit configured to set a license issued by the validation unit in the device in which the software item is installed. | 11-21-2013 |
20130318634 | IMAGE FORMING APPARATUS, LAUNCHING METHOD OF PROGRAM IN THE APPARATUS, IMAGE FORMING SYSTEM, AND PROGRAM AND STORAGE MEDIUM THEREFOR - An image forming apparatus which is connected to an external device via a communication unit includes a launching program identification unit which stores launching program information for specifying a program module to be executed upon launching from a plurality of program modules for realizing a plurality of functions, and a program management unit which executes a program module corresponding to the launching program information when the image forming apparatus is activated, on the basis of the launching program information stored in the launching program identification unit. License information containing the identification information and launching program information of the apparatus is acquired from a PC via the communication unit. The launching program information stored in the launching program identification unit is updated on the basis of the acquired license information, thereby changing the program module to be executed upon activating the apparatus. | 11-28-2013 |
20130326640 | ELECTRONIC FILE SECURITY MANAGEMENT PLATFORM - According to some embodiments, an electronic file security management platform may receive a request from a user to access a first electronic file associated with a first application, such as a word processing document. A security characteristic associated with the user may be determined, and an encrypted version of the first electronic file may be decrypted in accordance with the security characteristic. The electronic file security management platform may then arrange for the user to access the first electronic file via the first application such that: (i) a first portion of the first electronic file is available to the user based on a first security requirement associated with the first portion and the security characteristic, and (ii) a second portion of the first electronic file is not available to the user based on a second security requirement associated with the second portion and the security characteristic. | 12-05-2013 |
20130326641 | PROTECTION OF SERIES DATA - Information-processing device including an exchanging unit exchanging data; a receiving unit receiving plural data sets, each of the plural data sets including at least one sub data set, plural predetermined sub data sets included in plural data sets forming series data; a first generating unit generating, for a first target sub data set, a dummy data set different from the first target sub data set; a second generating unit generating authentication information based on a second target sub data set, the second target sub data set being a sub data set or a dummy data set to be processed and selected from the at least one sub data set and the generated sub data set; and a first providing unit providing data including the second target sub data and the authentication information. | 12-05-2013 |
20130333056 | SYSTEM AND METHOD FOR CHANGING ABILITIES OF A PROCESS - A system and method wherein a set of privileges assigned to a process may be modified responsive to a request. The modification may apply to one or more abilities within the set of privileges and may be applied during execution of the process subsequent to the process creation time. Accordingly a process may be created with a default set of privileges and subsequently the privileges may be modified (e.g. to include a sub-set of the default privileges) thereby mitigating the risk of malicious exploitation of the process through attack. | 12-12-2013 |
20130340100 | Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth - Disclosed herein are methods and systems for transmitting streams of data. The present invention also relates to generating packet watermarks and packet watermark keys. The present invention also relates to a computerized system for packaging data for transmission to a user. The system may utilize computer code to generate a bandwidth rights certificate that may include: at least one cryptographic credential; routing information for the transmission; and, optionally, a digital signature of a certificate owner; a unique identification code of a certificate owner; a certificate validity period; and pricing information for use of bandwidth. The present invention also relates to an electronic method and system for purchasing good and services by establishing an account whereby a customer is credited with a predetermined amount of bandwidth usage, and then charges are assessed against the account in an amount of bandwidth usage which corresponds to the agreed upon purchase value for the selected item. | 12-19-2013 |
20130347132 | Consumption Based Digital Content Rental Expiration - A mechanism is provided for consumption based digital content rental. Responsive to validating a request from a user to consume the digital content, one or more discrete units of a plurality of discrete units comprised by the digital content are made available to the user. A timer associated with a selected discrete unit is started that records an agreed-to consumption time for the selected discrete unit. The selected discrete unit is presented to the user and then a determination is made as to whether the tinier indicates that the agreed-to consumption time of the selected discrete unit has expired. When the agreed-to consumption time has expired, consumption of the selected discrete unit is ended white leaving each remaining discrete units in the plurality of discrete unit with its own agreed-to consumption time for the user to consume. | 12-26-2013 |
20140007263 | SELECTION OF SANDBOX FOR INITIATING APPLICATION | 01-02-2014 |
20140013452 | DATA PROTECTION HUB - Embodiments of the invention broadly described, introduce systems and methods for protecting data at a data protection hub using a data protection policy. One embodiment of the invention discloses a method for protecting unprotected data. The method comprises receiving a data protection request message comprising unprotected data and one or more policy parameters, determining a data protection transformation using the policy parameters, performing the data protection transformation on the unprotected data to generate protected data, and sending the protected data | 01-09-2014 |
20140020119 | SYSTEM AND METHOD FOR DETECTING ACTIVE STREAMS USING A HEARTBEAT AND SECURE STOP MECHANISM - One embodiment of the present invention sets forth a technique for identifying active streaming connections associated with a particular user account. Each active streaming connection transmits heartbeat packets periodically to a server that tracks the receipt of the heartbeat packets. If, for a particular streaming connection, the server stops receiving heartbeat packets, then the server is able to infer that the streaming connection has been terminated. | 01-16-2014 |
20140020120 | SYSTEM AND METHOD FOR ACCESS CONTROL FOR DATA OF HETEROGENEOUS ORIGIN - Systems and methods are provided for controlling access to data of heterogeneous origin. A system creates combined access rights from access rights and other access rights for combined data that includes data and other data. The system receives a request to access data that is part of the combined data. The system determines whether to provide access to at least part of the data based on access rights that are part of the combined access rights. The system provides access to at least part of the data in response to a determination to provide access to at least part of the data based on the access rights that are part of the combined access rights. | 01-16-2014 |
20140026232 | NONVOLATILE MEMORY, READING METHOD OF NONVOLATILE MEMORY, AND MEMORY SYSTEM INCLUDING NONVOLATILE MEMORY - A nonvolatile memory device includes a memory cell array and a read/write circuit connected to the memory cell array through bit lines. The read method of the nonvolatile memory device includes receiving a security read request, receiving security information, and executing a security read operation in response to the security read request. The security read operation includes reading of security data from the memory cell array using the read/write circuit, storing of the read security data in a register, performing security decoding on the read security data stored in the register using the received security information, resetting the read/write circuit, and outputting a result of the security decoding. | 01-23-2014 |
20140033330 | UNDISCOVERABLE PHYSICAL CHIP IDENTIFICATION - Methods and circuits for undiscoverable physical chip identification are disclosed. Embodiments of the present invention provide an intrinsic bit element that comprises two transistors. The two transistors form a pair in which one transistor has a wide variability in threshold voltage and the other transistor has a narrow variability in threshold voltage. The wide variability is achieved by making a transistor with a smaller width and length than the other transistor in the pair. The variation of the threshold voltage of the wide variability transistor means that in the case of copies of intrinsic bit elements being made, some of the “copied” wide variability transistors will have significantly different threshold voltages, causing some of the intrinsic bit elements of a copied chip to read differently than in the original chip from which they were copied. | 01-30-2014 |
20140041059 | ANALYZING APPARATUS VALIDATING SYSTEM AND PROGRAM FOR THE SYSTEM - In validation of an analyzing apparatus, in the case where the system configuration is not standard or where a reference value required for the validation is different from a standard value, the validation work cannot be automatically performed, which requires time and effort. For a validation target analyzing apparatus system, first, a parameter acquiring unit acquires parameters for qualification implementation of the analyzing apparatus system on a basis of an electronically supplied qualification plan document and an electronically supplied qualification implementation procedure manual. Then, a validation executing unit executes validation of the analyzing apparatus system using the acquired parameters for qualification implementation. | 02-06-2014 |
20140047564 | MANAGING CONTACT RECORDS IN A DEVICE WITH MULTIPLE OPERATION PERIMETERS - Management of contact records in an electronic device with multiple operation perimeters is provided. When creating a contact record from within one operation perimeter, an option is provided to save the contact record in storage resource accessible from within the current operating perimeter or in a storage resource accessible from within an alternative operation perimeter. If the alternative operation perimeter has a higher security level than the current operation perimeter, a password or other authorization may be required. | 02-13-2014 |
20140047565 | AUTHENTICATION REQUESTING APPARATUS, AUTHENTICATION PROCESSING APPARATUS, AND AUTHENTICATION EXECUTION METHOD BASED ON PHYSICALLY UNCLONABLE FUNCTION - An authentication requesting apparatus, an authentication processing apparatus and an authentication execution method based on a physically unclonable function (PUF) are provided. The authentication requesting apparatus includes a signal transmission and reception unit, a response generation unit, and an authentication request unit. The signal transmission and reception unit receives a first pilot signal from an authentication processing apparatus that processes authentication. The response generation unit generates a challenge value based on the first pilot signal, acquires an output value by inputting the challenge value into a PUF circuit, and generates a response value from the output value. The authentication request unit requests authentication by transmitting the response value to the authentication processing apparatus, receives authentication result information from the authentication processing apparatus, and determines whether authentication has been successful. | 02-13-2014 |
20140047566 | LICENSE MANAGEMENT PLATFORM APPARATUSES, METHODS AND SYSTEMS - The LICENSE MANAGEMENT PLATFORM APPARATUSES, METHODS AND SYSTEMS (“LMP”) transform content seed selections and recommendations via LMP components such as discovery and social influence into events and discovery of other contents for users and revenue for right-holders. In one embodiment, the LMP may detect a request to engage a universally resolvable media content (“URMC”) item. The LMP may obtain an expiration date for a URMC license token associated with the URMC item and may determining, based on the obtained expiration date, whether the license token is expired. The LMP may facilitate discarding of a license key associated with the expired license token and may deny the request to engage the URMC item with the associated expired license token. The LMP may provide a request for an updated token and requisite credentials for the updated token, obtain a response including an updated token and facilitate engaging of the requested URMC item with an associated valid updated token. | 02-13-2014 |
20140053282 | SYSTEM AND METHOD OF INTEGRATING MODULES FOR EXECUTION ON A COMPUTING DEVICE AND CONTROLLING DURING RUNTIME AN ABILITY OF A FIRST MODULE TO ACCESS A SERVICE PROVIDED BY A SECOND MODULE - A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module. | 02-20-2014 |
20140053283 | System, Method, and Device for Communicating and Storing and Delivering Data - A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller, executable sensors, and a virtual operating system. The wrap is verified, optionally through a connection to a verification server. After verifying the wrap, the wrap is opened and an executable controller is copied into the platform memory. The executable controller allows the platform processor to execute the virtual operating system, which gives the platform processor access to virtual operating system resources necessary to verify the platform and create a connection to a connection server. | 02-20-2014 |
20140053284 | DATA TRANSMISSION DEVICE AND METHOD FOR AGGREGATING MEDIA CONTENT FROM A CONTENT PROVIDER - Disclosed are a data transmission device and method. The data transmission device may comprise: a content aggregating unit for aggregating content relating to data from a content provider; a content preparing unit for preparing the aggregated content; and a content providing unit for providing the prepared content to a client. | 02-20-2014 |
20140059708 | APPARATUSES AND METHODS FOR PROTECTING PROGRAM FILE CONTENT USING DIGITAL RIGHTS MANAGEMENT (DRM) - An electronic device for protecting program file content using Digital Rights Management (DRM) is provided with a DRM agent module, a plug-in, and a web browser module. The DRM agent module is configured to process DRM-protected content associated with a program file. The plug-in is configured to enable execution of the program file. The web browser module is installed with the DRM agent module, and is configured to activate the processing of the DRM-protected content of the DRM agent module to obtain the program file portion-by-portion, and use the plug-in to execute the program file with the obtained portions. | 02-27-2014 |
20140068790 | Methods, Systems, And Computer Program Products For Media-Based Authentication - A method for generating an input key for authenticating access to a resource, the method including obtaining an input media; determining a reference point in the input media; sampling the input media in response to determining the reference point to define an input media sample; generating cell data from the input media sample; and generating the input key using the cell data. | 03-06-2014 |
20140068791 | SECURELY STORING DATA IN A DISPERSED STORAGE NETWORK - A method to securely store a data file in a dispersed storage network (DSN) in a manner to increase difficulty in hacking the data file begins by a dispersed storage (DS) processing module encoding the data file into a plurality of data portions. The method continues with the DS processing module dispersed storage error encoding a first data portion to produce a set of encoded data slices, generating a set of DSN addresses, and sending the set of encoded data slices to a first set of storage units using the set of DSN addresses. The method continues with the DS processing module dispersed storage error encoding a second data portion to produce a second set of encoded data slices, generating a second set of DSN addresses, and sending the second set of encoded data slices to a second set of storage units using the second set of DSN addresses. | 03-06-2014 |
20140068792 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD - An information processing apparatus is capable of performing a plurality of processes in parallel, and includes a plurality of operation components each including individual components, which are provided for respective processes to be performed in parallel. A control unit permits activation of as many operation components as the number of right-to-use licenses, out of the operation components. When detecting an abnormality in an individual component included in an active operation component, the control unit deactivates the other individual components of the operation component including the abnormal individual component, and activates another inactive operation component. | 03-06-2014 |
20140075579 | METHOD TO ENABLE DEVELOPMENT MODE OF A SECURE ELECTRONIC CONTROL UNIT - A system and method for installing software on a secure controller without requiring the software to be properly signed. The method includes determining whether a by-pass flag has been set in the controller that identifies whether a file validation procedure is required to install the file and performing a pre-check operation to determine whether predetermined parameters of the file have been satisfied. The method also includes installing the file into a memory in the controller if the pre-check operation has been satisfied. The method further includes determining whether the file has a proper signature and indicating that the signature is proper if the by-pass flag is set and the file does not include a proper signature, and allowing the file to be installed if the signature has been indicated as being proper. | 03-13-2014 |
20140075580 | Address Exchange System and Methods - The present disclosure provides systems and methods for an address exchange system including a controller configured to provide an API configured to receive an identifier from a user and further configured not to receive a physical address from the user, wherein the user provides an item for shipment to the physical address. In response to receiving the identifier, the controller is further adapted to request the physical address from a data storage system wherein the data storage system stores an association between the identifier and the physical address and further stores one or more permission settings defining situations in which the physical address is to be provided in response to receipt of the identifier. In response to receipt of the identifier, the data storage system tests the permission settings to determine whether or not to provide the associated physical address. | 03-13-2014 |
20140075581 | SECURE MECHANISM TO SWITCH BETWEEN DIFFERENT DOMAINS OF OPERATION IN A DATA PROCESSOR - A data processing apparatus including processing circuitry having a secure domain and a further different secure domain and a data store for storing data and instructions. The data store includes a plurality of regions each corresponding to a domain, and at least one secure region for storing sensitive data accessible by the data processing circuitry operating in the secure domain and not accessible by the data processing circuitry operating in the further different secure domain and a less secure region for storing less sensitive data. The processing circuitry is configured to verify that a region of the data store storing the program instruction corresponds to a current domain of operation of the processing circuitry and, if not, to verify whether the program instruction includes a guard instruction and, if so, to switch to the domain corresponding to the region of the data store storing the program instruction. | 03-13-2014 |
20140075582 | METHOD FOR PLAYING DIGITAL CONTENTS PROTECTED WITH A DRM (DIGITAL RIGHTS MANAGEMENT) SCHEME AND CORRESPONDING SYSTEM - The method and system are for playing digital contents protected by a DRM scheme, wherein the digital contents are stored in a server and downloaded or streamed to a user device. The approach includes executing a DRM application inside the user device implementing a proxy between the server and a native player of the user device, and connecting the DRM proxy application to the server, selecting a digital content to be downloaded and retrieving a corresponding remote playlist. Also, the approach includes transforming the remote playlist into a local playlist having a format readable from the native player and executing a plurality of local packets of the local playlist inside the native player. | 03-13-2014 |
20140082751 | PROTECTING IAT/EAT HOOKS FROM ROOTKIT ATTACKS USING NEW CPU ASSISTS - The present disclosure provides systems and methods for hardware-enforced protection from malicious software. A device may include at least a security validator module and a security initiator module. A call from a process requesting access to information stored in the device may be redirected to the security initiator module, which may cause the device to change from an unsecured view to a secured view. In the secured view the security validator module may determine whether the call came from malicious software. If the call is determined to be valid, then access to the stored information may be permitted. If the call is determined to be invalid (e.g., from malware), the security software may cause the device to return to the unsecured view without allowing the stored information to be accessed, and may take further measures to identify and/or eliminate process code associated with the process that made the invalid call. | 03-20-2014 |
20140082752 | Read-Once Data Sets and Access Method - A documentation inventory manager provided which ensures that a client data set may only be read once. More specifically, the documentation inventor manager comprises a data set type and an access module. In certain embodiments, the data set type is only created once and can only be accessed via the read once access module. The read once access module ensures on read, that the data which was read is no longer readable. In various embodiments after being read once the data is automatically corrupted, deleted, or overwritten. | 03-20-2014 |
20140082753 | SYSTEMS AND METHODS FOR DATA PRIVACY AND DESTRUCTION IN MULTI-SYSTEM LANDSCAPES - A method for managing personal data access in a multi-system landscape includes receiving at a first system in the multi-system landscape an end-of-purpose check result for a personal data record associated with a particular business partner, identifying other systems of the multi-system landscape that perform operations for the particular business partner if the end-of-purpose check result indicates a start-of-retention-time, transmitting requests to each of the identified systems to synchronously perform an end-of-purpose check of local personal data records associated with the particular business partner, and receiving end-of-purpose check results from each of the identified systems. The method further can include initiating a global blocking process for the particular business partner. A system for implementing the method and a non-transitory computer readable medium are also disclosed. | 03-20-2014 |
20140082754 | ELECTRONIC DEVICE AND METHOD FOR DISABLING APPLICATION AND HARDWARE - An electronic device includes a storage unit, a positioning unit, and a processing unit. The storage unit stores geographic information for defining various restricted areas and a disabling table recording one or more to-be-disabled applications and/or hardware of the electronic device in each restricted areas. The positioning unit positions the electronic device. The processing unit determines whether the electronic device enters one restricted area according to the position of the electronic device and the geographic information for defining the various restricted areas, determines one or more to-be-disabled applications and/or hardware according to the disabling table when the electronic device enters one restricted area, and disable the determined one or more to-be-disabled applications and/or hardware when the electronic device enters the one restricted area. A related method is also provided. | 03-20-2014 |
20140090090 | SYSTEM, METHOD, AND APPARATUS TO MITIGATERISK OF COMPROMISED PRIVACY - Various exemplary embodiments relate to a method and related network node including one or more of the following: retrieving a record of a first transaction, wherein the first transaction is associated with personally identifiable information of an owner; determining a first privacy risk value based on: a first transaction security metric associated with the first transaction, wherein the first transaction security metric includes a first set of security parameters, and a first set of weights correlated to the first set of security parameters; determining the current security status based on the first privacy risk value; and transmitting the current security status to the entity. | 03-27-2014 |
20140090091 | MANAGING PERSONAL PRIVACY SETTINGS - Various systems and methods for managing user information on mobile devices are described herein. A selection of user information is received from a user operating a user device. A privacy setting for the selection of user information is received from the user, the privacy setting to permit or deny access to the user information to a third-party application. The selection of user information and the privacy setting is transmitted from the user device to a receiving device, where the receiving device is configured to enforce the privacy setting for the third-party application executing on the receiving device. | 03-27-2014 |
20140090092 | INPUT/OUTPUT MODULE, DATA PROCESSING APPARATUS AND METHOD FOR CHECKING THE OPERATION OF A DATA PROCESSING APPARATUS - Various embodiments provide an input/output module, including: at least one input/output port for the input of data; a signature generator that is coupled to the input/output port and is set up to generate a signature for the data from the data; a reference input, wherein the reference input is set up for the application of a reference signature; and a comparator that is coupled to the signature generator and to the reference input, and is set up to output an alarm signal if the signature of the data on the input/output port differs from the reference signature. | 03-27-2014 |
20140096270 | SECURE DATA CONTAINERS AND DATA ACCESS CONTROL - Various embodiments are generally directed to creating, sharing and various aspects of accessing information that is digitally stored in a data container on one or more computing devices. An apparatus comprises a processor circuit and a storage communicatively coupled to the processor circuit and storing a first sequence of instructions operative on the processor circuit to receive a signal indicating an access to a data container stored in the storage and comprising a protected data and a second sequence of instructions; and execute the second sequence of instructions, the second sequence of instructions operative on the processor circuit to examine security data associated with the apparatus and stored in the storage, and determine whether to grant access to the protected data based on the examination. Other embodiments are described and claimed herein. | 04-03-2014 |
20140096271 | Segment Authentication for Dynamic Adaptive Streaming - A method comprising generating a segment signature for a segment of a media content based on the segment, trusted information contained in a media presentation description (MPD), and a signature signing key, wherein the MPD describes the media content. An apparatus comprising a processor configured to compute a segment signature for a segment of a media content based on the segment, a signature signing key, and trusted information contained in a media presentation description (MPD), wherein the MPD describes the media content. | 04-03-2014 |
20140101782 | DIGITAL VIDEO GUARD - This invention relates to the veracity of information displayed to a user of a computer, and information provided to a computer by human input devices such as mice and keyboards. A digital video guard (DVG) device is a peripheral that is retrofitted to commodity computer devices. The DVG resides in-line with a digital display and enables secure end-to-end interactions between a user and a displayed (usually remote) application. In-band signalling within the digital video stream is used to carry encrypted information from a local or remote source, over untrusted network infrastructure through the digital video guard device to a user. The DVG decrypts and verifies the integrity of the digital video. The integrity of the displayed information is indicated by a trusted LED on the DVG hardware. Portions of the video signal may be designated as trusted, if the received data has been encrypted, signed, or labelled as trustworthy. | 04-10-2014 |
20140101783 | Execution Environment File Inventory - A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system. | 04-10-2014 |
20140101784 | ANALYSIS AND SPECIFICATION CREATION FOR WEB DOCUMENTS - Described herein is a method for rendering specification creation, including identifying, within one or more contents, labels as sensitive labels when data associated with the label are determined sensitive based on one or more user-defined policy rules, wherein the identifying considers structural locations of labels determined as sensitive and the data associated with the sensitive label; configuring rendering specifications for data associated with the identified sensitive labels; and associating the configured rendering specifications with the sensitive labels of the data determined as sensitive, for execution in real time. | 04-10-2014 |
20140109242 | DATA PROTECTING METHOD, MOBILE COMMUNICATION DEVICE, AND MEMORY STORAGE DEVICE - A data protecting method for a mobile communication device is provided. The data protecting method includes storing first authentication information into a hidden area of a memory storage device coupled to the mobile communication device. The data protecting method also includes receiving a data packet containing a data security instruction and second authentication information via a mobile communication data network or a wireless network and determining whether the second authentication information obtained from the data packet matches the first authentication information stored in the hidden area. The data protecting method further includes, when the second authentication information obtained from the data packet matches the first authentication information stored in the hidden area, performing a data protecting operation on data stored in a storage area to prevent the data from being read. Thereby, the data can be effectively protected when the mobile communication device is lost. | 04-17-2014 |
20140109243 | SECURE ACCESS SUPERSESSION ON SHARED WORKSTATIONS - Transitions between users at shared workstations that permit access to private health information or other secure data may be handled, without incurring unnecessary delays due to shut-down of all applications used by the departing user, by selectively hiding applications with sensitive information on a shared desktop while allowing temporary system access for the interrupting user. | 04-17-2014 |
20140115724 | Token-Based Validation Method for Segmented Content Delivery - A token-based validation method for delivery of at least part of a segmented content item and a content delivery system configured for executing such method are described. Said segmented content item may be associated with at least one manifest file comprising one or more segment identifiers. The method may comprises the steps of: a content processing device sending a first segment request message comprising a first segment identifier associated with a first segment to said at least one delivery node; generating first validation information for use with a further second segment request message, said first validation information comprising at least a first token and associated first timing information; and, sending a first response message and said first validation information to said content processing device, said first response message comprising at least part of said segment or location information associated with at least one delivery node for delivering said segment. | 04-24-2014 |
20140115725 | FILE USING RESTRICTION METHOD, USER DEVICE AND COMPUTER-READABLE STORAGE - Provided are a method of restricting the use of a file, an electronic device, and a recording medium. The method of restricting the use of the file includes receiving an input of setting a region by a touch drag operation or a touch draw operation on a screen, receiving an input of a fingerprint of a user, and setting a lock on at least one file included in the region by matching the at least one file and the input of the fingerprint. | 04-24-2014 |
20140123322 | MANAGING A FAULT CONDITION BY A SECURITY MODULE - A microcontroller is awakened from a lower power state in response to a trigger indication indicative of a fault condition. After the awakening, the microcontroller performs a security action with respect to secret information in the security module in response to the fault condition. | 05-01-2014 |
20140123323 | METHODS AND SYSTEMS FOR MANAGING DATA - Computationally implemented methods and systems include receiving data regarding one or more properties of a device, said data not particularly identifying the device, identifying one or more services configured to be provided to a user of the device, said one or more services requiring access to particular data controlled by the device, wherein access to the particular data controlled by the device is managed by the device, and requesting access to the particular data controlled by the device, in exchange for providing one or more of the identified one or more services. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 05-01-2014 |
20140123324 | METHODS AND SYSTEMS FOR MANAGING DATA AND/OR SERVICES FOR DEVICES - Computationally implemented methods and systems include acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services, detecting that the application has completed at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device, presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device, and circuitry for facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 05-01-2014 |
20140123325 | METHODS AND SYSTEMS FOR MANAGING DATA AND/OR SERVICES FOR DEVICES - Computationally implemented methods and systems include acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services, detecting that the application has completed at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device, presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device, and circuitry for facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 05-01-2014 |
20140123326 | METHOD AND APPARATUS FOR TRANSMITTING RIGHTS OBJECT INFORMATION BETWEEN DEVICE AND PORTABLE STORAGE - A method and apparatus for transmitting rights object information between a device and a portable storage are provided. The method includes transmitting a predetermined request from the device to the portable storage, generating a current permission status format including information of a rights object designated by the request, using the portable storage, and transmitting the current permission status format from the portable storage to the device. According to the method and apparatus, overhead is reduced and information transmission speed is increased when the rights object information is transmitted between the device and the portable storage. | 05-01-2014 |
20140137271 | DATA SECURITY AND ACCESS TRACKING IN MEMORY - A memory device includes but is not limited to a substrate, a non-volatile memory array integrated on the substrate, and data security logic integrated with the non-volatile memory array on the substrate. The data security logic is operable to perform at least one data security function associated with the non-volatile memory array. | 05-15-2014 |
20140143895 | SYSTEM AND METHOD FOR LOADING APPLICATION CLASSES - In an application, variants of a class may be generated and associated with different security permissions for the application. When a class is to be loaded, a determination is made as to the application's security permissions, e.g. by decoding a security token. The class is then retrieved from a repository that stores class variants matching the required security level. The retrieved class variant, which may have a full or a reduced functionality as appropriate for the security permission may then by loaded. | 05-22-2014 |
20140150119 | Security Restrictions on Binary Behaviors - A security model restricts binary behaviors on a machine based on identified security zones. Binary behaviors can be attached to an element of a document, web-page, or email message. The binary behavior potentially threatens security on the local machine. A security manager intercepts download requests and/or execution requests, identifies a security zone for the requested binary behavior, and restricts access based on the security zone. The binary behavior can identify a security zone according to the related URL. In one example, all binary behaviors associated with a security zone are handled identically. In another example, a list of permissible binary behaviors is associated with a security zone such that only specified binary behaviors are granted access. In still another example, a list of impermissible binary behaviors is associated with a security zone such that binary behaviors that are found in the list cannot initiate access. | 05-29-2014 |
20140150120 | SYSTEMS AND METHODS FOR SECURING DATA IN THE CLOUD - A secure data parser is provided that may be integrated into any suitable system for securely storing data in and communicating data with cloud computing resources. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. | 05-29-2014 |
20140150121 | MIME Handling Security Enforcement - A model restricts un-trusted data/objects from running on a user's machine without permission. The data is received by a protocol layer that reports a MIME type associated with the DATA, and caches the data and related cache file name (CFN). A MIME sniffer is arranged to identify a sniffed MIME type based on the cached data, the CFN, and the reported MIME type. Reconciliation logic evaluates the sniffed MIME type and the CFN to determine a reconciled MIME type, and to update the CFN. A class ID sniffer evaluates the updated CFN, the cached data, and the reconciled MIME type to determine an appropriate class ID. Security logic evaluates the updated CFN, the reported class ID, and other related system parameters to build a security matrix. Parameters from the security matrix are used to intercept data/objects before an un-trusted data/object can create a security breach on the machine | 05-29-2014 |
20140150122 | Methods and Systems for Using Derived User Accounts - Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA. | 05-29-2014 |
20140165214 | METHODS AND APPARATUS FOR PROVIDING PRIVATE EXPRESSION PROTECTION AGAINST IMPERSONATION RISKS - A method, an apparatus, and a computer program product for wireless communication are provided in connection with providing private expression protection in a wireless communications network. In one example, a UE is equipped to internally receive a request (e.g., from an application running on the UE) to announce a private expression and/or at least a reference to an expression-code associated with the private expression, and determine whether the reference to the expression-code and/or the expression-code matches a stored instance of the expression-code. In an aspect, the UE may be equipped to announce the at least one of the private expression or the expression-code when stored instance of the expression-code corresponds to the expression-code received with the request. In another aspect, the UE may be equipped to prohibit announcement of any information associated with the private expression when stored expression-code does not correspond to the expression-code received with the request. | 06-12-2014 |
20140165215 | LIMITING ACCESS TO A DIGITAL ITEM - In a method for limiting access to a digital item, a count for the digital item is stored, wherein the count is a number of accesses permitted for the digital item. A password for accessing the digital item is received. A plurality of password hashes is generated by utilizing one-way hash functions based on the number of accesses of the count and the password to generate the plurality of password hashes based on the count. The plurality of password hashes is stored in a password hash file. | 06-12-2014 |
20140165216 | PRIORITY-BASED APPLICATION EXECUTION METHOD AND APPARATUS OF DATA PROCESSING DEVICE - A method and an apparatus for executing applications in a highest-priority-first order in the processor divided into a secure mode area and a non-secure mode area are provided. The method includes receiving a request to be processed in the non-secure mode domain from the application, determining an access permission level configured to a resource used for processing the request, determining, when the access permission level allows for access from the secure mode domain, a priority of the application, changing the access permission level to allow for access by the non-secure mode domain according to the priority of the application, and processing the request of the application using the resource in the non-secure mode domain. | 06-12-2014 |
20140165217 | AUTHENTICATED MEMORY AND CONTROLLER SLAVE - Systems and methods that can facilitate the utilization of a memory as a slave to a host are presented. The host and memory can provide authentication information to each other and respective rights can be granted based in part on the respective authentication information. The host can determine the available functionality of the memory. The host can activate the desired functionality in the memory and can request memory to perform the desired function(s) with regard to data stored in the memory. An optimized controller component in the memory can facilitate performing the desired function(s) associated with the data to generate a result. The result can be provided to the host, while the data and associated information utilized to generate the result can remain in the memory and are cannot be accessed by the host. | 06-12-2014 |
20140173759 | RIGHTS-MANAGED CODE - Methods, systems, and computer program products are provided for providing controlled access to source code. The source code is encrypted. Access rights to the encrypted source code are configured. The encrypted source code is hosted at a network-accessible location. An access attempt for the encrypted source code by a digital rights management (DRM) enabled software development tool is received. Access to the encrypted source code by the DRM enabled software development tool is enabled according to the configured access rights. | 06-19-2014 |
20140173760 | MANAGING LICENSES OF MEDIA FILES ON PLAYBACK DEVICES - Embodiments are described herein for managing licenses of media files on playback devices in a media system. In some embodiments, each media file is purchased based on a number of licenses, each license granting permission to store the media file on a single playback device. Each media file may have an associated number of one or more licenses that specifies the maximum number of playback devices on which the media file may be stored at the same time (concurrently). The media system may comprise a home central licensing (HCL) device, a primary storage device, and playback devices coupled via a network. The primary storage device may be used to initially store newly purchased media files. The HCL device may allow or prohibit distribution of the media files on the primary storage device to playback devices by using a license manager data structure storing licensing information for each media file. | 06-19-2014 |
20140173761 | METHOD AND APPARATUS FOR PROTECTING AN APPLICATION PROGRAM - A method and apparatus for protecting an application in a user digital device are provided. The method includes downloading an application module and installing an application; receiving an execution request for the application; extracting authentication information from the application module, extracting an authentication element included in the application from the application, generating an authentication signature using the authentication element; comparing a reference authentication signature included in the authentication information with the generated authentication signature; and if the reference authentication signature is identical to the generated authentication signature, normally executing the application. | 06-19-2014 |
20140173762 | SYSTEM, METHOD, AND COMPUTER-READABLE RECORDING MEDIUM FOR SUPPORTING LICENSE ACQUIREMENT - A system including a computer and having a part that stores identification data and status data in association with the identification data, a part that receives a request to acquire a license corresponding to a designated identification data, a part that receives a designation of an electronic device, a part that designates the identification data, obtains license data corresponding to the designated identification data, and updates the status data associated with the designated identification data, the updated status data indicating that the license is being used, a part that transmits the license data to the electronic device via a network and instructs the electronic device to acquire the license, and a part that provides a part that receives an instruction for re-executing obtaining of the license data depending on whether the status data is updated and instructs to re-execute the obtaining of the license data. | 06-19-2014 |
20140181998 | AUTOMATIC SANITIZATION OF DATA ON A MOBILE DEVICE IN A NETWORK ENVIRONMENT - A method is provided in one example embodiment and includes establishing a network connection to a central security system in a central network, receiving a message from the central security system, activating a grace window based on the message, and determining whether the grace window has expired. The method further includes deleting, when the grace window expires, one or more objects from the mobile device based on a sanitization policy. In specific embodiments, the network connection is terminated before the grace window expires, and the grace window expires unless the mobile device establishes another network connection with the central security system. In further embodiments, the method includes receiving the sanitization policy from the central security system. The sanitization policy identifies the one or more objects to be deleted from the mobile device when the grace window expires. | 06-26-2014 |
20140181999 | System and Method for Creating Conditional Immutable Objects in a Storage Device - A data storage system includes a storage device and a data handler that receives an object, creates metadata for the object that includes a key and an authorization, stores the object on the storage device, receives a request for the object, determines if the request includes the key, and, if the request has authorization information, permits access to the object. The data handler receives another request for the object, determines if the request includes the key, and, if the request does not have the authorization information, denies access to the object. | 06-26-2014 |
20140182000 | OPERATION APPARATUS, CONTENT PARENTAL LOCK SETTING METHOD, AND ELECTRONIC APPARATUS - An operation apparatus includes a communication section to communicate with an electronic apparatus capable of communicating, through a first transmission medium, with an accumulation apparatus capable of accumulating contents, the communication section communicating with the electronic apparatus through a second transmission medium, a content selection section to select a content to which a parental lock is to be set from among the contents accumulated in the accumulation apparatus, a release key setting section to set a key for releasing the parental lock for the content selected, a storage section to associate identification information of the content selected with the key set by the release key setting section and stores the identification information and the key associated with each other, and a parental lock notification section to notify the accumulation apparatus in which the content is accumulated of the identification information of the content to which the parental lock is set. | 06-26-2014 |
20140189889 | MANAGING AUTHORIZATION OF ACTIONS ASSOCIATED WITH DATA OBJECTS - Managing actions associated with objects stored in a data storage system includes: receiving, over an input device or port, a request to determine authorization of an action associated with an object; and computing, with at least one processor, authorization information for processing the received request. The computing includes: determining a class of the object, retrieving a rule specification associated with the class, and evaluating at least one rule defined in the retrieved rule specification or defined in rule specifications associated with classes of any objects referenced in the retrieved rule specification. | 07-03-2014 |
20140196158 | METHOD AND SYSTEM FOR PROTECTING PRIVACY AND ENHANCING SECURITY ON AN ELECTRONIC DEVICE - A method for protecting privacy and enhancing security on an electronic device is provided. When sensor information associated with at least one user input action is collected by a sensor in an electronic device hosting a plurality of applications, the method includes intercepting a request to access the sensor information from a requesting application of the plurality of applications, and controlling access to the sensor information associated with the at least one user input action based on the requesting application. By controlling access to the sensor information, leakage of sensitive or secure information to a malicious background application is minimized and privacy and security are enhanced. | 07-10-2014 |
20140196159 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO PROTECTED CONTENT - A receiver includes a first interface to receive content, a second interface to be coupled to a device, and a processor to determine whether the device is a compliant device and to prevent decryption of at least a portion of the content received through the first interface when the device is determined to be a non-compliant device. | 07-10-2014 |
20140208442 | Systems and Methods of Secure Domain Isolation Involving Separation Kernel Features - Systems and methods are disclosed for providing secure information processing. In one exemplary implementation, there is provided a method of secure domain isolation. Moreover, the method may include configuring a computing component with data/programming associated with address swapping and/or establishing isolation between domains or virtual machines, processing information such as instructions from an input device while keeping the domains or virtual machines separate, and/or performing navigating and/or other processing among the domains or virtual machines as a function of the data/programming and/or information, wherein secure isolation between the domains or virtual machines is maintained. | 07-24-2014 |
20140208443 | System and Methodology for Selectively Controlling the Transmission of Content - According to one aspect of the present invention, a system and methodology is provided which controls whether or not content is permitted to be transmitted from a source device depending upon the nature of the content and/or other factors more fully described herein. Source devices may include devices such as mobile phones, tablets, netbooks, laptops, desktop computers, and any other devices which are capable of transmitting content which is resident on such device. As an example, inappropriate photographs may be identified by the system of the present invention, and when a user attempts to transmit one or more of these photographs, the system will prevent the user from doing so. | 07-24-2014 |
20140208444 | SYSTEM AND METHOD FOR TEMPORARY OBFUSCATION DURING COLLABORATIVE COMMUNICATIONS - Systems and methods for temporary obfuscation during collaborative communications are provided. A method for obfuscation during collaborative communications, comprises entering a message including content into a first messaging device, marking the content as sensitive, sending the message including the content via a network to a second messaging device, and obfuscating the marked content and displaying any remaining portions of the message on the second messaging device. | 07-24-2014 |
20140208445 | SYSTEM AND METHOD FOR TEMPORARY OBFUSCATION DURING COLLABORATIVE COMMUNICATIONS - Systems and methods for temporary obfuscation during collaborative communications are provided. A method for obfuscation during collaborative communications, comprises entering a message including content into a first messaging device, marking the content as sensitive, sending the message including the content via a network to a second messaging device, and obfuscating the marked content and displaying any remaining portions of the message on the second messaging device. | 07-24-2014 |
20140259189 | REVIEW SYSTEM - Techniques are provided for counteracting bias in reviews by authenticating and/or weighing the reviews based on the user-specific context. For instance, the reviews may be authenticated based on the user's location and the relative position of the user with respect to other users. For example, a number of users sitting at a movie theater in an arc shape for an extended period of time may indicate that the users are watching a movie at the movie theater. Techniques described herein may provide the users with an interface to provide a review for the movie theater as the users break the arc formation indicating completion of the movie. In another example, reviews of content such as media clips, using a device, may also be authenticated and/or weighed based on the user-specific context. The user-specific context, such as the lighting conditions, the time of day of the review, etc., can indicate the level of detail that the user examined the content with and provide a metric for authenticating and/or weighing the reviews. | 09-11-2014 |
20140259190 | SYSTEM AND METHOD FOR ENHANCED SECURITY AND MANAGEMENT MECHANISMS FOR ENTERPRISE ADMINISTRATORS IN A CLOUD-BASED ENVIRONMENT - A cloud-based platform (e.g., cloud-based collaboration and/or storage platform/service) is described that provides administrators with better visibility into content and activity across an enterprise account via advanced search tools and activity reports. Administrator tools are also provided that allow for actively managing content and passively monitoring content with real-time alerts sent to the administrator if usage of the cloud-based platform changes within the enterprise account. A reporting API is also supported by the cloud-based platform to permit the platform's activity logs to be retrieved by a third-party platform. Additionally, administrators are provided with the option to select two-step login verification of enterprise account users. | 09-11-2014 |
20140283138 | Secure Data Sharing With Publicly Accessible Computing Nodes - An embodiment of the invention includes determining a first security status for first information and a second security status for second information, the second security status being more secure than the first security status; establishing a first communication path between the system and a first local computing node via a first wireless path; conveying the first information to the first local computing node via the first wireless path based on the first security status; and withholding the second information from the first local computing node based on the second security status; wherein the first and second information are stored on at least one of the system and a remotely located computing node. Other embodiments are described herein. | 09-18-2014 |
20140283139 | SYSTEMS AND METHODS FOR PARSING USER-GENERATED CONTENT TO PREVENT ATTACKS - The present invention relates to systems and methods for parsing of a token stream for user generated content in order to prevent attacks on the user generated content. The systems and methods include a database which stores one or more whitelists, and a parser. The parser removes tokens from the token stream by comparing the tokens against the whitelist. Next, the parser validates CSS property values, encodes data within attribute values and text nodes, reconciles closing HTML tags, and coerces media tags into safe variants. The tokens removed may be any of HTML tags, HTML attributes, HTML protocols, CSS selectors and CSS properties. | 09-18-2014 |
20140283140 | DIGITAL MEDIA CONTENT MANAGEMENT APPARATUS AND METHOD - A digital media content management apparatus and method for securely storing a content file on a computer readable medium and playing the content file from the computer readable medium is disclosed. The content file comprises control information readable by a content player and payload information including content data. The content file is deconstructed into at least one control information portion and at least one payload information portion being undetectable to a content player of a user device. The control information portion and the payload information portion are separately stored, and at least one of the portions is associated with packing data, and the packing data associated with at least one of the portions comprises a reference to the location of the other portion. | 09-18-2014 |
20140283141 | Switching a Mobile Device from Operating in a Primary Access Mode to a Secondary Access Mode - Some embodiments of the invention provide a mobile device with multiple access modes. The device in some embodiments has at least two access modes, a primary access mode and a secondary access mode, that provide different restrictions for accessing the applications and/or data that are stored on the device. In some embodiments, the primary access mode of the device provides unfettered access to all of the device's applications and/or data that are available to a user, while its secondary access mode provides access to a limited set of applications and/or data that are stored on the device. | 09-18-2014 |
20140283142 | Analyzing Applications for Different Access Modes - Some embodiments of the invention provide a mobile device with multiple access modes. The device in some embodiments has at least two access modes, a primary access mode and a secondary access mode, that provide different restrictions for accessing the applications and/or data that are stored on the device. In some embodiments, the mobile device automatically selects applications to share or keep private based metadata associated with the applications. | 09-18-2014 |
20140283143 | SOFTWARE APPLICATION FOR MANAGING PRODUCT MANUALS - Methods, systems, and computer-readable medium for managing product manuals. One system includes an electronic device that is configured to download a product manual from a server, store the product manual to non-transitory computer-readable medium included in the electronic device, and associate an authentication period with the product manual. The electronic device is also configured to receive a request to display the product manual from a user and, in response to the request, display the product manual to the user when the authentication period has not expired. In addition, the electronic device is configured to automatically delete product manual from the non-transitory computer-readable medium when the authentication period has expired. | 09-18-2014 |
20140283144 | ENVIRONMENTAL MONITORING DEVICE - An environmental monitoring device that monitors the operation of a legacy electronic device is described. In particular, a sensor in the environmental monitoring device provides sensor data that represents an environmental condition in an external environment that includes the environmental monitoring device. This environmental condition is associated with the operation of the legacy electronic device in the external environment. The environmental monitoring device analyzes the sensor data and provides feedback about the operation of the legacy electronic device based on the analyzed sensor data. Moreover, the sensor provides the sensor data without or excluding communication and/or electrical coupling between the environmental monitoring device and the legacy electronic device. In this way, the environmental monitoring device facilitates monitoring, analysis and feedback of the sensor data without directly interacting with the legacy electronic device. | 09-18-2014 |
20140283145 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PREVENTING ACCESS TO DATA WITH RESPECT TO A DATA ACCESS ATTEMPT ASSOCIATED WITH A REMOTE DATA SHARING SESSION - A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented. | 09-18-2014 |
20140289872 | DATA SHARING CONTROL METHOD AND DATA SHARING CONTROL TERMINAL - Provided is a method and apparatus to detect and control flow of data shared in a terminal. A method to control data sharing may include accessing a program that shares a type of data with a terminal, displaying the accessed program on a screen organized by the type of data; and controlling the data to be shared with the accessed program in response to a control signal input on the screen. | 09-25-2014 |
20140289873 | SYSTEM AND METHOD FOR AUTOMATED LICENSING IDENTIFICATION AND VERIFICATION - A system for license identification and verification uses watermarking technology to embed license information in the medium itself. Various techniques for the creation of the license are described. The Platform on which the media will be used can extract the watermark data and thereby identify and verify the license. The watermark data includes a certain minimal amount of license data. If further information is required, the Platform can use the watermark data to request additional license details from a Licensor or from a license server. Using this approach, the Platform can readily identify and verify that the media in its possession is properly licensed. | 09-25-2014 |
20140310824 | METHOD FOR MANAGING EXTERNAL PORTABLE STORAGE DEVICE AND RELATED MACHINE READABLE MEDIUM - A method for managing an external portable storage device includes at least the following steps: when the external portable storage device having at least a non-encrypted partition is electrically connected to an electronic device, searching the external portable storage device for a default image file which is an encrypted partition; and when the default image file is found in the external portable storage device, mounting the default image file to an operating system of the electronic device, such that the encrypted partition and the non-encrypted partition are both available to the operating system for data access. | 10-16-2014 |
20140310825 | SYSTEM AND METHOD FOR IDENTIFICATION OF INAPPROPRIATE MULTIMEDIA CONTENT - A system and method for identification of inappropriate multimedia content elements are provided. The method includes receiving a request to identify a multimedia content element from a user device; generating at least one signature respective of the received multimedia content element; matching between the at least one of generated signature respective of the multimedia content element and at least one signature of each concept designated as inappropriate; determining whether a match is identified between the at least one of signature generated respective of the multimedia content element and the at least one signature of an inappropriate concept; and preventing the display on a user device of the multimedia content element, upon identification of a match. | 10-16-2014 |
20140317763 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PERFORMING ONE OR MORE MAINTENANCE TASKS ON A REMOTELY LOCATED COMPUTER CONNECTED TO A SERVER COMPUTER VIA A DATA NETWORK - A method and computer executable program code are disclosed for performing one or more maintenance tasks on a remotely located computer connected to a server computer via a data network. | 10-23-2014 |
20140317764 | INFORMATION COMMUNICATION APPARATUS - An information communication apparatus includes: a communication portion; a storage apparatus connection portion that performs input and output operations with respect to a storage apparatus; a storage region management portion configured to provide, in the storage apparatus, a public region that makes an electronic file publicly accessible through the communication portion, and a private region that does not make an electronic file publicly accessible; and a file management portion that is capable of moving an electronic file that is stored in the storage apparatus, and is configured to move a predetermined electronic file to the private region. | 10-23-2014 |
20140325685 | METHOD FOR CONTROLLING ACCESS TO DATA AND ELECTRONIC DEVICE THEREOF - A system determines access authorization to data in an electronic device by detecting application identifier information of an application program and detecting manufacturer identifier information of the application program. The system generates access token information using the application identifier information of the application program and the manufacturer identifier information. | 10-30-2014 |
20140325686 | TERMINAL APPARATUS AND METHOD FOR PLAYING MULTIMEDIA CONTENT ENCRYPTED BASED ON DRM - A method for playing multimedia content encrypted based on digital rights management (DRM) by a terminal apparatus having a web server module unit, the method comprising: receiving a request for playing the multimedia content encrypted based on DRM; converting a local file path via which the multimedia content encrypted based on DRM corresponding to the received play request is stored into a web server URL path for the web server module unit; providing the web server URL path to a multimedia device player for playing the multimedia content encrypted based on DRM; when the multimedia device player accesses the web server module unit by using the web server URL path, checking whether there is a session being connected to the web server URL; and controlling whether to decode the multimedia content encrypted based on DRM depending on the checking results. | 10-30-2014 |
20140331337 | SECURE ISOLATION OF TENANT RESOURCES IN A MULTI-TENANT STORAGE SYSTEM USING A GATEKEEPER - Machines, systems and methods for controlling access to data stored on shared storage, servicing a plurality of tenants, the method comprising receiving a request from a first process to access a first data item associated with a first tenant in a multi-tenant data storage system, and providing access to the data item through a gatekeeper, in response to determining that the first process is associated with the first tenant. | 11-06-2014 |
20140331338 | DEVICE AND METHOD FOR PREVENTING CONFIDENTIAL DATA LEAKS - The present invention makes it possible to verify definition information and data in a remote environment while properly protecting confidential data definition information using encryption and the like. The present invention comprises: a step for hiding in an individual manner definition information, such as a word or partial character string representing confidential information, using encryption, hashing, or the like; a step for extracting and hiding in an individual manner a word, partial character string or other such element from data to be controlled; a step for transmitting the hidden element to a server; and a step for verifying, in a hidden manner as-is, the hidden definition information and the hidden element, and deciding whether information matching the definition information is included in the data to be controlled. | 11-06-2014 |
20140338004 | SYSTEM AND METHOD FOR A SECURE ENVIRONMENT THAT AUTHENTICATES SECURE DATA HANDLING TO THE USER - A system and method is introduced for combining a secure device with a non secure user machine for using and sharing secure data seamlessly through the non secure user machine. The secure device runs in a separate, “parallel world” to the user machine so that the user machine cannot access secure data while it is being used. Even if the user machine is already compromised, the secure data and its usage remain protected from the likes of key logging and screen captures. The secure device authenticates secure data handling to the user so that the user is able to differentiate between a secure and a non secure data usage, as well as identify false imitations of the secure environment. | 11-13-2014 |
20140338005 | INFORMATION PROCESSING APPARATUS, SYSTEM MANAGEMENT METHOD, AND RECORDING MEDIUM - In an information processing apparatus, software is installed to build a system providing a predetermined function. The information processing apparatus includes a generating unit configured to generate system identification information for identifying the system built by installing the software, the system identification information being generated from authentication information obtained by performing license authentication on the software; and a registering unit configured to send the system identification information generated by the generating unit to a management device that manages a plurality of the systems via a predetermined data transmission line, to register the system identification information in the management device as management information. | 11-13-2014 |
20140344956 | System and method for processing song, music, and/or lyric information for copyright registration - A system including a processing service device that processes song, music, or lyric information; a mobile device that records the information; a profile management device that manages profile information related to the information; a recognition and feature extraction device that recognizes lyrics or extracts attributes or features of the information; and a content management and submission device that combines or formats the information and the profile information. A method including accessing or preparing a mobile device for recording song, music, or lyric information; recording the information; transmitting the recorded information; setting or updating a processing status of the recorded information; searching for the recorded information; recognizing the lyrics or extracting the attributes or features of the recorded information; storing the recognized lyrics or extracted attributes or features; and updating a processing status of the recognized lyrics or extracted attributes or features. | 11-20-2014 |
20140344957 | ENCRYPTION BASED ON NETWORK INFORMATION - A communications device according to the present disclosure for communicating within a communications network contains an encryption device and an initialisation-vector generator. The encryption device encrypts outgoing messages at least partially by means of a code and an initialisation vector, which is generated by the initialisation-vector generator. In this context, the initialisation vector is generated at least partially on the basis of network information of the communications network. | 11-20-2014 |
20140344958 | SYSTEM AND METHOD FOR DATA MASKING - A system, computer-readable medium, and method for masking data including receiving a request directed to a network service, applying a rule set to the request to identify sensitive data which is responsive to the request, rewriting the request, based on the rule set, such that the rewritten request will result in the sensitive data being retrieved and converted into a masked format according to one or more instructions in the rewritten request, and transmitting the rewritten request to the network service. | 11-20-2014 |
20140344959 | SYSTEM FOR DISTRIBUTION PERMISSIONS FOR NETWORK COMMUNICATIONS - A system that can control whether a recipient of an electronic message (e.g., a text message, a multimedia message, an e-mail message, etc.) with a forwarding-restricted attachment is permitted to forward the attachment to third parties can be implemented on the network without specialized hardware or software for the client devices. The sender of a text message may limit the downstream distribution of that text message through text message forwarding by associating a forwarding restriction flag with the message. | 11-20-2014 |
20140351958 | USER CENTRIC DATA MAINTENANCE - One or more techniques and/or systems are provided for dynamically maintaining user centric data. For example, a data provider app may have knowledge about user centric data associated with a user (e.g., a social network app may have contact information for a social network friend of the user). A user centric profile may be defined for the user centric data based upon information provided by the data provider app (e.g., a contact card may be generated for the social network friend). Responsive to receiving a request for the user centric profile from a requestor app (e.g., an event planning app), the user centric profile may be exposed to the user but not to the requestor app for security and/or privacy purposes. For example, an operating system may present at least some of the user centric profile within an operating system user interface. | 11-27-2014 |
20140359793 | METHOD AND SYSTEM FOR ISOLATING SECURE COMMUNICATION EVENTS FROM A NON-SECURE APPLICATION - A system and method for isolating secure communication events from a non-secure application are described herein. The method can include the steps of intercepting a communication event from an external communications network or an external communications device and determining whether the communication event is a secure communication event. If the communication event is a secure communication event, the secure communication event can be processed by a secure application. In addition, the secure communication event can be prevented from being processed by the non-secure application. | 12-04-2014 |
20140373182 | SYSTEMS AND METHODS OF AUTOMATED COMPLIANCE WITH DATA PRIVACY LAWS - The technology disclosed relates to automated compliance with data privacy laws of varying jurisdictions. In particular, it relates to constructing trust filters that automatically restrict collection, use, processing, transfer, or consumption of any person-related data that do not meet the data privacy regulations of the applicable jurisdictions. The trust filters are constructed dependent on associating person-related data entities with trust objects that track person-related data sources. | 12-18-2014 |
20140380511 | Methods and Systems for Controlling Levels of Geolocation Access - A communication device may be configured to control access to geolocation services for applications on the communication device utilizing a first privacy access level setting that enables access to the geolocation services when selected, a second privacy access level setting that disables access to the geolocation services when selected, and other privacy access level settings that are different from, and fall between, the first privacy access level setting and the second privacy access level setting, and enable one time access to the geolocation services for the communication device when selected. The applications can include applications on the communication device that are managed and/or handled by a particular application service provider. The privacy access level settings comprise an anonymous one-time access and a non-anonymous one-time access. | 12-25-2014 |
20140380512 | DATA ACCESS CONTROL SYSTEMS AND METHODS - Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer. A tamper detection mechanism is provided in the computer for protecting against attempts to copy the unprotected form of the protected data onto memory devices other than the one or more memory devices used by the motherboard or computer card. | 12-25-2014 |
20140380513 | USER TRANSPARENT VIRTUALIZATION METHOD FOR PROTECTING COMPUTER PROGRAMS AND DATA FROM HOSTILE CODE - A secure computing environment that prevents malicious code from “illegitimately” interacting with programs and data residing on the computing platform. While the various embodiments restrict certain programs to operate in a virtualized environment, such operation is transparent to the user from the operational point of view. Moreover, any program operating in the virtualized environment is made to believe that it has full access to all of the computing resources. To prevent a user from unknowingly or inadvertently allowing the program to adversely affect the computer, the user is also presented with “feel” that the program is able to perform all operations in the computing environment. | 12-25-2014 |
20150026828 | METHODS AND APPARATUS FOR CHARACTER SET CONTROL, VERIFICATION AND REPORTING - Systems and methods for character set control, verification and reporting are provided. In an example embodiment, a data evaluation system comprises at least one module, executing on one or more computer processors, to implement a language and character set phase in which an authorized character set comprising authorized characters is defined; a document phase including receipt of an input document, the input document comprising document characters; a detection phase including a comparison of the document characters against the authorized characters in the authorized character set to detect unauthorized characters in the input document not forming part of the authorized character set; and a reporting phase including display of the unauthorized characters to a user. | 01-22-2015 |
20150033367 | Solution for Continuous Control and Protection of Enterprise Data Based on Authorization Projection - Extracting data from a source system includes generating an authorization model of the data protection controls applied to the extracted data by the source system. The authorization model is used to map the data protection control applied to the extracted data to generate corresponding data protection controls provided in target system. The extracted data is imported to the target system including implementing the corresponding data protection controls. | 01-29-2015 |
20150040246 | CENTRALIZED SELECTIVE APPLICATION APPROVAL FOR MOBILE DEVICES - A system and method for confirming an application change event associated with a device infrastructure of a mobile device, the method comprising the steps of: storing an application authorization list identifying a plurality of mobile applications, the application authorization list being remote from the mobile device over a communications network; receiving an application authorization request from the mobile device over the communications network, the application authorization request including application identification information; comparing the application identification information with one or more listed mobile applications of the plurality of mobile applications identified in the application authorization list; determining whether the application information matches any of the plurality of mobile applications to produce a decision instruction containing an authorization decision; and sending the decision instruction to the mobile device for subsequent processing of the decision instruction by a mobile agent associated with the device infrastructure; wherein processing of the decision instruction provides for confirmation of the application change event. | 02-05-2015 |
20150040247 | METHOD AND APPARATUS FOR INFORMATION CARRIER AUTHENTICATION - The present invention relates to a method of enabling authentication of an information carrier, the information carrier comprising a writeable part and a physical token arranged to supply a response upon receiving a challenge, the method comprising the following steps; applying a first challenge to the physical token resulting in a first response, and detecting the first response of the physical token resulting in a detected first response data, the method being characterized in that it further comprises the following steps; forming a first authentication data based on information derived from the detected first response data, signing the first authentication data, and writing the signed authentication data in the writeable part of the information carrier. The invention further relates to a method of authentication of an information carrier, as well as to devices for both enabling authentication as well as authentication of an information carrier. | 02-05-2015 |
20150059006 | Secure Device Management Abstraction and Unification Module - An exemplary system that includes a computing device that stores an abstraction and unification module, the abstraction and unification module being executable by a processor of the computing device to receive from a frontend component a request for information located within a backend component of the computing device and validate that the frontend component is authorized to receive the information specified in the request. The abstraction and unification module may further pass the request to an abstraction engine that extracts the information from the backend component and provides the information extracted from the backend component to frontend component. | 02-26-2015 |
20150059007 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 02-26-2015 |
20150059008 | UNDISCOVERABLE PHYSICAL CHIP IDENTIFICATION - Methods and circuits for undiscoverable physical chip identification are disclosed. Embodiments of the present invention provide an intrinsic bit element that comprises two transistors. The two transistors form a pair in which one transistor has a wide variability in threshold voltage and the other transistor has a narrow variability in threshold voltage. The wide variability is achieved by making a transistor with a smaller width and length than the other transistor in the pair. The variation of the threshold voltage of the wide variability transistor means that in the case of copies of intrinsic bit elements being made, some of the “copied” wide variability transistors will have significantly different threshold voltages, causing some of the intrinsic bit elements of a copied chip to read differently than in the original chip from which they were copied. | 02-26-2015 |
20150067893 | CLOUD E-DRM SYSTEM AND SERVICE METHOD THEREOF - A digital rights management system and a service method thereof, and an enterprise digital rights management (E-DRM) system for document security installed in a cloud system are provided. The present systems can be implemented to be used in a variety of environments without being affected by the type or environment of a user terminal using a method which allows the client to use a contents data through a virtual machine system, and the E-DRM system is configured to include a cloud system, a security system and a virtual machine system. | 03-05-2015 |
20150067894 | OBJECT BASED PRIVACY CONTROL - An electronic device may include a processor and a blacklist database listing objects not to be displayed. The processor is to remove an object from a frame before the frame is sent to or received from an electronic device when the object is listed in the blacklist database. In an example, an electronic device can include logic to receive, in a processor, a frame to be sent to or received from an electronic device and logic to scan the frame to identify an object. The electronic device can also include logic to determine if the object is listed in a blacklist database. The electronic device further includes logic to modify the frame to remove the object when the object is listed in the blacklist database and logic to transfer the frame for processing. | 03-05-2015 |
20150074832 | METHOD AND DEVICE FOR VERIFYING A DATA DISPLAY IN A SECURITY-CRITICAL SYSTEM - A method is described for operating a computer system comprising a computer and a display unit, wherein a reference pattern is formed based on input value fed into the computer, wherein image signals for the display unit are generated based on the input value, wherein the image signals fed to the display unit are detected, wherein the detected image signals are subjected to a pattern recognition to provide a recognized pattern, and wherein the recognized pattern is compared with the reference pattern. | 03-12-2015 |
20150096059 | License Management System - A license management system comprises at least one processor capable of executing processor-executable code coupled with a non-transitory processor-readable medium storing a master license database and processor-executable code for causing the processor to: (a) store a master state of a network device indicative of at least one license key associated with the network device in the master license database; (b) access information indicative of a license key request for the network device subsequent to the storing of the master state, the license key request including a current state of the network device; (c) compare the master state of the network device with the current state of the network device; and (d) in response to the master state differing from the current state of the network device, generate an error message and store the error message in non-transitory processor-readable medium. | 04-02-2015 |
20150096060 | Systems and Methods for Accessing Digital Content Using Electronic Tickets and Ticket Tokens - Systems and methods for accessing digital content using electronic tickets and ticket tokens in accordance with embodiments of the invention are disclosed. In one embodiment, a user device includes a processor, a network interface, and memory configured to store an electronic ticket, and a ticket token, and the processor is configured by an application to send a request for digital content, receive a ticket token from a merchant server, wherein the ticket token is generated by a DRM server and associated with an electronic ticket that enables playback of the requested digital content, send the ticket token to a DRM server, receive an electronic ticket that enables playback of requested digital content, request the digital content associated with the electronic ticket, and play back the requested digital content using the electronic ticket. | 04-02-2015 |
20150101069 | Systems And Methods For Entitlement Management - Systems and methods for managing data are disclosed. One method can comprise receiving a first request for a service, wherein the first request is associated with a first rights package. The first rights package can be processed to determine access to the service. An evaluation key can be generated, wherein the evaluation key represents the determination of access relating to the processing of the first rights package. A second request for a service can be received, wherein the second request is associated with a second rights package. The second rights package can be processed using the evaluation key. | 04-09-2015 |
20150113667 | Method for Processing Media Content, Control Point, Media Server, and Media Renderer - A method for processing media content is provided. The method includes sending a control command to a media renderer in a home area network, where the control command is used to instruct the media renderer to request authentication with an authentication server; determining a content list, where the content list includes media content items that can be played by media renderers authenticated; displaying the content list to a user; and sending, according to target media content that the user selects to play from the content list and a target media renderer that the user selects for playing the target media content, a uniform resource identifier of the target media content to the target media renderer, so that the target media renderer acquires and plays the target media content. As such, media content selected by a user can be played by an authenticated media renderer. | 04-23-2015 |
20150121555 | TOKEN BASED CLUB DIGITAL CONTENT LICENSING METHOD - A method and apparatus for token based club digital content licensing are disclosed. Token based club digital content licensing may include receiving, from a first user device, at a server, a first request for access to a first digital content object, wherein the first request indicates a first unique user identifier associated with a digital content licensing group, wherein the digital content licensing group is associated with an available shared license unit count and an unavailable shared license unit count, identifying a first assigned unit count for the first digital content object, performing license unit based digital content access control in response to receiving the first request. In some embodiments, on a condition that the first assigned unit count is within the available shared license unit count, license unit based digital content access control may include enabling access to the first digital content object by the first user device. | 04-30-2015 |
20150128295 | METHOD AND SYSTEM FOR VALIDATING A VIRTUAL ASSET - Virtual asset creation data used to create a virtual asset is generated through a virtual asset creation system that includes primary virtual asset data. Secondary authentication data is also generated. When the virtual asset is launched, the secondary authentication data is passed to the virtual asset from the virtual asset creation system. The primary virtual asset data and secondary authentication data from the virtual asset creation system and the virtual asset, and/or one or more other sources associated with the virtual asset, are then sent to a virtual asset validation system through different communication channels. If the primary virtual asset data and secondary authentication data from the two sources match, or have a defined threshold level of similarity, the status of the virtual asset is transformed to the status of validated virtual asset eligible to receive sensitive data. | 05-07-2015 |
20150135337 | SYSTEMS AND METHODS FOR MONITORING AND APPLYING STATISTICAL DATA RELATED TO SHAREABLE LINKS ASSOCIATED WITH CONTENT ITEMS STORED IN AN ONLINE CONTENT MANAGEMENT SERVICE - Shareable links can be created to share content items and information pertaining to activity on those shareable links can be monitored and stored in an online content management service. Based on this activity information, actions can be executed. These actions can include sending notifications regarding link activity, disabling shareable links, and/or updating activity thresholds related to the shareable links. Using the activity information, popular shared content items can be identified and recommendations for sharing unshared content items can be provided to the user. Additionally, advertisements can be tailored to the relative popularity of the shared content items. | 05-14-2015 |
20150135338 | DIGITAL CERTIFICATE WITH SOFTWARE ENABLING INDICATOR - A server computer has a network interface circuit and a processing circuit. The network interface circuit is configured to provide communications over a network. The processing circuit is configured to transmit over the network an electronic document comprising a digitally signed identity associated with the server computer. The electronic document further comprises a software enabling indicator, the software enabling indicator comprising data indicating whether a software feature of a system is to be enabled for use. | 05-14-2015 |
20150135339 | SYSTEM AND METHOD FOR UPDATING INFORMATION CAPABLE OF PROVIDING MEDIA CONTENT - Disclosed herein are a system and method for updating information capable of providing media content, wherein when a service restriction is generated in a DMS in a home network system based on DLNA. The system include a DMS configured to send service limitation information to DMPs when service limitation is generated and to send an unable content list to a specific DMP of the DMPs when a request for the unable content list is received from the specific DMP and the DMPs each configured to request the unable content list from the DMS when receiving the service limitation information from the DMS, receive the unable content list from the DMS, and update a content list by applying the received unable content list to the content list. | 05-14-2015 |
20150143545 | Function for the Challenge Derivation for Protecting Components in a Challenge-Response Authentication Protocol - The invention relates to a device for authenticating a product with respect to at least one authenticator. Said device comprises a capturing unit, a test unit and a transmitting unit. Said capturing unit is designed to capture a challenge emitted by the authenticator. Said test unit is designed to test an authorization from the authenticator for capturing a response to the emitted challenge. Said transmitter unit is designed to transmit a predetermined response to the authenticator in accordance with the tested authorization and the captured challenge. As a result, increased security during the authentication is ensured. The invention also relates to a system comprising said type of device and an authenticator, and to a method and a computer program product for authenticating a product. | 05-21-2015 |
20150143546 | SERVICE ORIENTED SECURE COLLABORATIVE SYSTEM FOR COMPARTMENTED NETWORKS - A system receives a request to store a document in a database, receives a user security token, analyzes the document to determine an adjudicated security level for the document, compares the user security token to the adjudicated security level, stores the document when the user security token is equal to the adjudicated security level, when the user security token is not equal to the adjudicated security level, queries the user as to whether the document should be stored with the adjudicated security level, receives a response to the query from the user, stores the document when the user agrees to store the document with the adjudicated security level, and when the user does not agree to store the document with the adjudicated security level, transmits a message to a security officer and quarantine the document. | 05-21-2015 |
20150143547 | SECURE PROVISIONING OF NETWORK SERVICES - Provided are systems and methods for secure provisioning of consumer network services. For example, there is a broadband modem for secure provisioning of a network service, where the broadband modem includes a controller having an embeded memory. The controller is configured to enable an unmanaged interface of the broadband modem, to establish a subscription interface link over the enabled unmanaged interface, and to download, over the subscription interface link, a subscriber firmware enabling a managed interface corresponding to the network service. Power cycling the broadband modem erases the downloaded subscriber firmware and disables the managed interface. | 05-21-2015 |
20150143548 | METHODS AND SYSTEMS FOR REMOTELY REMOVING METADATA FROM ELECTRONIC DOCUMENTS - A method and system for removing metadata from email attachments sent from mobile devices includes receiving an email with an attached document. The attached document has metadata removed to create a cleansed version of the attached document. The attached document is replaced by the cleansed version of the attached document, and the email is sent according to the address or addresses included in the email. | 05-21-2015 |
20150143549 | METHOD, AN APPARATUS, A COMPUTER SYSTEM, A SECURITY COMPONENT AND A COMPUTER READABLE MEDIUM FOR DEFINING ACCESS RIGHTS IN METADATA-BASED FILE ARRANGEMENT - The invention relates to a method for a computer system storing electronic objects being defined by metadata items. The method comprises deriving access rights from one or more security components originating from respective metadata items of at least one object, and determining the effective access rights for the object by means of the security components. The invention also relates to a method for a computer system storing electronic objects being defined by metadata items, wherein access rights for an object are determined by means of one or more pseudo-users. The invention also relates to an apparatus, a computer system and a computer readable medium comprising a computer program stored therein for carrying out the methods. | 05-21-2015 |
20150295938 | METHOD AND APPARATUS FOR PREVENTING UNAUTHORIZED SERVICE ACCESS - The present invention is applicable to the network access control field and provides a method and apparatus for preventing unauthorized service access. According to embodiments of the present invention, the found IP address is compared with the IP address of the server to which access is requested in the packet, so as to effectively determine a service access request whose packet is tampered with and to terminate the service access request. This effectively solves a problem in which a gateway device cannot charge for a chargeable service due to tampering of a domain name in a packet by a user. | 10-15-2015 |
20150302215 | SENSITIVE OPERATION VERIFICATION METHOD, TERMINAL DEVICE, SERVER, AND VERIFICATION SYSTEM - The present disclosure relates to the field of network technologies, and discloses a sensitive operation verification method, a terminal device, a server, and a verification system. The method includes: scanning, by a first terminal device, a two-dimensional code for initiating a sensitive operation, and obtaining information in the two-dimensional code, the information in the two-dimensional code being at least used to uniquely determine the sensitive operation; and sending, by the first terminal device, a first verification request to a verification server, the first verification request carrying verification information of the first terminal device and the information in the two-dimensional code. | 10-22-2015 |
20150302217 | APPLICATION ENGAGEMENT IDENTIFICATION USING A DYNAMIC PATTERN - Systems and methods securely determine whether a human or a hacking computing device attempts to engage an application. Embodiments of the present disclosure relate to identifying a defined pattern to be displayed by a user interface for an individual to trace. The defined pattern is dynamically displayed so that characteristics associated with the defined pattern change as the defined pattern is displayed. A background is displayed simultaneously with the defined pattern. The background randomly changes as the characteristics associated with the defined pattern change. The likelihood that a hacking computing device can recognize the dynamically changing defined pattern from the dynamically changing background is low while the likelihood that the human brain can do so is high. Thus, user attempting to engage the application is confirmed as a human when a trace of the defined patter is received. | 10-22-2015 |
20150302221 | SECURE ACCESS TO PROGRAMMING DATA - Embodiments for preventing data loss and allowing selective data access are provided. In some embodiments, the system and method are configured to receive task protocols and registration requests; determine an allowed list based on the protocols or requests, the list comprising registered data and codes needed to execute a task; allow a user to establish a connection to a device to execute the task on the device; identify data being transferred to and from the device; compare the data being transferred and the allowable list; and determine that at least some of the data being transferred is allowable. | 10-22-2015 |
20150304290 | ELECTRONIC DEVICES AND METHODS FOR NEAR FIELD COMMUNICATION - An electronic device includes a secure element, a touch sensor and a touch sensor controller. The secure element generates a security code for a trusted transaction. The touch sensor includes transmitting electrodes and receiving electrodes configured for sensing touch events on a touch-sensitive area of the electronic device. The touch sensor controller is coupled to the secure element and the touch sensor and controls operations of the touch sensor. The secure element further transmits the security code to the touch sensor controller and the touch sensor controller transmits the security code via the transmitting electrodes. | 10-22-2015 |
20150310199 | SECURE DATA ENTRY - A first computing device is configured to receive a request for validation, to generate, based on the request, a virtual data entry mechanism that includes randomly arranged data entry elements, and to provide the virtual data entry mechanism to a second computing device. | 10-29-2015 |
20150317471 | USER TRUSTED DEVICE TO ATTEST TRUSTWORTHINESS OF INITIALIZATION FIRMWARE - The present invention is notably directed to a user trusted device ( | 11-05-2015 |
20150317472 | USER TRUSTED DEVICE FOR DETECTING A VIRTUALIZED ENVIRONMENT - The present invention is notably directed to a method for enabling a computer ( | 11-05-2015 |
20150319148 | NETWORK INFORMATION SYSTEM WITH LICENSE REGISTRATION AND METHOD OF OPERATION THEREOF - A network information system, and a method of operation thereof, includes: an extraction module for extracting a unique device identification for sending to an e-commerce server, wherein the unique device identification is extracted from a network-connected device with a software application installed and not activated on the network-connected device; a settlement process module, coupled to the extraction module, for generating a notification based on the unique device identification for sending to a license server; and a key generation module, coupled to the settlement process module, for generating a product key for the unique device identification based on the notification for activating the software application to run on a computing device. | 11-05-2015 |
20150324574 | SERVER DEVICE, SOFTWARE PROGRAM, AND SYSTEM | 11-12-2015 |
20150324596 | BULK DATA ERASE UTILIZING AN ENCRYPTION TECHNIQUE - A system and a computer program product are disclosed for eliminating access to data on removable storage media of a removable storage media cartridge. The system comprises a computer configured to send to a data storage drive a command to eliminate access to data on a removable storage media cartridge, and send to the data storage drive a command to shred at least one key in response to the command, where shredding the at least one key eliminates access to the data on the removable storage media cartridge. A determination to eliminate access to the data on the removable storage media cartridge is based on a number of read and/or write errors encountered for the removable storage media cartridge. | 11-12-2015 |
20150324599 | PROCESSING DATA IN A DEVICE - According to an example, a device for processing data is suggested, said device comprising a first component, wherein the first software component is arranged for receiving the data; a security processor for receiving said data and a first signature, wherein the security processor is arranged for determining based on the first signature whether the data are valid; for determining a second signature for the data; and for conveying the second signature to the first component. | 11-12-2015 |
20150326584 | METHOD AND SYSTEM FOR EXECUTING A SECURE APPLICATION ON AN UNTRUSTED USER EQUIPMENT - A method for executing a secure application on an untrusted user equipment having storage means with at least one protected region includes establishing a secure or authenticated communication channel between a trusted device and the user equipment. Secure application information of the secure application is provided via the communication channel to be executed on the user equipment. Correctness of the secure application information is checked. Execution of the secure application is initiated on the user equipment via the communication channel such that the secure application is stored in the protected region of the storage means. | 11-12-2015 |
20150332032 | Electronic Device with Method for Controlling Access to Same - An electronic device is able to alter one or more settings of its imager based on the motion of a user that the device is attempting to authenticate. The electronic device, in one implementation, captures a first set of image data of the user (e.g., a video or still photo of the user), detects motion of the user, alters a setting of the imager based on the motion, captures a second set of image data of the user, and authenticates the user based on the second set of image data. In some implementations, the electronic device has multiple imagers, and activates one or more additional imagers based on the detected motion of the user. | 11-19-2015 |
20150339482 | INTRA-APPLICATION PERMISSIONS ON AN ELECTRONIC DEVICE - Various embodiments are provided in which intra-application permissions may be granted on an electronic device. An application may access data from another application if the application has the proper permission signed by a permissions server. In one embodiment, a request is received by a first application that is installed on a device. The request is from a second application for permission to access data associated with the first application. A permissions record for the second application may be stored in an application package of the second application. The first application may access the permissions record to determine whether the second application has permission to access the data associated with the first application. The first application may provide the second application with access to the data associated with the first application based, at least in part, on the permissions record stored in the application package of the second application. | 11-26-2015 |
20150339495 | SELECTIVELY WIPING A REMOTE DEVICE - A system and method for selectively securing data from unauthorized access on a client device storing a plurality of data types with reference to an authorization level indicated in a command. A command is received at a client device comprising an authorization level indicator. Based on at least one predefined rule, which may be implemented in an IT policy stored at the client device, each of the plurality of data types to be secured is determined, and then the data corresponding to those types is secured. The data may be secured by encrypting and/or deleting the data at the client device. The predefined rules associated with each authorization level may be configured by a user or administrator having an authorization level that exceeds the associated authorization level. | 11-26-2015 |
20150341360 | METHOD AND APPARATUS FOR MANAGING A TRANSACTION RIGHT - This invention provides a method for managing a transaction right in a digital rights management server. The transaction right is the right to a transaction of a utilization right of a digital content item. The method comprises steps of obtaining an attribute associated with the digital content item from metadata of the digital content item; and generating the transaction right on the basis of a pre-stored rule and the attribute of the digital content item. Since the transaction right is generated on the basis of the attribute of the digital content item, or in other words, the transaction right is dependent on the attribute of the digital content item, the generated transaction right of digital content items can be different if the corresponding attribute associated with the digital content items are different. Furthermore, in additional to the metadata, the generation of the transaction right only requires the pre-stored rule, resulting in affordable complexity and cost. Since the transaction right is also dependent on the pre-stored rule, the content providers need not to individually set the transaction right for each digital content item, but are still able to set the transaction right by setting the pre-stored rule. | 11-26-2015 |
20150341370 | SYSTEMS AND METHODS RELATING TO THE AUTHENTICITY AND VERIFICATION OF PHOTOGRAPHIC IDENTITY DOCUMENTS - Identity documents are produced to confirm the identity of an individual and often their rights, such as driver's license, health card, age, and residence. False and counterfeit documents however can be used to commit fraud, gain unauthorized access to services and steal an individual's identity. Embodiments of the invention address verification and authentication of an identity document by correlating the information extracted from the identity document at the time of its presentation as evidence of an individual's identity with the original data relating to the identity document when it was issued to an individual or subsequently verified by an issuing authority of the identity document. | 11-26-2015 |
20150347722 | Systems and Methods for Binding Content Playback to the Pairing of a Playback Device and Removable Memory Storage Device - Systems and methods for binding content to pairing of a playback device and removable memory storage device are disclosed. In one embodiment, a method for requesting authorization to play content using a playback device and a removable memory storage device includes retrieving a coupon identifier from a removable memory storage device while it is attached to the playback device, generating a coupon code using the coupon identifier, sending a request for storefront token that includes a device match data token and an application identifier, receiving a storefront token associated with a storefront identifier where the storefront identifier identifies a storefront application, sending a request for ticket token that includes the coupon code, the storefront identifier, and a content identifier that identifies the content, sending a request for license file that includes the ticket token, and receiving a license file that grants playback rights to the piece of content. | 12-03-2015 |
20150347770 | Context Based Data Access Control - In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information). | 12-03-2015 |
20150347781 | METHODS, SYSTEMS, AND DEVICES FOR SECURING DISTRIBUTED STORAGE - The description relates in particular to a method of secure distributed storage, to a secure access method and to a distributed storage, and to devices, systems, computer programs and storage medium for the implementation of such methods. | 12-03-2015 |
20150350211 | SECURELY INTEGRATING THIRD-PARTY APPLICATIONS WITH BANKING SYSTEMS - Systems and methods enable third-party applications and devices to interface with financial service provider computer networks in a secure, compliant manner. In one embodiment, an interface computing device connected to a provider computer network transmits a registration request message to a custodian. The interface computing device receives a registration request response message from the custodian indicating whether the registration request was approved or denied. The interface computing device receives a data request message requesting data stored on the provider computer network. The interface competing device gathers data stored on the provider computer network, sanitizes the data, and generates a response communication using the sanitized data. | 12-03-2015 |
20150358327 | Personal Location Code - Methods and apparatus, including computer program products, for receiving a request from a requestor to locate a user. The request identifies a personal location code (PLC) for the user. It is determined if the request is allowed based on the PLC. If the request is allowed, the current location of the user is obtained based on the location of one or more devices associated with the user. The current location of the device is then provided to the requestor. | 12-10-2015 |
20150363337 | VERIFICATION OF INTELLECTUAL PROPERTY CORE TRUSTED STATE - Secure initialization of the state of an electronic circuit. A processor determines the trusted state of one or more architecture state registers of an intellectual property core. The processor clears entries in a memory of the intellectual property core. The processor verifies that state machines, included in execution logic of the intellectual property core, have not generated output. | 12-17-2015 |
20150371015 | METHOD FOR MANAGING PRIVACY AND SECURITY IN A SOCIAL NETWORK BY CHECKING SHARED DATA AND RELATIONSHIPS BETWEEN USERS - The invention relates to a computer-implemented method for managing privacy and security in a social network, by checking shared data and relationships with other users, said method comprising the use of a privacy identifier in multimedia files in order to ensure checking on the part of the sending user and an expectation identifier in order to check relationships with other users within a social network. | 12-24-2015 |
20150371020 | METHOD AND SYSTEM FOR SECURELY IDENTIFYING USERS - Identifying users is disclosed including, in response to receiving an account operating request of an account sent by a user device, obtaining a personal question from a personal questions database and sending the personal question to the user device, receiving, from the user device, a verification response to the personal question, and determining whether a current user is a user associated with the account based at least in part on the verification response and a corresponding standard response in the personal questions database, where the personal question obtained from the personal questions database and the corresponding standard response were generated based at least in part on account operating information of the user associated with the account. | 12-24-2015 |
20150371053 | ANTI-IDENTITY-THEFT METHOD AND HARDWARE DATABASE DEVICE - A hardware device (TCK) for securing data in a database accessed through an Internet server is presented. The TCK controls access to its internal database through two physically separate access channels. Through at least one “unprivileged channel (port)” the TCK provides access to its individual records, one at a time, subject to stringent security provisions. Through at least one physically separate “privileged channel” not reachable by the Internet server through the unprivileged channel, the TCK provides access to administrative operations, and facilitates more complete access to the database, thus allowing, for example, retrieval or listings of stored keys and values, multi-record access, and/or the ability to run other computer programs. Thus, the TCK system can provide extra security protection for data needed by Internet servers that are utilized by multiple known and/or anonymous users. | 12-24-2015 |
20150379274 | SYSTEMS AND METHODS FOR SECURELY STORING DATA - Various embodiments of systems and methods for securely storing data are provided. In one embodiment, a computer-readable storage module is provided for securely storing data. A storage-side processor is provided for selectively granting access to the stored data on the computer-readable storage module. A user-side memory for storing an output generation record is also provided. A user-side processor configured to provide a password receiving module for receiving a password candidate, an output generation module for using the password candidate received to attempt to access the output generation record and for generating an output based on whether the attempt to access the output generation record is successful, and an output communication module for communicating the output generated by the output generation module to the storage-side processor are also provided. The storage-side processor is configured to grant access to at least some of the data if the output received corresponds to an authorized output, the storage-side processor being configured to otherwise deny access to the data. The user-side processor is further configured to conceal whether the attempt to access the output generation record was successful until the storage-side processor receives the output generated. The output generation module is configured to generate the authorized output if the password candidate is an authorized password and the output generated is not the authorized output if the password candidate is not the authorized password. | 12-31-2015 |
20150379284 | ISSUING SECURITY COMMANDS TO A CLIENT DEVICE - Disclosed are various embodiments for issuing security commands, such as a wipe command, to a client device. An application executed by the client device can include a mail proxy that can act as a proxy to a remote mail server and determine compliance with compliance rules. Should the client device violate a compliance rule, the mail proxy executed by the client device may issue a security command to a mail client executed by the client device. | 12-31-2015 |
20150379305 | Digitised Handwritten Signature Authentication - A method is provided for creating a contextualized, digitized signature, which is representative of a signature made by a user on a signature input device for a given action. The method includes: obtaining at least one piece of data relative to a context; obtaining a signature, delivering a digitized signature; and combining the digitized signature and the at least one piece of context data, delivering the contextualized, digitized signature. | 12-31-2015 |
20160004648 | DATA ERASING APPARATUS, DATA ERASING METHOD, AND COMPUTER-READABLE STORAGE MEDIUM - A data erasing apparatus includes a storage part having a first storage region, and a second storage region that stores data to be erased in a case in which a predetermined erasing condition is satisfied, and a processor configured to execute a program and perform a process including modifying authentication information when the predetermined erasing condition is satisfied, executing a data erasing process to erase data stored in the second storage region in a case in which the authentication information has been modified, and transmitting, via a network, a notification indicating a data erasure after the data erasing process is executed. The program is stored in the first storage region and does not operate in an OS (Operating System) stored in the second storage region. | 01-07-2016 |
20160004882 | METHOD AND SYSTEM FOR APPLYING DATA RETENTION POLICIES IN A COMPUTING PLATFORM - Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations. | 01-07-2016 |
20160004884 | Secure Escrow Service - A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key. | 01-07-2016 |
20160014091 | SYSTEM AND METHOD THEREOF FOR OPTIMIZING DELIVERY OF CONTENT OVER A NETWORK | 01-14-2016 |
20160019375 | CONTROLLING USE OF SHARED CONTENT ITEMS BASED ON CLIENT DEVICE - User accounts can be linked together to form a group of linked user accounts that can access content items assigned to the other user accounts in the group. A user can download content items assigned to their user account, as well as shared content items assigned to one of the other user accounts in the group of linked user accounts. Use of shared content items can be restricted to client devices running specified versions of an operating system. The key ID tagged to a shared content item can be altered such that the key ID no longer correctly identifies the corresponding DRM key that enables use of the shared content item. Client devices authorized to use shared content items can be configured to recognize that a content item is a shared content item and generate the original key ID form the altered key ID. | 01-21-2016 |
20160019401 | Managing Access of User Information by Third Party Applications - Methods, systems, and computer program products for managing access of user information by third party applications are provided herein. A method includes compiling a set of user instructions for providing access of user resources to one or more third party applications, wherein the set of user instructions specifies a context in which each of multiple items of the user resources at one or more application programming interface providers can be accessed by the third party applications; mapping a request from one of the third party applications for access to one or more items of the user resources to the application programming interface providers, which correspond to one or more entities maintaining the user resources; and granting access to the one or more items of the user resources to said one third party application through the application programming interface providers based on the set of user instructions. | 01-21-2016 |
20160021065 | METHOD AND APPARATUS FOR MASKING NON-PUBLIC DATA ELEMENTS IN UNIFORM RESOURCE INDENTIFIERS ("URI") - Methods may display a URI of a resource. Methods may determine the presence of a non-public data element in the URI. Methods may generate a random number in response to the determination of the presence of the non-public data element. Methods may compute a resultant number based on the exclusive or of the random number and the non-public data element. Methods may substitute the resultant number for the non-public data element in the URI. Methods may transmit the URI and the random number to a server. Methods may receive a resource from the server, in response to the transmission of the URI and the random number to the server. Methods may compute the non-public data element using the random number and the resultant number. Methods may substitute the non-public data element for the resultant number in the URI. Methods may re-determine the URI of the resource. | 01-21-2016 |
20160026790 | MOBILE DEVICE WITH MULTIPLE SECURITY DOMAINS - Included within a shared housing are at least one user interface element; a first isolated computational entity; a second isolated computational entity; and a switching arrangement. The switching arrangement is configured to, in a first mode, connect the first isolated computational entity to the at least one user interface element; and, in a second mode, connect the second isolated computational entity to the at least one user interface element. | 01-28-2016 |
20160026812 | DISPLAY DEVICE AND METHOD FOR CONTROLLING THE SAME - A display device and a method for controlling the same are disclosed. The method for controlling a display device comprises the steps of displaying a control object in a first private region; moving the displayed control object from the first private region to a public region; moving the control object based on a first moving mode if an object property of the control object is a private property; and moving the control object based on a second moving mode if the object property of the control object is a public property. In this case, the first moving mode may have a moving property of the control object, which is different from that of the second moving mode. | 01-28-2016 |
20160055341 | ENABLING USER PRIVACY FOR CHANGES OF ACCESS TO SHARED CONTENT - In one embodiment, a method for enabling user privacy for content on a network includes receiving input from a first user instructing at least one change in user access to shared content provided by a network system. The change modifies the user access from an existing set of one or more users of the network system to a different set of one or more users of the network system. The method checks a privacy setting associated with each of one or more referred users of the network system who are referred to by the shared content. The privacy setting indicates whether the associated referred user is to be sent a notification indicating that the at least one change in user access has been instructed. | 02-25-2016 |
20160063225 | USING FLASH STORAGE DEVICE TO PREVENT UNAUTHORIZED USE OF SOFTWARE - A flash storage device and a method for using the flash storage device to prevent unauthorized use of a software application are provided. An identifier may be encoded within specific sectors of the flash storage device. One bits of the identifier may be encoded as unusable ones of the specific sectors and zero bits of the identifier may be encoded as usable one of the specific sectors. Alternatively, the zero bits of the identifier may be encoded as the unusable ones of the specific sectors and the one bits of the identifier may be encoded as the usable ones of the specific sectors. The software application may be permitted to execute on a processing device connected to the flash storage device only when the identifier is encoded within the flash storage device. | 03-03-2016 |
20160063266 | System Function Invoking Method and Apparatus, and Terminal - A system function invoking method and apparatus, and a terminal are disclosed and are related to the field of computer technologies. The method includes acquiring an installation package of a first application program; granting a first permission of a system to the first application program according to the installation package, where the first permission is used to, when the first application program is in a running state, forbid a second application program from invoking at least one system function; and running the first application program, and forbidding the second application program from invoking the at least one system function. The apparatus includes a first acquiring module, an authorization module, and an invoking module. | 03-03-2016 |
20160065546 | SHARING CONTENT WITH PERMISSION CONTROL USING NEAR FIELD COMMUNICATION - A sending device receives a user input indicating that the user wishes to share and open item of content with a receiving device. A near field communication link is opened between the sending device and the receiving device. Metadata for sharing the open data is gathered on the sending device and a permission setting user interface display is displayed, with the user input mechanism that allows a user to set permissions corresponding to the open item. User actuation of the permission setting user input mechanism is received, the permissions are added to the open item, and the metadata is sent to the receiving device over the near field communication link. The metadata includes a location of the open item. The open item can then be accessed by the receiving device, with the permissions applied to the open item. | 03-03-2016 |
20160065586 | USAGE RIGHTS INFORMATION FOR PROTECTED CONTENT HAVING TWO PARTS - The invention relates to a device for accessing protected content, the device comprising a secure module for accessing the protected content and a control unit external to the secure module for controlling access operations for the protected content. The device is configured to receive usage rights data for the protected content, the usage rights data including first and second usage rights data defining permissions for uses of the protected content, and the device is configured to enable a requested use of the protected content upon a check whether the use is permitted by usage rights data, the check being made in the secure module based on to the first usage rights data and the check being made in the control unit based on the second usage rights data. Moreover, the invention relates to a method for operating the device. | 03-03-2016 |
20160065591 | METHODS AND SYSTEMS FOR DATA VALIDATION IN A CLIENT-SERVER ENVIRONMENT - Methods and systems are provided for dynamically generating validation rules. In certain implementations, state information related to one or more operations is stored. A request for validation rules is received from a client. The request may include one or more parameters and an identification of an operation to be performed. In response to the request, the state information is accessed for the operation to be performed. The validation rules are then dynamically generated based on the accessed state information and at least one of the parameters or the identification in the request. The validation rules can then be transmitted to the client. | 03-03-2016 |
20160070895 | VERIFICATION THAT AN AUTHENTICATED USER IS IN PHYSICAL POSSESSION OF A CLIENT DEVICE - An authentication server determines that a user entering authentication data is in physical possession of a client device by determining that the user has observed changes in the state of hardware elements of the client device that are effected outside of a remote desktop protocol. The authentication server causes the client device to prompt the user to observe the hardware element of the client device for state changes and receives data generated by the user representing observed state changes. If the data accurately represents the changes in the state of the hardware element, the user is determined to be in physical possession of the client device. | 03-10-2016 |
20160078241 | GENERATION AND USE OF A MODIFIED PROTECTED FILE - Generating a modified protected file is disclosed, including: renaming a primary content object of a protected file; and creating a modified protected file based at least in part by inserting into the protected file a replacement object for the renamed primary content object. Using the modified protected file is disclosed, including: determining that a file includes a renamed primary content object; and redirecting a data access operation to the renamed primary content object. | 03-17-2016 |
20160085602 | Content Sharing Between Sandboxed Apps - Embodiments may include sharing application management data between sandboxed applications on a device. A method includes sending application management data from a first sandboxed application in a first sandbox on the device to a sharing service external to the first sandbox. The method further includes receiving at a second sandboxed application in a second sandbox on the device, a representation of the application management data. Based on the representation of the application management data, the method includes performing an application management function. | 03-24-2016 |
20160085963 | CENTRALIZED PLATFORM SETTINGS MANAGEMENT FOR VIRTUALIZED AND MULTI OS SYSTEMS - A processing device may include a first processor executing an operating system including a configurable setting and an isolated execution environment including a second processor communicatively coupled to the first processor, and a secure store coupled to the second processor to store a setting profile containing a copy of the configurable setting, in which the second processor is to, subsequent to establishing a trust relationship between the isolated execution environment and the operating system, synchronize the configurable setting with the setting profile. | 03-24-2016 |
20160085976 | METHOD FOR PRIVILEGED MODE BASED SECURE INPUT MECHANISM - A system and method are disclosed for securely receiving data from an input device coupled to a computing system. The system includes an interface configured to receive data from an input device, a coprocessor, and a host computer, wherein the host computer includes an input handler and a host processor. The host processor is configured to execute code in a normal mode and in a privileged mode. The host processor switches from the normal mode to the secure mode upon data being available from the interface while the host computer is in a secure input mode. The input handler receives the data from the interface and sends the received data to the coprocessor responsive to receiving the data while operating in the secure mode. | 03-24-2016 |
20160098547 | SYSTEM AND METHOD FOR AUTOMATIC DIGITAL COPY FOR PHYSICAL MEDIA PURCHASE - A system and method for giving access to streaming media that is associated with purchased physical media item is disclosed herein. Upon the purchase of a physical media item, a unique identifier is received. The unique identifier is analyzed to determine if the unique identifier is associated with a streaming service account. If so, the streaming service account is modified to grant access to streaming media that is associated with the physical media. The user is notified of the availability of the streaming media. The user can then initiate playback of the streaming media. Other embodiments are also disclosed herein. | 04-07-2016 |
20160110553 | POLICY ACCESS CONTROL LISTS ATTACHED TO RESOURCES - Methods, storage systems and computer program products implement embodiments of the present invention that include defining, for an entity, a policy access control list including one or more access rules, each of the access rules including one or more user conditions and one or more entity conditions. Upon receiving a request from a user to access a given entity, one or more user attributes associated with the user and one or more entity attributes associated with the given entity are identified. For each of the access rules, the one or more user conditions are applied to the one or more user attributes, the one or more entity conditions are applied to the one or more entity attributes. Access to the given content entity is granted to the user upon determining that a minimum threshold of the one or more user conditions and the one or more entity conditions are met. | 04-21-2016 |
20160110555 | RESOURCE SHARING APPARATUS, METHOD, AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM THEREOF - A resource sharing apparatus and a resource sharing method thereof are provided. The resource sharing apparatus runs a federated resource sharing program to execute a resource sharing method. The resource sharing apparatus can share a selected resource with a remote resource sharing apparatus via a share link of the selected resource, and the remote resource sharing apparatus can create an access point to access the selected resource stored in the resource sharing apparatus according to the share link. | 04-21-2016 |
20160110556 | System, apparatus and method for License Key permutation - A system and method of dynamically altering the encoding, structure or other attribute of a cryptographic key, typically a license activation key, to render useless keys that have been created by illegal key generation “cracks”. An encoding/decoding engine provides a plurality of key obfuscation algorithms that may alter the structure, encoding or any other attribute of a given key. A changeable combination code is supplied to the encoding/decoding engine that specifies a subset of the algorithms to apply during the encoding or decoding phase. The encoding engine is used during key generation and the decoding engine used during key usage. The same combination code must be used during decoding as was used during encoding to recover the original key or a valid key will not be recovered. Thus, a system can be rapidly re-keyed by selecting a new combination of encoding/decoding algorithms. The selection of algorithms comprises a combination code. The new combination code will result in keys that are incompatible with any existing illegal key generators. | 04-21-2016 |
20160110565 | STORAGE SYSTEM SECURITY - Disclosed aspects include managing access to a particular storage unit in a storage facility. The particular storage unit is coupled, in the storage facility, with both a particular storage unit identifier for the particular storage unit and an access management parameter for managing access to data on the particular storage unit. A device is used to identify the particular storage unit for write protection based on the particular storage unit identifier. In embodiments, the device includes an indicator to visually indicate a proper configuration and the particular storage unit identifier can be a world wide name. Aspects of the disclosure include managing the device for connection with the storage facility and access management for the storage facility. | 04-21-2016 |
20160119290 | SELECTIVE CONTENT CLOUD STORAGE WITH DEVICE SYNCHRONIZATION - Programmable devices selectively allocate file content portions between cloud and secured hardware device storage mediums. A confidential portion of a first file is stored as a second file on a first device, and a remainder portion of content of the first file that is different from the confidential portion and is not designated as confidential is stored on a cloud storage system. A uniform resource indicator is generated that includes a routing identifier to the first device, and a section routing identifier to the second file stored on the first device. A revised version of the first file is stored to the cloud storage system wherein the confidential portion of the first file is replaced with the generated uniform resource indicator within the revised version of the first file at a location of the confidential portion within the content of the first file. | 04-28-2016 |
20160119341 | SYSTEM AND METHODS FOR EXCHANGING IDENTITY INFORMATION AMONG INDEPENDENT ENTERPRISES - A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Edge servers in communication with the connectors store correlation data sets that correlate protected data records using permanent tokens generated by the connectors. Root servers in communication with the edge servers store identity correlations generated by the root servers and propagated to the edge servers. Data identifiers used in the protected data system are correlated with distinct data identifiers used in the edge and root servers. The correlations are propagated throughout the edge servers so that each data system can transfer data to another data system without using the protected data identifiers. | 04-28-2016 |
20160125174 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, ACCOUNT REGISTRATION METHOD, AND PROGRAM - An information processing system including at least one information processing apparatus that includes an administration unit configured to administer whether a service is provided to a service use apparatus using an organization, a license, and a user, and an account registration unit configured to receive a subscription for a trial use of the service from the service use apparatus and perform an account registration for the administration unit so that the trial use from the service use apparatus is enabled. | 05-05-2016 |
20160125189 | ROW LEVEL SECURITY - A system and method of enabling row level security through security policies is disclosed herein. In this system and method, a computing device may be communicatively coupled to a storage device. The computing device may further be activated and maintain data that comprises a plurality of rows. When executed by the computing device, the system and method may process a data definition language statement comprising a security policy definition. Further, the system and method may receive a query language statement comprising a request to access a first column of a row from the plurality of rows. The system and method may process the request and determine if access may be granted to a user based on the security policy definition in the system. | 05-05-2016 |
20160125195 | OVER NETWORK OPERATION RESTRICTION ENFORCEMENT - The enforcement of operation restriction on a file system entity over a network. The file system entity exists on a server (which could be a single machine, a cluster of servers, or a cloud computing environment). The server facilitates setting up of a session over a network with a client. As part of this facilitation, the server receives from the client a locale of the client. Upon subsequent receipt from the client of a request to perform an operation on the file system entity, the client consults supplemental data to determine whether the requested operation is permitted on the file system entity. The supplemental data may comprise at least one of the locality information or operation expiry data. | 05-05-2016 |
20160125201 | HARDWARE-PROTECTIVE DATA PROCESSING SYSTEMS AND METHODS USING AN APPLICATION EXECUTING IN A SECURE DOMAIN - A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application. | 05-05-2016 |
20160127383 | AGGREGATE SERVICE WITH FILE SHARING - One embodiment provides a method, including: sending, from a device, input from a user requesting access to data retrievable by an aggregate service device; sending, from the device, input from the user selecting, from the aggregate service device, a selection of data; and sending a distribution command; wherein the distribution command comprises information related to distributing a pointer indicating the selection of data. | 05-05-2016 |
20160127420 | Lawful Interception for Proximity Service - Apparatuses and methods are described, which perform control in relation to a connection for proximity service between at least two devices, perform lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and configure at least one radio access network control element to perform the lawful interception in relation to the proximity service. | 05-05-2016 |
20160132695 | ONE WAY AND TWO WAY DATA FLOW SYSTEMS AND METHODS - A system may include a database, a processor coupled to the database, and a user module executed by the processor. The user module may be configured to receive a value for an attribute of a user and determine whether the value is derived from an assessment sponsored by an organization associated with the user. When the value is derived from the assessment sponsored by the organization associated with the user, the user module may store the received value in the database in a record associated with the user only and in a record associated with the organization and the user. When the value is derived from the assessment not sponsored by an organization associated with the user, the user module may store the received value in the database in the record associated with the user only. | 05-12-2016 |
20160148006 | Privacy User Interface for Websites - A privacy user interface for websites is described. In one or more implementations, website information associated with a website is detected responsive to navigating to the website using a web platform. The website information may include third party entities associated with the website, privacy settings of the website, and/or browser notifications associated with the website. The website information is then displayed in a privacy user interface to enable a user of the web platform to view the website information associated with the website. The privacy user interface further includes one or more privacy controls useable to take specific actions with regards to the third party entities, such as by blocking or preventing the third party entities from tracking navigation to the website or accessing information exchanged with the web site, or by modifying the privacy settings of the web site. | 05-26-2016 |
20160148010 | IMPLEMENTING EXTENT GRANULARITY AUTHORIZATION PROCESSING IN CAPI ADAPTERS - A method, system and computer program product are provided for implementing block extent granularity authorization processing for a Coherent Accelerator Processor Interface (CAPI) adapter. An Application Client requests authorization to a File from a system processor file system. The file system validates the request, determines the location of each Extent that comprises the File, and requests authorization to each Extent from a System CAPI Authorization manager. The System CAPI Authorization manager requests the CAPI Client manager to assign a Child Client ID and CAPI Server Register range to the requesting Application Client and requests a previously authorized CAPI Parent Client to authorize the Child ID to the list of Extents. The CAPI Parent Client sends a Create Authorizations command to the CAPI Adapter via the Parent's CAPI Server Registers. The CAPI Adapter validates the Parent Authorization Handle and CPI Server Register range for the specific Extent/Command/Resource, and creates an Authorization List by assigning a new Child Authorization Handle for each requested, validated Extent/Command/Resource. The Authorization List and the Child Client ID are returned to the File System. | 05-26-2016 |
20160149866 | ACCUMULATING AUTOMATA AND CASCADED EQUATIONS AUTOMATA FOR NON-INTERACTIVE AND PERENNIAL SECURE MULTI-PARTY COMPUTATION - A method of securely executing practically unbounded input stream of symbols, by non-interactive, multi-party computation, according to which the input stream is distributed among a plurality of parties, which do not communicate among themselves throughout execution, by a dealer with a secret initial state. The dealer distributes shares of the secret state between the parties. The input stream is executed by a finite-state automaton which may be an accumulating automaton with accumulating nodes or an automaton that is defined by a series of cascaded equations. During any execution stage, the input stream and the current state of the original automaton are concealed from any coalition of participants being smaller than a given threshold. Upon receiving a signal from the dealer, the parties terminate the execution and submit their internal state to the dealer, which computes the current state that defines the computation result. | 05-26-2016 |
20160156600 | METHODS FOR UNIVERSAL RESOURCE IDENTIFIER (`URI`) INTEGRATION | 06-02-2016 |
20160171190 | DEVICE OF LICENSING PROGRAM, PROGRAM TRANSACTION DEVICE AND METHOD OF LICENSING PROGRAM | 06-16-2016 |
20160182528 | SYSTEMS AND METHODS OF GEO-LOCATION BASED COMMUNITY OF INTEREST | 06-23-2016 |
20160182532 | SYSTEMS AND METHODS FOR STERILIZING EMAIL ATTACHMENTS AND OTHER COMMUNICATIONS DELIVERED BY EMAIL | 06-23-2016 |
20160188846 | DIGITAL RESOURCE PUBLICATION AND DISTRIBUTION SYSTEM AND METHOD - A digital resources publication and distribution method comprises: a receiving step, for receiving the content information of digital resources to be distributed and the corresponding distributing quantity; a generation step, for generating as many unique copy identifiers as the distributing quantity; a determination step for determining, when a resource requester attempts to obtain the rights to use a first specified number of copies of the digital resources, whether the number of the unique copy identifiers not yet allocated among the unique copy identifiers of the distributing quantity is larger than or equal to the first specified number; an allocation step, for, when the determination result is positive, allocating to the resource requester the first specified number of unique copy identifiers from the unique copy identifiers not yet allocated, so that the resource requester has the rights to use the first specified number of copies of the digital resources. | 06-30-2016 |
20160188847 | PRIVILEGE MANAGEMENT AND REVOCATION - This disclosure relates to management of privileges associated with applications accessible by users of electronic devices. In one aspect, an electronic device detects that a privilege has been revoked, shuts down any application running on the electronic device that has previously accessed the privilege, and restarts any application that was shut down, the restarted application no longer having any access to the revoked privilege. In another aspect, an electronic device keeps a log of which applications have previously accessed which privileges, receives a new set of privileges associated with applications, determines that a privilege has been revoked, and if the log indicates that an application previously accessed the privilege, resets the electronic device. In a further aspect, a method sets privileges associated with applications, records which electronic devices have which applications, revokes a privilege, and instructs those electronic devices having applications to which the privilege is associated to reset themselves. | 06-30-2016 |
20160188869 | SCREEN UNLOCKING METHOD - A screen unlocking method applied to an electronic device including a touch screen and storing graphic patterns and a plurality of text data is provided. Each of the graphic patterns corresponds to one piece of the text data. Display an unlocking mark on the touch screen locked. Detect a movement trace of an object touching the touch screen. When the object touches the unlocking mark, search for the graphic pattern most similar to the movement trace. Enable an interface for displaying at least the text data corresponding to the graphic pattern most similar to the movement trace. Selectively transmit an image of at least one part of the interface to a social networking website or a social application that is random or preset, and unlock the touch screen after a preset condition is satisfied. | 06-30-2016 |
20160188896 | SECURE HOST INTERACTIONS - A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A trusted source provisions the trusted device via the secure interface to include private information, such as private user information and cryptographic data. When the trusted device is connected to an untrusted host device via the host interface, the untrusted host device transmits a request regarding the private information to a write file of the host interface. A processor of the isolated environment retrieves the request and generates an output, such as an encrypted output, that is responsive to the request from the untrusted host device. The trusted device transmits the output to a read file of the host interface, thus making the output available to the untrusted host device via the host interface. The untrusted host device then receives the output via the host interface. | 06-30-2016 |
20160196449 | Apparatus for and Method of Preventing Unsecured Data Access | 07-07-2016 |
20160197938 | Systems and Methods for Authenticating Digital Content | 07-07-2016 |
20160203298 | Video and Digital Multimedia Aggregator | 07-14-2016 |
20160203334 | METHOD AND APPARATUS FOR UTILITY-AWARE PRIVACY PRESERVING MAPPING IN VIEW OF COLLUSION AND COMPOSITION | 07-14-2016 |
20160203337 | IDENTIFYING PRIVATE INFORMATION FROM DATA STREAMS | 07-14-2016 |
20160205103 | Method for Controlling Contents and Electronic Device Thereof | 07-14-2016 |
20160253482 | METHODS AND APPARATUS FOR SHARING, TRANSFERRING AND REMOVING PREVIOUSLY OWNED DIGITAL MEDIA | 09-01-2016 |
20160253510 | METHOD FOR SECURITY AUTHENTICATION AND APPARATUS THEREFOR | 09-01-2016 |
20160253514 | PRIVACY-PRESERVING DATA COLLECTION, PUBLICATION, AND ANALYSIS | 09-01-2016 |
20160253518 | INFORMATION PROCESSING APPARATUS, METHOD, AND COMPUTER READABLE MEDIUM | 09-01-2016 |
20170235943 | Application Access Control Method and Apparatus | 08-17-2017 |
20170235972 | Collision Avoidance in a Distributed Tokenization Environment | 08-17-2017 |
20170237779 | METHODS AND SYSTEMS FOR PERFORMING LAWFUL INTERCEPTION (LI) IN COMMUNICATION NETWORKS INVOLVING CONTENT ADULTERATION WITH COLLUDING AGENTS | 08-17-2017 |
20180026990 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SECURITY VERIFICATION OF COMMUNICATIONS TO TENANTS OF AN ON-DEMAND DATABASE SERVICE | 01-25-2018 |
20190147171 | Method for storage of electronically signed documents | 05-16-2019 |
20190147184 | METHOD AND APPARATUS FOR SECURELY CALLING FINGERPRINT INFORMATION AND MOBILE TERMINAL | 05-16-2019 |
20190147185 | PRIVACY PROTECTION IN CAPTURED IMAGE FOR DISTRIBUTION | 05-16-2019 |
20190147187 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING PROGRAM | 05-16-2019 |
20190149554 | PROTECTING DATA AT AN OBJECT LEVEL | 05-16-2019 |