Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


PREVENTION OF UNAUTHORIZED USE OF DATA INCLUDING PREVENTION OF PIRACY, PRIVACY VIOLATIONS, OR UNAUTHORIZED DATA MODIFICATION

Subclass of:

726 - Information security

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
726027000 Access control 1186
726031000 Limitations on number or amount of copies 29
726032000 Copy detection 28
726033000 Copy inactivation 17
Entries
DocumentTitleDate
20110179496DATA PROCESSING SYSTEM, AND DATA PROCESSING APPARATUS AND USER TERMINAL EQUIPMENT THEREFOR, AND COMPUTER PROGRAM AND DATA PROCESSING METHOD THEREOF - User activity data to be provided to a predetermined data service system is generated reflecting a current status of a general user, and the generated current user activity data is acquired. The current user activity data is stored and then provided to the data service system. Here, it is judged whether to keep the to-be-provided current user activity data confidential, in accordance with a predetermined condition. Upon judgment to keep the current user activity data confidential, pseudo activity data different from but not contradictory with the current user activity data to be stored is generated from the stored past user activity data. The generated pseudo activity data is added to the current user activity data to be stored. Thus, a data processing system is provided that allows the user activity data of the general user to be kept confidential if necessary, for protection of privacy.07-21-2011
20120266249Automatic Selection of Routines for Protection - An apparatus, computer readable medium, and method of protecting an application, the method including responding to receiving a level of security for the application by evaluating each of a plurality of routines of the application to generate an evaluation for each of the plurality of routines of the application; selecting a number of the plurality of routines to protect based on the evaluation for each of the plurality of routines and the received level of security; and protecting the selected number of the plurality of routines.10-18-2012
20130031637SYSTEM AND METHOD FOR AUTOMATED PROCESSING AND PUBLICATION OF CONTENT - The disclosed embodiments relate to a method, an apparatus, and computer-readable medium storing computer-readable instructions for managing publications.01-31-2013
20130031636SECURE GAME SCRAMBLER - A computer-implemented method is disclosed for providing content protection to a data file displayed on a webpage. The method includes scrambling, by a scrambling module, data in the data file to produce a scrambled data file. The scrambled data file is stored in a storage module. A computing device embeds a wrapper file associated with the scrambled data file into the webpage that, upon loading, retrieves the scrambled data file from the storage module and descrambles data in the scrambled data file.01-31-2013
20090205048VALIDATION OF PROTECTED INTRA-SYSTEM INTERCONNECTS FOR DIGITAL RIGHTS MANAGEMENT IN ELECTRICAL COMPUTERS AND DIGITAL DATA PROCESSING SYSTEMS - Embodiments for validating protected data paths for digital rights management of digital objects are disclosed. Some embodiments disclosed herein may comprise processes or apparatus for transferring data from one or more peripherals to one or more computers or digital data processing systems for the latter to process, store, and/or further transfer and/or for transferring data from the computers or digital data processing systems to the peripherals. Some embodiments disclosed herein may comprise processes or apparatus for interconnecting or communicating between two or more components connected to an interconnection medium a within a single computer or digital data processing system.08-13-2009
20100088768INDUSTRIAL PROCESS VISUALIZATION APPLICATION HAVING AN OPERATING SYSTEM LOCALE-BASED REGIONALLY LIMITED LICENSE - A computer system and method are described for enforcing a locale-based license restriction by a process visualization application program. A locale-based license configuration is read from a license file associated with the process visualization application program. An operating system application program interface is called to identify a current locale of the operating system. The current locale affects a language utilized to present text via a graphical user interface display. Thereafter, a locale specified by the locale-based license configuration is compared to the current locale of the operating system. Thereafter, a licensing result is generated representing success or failure based upon whether the locale specified by the locale-based license configuration matches the current locale of the operating system. The aforementioned steps are carried out in a computer system including a computer-readable medium having computer-executable instructions for carrying out the above-described steps.04-08-2010
20100088769PREVENTING EXECUTION OF TAMPERED APPLICATION CODE IN A COMPUTER SYSTEM - Methods and systems for preventing an application which has been maliciously or inadvertently tampered with from causing harm to a computer system are described. Application code of the tampered application is inputted into a code analyzer. The code is analyzed and functions within the application code are identified and examined. Multiple profiles are created and each identified function is assigned a profile. A profile may be a description of how a function is intended to operate, that is, the function's expected behavior. Multiple replacement functions are created using a first set of functions, where each function is called by the identified functions and a second set of functions where each function in the second set calls the identified function. Calls between functions are examined and a called function is replaced with a replacement function, such that a call to an original function results in a call to the replacement function. The original function is unaware that it is not getting function calls or that such calls are being directed to a replacement function or stub. A replacement function contains code to ensure that the user space maintains its original appearance.04-08-2010
20090049556METHOD FOR REDISTRIBUTING DRM PROTECTED CONTENT - The present invention relates to a method and a device (02-19-2009
20130212692Systems and Methods for Managing Data Incidents - Systems and methods for managing a data incident are provided herein. Exemplary methods may include receiving data breach data that comprises information corresponding to the data breach, automatically generating a risk assessment from a comparison of data breach data to privacy rules, the privacy rules comprising at least one federal rule and at least one state rule, each of the rules defining requirements associated with data breach notification laws, and providing the risk assessment to a display device that selectively couples with the risk assessment server.08-15-2013
20130212695SEGMENTED MEDIA CONTENT RIGHTS MANAGEMENT - Segmented media content rights management is described. A media device can receive segments of protected media content from media content streams that each include a different version of the protected media content. A media content file can be generated to include the segments of the protected media content that are sequenced to render the protected media content for viewing. A file header object can be instantiated in a file header of the media content file, where the file header object includes DRM-associated features, such as one or more DRM licenses, properties, and/or attributes that correspond to the media content file to provision all of the segments of the protected media content together.08-15-2013
20130212698METHOD AND DEVICE FOR THE SECURE TRANSFER OF DATA - A method for the secure transfer of a digital file from a first computerized system to one second computerized system, the method comprising the following steps: writing the digital file on a first file-management module of a secure transfer device, transferring the digital file to an internal verification module of the secure transfer device, verifying one portion of the transferred digital file in the verification module, and transferring the partially verified digital file to a second file-management module of the secure transfer device according to the result of the verification, in order to allow the file to be read by the one second computerized system according to the result of the verification.08-15-2013
20110197284ATTRIBUTES OF CAPTURED OBJECTS IN A CAPTURE SYSTEM - A system and method for capturing objects and balancing systems resources in a capture system are described. An object is captured, metadata associated with the objected generated, and the object and metadata stored.08-11-2011
20110203003VERIFICATION OF PROCESS INTEGRITY - A system implements a secure transaction of data between a server and a remote device. The remote device comprises: processing means adapted to process input data according to a security process; data storage means adapted to store verification information derived from the input data according to an encryption algorithm; and communication means for communicating the input data which has been processed by the security process to the server. The server is adapted to transmit a verification request to the remote device, and to verify the integrity of the security process based on verification information received from the communication means of the remote device in response to the verification request.08-18-2011
20110203002METHOD FOR PROTECTING PERSONAL INFORMATION IN AUDIENCE MEASUREMENT OF DIGITAL BROADCASTING SYSTEM - A method for protecting personal information in Audience Measurement (AM) of a digital broadcasting system is provided, including inserting an indicator, which notifies whether a consumption pattern of a service or content provided by a service provider can be measured, into a service guide, to which the information of the service or content is provided by a service provider; and determining whether the AM can be executed for the service or content in accordance with the indicator when the AM function is implemented in a terminal.08-18-2011
20110203001NETWORK NODE, INFORMATION PROCESSING SYSTEM, AND METHOD - The consistency between an application output destination and a permitted user for an I/O device section is ensured when a user deploys an application for processing and outputting input data onto an entrance node. The entrance node includes an output destination/user table that manages correspondence between an application output destination and a user. The output destination/user table stores information about the output destination used for each user who uses the entrance node. An application deployment management function of a processing section in the entrance node determines whether application deployment can be accepted from a user. To do this, the application deployment management function specifies a user corresponding to the output destination for the application from the output destination/user table and verifies that the user is consistent with a user permitted for an I/O device in the I/O device section used by the application.08-18-2011
20110203000PREVENTING UNAUTHORIZED FONT LINKING - Methods, computer readable media, and apparatuses for preventing unauthorized font linking are presented. A request for a font file may be received. It may be determined whether the request is valid, and this determination may be based on a security token and/or a referrer string. If the request is determined to be valid, a first watermark may be embedded in the font file, and the first watermark may be based on the security token. The first watermark may include at least one point in at least one glyph contained in the font file. A second watermark may be embedded in the font file, and the second watermark may include at least one table that identifies a customer. The font file then may be served to the requestor.08-18-2011
20120180137SYSTEM AND METHOD FOR DATA MINING AND SECURITY POLICY MANAGEMENT - A system and method to generate and maintain controlled growth DAG are described. The controlled growth DAG conveys information about objects captured by a capture system.07-12-2012
20120180135SYSTEM AND METHOD FOR IMPROVED DETECTION AND MONITORING OF ONLINE ACCOUNTS - A computer-implemented monitoring and reporting method is provided. Identifying information is received corresponding to a user of a social networking application enabled by a social networking system. The social networking system is queried via a network for information corresponding to the user. The queried information is compared with predetermined criteria to determine a content category corresponding to the identifying information, and a report is provided including an indication of the determined content category.07-12-2012
20080256641MOBILE UNIT PARENTAL CONTROL - Parents can desire to limit content viewable upon a mobile device and a universal integrated circuit card can be programmed to limit viewing upon the mobile device. A user completes a service request form that includes an allowable view threshold for content upon the mobile device. The request can transfer to a service provider, sometimes via a base station. A subscription manager can forward the threshold back to the mobile device and the mobile device can program the threshold upon secure storage. When content is received, it can be compared against the threshold and a determination can be made on if the content is allowable to view in light of the threshold.10-16-2008
20080256640PLAYBACK APPARATUS AND PLAYBACK METHOD - According to one embodiment, a playback apparatus includes a data read-out unit which reads out digital content from a storage medium, a copy control information update process unit which executes, if a second copy control information is defined in a file stored in the storage medium, a process of replacing a first copy control information which is embedded in the digital content that is read out of the storage medium, with the second copy control information, and a copy restriction process unit which analyzes the digital content that is output from the copy control information update process unit and executes a copy restriction process for restricting copy of the digital content, in accordance with one of the first copy control information and the second copy control information, which is embedded in the digital content.10-16-2008
20080256639Verification Method, Information Processing Device, Recording Medium, Verification System, Certification Program, and Verification Program - A virtual machine can be implemented by anyone because the interface and other information necessary for implementation are publicly available. Hence, if virtual machine is implemented maliciously, a program operating thereon can be made to operate maliciously instead of operating legitimately.10-16-2008
20120246732APPARATUS, SYSTEMS AND METHODS FOR CONTROL OF INAPPROPRIATE MEDIA CONTENT EVENTS - Systems and methods are operable to prevent presentation of inappropriate media content. An exemplary embodiment receives a media content event; identifies at least one characteristic of the media content event; compares the identified characteristic with a plurality of predefined content characteristics, wherein each of the predefined content characteristics are associated with at least one type of inappropriate media content event; and defines the media content event as an inappropriate media content event in response to the identified characteristic corresponding to at least one of the plurality of predefined content characteristics.09-27-2012
20100077484LOCATION TRACKING PERMISSIONS AND PRIVACY - A location tracking privacy engine is described herein that is configured to allow users to define privacy policies that govern how location information about each user is provided to context-aware applications and services. Privacy policies can be defined in a highly flexible and context-specific manner such that the execution of a given privacy policy by the location tracking privacy engine is dependent on the existence of one or more social, topical, temporal or spatial conditions. Privacy policies are then executed automatically by the location tracking privacy engine when the conditions associated with the policies are determined to be satisfied.03-25-2010
20130086692Method of Removing Metadata From Email Attachments - A method and system for removing metadata from email attachments sent from mobile devices includes receiving an email with an attached document. The attached document has metadata removed to create a cleansed version of the attached document. The attached document is replaced by the cleansed version of the attached document, and the email is sent according to the address or addresses included in the email.04-04-2013
20130086691SECURE ISLAND COMPUTING SYSTEM AND METHOD - A method for generating an n-bit result includes a secured containment device (SCD) receiving a request to generate the n-bit result. The request includes an n-bit generator input and a master secret identifier. The request is sent from an application executing on a host system using an input/output (I/O) interface. The SCD disables all I/O interfaces on the SCD between the host system and the SCD. After disabling all the I/O interfaces on the SCD between the host system and the SCD, the SCD provides the n-bit generator input and the master secret identifier to a secured hardware token over a second I/O interface, receives the n-bit result from the secured hardware token over the second I/O interface, enables at least the first I/O interface after the n-bit result is generated, and provides, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface.04-04-2013
20100037322METHOD FOR SECURING A TRANSACTION PERFORMED WITH A PROGRAMMABLE PORTABLE DEVICE - A method for securing a transaction between a transaction device and an external device is described. The transaction device includes a communication controller, an application processor, and an input device. The method includes requiring the user to enter agreed transaction data via the input device, monitoring the transaction data designated to be sent to the external device or received from the external device, and preventing the transaction data designated to be sent from being sent to the external device if the transaction data designated to be sent is different from the agreed transaction data, or rejecting the received transaction data if the received transaction data is different from the agreed transaction data.02-11-2010
20130081143INFORMATION STORING DEVICE, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - An information storing device includes a storage section configured to store revocation information that is a list of an identifier of an unauthorized device, and a data processor configured to execute determination processing of unauthorized equipment in accordance with the revocation information. The data processor extracts version information enabling identification of the issue order of the revocation information from the revocation information and transmits the extracted version information to a communication counterpart device. If the data processor receives the revocation information of a new version of the issue order held by the communication counterpart device from the communication counterpart device, the data processor executes revocation information synchronization processing of substituting the received revocation information of the new version for the revocation information of an old version stored in the storage section to store the revocation information of the new version.03-28-2013
20130036474Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval - A system and method for secure representation of data is presented. The method comprises setting a number of components, dividing original data into the set number of components using a function, storing the set number of components of divided data, determining a number of retrieved components, and using the function to retrieve the data from the retrieved components and to determine retrieved data. In one aspect, the function is XOR. In one aspect, when the number of retrieved components is less than the set number of components, the retrieved data is redacted data, and when the number of retrieved components is equal to the set number of components, the retrieved data is the original data.02-07-2013
20120210436SYSTEM AND METHOD FOR FINGERPRINTING IN A CLOUD-COMPUTING ENVIRONMENT - A system and method for uniquely fingerprinting an execution environment instance in a cloud-computing environment in which an application is assigned to the execution environment instance, and a license key is required for the application to access a desired licensed feature. The application requests a fingerprint certificate from a cloud infrastructure management unit via the application's execution environment instance. The management unit identifies the fingerprint assigned to the execution environment instance, digitally signs a fingerprint certificate, and assigns an expiration timestamp. An application programming interface (API) sends the signed certificate and timestamp back to the application. The application verifies the digital signature and the timestamp and utilizes the fingerprint certificate to request a license key from a licensing system. The licensing system verifies the fingerprint certificate before generating the license key, and the application verifies that the license key matches the fingerprint before accessing the licensed feature.08-16-2012
20130042325PROCEDURE FOR THE PREPARATION AND PERFORMING OF A POST ISSUANCE PROCESS ON A SECURE ELEMENT - The invention relates to a method for enabling post issuance operation on a secure element connectable to a communication device. The method allows an SE controlling party to perform remotely operations such as creation of new security domains for an external party, loading, and installation of applications of an external party and management functions including personalization and activation of applications loaded on the SE for an external party. The method includes the steps of: 02-14-2013
20130036473SYSTEM AND METHOD FOR BRANCH FUNCTION BASED OBFUSCATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating branches in computer code. A compiler or a post-compilation tool can obfuscate branches by receiving source code, and compiling the source code to yield computer-executable code. The compiler identifies branches in the computer-executable code, and determines a return address and a destination value for each branch. Then, based on the return address and the destination value for each branch, the compiler constructs a binary tree with nodes and leaf nodes, each node storing a balanced value, and each leaf node storing a destination value. The non-leaf nodes are arranged such that searching the binary tree by return address leads to a corresponding destination value. Then the compiler inserts the binary tree in the computer-executable code and replaces each branch with instructions in the computer-executable code for performing a branching operation based on the binary tree.02-07-2013
20100043076System and Method for Encoding and Authentication - A system and method for encoding documents and data storage discs uniquely is described which can provide a means to authenticate a document such as a passport or identification document or driving licence or contract or a music compact disc (CD) or data CD or DVD or holographic DVD or credit card. The method makes possible the encoding of a unique number or pattern or datagram image in or into the surface of the document or CD or upon a label or foil or hologram associated with and firmly adhered to the document or CD during the manufacturing process of the document or CD itself. The encoding may be made with a laser device which cuts the unique number or pattern or datagram image into a hologram foil which is firmly attached to the document or CD. Alternatively, in the case of documents, the encoding may comprise a unique number or pattern or datagram image which is cut by laser to create a perforation into the document thereby leaving the unique number or pattern or datagram as a matrix of small holes or perforations in the document through which light may pass. To authenticate the document or compact disc or credit card, the unique encoding is read by a suitable device and processed to extract data from it and to generate a dataset which is compared with a number or pattern or character string printed on the document or CD, or stored as a data set on the CD to determine the authenticity of the said document or CD or credit card.02-18-2010
20100043075LICENSING MANAGEMENT UTILITY - A computer implemented method, apparatus, and article of manufacture are used to activate multiple computer applications on a computer. A computer application is installed. Further, a single licensing management utility (LMU) that is shared by multiple computer applications is installed on the computer. The LMU determines if a license for the installed computer application exists and obtains the license if it does not.02-18-2010
20090158437METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT AMONG APPARATUSES - A digital rights management (DRM) method and system between devices are disclosed. In order to allow a first device connected with a second device to use a rights object (RO) bound to the second device, the second device decodes the particular content or the RO and transmits the decoded particular content or the decoded RO to the first device. State information of the RO according to a usage amount of the particular content used by the first device is managed by the second device.06-18-2009
20090158436Method for Exporting Use Rights for Electronic Data Objects - There currently exists a plurality of digital rights management (DRM) systems on the market, each with its own rights expression language. As a result, when an electronic data object is exported from one DRM system to another DRM system, translation errors are generated, which can cause the irretrievable loss of individual rights granted by the copyright holder. To export rights to use electronic data objects and ensure interoperability between different DRM systems, the original rights to use that can be associated with the electronic data object are exported from data source to the data sink. In this way, the original license is advantageously kept when the rights to use are exported from one DRM system to another DRM system.06-18-2009
20100107259Authentication of HTTP Applications - An apparatus such as an HTTP proxy server compares information of a request by HTTP client logic with a known pattern of information for the client logic. When the information of the request matches the known pattern, the HTTP proxy server causes content and/or software to be communicated to the client in response to the request. Depending upon the results of the comparison, the HTTP proxy may also validate or invalidate the request before communicating it to the server.04-29-2010
20100107258METHOD AND APPARATUS FOR MANAGING CONTENTS IN MOBILE DEVICE - A method and an apparatus which permits intuitive management of a variety of digital contents stored in a mobile device. In a method for managing the contents, the mobile device determines a type of the content when a play of the content is ended. If the content is digital rights management (DRM) content, the mobile device checks a license count for authorized access to the DRM content and then determines whether or the license has expired or will expire shortly. If the license has expired, the mobile device removes the license-expired DRM content, or alternatively transfers the license-expired DRM content to a specified folder.04-29-2010
20120185948SYSTEMS AND METHODS FOR THE PREVENTION OF UNAUTHORIZED USE AND MANIPULATION OF DIGITAL CONTENT - A number of systems and methods, alone, or in combination, achieve various levels of protection against unauthorized modification and distribution of digital content. This encompasses at least unauthorized study, modification, monitoring, reconstruction, and any other means for subversion from the originally intended purpose and license model of the digital content. The invention combines a number of techniques that in whole, or in part, serve to protect such content from unauthorized modification, reconstructive engineering, or monitoring by third parties. This is accomplished by means of methods which protect against subversion by specific tools operating on specific platforms as well as general tools operating on general platforms. Specific time domain attacks are identified, code modification can be identified and reversed, and virtual and emulated systems are identified. In addition, identification of in-circuit emulator tools (both software and hardware), debuggers, and security threats to running programs can be achieved.07-19-2012
20100024039LICENSE SPECIFIC AUTHORIZED DOMAINS - The enforcement of the distribution of content information is carried out in a way similar to that wherein the content rights are enforced. This is accomplished by means of making the description of the domain policy and configuration a functional part of the license under which content information is made available to a user.01-28-2010
20100095383Protection of Digital Data Content - Various embodiments include an apparatus, system, and method to control the distribution and usage of copyrighted digital content. The processing of a data file received over a communications network such as the Internet occurs both in a host digital appliance, such as a personal computer, notebook computer, audio player, video player, and the like, and in a very small digital rights management (DRM) module that is removably connected with the host. The processing makes it extremely difficult for the content of the data file to be obtained by an unauthorized person and/or utilized with an unauthorized DRM module.04-15-2010
20100095382Real Invention - For this patent there is blocking of illegal theft sites at the search engine website address. Regularly updated theft sites are blocked and the website address search engine is updated with new program. Also covered under this patent although don't know if every claim is used or a few, is tagging of files (songs, movies, etc.). What this is, is every song downloaded on the internet comes with a tag and when synced to audio of movie device, if the song or movie is not tagged or certified not to be from a theft site than the song is not allowed on the sync page. Also covered (although don't know if going to be used) is the device whether it be a ipod, itv or something else, the device recognizes a tagged or untagged music, movie, etc. file. Don't know if this is going to be used. There is either universal tag or a tag strictly for one such device. For example just itunes songs for ipod.04-15-2010
20120167227OBSCURING INFORMATION IN MESSAGES USING COMPRESSION WITH SITE-SPECIFIC PREBUILT DICTIONARY - Obscuring information in messages to be exchanged over a communications network. In one aspect, the information comprises path name information and parameters for use in a Uniform Resource Locator (“URL”). In another aspect, the information comprises links and parameters used in forms, where hidden parameters are removed from a form and used as URL parameters. A compression dictionary is used to create a compressed form of the information. An identifier of the dictionary and an error detection code (such as a checksum) computed over the compressed information are concatenated with the compressed information, and this is encoded for sending on an outbound message. The original information is then recovered from an inbound message which contains the obscured information by reversing the processing used for the obscuring.06-28-2012
20130047258Security Model for a Layout Engine and Scripting Engine - Various embodiments provide an interface between a Web browser's layout engine and a scripting engine. The interface enables objects from the layout engine to be recognized by a memory manager in the scripting engine and interact in a streamlined, efficient manner. In accordance with one or more embodiments, the interface allows browser layout engine objects to be created as objects that are native to the scripting engine. Alternately or additionally, in some embodiments, the native objects are further configured to proxy functionality between the layout engine and the scripting engine.02-21-2013
20090044280PROXY SERVER, METHOD FOR REALIZING PROXY, AND SECURE COMMUNICATION SYSTEM AND METHOD THEREOF - A proxy server having proxy server address information is provided to serve as an agent for at least one base station to perform secure communication. A method for realizing proxy and secure communication system are also provided to prevent the change of network address allocation from interfering main services of a base station. In addition, a secure communication method between license-exempt devices is provided to ensure the license-exempt devices not to be attacked and to remain at normal work. In the present invention, the network address of a base station is only restricted in a trusted range instead of being broadcasted in a public network, thus reducing the probability of attack to the base station in a wired network.02-12-2009
20090044278METHOD OF TRANSMITTING DRM CONTENT - Disclosed herein is a method of transmitting DRM content, stored in a device, to another external device. A rights object is embedded in a mutable information box of a Digital rights management Content Format (DCF), thus integrating the rights object and the DCF into a single object. The DCF, in which the rights object is embedded, is transmitted with a message authentication code. The message authentication code is embedded in the mutable information box of the DCF so as to enable integrity validation for the DCF, in which the rights object is embedded. The rights object is a domain rights object capable of being shared by one or more devices. The DCF, in which the rights object is embedded, is transmitted to the external device via mobile storage in which no security function exists or no security function is set.02-12-2009
20130091583METHOD AND DEVICE FOR SECURED ENTRY OF PERSONAL DATA - A method for secured entry of personal data is disclosed. This method comprises for each item of personal data a first step of presentation of a virtual keyboard comprising keys and a first cursor, followed by a step of selection of a key corresponding to the item of personal data wherein the virtual keyboard also comprises at least one dummy cursor and wherein the position on the virtual keyboard of the at least one dummy cursor depends on the position of the first cursor. A device for secured entry of personal data configured to implement the method is further disclosed.04-11-2013
20090328227ANTI-PIRACY MEASURES FOR A VIDEO GAME USING HIDDEN SECRETS - Embodiments are directed towards employing hidden secrets on a client device to detect and deter piracy of a computer application. The computer application is partitioned into components, where a subset of the components is initially provided to the client device. In one embodiment, the computer application is unable to execute properly within the removed or other set of components. The removed components not provided to the client device may then be modified based on hidden secrets information and a verification component and provided over a network to the client device. If the verification component is unable to locate an armed secret, or detects that an armed secret is modified, the computer application may be inhibited from installation and/or execution. In one embodiment, a secret might be unarmed, such that its presence, absence, and/or modification might be ignored.12-31-2009
20090307779Selective Security Masking within Recorded Speech - A marker is derived from an interaction between a person and an agent of a business and the agent's user interface. A part of a speech signal that corresponds to a portion of the person's special information is located with the marker. The speech signal results from the interaction between the person and the agent. The part of the speech signal that corresponds to the portion of the person's special information is rendered unintelligible.12-10-2009
20090307778Mobile User Identify And Risk/Fraud Model Service - Transactions using, for example, Near Field Communication (NFC), Bluetooth, online, or other applications, may pose a risk of fraud or identity theft. According to an embodiment, a method of evaluating transaction information in view of potential fraud and/or risk includes receiving transaction information at a remote location. The method also includes correlating the received transaction information with user data maintained at the remote location. The method further includes generating a score and/or risk or fraud data based on the correlating. Such transactions may be facilitated by a payment service provider. Related methods, devices, and systems are also disclosed.12-10-2009
20120192285Software License Serving In A Massively Parallel Processing Environment - Techniques for implementing software licensing in a massive parallel processing environment on the basis of the actual use of licensed software instances are disclosed. In one embodiment, rather than using a license server or a node-locked license strategy, each use of a licensed software instance is monitored and correlated with a token. A store of tokens is maintained within the licensing system and a token is consumed after each instance successfully executes. Further, a disclosed embodiment also allows jobs that execute multiple software instances to complete execution, even if an adequate number of tokens does not exist for each remaining software instance. Once the license tokens are repurchased and replenished, any overage consumed from previous job executions may be reconciled. In this way, token-based licensing can be adapted to large scale computing environments that execute jobs of large and unpredictable sizes, while the cancellation of executing jobs may be avoided.07-26-2012
20120192284METHOD FOR ACQUISITION OF SOFTWARE APPLICATIONS - A method for acquisition of a software application stored on a software application distribution unit and intended to be supplied to a user computer unit is disclosed wherein, the user computer unit communicates an item of identification information identifying the software application to be acquired to an electronic security module connected to the user computer unit. The module generates, using a secret and identification information, an item of user information and transmits it with the identification information to the unit. The unit protects with the user information the software application identified by the identification information and the protected software application is transmitted to the user computer unit. Thus, the software application is protected with an item of information from the electronic security module of the user. The protected software application then has its protection removed on an electronic security unit equipped with an electronic security module.07-26-2012
20120192283Interlocked Binary Protection Using Whitebox Cryptography - A system and method for transforming a software application comprising binary code and optionally associated data, from an original form to a more secure form. The method includes performing a combination of binary transmutations to the application, and interlocking the transmutations by generating and placing interdependencies between the transmutations, wherein a transmutation is an irreversible change to the application. Different types of the transmutations are applied at varied granularities of the application. The transmutations are applied to the application code and the implanted code as well. The result is a transformed software application which is semantically equivalent to the original software application but is resistant to static and/or dynamic attacks.07-26-2012
20120192282SEMICONDUCTOR DEVICE - A semiconductor device includes a nonvolatile memory, and an interface configured to transfer data to and from the nonvolatile memory. The interface includes a security logic unit which controls a security level for the data written to the nonvolatile memory, in accordance with a plurality of preset security codes and a lock code that is written to a specific area in the nonvolatile memory.07-26-2012
20090094700INFORMATION PROCESSING APPARATUS - An information processing apparatus includes a housing that accommodates electronic components for processing security information, a power source that supplies power to the electronic components, a detection circuit that is connected in parallel to the power source with respect to the electronic components and detects an abnormality when a physical opening action affects the housing, a memory processing section that deletes the security information or makes it impossible to read out the security information from a memory in the electronic components when the abnormality is detected, and a notifying section that notifies the abnormality when the abnormality is detected. When the abnormality is detected, power is supplied from the power source to the memory.04-09-2009
20130074192DATA SECURITY IN A MULTI-NODAL ENVIRONMENT - A data security manager in a multi-nodal environment enforces processing constraints stored as security relationships that control how different pieces of a multi-nodal application (called execution units) are allowed to execute to insure data security. The security manager preferably checks the security relationships for security violations when new execution units start execution, when data moves to or from an execution unit, and when an execution unit requests external services. Where the security manager determines there is a security violation based on the security relationships, the security manager may move, delay or kill an execution unit to maintain data security.03-21-2013
20130074191METHOD FOR CONTROLLING CONTENT UPLOADED TO A PUBLIC CONTENT SITE - A method allowing members of an organization to share content on a public content site without violating the organization's security policy. Instead of sharing an original content at a public content site in violation of the security policy, the originator shares a shared content which is included in a document provided at the public content site. The receiver's client transforms the document received from the public content site and replaces the shared content with a representation of the original content.03-21-2013
20130074190APPARATUS AND METHOD FOR PROVIDING SECURITY FUNCTIONS IN COMPUTING SYSTEM - An apparatus for providing security functions in a computing system includes: at least one normal service domain executing service; a secure service domain performing integrity verification on a service execution environment of at least one normal service domain, and performing the security service function for the service in accordance with the result of the integrity verification; and a virtual machine monitor separating service execution environments of at least one normal service domain and the secure service domain, respectively, based on the same hardware device. According to the present invention, it is possible to enhance the security for execution environments of the computing system and the data stored in the system, by allowing the corresponding services, which need security service functions in the normal service domain, to be executed necessarily only when integrity verification of the execution environment succeeds by linking the secure service domain.03-21-2013
20130074189SOFTWARE LICENSE RECONCILIATION WITHIN A CLOUD COMPUTING INFRASTRUCTURE - A method, system, and computer program product for managing software program installations in a cloud computing environment. An example method includes calculating, by a computer processor, a maximum number of software licenses that could be required according to a software license rule from a software license agreement to run a set of software program instances on a set of servers configured as a computing cloud. Each software program instance is an installation of the software program on a different logical partition, and at least two of the servers from the set of servers are capable of requiring a different number of software licenses according to the software license rule. The method also includes determining if the maximum number of software licenses exceeds an allowed number of software licenses granted in the software license agreement.03-21-2013
20110067111CONTENT RECEIVER, CONTENT REPRODUCER, CONTENT REPRODUCING SYSTEM, CONTENT WRITING-OUT METHOD, VIEWING EXPIRATION TIME DETERMINING METHOD, AND PROGRAM - A content receiver writes out, together with content received from a content server, time supply source designation information indicating a second time supply source designated by a copyright protection system (DRM) to an exchangeable medium in association with the content. When the time supply source designation information is recorded in the exchangeable medium, a content reproducer performs viewing expiration time determination for the content recorded in the exchangeable medium referring time obtained on the basis of the second time supply source indicated by the time supply source designation information instead of a first time supply source referred to in order to specify present time used in determining a viewing expiration time in a content protection system (CPS).03-17-2011
20110209221Proximity Based Networked Media File Sharing - Among other things, methods, systems and computer program products are disclosed for manipulating media. In one aspect, one or more processes executing on a host computer system detect that a portable electronic device is within a predefined communications proximity relative to the host computer system, establish wireless communications and exchange information with the portable electronic device sufficient to determine that metadata relating to one or more items of visual media content reside on the portable electronic device. The metadata is used to retrieve the one or more items of visual media content from a storage location separate from the portable electronic device. The retrieved one or more items of visual media content are added to a list of visual media content available for presentation on a presentation device associated with the host computer system.08-25-2011
20130061329Method Of Decrypting An Electronic Document For The Safety Management Of The Electronic Document - A method of encrypting/decrypting the document and a safety management storage device and system method of its safety management, using for the safety management of electronic documents, the said system comprising a PC or mainframe installed with common reading software and a storage device of safety management connected to the said PC/mainframe through hot-plug; when connected to the mainframe, the said storage device is enumerated as a USB CDROM device at least. The user owns the said storage device can encrypt the electronic documents by using the encryption keys to generate an encrypted document with the same file type, also can open the encrypted document by using common reading software, and then use the document according to the predetermined operation authority.03-07-2013
20090300768Method and apparatus for identifying phishing websites in network traffic using generated regular expressions - According to an aspect of this invention, a method to detect phishing URLs involves: creating a whitelist of URLs using a first regular expression; creating a blacklist of URLs using a second regular expression; comparing a URL to the whitelist; and if the URL is not on the whitelist, comparing the URL to the blacklist. False negatives and positives may be avoided by classifying Internet domain names for the target organization as “legitimate”. This classification leaves a filtered set of URLs with unknown domain names which may be more closely examined to detect a potential phishing URL. Valid domain names may be classified without end-user participation.12-03-2009
20090271869Process for Establishing a System Licensing Internal Code Table - A process for establishing a system licensing internal code table used in a basic input/output system is disclosed, in which the basic input/output system includes a system control module. According to the process, the system-locked pre-installation location of the system control module is determined whether it stores the identifying data. If the identifying data is stored in the system-locked pre-installation location, the identifying data is determined whether it is the pre-determined data. The system licensing internal code table is established if the identifying data is not the pre-determined data.10-29-2009
20090271868SITE DETERMINING METHOD - A site check method is provided that enables a user to check, when the user accesses a predetermined site, whether the site is legitimate or not. The method includes a first display step in which, when the user accesses a first server managing the site from a first information terminal, the first server has the first information terminal display predetermined check information. The method further includes a second display step in which, when the user accesses a second server from a second information terminal, the second server has the second information terminal display the check information.10-29-2009
20090055934METHOD AND APPARATUS FOR SIMULTANEOUS VIEWING OF TWO ISOLATED DATA SOURCES - A method and apparatus for simultaneously displaying data from different sources. A data processing system includes a display unit, data processing units, and data diodes. The display unit has controls that are capable of generating control signals and the display unit is capable of simultaneously displaying the data from the different sources. The data processing units are arranged in a hierarchy of rankings. Each data processing unit is capable of accessing one of the sources. The data diodes are in the connections carrying control signals from the controls to data processing units and are in connections from one data processing unit to another data processing unit. Data is capable of moving only from a lower ranked data processing unit to a higher ranked data processing unit. Data is prevented from moving from a higher ranked data processing unit from a lower ranked data processing unit.02-26-2009
20090055933System, Method and Machine-Readable Medium for Periodic Software Licensing - A system and method for periodically licensing a software having a server configured to receive a first request code for a term extension of a software license, the request code being initiated by a user of an application unit, the term extension allows the software to operate within a predetermined period of time, provide advertising information to the application unit, and provide the term extension for the software license.02-26-2009
20090055932INFORMATION DISTRIBUTING APPARATUS AND METHOD, RECEIVING APPARATUS AND METHOD, DISTRIBUTION SYSTEM, AND COMPUTER PROGRAM - A distribution system is provided with: a distributing apparatus being provided with: a first compressing device (02-26-2009
20120227111Method and system of organizing credentials data online - A system and method of disseminating information about an individual's achievements allows the individual to create a web portal within a social network web site and display the data about individual's credentials, awards, trophies and the like in a separate distinct modules. The system provides hyperlinks to the institutions that store authenticating data about the individual's achievements. When the web portal of the individual is linked via the Internet to the institution's database, a visitor to the web portal can connect to the institution's web site and verify the credentials posted on the web portal.09-06-2012
20110047627METHOD AND SYSTEM FOR SECURE DATA EXFILTRATION FROM A CLOSED NETWORK OR SYSTEM - A method, system, and device for secure data exfiltration from a closed communications network or system, including at least one of means for data exfiltration from one or more of computers or computing devices of a closed communications network or system to one or more of computers or computing devices on another communications network or system; and means for internal or external secure data storage coupled to the exfiltration means and the other communications network or system and configured to receive the data for exfiltration based on control from the exfiltration means.02-24-2011
20130167247SELECTIVELY WIPING A REMOTE DEVICE - A system and method for selectively securing data from unauthorized access on a client device storing a plurality of data types with reference to an authorization level indicated in a command. A command is received at a client device comprising an authorization level indicator. Based on at least one predefined rule, which may be implemented in an IT policy stored at the client device, each of the plurality of data types to be secured is determined, and then the data corresponding to those types is secured. The data may be secured by encrypting and/or deleting the data at the client device. The predefined rules associated with each authorization level may be configured by a user or administrator having an authorization level that exceeds the associated authorization level.06-27-2013
20120117658INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - The information processing apparatus includes: a tampering determination unit (05-10-2012
20120117657ATTRIBUTE INFORMATION PROVIDING SYSTEM - A system which implements a method for providing attribute data. A request is received from a user device via a network for a virtual ID token relating to attribute information pertaining to a subscriber associated with the user device. A data record including L attributes of the subscriber is read from a database, L being at least 2. The data record is provided to the user device via the network. A selection of M attributes of the L attributes is received from the user device via the network, M being less than L. A virtual record including the M attributes selected from the data record is generated, the virtual record including a virtual ID (VID) for identifying the virtual record. The generated virtual record is stored in the database. The virtual ID token is provided to the user device via the network, wherein the virtual ID token includes the VID.05-10-2012
20130067587PROTECTING ARCHIVE STRUCTURE WITH DIRECTORY VERIFIERS - An archive of an object set may include various security features that enable a detection of alterations of the contents of the objects. However, the security measures of an archive may fail to detect an inadvertent or intentional alteration of the structure of the object set, including the addition of new objects, changes to the metadata (e.g., the name, position within the object set, and location and size within the archive) of respective objects of the object set, and the deletion of directory entries for the objects. Therefore, an archive may be generated with verifiers (e.g., hashcodes) calculated not only for the contents of objects, but for the directory of the archive, and may be included in the signature of the archive. This verification may extend the detecting of alteration of the archive to include the structure of the archive as well as the contents of the objects contained therein.03-14-2013
20130067586Anti-counterfeit System using product authentication and rewards points - A authentication system to avoid the consumption of counterfeit products comprising a method using the World Wide Web to verify each individual merchandise using a unique identification number and verifying the unique number against a database online. Further the authentication system comprises a loyalty program in order to encourage customers to use and to denounce counterfeit product sellers.03-14-2013
20110023127INTERNET SYSTEM FOR FACILITATING HUMAN USER ADVISEMENT AND LICENSING OF COPYRIGHTED WORKS OF AUTHORSHIP - An Internet system for disseminating information regarding works or authorship, including a server and a client device connected to the Internet and wherein when any one web page out of a set of web pages is displayed on the client device and when a work of authorship is displayed as part of the web page, an image is also displayed near the work of authorship, as part of the webpage and when a user clicks on the image, copyright information concerning the work of authorship is presented in a user-perceivable manner.01-27-2011
20110023126LICENSE MANAGEMENT SYSTEM AND AUTHENTICATION METHOD FOR THE SAME - In a license management system, a terminal apparatus and a server apparatus are connected via a network, and the server apparatus manages licenses of software in the terminal apparatus. In this license management system, when the server apparatus receives a request to re-authenticate a license that has previously be authenticated from the terminal apparatus, the server performs re-authentication of the license based on different pieces of terminal identification information and a plurality of pieces of device information that have been transmitted from the terminal apparatus, and a plurality of pieces of device information that have been stored due to authentication processing.01-27-2011
20110023125METHOD AND SYSTEM FOR INTEGRATING REMOTE DEVICES INTO A DOMESTIC VLAN - A gateway network device may establish secure connections to a plurality of remote network devices using tunneling protocols to distribute to the remote network devices multimedia content received from one or more content providers. The consumption of the multimedia content may originally be restricted to local network associated with the gateway network device. The secure connections may be set up using L2TP protocol, and the L2TP tunneling connections may be secured using IPSec protocol. Use of multimedia content may be restricted based on DRM policies of the content provider. DRM policies may be implemented using DTCP protocol, which may restrict use of the multimedia content based on roundtrip times and/or IP subnetting. Each content provider may use one or more VLAN identifiers during communication of the multimedia content to the gateway network device, and the gateway network device may associate an additional VLAN identifier with each secure connection.01-27-2011
20110023124DRM Scheme Extension - A method for achieving a secure recording and storing of a recorded activity is based on an extended Digital Rights Management (DRM) system. A recording and storing procedure is initiated, in response to recognising one or more triggers at a device hosted by a user equipment. On the basis of the one or more triggers a Rights Issuer is located, and a Recording and Storing Instruction (RSI) is retrieved from the RI, using an existing DRM standard. Based on the RSI, a trusted storage for storing the recorded activity is located, and one or more recording procedures, involving one or more recording equipments, are activated and managed by the device. Before the recorded content is forwarded to the trusted storage, a protected content is generated from the recorded content, according to content of the RSI.01-27-2011
20110023123LICENSED FEATURE ENABLEMENT MANAGER - Systems and methods provide for licensed feature enablement management for deploying software to be used in conformance with a software license agreement. The system includes a software application provider server that deploys a software application and a role hierarchy enumerating a list of roles and features of the software application that each role in the list of roles is licensed to use in accordance with a license agreement. The software application provider server further comprises a role examiner server that determines whether the deployed software application is being used in compliance with the software license. The system also includes a customer enterprise application server that receives the deployed application and role hierarchy and enables use of the application to customer employees based on their assigned roles. The customer enterprise application server comprises a role directory server that responds to queries from the role examiner to maintain conformance with the software license.01-27-2011
20130067589DYNAMIC COMMUNITY GENERATOR - Embodiments of the invention are directed to systems, methods, and computer program products configured to determine communities within an organization dynamically based on the distribution of entitlements within the organization.03-14-2013
20130067588Method for Enhancing Privacy of Internet Browser Users - A method for enhancing the privacy of individuals who may be tracked while visiting different sites on the Internet using conventional browsers is disclosed. The method is based on randomizing the information collected in cookies that are used for tracking by different websites.03-14-2013
20130067585SEPARATE SCRIPT CONTEXT TO ISOLATE MALICIOUS SCRIPT - Various embodiments provide an ability to isolate execution of trusted content and/or script from execution of untrusted content and/or script. Separate contexts and/or execution environments can be used for the trusted content and untrusted content, respectively. A trusted context and/or execution environment associated with execution of trusted content can be configured to enable access to sensitive resources associated with a computing device. An untrusted context and/or execution environment associated with execution of untrusted content can be configured with limited and/or no access to the sensitive resources. Alternately or additionally, data generated within the untrusted context can be transferred to the trusted context in a benign manner.03-14-2013
20090249488FLEXIBLE APPLIANCE HOSTING WITH COORDINATION OF DEPLOYMENT, LICENSING AND CONFIGURATION - Operating parameters of one or more software appliances may be set at a configuration manager. Compliance of the one or more software appliances with license terms may be maintained at a license manager. Communications may be executed between the license manager and the configuration manager to maintain compliance of the operating parameters with the license terms. A user interface may be provided for administration of the one or more software appliances therewith, the administration including deployment of the one or more software appliances, the license manager, the configuration manager, and a deployment manager within a system landscape. Communication may be executed between the license manager and the deployment manager to maintain compliance of the administration of the one or more software appliances with the license terms. Communication may be executed between the deployment manager and the configuration manager to manage the deployment relative to the operating parameters.10-01-2009
20120272330Anti-Phishing System and Method - Systems and methods for anti-phishing are disclosed. At a computing device: identifying, from a user input data stream, a first set of one or more characters, and a second set of one or more characters. The first set of characters represents a portion of first private information, and the second set of characters represents a portion of second private information. In accordance with a determination that the first set of characters and second set of characters are identified in accordance with a predefined sequential relationship, taking a protective action, prior to transmitting at least a subset of the characters of the first or second private information to a server remotely located from the computing device, to protect the first or second private information. In some implementations, the first private information includes a username, and the second private information includes a password corresponding to the username.10-25-2012
20120272327WATERMARKING METHOD AND APPARATUS FOR TRACKING HACKED CONTENT AND METHOD AND APPARATUS FOR BLOCKING HACKING OF CONTENT USING THE SAME - Watermarking method and apparatus for tracking hacking and method and apparatus for blocking hacking of content are provided. The watermarking method includes: obtaining device information from a reception device, with which content is shared, through a determined network channel; generating watermark data based on the obtained device information; and generating watermarked multimedia content by inserting the generated watermark data into content. The method of blocking hacking of content includes: if hacked content is found, detecting watermark data from the hacked content; detecting transmission and reception device information from the detected watermark data; and extracting a progress route of the content based on the detected transmission and reception device information and performing revocation on a hacked device.10-25-2012
20090235362DATA TRANSMISSION APPARATUS AND METHOD, DATA RECEIVING APPARATUS AND METHOD, AND DATA TRANSMISSION AND RECEPTION SYSTEM AND METHOD - The protection of data against illicit transfer with respect to specific data can be ensured. An integrated receiver decoder determines whether or not ATRAC (Adaptive Transform Acoustic Coding) data requiring authentication is contained in selected piece-of-music data in accordance with determination data added into transmitted data. When ATRAC data requiring authentication is contained, the integrated receiver decoder performs an authentication process between it and a storage which is a transfer destination of the ATRAC data, and performs downloading of the ATRAC data after confirming that the storage is a valid apparatus to which the downloading may be performed.09-17-2009
20090235361SEGMENT BASED DIGITAL CONTENT PROTECTION - Techniques are disclosed herein for applying different content protection schemes to different segments of digital content. A method for protecting digital content includes determining segments within digital content that is organized to allow presentation in a certain order. Each of the segments is assigned to a category of a group of categories. Each of the categories has a different content protection scheme associated therewith. One of the protection schemes is applied to each segment based on the category associated with the segment.09-17-2009
20090235360DETECTING A PHISHING ENTITY IN A VIRTUAL UNIVERSE - An invention for detecting a phishing virtual entity in a virtual universe is disclosed. A virtual entity may be registered as authentic and be identified with multiple physical characteristics thereof. Another virtual entity will be monitored to detect whether it includes a physical characteristic that is sufficiently similar to that of a registered virtual entity to cause confusion. A phishing virtual entity is detected based on the monitoring and phishing prevention processes may be implemented on the phishing virtual entity.09-17-2009
20090025085METHOD AND SYSTEM FOR DOWNLOADING DRM CONTENT - A method and system for downloading DRM contnt are provided. The method includes a first device supporting DRM technology and acquiring content information from a download descriptor downloaded from a content provider system, the first device transmitting the acquired content information to a second device not supporting DRM technology, and the second device downloading the DRM content from the content provider system using the downloaded content information.01-22-2009
20120233704INFORMATION PROCESSING APPARATUS, KEY GENERATION APPARATUS, SIGNATURE VERIFICATION APPARATUS, INFORMATION PROCESSING METHOD, SIGNATURE GENERATION METHOD, AND PROGRAM - Provided is an information processing apparatus for realizing an electronic signature system of the MPKC signature method capable of safety certification with respect to chosen-message attack. An information processing apparatus including a first inverse transformation unit that transforms an element y of a finite ring K09-13-2012
20120233702COMMUNICATION APPARATUS THAT COMMUNICATE IN DIFFERENT SECURITY LEVELS AND COMPUTER-READABLE MEDIA FOR CONTROLLING SUCH APPARATUS - A communication apparatus may include a reception portion, a decision portion, and a transmission portion. The reception portion may receive a first data request transmitted through a first security level communication, and a second data request transmitted through a second security level communication, the second security level being more secure than the first security level. The decision portion may decide whether a specific data request is the first data request or the second data request. The transmission portion may transmit a specific data to an apparatus that is a transmission source of the specific data request if the specific data request is the second data request, and may transmit different data to the apparatus if the specific data request is the first data request. The different data contains display information for causing the apparatus to retransmit the specific data request through the second security level communication.09-13-2012
20120233701CONTENT LICENSE ACQUISITION PLATFORM APPARATUSES, METHODS AND SYSTEMS - The CONTENT LICENSE ACQUISITION PLATFORM APPARATUSES, METHODS AND SYSTEMS (“CLAP”) transform content seed selections and recommendations via CLAP components such as discovery and social influence into events and discovery of other contents for users and revenue for right-holders. The CLAP may identify an unlicensed content item and uniquely resolve it within a universally resolvable media content (“URMC”) service. The CLAP may obtain aggregate URMC service user engagement metric associated with the uniquely resolved content item during a predefined period of time and an aggregate URMC service user engagement metric associated with a plurality of URMC items during the predefined period of time. The aggregate URMC service user engagement metrics may be evaluated using at least one URMC license request threshold rule. A target for a license request for the uniquely resolved content item may be identified and the license request may be sent to the identified target.09-13-2012
20090013411Contents Rights Protecting Method - A method for protecting a rights object for a content, wherein when a discard of a rights object with respect to a certain content is requested due to a missing of a terminal which stores the rights object with respect to the content, a rights issuer (RI) receives a confirmation request for whether a certificate has been discarded from the terminal, confirms the certificate discard through an Online Certificate Status Protocol (OCSP) responder, and then notifies the terminal of the certificate discard, and accordingly the terminal confirms the discard of the certificate of the terminal and removes the rights object with respect thereto. In addition, a user who has removed the rights object with respect to the content can continuously use the corresponding content by entirely or partially re-obtaining the rights object with respect to the content from which the rights object has been discarded.01-08-2009
20090007272Identifying data associated with security issue attributes - A method for identifying data related to a software security issue is provided. The method includes accessing a software security issue and determining one or more attributes associated with the software security issue. The method also includes accessing aggregated software security data retrieved from a plurality of on-line sources and searching the aggregated software security data for the attributes associated with the security issue. The method further includes associating a portion of the aggregated data with the security issue based on matching the attributes associated with the security issue with contents of the portion of the aggregated data.01-01-2009
20090007271Identifying attributes of aggregated data - A method for identifying a portion of aggregated software security data is described. The method includes accessing aggregated data associated with software vulnerabilities retrieved from a plurality of on-line sources. The method further includes searching a portion of the aggregated data for an exact match to a particular attribute of the data and searching the portion of the aggregated data for one or more partial matches associated with the particular attribute. The method also includes associating the portion of the data with the particular attribute based on the exact match of one or more of the partial matches.01-01-2009
20110321171Deleting Confidential Information Used to Secure a Communication Link - A system includes a first wireless-enabled device that transparently stores confidential information and a second wireless-enabled device that stores the same confidential information. The confidential information is to be used to secure a wireless communication link between the first device and the second device. One or both of the first device and the second device is to delete the confidential information upon fulfillment of one or more conditions related to the communication link.12-29-2011
20110321170FRAUDULENT MANIPULATION DETECTION METHOD AND COMPUTER FOR DETECTING FRAUDULENT MANIPULATION - A client computer detects a user operation for transmitting data to a server or a storage device, determines whether the detected user operation is a fraudulent manipulation, and, if the determination is a positive result, performs security processing which is processing related to security of data to be transmitted. If the data is data within a group to which the user belongs and a destination of the data is a server or a storage device outside the group, the determination is a positive result.12-29-2011
20110321169Generating Minimality-Attack-Resistant Data - The present disclosure is directed to systems, methods, and computer-readable storage media for generating data and data sets that are resistant to minimality attacks. Data sets having a number of tuples are received, and the tuples are ordered according to an aspect of the tuples. The tuples can be split into groups of tuples, and each of the groups may be analyzed to determine if the group complies with a privacy requirement. Groups that satisfy the privacy requirement may be output as new data sets that are resistant to minimality attacks.12-29-2011
20110321168THWARTING CROSS-SITE REQUEST FORGERY (CSRF) AND CLICKJACKING ATTACKS - Embodiments of the invention generally relate to thwarting fraud perpetrated with a computer by receiving a request from a computer to perform a transaction. Embodiments of the invention may include receiving the request together with transaction data and a cookie, where the transaction data are separate from the cookie; determining in accordance with predefined validation criteria whether the cookie includes a valid representation of the transaction data; and performing the transaction only if the cookie includes a valid representation of the transaction data.12-29-2011
20110321167AD PRIVACY MANAGEMENT - In general, this specification relates to content presentation. In general, one aspect of the subject matter described in this specification can be embodied in methods that include the actions of receiving a privacy request from a mobile device, the privacy request including an encoded device identifier; authenticating the request; decoding the device identifier; retrieving mobile device advertising data associated with the decoded device identifier; and applying the privacy request to the mobile device advertising data. Other embodiments of this aspect include corresponding systems, apparatus, and computer program products.12-29-2011
20130167244System for Managing Risk in Employee Travel - A system for managing risk in employee travel may control access by users to the travel risk management system. The travel risk management system may receive and store company information for a client company subscribing to the travel risk management system, and allow activation code packages to be defined for allowing a specified number of activation codes to be generated for the subscribing client company. Once the activation code packages are defined, the specified number of activation codes may be generated and assigned to employee's of the subscribing client company. The system may provide for defining super admin users authorized to input client company information and define activation code packages, and client admin users authorized to select activation code packages, and generate and assign the activation codes to users.06-27-2013
20130167243Secure User Interface Content - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for handing secure user interface content. In one aspect, a method includes receiving, at a data processing apparatus, content over a communication network from a computing system separate from the data processing apparatus; determining that the received content is authentic secure content; retrieving information stored at the data processing apparatus and previously selected by a user for purposes of securing user interface content; rendering the received content, to a display of the data processing apparatus, as a user interface with a visual wrapper, where the visual wrapper includes the retrieved information, visually separates the user interface from other visual elements on the display, and includes an indication that the user interface is secure; and processing input received through the user interface.06-27-2013
20130167242Software Application Operational Transfer - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, enable software application transfer among connected computing devices. In one aspect, a method includes receiving a request, corresponding to an application running on a first computer, to operate the application on a second computer; initiating a communication session between the first computer and the second computer over a network; disabling the application on the first computer with respect to one or more operational parameters; and enabling the application on the second computer with respect to the one or more operational parameters. The one or more operational parameters can include a software licensing state of the application, current application data of the application running on the first computer, or both.06-27-2013
20130167245CUSTOMER ERROR SCREEN CAPTURE - A method for capturing a user's view of an electronic screen having an error message in a health management application without showing private information of the user includes receiving an error message from a web service responding to a request for a web page by the user. The method includes receiving an electronic file of the web page with the error message, redacting private information of the user from the electronic file to create a redacted electronic file, and storing the redacted electronic file in a support log module.06-27-2013
20130167246RESTRICTING OPERATION RESULTS FROM BEING TRANSFERRED TO COUPLED EXTERNAL DEVICE - Described embodiments provide a method and user equipment for restricting transferring of image data produced by a predetermined application to a coupled external device. The method may include detecting an activation of an application in a user equipment while the user equipment is coupled to an external device and determining whether image data produced by the activated application is transferred to the coupled external device. The determining may include restricting the produced image data of the activated application from being transferred to the coupled external device when an application control type of the activated application is a restricted application, otherwise, transferring the produced image data of the activated application to the coupled external device.06-27-2013
20080301816Method and system for handling keystroke commands - Keystroke commands are safeguarded from keyboard logging malware based on a destination application's memory address.12-04-2008
20080229427Method and apparatus for secure web browsing - The invention includes a method and apparatus for protecting a user device from web attacks using a proxy server. In one embodiment, a method includes receiving a web page comprising web page content and code, generating an image-based representation of the web page that includes the web page content and excludes the code, and propagating the image-based representation of the web page toward the user device. In one embodiment, a method includes receiving an interaction with an image-based representation of a web page, generating a web page interaction from the interaction with the image-based representation of the web page, implementing the web page interaction, generating an instruction using the implemented web page interaction, and propagating the instruction toward a web server.09-18-2008
20120233703TECHNIQUES TO POLLUTE ELECTRONIC PROFILING - Techniques to pollute electronic profiling are provided. A cloned identity is created for a principal. Areas of interest are assigned to the cloned identity, where a number of the areas of interest are divergent from true interests of the principal. One or more actions are automatically processed in response to the assigned areas of interest. The actions appear to network eavesdroppers to be associated with the principal and not with the cloned identity.09-13-2012
20100058482IMAGE FORMING APPARATUS, LICENSE DETERMINING METHOD, RECORDING MEDIUM - An image forming apparatus for executing an application constituted by one or more program modules, includes a license target identification information generating unit configured to generate license target identification information used for identifying which of the program modules are targets of license management, and to store the license target identification information in a storage device, wherein the license target identification information is generated based on one or more program module information items each being associated with one of the program modules to indicate whether the corresponding program module is a target of license management; and a license determination unit configured to determine, in response to an input of a usage request to use the application, whether a license is present, wherein the determination is made only for one or more of the program modules identified as being the targets of license management based on the license target identification information.03-04-2010
20110283362 DATA STORAGE DEVICE AND METHOD - An entertainment device, comprises a communication arrangement operable to receive audio segment data from an audio segment data source and to receive audio segment selection data from an audio segment selection data source in connection with an interactive audio segment data selection session as between the entertainment device and the audio segment selection data source; an audio segment selector operable to generate audio segment selection data in response to selections made by a user interacting with a user interface of the entertainment device; and a storage arrangement operable to store the received audio segment data; in which: the storage arrangement is operable to limit the duration of storage of audio segment data which was received from the audio segment data source and which was selected according to either the received audio segment selection data or the generated audio segment selection data.11-17-2011
20110283363BROWSER WITH DUAL SCRIPTING ENGINE FOR PRIVACY PROTECTION - A data processing system has a browser with scripting engine means for executing a script. The scripting engine means implements a public scripting engine and a private scripting engine. The browser is configured to have the script executed by the public scripting engine if the script does not require access to a pre-determined resource at the system. The browser is configured to have the script executed by the private scripting engine if the script requires access to the pre-determined resource. Only the private scripting engine has an interface for enabling the script to access the predetermined resource. The scripting engine means is configured to prevent the private scripting engine from communicating data to the public scripting engine or to a non-approved server external to the data processing system.11-17-2011
20090328229SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PERFORMING A DATA PROTECTION OPERATION - A system, method and computer program product for performing a data protection operation is provided. The method includes receiving a write instruction that is associated with a writable entity, the write instruction includes a writable entity identifier, and data protection metadata indicative of a relevancy of at least one data protection operation to be applied in relation to the write instruction, and participating in an execution of a relevant data protection operation, if such a relevant data protection operation exists.12-31-2009
20090151000LICENSE MANAGEMENT DEVICE AND METHOD - Security is secured according to the type of a license so that unnecessary processing load is reduced. A license accumulation control unit (06-11-2009
20110302659DATA SECURITY IN A MULTI-NODAL ENVIRONMENT - A data security manager in a multi-nodal environment enforces processing constraints stored as security relationships that control how different pieces of a multi-nodal application (called execution units) are allowed to execute to insure data security. The security manager preferably checks the security relationships for security violations when new execution units start execution, when data moves to or from an execution unit, and when an execution unit requests external services. Where the security manager determines there is a security violation based on the security relationships, the security manager may move, delay or kill an execution unit to maintain data security.12-08-2011
20110289595INFORMATION PROCESSING DEVICE, INFORMATION RECORDING MEDIUM MANUFACTURING DEVICE, INFORMATION RECORDING MEDIUM, METHODS THEREFORE, AND COMPUTER PROGRAM - An information processing device for executing content reproduction processing includes: a content reproduction processing unit for executing data transformation processing for replacing a part of configuration data of input content to be reproduced with transformation data, and executing processing for reproducing the reproduction content; and a parameter generating unit for providing the content reproduction processing unit with a parameter to be applied in the data transformation processing; wherein the content reproduction processing unit has a configuration for obtaining a parameter identifier that is different for each segment set as a sectioning region of reproduction content, and outputting a parameter calculation request accompanied by the parameter identifier to the parameter generating unit; and wherein the parameter generating unit has a configuration for providing the content reproducing unit with a parameter corresponding to a segment, in response to the parameter calculation request from the content reproducing unit.11-24-2011
20110289594CONTENT RECEIVER, CONTENT UTILIZATION SYSTEM, VIEWING TIME LIMIT DETERMINATION METHOD, PROGRAM, AND RECORDING MEDIUM - When a control unit of a content receiver causes to write out content to an exchangeable medium, causes to also write out a viewing license of the content to the exchangeable medium, and further causes an invalidating/validating unit to invalidate a viewing license of related content belonging to a same predetermined content group as the content if a viewing time limit of the content is not determined. When a content reproducer reproduces the content recorded in the exchangeable medium, determines the viewing time limit of the content and records it to the exchangeable medium. When the exchangeable medium which is reproduced by the content reproducer is installed, the control unit causes to set a viewing time limit of the related content to the same time limit as the viewing time limit of the content on the exchangeable medium and causes to validate the viewing license of the related content.11-24-2011
20110289592DIGITAL RIGHTS MANAGEMENT WITH IRREGULAR NETWORK ACCESS - There is a performing of digital rights management (DRM), operable in an offline mode with respect to a communications network. The performing includes identifying a stored rights object associated with a stored asset. The stored rights object includes reporting duration information associated with the stored asset. The performing also includes determining, utilizing a processor, whether a transmission of an early status message is a successful communication based on an early status message determination. If a failure in communicating the early status message is determined, utilizing the stored asset. The performing may also include transmitting an early status message and/or later status message after identifying the stored rights object. There is also a performing of digital rights management (DRM) associated with a DRM system and operable in an offline mode with respect to a communications network. There are also client devices, communicating systems, computer readable mediums and protocols.11-24-2011
20110289589UNAUTHORIZED OPERATION DETECTION SYSTEM AND UNAUTHORIZED OPERATION DETECTION METHOD - The content of operations is identified and an alert is generated to an operation having a high risk of information leakage.11-24-2011
20090165141INFORMATION USAGE CONTROL SYSTEM AND INFORMATION USAGE CONTROL DEVICE - A system includes: first and second devices that each register, in response to a request from a user, control information for target information in a memory, and provide, upon receipt of a request for usage information concerning the target information from the user, the user with the usage information, based on the control information in the memory, wherein the first device includes a first unit that provides, in response to the request from the user, the user with a list of the control information for the second device, and upon receipt of selection of the information from the list, sends the selected information to the second device so as to be associated with target information, and the second device includes a second unit that receives the control information associated with the target information and registers the control information in the memory so as to be associated with the target information.06-25-2009
20100125915Secure Computer Architecture - A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.05-20-2010
20110296530ELECTRONIC READING APPARATUS AND THE DATA SECURITY METHOD THEREOF - Present invention relates to an electronic reading apparatus with data security and anti-theft functions. The electronic reader apparatus has a code input unit for receiving a security code, and a code determining unit for determining an authenticity of the security code. When no security code, no authentic security code or even no operational signal has been received during the predetermined periods of time, a central control unit may stop a power supply unit from outputting power in order to turn off the electronic reader apparatus and clear the image shown on a display unit. As such, a content of sensitive or confidential data stored in the electronic reading apparatus may not be intruded.12-01-2011
20110296529SYSTEMS AND METHODS FOR USING A DOMAIN-SPECIFIC SECURITY SANDBOX TO FACILITATE SECURE TRANSACTIONS - Computer systems, methods, and computer readable media for facilitating a secure transaction are provided in which a client application is executed on a client computer. The client application initiates a request to a first domain comprising (i) a credential for the client application, (ii) a transaction identifier that uniquely identifies the request, and (iii) optionally, an identification of a user of the client application. Responsive to this request, the client receives a validated transaction module from the first domain. The client application loads the validated transaction module into a separate domain security sandbox that is segregated from memory space in which the client application is run. The validated transaction module conducts a validated transaction between the second domain and the validated transaction module. Separately, through the client application, a determination is made as to whether the transaction is complete by querying the first domain.12-01-2011
20110296532SECURE SERIAL NUMBER - A serial number for a software product is secured with an authenticator value. The authenticator value and the serial number are evaluated entirely by a remote authentication server such that no cryptographic authentication occurs on a local computer on which the software product is being installed. An abbreviated portion of the authenticator value is used for offline authentication.12-01-2011
20110296531TECHNIQUES FOR DETECTING AND PREVENTING UNINTENTIONAL DISCLOSURES OF SENSITIVE DATA - Protection is provided to prevent a computer user from unintentionally giving away sensitive data (e.g., security credentials, credit card number, PINs, personal data, or bank account number) to an illegitimate or unintended entity by means of a client application capable of communicating the sensitive data across a network to other computer users. To provide the protection, user input is monitored to detect a user entry of the sensitive data into the client application for communication to other users. When such an entry occurs, action is taken to reduce the likelihood of an unintentional giveaway of the sensitive data or to reduce the effects of an unintentional giveaway.12-01-2011
20110289591Software Validity Period Changing Apparatus, Method,and Installation Package - A software validity period changing apparatus includes a password information storage unit, an input device, an authentication unit, and a validity period changing unit. The authentication unit calculates a first hash value of the password stored in the password information storage unit, calculates a second hash value of a password input via the input device, and determines whether the first hash value matches the second hash value. The validity period changing unit decompresses an installation package into components, the installation package including a validity period and version information on each of the components, detects a position of the validity period if it is determined that the first hash value matches the second hash value, changes the validity period identified by the position to a validity period input through the input device, changes the version information, and combines the components to reproduce the installation package.11-24-2011
20090049555METHOD AND SYSTEM OF DETECTING ACCOUNT SHARING BASED ON BEHAVIOR PATTERNS - A system of detecting account sharing, based on analysis of users' behavior patterns is provided. In the present invention, the system comprises: a user authentication information database storing keystroke dynamics patterns related to a particular account in association with the account; and a sharing detection analyzer to analyze a cluster distribution of the keystroke dynamics patterns stored in the user authentication information database to determine whether the account is shared.02-19-2009
20090119781DIGITAL DATA REPRODUCING DEVICE - The present invention provides a digital data reproducing device having a simple configuration and being capable of protecting copyright of digital data such as video or audio. Content provider side embeds copyright management information (cumulative number of reproduction times, permissible number of reproduction times, etc.) into digital data that has been degraded by scrambling, and provides it to a content user. A reproducing device of the content user side causes copyright management information detection unit to detect the copyright management information, decreases the data degradation depending on result of the detection, and reproduces by data reproducing unit.05-07-2009
20130219505VALIDATING LICENSE SERVERS IN VIRTUALIZED ENVIRONMENTS - The present invention extends to methods, systems, and computer program products for validating license servers in virtualized environments. Embodiments of the invention leverage a set of features acquired or built in cloud computing environments to facilitate a software based solution providing uniqueness and immutability of a license server hosted in the cloud. Avoiding features of the underlying hardware systems results a much more flexible and reliable platform for hosting license servers. Features of a cloud storage service can be used to create a unique ID for a license server. Security and reliability of license servers hosted in a pubic cloud environment is also improved.08-22-2013
20090193523PIRACY PREVENTION IN DIGITAL RIGHTS MANAGEMENT SYSTEMS - A method in a multimedia device (07-30-2009
20120090035System and Tool for Logistics Data Management on Secured Smart Mobile Devices - A unique computer implemented logistics data management tool/technique for secure resident operation on a mobile computerized device—and associated system and computer-readable storage medium having stored thereon, executable program code and instructions—encompassing certain cornerstone modules: product generation module; data update module; and secure services module. Features of the three modules interoperate for secure downloading to the mobile computerized device for resident operation thereon whether in any of the following categories of wireless communication: Connected, Disconnected, and Occasionally Connected.04-12-2012
20100071071SECURE MEDIA PATH SYSTEM AND METHOD - A secure media path system and method are provided herein.03-18-2010
20100169977SYSTEMS AND METHODS FOR PROVIDING A LICENSE FOR MEDIA CONTENT OVER A NETWORK - Various embodiments of the present invention provide systems, methods, and apparatus for tagging a segment of media content. In various embodiments, a beginning location and an ending location indicating the segment are recorded and are used to retrieve the segment from the media content. Various embodiments provide systems and methods for communicating the segment with a user. In various embodiments, the user requests the segment and the position of the segment in the media content and the storage location of the media content are used to extract the segment from the media content. In addition, various embodiments provide systems and methods for providing a license to the user to observe the segment. In various embodiments, a request for the license includes a player identifier and a user identifier that are used to verified the player is associated with the user and the user has rights to observe the segment.07-01-2010
20100169979System and Method for Handling Restoration Operations on Mobile Devices - Systems and methods for handling restoration operations for a mobile device. A mobile device receives a kill pill command, wherein the command causes some or all data on the mobile device to be wiped. An indicator is stored to indicate that the kill pill command was sent to the mobile device. The indicator is used to determine whether a program should be wiped from the mobile device.07-01-2010
20100169976EXTENSIBLE ACTIVATION EXPLOIT SCANNER - An extensible activation exploit scanner may have a modular structure, such that capabilities of the activation exploit scanner may be updated easily. The extensible activation exploit scanner may include an exploit data file, at least one detection module, at least one response module, and a base scanner. The exploit data file may have a number of entries, each of which may include information about a respective activation exploit or a respective class of activation exploit, as well as information about a detection module and a response module. The activation exploit scanner may read an entry of the exploit data file, may execute a detection module, corresponding to the entry, to detect a respective activation exploit or class of activation exploit, and may execute a response module, corresponding to the entry, to perform an action when the respective activation exploit or the class of activation exploit is detected.07-01-2010
20090070882METHOD FOR TRANSMITTING USER DATA BETWEEN SUBSCRIBERS AND SUBSCRIBER DEVICES THEREFOR - A method for transmitting user data (D) between subscribers in a network (N) by means of data messages (03-12-2009
20110271352DEVICE AND METHOD FOR ANONYMISING SMART METERING DATA - A device comprising an input for obtaining consumption data relating to the consumption of a utility provided by a utility provider, an output for outputting modified consumption data and a processor arranged to generate the modified consumption data based on obtained consumption data so that the modified consumption data starts to converge with the obtained consumption data if a deviation of the obtained consumption data from the modified consumption data exceeds a predetermined threshold.11-03-2011
20090313701SECURE SYSTEM AND METHOD FOR PROCESSING DATA BETWEEN A FIRST DEVICE AND AT LEAST ONE SECOND DEVICE PROVIDED WITH MONITORING MEANS - A secure system (12-17-2009
20130219504Method, System and Program Product for Document Verification - A method, system and program product comprise processing a document using a key to generate a document identification. A matrix is generated using data from the document identification. The matrix comprises a scannable element. The matrix and the document are combined to form a second document in which a verification of an authenticity of the second document is performed using at least the matrix.08-22-2013
20130219507METHOD AND APPARATUS FOR PROTECTING DIGITAL CONTENT USING DEVICE AUTHENTICATION - A user device may strengthen the protection level of a digital content by dividing the security and normal modes and performing an operation. In order to further strengthen the protection level of the digital content, the user device may determine whether the main operating system is hacked or not, and blocks the operation in the secure mode. Otherwise, the device authorization information indicating the device security level of the user device is authorized by the content service server, and the user device blocks the operation in the secure mode according to the result.08-22-2013
20110126292Method and System for Providing Security Seals on Web Pages - A method of providing web site verification information to a user includes receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also includes accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further includes transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.05-26-2011
20090282490SYSTEM, MOBILE INFORMATION TERMINAL, EXTERNAL DEVICE, METHOD AND PROGRAM FOR EXECUTING CONTENT - A system that executes content like music and moving pictures, and protects rights like copyright, working on a configuration of a mobile information terminal and an external device is provided. A mobile information terminal acquires a right (ticket) to execute content. An external device of higher performance, compared with a mobile information terminal, executes content after receiving the ticket from a mobile information terminal. Though content and ticket can move freely in a system, once the content is executed, an identifier for identifying the mobile information terminal that demanded the execution of content is liked with the ticket. It is this mobile information terminal that can use the same ticket again.11-12-2009
20110219457SYSTEM AND METHOD FOR INCAPACITATING A HARDWARE KEYLOGGER - A system, device and method for incapacitating a keylogger. An inactivity of an input device may be detected. A flow of information from an input device to a computing device may be manipulated. A keylogger may be caused to store redundant information by causing the input device to produce redundant input. Other embodiments are described and claimed.09-08-2011
20110219455RANDOM INJECTION-BASED DEACTIVATION OF WEB-SCRAPERS - A computer-implemented method and system for disabling scraping of electronic data. The method includes receiving an encoding of electronic data to be protected from scraping and adding random redundant code around the encoding of the electronic data upon each request for the electronic data. The electronic data having the redundant code added around the encoding thereof being rendered the same on a display as the encoding without the redundant code added.09-08-2011
20110219458SECURE AVIONICS EQUIPMENT AND ASSOCIATED METHOD OF MAKING SECURE - The invention relates, according to a first aspect, to electronic equipment comprising a processor (09-08-2011
20090249491Contents Data, and Program, Apparatus and Method for Detecting and Controlling Unauthorized Contents - The problem to be solved is to allow anyone other than the contents license owner to acquire a right usage opportunity of contents while the fraud in the contents can be detected. To solve this problem, a contents ID, distribution media information specifying the distribution media of the contents, and identification information containing distribution period information specifying the distribution period of the contents are attached to the contents body When a contents acceptance module 10-01-2009
20090249486SYSTEM AND METHOD FOR DIGITAL RIGHTS MANAGEMENT CONTROL USING VIDEO ANALYTICS - Digital rights management (DRM) of video data is selectively applied to video data by a video processing system that receives a video, comprising a number of frames, and processes at least one frame from the video to determine the contents of the video. The digital rights management for the video is then configured based on the contents of the video.10-01-2009
20090282489PROCESS VERIFICATION - A disclosed gaming machine provides methods and apparatus of verifying the authenticity of gaming software stored in and executed from RAM on the gaming machine. When presenting a game on the gaming machine, a master gaming controller may dynamically load gaming software applications into RAM and dynamically unload gaming software applications from RAM. The authenticity of the gaming software applications temporarily stored in RAM may be verified by using methods to compare it with certified gaming software stored on one or more local or remote file storage devices accessible to the master gaming controller on the gaming machine. The verification process may be used to satisfy gaming regulatory entities within various gaming jurisdictions that require certified gaming software to be operating on the gaming machine at all times as well as to prevent tampering with the gaming machine.11-12-2009
20130219506CONFIDENTIAL COMMON SUBJECT IDENTIFICATION SYSTEM - A computerized method and apparatus are established to identify a subject of common interest among multiple parties without releasing the true identity of any subject. Furthermore, a computerized network provides different parties at different locations with a mechanism to conduct cooperative activities concerning such a subject of common interest without exposing that subject to possible identity theft.08-22-2013
20090328231METHOD OF DYNAMIC PROTECTION OF DATA DURING THE EXECUTION OF A SOFTWARE CODE IN INTERMEDIATE LANGUAGE IN A DIGITAL APPARATUS - The invention concerns a method for protecting the data of an application compiled in intermediate for execution executed on a digital apparatus equipped with a virtual machine managing the execution of the code via a execution stack defining at least one stack frame corresponding to a method called during the execution of the code. A secured execution mode of the code involves the determination of at least one global checksum associated with each stack frame and, each time that a datum of the code is manipulated, the calculation of a local checksum associated with that datum. The calculation is on one hand, on the global checksum associated with the stack frame corresponding to the manipulated datum and, on the other hand, on at least one part of the other data constituting the stack frame.12-31-2009
20090328230METHOD AND APPARATUS FOR PLAYING DIGITAL CONTENTS PROCESSED WITH DRM TOOLS - Provided is a terminal in support of compatibility for Digital Rights Management (DRM) technology. According to the present invention, a method of reproducing digital contents with DRM tool at a user terminal includes the steps of: obtaining information about a DRM processor from the digital contents, selecting a DRM processor according to the obtained information, and installing the selected DRM processor; initializing the DRM processor through exchanging messages between the user terminal and the DRM processor; and transforming the digital contents with the DRM tool to original digital contents by activating a DRM tool using the initialized DRM processor and reproducing the original digital contents.12-31-2009
20090165139Secure Computer System and Method - An apparatus is configured to perform secure processing of confidential information. The apparatus comprises a secure disk configured to store confidential information arranged inside a lockable container; a processor configured to process the confidential information arranged inside the lockable container; an insecure network arranged outside the lockable container; and means for connecting the processor only to the secure disk or alternatively to the insecure network at any one time, but not to both the secure disk and the insecure network at the same time.06-25-2009
20090320140Piracy Prevention Using Unique Module Translation - A method for providing solidified software in a computing environment includes creating a new reference for a function in a function table; copying an address of the function and associating the address with the new reference; replacing the address associated with an old reference of the function with a dummy address; and substituting each old reference in normal code with the new reference, where injected code is not able to execute in the computing environment. The function table entries can be further randomized by reordering the entries, introducing intermediate mappings, or providing non-operative entries. Alternatively, all or part of the code of the function can be copied and moved to a different storage location and associated with the new reference. The copied code can be further randomized by the insertion of dummy code, utilizing reverse peephole techniques, varying the size of the copied portion, or interleaving non-operative code.12-24-2009
20090320139TRANSPONDER INCORPORATED INTO AN ELECTRONIC DEVICE - An electronic device. The device comprises a metalization layer and an integrated circuit chip incorporated into the device wherein the integrated circuit chip is capacitively coupled to the metalization layer. The device comprises a first substrate having the metalization layer formed on the substrate, a cap layer covering at least the entire metalization layer and at least a portion of the first substrate not covered by the metalization layer. The integrated circuit chip is coupled to the first substrate, and is placed in proximity and in non-physical contact with the metalization layer. A conductive layer is attached to the integrated circuit chip. The conductive layer has at least a portion placed in a non-physical contact with the metalization layer. The integrated circuit chip is capacitively coupled to the metalization layer through the conductive layer and the metalization layer.12-24-2009
20100037323RECEIVING POLICY DATA FROM A SERVER TO ADDRESS THEFT AND UNAUTHORIZED ACCESS OF A CLIENT - Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.02-11-2010
20090077667METHOD AND DEVICE FOR HANDLING DIGITAL LICENSES - A device and a corresponding method for handling digital licenses, each digital license being associated with one or more content items, said device comprising a processing unit adapted to: check whether a number of licenses, being associated with a single content item or copies thereof, are designated as a stray license, where the number of licenses are present on at least one device of a group of devices, and merge the license(s) designated as stray licenses into a merged single license if the number of stray licenses is larger than 1.03-19-2009
20120110677SYSTEM FOR PROTECTING PERSONAL DATA - A method of providing data in response to a search request comprises the steps of a social networking website receiving the search request to provide a pseudonym associated with the real name; the social networking website determining that the search request is for a pseudonym which, within its database, is not associated with the real name; the social networking website referring the search request to a identity management server which contains an association between the pseudonym and the real name; the identity management server determining the pseudonym which is associated with the real name; and the identity management server providing an information item which is related to the pseudonym.05-03-2012
20120110676PROTECTION OF SECRET VALUE USING HARDWARE INSTABILITY - A method for data security, comprising providing an electronic circuit, which has a first, stable operating mode under a first operating condition and a second, unstable operating mode under a second operating condition, different from the first operating condition, and which is configured to output a secret value in the first operating mode; maintaining the electronic circuit initially in the second operating condition; transferring the electronic circuit to the first operating condition and, while in the first operating condition, reading out the secret value; and returning the electronic circuit to the second operating condition after reading out the secret value.05-03-2012
20120110675RESTRICTIONS TO DATA TRANSMISSION - Data received at, or created on, a device may be tagged as corporate dependent upon a service over which the data is received or an application in which the data is created. When a user attempts to insert tagged data into a data item that is to be transmitted by the device, the insertion may be prevented. Similarly, the transmission of tagged data may be restricted to only occur on a secure service.05-03-2012
20090144829METHOD AND APPARATUS TO PROTECT SENSITIVE CONTENT FOR HUMAN-ONLY CONSUMPTION - A computer implemented method, apparatus, and computer usable program product for protecting sensitive content. In response to receiving a selection of content, the process determines whether the content is of a sensitive content type based on a policy. The process then designates the content as the sensitive content in response to the content being of a sensitive content type. Thereafter, the process generates a sensitive content reference for publication and stores the sensitive content in a data structure, wherein the data structure associates the sensitive content with the sensitive content reference. Subsequently, in response to receiving a request from a requester for the sensitive content reference, the process obfuscates the sensitive content using a selected obfuscation algorithm to form obfuscated content, and returns the obfuscated content to the requester.06-04-2009
20110271349SENDER AUTHENTICATION FOR DIFFICULT TO CLASSIFY EMAIL - The portion of email traffic that cannot be definitively determined to be spam or definitively determined to be ham (non-spam) is processed by sending a bounceback email to the sender, requiring the sender to reply using a sub-address created by the bounceback generator. The type of bounceback email depends on whether the domain of the received email indicates that the sender is or is not likely to be a spammer. When the sender is not likely to be a spammer, the bounceback email includes a sub-address in computer readable form. When the sender is likely to be a spammer, the bounceback email includes a test that must be solved to yield the sub-address; preferably, the test is very difficult for a computer to solve but reasonably easy for a human to solve. When a reply email to the bounceback email (“reply bounceback”) is received, the presence of the sub-address indicates that the sender is not a spammer, so the reply bounceback is determined to be ham and delivered to the destination mailbox. The bounceback can have the sub-address encoded in such a way that a human must be involved in decoding, which is appropriate for situations where the envelope sender domain of the original email is considered suspicious. The bounceback can have the sub-address presented in a computer readable format when the envelope sender domain of the original email is more trustworthy, if authenticated. Authentication information can be retained in a local private Sender Policy Framework (SPF) database, or shared in a centralized private SPF database.11-03-2011
20090151001METHOD AND APPARATUS FOR OPERATING RIGHTS - A method for operating a Right For Contents (R4C) includes: obtaining, by a terminal, a hybrid RO generated by the RI server, with the R4C items and the operation Rights For Rights (R4Rs) carried in the hybrid RO; operating the R4C items in the hybrid RO according to the R4R. A method for adding an R4R includes: a terminal receives a hybrid RO that includes the existing rights of the terminal and the newly added R4R; the terminal operates the R4C in the hybrid RO according to the new R4R. The present invention also discloses a terminal and a server. The present invention enables the RI to control the rights at a finer granularity, intensifies the RI's control on the rights, and provides a mechanism of purchasing an R4R after an RO is purchased.06-11-2009
20100122348ORIGIN AND CUSTODY OF COPIES FROM A STORED ELECTRONIC RECORD VERIFIED PAGE BY PAGE - A method of authenticating a copy of a multi-page document, which includes digitizing a said multi-page document to generate one or more digitized files that together comprise a digitized transcript. A mark that is unique to the preparer of the document, such as a signature, is prepared and digitized. The preparer of the document is allowed to deposit the digitized transcript on an online repository. The operator of the online repository immediately establishes a verification process for the deposited digitized transcript. This verification process includes associating the digitized preparer mark with the deposited digitized transcript, and freezing the transcript, by encrypting it and deriving a checksum. The verification process also include associating a repository mark with the transcript. The operator of the online repository defines, under the direction of at least the preparer of the document, security rights to limit or otherwise control access to the deposited digitized transcript. The digitized preparer mark and the digitized repository mark are allowed to appear on substantially all copies of the pages of the document only if the pages have not been altered. If carrying out the verification process verifies that the deposited digitized transcript has not been changed since the verification process was established the marks are displayed with the unaltered page. This display whether the pages are displayed on a monitor or printed in paper form. Each page with this display is thus authenticated as to origin and custody apart from the other pages or the transcript as a whole.05-13-2010
20090144830SECURE DIGITAL CONTENT DELIVERY SYSTEM AND METHOD - A secure digital content delivery system comprising a storage medium 06-04-2009
20080320596Distributed digital rights management system and methods for use therewith - A digital rights management (DRM) node module for use in a node of a public data includes a node data module that stores DRM data associated with a plurality of digital files, the DRM data including a plurality of DRM identifiers. A packet monitoring module receives the plurality of DRM identifiers from the node data module, that receives packets containing incoming content and compares the incoming content to the DRM identifier, and generates event data when the incoming content matches at least one of the DRM identifiers. A node reporting module receives the event data, and generates node report data based on the event data.12-25-2008
20090328226Vector Space Method for Secure Information Sharing - Presented are systems and methods for securely sharing confidential information. In such a method, term vectors corresponding to ones of a plurality of confidential terms included in a plurality of confidential documents is received. Each of the received term vectors is mapped into a vector space. Non-confidential documents are mapped into the vector space to generate a document vector corresponding to each non-confidential document, wherein the generation of each document vector is based on a subset of the received term vectors. At least one of the non-confidential documents is identified in response to a query mapped into the vector space.12-31-2009
20080282356METHODS AND ARRANGEMENTS FOR DETECTING AND MANAGING VIEWABILITY OF SCREENS, WINDOWS AND LIKE MEDIA - In the context of screens, windows and like media, arrangements for automatically detecting when a recipient has entered or left a public setting so that privacy configuration changes can be automatically invoked. Also broadly contemplated herein is an arrangement for selectively displaying messages on the recipient's screen but deferring the messages from being visible on a remote hardware device or software display which is publicly visible. Furthermore, there is broadly contemplated herein a secure arrangement for revealing and responding to deferred messages. More generally, there is broadly contemplated herein a new approach to the provision of application notifications and to alarm control during a desktop screen sharing mode, based on the automatic detection of a screen sharing state and on notifying registered applications of the screen sharing in a unified, consistent manner.11-13-2008
20080282353Securely Linked Media Carrying Different Versions of the Same Computer Code - A means of delivering software comprises at least two storage media comprising at least two different versions of a software program. A first version of the software program comprises a full version of the program and a second version comprises a limited version of the program. Due to the presence of identification means, such as a security tag, the first version of the software program can only be executed in the presence of to second storage medium, or vice versa. The security tag may be an RF-ID dongle. Also, a system and a method is provided, for executing data stored on a data carrier, and wherein related data are stored on two separate data carriers. At least one of the data carriers comprises identification means, and the presence of this identification means authorizes the use of one of the data carriers in one of the devices.11-13-2008
20100122347AUTHENTICITY RATINGS BASED AT LEAST IN PART UPON INPUT FROM A COMMUNITY OF RATERS - A rating option can be provided within a user interface. The rating option can permit an interface user to provide a quantitative indication regarding an option of whether a profile detailing identification data for an on-line entity is accurate. Rating input can be received using the rating option from a set of raters. An identity score that indicates a confidence level that the profile data of an on-line entity is accurate can be calculated based at least in part upon the rating input from the set of raters. In various embodiments, the identity score can also be based at least in part upon self-verification information provided by the on-line entity and information provided by one or more identity authorities. An authenticity rating based upon the calculated identity score can be presented to communicators able to interact on-line with the on-line entity.05-13-2010
20120036581SECURITY APPARATUS - A security apparatus positioned between at least one domain having a level of trust or of sensitivity A and at least one domain having a level of trust or sensitivity B, bearing in mind that the level A is different from the level B, comprises a virtualization software layer V implemented on the physical layer H and positioned between said physical layer H and at least one set consisting of at least three different compartmentalized blocks having different sensitivity levels, BLA, BLB, MDS. The compartmentalized blocks rest on the physical layer H and the virtualization layer and the blocks include at least one of: a network block A, BLA, comprising all the network functions used to process data of security level A, a network block B, BLB, comprising all the network functions used to process data of security level B, and a security module software block, MDS, or airlock positioned between at least one block of BLA type and at least one block of BLB type, said security module being designed to monitor the exchanges of data between said blocks BLA and BLB, said security module comprising all the security, filtering or cryptographic function transformations.02-09-2012
20080271153Method and Apparatus for Handling of Content that includes a Mix of CCI Segments - A process is provided. The process stores, on a first device, each segment of a set of content having corresponding copy control information. Further, the process receives, from a second device, a request for a copy of the set of content. In addition, the process analyzes a list of the copy control information associated with each segment of the set of content. The process also establishes a restriction indicator, based on the request for the copy of the set of content, for one or more segments of the set of content having a corresponding copy control information value. Finally, the process provides to the second device, the content, the list of copy control information, and the restriction indicator for the one or more segments.10-30-2008
20110197283SECURITY AND TICKETING SYSTEM CONTROL AND MANAGEMENT - A security device of this invention includes a nonvolatile storage unit 08-11-2011
20090293130MICROPROCESSOR HAVING A SECURE EXECUTION MODE WITH PROVISIONS FOR MONITORING, INDICATING, AND MANAGING SECURITY LEVELS - An apparatus providing for a secure execution environment including a microprocessor and a secure non-volatile memory. The microprocessor executes non-secure application programs and a secure application program. The non-secure application programs are accessed from a system memory via a system bus, and the secure application program is executed in a secure execution mode. The microprocessor has a watchdog manager that monitors environments of the microprocessor by noting and evaluating data communicated by a plurality of monitors, and that classifies the data to indicate a security level associated with execution of the secure application program, and that directs secure execution mode logic to perform responsive actions in accordance with the security level. The secure non-volatile memory is coupled to the microprocessor via a private bus, and stores the secure application program. Transactions over the private bus are isolated from the system bus and corresponding system bus resources within the microprocessor.11-26-2009
20110202999SYSTEM AND METHOD FOR CONTROLLING EVENT ENTRIES - To address situations wherein details and information stored in an electronic device, for example event entries, are sensitive in nature, a system and method are provided wherein such details and information are protected from inadvertent or malicious access and exposure. A flag or option is provided when creating an event entry that flags or marks the entry as sensitive. The details associated with the entry can be suppressed until a specified time before the event occurs and can be deleted or hidden after the event occurs. Access to the details at other times can be permitted through re-authentication of the user, for example using a password. In addition, data storage recovery can be effected by removing old entries irrespective of the sensitivity of the event or its details.08-18-2011
20100100966METHOD AND SYSTEM FOR BLOCKING INSTALLATION OF SOME PROCESSES - A method includes providing a processor comprising memory for storing of blacklist data therein and memory for storing of programming data therein for execution on the processor. Version data indicative of a version of first programming data is retrieved from memory external to the processor. The version data is compared with blacklist data stored within the processor. When the blacklist data is indicative of the version data indicating a version of the programming data that is blacklisted, then the processor other than executes the first programming data.04-22-2010
20100083383PHISHING SHIELD - A mechanism for notifying a user of an internet browser that a requested web page is undesirable, and for protecting the user from the web page by disabling it. An internet browser detects a load request for a web page and retrieves the Uniform Resource Locator (URL) for the webpage. The internet browser displays the webpage associated with the URL and, upon determination that the URL matches a URL from a list of undesirable URLs, alters the appearance of the webpage and disables the web page from receiving input or taking action.04-01-2010
20090165144CONTRACTED PRODUCT SUPPLY METHOD, CLIENT DEVICE, SERVER AND RECORDING MEDIUM HAVING PROGRAM RECORDED THEREIN - A contracted product supply method includes a notifying step of sending identification information to a server, an extracting step of extracting contract information, a transmitting step of transmitting the contract information, a certifying step of certifying permission and a setting step of setting a license of the contracted software products certified in the certifying step.06-25-2009
20090276855Method, apparatus, and computer program product that provide for presentation of event items - An apparatus that provides for presentation of event items may include a processor. The processor may be configured to receive mobile event items from a mobile terminal. In this regard, the mobile event items may be determined based on a context of the mobile terminal. The processor may be further configured to receive service event items, and provide for presentation of the mobile event items and the service event items in an event item object. The processor may also be configured to provide for presentation of the mobile event items and the service event items, where the mobile event items are filtered based upon the content of the mobile event items or security attributes. Associated methods and computer program products may also be provided.11-05-2009
20090276854Administration of Computer Telephony Applications That Are Connected to a Private Branch Exchange Via a Local Network - An administration of telephony applications conventionally using domain controller-based access authorization methods is provided such to eliminate the need for these methods. In a network where terminal devices are connected to time division multiplexed or packet-oriented network components, a terminal device establishes a communication link to a terminal device-specific adaptation for telephony applications via an interface for telephony applications, and the authorization for importing data is verified. Data is imported via the communication link to affected applications or affected services of the network. Any terminal device can be used to import the data and that no special authorizations are required for access as the proprietary/license keys that are exchanged between the terminal device and the exchange and the domain controller provide protection from unauthorized access to the exchange and to the local network connected thereto. For accessing the exchange and the domain controller, only one authorization check method is required.11-05-2009
20090288171Method for Transmitting an Information Flow Upon Request From a Receiving Site - The present invention provides a communications channel to transmit a selected information flow, to select the desired information flow and transmit said stream to a predefinable receiving site. The invention makes it possible for the first time to predefine at the receiving site the communications channel for transmitting the selected information flow. The method is no longer tied to only a single communications channel, or to a set type of communications channels, but can cross different technologies and be applied to almost any type of communications channels. The communications channel can be a satellite channel or a cable channel, for example, it can also be a telephone line, a connection in a cellular phone network, a wireless link, a visual communications link or similar. The actual selection of the communications channel can be made by the recipient contacting the transmitting site over a communications channel that he specifies so that the transmission of the information flow can be initiated. The transmitting site can then commence with the transmission of the information flow over the communications channel selected by the receiving site.11-19-2009
20080289046Method and device for the prevention of piracy, copying and unauthorized execution of computer-readable media - Piracy is a growing concern for digital content and intellectual property holders. Prior art technology and Digital Rights Management (DRM) have failed to provide content holders with an effective solution. Too often, DRM is compromised within days of release offering little or no protection to content owners. This invention offers a unique process and/or method for protecting computer-readable media that is fast, efficient, and economical to implement, and can be implemented with all types of content. This invention provides the means to prevent piracy, copying, and unauthorized use of content on all computer-readable media (physical or memory-based).11-20-2008
20120297490MEDIA CONTENT DEVICE, SYSTEM AND METHOD - Media content is provided using metric-apportioning. In accordance with one or more embodiments, remote-user interface circuits are authenticated and remote access is provided to different sets of media content via the interface. For each authenticated interface and a time-based period during which the interface accesses the media content, time-stamped usage data that characterizes use of the media content at the interface is communicated therewith. A usage metric characterizing usage of the media content is apportioned based upon the time-stamped usage data and stored weighting factor data for the media content.11-22-2012
20110173702CIRCUIT WITH TESTABLE CIRCUIT COUPLED TO PRIVILEGED INFORMATION SUPPLY CIRCUIT - A circuit is operable in a normal operating mode and a test mode. The circuit contains a privileged information supply circuit (07-14-2011
20120144499SYSTEM TO INFORM ABOUT TRADEMARKS SIMILAR TO PROVIDED INPUT - Various embodiments of the present invention generally relate to trademark searching and notification systems. More specifically, various embodiments of the present invention relate to systems and methods for informing requesters about trademarks similar to a provided input. Some embodiments of the present invention provide for a proactive system in which users are notified of similar trademarks before using specific term(s) and users proceed after understanding which trademarks actually exist and what areas those trademarks actually entail, and possibly being notified of newly applied trademarks and modified trademarks at later times that are similar to the specific term(s) being used.06-07-2012
20110173703DEVICE AND METHOD FOR OUTPUTTING A PRIVATE IMAGE USING A PUBLIC DISPLAY - Disclosed are a device and a method for displaying a private image on a public display device. Image sequence pattern is generated for the private image and the corresponding masking image. The masking image is made from the dynamic inverse image of the private image, based on the refresh rate of the display device and the image sequence pattern. The masking image can screen the private image more effectively. The private image and the masking image is displayed on the display device according to the image sequence pattern.07-14-2011
20090288169Systems and Methods to Control Web Scraping - Systems and methods to control web scraping through a plurality of web servers using real time access statistics are described.11-19-2009
20090288170SYSTEM AND METHOD FOR OBJECT ORIENTED FINGERPRINTING OF DIGITAL VIDEOS - A system and method for object oriented fingerprinting of digital videos and motion pictures are provided. The system and method enables a user to embed various ‘natural objects’ as watermarks that match well with a particular scene in a movie or to modify existing objects in the scene during a digital editing stage. The system and method provides for determining a number of unique copies of the motion picture needed, determining a number of watermarks and variations of the watermarks based on the number of unique copies, selecting at least one object occurring in at least one scene of the motion picture equal to the determined number of watermarks, creating the determined number of variations for the object, and creating a unique combination of the created variations of the object for each copy. Each unique combination is encoded into a value for identifying each of the plurality of copies.11-19-2009
20120144496ELECTRONIC DEVICE WITH DATA PROTECTION FUNCTION AND METHOD THEREOF - The present disclosure provides an electronic device with a data protection function. The device includes a display, an input unit, and a processor. The display displays content of a document and a cursor. The input unit generates mode switching signals in response to a user input. The mode switching signals is for switching operational modes of the electronic device between a normal mode and a data protection mode. The processor switches the device to the data protection mode upon receiving the mode switching signals when in the normal mode, and displays a color layer on the display to cause content selected through the cursor to be visible and unselected content to be invisible when in the data protection mode. A related method is also provided.06-07-2012
20100275264COMPUTER FOR CONTROLLING STORAGE SYSTEM PROVIDED WITH ENCRYPTION/DECRYPTION FUNCTION - A computer is coupled to at least one E/D storage (a storage system provided with an encryption/decryption function). A computer determines whether or not a security policy related to a copy destination VOL is equal to a security policy related to a copy source VOL based on the control information that includes information associated with a security policy related to a copy source VOL and a copy destination VOL. In the case in which a result of the determination is positive, the computer specifies an encryption key/decryption key related to a copy source VOL as an encryption key/decryption key related to a copy destination VOL to an E/D storage provided with a copy destination VOL (a copy destination storage). The computer then indicates a read and an undecryption of data that has been stored into a copy source VOL to an E/D storage provided with a copy source VOL, and indicates a write and an unencryption of the read data to a copy destination storage.10-28-2010
20110271353PERFORMING AUTHORIZATION CONTROL IN A CLOUD STORAGE SYSTEM - A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. Effective authorization control may be performed in a cloud storage system.11-03-2011
20110271355DOCUMENT ACCESS MANAGEMENT METHOD AND SYSTEM - This disclosure provides a document access method and system. The document access method and system are based on a social network model which interconnects members of the social network as a function of trust. This framework provides a basis for documents to be accessed by members which are not directly specified by a document's owner, while providing a certain degree of document security.11-03-2011
20090119780RIGHTS SHARING SYSTEM AND METHOD FOR DIGITAL RIGHTS MANAGEMENT - A rights sharing system and method for digital rights management (DRM) is provided. The system and method allow an inaccessible terminal, which cannot directly access a content providing server that provides a license, to receive only a key value for playing back DRM content from a terminal having a license and to play back the DRM content. Therefore, the system and method enable the inaccessible terminal to play back a DRM content, without mounting a DRM agent to acquire a license thereto.05-07-2009
20080276321Secure Transfer Of Product-Activated Software To A New Machine Using A Genuine Server - Systems and methods for secure transfer of product-activated software are disclosed. A user may request a license transfer from an original machine to a new machine. The request cause the machine identity and proof of purchase from the original machine to be sent to an activation service. The activation service may add the proof of purchase to a transfer list and mark as invalid the existing association between the original machine identity and the proof of purchase. The activation service may push the transfer list to a genuine service, which may issue a revocation certificate to the original machine. The proof of purchase may then be applied to the new machine. The activation service may create a new association between the identity of the new machine and the proof of purchase, and deliver a perpetual license certificate to the new machine.11-06-2008
20100275265System for securing transactions across insecure networks - A new system is presented here that can effectively protect users' identities, their sensitive data and help secure transactions. The security of this system does not depend on the integrity of the host personal computer nor on the security of the network computers that execute network traffic. Furthermore, the system is designed to help prevent identity theft. This system can be implemented for governments, financial exchanges and health care systems where security is a primary concern.10-28-2010
20100146635METHOD OF IMPROVING SYSTEM PERFORMANCE AND SURVIVABILITY THROUGH SELF-SACRIFICE - A biologically-inspired system and method is provided for self-adapting behavior of swarm-based exploration missions, whereby individual components, for example, spacecraft, in the system can sacrifice themselves for the greater good of the entire system. The swarm-based system can exhibit emergent self-adapting behavior. Each component can be configured to exhibit self-sacrifice behavior based on Autonomic System Specification Language (ASSL).06-10-2010
20110209223EXTENSIBLE RIGHTS EXPRESSION PROCESSING SYSTEM - Extensible grammar-based rights expression system for processing rights expressions including an interpreter with plug-in subcomponents, a validator, and a framework. In another embodiment, system includes a framework having an extensible architecture with extensibility points for adding extensions to the grammar, and an interpreter, the extensions defining semantics and syntax of new rights expressions. A method for processing rights expressions is also provided having the steps of registering plug-in components, making a programmatic call, finding and invoking appropriate plug-in components, evaluating the request against the grant, and returning an authorization result. In another embodiment, method includes the steps of providing an extensible grammar-based rights expression system having an extensible architecture with an interpreter, evaluating the request against the grant using the interpreter, and returning an authorization result. The method may include the step of adding new extensions to the rights expression system to allow processing of new rights expressions.08-25-2011
20110209222SYSTEM AND METHOD FOR PROVIDING TRANSACTIONAL SECURITY FOR AN END-USER DEVICE - A network system comprises a transaction network operative to provide a transaction with an end user; a trusted source of a security mechanism (e.g., a start/stop trigger module, an application lockout module, a network/file I/O control module, a trusted driver manager, a keystrokes generator driver, a keystrokes deletion hook, and/or a transaction network VPN manager) for at least partially protecting an end-user device from malicious code operative thereon that attempts to capture confidential data presented during the transaction, the security mechanism being maintained by a party other than the end user; and an agent for providing the security mechanism to the end-user device to protect the end-user device during the transaction08-25-2011
20100138930System and Method of Secure Garbage Collection on a Mobile Device - A method and system for performing garbage collection involving sensitive information on a mobile device. Secure information is received at a mobile device over a wireless network. The sensitive information is extracted from the secure information. A software program operating on the mobile device uses an object to access the sensitive information. Secure garbage collection is performed upon the object after the object becomes unreachable.06-03-2010
20100138929CONDITIONALLY TRACEABLE ANONYMOUS SERVICE SYSTEM - Conditionally traceable anonymous service system is provided. The system respectively separates subject conforming real name, subject conforming anonymity, subject requesting verification for an anonymity certification means, so that privacy of a user is hardly violated, the present invention can acquire real name information for the user only when a trace for a user is surely requested.06-03-2010
20090265790CONTENT PROVIDING SYSTEM, CONTENT PROVIDING SERVER, INFORMATION PROCESSING APPARATUS, AND COMPUTER PROGRAM - A content providing system is disclosed, which includes: a content providing server that is capable of delivering content data and information related thereto through a communication network; and a client that is capable of downloading the content data and the information related thereto through the communication network, wherein a management unit manages meta information of the respective content data as content item information, manages one or plural pieces of content item information as content program information in association with one another, and manages one or plural pieces of content program information as a content program catalogue, one content data and meta information thereof can be referred to in plural pieces of content item information, one piece of content item information can be referred to in plural pieces of content program information, and one piece of content program information can be referred to in plural content program catalogues, and when a term of availability of the content program catalogue has expired, the management unit deletes content program information included in the content program catalogue and/or content item information included in the content program information and/or content data included in the content item information.10-22-2009
20090265789PREVENTING UNAUTHORIZED DISTRIBUTION OF MEDIA CONTENT WITHIN A GLOBAL NETWORK - One embodiment of the invention is a method for providing media content while preventing its unauthorized distribution. The method includes transmitting from a client to an administrative node a request for delivery of an instance of media content (IMC); determining which content source (CS) of a plurality of CSs to provide delivery of the IMC, provided the client is authorized to receive the IMC; transmitting to the client an access key and a location of the IMC; transmitting from the client to the CS a second request and the access key; in response to receiving the second request and the access key, transferring the IMC from the CS to the client; transmitting from the client to the administrative node an indicator indicating a successful transfer of the IMC; and generating a transaction applicable to the client and associated with the transfer of the IMC to the client.10-22-2009
20100146637METHOD FOR MOVING RIGHTS OBJECT IN DIGITAL RIGHTS MANAGEMENT - A method for moving Rights Object (RO) in a Digital Rights Management (DRM). RO for content is partially or entirely moved between Devices in the same group, so that the RO can be shared between the Devices and a utility thereof can be enhanced.06-10-2010
20080282354ACCESS CONTROL BASED ON PROGRAM PROPERTIES - A pattern matching access control system determines whether a principal should be granted access to use a resource based on properties of applications comprised by the principal. The principal name may be created when an application is loaded, invokes other applications (or programs) and/or assumes a new role context. Access is provided based on whether, for each application, the publisher is authorized by system policy to grant privilege as requested by the application. When a resource which requires the privilege is requested by a principal, an access control list (ACL) for the resource is expanded with a list of applications that have been authorized through their publisher to assert the privilege. The expanded ACL is compared to the principal name to determine resource access.11-13-2008
20080235802Software Tamper Resistance Via Integrity-Checking Expressions - Implementation of software tamper resistance via integrity checks is described. In one implementation, a tamper resistance tool receives an input program code and generates a tamper-resistant program code using integrity checks. The integrity checks are generated by processing the input program code, and the integrity checks are inserted in various locations in the input program code. Values of the integrity checks are computed during program execution to determine whether a section of the program has been tampered with. Values of the integrity checks may be stored and accessed at any point during execution of the program.09-25-2008
20090328228Segmented Media Content Rights Management - Segmented media content rights management is described. In embodiment(s), a media device can receive segments of protected media content from media content streams that each include a different version of the protected media content. A media content file can be generated to include the segments of the protected media content that are sequenced to render the protected media content for viewing. A file header object can be instantiated in a file header of the media content file, where the file header object includes DRM-associated features, such as one or more DRM licenses, properties, and/or attributes that correspond to the media content file to provision all of the segments of the protected media content together.12-31-2009
20100275267SOCIAL AND RETAIL HOTSPOTS - Systems, methods, and apparatus for social and retail hotspots are provided.10-28-2010
20120297491NETWORK SECURITY SMART LOAD BALANCING - A system and method for protecting data communications in a system including a toad-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said components; The load-balancer balances load based on the control information. Preferably, network address translation (NAT) is performed by the load-balancer based on the control information or NAT is performed by the security network component and the control information includes information regarding an expected connection based on NAT. Preferably, when the data communications includes an encrypted session, an encrypted connection of the encrypted session is identified based on the control information and the balancing of the load maintains stickiness of said encrypted connection.11-22-2012
20080216177Contents Distribution System - When the DRM mode indicated by a client terminal 09-04-2008
20080289045Method and device for encoding software to prevent reverse engineering, tampering or modifying software code, and masking the logical function of software execution - This invention prevents software from being reverse engineered. The random nature and multiple uses of atoms prevent the analysis of key processes within the software. If an attempt is made to try and duplicate or bypass the program and/or key processes, then this invention will cause the failure of the execution of the software code thereby preventing unauthorized release and/or execution of the code.11-20-2008
20080271152PROTECTED INTRA-SYSTEM INTERCONNECT FOR DIGITAL RIGHTS MANAGEMENT IN ELECTRICAL COMPUTERS AND DIGITAL DATA PROCESSING SYSTEMS - Embodiments including protected paths for digital rights management of digital objects are disclosed. Some embodiments disclosed herein may comprise processes or apparatus for transferring data from one or more peripherals to one or more computers or digital data processing systems for the latter to process, store, and/or further transfer and/or for transferring data from the computers or digital data processing systems to the peripherals. Some embodiments disclosed herein may comprise processes or apparatus for interconnecting or communicating between two or more components connected to an interconnection medium a within a single computer or digital data processing system.10-30-2008
20080271155METHOD AND APPARATUS FOR OBTAINING DRM CONTENT PACKETS - A method for obtaining DRM content packets is provided. The method enables a terminal to obtain another DCF when the terminal is unable to use a downloaded DCF. The method includes receiving the first content packet, which includes media content types and corresponding URLs, and resolving the first content packet; selecting a media content type and the corresponding URL in the first content packet; downloading the second content packet from the selected URL.10-30-2008
20080271154Apparatus, method and computer readable storage medium with recorded program for managing files with alteration preventing/detecting functions - By storing an authenticator created from a data file in a secure area usually unaccessible, the alteration of the data file can be detected. Furthermore, by designating the data file as a main-file and creating authenticators from various kinds of sub-files related to the main-file, the size of the secure area where the authenticators are stored, can be reduced.10-30-2008
20100146631METHOD AND SYSTEM FOR THE SECURE DISTRIBUTION OF DIGITAL DATA - The application relates to a method for the secure distribution of digital data transmitted to a client station, said digital data being in a first digital format of a non audiovisual nature, said method implementing a protection device able to protect data in a second digital format and to transmit them to said client station. According to the invention, said second format is of an audiovisual nature and the method includes a step of converting digital data in said first digital format, into said second format.06-10-2010
20100146634DATA PROTECTION DEVICE AND METHOD - Provided is a data protecting device and method. When a specific application requests an access to sealed data, an operating system generates application identity information without interruption by the corresponding application, and writes the generated application identity information in a platform configuration register that can be reset in a trusted platform module. Upon having received the unsealing request, the trusted platform module transmits data to the application when the unsealing condition included in the sealed data block corresponds to the state value of the currently operated platform written in a platform configuration register in the trusted platform module.06-10-2010
20100146630METHOD AND DEVICE FOR EXCHANGING DIGITAL CONTENT LICENSES - Exchange of Digital Rights Management protected content between two devices without the need for a third party. Each user marks a license as unusable and the devices the trade licenses. A user then instructs the device to import the received license. The device verifies that a license has been rendered unusable and only then erases the unusable license and enables the device to use the new license. The content associated with a license may be traded before or after the license exchange, and may also be downloaded from a third party. Also provided is a device for exchanging licenses.06-10-2010
20100146628Combating Fraud in Telecommunication Systems - A method and apparatus for combating fraudulent use of a telecommunication system by subscribers who terminate calls improperly without allowing the termination of the call to be recorded, and thereby attempt to avoid correct payment for the call. The apparatus comprises a record means for creating a call detail record (CDR) of certain events for each call on which billing for each call can be based. A modified Call Agent (06-10-2010
20100146636APPARATUS AND METHOD FOR RECORDING AND REPRODUCING IMAGES - Provided is imparting authentication codes to image data photographed by a camera connected to the apparatus for recording and reproducing images to generate encryption data and monitors control instructions input from the outside to the apparatus for recording and reproducing images, thereby interrupting the control instructions that store or cancel the image data stored in the apparatus for recording and reproducing images. As a result, the integrity of the image data cannot be questioned. Further, when the image data stored in the apparatus for recording and reproducing images are submitted as evidence, the integrity of the image data and the information on the corresponding image data submitted as evidence can be verified by using the authentication data generated for the original image data.06-10-2010
20130219509METHOD AND APPARATUS FOR EFFICIENTLY FIXING TRANSFORMED PART OF CONTENT - Provided are a method and apparatus for effectively fixing scrambled content. The method includes checking fixing information for a program map table (PMT) packet of packets constituting the content, the fixing information being used to fix a transformed part of the content; extracting location information of a next PMT packet containing fixing data for fixing the transformed part of the content from the fixing information of the PMT packet; and fixing the transformed part of the content by using the fixing data in the next PMT packet indicated by the extracted location information. Accordingly, it is possible to easily detect a location of the content, which stores the fixing information, thereby expediting fixing of the transformed content.08-22-2013
20130219508METHOD AND APPARATUS FOR OUTPUTTING CONTENT IN PORTABLE TERMINAL SUPPORTING SECURE EXECUTION ENVIRONMENT - A method and an apparatus for supporting internal and external outputs by synchronizing a user interface such as caption with a protected image in a portable terminal supporting a secure execution environment are provided. The method includes detecting the output of the content, managing the output of the content in a secure area according to a type of the content, providing a user interface with respect to the content in a general area, synchronizing the user interface with the content, and composing and outputting the content and the user interface.08-22-2013
20090158440SYSTEM AND METHOD FOR EXPORTING LICENSE - A method for exporting permission is provided to solves the problem that the permission can not be exported multiple times among several DRM systems in the prior art; the method includes that: determining that a license is permitted to be exported to a system that a target device belongs to; determining whether an export permission in the license is permitted to be exported; and exporting the export permission in the license to the target device if the export permission in the license is permitted to be exported, which enables the target device to export the license to another device. A terminal apparatus, a server and a communication network are also disclosed.06-18-2009
20090158438SOFTWARE LICENSE RECONCILIATION FACILITY - A method is presented for monitoring software product usage in a data processing system. The method may include installing an instance of a software product on a target entity of a data processing system. A usage condition applicable to the instance may be identified. Reconciliation information may be generated upon installation of the instance. This reconciliation information may correlate the usage condition with the instance to facilitate later determining compliance of the software product with applicable usage conditions.06-18-2009
20090158439METHOD FOR PROTECTING UNPROTECTED CONTENT IN DRM AND DEVICE THEREOF - A method for protecting unprotected content in digital rights management (DRM) and a device thereof. When non-protected content stored in a non-DRM device is to be transferred to a DRM device, the non-protected content are converted into protected content and then are transferred to other user's device.06-18-2009
20110271351Method and System for Site Based Information Distribution - A method and a system include an account site for establishing at least one information account. The information account is established by supplying at least a secret transfer key where the information account is associated with an account identifier. Information is entered into the information account, where the information is encoded before storage into the information account and is viewable only by an owner of the information account. Access permission is entered for at least one requester to enable transfer of the information to an account of the requester. The requester is contacted for at least making available the information. The secret transfer key is communicated to the requester where the secret transfer key is used by the requester to retrieve the information. The information is decoded, transferred to an account of the requester and a log entry of the transfer is made into the information account.11-03-2011
20090165143METHOD FOR MOVING RIGHTS OBJECT AND METHOD FOR MANAGING RIGHTS OF ISSUING RIGHTS OBJECT AND SYSTEM THEREOF - Disclosed is a method for managing rights of issuing a Rights Object (RO), and a method for moving an RO created by a Local Rights Manager (LRM) between Digital Rights Management (DRM) Agents. A Right Issuer (RI) permits an LRM to move an RO created (or issued) by the LRM to move via the RI, and a first DRM Agent moves the RO to a second DRM Agent via the RI.06-25-2009
20090165142EXTENSIBLE SOFTWARE TOOL FOR INVESTIGATING PEER-TO-PEER USAGE ON A TARGET DEVICE - In general, the invention provides for analyzing a target computer for computer crimes such as illegal sharing of files or sharing of illegal files on peer-to-peer clients. The target computer may have software for a plurality of peer-to-peer clients. Only one extensible forensic device may be necessary to analyze the plurality of peer-to-peer clients for downloaded or shared files. For example, the invention may provide for a method comprising determining whether one or more peer-to-peer clients are or have been installed on a target device by identifying information associated with one or more peer-to-peer modules, wherein each module is associated with a different one of the one or more peer-to-peer clients. The method further includes, gathering usage information for the one or more peer-to-peer clients that had been determined to be installed on the target computer, analyzing the usage information, and automatically generating a report of the analyzed usage information.06-25-2009
20090138973Method for transferring digital content licenses and device for receiving such licenses - A method of transferring a content license to a first device from a second device. The second device renders the license unusable to itself and sends this license to the first device that verifies that it may import the license which is the case if it has rendered one of its own licenses unusable to it, but has not exported this license. If so, it updates its license information so that it may import one license less and makes the received license usable. The first device also receives a content file that corresponds to the received license. The invention enables flexible transfer of licenses, as e.g. the second device may export the license to the first device without receiving anything in return, but the exportation does provide it with the right to import a further license. Also provided is a device.05-28-2009
20120036582SYSTEM AND METHOD TO FORCE A MOBILE DEVICE INTO A SECURE STATE - Embodiments relate to systems and methods for implementation on a mobile device to force the mobile device into a secure state upon detection or determination of a triggering event. Once it is determined that a triggering event has occurred, each application operating on the mobile device is caused to immediately unreference sensitive objects and a secure garbage collection operation is performed upon the unreferenced sensitive objects to render data associated therewith unreadable. The mobile device is then caused to enter a secure state, in which the mobile device cannot be accessed without authorization. A microprocessor within the mobile device is configured to determine the existence of the triggering event according to a configuration data structure and to perform the secure garbage collection.02-09-2012
20090007273METHOD AND SYSTEM FOR PREVENTING COPYING OF INFORMATION FROM PREVIEWS OF WEBPAGES - A copy prohibition method and system is disclosed, which can provide a preview page with copy prohibition means inserted thereinto, so as to prohibit a copy of information displayed on the preview page, the method comprising receiving a selection request for a preview page of a predetermined webpage from a user; inserting copy prohibition means into the preview page; and providing the preview page with the copy prohibition means inserted thereinto to the user. When providing the preview page to the user, the user is notified that the corresponding preview page has the copy prohibition function. Thus, the user becomes easily aware of that the copy is prohibited in the corresponding preview page.01-01-2009
20090178143Method and System for Embedding Information in Computer Data - Provided is a system for embedding traits in data wherein the data is stored within one or more data storage system(s), comprising: a code generator, the code generator generating a code describing the traits of the data; a rules engine, the rules engine classifying the traits into codes; an encoder coupled to the code generator, wherein the encoder encodes the data with the code describing the traits of the data, to generate encoded data; and a storage unit coupled to the encoder, the storage unit storing the encoded data; wherein the data storage systems are selected from the group consisting of: Microsoft SQL servers, IBM DB2 servers, Oracle servers, and Sybase servers.07-09-2009
20120198560Secure active element machine - Based upon the principle of Turing incomputability, and novel properties of the Active Element Machine, a malware-resistant computing machine is constructed. This new computing machine is a non-Turing, non-register machine (non von-Neumann), called an Active Element Machine (AEM). AEM programs are designed so that the purpose of the computation is difficult to apprehend by an adversary and hijack with malware. These methods can help hinder reverse engineering of proprietary algorithms and hardware design.08-02-2012
20090055935Data delivery system, issuance apparatus, terminal apparatus, and intermediate node - A license delivery system 02-26-2009
20090049554SYSTEM AND METHOD FOR MANAGING DOCKING APPLICATIONS FOR A PORTABLE ELECTRONIC DEVICE - A system and method is provided for managing one or more docking applications running on a wireless device. The method displays to a user at least one docking application while the wireless device is coupled to another device. The method comprising the steps of: executing a docking application control module when the wireless device is first coupled with the other device; retrieving user preferences associated with the docking application control module; executing, based on the retrieved user preferences, at least one docking application for use on the wireless device while the wireless device remains coupled to the other device; and terminating the docking application when the wireless device ceases to be coupled to the other device.02-19-2009
20080320597Smartcard System - A programmable smartcard device (12-25-2008
20110145926SYSTEMS AND METHODS FOR BEHAVIORAL SANDBOXING - Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed.06-16-2011
20090199300WIRELESS COMMUNICATION APPARATUS AND CONFIGURING METHOD FOR WIRELESS COMMUNICATION APPARATUS - According to one embodiment, a wireless communication apparatus comprises a wireless communication module configured to carry out wireless communication, a first storage module configured to store information unique to the wireless communication apparatus, a configuration generator module configured to generate configuration information for the wireless communication module to connect to a given network based on the information stored in the first storage module, a second storage module configured to store the configuration information generated by the configuration generator module and a first display control module configured to control display of the configuration information stored in the second storage module so that a user cannot recognize the information unique to the wireless communication apparatus.08-06-2009
20090064338PROXIMITY SENSITIVE BLADE SERVER SECURITY - Embodiments of the present invention address deficiencies of the art in respect to blade server security and provide a method, system and computer program product for proximity sensitive blade server security. In one embodiment of the invention, a method for proximity sensitive blade server security can be provided. The method can include sensing proximity of a systems administrator relative to a blade center, detecting a loss of proximity of the systems administrator, and triggering automated securing of at least one blade server in the blade server in response to detecting the loss of proximity. For example, sensing proximity of a systems administrator relative to a blade center can include establishing a wireless radio connection with a personal article associated with the systems administrator, and determining a loss of proximity when the connection is lost.03-05-2009
20120079604INFORMATION TRANSMISSION APPARATUS, DATA TRANSMISSION APPARATUS, INFORMATION TRANSMISSION DESTINATION DESIGNATING METHOD, DATA TRANSMITTING METHOD, PROGRAM AND STORAGE MEDIUM - In order to enable utilization of a personal address book by another person while maintaining security, in case display of information on an information destination registered in the address book is requested from an unauthenticated user, a display is executed in a state where address information (fax number, e-mail address etc.) is concealed (for example by a mosaic pattern), and information on the information destination, displayed with the address information in such concealed state, can be designated as the information designation.03-29-2012
20120079602Garbled Circuit Generation in a Leakage-Resilient Manner - Methods and apparatus are provided for generating a garbled circuit for a client in a leakage-resilient manner, for use in secure function evaluation between the client and a server. The garbled circuit is generated by obtaining a token from the server, wherein said token comprises a leakage-protected area; querying the token gate-by-gate, wherein for each gate of said garbled circuit, the token interacts with the leakage-protected area to generate a garbled table for the gate; and receiving the garbled circuit from the token. The client can interact with the server to obtain garbled inputs; and then evaluate the garbled circuit on the garbled inputs to obtain a garbled output. A final output can be obtained by matching the garbled output with an output table in the garbled circuit.03-29-2012
20120079601PORTABLE LICENSE SERVER - A portable license for licensed content is obtained by a user along with a regular license in a local network, such as a home network or other private network. The portable license may be stored in a license server on a portable device, such as a smart phone or a tablet, which functions as a portable license server. The user may take the portable device to another location where it joins another local network. A device in the second network, which does not have a license to play the licensed content, may use the portable license on the portable device to execute the content, enabling the user to enjoy it in multiple environments. The device (e.g., a TV) in the second network may continue to play the content as long as the portable license or another valid license is present in the network.03-29-2012
20090064339SYSTEM AND METHOD FOR AUDIT GOVERNANCE IN EMAIL - A system and method, where messages which are exchanged in email, provide recipients (and originators) with the capability to confirm authenticity. A substring of a message is examined, is validated and, if any modifications have been made, the modifications are highlighted to the originator and the receivers so that the originator and the receivers know that the original message has been modified. Also, the system and method of the present invention preserve the time, date and identity of the maker of the modifications.03-05-2009
20120079600MEDIA PROCESSING SYSTEM SUPPORTING DIFFERENT MEDIA FORMATS VIA SERVER-BASED TRANSCODING - A method for processing media content includes receiving, at a second communications device communicatively coupled to a network at a first geographic location, from a first wireless mobile communications device communicatively coupled to the second communications device at the first geographic location, a device profile of the first wireless mobile communications device. The device profile received from the first wireless mobile communications device and media content may be sent to a server communicatively coupled to the network at a second geographic location. Media content may be received from the server, where the media content has been reformatted based on the device profile. The reformatted media content may be transmitted to the first wireless mobile communications device. The received device profile of the first wireless mobile communication device may be stored.03-29-2012
20120079599Non-transitory computer readable storage medium, access filtering device, and access filtering method - An access filtering device includes a receiving unit that receives a URL of a prohibited site or a prohibited page; an executing unit that accesses the page by using the URL; an acquiring unit that acquires page information corresponding to the URL; a prohibited site list that includes character strings of prohibited sites and prohibited pages; a determining unit that determines whether the URL is a character string of a prohibited site or a prohibited page; a display control unit that, when the URL is a character string of a prohibited site or a prohibited page, displays the page in a decreased page-readability state, i.e., in a transparent state.03-29-2012
20090064340Apparatus and Method to Prevent the Illegal Reading of Smart Cards - An apparatus to prevent smart cards from being read illegally is provided, wherein the apparatus is installed in a smart card reader comprises a CPU and a socket with a plurality of fingers, and the apparatus comprises: an electric circuits board (ECB), an inner circuit and a supplementary circuit. The ECB is disposed to cover the fingers and wired with an inner circuit electrically connected to a power supply. The supplementary circuit has an input terminal and an output terminal, wherein the input terminal is electrically connected to the power supply through the inner circuit of the ECB, and the output terminal is electrically connected to the CPU of the smart card reader; when the inner circuit is interrupted, an alarm signal is outputted by the supplementary circuit to the CPU to terminate the reading of the smart card by the smart card reader.03-05-2009
20090241199SYSTEMS AND METHODS FOR CREATING, MANIPULATING AND PROCESSING RIGHTS AND CONTRACT EXPRESSIONS USING TOKENIZED TEMPLATES - System and methods for manipulating rights expressions for use in connection with a rights management system include one or more tokenized templates. Each tokenized template includes one or more rights expression language statements and one or more tokens associated with at least one of the rights expression language statements. Further, the tokens can be place holders for data items or rights expression elements. The system further includes a license template module that creates the tokenized templates, and a license instance creation module that replaces at least one of the tokens in one or more selected license templates with one or more of the data items or rights expression elements to generate a license instance. Additionally, the system includes a license instance analysis module having sub-modules for validating and interpreting license instances, and a data parsing module for extracting data from created license instances.09-24-2009
20090241198INAPPROPRIATE CONTENT DETERMINATION APPARATUS, CONTENT PROVISION SYSTEM, INAPPROPRIATE CONTENT DETERMINATION METHOD, AND COMPUTER PROGRAM - An SNS system 09-24-2009
20090083857DIGITAL RIGHT MANAGEMENT SYSTEM, CONTENT SERVER, AND MOBILE TERMINAL - A digital rights management system (03-26-2009
20080263674Wireless network system, information providing apparatus and wireless terminal - A wireless network system, information providing apparatus and wireless terminal that can prevent the leak of information such as an address of the wireless terminal. A wireless network system includes an information providing apparatus that provides service information over a wireless network, and multiple wireless terminals each of which receives the service information provided from the information providing apparatus. In this case, the information providing apparatus includes destination possibility data in the service information, and each of the wireless terminals determines the destination possibility that the destination of the provided service information is the wireless terminal based on the destination possibility data included in the provided service information accepts the provided service information only if it is determined that there is the destination possibility.10-23-2008
20080263673System and method for delivering promotional and information content during a computer-based application and collecting impression metrics - The present invention includes a system and method for displaying information content, such as advertisements, during a computer-based application, for example, an online video game or any Internet-enabled application, and for collecting user impression metrics associated with the information content, even if the application is not connected to the Internet or an associated application server. The system and method include a campaign management system for receiving information content to be displayed during a computer-based application, including a pack manager application for creating an information content pack containing the information content in content sets, a content delivery network to distribute the information content pack, and a client software development kit that downloads the information content pack to display the information content during the computer-based application, and collects and sends user impression metrics associated with the information content back to the campaign management system for reporting.10-23-2008
20080263672Protecting sensitive data intended for a remote application - A method and apparatus is provided of protecting sensitive data input via an input device of a processing platform from a data logger, the sensitive data being user account data intended for a remote application. To protect the sensitive data, the data is used as a password in a secure, password-authenticated key agreement protocol executed between a security entity and the remote application, the security entity being installed in the input device or in secure communication therewith. In one preferred embodiment the input device is a keyboard and the security entity is a unit installed in the keyboard and selectively operable in a pass-through mode and a security mode.10-23-2008
20090100525INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING PROGRAM - An information processing apparatus capable of permitting electronic data with an access authority to be available at a transfer destination, without the access authority being lost. In a case where a received electronic document is set with access authority management information, it is determined, referring to transfer means (04-16-2009
20110231938APPLICATION SOFTWARE PROTECTING METHOD AND STREAM TRANSMITTING/RECEIVING SYSTEM - A protection method of application software is executed by initiating the first program transmitted from a server via a network on a client, and the method divides an execution result of the application software executed on the client into a plurality of pieces of intermediate data in accordance with distribution arrangement information reported by the server, distributes and arranges the plurality of pieces of intermediate data in the server and the client, transmits to the server notice information including a data length and arranged location information of each piece of the distributed and arranged plurality of pieces of intermediate data, rearranges the distributed and arranged plurality of pieces of intermediate data in the original order of the execution result of the application software on the basis of the notice information, generates in the server a second program for generating the execution result, and transmits the second program to the client.09-22-2011
20090199299INTEGRATED USER EXPERIENCE WHILE ALLOCATING LICENSES WITHIN VOLUME LICENSING SYSTEMS - This description provides tools for providing integrated user experiences while allocating licenses within volume licensing systems. These tools may provide methods that include sending information for presenting licensing portals at recipient organizations. The licensing portals may include representations of properties licensed by the organizations, and may include indications of how many licenses remain available for allocation. The methods may include receiving and validating licensing requests. The tools may provide other methods that include requesting and receiving information for presenting the licensing portals, as well as requesting and receiving licensing-related actions from the licensing systems. The tools may provide still other methods that include receiving requests for information to present launch portals, with these requests incorporating user identifiers for particular end-users. These methods may also populate the launch portals with representations of properties for which the end-users are licensed, and may send the information for the launch portals to licensee organizations.08-06-2009
20090300770MECHANISM TO SEARCH INFORMATION CONTENT FOR PRESELECTED DATA - A method and apparatus for detecting preselected data embedded in information content is described. In one embodiment, the method comprises receiving information content and detecting in the information content a sequence of content fragments that may contain a portion of preselected data. The method further comprises determining whether a sub-set of these content fragments matches any sub-set of the preselected data using an abstract data structure that defines a tabular structure of the preselected data.12-03-2009
20090100523SPAM DETECTION WITHIN IMAGES OF A COMMUNICATION - Determining undesirable, or “spam” communication, by reviewing and recognizing portions within the communications that are things other than ASCII or text. Images are analyzed to determine whether the content of the images is likely to represent undesired content. The images can be classified as to type, can be OCRed, and the contents of the recognition used for analysis, and can be compared against similar images in a database.04-16-2009
20100180347PLUGGABLE FILE-BASED DIGITAL RIGHTS MANAGEMENT API LAYER FOR APPLICATIONS AND ENGINES - A pluggable file-based DRM (digital rights management) API (application program interface) layer for applications and engines. The invention defines a pluggable file-based DRM API layer such that mobile operators can choose to use any file-based DRM (FDRM) engine in their final product. An FDRM engine can be content agnostic (e.g., can range from an executable to a media file or ring-tone). In accordance with the invention, an application can become DRM aware by calling the novel file-based DRM APIs. Any FDRM engine can be plugged into the novel API layer such that applications can use the protected content. The API layer of the subject invention can be designed such that applications that are DRM aware by using the file-based DRM API layer can be DRM engine agnostic.07-15-2010
20090119779LICENSE ACTIVATION AND MANAGEMENT - A software license management system may include an activation server that provides permission to activate a software product. The activation server may receive receiving a request to validate activation of the software and refreshing license information for the software in response to the request to validate. The server may additionally receive a request to re-designate the license information for the software product and may update license information for the software in response to the request to re-designate the software product.05-07-2009
20090205050METHOD AND APPARATUS FOR HARDWARE RESET PROTECTION - A method and apparatus for protecting access to sensitive information stored in vulnerable storage areas (e.g., public memory, registers, cache) of a microprocessor. A microprocessor having a reset port to receive external reset commands may have a reset diversion circuit that may be selectively enabled. The microprocessor may operate in an open mode or a secure mode, indicating the absence or the potential presence, respectively, of sensitive information in the vulnerable storage areas. In open mode, the reset diversion circuit may be disabled such that external reset requests triggers a hardware reset. In secure mode, sensitive information may be recorded on vulnerable storage areas. The reset diversion circuit may be enabled to divert external reset requests to an interrupt which may trigger execution of a software code. The software code, when executed, may perform a secured system clean-up routine to erase the vulnerable storage areas prior to reset.08-13-2009
20090205051SYSTEMS AND METHODS FOR SECURING DATA IN ELECTRONIC COMMUNICATIONS - Systems and methods are provided for providing data security. Credit-related data provided by a credit database can be received. The credit-related data can include records. Each record can include a social security number and a name associated with the social security number. Each record can be transformed to generate transformed data using a hashing algorithm. An electronic communication comprising content can be received. Transformed content can be generated by transforming the content. The transformed content can be compared to the transformed data. The transformed content can be determined to match at least one of the transformed records. The electronic communication can be prevented from being transmitted to a network.08-13-2009
20090205049SECTION BASED SECURITY FOR A SECTIONED SURFACE-BASED COMPUTING DEVICE - The present invention discloses a method, a computer program product, a system, and a device for securing content of a surface-based computing device. In the invention, a delineated region of a surface of a surface-based computing device referred to as a section can be identified. The section can be a computing space owned by at least one user referred to as a section owner. Other regions of the surface exist that are computing spaces distinct from the section. A set of section specific settings can be established that are configurable by the section owner. An attempt to convey at least one software object across a section boundary separating the section from one of the other regions can be identified. The section specific settings can be applied to the attempt. Appropriate programmatic actions can be taken based upon the section specific settings.08-13-2009
20120198561DATA TRANSMISSION APPARATUS, CONTROL METHOD THEREFOR, AND IMAGE INPUT/OUTPUT APPARATUS - According to the present invention, a data transmission apparatus capable of transmitting data by using a plurality of transmission media, comprises an authority storage unit, adapted to store authority information representing use authority to use each transmission medium by each user; and a transmission control unit, adapted to, in transmitting data, restrict data transmission to a destination corresponding to a transmission medium for which a current user does not have the use authority.08-02-2012
20080276323METHOD FOR MANAGING RECORDED STREAMS IN A REWRITABLE RECORDING MEDIUM - A method and apparatus for managing digital content are discussed. According to an embodiment, the method includes receiving digital content and protection information for protecting the digital content; obtaining at least one of user interface application data and marker private data; and managing the digital content according to the at least one of user interface application data and marker private data, wherein the managing step prevents a user from performing an action related with unauthorized usage of the digital content.11-06-2008
20090222927Concealment of Information in Electronic Design Automation - In one exemplary embodiment disclosed herein, an electronic design automation tool may receive information related to electronic design automation that contains secured information, such as physically secured information, and annotations to indicate the secured portions of the information. Upon receiving such information, the electronic design automation tool may identify those portions of the information comprising secured information related to electronic design automation, and unlock the secured information for processing. The electronic design automation tool may process at least some of the secured electronic design automation information without revealing that secured information to unauthorized persons, tools, systems, or otherwise compromising the protection of that secured information. That is, the design automation tool may process the secured electronic design automation information so that the secured information is concealed both while it is being processed and by the output information generated from processing the secured information.09-03-2009
20090100524COMMUNICATION TERMINAL APPARATUS, SERVER TERMINAL APPARATUS, AND COMMUNICATION SYSTEM USING THE SAME - A communication terminal apparatus includes a storage section configured to store a library function in which a first specific instruction is executed a process to be executed prior to a communication with a communication target and a second specific instruction is executed before returning to a call source, a client application, an attribute value group of the client application, and an permissible address range of the first specific instruction. A communication instruction execution control section controls execution of a communication instruction based on the attribute value group of the client application, when the client application executes the communication instruction to generate an internal interruption. A security gate entering section checks whether or not an address of the first specific instruction is within a permissible address range when the client application executes the first specific instruction to generate the internal interrupt, and changes the attribute value group of the client application when the address of the first specific instruction is within the permissible address range. A security gate exiting section returns the attribute value group of the client application to an original state when the client application executes the second specific instruction to generate the internal interrupt.04-16-2009
20090249489SECURITY BY CONSTRUCTION FOR WEB APPLICATIONS - Secure distributed Web applications are produced by default upon construction. Mechanisms are provided to address distributed application vulnerabilities (e.g., cross-site scripting, cross-site request forgery, replay attacks . . . automatically. These mechanisms are provided in conjunction with a tier-splitting component that breaks up an application for execution across multiple contexts or tiers. As a result, any application that is tier split is protected from security vulnerabilities by default without any intervention on the part of a developer.10-01-2009
20090249487METHOD AND ARRANGEMENT RELATING TO A COMMUNICATION DEVICE - The present invention relates to a novel method for handling applications in a device by associating an application signed by a domain certificate to a pre-defined entity in a device, said device comprising: a module reader for reading subscriber identity, a virtual machine for running at least one application, a memory containing a root certificate, the method comprising: using a data set for aggregating a sub set of data, modifying portion of said data set such that said portion includes reference to said entity. The invention also relates to a device for implementing the method.10-01-2009
20090249490COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, TRANSMISSION METHOD, AND COMPUTER PROGRAM PRODUCT - A communication apparatus stores encrypted pieces having plural pieces as a part of a content encrypted, and number of transmission times. At least one first piece is encrypted by plural different encryption keys. The communication apparatus selects as priority pieces plural encrypted pieces corresponding to at least one first piece among the first pieces, based on number of untransmitted encrypted pieces of which number of transmission times is zero among plural encrypted pieces of which first piece is encrypted, and stores priority piece information specifying the priority piece. When a piece request is received from other communication apparatus, the communication apparatus determines an encrypted piece to be transmitted, based on priority piece information, and transmits the encrypted piece to the other communication apparatus.10-01-2009
20110145928IMAGE FORMING APPARATUS AND METHOD THEREFOR - A multifunction peripheral is disclosed as an example of an image forming apparatus. The multifunction peripheral determines whether a license corresponding to a license identifier is present inside the image forming apparatus through a license management unit based on the license identifier corresponding to input license information. If the license is present inside the image forming apparatus, the license management unit as an example of the history determination unit determines whether there is any installation history of the license whose presence has been determined, on the image forming apparatus.06-16-2011
20110145929APPARATUS AND METHOD FOR PRIVACY PROTECTION IN ASSOCIATION RULE MINING - There are provided an apparatus and a method for privacy protection in association rule mining among data mining technologies. An apparatus for privacy protection in association rule mining according to an embodiment of the present invention comprises: a fake transaction inserter that generates fake transactions of a predetermined number each having a predetermined length and inserts the fake transactions between a plurality of transactions comprised in an original data set to generate a first virtual data set; and a distortion transaction generator that generates a second virtual data set by converting data of the transaction of the first virtual data set with a predetermined probability.06-16-2011
20110145927METHOD AND SYSTEM FOR PROVIDING REMOTE CONFIGURATION OF MISSING MOBILE DEVICES - An approach is provided for remotely configuring a mobile device designated as missing. A request to remotely configure the mobile device is received. In response to the request, at least one setting parameter specifying at least one action to be performed by the mobile device is retrieved. A control message specifying the at least one setting parameter is generated. It is determined whether the mobile device is network inaccessible. The control message is queued for transmission over a data channel to the mobile device when the mobile device is determined to be network inaccessible.06-16-2011
20110145925SECURE PROGRAMMING OF VEHICLE MODULES - A method for programming a vehicle module via a secure programming system. The method carried out by the system involves generating a credentials media containing one or more secure credentials. Then, a credentials programmer programs one or more vehicle modules using the credentials media. During each stage of the vehicle module programming, the programming status is securely updated in the credential media. In case of a programming failure, the credentials media is used in a secondary credentials programmer to program the vehicle modules.06-16-2011
20080320599RIGHTS EXPRESSION PROFILE SYSTEM AND METHOD USING TEMPLATES - A system and method for creating a rights expression for association with an item for use in a system for controlling use of the item in accordance with the rights expression, including specifying rights expression information indicating a manner of use of an item, the rights expression information including at least one element, the element having a variable and corresponding value for the variable; and performing an encoding process, including determining an identifier associated with a template corresponding to the rights expression information, extracting from the rights expression information the value for the variable corresponding to the element, and encoding a license adapted to be enforced on a device based on the variable and the identifier, the license including an identification of the template and the value for the variable.12-25-2008
20090254994Security methods and systems - A system/method for preventing a computer virus from accessing message addresses is described. The system comprises an interception component or client plug-in that communicates with a messaging client and a messaging server. The interception component alters messages from the server and destined for the client. The interception component replaces message addresses in incoming messages with a unique identifier. The interception component also alters messages from the client destined for the server. The interception component replaces a unique identifier with a message addresses. A system/method for preventing keyboard sniffer programs from intercepting input, a system for preventing a computer virus from activating a send confirmation of a messaging client and a method for altering displayed objects to show encrypted data in decrypted form are also described and claimed. A system/method for reducing the impact of keyboard sniffer programs by altering keyboard input.10-08-2009
20100162403SYSTEM AND METHOD IN A VIRTUAL UNIVERSE FOR IDENTIFYING SPAM AVATARS BASED UPON AVATAR MULTIMEDIA CHARACTERISTICS - A system and method in a virtual universe (VU) system for identifying spam avatars based upon the avatars' multimedia characteristics may have a table that stores multimedia characteristics of known spam avatars. It further may have an analysis unit that compares the multimedia characteristics of avatars against the multimedia characteristics of known spam avatars to determine if the avatar has known spam avatar characteristics. It may further have a scoring system to calculate a spam score based upon the similarities of the comparison and identifying the avatar as a spam avatar based upon the calculated spam score. It may further compare the calculated spam score with a spam score threshold wherein the avatar is identified as a spam avatar if the calculated spam score is equal to or greater than the calculated spam score. Multimedia characteristics include graphics, audio, movement, interactivity, voice, etc.06-24-2010
20100162409METHOD FOR MOVING RIGHTS OBJECT AND METHOD FOR MANAGING RIGHTS OF ISSUING RIGHTS OBJECT AND SYSTEM THEREOF - A method for managing rights of issuing a Rights Object (RO), and a method for moving an RO created by a Local Rights Manager (LRM) between Digital Rights Management (DRM) Agents, are discussed. A Right Issuer (RI) permits an LRM to move an RO created (or issued) by the LRM to move via the RI, and a first DRM Agent moves the RO to a second DRM Agent via the RI.06-24-2010
20100162404IDENTIFYING SPAM AVATARS IN A VIRTUAL UNIVERSE (VU) BASED UPON TURING TESTS - A virtual universe system has a system and method for identifying spam avatars based upon the avatar's behavior characteristics through the use of Turing tests. The system may provide a Turing test unit for performing Turing tests and an analysis unit that compares the behavior characteristics of new or newly changed avatars against the behavior characteristics of known spam avatars to determine if the avatar has known spam avatar characteristics. It may further have a scoring system to calculate a spam score based upon similarities of the comparison and identifying the avatar as a spam avatar based upon the calculated spam score. It may further compare the calculated spam score with a spam score threshold wherein the avatar is identified as a spam avatar if the calculated spam score is equal to or greater than the calculated spam score.06-24-2010
20090260088System and Method for Data Destruction - A system and method for self-activated or remote-controlled data destruction for mobile devices. In an embodiment, when the user is unable to find their mobile device, they can log onto a web-base/software application through the computer or other communication device such as a telephone or mobile devices to request a data destruction command to be sent to the lost mobile device. If the lost mobile device, after a specified time duration, does not have any reception to receive any signals nor has any battery-power, the self-destruction application embedded in the mobile device will automatically activate itself during the next reset procedure or power up or shut down process. This application will perform a memory erase procedure for all selected data on the mobile device. To increase the area of service the embedded application can scan and connect to other available networks such as Wi-Fi to extend the coverage area.10-15-2009
20090276857ANTI-TAMPER TECHNIQUES - Anti-tamper techniques for protecting a program code portion against tampering provide for defining a sequence of code segments having a root-code segment and a plurality of sub-code segment. Each sub-code segment is provided with an integrity checking portion for checking the integrity of a target code segment. At runtime, the integrity checking portion of a given sub-code segment carries out a checking procedure on the respective target code segment to obtain a runtime result which is compared with a reference result to verify that the target portion of the program has not been tampered with.11-05-2009
20090276856LICENSE MANAGEMENT FACILITY - A method is presented for managing resource licensing. The method may include detecting an installed web server and/or application server to identify a container installation path, and identifying a resource associated with the container installation path. A resource installation path and a licensing structure may be determined for the resource. The method may further include building an application representation associating the resource installation path with the licensing structure, and determining the instances of resource use. The instances of resource use may be compared to the application representation to determine a licensing state for the resource.11-05-2009
20080307530Right object acquisition method and system - A batch rights objects (ROs) acquisition method and system is provided to enable a mobile terminal to acquire multiple rights objects in a batch processing manner. A rights object acquisition method according to an embodiment of the present invention includes transmitting a rights object request message requesting one or more rights objects of content objects from a mobile terminal to a rights issuer; creating, at the rights issuer, a rights object response message containing at least one of rights objects indicated by the rights object request message and at least one signature in response to the rights object request message; and transmitting the rights object response message from the rights issuer to the mobile terminal.12-11-2008
20080307529Method and Apparatus for Protecting Internet Privacy - A method of protecting personal information on the Internet, and an apparatus thereof are provided. The method includes: sensing transmission through the Internet of personal information of a user; detecting information on a website that is the destination of the sensed transmission of the personal information; comparing information on the detected website with a personal information protection policy; and permitting or blocking the transmission of the personal information according to the comparison result. According to the method, in order to minimize leakage of personal information from a website, when user information is input to the website, providing of the personal information is controlled based on information on whether or not the website is reliable in terms of personal information protection such that providing of the personal information to a dangerous website can be prevented, and possible damage by leakage of personal information can be prevented in advance. Also, in order to prevent phishing, that is, obtaining user's personal information through a fake website having an appearance similar to a famous website, the method helps the user identify a fake website such that possibility of phishing can be minimized.12-11-2008
20100169978Content usage managing apparatus, content usage managing method and program - There is provided a content usage managing apparatus including a memory unit to store the first relation between a POP and one or more contents included in the POP and the second relation between the POPs linked via a content in a package which includes two or more POPs, a selection unit to select the first content out of contents included in the first POP of the package, a specifying unit to specify the first webpage including the first content, and an examination unit to examine whether the first POP and one or more contents included in the first POP satisfy the first relation and to examine whether the first POP and the second POP linked to the first POP via the second content satisfy the second relation on at least any one of the first webpage or one or more webpages linked to the first webpage.07-01-2010
20100186090METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR A CONTENT PROTECTION SYSTEM FOR PROTECTING PERSONAL CONTENT - An apparatus for providing a content protection system for protecting personal content may include a processor configured to receive an indication of personal content submitted for inclusion in a content protection system, and determine admissibility of the personal content to the content protection system based at least in part on indicia associated with a source device from which the personal content originated. A corresponding method and computer program product are also provided.07-22-2010
20120246735DATA PROCESSING APPARATUS - A data processing apparatus (09-27-2012
20120246731SECURE EXECUTION OF UNSECURED APPS ON A DEVICE - Devices are pre-deployed with an app security mechanism to ensure that apps that are downloaded onto the device do not cause data loss, data leakage, or other harm to the device. A user can start using the device and downloading apps in a conventional or typical manner and be assured that security measures are being taken to minimize potential harm for unsecured and secured apps. An app security enforcement layer or engine operates with, for example, a Type 2 hypervisor on the device, and ensures that any calls by the apps to the operating system of the device are generally safe. Measures such as enhancing or modifying the call, obfuscating the call, or terminating the app may be taken to protect the operating system. These actions are taken based on a policy that may be either interpreted or compiled by the enforcement engine with respect to app execution. The security measures are generally transparent to the user of the device.09-27-2012
20120246733COMPUTER-IMPLEMENTED METHOD FOR ENSURING THE PRIVACY OF A USER, COMPUTER PROGRAM PRODUCT, DEVICE - The present description refers in particular to a computer-implemented method, a computer program product and a device for ensuring the privacy of a user and the utility of data communicated by a device, such as a vehicle telematics device, to a server, the method comprising: moving the device during a time period; receiving data at the device during the time period; processing, by the device, the received data; summarizing, by the device, the processed data in a matrix, wherein the rows and columns of the matrix define circumstances of movement of the device, wherein the matrix includes a plurality matrix-entries, and wherein each matrix-entry includes a distance covered by the device during the time period under a pair of said predefined circumstances of movement; and transmitting the summarized data from the device to the server.09-27-2012
20120246734End-To-End Licensing Of Digital Media Assets - Brokering use of media assets based on rights provided by rights holders and licensing terms requested by potential licensees. Rights include use attributes, geographic attributes, and time attributes. Use attributes include one or more parent categories of uses, such as print advertising, web promotion, etc. Each parent category includes one or more specific uses, such as magazine advertisement, newspaper advertisement, etc. Rights are obtained from rights holders and stored in a data structure that is searchable according to various rights attributes. A licensing request includes desired licensing terms, such as a specific use, time period, and geographic location. The licensing request may also reserve use for a later time and/or impose an embargo on use for a period after use. The data structure is searched for media assets whose rights encompass the desired licensing terms, such as media assets with a parent use that includes a desired specific use.09-27-2012
20120246736SYSTEM AND METHODS FOR PROTECTING THE PRIVACY OF USER INFORMATION IN A RECOMMENDATION SYSTEM - The invention provides an improved recommender system that includes a client device or service provider server, a trusted function handler module and a recommender module. The recommender system functions to protect the privacy of user rating information maintained by the node (i.e., client device/server) by having the node transform the user rating information using a specific function selected by the function handler and then provide the transformed user rating information to the recommender module. In this way, privacy of the user rating information is maintained because the original user rating information will be unknown to a recommender module.09-27-2012
20100162402DATA ANONYMIZATION BASED ON GUESSING ANONYMITY - Privacy is defined in the context of a guessing game based on the so-called guessing inequality. The privacy of a sanitized record, i.e., guessing anonymity, is defined by the number of guesses an attacker needs to correctly guess an original record used to generate a sanitized record. Using this definition, optimization problems are formulated that optimize a second anonymization parameter (privacy or data distortion) given constraints on a first anonymization parameter (data distortion or privacy, respectively). Optimization is performed across a spectrum of possible values for at least one noise parameter within a noise model. Noise is then generated based on the noise parameter value(s) and applied to the data, which may comprise real and/or categorical data. Prior to anonymization, the data may have identifiers suppressed, whereas outlier data values in the noise perturbed data may be likewise modified to further ensure privacy.06-24-2010
20100162405PROTECTING AGAINST POLYMORPHIC CHEAT CODES IN A VIDEO GAME - Embodiments are directed towards protecting against polymorphic cheat codes in a video game environment. A detour analyzer analyzes game code in client memory for possible hooks to parasite code. For each detected hook to parasite code, hook and/or parasite information is determined to generate a hook/parasite signatures, which are sent to a remote network device. Based on the hook/parasite signatures a weighted combination of scores are generated that is useable to determine a probability value that the parasite code is cheat code. If the determined probability value indicates cheat code, the user of the client device may be banned from future game play. Additionally, the hook/parasite signature information may be used to update the data store to detect polymorphic changes in the cheat code.06-24-2010
20100162408METHODS AND APPARATUS FOR TITLE STRUCTURE AND MANAGEMENT - A title management apparatus resident on a first computer including a memory for storing a control program and data, and a processor for executing the control program and for managing the data. The apparatus includes user data resident in the memory including a set of user security indicia. The apparatus also includes a first title object resident in the memory including a title structure, the title structure further comprising a content element, a set of attributes, and a set of title object security indicia. The apparatus further includes a set of stub objects coupled to the title object, wherein the set of stub objects can further optimize the title structure; an authorization structure configured to selectively redeem the content element based at least in part of the user security indicia; and, a title management structure configured to associate a user with the first title object based at least in part of the user data and the title attributes.06-24-2010
20100162406SECURITY ASPECTS OF SOA - The present description refers in particular to a computer implemented method, computer program product, and computer system for dynamic separation of duties (SoD) during workflow execution. Based on at least one policy file, at a monitoring module, at least one node to be logged from a message in a message pipe of one or more messages exchanged when executing a workflow instance may be specified. Information on the at least one logged node may be passed to an enforcer. SoD violation for the at least one logged node may be checked at the enforcer. If, for the at least one logged node, SoD is violated, action may be taken based on the at least one policy file.06-24-2010
20100263053CONTROLLING A USAGE OF DIGITAL DATA BETWEEN TERMINALS OF A TELECOMMUNICATIONS NETWORK - A method and control of using a content data object associated to a content controlling terminal of a communications network, and receiving a request from a content receiving terminal to get a digital rights data object, associated to the content data object required to use the content data object, and initiating a transmission of the digital rights data object from the content controlling terminal to the content receiving terminal, and a control supporting server thereto. Also generating the digital rights data object, receiving a notification to send the digital rights data object to the content receiving terminal, and sending the digital rights data object to the content receiving terminal, and a content controlling terminal thereto.10-14-2010
20100263052Arbitrary Code Execution System For Preventing Concoction And Analysis Of Computer Execution Codes - Disclosed is an analysis of computer execution codes in that an arbitrary code selected from a plurality of codes of various shapes periodically or frequently during execution of a computer program is stored in a memory of the computer to be executed, so that it can be very difficulty in concocting and analyzing the computer program, whereby securely protecting the computer execution codes. The arbitrary code execution system for preventing the concoction and the analysis of computer execution codes includes: a code pool management module for managing a plurality of codes for storing in a memory of a computer in stead of computer programs; a code control module for selecting and transmitting a specific code among the plurality of codes stored in the code pool management module; and a code execution module for storing the specific code transmitted from the code control module in the memory and executing it as a part of the existing programs.10-14-2010
20100192231MEDIA PACKAGE, SYSTEM COMPRISING A MEDIA PACKAGE AND METHOD OF EXECUTING PROGRAM CODE - A media package storing program code, the media package comprising a medium storing a first part of the program code intended to be executed on a processor external to the media package, and a processing device storing a state and a second part of the program code, the first and the second parts of the program code being adapted to interact when executed so as to execute the program code. The processing device comprises a processor for verifying the state and for executing the second part of the program code if the verification of the state indicates that this is authorised; and a first interface for communication with the processor external to the media package. The processing device further comprises a second interface adapted to interact with a state change device in order to set the state from a first state not authorising execution of second part of the program code to a second state authorising execution of second part of the program code. The second interface is a Radio Frequency interface adapted to, when the media package is in the first state, interact with at least one anti-theft portal. Also provided is a system.07-29-2010
20120304302PREVENTING PASSWORD PRESENTATION BY A COMPUTER SYSTEM - A method, system or computer usable program product for preventing a password from being presented in a data entry field on a computer display including, responsive to user entry of a character set in the data entry field, comparing the character set to a securely stored password set for a potential match of the character set with leading characters of a password in the password set, responsive to detecting a match, inhibiting presentation of at least one character of the character set in the data entry field, and responsive to detecting a lack of a match, presenting the character set in the data entry field.11-29-2012
20100186094EMBEDDED SYSTEM ADMINISTRATION AND METHOD THEREFOR - An administration system for use within a server system is provided. The server system having a server that provides host management functions and the server system being able to accept computer cards inserted therein. The administration system comprises a computing system that is inserted in the server system, the computing system having a controller that assumes control over the communications bus.07-22-2010
20100186093PORTABLE MASS STORAGE DEVICE WITH HOOKING PROCESS - The invention relates to a portable mass storage device (07-22-2010
20100186092NETWORK AUDIO-VIDEO CONTENTS PLAYBACK TERMINAL, SERVER, AND SYSTEM - Methods to set a viewing and/or listening term are classified into two types, which are a fixed-time-length type to limit time length and a fixed-expiration-time type to limit expiration time. And the timings of license acquisition are classified into two types which are an immediate-acquisition type and a point-of-use type. The type of the timing of license acquisition is written to a meta data which is to be sent to a terminal before initiating download. The terminal determines the timing of license acquisition according to the meta data. When contents are point-of-use type, the terminal doesn't acquire a key and an expiration time information until a time of initiating playback. On the other hand, when contents are immediate-acquisition type, the terminal acquires the key and the expiration time information at any point of time. Since the key is acquired at the early timing such as download completion timing, a reaction velocity in response to a playback instruction can be heighten.07-22-2010
20120198559POLICY BASED MANAGEMENT OF CONTENT RIGHTS IN ENTERPRISE/CROSS ENTERPRISE COLLABORATION - Systems, methods and apparatuses (i.e., utilities) for use in managing access to and use of artifacts (e.g., word or pdf documents, jpegs, and the like) and any copies thereof in an enterprise/cross-enterprise environment. The utility may include a content management system for storing the artifacts and managing use of the artifacts and an information rights management system for use in sealing the artifacts, validating users and granting licenses for use of the artifacts at the directive of the content management system.08-02-2012
20100263054INFORMATION PROCESSING APPARATUS AND METHOD AND STORAGE MEDIUM - An information processing apparatus capable of preventing user's personal information from leaking even when transmission destination information managed in a user-specific address book is transferred to an apparatus users' shared address book. The apparatus is equipped with a function for managing destination information n on a destination indicative of an external apparatus to which data is to be transmitted. An apparatus users' shared address book area stored destination information available to any user. A user-specific address book area stores destination information which can be accessed only by a specific user. When the destination information stored in the user-specific address book is transferred to the apparatus users' shared address book in response to a user's operation, user's personal information included in the destination information is deleted before the transfer.10-14-2010
20100263051SOFTWARE APPLICATION SECURITY METHOD AND SYSTEM - A method for verifying a software application to a user of a device such as a mobile phone. The device receives (10-14-2010
20100205676PROCESSING OF DATA INFORMATION IN A SYSTEM - Data information, represented by electric or wave signals, or data information within the artificial or natural databases and storage media, such as for example DNA, encoded as a sequence of symbols, is, for the purpose of its concealing and simultaneously preserving its select local data information segments, partitioned within a physical medium, such as especially computer hardware, physical communication channel, physical storage medium or biological material, into short overlapping data segments. The studied local data information segments are contained within the short segments in their entirety. These partitioned short segments constitute the first group and to at least one short segment of the first group, data, encoded as selected symbols, are pre-pended or appended, to the symbols of the short segments of the first group. The resulting mixture of segments is interconnected into a sequence of data. The entire process may be repeated multiple times.08-12-2010
20100192232METHOD FOR MOVING RIGHTS OBJECT IN DIGITAL RIGHTS MANAGEMENT - A method for moving Rights Object (RO) in a Digital Rights Management (DRM). RO for content is partially or entirely moved between Devices in the same group, so that the RO can be shared between the Devices and a utility thereof can be enhanced.07-29-2010
20100192230PROTECTING TRANSACTIONS - Technology is described for protecting transactions. The technology may include a switching component that a user can employ to switch an associated mobile device into a secure mode so that a user can confirm the transaction. After initiating a transaction request, the user can confirm the transaction request by activating the switching component, which can cause the mobile device to switch into a secure mode. In the secure mode, the mobile device may prevent the mobile device from conducting various normal activities, such as executing applications, receiving input, providing output, and so forth. The switching component may disable other processing temporarily. Upon receiving the confirmation from the user, the switching component may send a confirmation communication to complete the transaction.07-29-2010
20080301815Detecting Unauthorized Changes to Printed Documents - Systems and methods to detect unauthorized changes to a printed document are described. In one aspect, a digital signature of original content associated with electronic document is embedded into the original content to create a content signed document. The systems and methods use the embedded digital signature to automatically determine whether text-based content associated with a printout of the content signed document was changed from the original content associated with the electronic document.12-04-2008
20100218257PROGRAM OBFUSCATION APPARATUS, PROGRAM OBFUSCATION METHOD AND COMPUTER READABLE MEDIUM - A program obfuscation method includes: detecting a loop from an obfuscation target program; adding a conditional expression to the obfuscation target program at a preceding stage of the loop, wherein the conditional expression is neither permanently invalid nor permanently valid and adding a flow in which (a) when a logical value of the conditional expression is false, processing of the obfuscation target program proceeds to a start of the loop, and (b) when the logical value of the conditional expression is true, the processing executes a set of executable statements equivalent to a set of executable statements which are ones from the first executable statement to a middle executable statement among a plurality of executable statements in the loop, and then the processing proceeds to an executable statement subsequent to the middle executable statement in the loop.08-26-2010
20100199356METHOD AND APPARATUS FOR PROVIDING WEB PRIVACY - A method and an apparatus for providing privacy in a network are disclosed. For example, the method receives a request, e.g., an HTTP request, from a user for information, wherein the information includes at least a Uniform Resource Locator (URL) of at least an aggregator. The method identifies all personally identifiable information of the user. The method then masks the personally identifiable information from the browser in the endpoint device of the user, while responding to the request.08-05-2010
20090077669Mesh Grid Protection - A mesh grid protection system is provided. The protection system includes a plurality of grid lines forming a mesh grid proximate to operational logic. The protection system also includes tamper-detection logic coupled to the plurality of grid lines and configured to toggle a polarity of a signal on at least one grid line at each clock cycle and to detect attempts to access the operational logic by comparing a reference signal driving a first end of a grid line to a signal at the opposite end of the grid line.03-19-2009
20100162407APPARATUS, METHOD, AND RECORDING MEDIUM - It requires a lot of money to newly develop a management application operating on an apparatus or an information device for managing the function of the multifunction peripheral from a remote place. To a management apparatus already existing in the market, information including function information which is not an object of management of the management apparatus requested by the management apparatus is returned in a format interpretable for the management apparatus. Further, a function of an apparatus which is not an object of management of the management apparatus is managed by carrying out processing which is not a processing requested by the management apparatus.06-24-2010
20100146633Memory Controller,Non-Volatile Storage Device, Non-Volatile Storage System,Access Device, and Data Management Method - In a memory controller according to the present invention, an external I/F unit receives ID information associated with data from the outside of a non-volatile memory, and a recording controller manages a recording position of the data in the non-volatile memory based on the ID information, so that an amount of time necessary for the retrieval of rights information based on the ID information is reduced.06-10-2010
20090293129TERMINATION OF SECURE EXECUTION MODE IN A MICROPROCESSOR PROVIDING FOR EXECUTION OF SECURE CODE - An apparatus providing for a secure execution environment including a microprocessor and a secure non-volatile memory. The microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The microprocessor has secure execution mode logic that is configured to detect execution of a secure execution mode return event, and that is configured to terminate a secure execution mode within the microprocessor, where the secure execution mode exclusively supports execution of the secure application program. The secure non-volatile memory is coupled to the microprocessor via a private bus and is configured to store the secure application program prior to termination of the secure execution mode, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.11-26-2009
20100218259METHOD, APPARATUS AND COMPUTER PROGRAM FOR SUPPORTING DETERMINATION ON DEGREE OF CONFIDENTIALITY OF DOCUMENT - Determining confidentiality of an office document shared by multiple organizations. Each block of a document data set is stored in association with confidentiality information indicating whether the block is confidential. The document data set is dividable into blocks each being a unit including properties evaluated as having a certain characteristic. A document data set targeted for the confidentiality determination is acquired, and it is determined whether a document data set, including a block similar to each block of the acquired document data set, is stored. If the document data set including the similar block is stored, it is determined whether the confidentiality information indicating that the block is confidential is assigned to the block of the acquired document data corresponding to the similar block. If the confidentiality information indicating that the block is confidential is assigned, the acquired document data set is determined as confidential.08-26-2010
20100242117INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM, AND STORAGE MEDIUM STORING THE SAME - An information processing apparatus in which a part of a plurality of different programs included in an application package is validated includes an invalidation command input unit configured to input a command to invalidate a license of the application package, a generation unit configured to generate invalidation verification data by invalidating the license of the program which is included in the application package, is already installed in the information processing apparatus, and has a validated license, and to generate invalidation verification data of the license of the program without installing the program which is included in the application package and is not installed in the information processing apparatus, and an output unit configured to output the invalidation verification data generated by the generation unit.09-23-2010
20100218260Provisions for Validating Content Using a Content Registration Authority - Strategies are described for validating content transferred over a communication channel using a more effective approach than heretofore provided in the art. A content registration authority is provided which registers the content disseminated by one or more content providers to one or more client devices. A client device which receives content that has been registered can securely consume the content, based on an assumption that a content provider which furnishes the content is entrusted by the content registration authority to provide the content, and without prompting a user of the client device to expressly approve the content provider. In a first solution, the content registration authority registers the content by issuing a certification stamp; in a second solution, the content registration authority registers the content by storing registration information in a central repository. The content may contain instructions which perform operations in the context of an instant messenger application.08-26-2010
20100251383DATA CLOAKING METHOD AND APPARATUS - A method of cloaking data including the steps of recognizing a combination of unclassified information becoming classified as a result of the combination of the information; and cloaking of a portion of the information responsive to a classified authorization of at least one of receiving equipment and users. The recognizing step and the cloaking step being carried out by a data handling machine.09-30-2010
20100212015METHOD AND SYSTEM FOR PRODUCING MULTIMEDIA FINGERPRINT BASED ON QUANTUM HASHING - Disclosed are a method and system for producing a multimedia fingerprint based on quantum hashing. The method includes receiving an input of a multimedia file, extracting a quantum hash type fingerprint from the input multimedia file, calculating similarity between the extracted quantum hash type fingerprint and a binary fingerprint stored in a database, and selecting, as a calculation result, data having a fingerprint calculated as having the highest similarity.08-19-2010
20090293131METHOD AND SYSTEM FOR PROCESSING CONTENT - A method and system for processing content are provided. The method of processing content includes: receiving source data from a first system; interoperable-processing the source data and generating a target data; and transmitting the target data to a second system, the first system or the second system include at least one of access control system, copy protection system and use control system. Accordingly, it is possible to easily process non-compliant content in the DRM interoperable system.11-26-2009
20100235922PERSONAL INFORMATION MANAGEMENT DEVICE - A personal information management apparatus acquires associated information that is associated with target information for which transmission has been requested, and if the acquired associated information includes personal information, transmits the target information after modifying the associated portions of the target information. This structure enables improving protection of personal information by protecting not only personal information but also information that cannot be used independently to identify a person but can be easily correlated with other information and used to identify a specific individual with reference to the other information.09-16-2010
20100218258CONTENTS PROTECTION PROVIDING METHOD AND PROTECTED CONTENTS CONSUMING METHOD AND APPARATUS THEREOF - Provided is a contents protection providing method, a protected contents consuming method and an apparatus thereof. The contents protection providing method includes: creating protected scheme information; and transmitting the protected scheme information to a terminal, wherein the protected scheme information includes: scheme type information including identification (ID) information of a protection scheme; and scheme information including detailed information of the protection scheme.08-26-2010
20100242115SECURITY COVER - The present invention is available for the field of electronic circuit protection, and provides a security cover for enclosing a protective area on the protected PCB and protecting the components in this area. The security cover comprises a flexible PCB that is folded with a receiving space and an opening in a side in the space. The flexible PCB is covered on the protective area of the protected PCB and encloses the components in the protective area. The flexible PCB triggers the related circuits to remove or destroy the information on the components in this protective area in case of physical attack. The present invention is to enclose the key components on PCB via the flexible PCB with the receiving space so as to prevent the key components from being attacked.09-23-2010
20100242118SECURITY MANAGEMENT DEVICE AND SECURITY MANAGEMENT METHOD - To provide a security management device, a security management method, a security management program and a security management system that are capable of ensuring a desired security while scheming to save a labor for the security management by the security management device performing access control of a terminal in accordance with a security level of the terminal and prompting it to do security setting. Whether or not a security level reaches a predetermined level is judged by detecting the security level of a terminal from an access pattern, and, in the case of judging that the security level of the terminal does not reach the predetermined level, an access permission range of the terminal is changed.09-23-2010
20100242119ELECTRONIC DOCUMENT RIGHTS AND TRACKING SYSTEM - Method and system to identify document rights by use of the Internet or other networking system and then perform action(s) based on the rights identified in the document. A log may be created where predefined information will be populated and that log will be viewable by the document owner or other person who has access to the log.09-23-2010
20100242116INTEROPERABLE DIGITAL RIGHTS MANAGEMENT DEVICE AND METHOD THEREOF - Provided are an interoperable DRM device and method thereof. The interoperable DRM device includes: an interface for communicating with a terminal that performs predetermined operations for reproducing contents; and a DRM processor for managing digital rights of the contents. The DRM processor exchanges messages with the terminal for interoperably managing the digital rights.09-23-2010
20100251380Method and system for identifying suspected phishing websites - Identifying suspected phishing websites includes: obtaining an address of a website to be identified; determining, according to the address of the website to be identified, that the website to be identified is neither a legal website to be protected nor a phishing website; applying a suspected phishing website rule by matching a regular expression with the address of the website to be identified; and in the event that the matching is successful, determining that the website to be identified is a suspected phishing website.09-30-2010
20100235923Methods and Systems for Applying Parental-Control Policies to Media Files - A computer-implemented method may intercept a file-system call associated with a media file. The computer-implemented method may determine an attribute of the media file. The computer-implemented method may also identify a parental-control policy associated with the attribute of the media file. The computer-implemented method may further apply the parental-control policy to the media file. Various other methods, systems, and computer-readable media are also disclosed.09-16-2010
20100235921License Scheme for Use with Stackable Devices09-16-2010
20100212019Method and Apparatus for Protecting Information and Privacy - A system for protecting software against piracy while protecting a user's privacy enables enhancements to the protection software in a user device and extended protections against piracy. The protection system allows the user device to postpone validation of purchased tags stored in a tag table for installed software and to re-establish ownership of a tag table to recover from invalidation of a tag table identifier value resulting from revelation of a tag table identifier value. Continued use of the tag table is provided by the use of credits associated with a tag table. A protection center is protected against denial of service attacks by making calls to the protection center cost time or money to the attackers.08-19-2010
20100212020PRE-PROCESSED INFORMATION EMBEDDING SYSTEM - Auxiliary information (08-19-2010
20100212018GENERATING HUMAN INTERACTIVE PROOFS - A method for generating one or more human interactive proofs (HIPs) is described herein. A HIP request may be received. One of a plurality of HIP engines may be selected using a randomization algorithm. Each HIP engine may have a distinct algorithm for generating the one or more HIPs. The one or more HIPs may be generated using the one of the plurality of HIP engines.08-19-2010
20100212017SYSTEM AND METHOD FOR EFFICIENT TRUST PRESERVATION IN DATA STORES - The invention provides a method and system for preserving trustworthiness of data, the method includes storing data on an untrusted system, and committing the data to a trusted computing base (TCB). The committing includes upon an end of a predetermined time interval, transmitting a constant size authentication data from the untrusted system to the TCB, and the TCB preserving trustworthiness of the authentication data based on performing a single hash operation of a first root and a second root of a general hash tree representing authenticated data.08-19-2010
20110239307METHOD FOR SECURING JAVA BYTECODE - The invention relates to a virtual machine. The virtual machine is set to recognize, in addition to a set of conventional bytecodes, at least one secure bytecode functionally equivalent to one of the conventional bytecodes. It is set to process secure bytecodes with increased security, while it is set to process conventional bytecodes with increased speed. The invention also relates to a computing device comprising such a virtual machine, to a procedure for generating bytecode executable by such a virtual machine, and to an applet development tool comprising such procedure.09-29-2011
20100138928APPARATUS AND METHOD FOR SHARING CONTENT BETWEEN DEVICES BY USING DOMAIN DRM - An apparatus for sharing content between devices by using a domain digital rights management (DRM) includes: a domain management unit for performing management of a domain within a specific area and registration of users and user devices; a user management unit for managing information about the users of the domain registered by the domain management unit; and a device management unit for managing domain clients of the domain registered by the domain management unit. The apparatus further includes a DRM management unit that has DRM information that supports the domain created through the domain management unit and update information about each DRM, and relays such that DRM content stored in each domain client is converted into domain DRM content and domain DRM license.06-03-2010
20100138927Apparatus and Method for Preventing Unauthorized Access to Secure Information - A computer readable storage medium includes executable instructions to process a duress command to invoke a system termination operation. The duress command may be a pass phrase with an added prefix or suffix. The duress command may be received from a menu, a dedicated key or a key sequence. The system termination operation may result in whole disk encryption. Alternately, the system termination operation may result in permanent destruction of data.06-03-2010
20100251382CONTENT REPRODUCING DEVICE AND CONTENT REPRODUCING METHOD - A content reproducing device including a communication section configured to receive license information corresponding to content data, a recording management section configured to record the license information, reproduction history of the content data, and identification information of the license information in a storage medium, a reproduction section, and a license evaluation section configured to allow the reproduction section to reproduce the content data when the reproduction history satisfies a reproduction condition specified in the license information and the identification information of the license information is recorded in the storage medium, and not to allow the reproduction section to reproduce the content data when the identification information of the license information is not recorded in the storage medium.09-30-2010
20100251379Method and System for Configuration Management Database Software License Compliance - A software license engine allows an enterprise to model software license contracts and evaluate deployment of software for compliance with the software license contracts. Deployment of software products in the enterprise is modeled in a configuration management database. The software license engine maintains a license database for connecting software license contracts with software deployment modeled by the configuration management database. Users of the software license engine may use license types that are predefined in the software license engine or may define custom license types. The software license engine may indicate compliance or non-compliance with the software license contracts.09-30-2010
20100251378Obfuscating Computer Program Code - A computer-implemented method of tamper-protecting a computer program, the method comprising: processing an input representation of the computer program to identify a function call for causing a data processing system to continue execution of the computer program at a predetermined entry point memory address when said computer program is executed by a data processing system; replacing the identified function call with a modified function call, wherein the modified function call includes an algebraic expression for causing the data processing system to compute the entry point memory address when said computer program is executed by the data processing system.09-30-2010
20080289044Apparatus, system, and method for storing DRM licenses - An apparatus, system and method for storing licenses of digital rights management (DRM) contents are disclosed. The DRM license storing apparatus, system and method save DRM licenses in a separate location of a mobile terminal or an external server, and enable license restoration even in the case of loss or replacement of the mobile terminal. The apparatus includes a memory unit for storing DRM contents; a user identification module for storing licenses of DRM contents; and a control unit for verifying, in response to a play request for a DRM content, validity of a license associated with the play-requested DRM content through communication with the user identification module.11-20-2008
20110023128INFORMATION PROCESSING DEVICE, LOCK CONTROLLING METHOD, AND LOCK CONTROLLING PROGRAM - In order to solve a problem in which the operation becomes complex when the user wants to view the data to which the lock is set, an information processing device includes lock temporal control means for bringing data which is locked into a lock canceled state based on a result of comparison between authentication request information input following a request for viewing the data and authentication information for canceling the lock, and display information creation means for creating display information to display the data brought into the lock canceled state, wherein the lock temporal control means locks the data brought into the lock canceled state again after the display information is displayed.01-27-2011
20080307528Protection of Data Delivered Out-of-Order - A basic idea of the invention is to separate ordered delivery data and unordered delivery data in a security protocol running on top of a reliable transport protocol, and perform a first type of security processing for ordered delivery data and a second different type of security processing for unordered delivery data in the security protocol. Preferably, data messages using ordered delivery and data messages using unordered delivery within a secure data stream are separated into two message sequence spaces on the security protocol layer, and data security processing is then performed differently in these two spaces. The invention is particularly suitable for a reliable transport protocol such as SCTP (Stream Control Transmission Protocol). The security protocol running on top of the transport protocol is preferably based on the TLS (Transport Layer Security) or a TLS-like protocol with a security processing extension for unordered delivery.12-11-2008
20100125914PROTECTED INFORMATION STREAM ALLOCATION USING A VIRTUALIZED PLATFORM - A protected stream manager includes one or more subsystems to receive a content stream in a virtual environment, obfuscate the content stream, and prioritize use of a processor to process the content stream.05-20-2010
20100088770DEVICE AND METHOD FOR DISJOINTED COMPUTING - A method and system are described for processing an extended information element, the extended information element being composed of a word component and a stamp component, by a computing system that can transfer the extended information element but cannot manipulate the stamp component of the extended information element. The method includes: providing a stamp processing system for manipulating the stamp component, processing a value of the stamp component by the stamp processing system, and controlling an operation on the word component based on the value of the stamp component.04-08-2010
20090328225System and Methods for Enforcing Software License Compliance with Virtual Machines - A virtualization system supports secure, controlled execution of application programs within virtual machines. The virtual machine encapsulates a virtual hardware platform and guest operating system executable with respect to the virtual hardware platform to provide a program execution space within the virtual machine. An application program, requiring license control data to enable execution of the application program, is provided within the program execution space for execution within the virtual machine. A data store providing storage of encrypted policy control information and the license control data is provided external to the virtual machine. The data store is accessed through a virtualization system including a policy controller that is selectively responsive to a request received from the virtual machine to retrieve the license control data dependent on an evaluation of the encrypted policy control information.12-31-2009
20100031363METHOD AND SYSTEM FOR USER DEFINED LOCAL STORAGE OF INFORMATION AND OBJECTS IN A VIRTUAL WORLD - The invention provides a method and system for securing information for a virtual world environment. The method includes creating information for a virtual world environment, transmitting the information to the virtual world environment from the memory, selectively removing the information from the virtual world environment, and selectively storing the information on a memory external to the server to prevent access from the server.02-04-2010
20090282488METHODS AND APPARATUS FOR A DOWNLOADABLE FINANCIAL TRANSACTION PRINTER - Method and apparatus for a downloadable financial transaction printer supporting multiple interfaces and single encoding for worldwide languages configuration. The financial transaction printer interfaces with multiple host systems and multiple gaming machine protocols, downloads application code or code patches, receives printer maintenance instructions, arbitrates print jobs received from various communication interfaces, supports worldwide languages, and utilizes firmware version consolidation whereby fewer firmware versions are required to support worldwide requirements, such as regional and jurisdictional requirements. The financial transaction printer further includes security features for gaming regulatory requirements, memory protection, and preventing the execution of downloaded code on unauthorized hardware. The financial transaction printer further includes segmented memory for content related to each communication interface, gaming machine, or host system, among others. Additionally, the financial transaction printer supports Unicode, configuration to worldwide languages, configuration to multiple protocols, and configuration to prior firmware versions for backward compatibility, among others.11-12-2009
20110067112METHOD AND APPARATUS FOR IMPORTING CONTENT - A method and apparatus for protecting digital content in a digital rights management (DRM) system are provided. The method includes: determining a usage rule for content included in a first content file based on usage constraint information included in the first content file; and generating a second content file complying with this usage rule. According to the method and apparatus, the security requirement of content creators and content providers can be satisfied and at the same time the requirement of content consumers for freer usage can be satisfied.03-17-2011
20110067110METHOD AND SYSTEM FOR HARDWARE ENFORCED VIRTUALIZATION IN AN INTEGRATED CIRCUIT - Aspects of a method and system for hardware enforced virtualization in an integrated circuit are provided. In this regard, a mode of operation of an integrated circuit may be controlled such that the integrated circuit alternates between a secure mode of operation and an open mode of operation. Various resources of the integrated circuit may be designated as open or secure, and secure resources may be made inaccessible while the integrated circuit operates in the open mode. Access to the secure resources may be controlled based on a configuration of one or more registers and/or switching elements. Resources designated as secure may comprise, for example, a one-time-programmable memory. The integrated circuit may comprise ROM and/or one-time-programmable memory that stores one or more instructions, wherein execution of the one or more instructions may control transitions between the secure mode and the open mode.03-17-2011
20100287618Executing Native-Code Applications in a Browser - Techniques for leveraging legacy code to deploy native-code desktop applications over a network (e.g., the Web) are described herein. These techniques include executing an application written in native code within a memory region that hardware of a computing device enforces. For instance, page-protection hardware (e.g., a memory management unit) or segmentation hardware may protect this region of memory in which the application executes. The techniques may also provide a narrow system call interface out of this memory region by dynamically enforcing system calls made by the application. Furthermore, these techniques may enable a browser of the computing device to function as an operating system for the native-code application. These techniques thus allow for execution of native-code applications on a browser of a computing device and, hence, over the Web in a resource-efficient manner and without sacrificing security of the computing device.11-11-2010
20100223672Systems and Methods for Managing and Protecting Electronic Content and Applications - Systems and methods are disclosed for managing and protecting electronic content and applications. Applications, content, and/or users can be given credentials by one or more credentialing authorities upon satisfaction of a set of requirements. Rights management software/hardware is used to attach and detect these credentials, and to enforce rules that indicate how content and applications may be used if certain credentials are present or absent. In one embodiment an application may condition access to a piece of electronic content upon the content's possession of a credential from a first entity, while the content may condition access upon the application's possession of a credential from a second entity and/or the user's possession of a credential from a third entity. Use of credentials in this manner enables a wide variety of relatively complex and flexible control arrangements to be put in place and enforced with relatively simple rights management technology.09-02-2010
20100223671Document checking apparatus, computer-readable recording medium, and document checking method - A document checking apparatus includes a keyword appearance position extracting unit that extracts keywords and the appearance positions of the keywords from a target document including a confidential document; a keyword pair extracting unit that treats each keyword of the appearance positions of the extracted keywords as a target and determines whether there is another extracted keyword within a predetermined range before and after the target keyword; a feature element matrix creating unit that generates, when it is determined that there is the another keyword, combination information obtained by combining the determination target keyword and the another keyword in association with anteroposterior information of the appearance positions of the keywords; and a computing unit that determines whether the number of combination information, among the plurality of combination information of the generated target document, identical to the combination information of the confidential document is not less than a predetermined value.09-02-2010
20090144832METHOD FOR PROTECTING CONTENT AND METHOD FOR PROCESSING INFORMATION - Disclosed are a method of protecting content and a method of processing information. The method of protecting content can include service related information including revocation application information of content from the outside by employing a content management and protection system, and apply or not apply a content revocation process on the content according to the revocation application information. Accordingly, whether to apply a content revocation process can be controlled according to revocation application information.06-04-2009
20080295179APPARATUS AND METHOD FOR SCREENING NEW DATA WITHOUT IMPACTING DOWNLOAD SPEED11-27-2008
20090113554MODERATION OF CHEATING IN ON-LINE GAMING SESSIONS - Methods, apparatuses, and techniques for detecting and discouraging cheating in an online game session are described. Aspects include playing an online game. During play of the game one of the players detects suspected cheating behavior by another online game player. Game information is collected about the activity of all players in the online game, the game information includes a period of the game during which the suspected cheating behavior occurred. The game information is communicated to a game cheat monitoring entity that evaluates the game information to determine if there was cheating activity, and if there was cheating activity appropriate action is taken.04-30-2009
20090113553METHOD AND SYSTEM FOR HIDING INFORMATION IN THE INSTRUCTION PROCESSING PIPELINE - A system, article of manufacture and method is provided for transferring secret information from a first location to a second location. The secret information is encoded and stalls in executable code are located. The executable code is configured to perform a predetermined function when executed on a pipeline processor. The encoded information is inserted into a plurality of instructions and the instructions are inserted into the executable code at the stalls. There is no net effect of all of the inserted instructions on the predetermined function of the executable code. The executable code is transferred to the second location. The location of the stalls in the transferred code is identified. The encoded information is extracted from the instructions located at the stalls. The encoded information may then be decoding information to generate the information at the second location.04-30-2009
20080276322INFORMATION PROCESSING METHOD, INTER-TASK COMMUNICATION METHOD, AND COMPUTER-EXECUTABLE PROGRAM FOR THE SAME - An information processing method has a mechanism wherein mutual verification is performed between tasks and a computer operating system at the time of activating tasks, thereby judging the validity of tasks. The operating system evaluates a key which the task holds at the time of requesting service of the operating system, and permits execution of services only in the event that the operating system itself has the same key.11-06-2008
20120144500METHOD AND APPARATUS FOR PROTECTING DATA USING A VIRTUAL ENVIRONMENT - The present invention relates to a method and apparatus for protecting data using a virtual environment, which creates a safe virtual environment that supports the execution of application programs being operated on a computer and which enables important data to be inputted or outputted only within the virtual environment, such that access to the important data is prevented in a general local environment. According to the present invention, data leakage is initially prevented to protect data, and convenience is provided in that a user may use the computer in a general manner while performing desired work.06-07-2012
20120144498System And Method For Mobile Identity Protection of a User of Multiple Computer Applications, Networks or Devices - An automated system and method for authenticating entities or individuals engaging in automated or electronic transactions or activities such as financial transactions, accessing computer applications, computer software, data networks or other automated or electronic devices requiring identity verification is provided. A unique Personal Identity Value is computed and stored in an Identity Register for the entity or individual and may be used for a variety of applications including recognizing incidents of identity theft. This Personal Identity Value is based on one or more computer logic resources that incorporate the relationship among a variety of identification information elements and parameters associated with the entity or individual, such as the entity's or individual's wireless device location, the entity's or individual's home location, other associated locations, automated activities engaged in and applications accessed.06-07-2012
20120144497ELECTRONIC COPYRIGHT LICENSE REPOSITORY - A content distribution system for transporting audio or video licenses between content players that use digital rights management (DRM) is disclosed. The content distribution system includes at least a second license repository and an authentication engine. The second license repository receives second information describing a second plurality of content licenses. A first license repository stores a first plurality of content licenses. The first plurality of content licenses enable use of a plurality of content objects with a first content player within confines of DRM. The second license repository is geographically distant from the first license repository. The authentication engine authorizes the second plurality of content licenses of the second license repository. The second plurality of content licenses enable use of the plurality of content objects with the second content player within the confines of DRM.06-07-2012
20090031426Method and System for Protected Distribution of Digitalized Sensitive Information - A method of protecting sensitive information in an information exchange between a first data processing system suitable to supply sensitive information and a second data processing system suitable to use sensitive information includes: selecting in the first data processing system a sub-set of sensitive information elements from a collection of digital sensitive information elements; storing the selected sub-set of sensitive information elements in a responsive software agent suitable to automatically react to information queries; submitting the responsive software agent to an information query generated by the second data processing system; and reacting or responding to the information query by the software agent based on the sub-set of sensitive information. The responsive software agent is advantageously generated in the first data processing system and transferred to the second data processing system to locally respond to the queries.01-29-2009
20090106846SYSTEM AND METHOD FOR DETECTION AND MITIGATION OF IDENTITY THEFT - An identity theft and identity repair system and method is disclosed that uses public access databases to identify changes in the records of a person to detect and mitigate attempts of identity theft against the person. Unidentified data or changes in the person's name, address, social security number or phone number are used to determine possible attempts of identity theft against the person. Once a correct baseline of a person's publicly available personal information has been established, this information baseline is used to automatically monitor the person's public records on a periodic basis, notify the person of any detected changes which may be caused by the person or an imposter in an attempted identity theft. If identity theft is suspected, the system and method initiates a detailed analysis of the person's publicly available personal information to determine the extent of the (any) identity theft. A further option of the present system and method is to initiate needed corrective repairs.04-23-2009
20090106845SYSTEMS AND METHODS FOR SECURING DATA IN AN ELECTRONIC APPARATUS - A method for securing data for an electronic apparatus includes flagging data stored in the electronic apparatus, setting a plurality of security functions corresponding to the flagged data, defining a plurality of hotkeys corresponding to the security functions, and defining a hold-down time for each of the hotkeys. In operation, a user may have to input one or more hotkeys in order to access various functions of the electronic apparatus.04-23-2009
20090106848System and method for Time Sensitive Scheduling Data privacy protection - Providing privacy protection to an entity related to the passive delivery of time sensitive scheduling data via a Time Sensitive Scheduling Data Delivery Network is described. A communications network based passive delivery of privacy protected time sensitive scheduling data is accommodated to an entity. Specific privacy protected time sensitive scheduling data from sources including originating organizations, affiliated groups of individuals, and individuals are aggregated into time sensitive scheduling data streams. Then the specific privacy protected time sensitive scheduling data streams aggregated from sources including multiple originating organizations, affiliated groups of individuals, and individuals are transmitted via the communications network to the entity. Finally the time sensitive scheduling data is presented in a manner affording privacy based on content privacy states which determine the representation of a time sensitive scheduling data item being presented.04-23-2009
20090106847System and Method for Media Rights Transfer - Systems and methods for facilitating the playback, viewing, exchange and transfer of media are disclosed. Media, either hard physical media or soft media, are provided to a depository/rights manager that associates the rights to the content of the media with the entity that provided it. Media provided to the depository/rights manager may be digitized, and the rights of the entity to that content may be verified. Once the media is stored by the depository/rights manager, entities, such as individual users, may use it, exchange it, or transfer it using, for example, computers connected to a communication network. In some embodiments, the depository/rights manager may provide an interface, such as an application programming interface (API) that allows the depository/rights manager to handle back-end legal compliance and rights tracking for third-party services and systems.04-23-2009
20090070883SYSTEM RENEWABILITY MESSAGE TRANSPORT - System renewability message data is transmitted to set top boxes, or other devices, using a transport protocol such as, for example, an Internet protocol-type data stream. In accordance with one embodiment, an Extensible Markup Language-type file is received via an Internet protocol-type transport stream. Data, which corresponds to the identities of devices that are unauthorized for the use of certain content, is selected from the Extensible Markup Language-type file. This data from the file is processed whereupon use of the content is prevented in accordance with the data.03-12-2009
20090070881METHOD AND APPARATUS FOR CONTROLLING THE PRESENTATION OF CONFIDENTIAL CONTENT - A computer implemented method and apparatus for controlling the presentation of information. In response to receiving a request to present the information, a process confirms that conditions for presentation of the information are satisfied using a set of presentation policies, wherein the conditions are specified in the set of presentation policies, and wherein the conditions comprise a status of a user and a setting of the user. The process then determines whether confidential content is present in the information. Responsive to the confidential content being present, the process redacts the confidential content before presenting the information to a user, and then updates a presentation history with metadata describing the presentation of the information comprising the confidential content.03-12-2009
20100293618RUNTIME ANALYSIS OF SOFTWARE PRIVACY ISSUES - An application may watch to see if information passes a defined trust barrier. If defined information passes a defined trust barrier, an alert may be issued. The alert may include informing a developer of the specific code section that triggered the alert.11-18-2010
20130133078SYSTEM AND METHOD FOR PERMITTING USE OF CONTENT - Apparatus, method, and computer-readable media for permitting use of content. An exemplary method comprises transmitting, while in a requester mode of operation, a transfer request message to at least one external computing devices, wherein the transfer request message indicates content to be transferred; receiving the content in accordance with a transfer right that indicates that the content is permitted to be transferred from at least one of the external computing devices, wherein the transfer right is updated based at least in part on the transfer of the content, and wherein the content is associated with a usage right, the usage right corresponding to a utilization of the content; and processing, while in a server mode of operation, a utilization request message for utilizing the content in accordance with the usage right associated with the content.05-23-2013
20130133079Systems and Methods for Data Protection - A data protection method includes identifying data indicative of a software element parameter of a software element to be protected, which may be a hash of the software element image or carrier medium image area. The method includes identifying data indicative of a medium parameter of a medium authorized to carry the software element, which may be a unique identifier embedded in a non-image area of the medium. A validation token is defined based on a predefined protocol and written to a non-image area of the medium, which token is a function of the software element parameter and medium parameter. A device for executing the software element uses the same predefined protocol to verify the token prior to allowing execution of the software element. If the software element is copied to another medium, the token is not verifiable for the copied software, thereby restricting execution of the copied software element.05-23-2013
20100306854Generating Obfuscated Data - A method for obfuscating data includes: reading values occurring in one or more fields of multiple records from a data source; storing a key value; for each of multiple of the records, generating an obfuscated value to replace an original value in a given field of the record using the key value such that the obfuscated value depends on the key value and is deterministically related to the original value; and storing the collection of obfuscated data including records that include obfuscated values in a data storage system.12-02-2010
20100306853PROVIDING NOTIFICATION OF SPAM AVATARS - The system monitors activities, movements, and other behavior patterns necessary to determine whether an avatar is a spam advertisement. A storing mechanism stores a “black list” and a black list score consisting of a list of spam avatar identifications (UUIDs) matching avatars that have been flagged as confirmed or suspected spam advertisers. Another mechanism allows the owner to redraw or otherwise re-render a distinguishing mark or other audible signature when an avatar has been detected as being a spam advertiser. Yet another mechanism signals to the owner an offending avatar that they have been added to the black list or had a report filed against them, and a reason as to why (the methods used to identify them). Another mechanism allows for a black listed avatar to be removed from the black list, and scores to be decreased and for the virtual universe and users to utilize the black list and score.12-02-2010
20100281544METHOD AND SYSTEM FOR PREVENTING UNAUTHORIZED RECORDING OF MEDIA CONTENT ON A MACINTOSH OPERATING SYSTEM - A method for preventing unauthorized recording of media content on a Macintosh operating system. The present method registers a compliance mechanism on a client system having the Macintosh operating system operating thereon. The compliance mechanism comprises a framework for validating the compliance mechanism on the client system, and a multimedia component opened by the framework. The present method uses the multimedia component for decrypting the media content on the client system. The present method also prevents decryption of the media content on the client system having the Macintosh operating system operating thereon if a portion of the compliance mechanism is invalidated.11-04-2010
20100313274IMAGE SERVER WITH MULTIPLE IMAGE CONFIDENTIALITY PORTS - Image servers, methods, software applications, and computer readable medium for retrieving images of various levels of patient anonymity via multiple image confidentiality software ports. In an image server, at least two image confidentiality software ports are provided, where each of the image confidentiality software ports is capable of providing images at a predetermined level of patient anonymity, and where the predetermined level of patient anonymity is different for each of the image confidentiality software ports.12-09-2010
20130139268AGENT APPARATUS AND METHOD FOR SHARING ANONYMOUS IDENTIFIER-BASED SECURITY INFORMATION AMONG SECURITY MANAGEMENT DOMAINS - The present invention relates to an agent apparatus and method for sharing anonymous identifier-based security information among security management domains. A plurality of security information sharing agent apparatuses respectively located in a plurality of security management domains and configured to collect security information and transmit collected security information to outside of the security management domains. Each security information sharing agent apparatus includes an identifier conversion unit for converting real name identifier-based security information into anonymous identifier-based security information by converting a real name identifier included in the security information into an anonymous identifier, and a security information communication unit for transmitting the anonymous identifier-based security information obtained by the identifier conversion unit to outside of a corresponding security management domain so that security information is shared among the plurality of security management domains.05-30-2013
20110010775PROTECTION OF INFORMATION CONTAINED IN AN ELECTRONIC CIRCUIT - A method and a circuit for protecting data contained in an electronic circuit against a disturbance of its operation, in which a detection of a disturbance conditions the incrementing or the decrementing of a counter over at least one bit, the counter being automatically reset at the end of a time period independent from the fact that the circuit is or not powered.01-13-2011
20130145473METHODS AND APPARATUS TO ANONYMIZE A DATASET OF SPATIAL DATA - Methods and apparatus are disclosed to anonymize a dataset of spatial data. An example method includes generating a spatial indexing structure with spatial data, establishing a height value associated with the spatial indexing structure to generate a plurality of tree nodes, each of the plurality of tree nodes associated with spatial data counts, calculating a localized noise budget value for respective ones of the tree nodes based on the height value and an overall noise budget, and anonymizing the plurality of tree nodes with a anonymization process, the anonymization process using the localized noise budget value for respective ones of the tree nodes.06-06-2013
20130145475METHOD AND APPARATUS FOR SECURING TOUCH INPUT - A method and apparatus for securing touch input are provided. The method includes rendering a first screen in a secure world; rendering a second screen in a non-secure world; and outputting a secured input screen by displaying the first screen as an overlay above the second screen.06-06-2013
20100333208SYSTEMS AND METHODS FOR RESOLVING CONFLICTS AND MANAGING SYSTEM RESOURCES IN MULTIMEDIA DELIVERY SYSTEMS - The invention manages resources and resolve conflicts when locally recording multimedia assets from a variety of sources in multimedia delivery systems. Local and system resources such as storage, tuners, and bandwidth are considered when alternative sources for assets are available (e.g., VOD). Rather than record assets locally, if equivalent assets are available via alternative sources, the recordings are deferred and a pointer to the equivalent asset is stored in lieu of the asset itself. When a user selects a multimedia asset for playback, an “on demand” or alternative source session is started for the asset associated with the pointer. Before the expiration date of the alternative source equivalent of the multimedia asset, it may be downloaded and recorded locally. The system may automatically determine based on various factors, such as transmission bandwidth, latency, and DRM, whether to store assets or pointers.12-30-2010
20120304303SECURITY MODEL FOR A LAYOUT ENGINE AND SCRIPTING ENGINE - Various embodiments provide an interface between a Web browser's layout engine and a scripting engine. The interface enables objects from the layout engine to be recognized by a memory manager in the scripting engine and interact in a streamlined, efficient manner. In accordance with one or more embodiments, the interface allows browser layout engine objects to be created as objects that are native to the scripting engine. Alternately or additionally, in some embodiments, the native objects are further configured to proxy functionality between the layout engine and the scripting engine.11-29-2012
20100333210METHODS AND APPARATUSES FOR SEQUESTERING CONTENT - In one embodiment, the methods and apparatuses sequester content receiving content for use in an application; review the content; automatically sequester the content from the application based on the reviewing; and form a reason associated with the sequestering the content. In another embodiment, the methods and apparatuses receive content for use with an application; determine whether the content is one of acceptable content and unacceptable content; remove the unacceptable content from the application; form an explanation for the unacceptable content; and store the unacceptable content and the explanation in an off-line storage device.12-30-2010
20100333207Systems and Methods for Auditing Software Usage Using a Covert Key - System and method for auditing for usage of licensed software in which a client executing the software generates and transmits a license key and a covert key to a server via network connection. The license key is transmitted to the server upon activation of the licensed software at the client. The covert key is generated based on at least a portion of the software code activated at the client and is transmitted to the server at random or at predetermined time intervals after transmission of the licensed key so as to avoid detection by a user. The license and covert keys are each associated with a device fingerprint that uniquely identifies the device transmitting each one of the respective keys. Unauthorized software usage at a client is determined at least when a covert key does not correspond to a device fingerprint having an associated license key.12-30-2010
20100333206Protecting a software component using a transition point wrapper - Embodiments of apparatuses, articles, methods, and systems for protecting software components using transition point wrappers are generally described herein. In one embodiment, an apparatus includes a first component, a wrapper component, and a management module. The wrapper component is to transform a transition point between the first component and a second component. The management module is to control access to the first component through the transformed transition point. Other embodiments may be described and claimed.12-30-2010
20110030065SYSTEMS AND METHODS FOR DETECTING CLONE PLAYBACK DEVICES - Systems and methods are described for aggregating information obtained from messages between playback devices and content protection systems, including but not limited to conditional access systems, downloadable conditional access systems, and digital rights management systems, that include a unique identifier and applying user modifiable rules to the aggregated information to identify abnormal behavior associated with the unique identifier including but not limited to one or more clone playback devices utilizing the unique identifier or a rogue playback device utilizing a unique identifier. One embodiment includes a plurality of playback devices connected to a headend via a network, where the headend includes at least one content protection system, and a clone monitor configured to register playback devices based upon a unique identification supplied by each playback device, when communicating with the at least one content protection system. In addition, the clone monitor is configured to aggregate information associated with each playback device over time, where the information is obtained from messages that are transmitted between the playback device and the headend and that include a unique identifier, and the clone monitor is configured to apply rules to the aggregated information to identify at least one pattern of abnormal behavior in the aggregated information associated with a specific unique identifier.02-03-2011
20090144831FORGERY-PROOF DIGITAL SOUND RECORDING DEVICE - The present invention provides a digital sound recording device that prevents data stored as digital sound data from being forged. A digital sound recording device according to the present invention includes an input unit, a storage unit, a data communication unit, a processor, and a write protection unit that is provided between the storage unit and the data communication unit, thereby preventing the write control from being performed on the storage unit by the external unit.06-04-2009
20110030066METHOD OF MANAGING SOFTWARE LICENSE CONTRACTS, SYSTEM AND INFORMATION PROCESSING APPARATUS THEREFOR, AND TARGET SOFTWARE FOR LICENSE CONTRACTS - A URL, to launch a license contract registration process, in software which requires license registration is informed to a license contract information input server which executes a process of inputting information necessary for license registration. After input of the necessary information, the license contract information input server transfers a request for license registration to the informed URL. The information necessary for license registration is inputted in accordance with a format arbitrarily created by the license contract information input server. A Web browser used by a user to operate a license contract registration process and license management target software can run on different hosts. After distribution of the target software for a license contract, information to be input by the user at the time of license contract can be changed.02-03-2011
20110247074METADATA-BASED ACCESS, SECURITY, AND COMPLIANCE CONTROL OF SOFTWARE GENERATED FILES - In embodiments of the present invention improved capabilities are described for an extensible, file-based, security system that may be used for recording, analyzing, storing, updating and evaluating metadata, such as file reputation metadata, in order to determine an appropriate access control or security control measure to implement in association with a file. In response to the generation of a file from a software program, metadata that defines access, security, and compliance reporting parameters of the generated file may be created that conform to and/or implement a corporate policy. The metadata may be used to control the access, security, and/or compliance reporting settings of the file and to require that only an approved method of using the file, or any of the file's contents, is used, and that the method and use of the file is in accord with the access, security, and/or compliance reporting parameter definitions in the metadata which embody the corporate policy.10-06-2011
20110030062VERSION-BASED SOFTWARE PRODUCT ACTIVATION - A software license for a particular version of a software product on a computing device includes both a branding identifier that identifies the particular version of the software product and component dependency information that identifies one or more aspects of the particular version of the software product. To activate a software product on the computing device, the branding identifier is compared to a portion of the software product on the computing device. If the branding identifier matches the portion of the software product, then the component dependency information is compared to one or more aspects of the software product on the computing device. If the component dependency information matches the one or more aspects of the software product then the software product is activated. Otherwise, the a license state of the software product is kept unchanged.02-03-2011
20110030063APPARATUS FOR SETTING AN EMAIL SECURITY AND METHOD THEREOF - An apparatus for setting an email security and method thereof are displayed. The present invention includes receiving an email from a email server, deleting partial information of the email according to a security level of the email, and displaying the partial information deleted email.02-03-2011
20110035806TIME BASED CONTENT MANAGEMENT FOR DISCONNECTED DEVICES - Systems and methods for time based management of digital content used with electronic devices lacking a connection to a common reference time keeping device are provided. Timing calibrations are used that, when applied to times measured by such disconnected electronic devices, allow the devices to calculate modified time measurements that are approximately equal to that of the reference time keeping device. The calibration time and other calibration information for the disconnected electronic devices may be stored by a digital content service and conveyed with digital content transferred from the digital content service to the disconnected electronic devices via portable data storage devices. In this manner, digital content may be consumed by a user on a plurality of disconnected electronic devices without violating license agreements associated with the digital content.02-10-2011
20110035805SYSTEMS AND METHODS FOR EFFICIENT DETECTION OF FINGERPRINTED DATA AND INFORMATION - The disclosed embodiments provide systems, methods, and apparatus for efficient detection of fingerprinted content and relate generally to the field of information (or data) leak prevention. Particularly, a compact and efficient repository of fingerprint ingredients is used to analyze content and determine the content's similarity to previously fingerprinted content. Some embodiments employ probabilistic indications regarding the existence of fingerprint ingredients in the repository.02-10-2011
20110041186DIGITAL RIGHTS MANAGEMENT USING TRUSTED TIME - A method for monitoring time so that the use of protected content can be controlled includes receiving a trusted time value from a trusted authority external to a client device. When the client is no longer in communication with the trusted authority, the previously-received trusted time value is updated by use of the client's operating system counter so that a calculated trusted time value is derived for content license evaluation purposes.02-17-2011
20110041187INFORMATION PROCESSING DEVICE - It is possible to reduce the danger of information leak caused by remaining cache data. An information processing device (02-17-2011
20110041185Obfuscating identity of a source entity affiliated with a communique directed to a receiving user and in accordance with conditional directive provided by the receiving user - A computationally implemented method includes, but is not limited to: receiving one or more conditional directives from a receiving user, the one or more conditional directives delineating one or more conditions for obfuscating identity of a source entity affiliated with one or more communiqués directed to the receiving user; and presenting at least a second communiqué in response to at least a reception of a first communiqué affiliated with the source entity and in accordance with the one or more conditional directives, the second communiqué being presented in lieu of presenting the first communiqué. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.02-17-2011
20110041188METHOD AND SYSTEM FOR PROTECTION OF COMPUTER APPLICATIONS AND SOFTWARE PRODUCTS AGAINST UNAUTHORIZED COPYING - A method, system, and computer program product for protection of an application or program, including making secret a command or commands that are normally fixed in an operating system (OS) and/or a Basic Input/Output System (BIOS); generating values or names for the command or commands; providing legitimate users and/or devices with the generated values or names for the command or commands for enabling receiving services from the kernel, OS, and/or the BIOS; translating the generated values or names for the command or commands via a translation mechanism provided between an application or program and the kernel, OS, and/or BIOS for enabling receiving services from the kernel, OS, and/SEND or the BIOS; and modifying, changing, and/or replacing the generated values or names employed for the command or commands in the kernel, OS, and/or BIOS.02-17-2011
20110047622SYSTEM AND METHOD FOR CALL PATH ENFORCEMENT - Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters.02-24-2011
20110119766METHOD, DEVICE AND SYSTEM FOR PROTECTING SOFTWARE - The invention, related to information security field, discloses a method for protecting software, and device and system thereof. The method includes that a security device is connected with a terminal device; the security device receives service instruction, determines whether the clock inside the security device is activated, reads the current time of the clock and determines whether the current time is valid; if so, the security device executes the service instruction and returns the executing result to the terminal device; otherwise, the security device returns false result to the terminal device. The invention provides more secure service to the protected software, meanwhile, extends lifetime of the security device.05-19-2011
20110131662INFORMATION PROCESSOR AND LOCK SETTING METHOD - According to one embodiment, an information processor includes a checker and a lock enabling module. The checker checks whether each of different types of lock mechanisms is enabled. When the lock mechanisms include an enabled lock mechanism, the lock enabling module enables a lock mechanism other than the enabled lock mechanism.06-02-2011
20110131661METHOD AND SYSTEM FOR PROTECTION OFUSER INFORMATION REGISTRATIONS APPLICABLE IN ELECTORAL PROCESSES - The present invention describes a method and system for protecting the integrity and authorship of a piece of registration information of the user, applicable in voter information registration, by means of biometric techniques. To that end, after a first stage of entering a piece of registration information, a second stage of protecting the integrity of the registration information is implemented. In this second stage, an item of integrity proof of said information is generated and said item of integrity proof is displayed to the user who wishes to protect it. In a third stage of generating an item of non-repudiation proof of the registration information, an item of biometric proof of the user which contains the item of integrity proof displayed is obtained, an item of non-repudiation proof is constructed from said item of biometric proof, and finally the item of non-repudiation proof is stored.06-02-2011
20110131660Methods and Apparatus for Transfer of Content to a Self Contained Wireless Media Device - Systems and techniques for transferring data to a storage device. A storage device includes storage, a processor, and a wireless transceiver, as well as a connector allowing the storage device to operate according to an appropriate standard when connected to a playback or data device. The storage device can communicate with a data transfer station to wirelessly receive data from the station. A user may select data to be transferred to a removable media device, and the station transfers the data over a wireless connection. The removable media device stores the data in memory as it is received. Once the data has been received, the data can be played or otherwise used in any playback or data device to which the storage device may be connected for use as a memory device.06-02-2011
20100146632REPRODUCTION RULE EVALUATION DEVICE, REPRODUCTION RULE EVALUATION METHOD, RECORDING MEDIUM AND PROGRAM - When a viewer views content, it is reproduced by a reproduction procedure depending on a dynamic condition set in the content. Here, a content object data input unit obtains an externally-input content object. The content object is stored in a content object data retention unit, if necessary. The content object includes a reproduction rule and a content data. A reproduction rule evaluation and execution unit obtains the reproduction rule in the content object and performs processing in accordance with the reproduction rule. The reproduction unit reproduces a reproducible data specified by the reproduction rule evaluation and execution unit. An identifier management unit retains an identifier of a content object reproduction device and provides the identifier upon request. It is thus possible to reproduce in accordance with the reproduction rule set in the content object data and to control the reproduction procedure depending on the dynamic condition.06-10-2010
20100146629CONTENT PROTECTION SYSTEM COMPATIBILITY IN HOME NETWORKS - In a first embodiment of the present invention, a method for performing digital rights management (DRM) for a media item in a device in a home network is provided, the method comprising: retrieving a content directory service (CDS) item for the media item, wherein the CDS item includes a pointer to a rights token and metadata regarding a DRM Interoperability Solution (DIS); determining if the rights token must be downloaded by examining the metadata regarding the DIS; and downloading the rights token by following the pointer if it is determined that the rights token must be downloaded.06-10-2010
20110214188SOFTWARE WATERMARKING TECHNIQUES - A method and system for watermarking software is disclosed. In one aspect, the method and system include providing an input sequence and storing a watermark in the state of a software object as the software object is being run with the input sequence. In another aspect, the method and system verify the integrity or origin of a program by watermarking the program. The watermark is stored as described above. In this aspect, the method and system also include building a recognizer concurrently with the input sequence and the watermark. The recognizer can extract the watermark from other dynamically allocated data and is kept separately from the program. The recognizer is adapted to check for a number. In another aspect, the software is watermarked by embedding a watermark in a static string and applying an obfuscation technique to convert the static string into executable code. In another aspect, the watermark is chosen from a class of graphs having a plurality of members and applied to the software. Each member of the class of graphs has at least one property that is capable of being tested by integrity-testing software.09-01-2011
20090100526PORTABLE COMPUTER AND SECURITY OPERATING METHOD THEREOF - A portable computer and security operating method thereof are provided to secure the portable computer in a power-off mode. The portable mainly includes a computer host, a system BIOS (Basic Input/Output System), an EC (Embedded Controller), an EC BIOS, one or more input device and a power device, all of which are in bus connection or circuit connection with each other. The EC includes a KBC (Keyboard Controller) and remains activated when the portable computer is in the power-off mode. Meanwhile, the EC is adapted so that in the power-off mode of the portable computer and upon receipt of a security signal, the EC executes a power-off-mode security routine of the EC BIOS to lock the portable computer in the power-off mode.04-16-2009
20110088098ELECTRONIC DEVICE AND COPYRIGHT PROTECTION METHOD OF AUDIO DATA THEREOF - An electronic device stores audio data and digital right information, determines zero crossing rate of the audio data store in the memory module. The zero crossing rate is embedded in the audio data and indicates a rate at which the voltage of the audio data changes from positive to negative or back during a time period, the electronic device then reads the audio data, and searches special audio data in the audio data. The audio data with the zero crossing rate more than a constant is defined as the special audio data. The electronic device reads the digital copyright information, and writes the digital copyright information into the special audio data.04-14-2011
20100212016CONTENT PROTECTION INTEROPERRABILITY - Various embodiments provide content protection interoperability techniques which support secure distribution of content for multiple content protection technologies. In one or more embodiments a source digital rights management (DRM) system can associate trust data with content to be exported to a target digital rights management (DRM) system. The trust data describes a trust state for the content to enable the target DRM system to maintain the trust state for the exported content. In at least some embodiments, the source DRM system can also associate tracing data with the content to, in the event of a breach in the chain of trust, enable an identification to be made of a source of the exported content and/or a party responsible for exporting the content.08-19-2010
20100132046Electronic Circuit for Securing Data Interchanges Between a Computer Station and a Network - The present invention relates to an electronic circuit for securing data interchanges between a computer station and a network, said circuit comprising a first network interface connected to said network, said circuit comprising at least a second network interface connected to a network interface of said computer station, a unit for processing data passing between the first network interface and the second network interface, an interface for connection to an internal bus of the computer station suitable for electrically connecting the power supply, said electronic circuit not comprising any means of transferring processed data with the bus of said station. The invention applies in particular to the protection of personal computers handling confidential data.05-27-2010
20100132045APPARATUS AND METHOD FOR RIGHT MANAGEMENT OF DIGITAL CONTENTS - Disclosed is an apparatus for right management of digital contents includes: a digital right manager that creates a usage right of digital contents on the basis of received right information; and a contents manager that provides the digital contents in accordance with the created usage right, wherein the contents manager includes a contents packing unit that receives the usage right created from the digital right manager, and extracts and packages components of the digital contents in accordance with the usage right, and a contents providing unit that receives packaged digital contents created from the contents packaging unit and provides the digital contents to a contents using device.05-27-2010
20100132044Computer Method and Apparatus Providing Brokered Privacy of User Data During Searches - Computer method and apparatus brokers and provides user data in a computer network of users. The invention system stores user data of the users. A search engine enables a searching user to query the stored user data and maintain anonymity of the users. The invention system brokers the query/search results. Each user whose stored user data matches the query maintains stewardship or control over the exposure of her/his user data. An output unit displays to the searching user the matching user data as brokered through (approved and optionally edited by) the respective user.05-27-2010
20090031427DEVICE, SYSTEM, AND METHOD OF DIGITAL RIGHTS MANAGEMENT UTILIZING SUPPLEMENTAL CONTENT - Device, system, and method of digital-rights-management (DRM). In some embodiments, a device may include a DRM agent to manage the utilizing of a content object including secured digital content based on a rights object related to the content object, wherein based on at least one restriction defined in the rights object, the agent is to cause the device to present supplemental content of at least one supplemental content object when the content object is utilized. Other embodiments are described and claimed.01-29-2009
20090031425METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR DETECTING ALTERATION OF AUDIO OR IMAGE DATA - Using metadata to detect alteration of data. A first set of metadata characteristics including at least one respective semantic description are recorded for a first set of data representing original data. A second set of metadata characteristics including at least one corresponding semantic description are recorded for a second set of data representing data under test. The first and second sets of metadata characteristics are compared. If the first and second sets of metadata characteristics are not identical, these sets are processed to identify locations in the first set of data that have been altered. Using the at least one semantic description for the first set of data and the at least one corresponding semantic description for the second set of data, one or more metadata characteristics that have changed from the first set of data to the second set of data are identified.01-29-2009
20090031424Incomplete data in a distributed environment - Techniques for seeding data among client machines, also referred to as boxes herein, are disclosed. To prevent the data distributed among the boxes from being illegitimately accessed or possessed, according to one aspect of the present invention, at least one of the data segments for a title cached locally in the boxes is made to miss some data portions that are stored separately. Essentially, the data segments are unusable without these data portions. When the title is ordered and an ordering box is authenticated, these data portions are then provided to complement the data segments so that a playback of the title becomes possible.01-29-2009
20090249485Techniques for Capturing Identifying Information on a Device User - A technique for identifying a user of a device includes receiving a tracking mechanism trigger and capturing (e.g., periodically) identifying information on the user of the device in response to the trigger.10-01-2009
20090265788METHOD AND DEVICE FOR THE PSEUDONYMIZATION OF DIGITAL DATA - A system and method for pseudonymizing digital data records sent from a source system to a destination system, using an identity protector client system and an identity protector master system, includes the steps of receiving, at the identity protector client, person-specific data from a source system provided with a source identifier. The digital data records are pre-pseudonymized by the identity protector client, and the processed digital data records are marked with a source identifier which references the source file in the source system. The pre-pseudonymized digital data records are transmitted to the identity protector master. For every data record, a pseudonym is created by the identity protector master from the pre-pseudonym, the source identifier, and at least one other value generated from an erratic value and a time value. The pseudonym is transmitted to the destination system.10-22-2009
20100031368TAMPER DETECTION METHOD AND DATA STORAGE DEVICE USING THE SAME - A tamper detection method and a data storage device using the same are provided. The tamper detection method includes sensing a value of pressure applied to a data storage device using a pressure sensor, comparing the sensed pressure value with an initial pressure value sensed at an initial operation time of the data storage device, and detecting malicious tamper by comparing a threshold pressure value varying with the number of loads applied to the data storage device when the sensed pressure value is smaller than the initial pressure value.02-04-2010
20090328232Systems, Methods, and Program Products For Secure Code Execution - Methods, program product, and systems for providing tamper-resistant executable software code are provided to enable software code transport, storage, and execution security by formatting all instructions to use operand indirect addressing, resulting in an indirect table for each operand position, or field, in the instruction set. That is, rather than each instruction including an operand, each instruction includes an index to the location of the value of the operand in an indirect table. The methods, program product, and systems can also implement a non-typical instruction fetch associated with a program counter and a sequentially stored vector table, or jump table, to retrieve the next sequential instruction (“NSI”). Following rearranging or scrambling or encoding of the executable code, the code can be loaded and executed directly in scrambled form using the jump table, but cannot be meaningfully disassembled, nor executed properly, without the jump table to resolve the NSI.12-31-2009
20100064371METHOD AND APPARATUS FOR PREVENTION OF TAMPERING, UNAUTHORIZED USE, AND UNAUTHORIZED EXTRACTION OF INFORMATION FROM MICRODEVICES - The present invention considers a method and an apparatus where a secure stand-alone microdevice or a microdevice as part of a larger processing device is arranged for prevention of tampering, unauthorized use, and unauthorized extraction of information from one or more information containing regions of the secured microdevice by controlled obliteration of the information in the information containing region. The method implements control protocols and hardware which monitor the conditions of secured microdevices and generate commands to trigger said controlled obliteration of information; establishes a local energy storage device which stores energy to be used to perform said controlled obliteration of information; establishes localized controlled release of the stored energy from the local energy storage device and at least partial deposition of the stored energy in the proximity of the information containing regions of the secured microdevices upon generation of a command to trigger said controlled obliteration of information; and maintains conditions for controlled release of the energy stored in the local energy storage upon generation of a command to trigger said controlled obliteration of information for the duration of time necessary to achieve desired controlled obliteration of said information.03-11-2010
20090217384License Auditing for Distributed Applications - The provided software application includes a module that determines a machine fingerprint of a client device at an appropriate time, such as during initial software load on the client. The fingerprint may comprise various machine-determinable measures of system configuration for the client. Each application copy may be associated with a serial number. A license host may collect serial number, fingerprint and/or IP address information from clients on which the application is installed. The host may generate a map of application installations, including geographic locations of installations and number of unique serial numbers per client in specified regions.08-27-2009
20090217383LOW-COST SECURITY USING WELL-DEFINED MESSAGES - Well-defined messages may be transmitted from a sending device to a recipient device in order to reduce the processing and resource requirements imposed by the security semantics of general message standards. The well-defined messages may include an expression of a collective intent of the security semantics included in the message. The expression of the security semantics within the message simplifies the discovery process for devices processing the message. The well-defined message may also require that any intermediary devices that process the well-defined message as it is transmitted from the sender device to the receiver device follow the expressed collective intent of the security semantics. If an intermediary device cannot understand or adhere to the expressed intent, the well-defined message must be rejected.08-27-2009
20090217382METHOD AND PROCEDURE TO AUTOMATICALLY DETECT ROUTER SECURITY CONFIGURATION CHANGES AND OPTIONALLY APPLY CORRECTIONS BASED ON A TARGET CONFIGURATION - A method for maintaining router security configuration files, a method for detecting unauthorized changes to router security configurations and a network controller. In one embodiment, the method for maintaining includes: (1) generating a target-delta file having commands needed to make identified data blocks of a baseline file functionally equivalent to corresponding data blocks of a target file, wherein the identified data blocks are functionally different from the corresponding data blocks of the target file and (2) changing a router security configuration field file by applying the target-delta file thereto.08-27-2009
20100058479Method and system for combating malware with keystroke logging functionality - A method is carried out by a computer system for combating malicious keystroke-logging activities thereon. An operation is performed for generating a plurality of fake keystroke datasets that are each configured to resemble a keystroke dataset generated by keystrokes made on an input device of the computer system while entering sensitive information of a prescribed configuration. An operation is performed for receiving an instance of the sensitive information instance of the prescribed configuration concurrently with generating the fake keystroke datasets. Receiving the sensitive information instance includes a user of the computer system entering the sensitive information instance by performing keystrokes on the input device of the computer system such that a real keystroke dataset corresponding to the sensitive information instance is generated. An operation is performed for embedding the real keystroke dataset within at least a portion of the fake keystroke datasets after receiving the sensitive information instance.03-04-2010
20100071069IMAGE FORMING APPARATUS, LICENSE DETERMINATION METHOD, AND COMPUTER-READABLE RECORDING MEDIUM THEREOF - An image forming apparatus capable of executing an application formed by a plurality of program modules is disclosed, including: a correspondence information storing part, a determination part, and a boot control part. A correspondence information storing part stores correspondence information corresponding to the plurality of program modules and a plurality of sets of license data for the application. A determination part determines whether to permit or deny activation based on the license data corresponded to the correspondence information for each of the program modules included in the application. A boot control part activates one or more program modules which are permitted to be activated by the determination part.03-18-2010
20100071068METHOD AND COMMUNICATION SYSTEM FOR THE COMPUTER-AIDED DETECTION AND IDENTIFICATION OF COPYRIGHTED CONTENTS - Disclosed is a method for the computer-aided detection and identification of copyrighted contents that are exchanged between at least two computers in a communication network, especially in peer-to-peer networks. Said method comprises the following steps: —first data packets that arc specified according to an execute command and are analyzed regarding at least one first criterion are fed to a first computer (PAT), first and second parameters being determined from the data packets meeting the at least one first criterion; —the first computer (PMT) determines the first data packets encompassing the second parameter from all first data packets that are fed to the first computer (PAT) and transmits said data packets to a second computer (FP); —a third computer (CRAW) sends at least one inquiry message for detecting data with copyrighted contents to the communication network, said third computer (CRAW) receives reply messages in reaction to the at least one inquiry message and requests second data packets meeting at least one second criterion from the communication network and analyzes the same, third and fourth parameters being determined from the data packets meeting the at least one second criterion; —the third computer (CRAW) determines the second data packets encompassing the fourth parameter from all second data packets that are fed to the third computer (CRAW) and transmits said data packets to the second computer (FP); —the first computer (PAT) transmits the first parameters to the third computer (CRAW) in order for said first parameters to be used in the second criteria; and—the computer (CRAW) transmits the third parameters to the second computer (PAT) in order for said third parameters to be used in the first criteria.03-18-2010
20100071070Managing Sharing of Media Content From a Server Computer to One or More of a Plurality of Client Computers Across the Computer Network - Improved techniques to manage or restrict sharing of media assets over a network are disclosed. A server computer having media assets can permit one or more clients to receive access to such media assets over a computer network. However, the access to such media assets can be restricted based on numerical limits as well as temporal limits. The media assets can, for example, be digital media assets, such as audio items (e.g., audio files, including music or songs), videos (e.g., movies) or images (e.g., photos).03-18-2010
20100064372METHODS AND SYSTEMS TO IMPLEMENT FINGERPRINT LOOKUPS ACROSS REMOTE AGENTS - The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the protect agents transmit fingerprints associated with the user's information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.03-11-2010
20100058478SOFTWARE ANTI-PIRACY PROTECTION - Licensing aspects of vendor software packages can be protected with reduced user interaction and effort by automating licensing exploit identification, and if allowed, exploit correction. Automating licensing exploit detection ensures that known exploits are more quickly and efficiently discovered to help maintain genuine software status. Minimizing user interaction in licensing exploit detection and correction involves less disruption to users and generally supports increased user satisfaction with vendor software package usage.03-04-2010
20100058480INFORMATION MANAGEMENT IN DEVICES WORN BY A USER - An implantable medical device that is physically connectable to the body of a user has an information manager that manages sensitive information associated with the user or the device. A sensor is connected to the device that senses whether the device is physically connected to the body of the user, and generates a signal indicating whether the device is actually connected to the body of the user. The information manager is connected to the sensor, and is responsive to the sensor signal so as to perform information managing functions based on the signal. Among other things, fraudulent retrieval of sensitive data from the device is prevented if the device is not connected to or implanted in the body of the user.03-04-2010
20100058477SYSTEM AND METHOD FOR REVISING BOOLEAN AND ARITHMETIC OPERATIONS - Disclosed herein are systems, methods, computer readable media and special purpose processors for obfuscating code. The method includes extracting an operation within program code, selecting a formula to perform the equivalent computation as the extracted operation, and replacing the extracted operation with the selected formula. The formula can be selected randomly or deterministically. The extracted operation can be an arithmetic operation or a Boolean operation.03-04-2010
20100071067PROGRAM FOR RESOURCE SECURITY IN A DATABASE MANAGEMENT SYSTEM - An inventive method is presented for resource security in a database management system having a plurality of resources, the method comprising creating a macro and a corresponding data section definition (DSECT) defining security for each resource, assembling all of the DSECTs into a load module, processing the load module to obtain source code, and assembling the source code, such that changing the source code of one resource modifies the defined security of the resource and adding new source code to the source code adds a new resource having security to the plurality of resources. The processing step can comprise loading the load module, reading a DSECT having a total number of resources, and, for each resource of the total number of resources, reading a next DSECT, finding the defined security in the next DSECT, and obtaining the source code associated with the defined security.03-18-2010
20110088097SYSTEM AND METHOD FOR PREVENTING DELIVERY OF UNSOLICITED AND UNDESIRED ELECTRONIC MESSAGES BY KEY GENERATION AND COMPARISON - A sending device prepares a key for each electronic message sent by the device by applying an algorithm to specified data in the message and then incorporates the key in the message. A receiving device, upon receipt of an electronic message, locates the incorporated key and the data from which a sending device practicing the invention would have prepared it. The receiving device communicates a confirmation request to the purported sending device which contains the key and the data for its preparation. The sending device receives the confirmation messages and prepares a comparison key by applying the algorithm to the data in the confirmation request. The sending device replies to the confirmation request confirming that the sending device sent the message if the comparison key matches the key in the confirmation request and otherwise responds with a denial.04-14-2011
20110107429SYSTEM AND METHOD FOR MANAGING ACCESSIBILITY TO REAL OR VIRTUAL OBJECTS IN DIFFERENT LOCATIONS - A system (S), dedicated to managing accessibility to objects in different locations (L05-05-2011
20110083192IMAGE PROCESSING APPARATUS, CONTROL METHOD THEREOF, AND COMPUTER-READABLE STORAGE MEDIUM - An apparatus includes a data reception unit configured to receive print data containing a first password including a password corresponding to at least a printing request of the print data and store the print data; an encryption determination unit configured to determine, when an external apparatus makes a printing request of the print data, whether the print data has been encrypted; a password request unit configured to make, when the print data is determined to have been encrypted, an input request of a second password to the external apparatus; a password collation unit configured to collate the password corresponding to the printing request of the print data with the second password input by the external apparatus; and a data analysis unit configured to analyze the print data based on a result of the collation of the password corresponding to the printing request of the print data with the second password.04-07-2011
20110252480SECURE STORAGE AND RETRIEVAL OF CONFIDENTIAL INFORMATION - A secure information storage management system may securely manage the storage of confidential information. A randomizer module may randomly generate a schema that specifies a random number of pieces, a random size for each piece, a random sequence for the pieces, and/or a random location where each piece is to be stored. The randomizer module may divide the confidential information into pieces that collectively constitute the confidential information in conformance with the schema. A storage management module may cause each piece of confidential information to be stored at a different, non-contiguous storage location. When present, the storage management module may cause each piece to be stored at the location for it that is specified in the schema.10-13-2011
20110093958Secure Data Storage Apparatus and Method - More and more personal or confidential information is stored in storage devices such as but not limited to, laptops, cell phones or USB keys, which are mobile per essence. Due to their mobility, such devices tend to be left unattended or even be lost, compromising the security of the data. This invention is a method to prevent access to the data on a mobile storage device when the intended recipient or user is not in closed range. The invention relies on the use of wireless communication protocol such as but not limited to RF, Bluetooth or Wi-fi to pair a security device with the storage device to enable its functionality. When the security device is not in communication range of the storage device, the data is made inaccessible. A data storage device may include a wireless communication interface used to secure the data, wherein the data storage is partitioned, with each partition having a different security profile.04-21-2011
20110093957METHOD AND SYSTEM FOR ADMINISTERING A SECURE DATA REPOSITORY - A method, system and computer program product for administering a secure data repository. Rather than using a specific database, an application may use an existing hierarchical file structure, such as provided by conventional operating systems, to store structured data in a number of files. To detect unauthorized, malicious or inadvertent changes to these files, either within one or more files, or by deletion, replacement or movement of files in their entirety, each file incorporates a last change timestamp and the contents of the file are digitally signed. Furthermore, every file in the secure repository is logged in an index file together with its respective change date stamp, and the index file as a whole is also digitally signed. Unauthorized changes can be identified by comparison of the file date stamps with the content of the index as well as verifying the validity of each digital signature.04-21-2011
20110088096SYSTEMS AND METHODS FOR LICENSE ENTITLEMENT KEY DISTRIBUTION - The present disclosure relates to systems and methods for the distribution of license entitlement keys utilizing a small form-factor pluggable (SFP) transceiver. An SFP transceiver may be utilized in connection with a communication device that transmits data according to a variety of communication protocols. In various embodiments, the license entitlement keys may be generated using an SFP configuration value stored in machine-readable storage medium in the SFP transceiver. The SFP configuration value may be an input, together with other values associated with the SFP transceiver and a secret key in order to generate a license entitlement key. The secret key may be stored in the communication device, and may be stored in such a manner so to not be externally readable. In certain embodiments, configuration settings may be tied to the license entitlement key.04-14-2011
20110083191Author Signatures for Legal Purposes - Methods and apparatus, including computer program products, implementing and using techniques for establishing trust in an electronic document. An electronic document is received. State dependent content in the electronic document is identified. The state dependent content is content that is renderable to have a several appearances. The electronic document is presented to a user, which includes disclosing the presence of any identified state dependent content in the electronic document.04-07-2011
20110083190SYSTEM AND METHOD FOR DATA LEAKAGE PREVENTION - According to one embodiment, a method for securing information includes detecting an access to sensitive data and determining user information associated with the access to sensitive data. The method also includes determining a unique user identifier associated with the user information. In addition, the method includes comparing the access to sensitive data to a policy utilizing the unique user identifier. Further, the method includes determining that the access to sensitive data violates the policy in response to comparing the access to the policy. The method also includes recording an entry in response to determining that the access to sensitive data violates the policy.04-07-2011
20110083189SYSTEM AND METHOD FOR ENFORCING DIGITAL RIGHTS MANAGEMENT RULES - A method for enforcing digital rights management (DRM) rules in a first device is disclosed. In the method the first device receives a message that includes a rights object (RO) having a digital signature, directly from a source device. The first device determines an identity of a signing entity from the message including the RO having the digital signature. The signing entity is an entity that digitally signed the RO. The first device processes the message including the RO having the digital signature using the identity of the signing entity and an information state to enforce DRM rules in the first device.04-07-2011
20110072518AUTOMATED SCREENING OF CONTENT BASED ON INTELLECTUAL PROPERTY RIGHTS - Systems and methods automatically scan content, such as advertisements, for a list of terms and/or phrases that may not be allowed in the content. In one implementation, the terms and/or phrases include trademarks. In this implementation, incoming advertisements may be automatically scanned for the presence of trademarks.03-24-2011
20110252481METHOD AND DEVICE FOR SECURELY TRANSFERRING DIGITAL DATA - A device is provided for securely transferring digital data between at least one first computer system and at least one second computer system, including a controller that connects to at least one data store, a first transfer device connected to the controller and that receives the digital data from the first computer system and sends the data to the controller, a second transfer device connected to the controller and that receives the digital data from the controller and sends the data to the second computer system, and which is managed independently from the first transfer device. A corresponding transfer method and media containing a computer program are also provided.10-13-2011
20110258704STREAMING INSERTION OF TOKENS INTO CONTENT TO PROTECT AGAINST CSRF - Methods and apparatus are provided for protecting against cross-site request forgeries (CSRFs) by requiring certain requests submitted to a computer server to include specific tokens. The requests involve modification of or access to protected data, and the tokens are inserted by a state machine into content from which the requests are initiated. For example, content that includes a form, a hyperlink, a scripted request or other control for initiating a follow-on request to the server is modified to include tokens. The state machine may scan the content in real time (e.g., as it is served) to identify these controls and to insert the tokens. Using a state machine allows the content to be streamed even as it is scanned, does not require construction of a representation of the content (e.g., a DOM tree), and avoids modifying any of the content other than to insert one or more tokens.10-20-2011
20110061106METHOD AND COMMUNICATION DEVICE FOR PROTECTING A USER'S PRIVACY - A method for protecting a user's privacy, wherein the user operates a communication device capable of processing context and wherein the user provides context information—real context—related to one or more reference context variables to a third party, is characterized in the steps of faking at least one of the one or more reference context variables, on the basis of the faked reference context variable, gathering real context information—decoy context—related to reference context variables other than the faked reference context variable, publishing the thus generated decoy context instead of the user's real context. In addition, a corresponding communication device is disclosed.03-10-2011
20100313273Securing or Protecting from Theft, Social Security or Other Sensitive Numbers in a Computerized Environment - Use of a database/website or similar system, to store identification or other sensitive numbers, together with email addresses or other contact data in a linked association, for remote access by an organization to initiate usage notification to the true owner of the number collected, and to check a Fraud Alert status or similar setting for the number, and to compare the email address or other contact data obtained from a customer, not to include a PIN, to data stored in the database with the number collected, all of which, depending on the data components entered, will achieve deterrence of identity theft, rapid notification of number usage, rapid communication of a fraud alert or similar status, success or failure in obtaining or establishing an acceptable level of certainty that the customer is the true owner of the number, and a locking/unlocking capability for the number owners within the system domain.12-09-2010
20110041184METHOD AND APPARATUS FOR PROVIDING ANONYMIZATION OF DATA - A method and apparatus for providing an anonymization of data are disclosed. For example, the method receives a request for anonymizing, wherein the request comprises a bipartite graph for a plurality of associations or a table that encodes the plurality of associations for the bipartite graph. The method places each node in the bipartite graph in a safe group and provides an anonymized graph that encodes the plurality of associations of the bipartite graph, if a safe group for all nodes of the bipartite graph is found.02-17-2011
20110041183SYSTEM AND METHOD FOR CALL REPLACEMENT - Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating a function call. The method receives a computer program having an annotated function and determines prolog instructions for setting up a stack frame of the annotated function and epilog instructions for tearing down the stack frame. The method places a first portion of the prolog instructions in the computer program preceding a jump to the annotated function and a second portion of the prolog instructions at a beginning of the annotated function. The method places a first portion of the epilog instructions at an end of the annotated function and a second portion of the epilog instructions in the computer program after the jump. Executing the first and second portions of the prolog instructions together sets up the stack frame. Executing the first and the second portions of the epilog instructions together tears down the stack frame.02-17-2011
20110035804Appliance-based parallelized analytics of data auditing events - Data auditing involves capturing, filtering, processing and analytics of real-time data transactions. As such, data auditing imposes a heavy burden of processing in the fast path, which cannot afford to slow down. Unfortunately, most processing incurred in traditional data auditing fast paths has been serial, leading to bottlenecks or scaling issues. This disclosure addresses this problem by developing a fast path where both lower and upper stacks of data auditing are analyzed and exploited for potential parallelism. A fully-parallelized analytics fast path could deliver 25-200% speed-up of throughput relative to a serial fast path, depending on the specific conditions.02-10-2011
20110030064DATA MASK SYSTEM AND DATA MASK METHOD - A data mask system includes a processor providing control signals including a command signal, an address signal, and a data signal, a data mask processor receiving the control signals and providing either write data or masked data in response to the control signals, and generating data mask information and a data mask selection signal from at least one of the control signals, and a data mask register unit receiving the data mask selection signal, storing the data mask information, selecting a subset of the stored data mask information in response to the data mask selection signal, and returning selected data mask information to the data mask processor. The data mask processor receives the selected data mask information from the data mask register unit and provides the masked data as a result of performing a data mask operation on the data signal according to the selected data mask information.02-03-2011
20100325735System and Method for Software Activation - A system and related method for activating use of software on a computing device utilizes a license server configured so that, responsive to a communication link being available between the license server and the computing device, the license server receives from the computing device, via the communication link, an activation request including (a) a software identifier identifying the software, (b) a device identifier identifying the computer, and (c) a license key for the software, accesses a database storing previously received software identifiers, device identifiers, and license keys, determines an activation instruction through application of a usage policy that compares the activation request to records within the database, and sends the activation instruction to the computing device.12-23-2010
20100325732Managing Keys for Encrypted Shared Documents - A system administrator, while logged into a system-administrator account, creates and configures a key-administrator account and a member account. A key administrator, while logged into said key-administrator account, creates a group private key, a group public key, and a group symmetric key, a member private key, and a member public key. The key administrator encrypts the group private key with the group symmetric key, and encrypts said group symmetric key with the member public key. A publisher encrypts a document using the group public key. The publisher distributes the resulting encrypted group document so that it is accessible via said member account but not through said key-administrator account.12-23-2010
20130160136DATA SECURITY IN A MULTI-NODAL ENVIRONMENT - A data security manager in a multi-nodal environment enforces processing constraints stored as security relationships that control how different pieces of a multi-nodal application (called execution units) are allowed to execute to insure data security. The security manager preferably checks the security relationships for security violations when new execution units start execution, when data moves to or from an execution unit, and when an execution unit requests external services. Where the security manager determines there is a security violation based on the security relationships, the security manager may move, delay or kill an execution unit to maintain data security.06-20-2013
20130160135METHOD AND APPARATUS FOR PERFORMING DOWNLOADABLE DIGITAL RIGHTS MANAGEMENT FOR A CONTENT SERVICE - A method and system are provided for performing downloadable Digital Rights Management (DRM) for a content service. The method includes receiving, from a service provider, a Content Access Token (CAT) issuance request for specific content, wherein the CAT issuance request includes information about devices mapped to account information of a user that has purchased the specific content; issuing a CAT; and delivering the CAT to the devices mapped to the account information.06-20-2013
20130160132CROSS-SITE REQUEST FORGERY PROTECTION - Various embodiments of systems and methods for Cross-Site Request Forgery (XSRF) protection are described herein. An XSRF protection framework provides rich configuration possibilities for protection using an XSRF token. In one aspect—XSRF encoding is performed for a set of URLs according to a configuration and then a token validation is performed for incoming requests to protected resources. In another aspect—XSRF token leakage via the referrer header to external URLs is prevented.06-20-2013
20130160134METHOD AND DEVICE FOR MANAGING A SECURE ELEMENT - A method and system for managing, from a communication device, a secure element for contactless transactions such as mobile payment applications. The communication device includes a memory for storing one or more device applications. The method includes determining that an application stored on the secure element does not have an association with any of the device applications, and in response to the determining, sending a communication to a server to delete the application from the secure element.06-20-2013
20130160137ENVIRONMENTAL CONDITION IDENTIFYING TYPE LICENSE CONSUMPTION SYSTEM AND METHOD, AND FUNCTION PROVIDING SERVER AND PROGRAM - A license consumption system includes an information device on which application software operates based on a given license; and a function providing server which grants the license to the information device. The function providing server stores the license and an operating condition for granting the license, when attempting to start the application software, the information device transmits to the function providing server a licensing request of the application software and an operating environment of the information device, and the function providing server compares an operating condition of the application software corresponding to the requested license with the operating environment of the information device, and grants the license to the information device when the operating environment satisfies the operating condition.06-20-2013
20130160133Code Base Partitioning System - The subject disclosure is directed towards partitioning a code base of a program into a trusted portion and an untrusted portion. After identifying sensitive data within the code base using annotation information, one or more program elements that correspond to the sensitive data are automatically transformed into secure program elements that can be retained in the untrusted portion of the code base. Cryptographic techniques are used to minimize a potential size of the trusted portion of the code base. Source files for the trusted portion and the untrusted portion are generated.06-20-2013
20110154504MANAGEMENT SERVER DEVICE, CONTENT REPRODUCTION DEVICE, AND RECORDING MEDIUM - When a technique for specifying an unauthorized terminal based on a combination of watermarks embedded in content distributed without authorization is applied to content distributed on recording media, recording capacity limits of the recording media lead to a limit on the number of combinations of watermarks that can be embedded in the content, and only a limited number of terminals can be specified. In the present invention, all terminals are sorted into the same number of groups as there are combinations of watermarks, and a group that includes an unauthorized terminal can be specified based on the combination of watermarks embedded in the content. When the group including the unauthorized terminal is specified, this group is divided into groups, and a plurality of groups that do not include the unauthorized terminal are integrated. This enables the unauthorized terminal to be specified while keeping within the capacity of the recording medium.06-23-2011
20110154503METHOD OF PROTECTING COMPUTER PROGRAM CODE - Program code is modified to execute correctly only when code and data memory accesses/fetches are synchronised, i.e. data and code accesses/fetches are routed to identical physical addresses in computer memory. This indirectly defeats the MMU attack, in which code and data memory accesses/fetches to the same logical address are routed to different physical addresses. The program code is modified such that one or more sections of the code (“repair targets”) are deliberately broken so that the program code will not execute correctly, the repair targets being replaced at run time with correct code before the repair targets are executed.06-23-2011
20110154502Data Protection - A method to manage data access in an electronic device comprising a housing having a lid comprises receiving, from a remote server, a data protection policy, storing the data protection policy in a memory location on the electronic device, detecting a transition from a lid open status to a lid closed status, and in response to the transition, implementing the data protection policy on the electronic device. Other embodiments may be described.06-23-2011
20110154500Executing Trusted Applications with Reduced Trusted Computing Base - A system for executing trusted applications with a reduced trusted computing base. In one embodiment, the system includes a processor to dynamically instantiate an application protection module in response to a request by a program to be executed under a trusted mode. The system further includes memory to store the program which is capable of interacting with a remote service for security verification. In one embodiment, the application protection module includes a processor-measured application protection service (P-MAPS) operable to measure and to provide protection to the application.06-23-2011
20100306855Content Processing Apparatus and Content Processing Method - Having received an addition notification of a piece of download content, a content processing apparatus registers the notified content as a piece of download-scheduled content. The apparatus recalculates the priority rank of the download execution by taking into consideration a change in the license information on each piece of content, including a piece of already-preregistered download-scheduled content and a piece of content whose download is underway at present. If the download-execution target content specified by the recalculated priority rank is different from the content whose download is underway at present, the apparatus changes the download-execution target to the content specified by the priority rank.12-02-2010
20120204268METHOD AND APPARATUS FOR PROTECTING INFORMATION BASED ON DATA CARD - The present invention discloses a method and apparatus for protecting information based on a data card, and the method comprises: selecting information which needs to be hidden in a terminal device; and storing said information which needs to be hidden in a hidden partition of the data card. The present invention makes attackers not perceive the existence of the information and increases the security of the information in the data card, so as to protect the user's private information better.08-09-2012
20080229425Secure Terminal, a Routine and a Method of Protecting a Secret Key - The method of protecting a secret key from being read by a non-secure software application, comprises a step (09-18-2008
20080229426INFORMATION PROCESSING APPARATUS, SOFTWARE VERIFICATION METHOD, AND SOFTWARE VERIFICATION PROGRAM - An information processing apparatus is disclosed that includes an expiration detection unit that detects expiration of a certificate used for verifying the validity of software; a software verification unit that verifies the validity of the software using the certificate; and a storage unit in which the certificate is stored. In the apparatus, the software verification unit previously stores a value uniquely calculated from the software in the storage unit when the certificate has not expired and the software is valid, and verifies the validity of the software using the value uniquely calculated from the software where the certificate has expired or the software is invalid.09-18-2008
20080229424Dispute resolution in a geo-spatial environment - A method, apparatus and system of dispute resolution in a geo-spatial environment are disclosed. In one embodiment, a method includes providing a wiki interface such that users modify and add profiles of others prior to the profiles being claimed, permitting an initial claimant to control editability of a wiki portion of a selected profile when the initial claimant claims the selected profile, capturing what personally identifiable information the initial claimant is willing to submit if the selected profile is disputed, placing the selected profile in dispute when a disputing claimant challenges an ownership of the selected profile by the initial claimant, electing a dispute resolution process that communication a code through a direct mail mechanism to a physical address associated with the selected profile, and allocating the selected profile to one of the initial claimant and the disputing claimant based on entry of the code in the selected profile.09-18-2008
20100064373CLOAKING WITH FOOTPRINTS TO PROVIDE LOCATION PRIVACY PROTECTION IN LOCATION-BASED SERVICES - A method for using a location-based service while preserving anonymity includes receiving a location associated with a mobile node, receiving an anonymity level associated with the mobile node, computing a region containing the location of the mobile node and a number of footprints based on the anonymity level, wherein each of the footprints from a different user, and providing the region to a location-based service to thereby preserve anonymity of the mobile node. A method also allow a mobile device or its user to specify the anonymity level by selecting a public region consistent with a user's feelings towards desired privacy.03-11-2010
20100058481NON-DISPLAYING METHOD OF SECRET INFORMATION AND INFORMATION PROCESSING DEVICE - A screen based on display information is displayed on a display device, secret information in the display information is discriminated based on a predetermined condition, the secret information is non-displayed by replacing the secret information with specified characters or images, and the display information other than the secret information and the post-converting secret information are transmitted to another device.03-04-2010
20130014269NONVOLATILE MEMORY DEVICE AND MEMORY SYSTEM INCLUDING THE SAME - A nonvolatile memory device includes a memory cell array configured to store an authentication key and authentication key configuration information in first and second pluralities of nonvolatile memory cells, along with data whose security is to be protected, and a control circuit controlling an operation of the memory cell array.01-10-2013
20090288172MEDIA PLAYBACK DECODER TRACING - A method of identifying a traced media playback decoder embedded in a device, wherein data representative of a trace message is included in the content field of a media content file and a trigger string (11-19-2009
20110154499Methods and Apparatus for Selecting and Delivering Content - Systems and techniques for selecting and delivering entertainment content. User preference information for entertainment content to accompany user activities is collected and associated with a user. Upon indication by a user of a desire to receive content and designation of an activity to be accompanied by the content, content items are selected and assembled into a package so that the content items may be played in sequence using a user device. The content items comprising the package are delivered to the user device.06-23-2011
20090241197SYSTEM AND METHOD FOR ANALYSIS OF ELECTRONIC INFORMATION DISSEMINATION EVENTS - A system and method for determining an intent of a sender in transmitting electronic information in order to prevent unauthorized dissemination of electronic information is disclosed. The system and method facilitate cost-effective handling of dissemination events and comprise a traffic analyzer configured to analyze descriptors of the electronic information and parameters of the transmission of the electronic information in order to determine the intent of the sender. By determining the intent of the sender, it is possible to effectively quarantine the electronic information before it is disseminated.09-24-2009
20110162080INFORMATION PROCESSING APPARATUS AND CONTROL METHOD FOR INFORMATION PROCESSING APPARATUS - A license management shared module, which is shared by a plurality of software, carries out use management of software by obtaining licenses from a license server. A deletion module determines whether or not this software is using licenses when the software is to be deleted, and returns the license to the license server based on the result of the determination. In addition, a deletion module determines whether or not software other than the software to be deleted is subject to use management, and in the case in which it has been determined that software other than the software to be deleted is not subject to use management, deletes the license management shared module.06-30-2011
20110162082METHODS AND APPARATUS FOR PROVIDING DATA SECURITY - An electronic circuit includes a more-secure processor having hardware based security for storing data. A less-secure processor eventually utilizes the data. By a data transfer request-response arrangement between the more-secure processor and the less-secure processor, the more-secure processor confers greater security of the data on the less-secure processor. A manufacturing process makes a handheld device having a storage space, a less-secure processor for executing modem software and a more-secure processor having a protected application and a secure storage. A manufacturing process involves generating a per-device private key and public key pair, storing the private key in a secure storage where it can be accessed by the protected application, combining the public key with the modem software to produce a combined software, signing the combined software; and storing the signed combined software into the storage space. Other processes of manufacture, processes of operation, circuits, devices, wireless and wireline communications products, wireless handsets and systems are disclosed and claimed.06-30-2011
20090222928IMAGE PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - An identification-information obtaining unit obtains identification information for identifying a module to be customized. A validating unit validates, based on validation information including information indicating whether to allow a customization for a module identified by the identification information, whether the module identified by the identification information is customizable. When the validating unit validates that the module identified by the identification information is customizable, a control unit performs the customization of the module identified by the identification information.09-03-2009
20090222926SOFTWARE LICENSE MANAGEMENT SYSTEM THAT FUNCTIONS IN A DISCONNECTED OR INTERMITTENTLY CONNECTED MODE - A software license management system for a computer network is disclosed that is capable of operating in a disconnected or intermittently connected mode. The system is capable of borrowing software licenses from computer nodes in one of three modes. The three modes include a fault tolerance mode, a service licensing mode, and a normal online mode. When network instability occurs, an executive logic layer software module consults a set of rules to determine whether to automatically initiate short term software license borrowing using the fault tolerance mode or using the service licensing mode. The automatic short term software license borrowing continues as long as needed and then the normal online mode of software license borrowing is resumed.09-03-2009
20110162078DYNAMIC PATTERN INSERTION LAYER - Various methods and systems are provided for inserting a user-selected pattern below a main application display when sensitive information is being requested or to be communicated. The border of the main application layer may also be modified at this time, either with or without the underlying pattern. This visual change provides the user an assurance that the application or site is authentic and not a phishing attack. The user-selected patterns are stored in secure areas, such as a secure element on the user device or in a cloud accessible by the application or site.06-30-2011
20110162077Protecting persistent secondary platform storage against attack from malicious or unauthorized programs - A high integrity storage manager protects critical system files by maintaining a list of protected disk blocks in hardware, such as in a memory of a microcontroller. The memory is inaccessible to software running on a host system comprising the microcontroller. This list of protected disk blocks is protected as “read only” by the hardware so that no write operation issued by software running on the host platform can overwrite a protected disk block. The high integrity storage manager intercepts write operations issued by applications via the operating system and file system running on the host processor and compares the disk blocks targeted by those write operations to the list of protected disk blocks. A write operation that would overwrite a disk block in the list of protected disk blocks is prevented from completion. Other embodiments are described and claimed.06-30-2011
20110162076DATA PROTECTING DEVICE - An event condition is checked, using a computer and data content of the computer is additionally protected in relation to a normal data protection according to the event condition. The event condition is detecting by the computer a remote command and/or detecting a state according to a policy.06-30-2011
20080320598METHOD AND SYSTEM FOR TRACKING AND MANAGING RIGHTS FOR DIGITAL MUSIC - A method for digital rights management for a copyright work that is copied from device to device from among a plurality of devices, some of which are parent devices and some of which are child devices, and wherein a child device may be registered with a parent device, including copying a digital work from a parent device, P12-25-2008
20110162075Storage Device and Method for Providing a Scalable Content Protection System - A storage device and method for providing a scalable content protection system are disclosed. In one embodiment, a storage device is provided comprising a memory operative to store a plurality of versions of content, wherein each version of the content is of a different quality and is associated with a different level of content protection. The storage device receives information from the host identifying a level of content protection supported by the host. The storage device sends, to the host, a version of the content that is associated with the level of content protection supported by the host, wherein the version of the content is sent to the host using the level of content protection that is supported by the host. In another embodiment, different levels of content protection are applied to different types of content.06-30-2011
20110162074APPARATUS AND METHOD FOR REMOTE PROCESSING WHILE SECURING CLASSIFIED DATA - A method and apparatus for providing an on-demand service to an organization by a hosting center, without having classified data leave the organization network, comprising: receiving a message sent from a first computing platform of the organization to an on-premise connectivity agent, the message comprising classified data; generating a code in accordance with the classified data, by a credential hiding component associated with the on-premise connectivity agent; sending the code to the hosting center; receiving a second message from the hosting center, the second message comprising the code; retrieving the classified data using the code by a credential retrieval component associated with the on-premise connectivity agent; and sending a third message to a second computing platform, the third message comprising the classified data.06-30-2011
20090187993PROCESSOR HARDWARE AND SOFTWARE - A system and method for detecting the use of pirated software on a processor device (07-23-2009
20110179497DATA TRANSMISSION AND RECEPTION CONTROL APPARATUS, AND DATA TRANSMISSION AND RECEPTION SYSTEM, METHOD, AND PROGRAM - A portable terminal (07-21-2011
20110179495Method of execution of a software application and a storage device for storing the software application - A method of execution of a software application. A storage device stores the software application in a first memory. The software application comprises code that, when executed by a computing device authenticates the storage device. The storage device verifies an integrity of the software application and transfers the software application to the computing device upon successful verification. The computing device executes the software application, which authenticates the storage device. If the storage device is successfully authenticated, the computing device accesses data in a second memory of the storage device, the data being susceptible to be used by the software application during execution. Also provided is the storage device.07-21-2011
20110179494PROTECTING DATA STORED IN A CHIP CARD INTERFACE DEVICE IN THE EVENT OF COMPROMISE - A chip card interface device (CCID) is configured for protecting data stored at the CCID in the event of a compromise. The CCID has a housing and a compromise detection system including one or more detection devices configured for detecting a compromise of the housing. The compromise detection system is configured for generating a detection signal indicating the detected compromise. A data protection system is coupled with the compromise detection system and includes a memory device and a processing device coupled with the compromise detection system. The processing device is for receiving the detection signal and erasing data stored on the memory device based on the detection signal in some embodiments. In some embodiments, the processing device also activates a locking function for rendering itself inoperable based on the detection signal.07-21-2011
20090126024METHOD AND SYSTEM FOR MANAGING SOFTWARE LICENSES AND STORAGE APPARATUS - The management of software licenses becomes easy without incurring an increase in costs to effectively prevent software applications from unauthorized use. The software license managing method including: judging, when a software program installed in a computer is executed, whether or not a memory card having a predetermined ID is connected to said computer by an ID extracting and verifying program; permitting execution of said software program if the ID extracting and verifying program judges that said memory card is connected to said computer; inhibiting execution of said software program if the ID extracting and verifying program judges that said memory card is not connected to said computer.05-14-2009
20080313740DOCUMENT VERIFICATION METHOD, DOCUMENT VERIFICATION APPARATUS AND STORAGE MEDIUM - If the signatures of all documents in a binder document are verified when the binder document is verified, some types of documents stored in the binder document may affect the result of the verification of the binder document. When verification of a binder is performed, it is determined, for each document in the binder document, whether the document is a verification target document or not. On the basis of the result of verification of a document determined as a verification target, the result of verification of the binder document is outputted.12-18-2008
20080313741SYSTEM AND METHOD FOR CONTROLLED COPYING AND MOVING OF CONTENT BETWEEN DEVICES AND DOMAINS BASED ON CONDITIONAL ENCRYPTION OF CONTENT KEY DEPENDING ON USAGE STATE - A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user's compliant devices, or all of a family's devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content.12-18-2008
20090083856APPARATUS AND METHOD FOR PLAYBACK OF DIGITAL CONTENT - There is provided with a digital content playback apparatus which generates new digital content by replacing a content part in digital content by an other content parts, including: a storage to store license conditions defined for the content parts in the digital content, each of which includes at least a replacement permission condition and a replacement target specification condition, a specifying unit configured to allow a user to specify a replacement source content part as a content part to be replaced, and a replacement target content part as a content part for adding to the digital content for replacing the replacement source content part, and a verifying unit to verify whether license conditions of content parts in the digital content and the replacement target content part would be satisfied when replacing the replacement source content part in the digital content by the replacement target content part.03-26-2009
20120204269SECURE AUTOMATED FEATURE LICENSE UPDATE SYSTEM AND METHODS - A method for providing a secure automated feature license update is disclosed. This method may be performed at a central license server. A license template including features for enablement on a device is generated. The license template is sent to an authorized user. A license update request is received from an entity. An updated license is generated by the central license server. A response is sent to the entity.08-09-2012
20080209568PRESERVING PRIVACY OF DATA STREAMS USING DYNAMIC CORRELATIONS - Disclosed is a method, information processing system, and computer readable medium for preserving privacy of nonstationary data streams. The method includes receiving at least one nonstationary data stream with time dependent data. Calculating, for a given instant of sub-space of time, A set of first-moment statistical values is calculated, for a given instant of sub-space of time, for the data. The first moment statistical values include a principal component for the sub-space of time. The data is perturbed with noise along the principal component in proportion to the first-moment of statistical values so that at least part of a set of second-moment statistical values for the data is perturbed by the noise only within a predetermined variance.08-28-2008
20110055929METHOD FOR PRODUCING AN IMAGE INTENDED FOR AN OPERATING SYSTEM CALLED OS IMAGE AND CORRESPONDING DEVICE - A method for producing a standard OS image, intended for an operating system, including a compilation of at least one source file into at least one executable file. The method also including forming (form) an intermediate standard OS image (IM03-03-2011
20110055928METHOD AND SYSTEM FOR DETECTING UNAUTHORIZED WIRELESS DEVICES - An approach is provided for detecting unauthorized wireless devices in a network. A platform retrieves an identifier of a device from a log of devices connected to a network, determines whether the device is a wireless device by applying a plurality of criteria to the identifier, retrieving a list of wireless devices authorized to connect to the network if the device is determined to be a wireless device, and compares the identifier with the list to determine whether the device is authorized to connect to the network.03-03-2011
20110055927UPDATING ASSETS RENDERED IN A VIRTUAL WORLD ENVIRONMENT BASED ON DETECTED USER INTERACTIONS IN ANOTHER WORLD - A virtual world controller receives an identifier of a detected interaction by a user within another world, separate from a particular virtual world environment accessible by the user, from a device that detects and reports user interactions within the other world. The virtual world controller identifies at least one particular trigger tag name assigned to the identifier of the detected interaction from among a plurality of separate detectable user interactions in a trigger tag database. The virtual world controller identifies at least one particular asset class from among a plurality of asset classes specified with the particular trigger tag name within a particular trigger asset coupling from among at least one trigger asset coupling in a trigger asset coupling database. The virtual world controller accesses at least one particular asset assigned to the at least one particular asset class in an asset class database. The virtual world controller renders the at least one particular asset within the particular virtual world environment in a virtual location within the particular virtual world triggered by the particular trigger asset coupling.03-03-2011
20110055926FLEXIBLY ASSIGNING SECURITY CONFIGURATIONS TO APPLICATIONS - A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.03-03-2011
20100325734Modular Software Protection - A method for modular software protection includes steps for receiving, at a server, a license key registered for a software executable installed on a client device and machine fingerprint data generated at the client device, accessing, using the server, stored usage rights data indicated by the license key, the usage rights data specifying a number of client devices on which the software executable is licensed to operate and which features of the software executable are enabled, determining, using the machine fingerprint data received by the server, whether operation of the software executable on the client device would cause the number of client devices on which the software executable is licensed to operate to be exceeded, and creating, in response to the determining step, an encrypted license file for transmission to the client device that defines separate features of the software executable to be enabled on the client device.12-23-2010
20100325733INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND PROGRAM - Hindrance of normal execution of a process caused by unexpected processing of a signal handler can be prevented.12-23-2010
20130198851SYSTEM FOR PROTECTING SENSITIVE DATA WITH DISTRIBUTED TOKENIZATION - A token generating organization may include distributed tokenization systems for generating tokens corresponding to sensitive information. Sensitive information may include sensitive numbers such as social security numbers, credit card numbers or other private numbers. A tokenization system may include multiple physically distinct hardware platforms each having a tokenization server and a database. A tokenization server may run portions of a sensitive number through a predetermined number of rounds of a Feistel network. Each round of the Feistel network may include tokenizing portions of the sensitive number using a fractional token table stored an associated database and modifying the tokenized portions by reversibly adding portions of the sensitive number to the tokenized portions. The fractional token table may include partial sensitive numbers and corresponding partial tokens. A sensitive-information-recovery request including the token may be directed to the token generating organization from the token requestor to recover sensitive information.08-01-2013
20130198852APPLICATION LICENSING USING MULTIPLE FORMS OF LICENSING - A method, system, and computer-readable storage media for licensing an application using multiple forms of licensing are provided herein. The method includes providing a first form of a license to a first computing device via a licensing service and providing a second form of the license to a second computing device via the licensing service. The method also includes determining a first state of the first form of the license and a second state of the second form of the license, synchronizing the first state and the second state to form a combined license state, and adjusting conditions of the license based on the combined license state.08-01-2013
20130198853METHOD AND APPARATUS TO PROVIDE SECURE APPLICATION EXECUTION - A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.08-01-2013
20110016533Web Page Privacy Risk Detection - Various embodiments enable detection of third party content sources that may pose a privacy risk to a user. In at least some embodiments, webpages navigated to via a browser can be processed to identify third party content sources that provide content for the webpages. Data may be stored to relate the third party content sources to webpages in which the third party content is encountered. The data may then be analyzed to determine when a particular third party is in a position to observe browsing habits of a user. Responsive to determining a privacy risk, notification may be output in a variety of ways to inform a user of potentially risky content. In at least some other embodiments, notification can be made by way of a user interface instrumentality that is automatically presented to a user to inform the user of a potentially risky third party content source.01-20-2011
20120311718SYSTEM AND METHOD FOR PERFORMING A SOFTWARE COMPARISON - A system and method for performing software verification for one or more electronic devices. A memory of an electronic device is scanned for electronic references. The electronic references of the electronic device are determined in response to the scanning. The electronic references of the electronic device are compared against standard electronic references to determine results. The electronic device is processed in response to the results.12-06-2012
20120311717SYSTEM AND METHOD FOR SYSTEMATICALLY REMOVING CUSTOMER PERSONAL INFORMATION FROM AN ELECTRONIC DEVICE - A system and method for flashing one or more electronic devices. A flashing program executed by a server is accessed from a computing device. The one or more electronic devices are received for communication with the computing device. The one or more electronic devices are identified in response to receiving the one or more electronic devices. The one or more electronic devices are flashed to remove the customer private information through the computing device as instructed through the server.12-06-2012
20120311716SIMULTANEOUS MIXED PROTECTION MODES OVER A VIRTUALIZED HOST ADAPTER - A method for supporting simultaneous mixed protection modes for a write operation. The method includes receiving a write request that includes write data, and is received from one of a plurality of requestors. At least one of the requestors does not support data integrity protection. It is determined if data integrity protection is required for the write operation. It is additionally determined if the data integrity protection is supported by the requestor. Once the determination is made, the data integrity protection value is calculated if data integrity protection is required and is not supported by the requestor. The write data is encoded with the data integrity protection value prior to being written. If the requestor supports data integrity protection, then data integrity protection values are applied to the write data prior to writing the data to the external storage.12-06-2012
20110126290Tailored Protection of Personally Identifiable Information - The disclosed technology provides a negotiation-based mechanism for a user to share personally identifiable information with a requesting website, for example, a third party website such as an aggregator website that might be gathering information about the user. The user, rather than being limited to a pre-set collection of privacy options, is free to agree to share more or less of their privacy with any website or subset of websites based on the user's trust of the requesting website.05-26-2011
20110126289CLIENT SIDE USERNAME/PASSWORD CREDENTIAL PROTECTION - A method of protecting username/password (U/P) credentials operates on a client computer that cooperates with an anti-phishing scheme that generates a client warning at the client computer when a suspected phishing website issues a U/P request. At the client computer, a set of S fake U/P credentials is generated when the client warning is heeded, or a set of (S−1) fake U/P credentials are derived from a client-supplied U/P credential provided after the client warning is ignored. The client computer then transmits to the suspected phishing website one of (i) the set of S fake U/P credentials, and (ii) the client-supplied U/P credential along with the set of (S−1) fake U/P credentials.05-26-2011
20110126293SYSTEM AND METHOD FOR CONTEXTUAL AND BEHAVIORAL BASED DATA ACCESS CONTROL - A system and method of controlling access to information. An encrypted version of the information is stored. An attempt to access encrypted information may be intercepted and an access authorization rank may be computed. If computed access authorization rank is above a predefined level then a decrypted version of the information may be provided. Other embodiments are described and claimed.05-26-2011
20110126291SECRET INFORMATION DISTRIBUTION SYSTEM, METHOD, PROGRAM, AND TRANSMISSION SYSTEM - A secret reconstruction method comprises: receiving (k+α) pairs out of n pairs (r05-26-2011
20110126294METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR CONTROLLING DISTRIBUTION OF DIGITAL CONTENT IN A FILE SHARING SYSTEM USING LICENSE-BASED VERIFICATION, ENCODED TAGGING, AND TIME-LIMITED FRAGMENT VALIDITY - A method for controlling distribution of digital content includes fragmenting a digital content file into fragments and tagging at least some of the fragments with corresponding tags to provide tagged fragments for distribution. The tags may be generated using a pseudo-random number (PRN) bit sequence. A digital rights license is generated for the digital content file based on the tags and/or fragments. The digital rights license is configured to allow reassembly of the tagged fragments to provide the digital content file. Later, the fragments may be re-tagged with corresponding second tags to provide second tagged fragments for distribution that are different from the first tagged fragments. Related systems and computer program products are also discussed.05-26-2011
20110061105PROTECTION OF A PRIME NUMBER GENERATION AGAINST SIDE-CHANNEL ATTACKS - A method for protecting the generation, by an electronic circuit, of at least one prime number by testing the primality of successive candidate numbers, including for each candidate number tests of primality with respect to prime numbers of at least one set of consecutive prime numbers, wherein the order of application of the tests is modified at least from one prime number generation to another.03-10-2011
20110138474DYNAMIC CODE INSERTION AND REMOVAL FOR STATIC ANALYSIS BASED SANDBOXES - Methods and apparatus for dynamically adding and deleting new code to previously validated application executing in a secured runtime. New code is written to a portion of secured memory not executable by application. New code is validated to ensure it cannot directly call operating system, address memory outside of secured memory, or modify secured memory state. Indirect branch instructions may only target addresses aligned on fixed size boundaries within the secured memory. Validated code is copied to portion of secured memory executable by application in two stage process that ensures partially copied segments cannot be executed. Validated new code can be deleted once all threads reach safe execution point, provided code was previously inserted as unit or contains no internal targets that can be called by code not also being deleted.06-09-2011
20110138475SYSTEMS AND METHOD FOR PROVIDING TRUSTED SYSTEM FUNCTIONALITIES IN A CLUSTER BASED SYSTEM - A framework for providing cluster-wide cryptographic operations, including: signing, sealing, binding, unsealing, and unbinding. The framework includes an interface module (a.k.a., HAT agent) on each of a plurality of nodes in the cluster. Each HAT agent is configured to respond to an application's request for a cluster crypto operation by communication with other HAT agents in the cluster and utilizing a trusted platform module local to the node where the HAT agent resides.06-09-2011
20110138472USER-ADMINISTERED LICENSE STATE VERIFICATION - The product keys of software applications that can be utilized to identify, and activate to a higher functional state, legitimate copies of such software applications can be asymmetrically encrypted. Such encrypted product keys can be provided to potential purchasers without fear of theft of the original product keys. The encrypted product keys can be provided to an independent, trusted third-party validation authority that can decrypt such encrypted product keys and can, such as in conjunction with the software application manufacturer, verify the validity of the software applications associated with such product keys. For software applications bundled on a computing device, a tool can be executed by either the seller or potential purchaser to collect and display encrypted product keys for verification purposes. For software applications sold in an online environment, an escrow service can be utilized to keep, and provide when requested, product keys of software applications offered for sale.06-09-2011
20110138473DYNAMIC CODE INSERTION AND REMOVAL FOR STATIC ANALYSIS BASED SANDBOXES - Methods and apparatus for dynamically adding and deleting new code to previously validated application executing in a secured runtime. New code is written to a portion of secured memory not executable by application. New code is validated to ensure it cannot directly call operating system, address memory outside of secured memory, or modify secured memory state. Indirect branch instructions may only target addresses aligned on fixed size boundaries within the secured memory. Validated code is copied to portion of secured memory executable by application in two stage process that ensures partially copied segments cannot be executed. Validated new code can be deleted once all threads reach safe execution point, provided code was previously inserted as unit or contains no internal targets that can be called by code not also being deleted.06-09-2011
20100180346OBFUSCATION ASSISTING APARATUS - To provide, in order that proper obfuscation of a source code (07-15-2010
20110258705METHODS FOR WATERMARKING MEDIA DATA - Methods are provided for encoding watermark information into media data containing a series of digital samples in a sample domain. The method involves: dividing the series of digital samples into a plurality of sections in the sample domain, each section comprising a corresponding plurality of samples; processing the corresponding plurality of samples in each section to obtain a single energy value associated with each section; grouping the sections into groups, each group containing three or more sections; assigning a nominal bit value to each group according to a bit assignment rule, the bit assignment rule based on the energy values of the sections in the group; and assigning a watermark bit value to each group. The methods also involve, for each group, comparing the watermark bit value to the nominal bit value and, if the nominal bit value and the watermark bit value of the watermark information bit do not match, modifying one or more energy values of one or more corresponding sections in the group such that re-application of the bit assignment rule would assign the watermark bit value to the group. The bit assignment rule may comprise: a categorization rule for categorizing each group into one of a plurality of categories; and for each category, a unique category bit assignment rule for assigning a nominal zero bit value or a nominal one bit value to each group.10-20-2011
20090210945Personal Information/Confidential Information Managing System And Personal Information/Confidential Information Managing Method - A personal information/confidential information managing system and a personal information/confidential information managing method are provided for managing personal information/confidential information in a proper form in accordance with a variable protective level subjected to change of protective levels to comply with necessity of secrecy management in keeping personal information/confidential information in the custody. A personal information/confidential information managing device keeps personal information/confidential information in the custody with a different state for every protective level in accordance with protective levels set in compliance with the degree of confidentiality of the personal information/confidential information. Although this protective level is described in a data property definition file and is read in a computer program, it can be changed appropriately. A protective level after the change and its changing time to be designated are described in the data property definition file, so that the computer program installed in the personal information/confidential information managing device changes a keeping form of the personal information/confidential information in compliance with the protective level after the change when the changing time arrives.08-20-2009
20110191857METHOD FOR MASKING DATA - A method for masking data in communications comprising: assigning a user identifier and a tag to private data associated with a user, wherein the user identifier and the tag is associated with the private data in a data structure associated with a second data processing node; receiving a request for a first list from a first data processing node; sending to a second request for a second list of user identifiers associated with a corresponding one or more users and sending a third request for one or more tags assigned to private data of the one or more users. The second list is merged with the one or more tags in order to generate the first list which is sent to the first data processing node. The first list can be used to initiate a communication request without requiring private data to be stored on the first data processing node.08-04-2011
20090300769DETECTING GLOBAL ANOMALIES - Systems and methods of detecting distributed attacks that pose a threat affecting more than one node in the network. The distributed attacks include events that appear normal or innocuous when viewed locally at any node. The systems and methods include reference global profiles and detection global profiles corresponding to activities or events of interest on the network.12-03-2009
20120151598APPARATUS AND METHOD FOR FORENSIC MARKING OF DIGITAL CONTENT - Provided are an apparatus and method for forensic marking of digital content. The apparatus includes a forensic marker configured to generate first content by inserting a first binary forensic mark in original content and second content by inserting a second binary forensic mark in the original content, and when a content service request is generated, combine the first content and the second content on the basis of information about a user who has requested the content service and thereby generate third content in which a forensic mark corresponding to the user information is inserted, a content database configured to store the first and second content, and a transceiver configured to transmit the third content.06-14-2012
20090300766BLOCKING AND BOUNDING WRAPPER FOR THREAD-SAFE DATA COLLECTIONS - A membership interface provides procedure headings to add and remove elements of a data collection, without specifying the organizational structure of the data collection. A membership implementation associated with the membership interface provides thread-safe operations to implement the interface procedures. A blocking-bounding wrapper on the membership implementation provides blocking and bounding support separately from the thread-safety mechanism.12-03-2009
20090300772METHODS FOR PREVENTING SOFTWARE PIRACY - A method for preventing unauthorized installation of application software is disclosed wherein application software is distributed with a user-readable permanent password, one or more user-readable one-time disposable password, and a hidden password (hidden from users but accessible by the setup program). When the setup program is run, the user must enter the permanent password and disposable password(s). The setup program sends these passwords and the target computer serial number to a remote server which verifies their validity, stores the serial number, and returns a complex password and a new disposable password from a remote passwords folder stored on the remote server. The setup program displays the new disposable password to the user who records it for use in future installations. The complex password is used to enable installation of the software, and it is deleted after installation is complete. Subsequent installation or re-installations, if authorized by the terms of the software license agreement, are performed using the same procedure, except that for each such installation, a new disposable password must be used.12-03-2009
20090300771Electronic Device With Protection From Unauthorized Utilization - An electronic device has software for protecting the electronic device from unauthorized utilization. When executed, the software causes the electronic device to execute an application component, wherein the application component is configured to automatically ascertain whether the electronic device has been reported stolen, based on information received from a server system. The electronic device also automatically determines whether the application component is operating correctly, and if so, automatically provides a basic input/output system (BIOS) component of the electronic device with information indicating that the application component is operating correctly. During a subsequent boot process for the electronic device, the software automatically prevents the electronic device from completing the boot process if the BIOS component does not find the information from the application component indicating that the application component was operating correctly. Other embodiments are described and claimed.12-03-2009
20110154501HARDWARE ATTESTATION TECHNIQUES - Hardware attestation techniques are described. An apparatus may comprise a platform comprising a processor capable of operating in an isolated execution mode and persistent storage having entity information associated with an entity having control of a software application. The platform may include a security controller communicatively coupled to the platform, the security controller having a signature generator operative to generate a platform signature for the software application executing on the platform, the platform signature comprising a cryptographic hash of entity information, and an attest module operative to provide the platform signature to the software application with the platform signature to attest that that the platform is associated with the software application. Other embodiments are described and claimed.06-23-2011
20110265186METHOD FOR PROTECTING A SOFTWARE LICENSE, SYSTEM FOR SAME, SERVER, TERMINAL, AND COMPUTER-READABLE RECORDING MEDIUM - The present disclosure relates to software license protection method, system, and medium readable by server, terminal, and computer. The present disclosure provides a software license protection terminal comprising: a terminal communicator operated in association with a coupled dongle type token; a terminal controller for operating and controlling certain software by checking whether the token has the requisite seculet to run the software and if so, transmitting to the token an executive instruction to run the seculet, and receiving the executive result from the token to activate the specific software; and a terminal storage for storing the software. The disclosure achieves overcoming software vulnerabilities to reverse engineering to keep the customers from inconveniences of authentication inconveniences with typical online dependency.10-27-2011
20100031367Single File Rich Media Package Portable Across Multiple Devices - A process, format, and computer software for collecting a broad range of digital media objects, and storing them in a single, rich media container file, for simplified distribution and integrated playback. The resulting file can take on the dynamics of its intended use, so the music-oriented file may be album-centric, track oriented, and contain integrated cover art and links to the artist website, while a movie-oriented file may be video-centric, scene oriented, and contain integrated promotional art and links to actor biographies and photographs. Regardless of the usage, the resulting file provides an end user with an integrated, rich media viewing and listening experience, all in one place, and portable across multiple computers, mobile devices, and other platforms. The process and computer program for creating the rich media file also embeds digital rights management of the underlying content, and can enable both the publishers and users of the rich media file to customize their respective files with additional or unique content.02-04-2010
20100031366Method of Providing Digital Rights Management for Music Content by Means of a Flat-Rate Subscription - The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc. This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.02-04-2010
20100031365Method and apparatus for providing network access privacy - A method for providing network access privacy by classifying filter parameters of a group of users who are accessing one or more network destinations. The system includes a means for collecting information from both users, and about network destinations, generating suggestions for a user regarding filter parameters, and filtering network communications of users going to network destinations. In operation, users who are accessing network destinations are prompted to choose from a selection of filter parameters. The information provided by these users is then analyzed and used to generate suggested filter parameters for other users. As users provide more information to the system about various network destinations the system is able to provide more information to users about more network destinations and thus generate more accurate filter parameter suggestions. After a user selects their filter parameters the system filters a range of information coming from the user and going out to the network destination.02-04-2010
20100024042System and Method for Protecting User Privacy Using Social Inference Protection Techniques - A system and method for protecting user privacy using social inference protection techniques is provided. The system executes a plurality of software modules which model of background knowledge associated with one or more users of the mobile computing devices; estimate information entropy of a user attribute which could include identity, location, profile information, etc.; utilize the information entropy models to predict the social inference risk; and minimize privacy risks by taking a protective action after detecting a high risk.01-28-2010
20100024041INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND COMPUTER READABLE MEDIUM HAVING A PROGRAM - An information processing apparatus and method configured to access multiple external storage medium. The apparatus and method detect theft or loss (or otherwise unauthorized use) of the information processing apparatus with respect to data stored in multiple storage areas, back up the data to the storage medium, and record, in association with each of the storage medium, an easiness degree indicating how easily a user accesses the storage medium. The apparatus and method calculate erasure priority rankings of the data stored in a manner that an erasure priority ranking is higher as an easiness degree is higher, record the calculated erasure priority rankings in association with each of the multiple storage areas, and erases the data stored in the multiple storage areas in accordance with the erasure priority rankings when detecting theft or loss of the information processing apparatus.01-28-2010
20100024040COMMUNICATION CONTROL DEVICE, DATA SECURITY SYSTEM, COMMUNICATION CONTROL METHOD, AND COMPUTER PRODUCT - A communication control device configured to access an information processing apparatus in which data is stored. The device and method acquires an operational condition of an information processing apparatus, and notifies the information processing apparatus of a security command for causing the information processing apparatus to execute a security process on the data in an event that an operational condition is activated and, in an event that the operational condition is a standby mode, a hibernate mode, or a shutdown mode, notifies the information processing apparatus of an activation command for activating the information processing apparatus, and notifies of a security command for causing the information processing apparatus to execute a security process on the data.01-28-2010
20100024038AUTOMATIC AND ADJUSTABLE SYSTEM AND METHOD FOR SYNCHRONIZING SECURITY MECHANISMS IN DATABASE DRIVERS WITH DATABASE SERVERS - A system and method for database security provides multiple choices of security mechanisms for enabling access to a database through a database driver. A security mechanism that is compatible with a database is selected and the security mechanisms between an application and a database server are automatically determined using the selected security mechanism.01-28-2010
20100024037SYSTEM AND METHOD FOR PROVIDING IDENTITY THEFT SECURITY - A system and method of providing identity theft security is provided. The system and method utilizes a computer program that identifies, locates, secures, and/or removes from computers, computer systems and/or computer networks personally identifying and/or other sensitive information in different data formats. The computer program utilizes a multi-tiered escalation model of searching/identifying sensitive information. The computer program of the instant invention utilizes a self-learning process for fine-tuning a level of scrutiny for identifying potentially sensitive information.01-28-2010
20100024036System and Methods Providing Secure Workspace Sessions - System and methods providing secure workspace sessions is described. In one embodiment a method for providing multiple workspace sessions for securely running applications comprises steps of: initiating a first workspace session on an existing operating system instance running on the computer system, the first workspace session having a first set of privileges for running applications under that session; while the first workspace session remains active, initiating a second workspace session on the existing operating system instance running on the computer system, the second workspace session having a second set of privileges for running applications under the second workplace session; and securing the second workspace session so that applications running under the second workplace session are protected from applications running outside the second workspace session.01-28-2010
20100017888METHOD, DEVICE AND SYSTEM FOR TRANSFERRING LICENSE - The present invention discloses a method for transferring licenses, a device for issuing licenses, and a communication system, and relates to the Digital Rights Management (DRM) technology. The method includes: the first issuing device receives a request of transferring a license issued by the second issuing device; the first issuing device transfers the license after determining that a relationship is set up with the second issuing device. The license issuing device includes: a receiving module, a setup module, a determining module, and a sending module. The communication system includes: a first issuing device, a second issuing device, and a device requesting to transfer a license. Through the present invention, an issuing device may transfer the licenses issued by other issuing devices, thus improving the flexibility of transferring the licenses.01-21-2010
20100017887RIGHTS OBJECT MOVING METHOD, CONTENT PLAYER, AND SEMICONDUCTOR DEVICE - A method of moving a rights object according to the present invention includes the following steps. First, a rights object in the memory card is disabled. Then, the rights object is copied from the memory card in response to a retrieval request and installed to a content player. After the installation, a removal request is transmitted to the memory card and the rights object in the memory card is removed (deleted). After transmitting the removal request, second state information is generated and held in the content player to indicate that the removal of the rights object in the memory card has not yet been completed and that the rights object installed in the content player is conditionally enabled. When the memory card receives the removal request, the memory card removes the rights object from the memory card and transmits a removal response for notifying completion of the removal to the content player.01-21-2010
20100017886SYSTEM AND METHOD FOR REMOTELY TRACKING AN ACTIVATION OF PROTECTED SOFTWARE - The invention is related to a system (01-21-2010
20100017885Media markup identifier for alterable promotional segments - A classification method and system for possible content alteration of a media work may include criteria regarding content that is feasible for alteration. Such criteria may be maintained in records that are accessible to an interested party. Some embodiments may include a record of primary authorization rights applicable to a possible content alteration. A further embodiment feature may include a record of secondary authorization rights applicable to substitute altered content incorporated in a derivative version. Various exemplary identifier markup schemes indicative of a location or topic or category of an alterable media content component may be implemented to enable selective audio, visual, and audio/video content alteration.01-21-2010
20100017884METHOD FOR ALLOWING FULL VERSION CONTENT EMBEDDED IN MOBILE DEVICE AND SYSTEM THEREOF - A method for unlocking full version contents embedded in a mobile device comprises receiving a first signal for requesting the unlocking of full version contents embedded in a mobile device, the full version contents of which permitted usage is initially limited, and sending an unlocking message having an unlocking code for permitting a user to use the full version contents. According to the method and system for unlocking the full version contents, the full version contents are unlocked only after requesting the unlocking, and costs for the full version contents are charged to the user only when the request is allowed. Thus, costs may be saved.01-21-2010
20100017883LOCKBOX FOR MITIGATING SAME ORIGIN POLICY FAILURES - Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.01-21-2010
20100017882METHOD AND SYSTEM FOR LOCALLY ACTIVATING A DRM ENGINE - A method for locally activating a DRM engine is disclosed. A preprocessing operation is performed, wherein rights objects are bound with digital content files with a first format. The digital content files with the first format are converted to the digital content files with a second format. The digital content files with the second format file are encrypted and a corresponding decryption key is generated. The encrypted digital content files and the decryption key are stored in a memory device. An application is designed and installed on the electronic device and the memory device is installed to the electronic device. The application is authorized according to the rights objects bound in the digital content files, decrypts the encrypted digital content files using the decryption key, wherein the digital content files with the second format can be recovered from the third format, and activates a DRM engine of the electronic device. The DRM engine binds an IMEI code of the electronic device with the digital content files, enabling the digital content files to only be accessed by the specific electronic device.01-21-2010
20110219456WEBLOG FOR SUPPLY CHAIN MANAGEMENT - Disclosed are methods and systems for accessing a supply chain process through a weblog. The methods and systems involves receiving data from a one or more machines associated with a supply chain process, the supply chain process comprising a plurality of data publishing stages, updating the weblog with the data received from each of the data publishing stage of the one or more machines, retrieving access rights for accessing the data updated to the weblog and displaying the data in the weblog based on the access rights.09-08-2011
20110307961SOFTWARE PROTECTION - A program (MC), which can be executed by a programmable circuit, is protected in the following manner. An instruction block (IB) is provided on the basis of at least a portion (MC-P) of the program. A protective code (DS) is generated that has a predefined relationship with the instruction block (IB). The instruction block (IB) is analyzed (ANL) so as to identify free ranges (FI) within the instruction block that are neutral with respect to an execution of the instruction block. The free ranges comprise at least one of the following types: bit ranges and value ranges. The free ranges that have been identified are used for embedding (SEB) the protective code (DS) within the instruction block (IB).12-15-2011
20110307960SYSTEMS, METHODS, AND APPARATUS FOR SECURING USER DOCUMENTS - The invention is directed to systems, methods and apparatus for securing documents. The system comprises a server having a processor and a data storage device for storing documents, at least one document provider connected to the server, the at least one document provider operable to provide user documents to the server for storage in the data storage device, the user documents containing at least one object of security concern, and at least one document consumer connected to the server, the at least one document consumer operable to receive the user documents containing the at least one object of security concern from the server. The processor in the server is operable to determine whether to provide the at least one object of security concern to the at least one document consumer based on at least one security setting, and based on the decision either provide the documents with the at least one object of security concern or provide a replacement documents without the security of concern and an indication on each replacement document that that the at least one object of security concern has been excluded.12-15-2011
20110307959SELECTIVELY EXPOSING BASE CLASS LIBRARIES BASED ON APPLICATION EXECUTION CONTEXT - Allowing access to APIs based on application context. A method includes determining an application context for an application. A layer is determined for a base class library. Layers of the base class library are defined by one or more developer defined attributes associated with an API, where the API is included in the base class library. The base class library is divided into layers based on the developer defined attributes. The one or more attributes define which application contexts can access the API. If the layer matches the application context then access by the application to the API is allowed.12-15-2011
20090172820Multi virtual machine architecture for media devices - A software computing based environment for providing secured authentication of media downloaded from a network or loaded from a media player includes two peer-mode operating virtual machines. The low-level virtual machine provides decoding and decryption functions whereas the high-level virtual machine provides application level functions such as user interface, input/output.07-02-2009
20090172819Method and Apparatus for Implementing Logic Security Feature for Disabling Integrated Circuit Test Ports Ability to Scanout Data - A method and apparatus for implementing integrated circuit security features are provided to selectively disable testability features on an integrated circuit chip. A test disable logic circuit receives a test enable signal and responsive to the test enable signal set for a test mode, establishes a test mode and disables ASIC signals. Responsive to the test enable signal not being set, the ASIC signals are enabled for a functional mode and the testability features on the integrated circuit chip are disabled. When the functional mode is enabled, the test disable logic circuit prevents the test mode from being established while the integrated circuit chip is powered up.07-02-2009
20090077668NETWORK SECURITY DEVICES AND METHODS - An OSI layer 2 network device on the edge of a network such as a SAN is configured to replace the original source address of traffic entering the network with a known identifier or address, which is used to signify that entry point as the traffic source to the other nodes of the network. Nodes of the network recognize the new source address as a valid source address. The network device also maintains state (e.g., association of original source address with new source address/identifier) so as to translate addresses to enable reply traffic to be sent back to the original sender.03-19-2009
20120042389Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.02-16-2012
20120042386REPUTATION SYSTEM FOR WEB PAGES AND ONLINE ENTITIES - A method for providing a measure of trust for each participant in a network is disclosed, together with a method to calculate it automatically. In particular, a method for rating online entities, such as online identities is provided, which also takes into account the reputation of the raters.02-16-2012
20120042388Method of managing a software item on a managed computer system - A method and system is provided of managing a current software item on a managed computer system connectable to a management computer system via a computer network. The method includes identifying, using an agent application, the current software item on the managed computer system, identifying if the current software item is an unauthorized software item; and selectively disabling the unauthorized software item.02-16-2012
20120042387LIMITED-USE BROWSER AND SECURITY SYSTEM - A limited-use browser and related security system control access to content stored on a server computer linked to a network. The security system secures the content on the server and only permits it to be downloaded to a client computer running the limited-use browser or a general purpose browser executing an add-in security module providing the same functions as the limited-user browser. The limited-use browser or module secures the downloaded content on the client computer and displays it in a “view-only” mode. While the secured content is being displayed, menu selections, key combination, or pointing device commands initiated on the client computer that would modify the content or create a copy of another medium are either disabled as a default or monitored to determine if the action is permitted.02-16-2012
20120042385PROTECTING COPYRIGHTED MEDIA WITH MONITORING LOGIC - Methods and systems for protecting copyrighted media with monitoring logic are provided. In one embodiment, monitoring logic is installed on a client device associated with a user. The monitoring logic detects whether the media is present on the client device. If the media is present, the media is analyzed to determine if it is copyrighted.02-16-2012
20120066767METHOD AND APPARATUS FOR PROVIDING COMMUNICATION WITH A SERVICE USING A RECIPIENT IDENTIFIER - An approach is presented for providing communication with a service using a recipient identifier. The data communication platform receives a request to generate a recipient identifier for indicating data exchanged between a service and an application on a device. Further, the data communication platform determines user identifier, one or more device identifiers associated with the device, one or more application identifiers associated with the application, or a combination thereof. Then, the data communication platform determines to generate the recipient identifier by encoding, at least in part, the user identifier, the one or more device identifiers, the one or more application identifiers, or a combination thereof in the recipient identifier. In one embodiment, the recipient identifier may be encrypted. The user identifier, the one or more device identifiers, the one or more application identifiers, or a combination thereof are decodable directly from the recipient identifier.03-15-2012
20120072995SYSTEMS AND METHODS FOR MANAGING SOFTWARE LICENSES - In one embodiment, an apparatus for managing software licenses comprises: a plurality of computers connected together in a peer to peer computer network wherein each computer is a computer node of the network; wherein each computer node comprises a software license management controller that operates in one of: a disconnected mode of operation of distributed license management without network connectivity and a normal online mode of operation of distributed license management.03-22-2012
20120210441Software Protection Using an Installation Product Having an Entitlement File - Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.08-16-2012
20110173701METHOD AND APPARATUS FOR PROVIDING A SPECIFIC USER INTERFACE IN A SYSTEM FOR MANAGING CONTENT - A method and apparatus for managing use of protected content by providing a specific user interface to an application program used to render the content. The method includes identifying a user interface description associated with content, building a specific user interface based on the user interface description, and replacing the standard user interface of an application program used to render the content with the specific user interface. The specific user interface can be unique to the user, unique to a Web site, or otherwise customized.07-14-2011
20120210438Secure Three-Dimensional Mask-Programmed Read-Only Memory - Among all classes of three-dimensional read-only memory (3D-ROM), mask-programmed 3D-ROM (3Dm-ROM) is suitable for mass information dissemination. A secure 3Dm-ROM (3Dm-ROMS) comprises a 3Dm-ROM for storing mass information, a non-mask-programmed memory (NMP) for storing at least a key and an encryption logic. It provides strong copyright protection by writing different keys into different NMPs and encrypting the 3Dm-ROM contents with these different keys.08-16-2012
20120210439METHOD AND DEVICE FOR EXCERPT LICENSING - There are times when a first user may wish to distribute an excerpt of a protected digital content to a second user, for example for criticism. The protected digital content is divided into a plurality of parts, each part being encrypted using a control word specific for the part, wherein each control word can be generated from a master control word for the protected digital content. A device belonging to the first user selects the parts of the excerpt; generates the control words for the selected parts from the master control word; generates a license for the selected parts, the license comprising the control words for the selected parts; and transmits the selected parts and the license to the receiver of the second user. Also provided is the device of the first user.08-16-2012
20120210435Web content ratings - A method of performing a security check at a user computer on web page content downloaded to the user computer over the Internet. The method includes retrieving rating information for the web page from a web service over the Internet, the rating information including one or more content ratings and a first signature generated from the content, using a specified algorithm, at substantially the same time as the or each content rating was determined. The downloaded web page content is then processed using said specified algorithm to generate a second signature, and said first and second signatures are compared and the differences therebetween quantified. It is then determined if the quantified difference exceeds a threshold value. If not, then the received content rating(s) is(are) trusted. If yes, then the result is reported to said web service.08-16-2012
20120047583CABLE FRAUD DETECTION SYSTEM - Embodiments of the present disclosure provide constant support against fraudulent cable devices maintaining unauthorized connectivity and utilizing data lines illegally within an entire network regardless of the number of DHCP servers. Embodiments maintain an updated database which is mined for duplicate MAC (Media Access Control) addresses and utilizes the assigned IPs to communicate with the devices via Simple Network Management Protocol (SNMP) comparing their system description Object Identifier (OID) value with the stored value located in the device Management Information (MI) database. When a fraudulent device is found, a series of events is triggered which discontinues service as well as bans the fraudulent device from reconnecting to the network.02-23-2012
20120047582DATA DELETING METHOD FOR COMPUTER STORAGE DEVICE - A data deleting method for a computer storage device is implemented by first setting a default status of a delete-able status for a deletion record file in the storage device when the storage device is powered on, where the default status can be enable or disable. If the delete-able status of the deletion record file is kept in an enable state before the storage device is powered off, the whole data stored in the storage device is deleted automatically when the storage device is powered on next time. This is because the enable state of the delete-able status of the deletion record file is detected by a control unit of the storage device. Therefore, the method can prevent the data in the storage device from any theft or unauthorized usage.02-23-2012
20120210437Method and system to enhance accuracy of a data leak prevention (DLP) system - A Data Loss Prevention (DLP) system is enhanced according to this disclosure by augmenting the information obtained from OS API hooking with “context” information obtained from other sources, such as by monitoring an endpoint's user interface (UI). In one embodiment, the additional “context” information is obtained from one or more user interface hooks that provide the DLP system with additional information, such as the contents of one or more application windows, the UI elements contained in a particular display window, window activation or deactivation, window resizing, user input, pointer operations, and the like. This UI information defines a “context” of the application, namely, its operating state (including, without limitation, its display state), and associated user actions that define that state. When a particular OS API hook is invoked by the application, the DLP solution uses the context information to make a more accurate enforcement decision, preferably based on the UI context.08-16-2012
20120005758METHOD AND DEVICE FOR SELECTIVELY PROTECTING ONE OF A PLURALITY OF METHODS OF A CLASS OF AN APPLICATION WRITTEN IN AN OBJECT-ORIENTATED LANGUAGE - There is provided a method for selectively protecting one of a plurality of methods of a class of an application written in an object-orientated language, in particular Java, wherein a protected application is created by adding a protection module to the application, analyzing a first method to be protected of a plurality of methods of a first class of the application and determining first parameters needed for executing the first method, generating first gate code depending on the determined first parameters, replacing the first code of the first method by said first gate code and storing the replaced first code such that it can be accessed by the protection module during execution of the protected application, wherein, when the first method is called during execution of the protected application, the first gate code collects first data based on the determined first parameters and transmits the collected first data to the protection module, the protection module accesses the stored first code and generates a new class including a first substitution method based on the stored first code, instantiates the new class, invokes the first substitution method and passes at least a part of the collected first data to the invoked first substitution method so that the executed first substitution method provides the functionality of the first method, and returns execution to the first gate code after execution of the first substitution method.01-05-2012
20120005757COMPUTER ENABLED METHODS TO INHIBIT FILE AND VOLUME NAME COPYING AND TO CIRCUMVENT SAME - Provided here is a copy protection method and apparatus to confuse currently available personal computer software (and other content) copying packages by use of unexpected (“illegal”) special characters in the volume (or directory) name for the software or other content or data subject to being copied. This method can be used alone or with a broad range of other known copy protection technologies such as RipGuard (available from Macrovision Corp.). Also provided here is a method and apparatus to defeat the confusion method, thereby allowing copying of such copy protected software.01-05-2012
20120117656Security Validation of Business Processes - Implementations of methods of the present disclosure include providing a process model based on the process, the process model comprising a plurality of tasks, receiving user input at a computing device, the user input specifying one or more security requirements, the user input relating each of the one or more security requirements to at least one task of the plurality of tasks, generating, using the computing device, a formal model of the process based on the process model and the one or more security requirements, the formal model being based on a specification meta-language, processing the formal model using a model checker that is executed on the computing device to determine whether violation of at least one of the one or more security requirements occurs in the process, generating an analysis result based on the processing, and displaying the analysis result on a display.05-10-2012
20120011592METHOD AND SYSTEM EMBEDDING A NON-DETECTABLE FINGERPRINT IN A DIGITAL MEDIA FILE - The invention relates to a method and system for embedding in a digital media file user fingerprint which the user cannot detect when using the digital media file. In the method, a user-detectable watermark is first embedded in the digital media file. This watermark can be transformed in a client device to a non-detectable fingerprint of the user by utilizing digital media file-specific information issued by a digital media rights owner when the user has bought a user license. Afterwards the digital media rights owner can read the embedded user fingerprint from the digital media file if it is illegally distributed between other users.01-12-2012
20090300767METHOD FOR OUT OF BAND LICENSE ACQUISITION ASSOCIATED WITH CONTENT REDISTRIBUTED USING LINK PROTECTION - Particular embodiments generally relate to transferring data with first usage rights to a device and presenting the data by a receiving device by using different usage rights. The receiving device contacts one or more services that can determine what rights are available and can issue those rights to the receiving device. The receiving device can update the state across devices and services that maintain compliance with the usage rights.12-03-2009
20120060225METHOD AND DEVICE FOR UPGRADING RIGHTS OBJECT THAT WAS STORED IN MEMORY CARD - Disclosed herein relates to a digital rights management, and more particularly, to a method for upgrading digital rights and a device for providing the same. A method of allowing a terminal to upgrade a rights object installed in a memory card according to an embodiment of the present invention may include allowing the terminal to receive a trigger message comprising a rights object identifier, upgrade information, and AssetID (Asset Identifier) to contents from a Rights Issuer, transmitting an asset identifier message comprising the AssetID to the memory card, receiving a rights information message comprising rights information selected based on the AssetID from the memory card, checking whether the rights information corresponds to the rights object identifier, and generating a rights object based on the rights information to upgrade the rights object.03-08-2012
20120017284METHOD AND SYSTEM FOR PREVENTING COPYING OF INFORMATION FROM PREVIEWS OF WEBPAGES - A touch screen device may include: a touch panel receiving a touch signal; a noise measurement unit measuring a noise value input to the touch panel; a determination unit determining whether or not the measured noise value exceeds a threshold; and a control unit controlling an operation mode to be maintained or switched according to a determination result of the determination unit.01-19-2012
20120180138TRUST BASED MODERATION - A network device, system, and method are directed towards detecting trusted reporters and/or abusive users in an online community using reputation event inputs, such as abuse reports. When an abuse report is received for a content item, the combined trust (reputation) of previous reporters on the reported content item and the trust (reputation) of the content author are compared to determine whether to trust the content item. If the content item is un-trusted, the content item may be hidden from public view. In one embodiment, the content item might still be visible to the content author, and/or members in the author's contact list, or the like, while being hidden from another user in the community. In one embodiment, the author may appeal the determined trust, and results of the appeal may be used to modify a trust of at least one reporter.07-12-2012
20120023589Recovering Data In A Storage Medium Of An Electronic Device That Has Been Tampered With - To recover data, tampering of an electronic device that stores data in a storage medium of the electronic device is detected. A recovery procedure receives information relating to prioritizing of types of the data, and the recovery procedure detects a communication link. The recovery procedure sends the data over the communication link for transfer to a recovery destination, wherein the data is sent in an order according to the information relating to prioritizing of the types of the data.01-26-2012
20120023588FILTERING METHOD, SYSTEM, AND NETWORK EQUIPMENT - A filtering method, a filtering system, and network equipment are provided by the present invention. The method includes: intercepting a request packet sent by a user terminal to an Internet server and extracting Uniform Resources Locator (URL) information from the request packet; determining a security level corresponding to the URL information according to the URL information; and processing the request packet according to the security level. Therefore, the problem that the installation of antivirus softwares in the user terminal occupies memory space and CUP resources and the problem of the risk of being bypassed by malwares are solved, which effectively prevents malwares from spreading and attacking, reduces the threat to user terminals from malwares, and improves the network security and user experience.01-26-2012
20120023587SECURE KIOSK BASED DIGITAL CONTENT DELIVERY - Methods, systems, and apparatus for digital content management and distribution are provided. In an example, a method includes providing a memory device having digital content thereon; receiving an indication of a dock to which the memory device is to be coupled; and protecting the memory device with a unique key corresponding to the dock.01-26-2012
20120159637FUNCTIONALITY FOR PROVIDING DE-IDENTIFIED DATA - A de-identification system is described herein for converting original messages into de-identified messages. The de-identification system leverages original message-inception-functionality which operates as a gateway for providing original messages for use by a production environment. Namely, the de-identification system includes a transformation module that receives the original messages from the original message-inception functionality. The transformation module then converts instances of sensitive information contained in the original messages into non-sensitive information, to produce the de-identified messages. A de-identified environment can consume the de-identified messages with high confidence that the messages have been properly sanitized. This is because the de-identification work has been performed at a well-contained quarantine level of the message processing functionality.06-21-2012
20120210442LICENSE MANAGEMENT SYSTEM, LICENSE MANAGEMENT DEVICE, AND COMPUTER-READABLE RECORDING MEDIUM HAVING LICENSE MANAGEMENT PROGRAM - A license management device includes a license identifier generator unit generating a license identifier and license information corresponding to a group of application programs, the license identifier associated with a group identifier of the group and the license information on the group, a group information storage unit storing the group identifier with a product identifier of each application program, a license information storage unit recording the license identifier corresponding to the group identifier with the product identifier of the application program, a determination unit determining, on receiving the license identifier associated with the application program, whether the received license identifier is recorded in the license information storage unit, and a sending unit sending via a network, if the received license identifier is recorded in the license information storage unit, a license file corresponding to the recorded license identifier to provide a permission to use the application program of the group.08-16-2012
20120210440INFORMATION PROCESSING DEVICE, INFORMATION RECORD MEDIUM MANUFACTURING DEVICE, INFORMATION RECORD MEDIUM, METHOD THEREFORE, AND COMPUTER PROGRAM - An information processing device for executing content reproduction processing includes: a content reproduction processing unit for executing data transformation processing for replacing a part of configuration data of input content to be reproduced with transformation data, and executing processing for reproducing the reproduction content; and a parameter generating unit for providing the content reproduction processing unit with a parameter to be applied in the data transformation processing; wherein the content reproduction processing unit has a configuration for obtaining a parameter identifier that is different for each segment set as a sectioning region of reproduction content, and outputting a parameter calculation request accompanied by the parameter identifier to the parameter generating unit; and wherein the parameter generating unit has a configuration for providing the content reproducing unit with a parameter corresponding to a segment, in response to the parameter calculation request from the content reproducing unit.08-16-2012
20120159635Comment Plug-In for Third Party System - In one embodiment, a user comment system receives a user comment associated with a content object, assigns one or more privacy settings to the user comment, and stores the user comment in a data store in association with an identifier unique to the content object.06-21-2012
20120159639METHOD OF PROVIDING CUSTOMIZED SERVICE WITH PRIVACY SECURITY - A method of providing customized service with privacy security includes: requesting service information provided from a smart environment to a smart environment control system; once the service information is transmitted from the smart environment control system, generating schedule information by using the service information, user personal information, and schedule generation information; and transmitting a service command to the smart environment control system according to the schedule information.06-21-2012
20120159638METHOD AND APPARATUS FOR ACCESSING CONTENT PROTECTED MEDIA STREAMS - A method and apparatus for recovering a content signal from media stream protected by a digital rights management (DRM) system. A content access device includes a network interface configured to receive the protected media stream from a remote content provider via a network and a plurality of distinct DRM components corresponding to DRM systems supported by the content access device. A content extraction unit is operable to select a DRM component of the plurality of DRM components and execute the selected DRM component to recover a content signal from the protected media stream. When a search engine is used to discover available content, a list of references to available content is presented to the user, the presentation being dependent upon whether or not the content is protected by a DRM system supported by the content access device.06-21-2012
20120159636DNS-BASED DETERMINING WHETHER A DEVICE IS INSIDE A NETWORK - In a computing device a domain name system (DNS) query is generated and sent, and a check is made as to whether a verified DNS response to the DNS query is received. The computing device is determined to be inside a particular network if a verified DNS response is received, and is determined to be outside that particular network if a verified DNS response is not received. A DNS response can be determined to be verified if both the DNS response has an expected value and the DNS response is digitally signed by a trusted authority, and otherwise can be determined to be not verified.06-21-2012
20120072994METHOD TO PRODUCE SECURING DATA, CORRESPONDING DEVICE AND COMPUTER PROGRAM - A method and apparatus are provided for generating security data for implementing a secure session between a first and at least a second entity according to a secure session establishment protocol. Such a method includes: initializing a third secure entity connected to the first entity; generating at least a portion of the security data within the third entity; transmitting the generated security data from the secure third entity to the first entity; and transmitting at least a portion of the security data generated in the third secure entity to at least a previously initialized fourth secure entity connected to the third secure entity.03-22-2012
20120072993APPARATUS AND METHOD FOR MUTATING SENSITIVE DATA - A computer readable storage medium includes executable instructions to receive data from a data source. Data mutation criteria is applied to designated data elements to produce mutated data that preserves an identifiable relationship between an original designated data element and a corresponding mutated data element. The data mutation criteria also produces mutated data with an identifiable relationship between related mutated data elements. The mutated data is loaded into a report and the report is displayed.03-22-2012
20120072992SECURING SENSITIVE DATA FOR CLOUD COMPUTING - A system and associated method for securing sensitive data in a cloud computing environment. A customer system has proprietary data as a record stored in a database. The customer system associates a hashing directive with the record prior to sending the data out to a cloud for computing services. The hashing directive classifies each data field of the record into sensitive and transactional. The hashing directive controls a mode of hashing, either one-way hashing or two-way hashing for each sensitive data field associated with the hashing directive. A cloud receives the record secured according to the hashing directive and process the record to generate a result value for a cloud process result field of the record. The customer system reconstitutes the record the record according to the mode of hashing indicated in the hashing directive.03-22-2012
20110078800DIGITAL CONTENT MANAGEMENT METHODS AND SYSTEMS - Digital content management methods and systems are provided. First, device ID of a first electronic device is received, and a data license including at least the device ID of the first electronic device, and a control license including at least a read authorization for a digital content are generated. Then, the digital content and the control license are packed as a content package, and the content package and the data license are respectively transmitted to the first electronic device. An electronic device determines whether the device ID of the electronic device conforms to the device ID recorded in the data license. If so, the digital content in the content package is allowed to be read according to the control license. A new data license is generated for the digital content according to the device ID of a second electronic device. The new data license is stored to the second electronic device, and the data license in the first electronic device is abrogated. Then, the content package is transmitted from the first electronic device to the second electronic device.03-31-2011
20110078799Computer system and method with anti-malware - In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.03-31-2011
20120124671SYSTEMS AND METHODS FOR IDENTIFYING AND MITIGATING INFORMATION SECURITY RISKS - Methods and systems for Sustained Testing and Awareness Refresh against Phishing threats (STAR*Phish™) are disclosed. In an embodiment, a method assigns schemes and unique identifiers to target e-mail addresses associated with a user accounts. The method delivers e-mail messages to the targeted e-mail addresses, the e-mail messages comprising an HTTP request and a unique identifier associated with each of the user accounts. The method then receives, at a Phishing Metric Tool (PMT), a response including the unique identifier. The PMT logs training requirements for the user accounts, tracks response metrics for the training requirements, and redirects the respective HTTP requests to a phishing training tool (PTT). The PTT sends a notification of the user account identities and the unique identifiers to the PMT and returns a status for the training requirements for the user accounts. Upon completion of the training, the PMT sends completion notifications for the user accounts.05-17-2012
20110107428METHOD AND SYSTEM FOR ENABLING TRANSMISSION OF A PROTECTED DOCUMENT FROM AN ELECTRONIC DEVICE TO A HOST DEVICE - A method and a system for enabling transmission of a protected document from an electronic device to a host device are provided. The method includes: establishing a connection with between the electronic device by and the host device to communicate with the electronic device using a document viewer protocol; receiving a request by the electronic device from the host device for performing at least one operation on the protected document, wherein the protection of the protected document is specific to the electronic device; decoding the protected document by the electronic device on receiving the request; arranging the decoded protected document in accordance with the received request and the document viewer protocol; and transmitting the arranged protected document to the host device via a transport medium using the document viewer protocol.05-05-2011
20110107426COMPUTING SYSTEM USING SINGLE OPERATING SYSTEM TO PROVIDE NORMAL SECURITY SERVICES AND HIGH SECURITY SERVICES, AND METHODS THEREOF - A method of providing normal security services and high security services with a single operating system in a computing system is disclosed. A secure thread is only accessible while the computing system is in a high security environment, and relates to one of the high security services. A pseudo normal thread is to be executed while the computing system in a normal security environment, and it works as a temporary of the secure thread, and is forwarded to a thread ordering service to gain access to resources of the computing system. When the pseudo normal thread gains access to the computing system resources, the computing system is changed to the high security environment to execute the secure thread.05-05-2011
20120174235DETECTING A PHISHING ENTITY IN A VIRTUAL UNIVERSE - An invention for detecting a phishing virtual entity in a virtual universe is disclosed. A virtual entity may be registered as authentic and be identified with multiple physical characteristics thereof. Another virtual entity will be monitored to detect whether it includes a physical characteristic that is sufficiently similar to that of a registered virtual entity to cause confusion. A phishing virtual entity is detected based on the monitoring and phishing prevention processes may be implemented on the phishing virtual entity.07-05-2012
20120174234COUNTERMEASURE METHOD AND DEVICE FOR PORTECTING DATA CIRCULATING IN AN ELECTRONIC COMPONENT - The disclosure relates to a countermeasure method in an electronic component, wherein binary data are transmitted between binary data storage units, binary data being transmitted in several transmission cycles comprising a first cycle comprising: randomly selecting bits of the data, transmitting the selected bits and transmitting bits, each having a randomly chosen value, instead of transmitting non-selected bits of the data. A last transmission cycle comprises transmitting bits of the data that have not been transmitted during a previous cycle.07-05-2012
20110099638METHOD AND APPARATUS TO REPORT POLICY VIOLATIONS IN MESSAGES - A method and apparatus for reporting policy violations in messages is described. A violation is identified by detecting fragments in a message that match information from any one or more rows within a tabular structure of source data. The fragments that match this information are then specified as part of reporting the violation.04-28-2011
20110099637SECURITY DISPOSING METHOD AND DEVICE FOR INPUT DATA - A security disposing method and device for the input data involves generating an interference data according to a predefined rule when inputting the data, and mixing the input data with the interference data and sending the mixed data, and parsing out the interference data according to the predefined rule after receiving the mixed data, and separating the input data according to the parsed interference data.04-28-2011
20120317648SOFTWARE UTILIZATION PRIVILEGE BROKERING IN A NETWORKED COMPUTING ENVIRONMENT - Embodiments of the present invention provide a subscription service for documenting, verifying, administering, and auditing use of entitled software products in third-party networked computing environments (e.g., a cloud computing environment). Specifically, aspects of the invention provide an Entitlement Brokering System (EBS) (also referred to as an entitlement broker) that reduces the risk associated with clients improperly running licensed software products on their computing infrastructure, thus increasing the reliability and auditability of the software product's entitlement status and accelerating intake of new or existing clients through automation of the entitlement verification process.12-13-2012
20100251381SYSTEM RENEWABILITY MESSAGE PROVIDING METHOD AND SYSTEM RENEWABILITY MESSAGE USING METHOD AND APPARATUS THEREOF - Provided are a system renewability message providing method, a system renewability message using method and an apparatus thereof. The system renewability message providing method, includes: creating system renewability message container information including revocation list information for contents protection; and defining the system renewability message container information as an International Organization for Standardization (ISO) base media file format and distributing the system renewability message container information to a terminal.09-30-2010
20120222124SYSTEM AND METHOD FOR FACILITATING UNLOCKING A DEVICE CONNECTED LOCALLY TO A CLIENT - Systems and methods for facilitating unlocking a device connected locally to a client, utilizing a server located remotely from the client and the device, are provided in accordance with various aspects of the subject technology. In one aspect, a system includes a proxy configured to receive, at the client, at least one string descriptor request from the server over a network, where the at least one string descriptor request is associated with switching an interface of the device from a first interface type to a second interface type. The system further includes a stub driver configured to receive the at least one string descriptor request from the proxy, and to direct the at least one string descriptor request to the device.08-30-2012
20120222128DISTRIBUTION OF CONTENT DOCUMENT WITH SECURITY, CUSTOMIZATION AND SCALABILITY - A computer-implemented system and method to distribute a content document with security, customization, and scalability is provided. One or more servers provides a customizable content document associated with a first entity, enables a second entity to specify content to be included for users associated with the entity in the customizable content document, and delivers the customized content document incorporating the specified content in a secure manner to users associated with the second entity.08-30-2012
20120222127AUTHENTICATING A WEB PAGE WITH EMBEDDED JAVASCRIPT - A method for detecting if a digital document (e.g. an HTML document) is changed by others than authenticated script code (e.g. JavaScript code) is presented. The method includes loading the authenticated script code into a trusted computer application and storing a snapshot of the digital document in the trusted computer application. Before the authenticated script code is executed, the snapshot of the digital document is compared with the document to verify if the digital document is still authentic. After executing the authenticated script code, the snapshot of the digital document is replaced with an up-to-date copy reflecting eventual changes made to the digital document by the executed script code. The digital document can then at any time be compared with the most recent snapshot to verify if it is authentic.08-30-2012
20120222126CHECKING DESTINATION EMAIL ADDRESSES AGAINST HISTORICAL ADDRESS INFORMATION - An email, which includes a header and historical information, is created. The header comprises a destination email address, which comprises a name of an addressed recipient of the email and a domain name of the destination email address. The historical information in the email comprises an approved address for a previously exchanged email with the addressed recipient. The first approved address is compared to a corresponding portion of the first destination email address. In response to the corresponding portion of the first destination email address being different from the first approved address as stored in the storage unit, a warning is outputted. The warning comprises both the approved address, and an unapproved address list that comprises the first destination email address.08-30-2012
20120222125THRESHOLD REPORTING PLATFORM APPARATUSES, METHODS AND SYSTEMS - The THRESHOLD REPORTING PLATFORM APPARATUSES, METHODS AND SYSTEMS (“TRP”) transform content seed selections and recommendations via TRP components such as discovery and social influence into events and discovery of other contents for users and revenue for right-holders. The TRP detects user initiation of a universally resolvable media content (“URMC”) event in a client and obtains the URMC event identifying information. The TRP may record the URMC event identifying information in association with the event in an event log in the client. The TRM may obtain reporting frequency preference setting, at least one URMC user activity upload rule, and may determine activation of a URMC upload threshold trigger by evaluating the URMC user activity upload rule. The TRP may initiate reporting of the logged URMC event identifying information based on the trigger activation and update the client upon successful acknowledgement of said reporting by a server.08-30-2012
20120272328METHOD, SYSTEM AND APPARATUS FOR SECURE DATA EDITING - A system, method, and apparatus for secure data editing is disclosed. A data field receives focus to accept a data entry from a user. The user inputs a data entry into the data field via a user interface. A determination is made of whether a manual lock event, a change focus event, or a time out event has triggered based on the user's action or inaction with the user interface. Upon the triggering of a manual lock event, a change focus event, or a time out event, the data entry in the data field is obscured. The user interface may display a data entry with a validation character which provides a reference point within the data entry while the data entry is displayed and while the data entry is obscured. The system may allow a user to have a specified function set based on his user access level.10-25-2012
20120272326TOKENIZATION SYSTEM - A tokenization unit that tokenizes a real name ID to a different tokenized ID according to a user's service usage situation, a service history analyzing unit that analyzes service history data, a tokenized ID checking unit that determines whether different tokenized IDs are the same in analyzing a plurality of items of service history data including the different tokenized IDs, and a tokenization change management unit that manages a service usage situation the same as that of tokenization by the tokenization unit. The service history analyzing unit performs: a predetermined service history analysis if a target is a service usage situation in which the same tokenized ID appears; and a predetermined service history analysis as different tokenized IDs are considered to be the same user by the tokenized ID checking unit if a target is a service usage situation in which a different tokenized ID appears.10-25-2012
20120272324ELECTRONIC DEVICE AND COPYRIGHT PROTECTION METHOD OF AUDIO FILE THEREOF - A copyright protection method is applied to an electronic device. The method includes: obtaining digital data of an audio file via Video on Demand (VOD); determining whether or not the audio file is free to use; determining whether or not the accessing of the audio file is legal if the audio file is not free. Upon a condition that the audio file is free, or the accessing of the audio file is legal and not free, decoding the audio file into analog signals. Upon a condition that digital copyright information is not included in the audio file, inserting into the analog signals the digital copyright information; outputting the analog signals of the audio file along with digital copyright information of the audio file. Upon a condition that the audio file is not free and not legally permitted, indicating the accessing of the audio file is illegal. The electronic device is also provided.10-25-2012
20120272323ORIGINATION VERIFICATION USING EXECUTION TRANSPARENT MARKER CONTEXT - The use of a marker in a file to assist in the signing and/or verification of the file. The marker is recognized by the signing authority. The marker has a certain execution transparent context that reduces or eliminates the impact of the marker on execution. A signing authority accesses the file, finds the marker within the file, and identifies the execution transparent context system. The signing authority then uses the execution transparent context system to insert a signature with the same execution transparent context. A verification system finds the marker, identifies the execution transparent context of the marker, identify the execution transparent signature, and uses the execution transparent context system to then extract the signature from the execution transparent signature. That signature may then be used to verify that the file has not changed since it was signed.10-25-2012
20120255030SECRET SHARING APPARATUS, SHARING APPARATUS AND SECRET SHARING METHOD - A secret sharing apparatus generates, from secret data, a plurality of pieces of shared data from which the secret data is able to be restored. The secret data includes a plurality of pieces of divided data which does not include a random number. The secret sharing apparatus includes a shared data generating section which performs an XOR operation between the pieces of divided data and generates the plurality of pieces of shared data which includes the result of the XOR operation between the pieces of divided data.10-04-2012
20120255029SYSTEM AND METHOD FOR PREVENTING THE LEAKING OF DIGITAL CONTENT - There are disclosed a system and method for preventing the leaking of digital content. The system for preventing the leaking of digital content may include a digital content layer generation unit for generating a digital content layer displaying digital content, a security layer generation unit for generating a security layer including security information based on information about a user terminal, and an information display unit for displaying the security layer generated by the security layer generation unit and the digital content layer generated by the digital content layer generation unit in the display device of the user terminal in an overlapping form so that the security information looks like overlapping with the digital content. Accordingly, the illegal leaking of digital content through photographing or screen capture can be prevented.10-04-2012
20120317650SYSTEM AND METHODS FOR FACILITATING SECURE COMMUNICATIONS ON A WEBSITE - A system and methods for facilitating secure communications on a website are presented. The system comprising a security server configured to receive a secure message from a creator device is disclosed. The security server encodes the received message and sends the encoded message or a representation of the encoded message for posting on the website so that one or more users of the website have the ability to request that the security server make the message available after the encoded message has been decoded.12-13-2012
20120317649SYSTEM AND METHOD FOR REMOTELY FLASHING A WIRELESS DEVICE - A system and method for flashing an electronic device. An electronic device is received for remote flashing. The electronic device is in direct communication with a remote device. The identifying information is received for the electronic device. User instructions associated with the electronic device are displayed for flashing the electronic device. The electronic device is flashed in response to the identifying information.12-13-2012
20120131679METHOD FOR PROTECTING SOFTWARE BASED ON CLOCK OF SECURITY DEVICE AND SECURITY DEVICE THEREOF - The invention discloses a software protecting method based on clock of a security device and a security device thereof. The method includes connecting to a terminal device to the security device, receiving the service instruction sent from protected software of the terminal device, protecting the protected software of the terminal device by the security device via the preset time protecting function. The security device includes an interface module and a control module. Thereby, the control module includes a communicating unit and a software protecting unit. The security device of the invention binds with functions such as time and date easily according to the time limit information which limits the time of using the security device and controls the start time and expiring time of using the security device accurately which provides safer service for protecting the software.05-24-2012
20120131680DETECTION METHOD FOR DETECTING FRAUD - A detection method for detecting fraud with respect to a card reader. The card reader includes a removal detection switch for detecting a removal from a housing of a user operation terminal, a first RAM that can erase removal detection recognition data being stored therein, according to an output signal from the detection switch, a second RAM being independent of the first RAM and storing authentication key data. The method includes erasing the removal detection recognition data is erased when the card reader is removed from the housing of the user operation terminal. Afterwards, the authentication key data is changed after completion of predetermined authentication procedures when the card reader is mounted into the housing of the user operation terminal. Then, the changed authentication key data is stored in the second RAM, while the removal detection recognition data is stored in the first RAM.05-24-2012
20120167230DIGITAL RIGHTS MANAGEMENT OF CONTENT WHEN CONTENT IS A FUTURE LIVE EVENT - A method and system for managing use of items having usage rights associated therewith including a point of capture system adapted to generate content of a future event when the event occurs, a content distributor adapted to generate a rights label having usage rights associated with content of the future event before the content is created, the rights label having a distribution key for encrypting the content as the content is generated, the distribution key being encrypted with a public key. The system also includes a license server adapted to generate a license associate with the content from the rights label before the content is generated, the license including the distribution key encrypted with the public key, and a content distributor adapted to distribute the license before the content is generated.06-28-2012
20120167229METHOD AND SYSTEM FOR SUBSCRIPTION DIGITAL RIGHTS MANAGEMENT - A system and method for managing use of items having usage rights associated therewith. The system includes an activation device adapted to issue a software package having a public and private key pair, the public key being associated with a user, a license device adapted to issue a license, a usage device adapted to receive the software package, receive the license and allow the user to access the item in accordance with the license, and a subscription managing device adapted to maintain a subscription list including the public key associated with the user. License's is issued by the license device upon verifying presence of the public key in the subscription list corresponding to requested content.06-28-2012
20120167228METHOD AND SYSTEM FOR SUBSCRIPTION DIGITAL RIGHTS MANAGEMENT - A system and method for managing use of items having usage rights associated therewith. The system includes an activation device adapted to issue a software package having a public and private key pair, the public key being associated with a user, a license device adapted to issue a license, a usage device adapted to receive the software package, receive the license and allow the user to access the item in accordance with the license, and a subscription managing device adapted to maintain a subscription list including the public key associated with the user. License's is issued by the license device upon verifying presence of the public key in the subscription list corresponding to requested content.06-28-2012
20120167226METHOD AND SYSTEM FOR RESTORING DOMAIN MANAGEMENT - The invention relates to a method and a system for restoring domain management for a domain (06-28-2012
20120167225PASSWORD PROTECTION USING PERSONAL INFORMATION - Provided personal information from a user may be determined, the provided personal information being associated with network publication thereof. A comparison of the provided personal information with password-related information may be performed. Based on the comparison, it may be determined that a risk level associated with the network publication relative to password security of at least one password associated with the password-related information exceeds a predetermined risk level. The user may be notified that the network publication of the provided personal information is associated with potential compromise of the password security of the at least one password.06-28-2012
20120167224PROTECTED AND VIRTUAL INTERFACES FOR COM AGGREGATION - An outer COM object can be provided with privileged access to protected functionality in an inner COM object. An inner COM object can offer a custom protected interface to an outer COM object by creating a new inner internals COM object that is not available to a calling application or by creating a new extension IUnknown interface that can be used to access the protected content. An outer COM object can override behavior in an inner COM object. An inner COM object can offer access to custom behavior to an outer COM object by creating a new inner internals COM object that is not available to a calling application. The new inner internals COM object can implement a new interface that provides access to the customized (override) content or can create a new extension IUnknown interface that can be used to provide access to the customized (override) content.06-28-2012
20120216287SOCIAL NETWORK PRIVACY USING MORPHED COMMUNITIES - A system, method and program product for morphing social network data. A system is disclosed that includes: a system for splitting up M communities within a set of social network data into N split communities; a system for morphing the N split communities into P morphed communities using a cardinality key, wherein the cardinality key causes subsets of split communities to be unioned together; and a system for adding phony members into the P morphed communities.08-23-2012
20120216286METHODS AND SYSTEMS FOR SECURELY UPLOADING FILES ONTO AIRCRAFT - Methods and systems for securely uploading files onto a vehicle such as an aircraft are provided. In one embodiment, a system for transmitting files to a remote vehicle comprises: a communication system onboard the remote vehicle; at least one processor onboard the remote vehicle coupled to the communication system; and at least one storage device comprising a database, the at least one storage device further comprising computer executable instructions which when executed by the at least one processor implement a data checking functionality process comprising: generating a security file at the remote vehicle from an uplinked file received by a communication system; verifying integrity of the uplinked file using the security file; when integrity of the uplinked file is confirmed, accepting the uplinked file; and when integrity of the uplinked file is not confirmed, rejecting the uplinked file.08-23-2012
20120216285SYSTEMS AND METHODS FOR INHIBITNG DENIAL-OF-SERVICE ATTACKS USING GROUP CONTROLS - A sandbox tool can cooperate with components of a secure operating system (OS) to create an isolated execution environment for accessing content without exposing other processes and resources of the computing system to the untrusted content. The sandbox tool can utilize task control groups (cgroups) of the secure OS with the isolated execution environment. A cgroup defines the hardware resources that can be accessed and utilized by the isolated execution environment. The cgroups can define accessible hardware resources by particular hardware resources, amount of hardware resources, and/or components of the hardware resources. Once a cgroup is applied to the isolated execution environment, any processes running in the isolated execution environment will be confined to the hardware resources defined by the applied cgroup. If a process running in the isolated execution environment attempts to utilize hardware resources outside the definition of the cgroup, the secure OS can block the usage.08-23-2012
20120216289CONTENT PROVISION SYSTEM - The second content provision system determines, in response to a request by a user from a second terminal belonging to a second network, a second content being a same content as a first content, which is provided to the first terminal belonging to a first network or an alternative content for the first content and matching rights of the user. The second content is provided from the second network to the second terminal and can be used by the second terminal. The second content is determined by using content information specifying the first content which is in-use or which the use has interrupted and ownership information indicating the rights of the user and the content provision system acquires the content information and the ownership information from the first content provision system in response to the request from the second terminal.08-23-2012
20100205677CONTENT INFORMATION PROVIDING SYSTEM, CONTENT INFORMATION PROVIDING SERVER, CONTENT REPRODUCTION APPARATUS, CONTENT INFORMATION PROVIDING METHOD, CONTENT REPRODUCTION METHOD AND COMPUTER PROGRAM - A content information providing system is disclosed which can protect the copyrights of contents while permitting users who do not purchase the contents to utilize the contents. A content information providing server includes a user information storage section for storing a user key unique to each user, a content key storage section for storing content keys unique to individual contents, a recommendation section for selecting a content to be recommended to the user, a content key encryption section for encrypting the selected content key with a user key of the user of a target of the recommendation, and a content information sender section for transmitting the encrypted content key to a content reproduction apparatus used by the user. The content reproduction apparatus includes a content information receiver section for receiving the content key, and a content key decryption section for decrypting the encrypted content key.08-12-2010
20120137371AUTOMATICALLY CLASSIFYING AN INPUT FROM FIELD WITH RESPECT TO SENSITIVITY OF INFORMATION IT IS DESIGNED TO HOLD - A method and system for automatically classifying an input form field as designed to hold sensitive information. The method may include selecting an input characteristic associated with the input form field. The method may also include classifying the input form field as designed to hold sensitive information by considering classifying information of other input form fields having the same input characteristic. The method may further include statistically determining whether a similar input form field is indicated as designed to hold sensitive information by at least a predetermined threshold value of the other input fields. A computer program product is also disclosed.05-31-2012
20120137372APPARATUS AND METHOD FOR PROTECTING CONFIDENTIAL INFORMATION OF MOBILE TERMINAL - Disclosed herein is an apparatus for protecting the confidential information of a mobile terminal. The apparatus for protecting the confidential information of a mobile terminal includes a storage unit and a confidential information management unit. The storage unit stores at least one piece of confidential information which requires security. The confidential information management unit moves the confidential information from the preset unsecured initial storage area of the storage unit, to the preset secured storage area of the storage unit and stores the confidential data in the preset secured storage area, in order to protect the confidential data, and exclusively manages the secured storage area. The secured storage area is set by the confidential information management unit.05-31-2012
20110185434WEB INFORMATION SCRAPING PROTECTION - A method and a filter element for preventing scraping/clipping of the information content of a database used for providing a website with data information. When a data record set from the database has been received, the filter splits all elements/fields of the data record set in a predetermined way into cells and a sortid is provided. Each cell is encoded into a markup language, wherein location information in the cell is used for generating a location value. The encoded cells are sorted into a file to establish a file, e.g. web page, wherein the encoded data cells are distributed in an arbitrary order.07-28-2011
20100186091Methods to dynamically establish overall national security or sensitivity classification for information contained in electronic documents; to provide control for electronic document/information access and cross domain document movement; to establish virtual security perimeters within or among computer networks for electronic documents/information; to enforce physical security perimeters for electronic documents between or among networks by means of a perimeter breach alert system - The invention is an a document classification and marking engine/method that functions in a real-time compatible mode with off-the-shelf word processors, e-mail programs and presentation or other document development software applications. The software engine is used for the security classification of sensitive or national security classified information in electronic format and is enhanced by methods and processes that ensure that the software classification engine considers all document informational elements regardless of attributes assigned to the text that may hide text from the user. The software engine provides a complete and reliable document classification determination interface method based on user selections and uniquely codes the full text classification determination in a persistent manner within the electronic shell of the document in real-time and dynamically displays the text based full classification determination in the banner of the host document development application. The unique codes of the full classification embedded in the electronic shell of the document enable effective and reliable software processes and methods that establish controls for access, movement, storage etc. for electronic documents, as well as virtual electronic security perimeters, on a computer, networks of computers and/or among computer networks and domains of networks. The full or complete and persistent classification codes embedded in the document shell also enables reliable software processes and methods that immediately warn or alert security personnel of a beach of a physical security perimeter between or among computers networks or domains of networks established to protect the information contained in electronic document format.07-22-2010
20100180345METHOD FOR DOCUMENT PROCESSING - A method and system process a document having attached thereto a set of digital rights specifications, the digital rights specifications specifying constraints on the processing of the document. A workflow controller selects candidate devices, for processing the document, from a plurality of devices and determines, for each candidate device, that the device meets the digital rights specifications requirements. A set of devices are assigned to process the document from the set of devices that meet the digital rights specifications constraints. The workflow controller detects a failed device included in the assigned set of devices to process the document and determines potential candidate devices to replace the failed device. For each potential candidate device, it is determined if the potential candidate device meets the digital rights specifications requirements. A device that meets the digital rights specifications constraints is assigned to replace the failed device.07-15-2010
20100175137DOMAIN NAME HIJACK PROTECTION - A domain name registering entity (such as a domain registry, registrar, or reseller) or an independent proxy registration service may offer a domain name hijack protection to their actual or potential customers. When a domain name transfer request or notice is received in a proxy email address listed in the domain name's WHOIS records, the domain name registering entity or the proxy registration service may ignore or decline it. Customers may be given an ability to turn the domain name hijack protection service on and off, as well as an ability to adjust a variety of settings associated with the service.07-08-2010
20100175136SYSTEM AND METHOD FOR SECURITY OF SENSITIVE INFORMATION THROUGH A NETWORK CONNECTION - A system and method for preventing phishing attacks by comparing the address of a Web site to which a user wishes to enter sensitive information (or indeed any type of user information) to at least one previous address to which the user already submitted at least a portion of this information. If the current address and the previous address are not identical, the user is preferably at least alerted; more preferably transmission of the information is blocked. The present invention may also optionally operate even if only a portion of the sensitive information is submitted, such as only the password for example.07-08-2010
20120255025Automatic Analysis of Software License Usage in a Computer Network - Apparatus and method for analyzing usage of a software license. A computer system is configured to execute a software product that is activated, subject to a software license, by a first license key. The computer system includes a license use determining module that is adapted to communicate with a group of other computer systems on the same computer network, store first license key-related information that is derived from the first license key, send the first license key-related information to be received by each computer system of the group, and receive any messages sent by responders of the group in response to reception of the first license key-related information. Each of the messages is indicative of a corresponding responder having a copy of the software product that is activated by the first license key.10-04-2012
20100287619DISCRIMINATING DATA PROTECTION SYSTEM - A data protection system selectively deletes data from an electronic device when the device is reported as lost or stolen, or when another data protection triggering event occurs. Different data files may, for example, be treated differently depending on when such files were created. For example, data files that were created while the computing device was known to be in the owner's possession may be deleted, while data files created after the electronic device left the owner's possession may be left intact (since they may have been created by an innocent user). Data files created between these two points in time may be quarantined so that they later be restored, if appropriate.11-11-2010
20120174233SECURITY METHODS AND SYSTEMS - A system/method for preventing a computer virus from accessing message addresses is described. The system comprises an interception component or client plug-in that communicates with a messaging client and a messaging server. The interception component alters messages from the server and destined for the client. The interception component replaces message addresses in incoming messages with a unique identifier. The interception component also alters messages from the client destined for the server. The interception component replaces a unique identifier with a message addresses. A system/method for preventing keyboard sniffer programs from intercepting input, a system for preventing a computer virus from activating a send confirmation of a messaging client and a method for altering displayed objects to show encrypted data in decrypted form are also described and claimed. A system/method for reducing the impact of keyboard sniffer programs by altering keyboard input.07-05-2012
20120174232MECHANISM FOR EMBEDDING DEVICE IDENTIFICATION INFORMATION INTO GRAPHICAL USER INTERFACE OBJECTS - A mechanism for protecting software and computing devices from unintentional pre-release disclosure (“leak”) is provided that includes applying a security enhancement to an object on the graphical user interface of the computing device such that the object can be used to visually determine the origin of the leak without obstructing the user's experience or being easily detected or defeated.07-05-2012
20100299756SENSOR WITH A CIRCUIT ARRANGEMENT - The invention relates to a sensor, in particular for detecting attacks on at least one signal-carrying line (11-25-2010
20120216288METHOD AND SYSTEMS FOR SECURE DISTRIBUTION OF CONTENT OVER AN INSECURE MEDIUM - A method, system, and computer program product for secure distribution of content over an insecure medium, including a recipient device configured to receive content; and a sender device configured to request from the recipient device a unique identification associated with the recipient device, before sending to the recipient device, the content and a unique key associated with the content for use of the content by the recipient device. The sender device is configured to request the unique identification associated with the recipient device from the recipient device during a predetermined time interval after sending the key, and after verification of the unique identification, send a new key associated with the content to the recipient device for further use of the content by the recipient device.08-23-2012
20110191856RECEIVING INPUT DATA - A method of securing the inputting of sensitive information by a user, the method comprising: generating a mapping that associates each symbol of a plurality of symbols with a respective location at which to display that symbol on a display; displaying the plurality of symbols to the user, each symbol being displayed at the associated location on the display according to the generated mapping; the user providing a sequence of selections, each selection being a selection of a respective one of the locations; and converting the sequence of selections into a corresponding sequence of input symbols representing the input from user, each input symbol being the symbol associated with the respective selected location in the sequence of selections according to the generated mapping.08-04-2011
20100058476Electronic information retention method/system, electronic information split retention method/system, electronic information split restoration processing method/system, and programs for the same - The invention aims to provide an electronic information split restoration processing method/system capable of processing massive electronic information at high speed while preventing leakage of the electronic information with reliability, and without causing deterioration in immediacy, centrally controlling electronic information to be processed by information processing units that are distributed geographically in a wide area, and connected via network. When electronic information is to be retained, a reversible split process and a reversible conversion process are applied to the electronic information (step S03-04-2010
20100050266Providing Extended Memory Protection - In one embodiment, the present invention provides for extended memory protection for memory of a system. The embodiment includes a method for associating a protection indicator of a protection record maintained outside of an application's data space with a memory location, and preventing access to the memory location based on the status of the protection indicator. In such manner, more secure operation is provided, as malicious code or other malware is prevented from accessing protected memory locations. Other embodiments are described and claimed.02-25-2010
20100050265Method and Apparatus for Enhancing Security Between a Web Server and a PSTN-based Voice Portal - A security regimen is provided for implementing transaction security between a Web server and data and a voice portal system accessible through a telephony network on the user end and through an XML gateway on the data source end. The regimen includes one of a private connection, a virtual private network, or a secure socket layer, set-up between the Web server and the Voice Portal system through the XML gateway. Transactions carried on between the portal and the server enjoy the same security that is available between nodes on the data network. In one embodiment, the regimen further includes a voice translation system distributed at the outlet of the portal and at the telephone of the end user wherein the voice dialog is translated to an obscure language not that of the users language and then retranslated to the users language at the telephone of the user.02-25-2010
20100275266Automatically enhancing computing privacy by affecting the screen of a computing device - A method of providing visual security enhancements to electronic data displayed on a display associated with an electronic device, comprising: defining privacy criteria; defining two physical states for operation of the display, wherein the first physical state includes displaying graphical output from the electronic device in a manner that is highly discernible to a viewer; and wherein the second physical state includes displaying the graphical output in a manner that is not highly discernable to the viewer;10-28-2010
20090113556Disk Protection System - A method for protecting content on a medium (04-30-2009
20090113555DVD Replications System and Method - A system and method for replicating protected content on media includes a controller for enabling replicating of media content from partial encoded content received at a location of the controller. A media recorder is coupled to the controller and including a modulation process (04-30-2009
20120180134Personal Information Guard - A user equipment (UE) having a processor configured to scan a message content for personal information and indicate any detected personal information before sending the message from the UE. Also disclosed is a method implemented on a UE comprising scanning a message content for personal information, and indicating any detected personal information before sending the message from the UE.07-12-2012
20120180136CONTENT MANAGEMENT METHOD AND APPARATUS OF MOBILE TERMINAL - A contents management method and apparatus of a mobile terminal provides improved security of private contents. A contents management method of a mobile terminal includes establishing a connection to at least one external terminal. The method also includes segmenting a content stored in the mobile terminal into segments and sharing the content by distributing the segments to the terminals. The method further includes integrating the segments distributed to the terminals into the content when a content execution command is input. The method still further includes storing the integrated content and deleting the integrated content in the mobile terminal when at least one of the terminals is disconnected.07-12-2012
20100031364METHOD FOR CREATING A VERIFIABLE MEDIA OBJECT, A CORRESPONDING SYSTEM THEREOF, AND A VERIFICATION PACKAGE FOR A MEDIA OBJECT - In a first aspect, there is provided a method for creating a verifiable media object using a handheld device that includes a plurality of sensors. In a second aspect, there is provided a system for creating a verifiable media object using a handheld device that includes a plurality of sensors. Finally, in a third aspect, there is provided a verification package for a media object.02-04-2010
20100011445TRANSMITTER, SIGNAL TRANSFER METHOD, DATA DISTRIBUTION SYSTEM AND METHOD OF SAME, DATA RECEIVER, DATA PROVIDER AND METHOD OF SAME, AND DATA TRANSFERER - To enable usage of content at a receiver which does not have a copying function even if copyright protection is provided. Model names of receivers not having a function enabling copying of content are held in an authentication processing circuit (01-14-2010
20100011444Systems and Methods for Detecting A Security Breach in a Computer System - The present invention provides systems and methods for applying hard-real-time capabilities in software to software security. For example, the systems and methods of the present invention allow a programmer to attach a periodic integrity check to an application so that an attack on the application would need to succeed completely within a narrow and unpredictable time window in order to remain undetected.01-14-2010
20120185946SECURE COMPUTING IN MULTI-TENANT DATA CENTERS - This document describes techniques and apparatuses for secure computing in multi-tenant data centers. These techniques permit a client to delegate computation of a function to multiple physical computing devices without the client's information being vulnerable to exposure. The techniques prevent discovery of the client's information by a malicious entity even if that entity is a co-tenant on many of the same physical computing devices as the client.07-19-2012
20110107427Obfuscating reception of communique affiliated with a source entity in response to receiving information indicating reception of the communique - A computationally implemented method includes, but is not limited to: receiving communiqué reception information that indicates reception of a communiqué that is affiliated with a source entity and that is directed to an end user; and presenting, in response to receiving the communiqué reception information and in lieu of presenting direct indication of reception of the communiqué, a covert indicator that covertly indicates reception of the communiqué, the presenting of the covert indicator being in accordance with one or more conditional directives of the end user to conditionally obfuscate the reception of the communiqué affiliated with the source entity. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.05-05-2011
20130174264SYSTEM AND METHOD FOR PROTECTING DATA STORED ON A REMOVABLE DATA STORAGE DEVICE - A system for protecting data stored in a memory of a removable data storage device is provided. The system includes a personal electronic device, a removable solid state data storage device operatively coupled to the personal electronic device, and a circuit configured to protect data stored in a memory of the data storage device in response to detecting impending removal of the data storage device from the personal electronic device.07-04-2013
20120185947TRIGGERING A PRIVATE BROWSING FUNCTION OF A WEB BROWSER APPLICATION PROGRAM - A private browsing function of a web browser application program may be triggered for a browser by a browser or by a URL provider. Upon receipt of the URI by a web browser, the URI is inspected for the presence of a private browsing indicator. When the URI is found to contain a private browsing indicator, operation of the private browsing function for the web browser application program is triggered.07-19-2012
20120185949TRIGGERING A PRIVATE BROWSING FUNCTION OF A WEB BROWSER APPLICATION PROGRAM - A private browsing function of a web browser application program may be triggered for a browser by a browser or by a URL provider. Upon receipt of the URI by a web browser, the URI is inspected for the presence of a private browsing indicator. When the URI is found to contain a private browsing indicator, operation of the private browsing function for the web browser application program is triggered.07-19-2012
20120084868LOCATING DOCUMENTS FOR PROVIDING DATA LEAKAGE PREVENTION WITHIN AN INFORMATION SECURITY MANAGEMENT SYSTEM - A method for locating documents has a step of, on each entity of the plurality of document-storing entities, calculating a respective fingerprint for each document of the documents stored on the entity, a step of transferring the calculated fingerprints by the entities to a data localization server having a fingerprint database for storing the transferred fingerprints, and a step of, at the data localization server, locating copies of a specimen document by calculating a fingerprint of the specimen document and comparing the calculated fingerprint of the specimen document with the fingerprints stored in the fingerprint database.04-05-2012
20120260346INFORMATION SECURITY SYSTEMS AND METHODS - Systems and methods for governing derived electronic resources are provided. In one embodiment, a digital resource is associated with one or more rules and a set of one or more computations, wherein the rules correspond to one or more conditions for accessing the digital resource and the computations operate upon the digital resource in order to provide a specific view of the digital resource that differs from the digital resource.10-11-2012
20120260345TRUST VERIFICATION OF A COMPUTING PLATFORM USING A PERIPHERAL DEVICE - Verification of trustworthiness of a computing platform is provided. The trustworthiness of the computing platform is dynamically assessed to determine whether a root of trust exists on the computing platform. Responsive to determining existence of the root of trust, data is unsealed from a sealed storage facility. The sealed storage facility is unsealed responsive to a root of trust being determined to exist on the computing platform. The data can be used to attest to the trustworthiness of the computing platform to other device on a network.10-11-2012
20130174267Method for Secure Web Browsing - The invention relates to a computer-implemented method for secure web browsing. The method includes: 07-04-2013
20100333209METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING PROTECTED CONTENT TO ONE OR MORE DEVICES BY REACQUIRING THE CONTENT FROM A SERVICE - An apparatus for providing protected content to a device(s) by reacquisition of the content from an entity of a service may include a processor and a memory storing executable computer program code that causes the apparatus to at least perform operations including determining one or more Digital Rights Management (DRM) formats that one or more devices support in response to receipt of an indication(s). The computer program code may cause the apparatus to arrange data identifying the devices based at least in part on the DRM formats that correspond to the devices. The computer program code may cause the apparatus to facilitate receipt of content in at least one DRM format that at least one of the devices supports in response to a determination that a first device was selected to provide the content to a device for rendering. Corresponding computer program products and methods are also provided.12-30-2010
20080301817MEMORY CARD - In order to protect the user security data, provided is a memory card capable of preventing the data leakage to a third party not having the access authority by imposing the limitation on the number of password authentications and automatically erasing the data. In a system comprised of a multimedia card and a host machine electrically connected to the multimedia card and controlling the operations of the multimedia card, a retry counter for storing the number of password authentication failures is provided and the upper limit of the number of failures is registered in a register. When passwords are repeatedly entered once, twice, . . . and n times and the retry counter which counts the entries reaches the upper limit of the number of failures, the data is automatically erased so as not to leave the data in the flash memory.12-04-2008
20090089881METHODS OF LICENSING SOFTWARE PROGRAMS AND PROTECTING THEM FROM UNAUTHORIZED USE - In one embodiment, a method for controlling use of a software licensed product is provided. The method comprises tracking a usage of the software licensed product by a plurality of user computers within an intranet; and for all but one instance of the usage of the software licensed product, terminating the usage of the software license product.04-02-2009
20110004941SYSTEM AND METHOD FOR PREVENTING ACCESS TO DATA ON A COMPROMISED REMOTE DEVICE - This invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified.01-06-2011
20110004940Obfuscating identity of a source entity affiliated with a communique in accordance with conditional directive provided by a receiving entity - A computationally implemented method includes, but is not limited to: receiving a first communiqué that is affiliated with a source entity and that is directed to a receiving entity; and transmitting to the receiving entity, in lieu of the first communiqué, a second communiqué that is provided in accordance with one or more conditional directives to conditionally obfuscate identity of the source entity, the one or more conditional directives provided by the receiving entity. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.01-06-2011
20110004939Obfuscating identity of a source entity affiliated with a communique in accordance with conditional directive provided by a receiving entity - A computationally implemented method includes, but is not limited to: receiving a first communiqué that is affiliated with a source entity and that is directed to a receiving entity; and transmitting to the receiving entity, in lieu of the first communiqué, a second communiqué that is provided in accordance with one or more conditional directives to conditionally obfuscate identity of the source entity, the one or more conditional directives provided by the receiving entity. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.01-06-2011
20110004938Method and Apparatus for Erasure of Data from a Data Storage Device Located on a Vehicle - A method and system for destroying information stored on a data storage device located onboard a vehicle in order to prevent unfriendly forces from obtaining the information is described. The method and system are initiated when the operator of the vehicle activates a triggering mechanism. The information may be destroyed by physically damaging the data storage device on which the information is stored or by releasing a software virus into the device on which the sensitive information is stored. A software virus may also be transmitted to a computer of an unfriendly force attempting to access the sensitive information.01-06-2011
20120266256DETERMINING WHETHER OBJECT IS GENUINE OR FAKE IN METAVERSE - A server computer is connected to a plurality of client computers through a network, and controls objects in a Metaverse accessed by the client computers. The server computer includes a storage unit for storing an object ID specifying an object accessible in the Metaverse by the plurality of client computers and authenticity information associated with the object ID. The authenticity information indicates that the object is genuine. The server computer also includes a communication unit for communicating with each of the client computers. The server computer also includes an enquiry unit for causing the communication unit to transmit the authenticity information corresponding to the object ID to at least one of the plurality of client computers upon receipt of an enquiry request to enquire about the object ID of the object from one of the plurality of client computers.10-18-2012
20120266255Dynamic De-Identification of Data - The present invention relates to a method, computer program product and system for masking sensitive data and, more particularly, to dynamically de-identifying sensitive data from a data source for a target application, including enabling a user to selectively alter an initial de-identification protocol for the sensitive data elements via an interface.10-18-2012
20120266254De-Identification of Data - The present invention relates to a method, computer program product and system for de-identifying data, wherein a de-identification protocol is selectively mapped to a business rule at runtime via an ETL tool.10-18-2012
20120266253GROUPING COOPERATION SYSTEM, GROUPING COOPERATION METHOD, AND GROUPING PROCESSING FLOW MANAGEMENT PROGRAM - A grouping apparatus manages user information, and executes grouping processing for extracting a subset which matches a predetermined condition from a set of users. A flow control apparatus transmits a set of users to one of a plurality of grouping apparatuses, and transmits a condition used in grouping processing to each of the plurality of grouping apparatuses. One of the grouping apparatuses transmits, to another grouping apparatus, a first subset which is extracted by executing grouping processing on the set transmitted from the flow control apparatus. The other grouping apparatus extracts a second subset by executing grouping processing on the first subset transmitted from the one of the grouping apparatuses.10-18-2012
20120266252HARDWARE-BASED ROOT OF TRUST FOR CLOUD ENVIRONMENTS - Apparatuses, computer readable media, methods, and systems are described for generating and communicating a create measured virtual machine (VM) request, the request comprising a network address of a boot server, initiating establishment of a secure tunnel with a measured VM, receiving a quote from the measured VM, and determining, by a processor, whether the measured VM is authentic based on the quote.10-18-2012
20120266251SYSTEMS AND METHODS FOR DISEASE MANAGEMENT - A computer-implemented diabetes management system is provided that supports enhanced security between a diabetes care manager in data communication with a medical device. The diabetes care manager includes: a first application that operates to request access to a first security role supported by the medical device, where the first security role is associated with a first set of commands for accessing data on the medical device that are defined as a private extension of the communication protocol; and a second application that operates to request access to a second security role supported by the medical device, where the second security role is associated with a second set of commands for accessing data on the medical device that are defined as a private extension of the communication protocol. The second set of commands has one or more commands that are mutually exclusive from the first set of commands.10-18-2012
20120266250Selective Masking Of Identity-Indicating Information In Messages For An Online Community - A method and apparatus is described for protecting a user's identity by automatically replacing all identity-indicating information in messages with aliases. Users may input real name/alias pairs into a web form to be stored in a database. Any content that USER-A posts will appear unmodified to users to which USER-A has granted permission. When a user who has not been granted permission views USER-A's content, the user will see a modified version of the content. In this case, any and all instances of USER-A's stored real names in USER-A's content will be replaced with USER-A's corresponding aliases.10-18-2012
20120240240MONITORING OF DIGITAL CONTENT - The invention refers to monitoring usage of digital content provided from a content provider over a network to a client system. In the client system, a logging agent generates and stores information concerning usage of the digital content individually for each usage to be monitored. The generated information is entered in a usage log, either stored in the client system or at a trusted party. The logged usage information is also authenticated allowing identification of the client using the associated digital content. The entries of the log may include a representation of the content, information about usage quality and/or usage time. The logging agent is preferably implemented in a portable tamper-resistant module, e.g. a network subscriber identity module. The module may be pre-manufactured with the logging agent, or the agent can be downloaded thereto.09-20-2012
20120240237SYSTEM AND METHOD FOR IN-PRIVATE BROWSING - A method, system, and computer program product for operating a web browser in an open browsing mode and a private browsing mode. The method may include calculating, by a computer processor, a privacy probability that a website contains information sensitive to the user. The privacy probability may be based, at least in part, on historical use of the private browsing mode by the user. The method may also include comparing the privacy probability to a privacy threshold and automatically switching the browser from the open browsing mode to the private browsing mode for the website if the privacy probability is greater than the privacy threshold.09-20-2012
20120240241METHOD FOR IDENTITY SELF-VALIDATION, SUITABLE FOR USE IN COMPUTER ENVIRONMENTS OR IN REAL LIFE - A process for validating the identity of individuals and the individuals' belonging to a group, organization or large community of millions of people, as well as within computer environments and in real life, wherein an individual concerned requests the validation of an individual's identity; the individual concerned chooses the validation level wherein he or she seeks to be validated; the requirements are consulted for the individual to validate his or her own identity at the chosen validation level; the individual concerned is informed about the requirements to validate the user's identity; the individual concerned decides whether to continue with the validation process at the chosen level of validation or chooses to change the level of validation; the individual concerned enters data of the individual who will validate his or her own data and data from the individuals, or the verifiers who will validate his or her identity; the verifiers receive a set of validation questions that has to be answered in order to validate the identity of the individual; and the answers from the verifiers are compared with data of the individual who will validate his or her own identity to determine if such answers are satisfactory.09-20-2012
20120240239WIRELESS AD HOC NETWORK SECURITY - Providing network security includes detecting network traffic associated with an ad hoc network that includes a first station and a second station, and preventing data sent by the first station from reaching the second station.09-20-2012
20120240238System and Method to Govern Data Exchange with Mobile Devices - Techniques for limiting the risk of loss of sensitive data from a mobile device are provided. In one aspect, a method for managing sensitive data on a mobile device is provided. The method includes the following steps. A sensitivity of a data item to be transferred to the mobile device is determined. It is determined whether an aggregate sensitivity of data items already present on the mobile device plus the data item to be transferred exceeds a current threshold sensitivity value for the mobile device. If the aggregate sensitivity exceeds the current threshold sensitivity value, measures are employed to ensure the aggregate sensitivity remains below the current threshold sensitivity value for the mobile device. Otherwise the data item is transferred to the mobile device.09-20-2012
20110047626DIGITAL CONTENT MANAGEMENT SYSTEM AND APPARATUS - There are provided a digital content management apparatus which further embodies a digital content management apparatus used with a user terminal, and a system which protects the secrets of a digital content. The system and the apparatus are a real time operating system using a micro-kernel, which is incorporated in the digital content management apparatus as an interruption process having high priority. When a user uses the digital content, whether there is an illegitimate usage or not, is watched by interrupting the usage process. In the case where illegitimate usage is carried out, a warning is given or the usage is stopped. The decryption/re-encryption functions of the digital content management apparatus having the decryption/re-encryption functions are not restricted to the inside of the user apparatus. By providing the decryption/re-encryption functions between the networks, the exchange of secret information between different networks is secured. By using this apparatus for converting a crypt algorithm, information exchange is made possible between systems which adopt different algorithms.02-24-2011
20110047625System and method for secure sharing of creatives - A method of creating and securely sharing creatives is described. The method includes the steps of accessing a central processing environment, requesting at least one recording of at least a portion of an audio transmission generated from a communication device, generating at least one audio asset, adding the audio asset to a pool of related assets stored in a vault connected to the central processing environment, selecting the generated audio asset and at least one other related asset from the pool of related assets to form a creative, then requesting delivery of the creative to another communication device, and finally delivering the creative to the other communication device. The method is performed in part by a creative composition engine, which is also described. The engine includes a central processing environment having a processor, a digital recorder and a digital asset storage vault.02-24-2011
20110047624Method and System for Software Licensing Under Machine Virtualization - A method and system implementing software licensing management under machine virtualization are disclosed. According to one embodiment, a system comprises a virtual platform running on a physical machine; a binding agent running on a host operating system of the virtual platform; a license enforcement module running on a virtual machine instance of the virtual platform. The license enforcement module is in communication with the binding agent. The binding agent enforces a mutex lock to ensure that only a specified number of license enforcement modules are running on the physical machine.02-24-2011
20110047623APPARATUS AND METHOD FOR TRACING WEB USER USING SIGNED CODE - Provided are an apparatus and method for tracing web user using signed code. The apparatus for tracing web user includes at least one access terminal, a web server, and a monitoring server. The at least one access terminal requests a web page. The web server provides the web page including a signed code to the each access terminal according to the request. The monitoring server receives and analyzes access information which is extracted from the each access terminal according to execution of the signed code.02-24-2011
20120324585Methods, Devices and Computer Program Products for Regulating Network Activity Using a Subscriber Scoring System - Network activity in a network is regulated. Network activity scores that correspond to network usage patterns for respective network users are calculated. A network user is assigned into one of multiple risk classes responsive to a respective one of the network activity scores. A subsequent action is selected responsive to which of the risk classes the network user is assigned.12-20-2012
20120324586SYSTEM AND METHOD FOR CONTROLLING UTILIZATION OF CONTENT - Apparatus, method, and media for controlling utilization of content. An exemplary method comprises associating one or more usage rights with content, wherein the usage rights are based at least in part on a usage rights grammar, and wherein each of the usage rights corresponds to a permitted utilization of the content and one or more conditions which must be satisfied in order for the respective usage right to be exercised, receiving from an external computing device external, a request to access the content, the request corresponding to a utilization of the content, determining whether the requested utilization corresponds to at least one of the usage rights associated with the content, and transmitting to an external a computing device, at least one of the usage rights based at least in part on a determination that the requested utilization corresponds to at least one of the usage rights.12-20-2012
20120324584SYSTEM AND METHOD FOR MANAGING AND/OR RENDERING INTERNET MULTIMEDIA CONTENT IN A NETWORK - A system and a method render internet multimedia content in a network using an application to render the internet multimedia content and/or locally stored multimedia content on one or more rendering devices in the network. The application may provide web browser functions, such as, for example, receiving, processing, decoding and/or rendering the internet multimedia content. The application may have an enhanced user interface which may enable a user to select the internet multimedia content and a rendering device in the network, send the internet multimedia content to the rendering device and/or control rendering of the internet multimedia content on the rendering device.12-20-2012
20120324583System and Method for Processing and Protecting Content - Systems and methods that process and protect content are provided. In one example, a system may include, for example, a first device coupled to a second device. The first device may include, for example, an integrated circuit that may include a content processing system and a security system. The security system may include, for example, a digital rights manager. The first device and the second device may be part of a network. The network receives content and control information via the first device. The content processing system processes incoming content based upon at least the control information. The integrated circuit protects the content before placing the content on the network.12-20-2012
20120324587SYSTEM AND METHOD FOR PERMITTING USE OF CONTENT USING TRANSFER RIGHTS - Apparatus, method, and media for permitting use of content. An exemplary method comprises associating a transfer right with content, the transfer right specifying that the content is permitted to be transferred from a first computing device to a second computing device, transferring the content from the first computing device to the second computing device in accordance with the transfer right, updating information associated with the transfer right based on the transfer of the content from the first computing device to the second computing device, and associating a usage right with the content, the usage right corresponding to a utilization of the content, wherein the first computing device includes at least a server mode of operation, and wherein the second computing device includes both a requester mode of operation and a server mode of operation.12-20-2012
20120272329OBFUSCATING SENSITIVE DATA WHILE PRESERVING DATA USABILITY - An approach for obfuscating sensitive data while preserving data usability is presented. The in-scope data files of an application are identified. The in-scope data files include sensitive data that must be masked to preserve its confidentiality. Data definitions are collected. Primary sensitive data fields are identified. Data names for the primary sensitive data fields are normalized. The primary sensitive data fields are classified according to sensitivity. Appropriate masking methods are selected from a pre-defined set to be applied to each data element based on rules exercised on the data. The data being masked is profiled to detect invalid data. Masking software is developed and input considerations are applied. The selected masking method is executed and operational and functional validation is performed.10-25-2012
20120272325DIGITAL CONTENT MANAGEMENT SYSTEM AND METHODS - Systems and methods for locating network sites using a target digital object in a networked environment are presented. In operation, a request to locate network sites using the target digital object is received. In response to the request, identification information corresponding to the target digital object is obtained. Content of a plurality of network sites on a network is also obtained. For each network site of the obtained plurality of network sites, a determination is made as to whether a digital object on the network site matches the target digital object according to the identification information corresponding to the target digital object. A report indicating the network sites that include a digital object that matches the target digital object is then generated and returned in response to the request.10-25-2012
20130174266DATA EXCHANGE BETWEEN A SECURE ELEMENT AND A TERMINAL - A method for data exchange between a secure element and a terminal, the secure element including a CRS (Contactless Registry Service) application, a CREL (Contactless Registry Event Listener), and at least one service application, the terminal including a SEUI (Secure Element User Interface) configured to interact with at least one out of the CRS application, the CREL application, or the service application, includes exchanging, between the secure element and the terminal, an STID (Service Type Identification) information relating to the at least one service application. The STID information indicates the service type of the at least one service application of a predetermined set of different service types.07-04-2013
20120331560Microcontroller with Secure Feature for Multiple Party Code Development - Multiple secure environments are established within a system on a chip (SoC) by defining a first secure region within a non-volatile memory in the SoC with a first set of parameters written into a predefined parameter region of the non-volatile memory. A second secure region within the non-volatile memory may be defined at a later time by a second set of parameters written into another predefined parameter region of the non-volatile memory. A security module is initialized each time the SoC is powered on by transferring the first set of parameters and the second set of parameters from the parameter region to the security module in a manner that does not expose the first set of parameters or the second set of parameters to a program being executed by the processor. The multiple secure regions of the SoC are enforced by the security module according to the parameter data.12-27-2012
20120331559RESOURCE MANAGEMENT SYSTEM AND CORRESPONDING METHOD - The invention provides a secure and efficient resource management system and a corresponding method for managing resources of a product that is put on the market by a licensor via a distribution chain. In particular, the number of keys needed for managing said resources can be reduced. At the time that the product is released to the market the exact licensing conditions of the product need not be known yet. The licensing conditions and the associated configuration of resources of the product are managed via a second key which is provided to a licensee. The licensee, however, has no knowledge of the first key and the derivation function which generates said second key based on the first key. Therefore, it is ensured that the licensee cannot claim more resources of the product than the licensor allows.12-27-2012
20110061107METHOD AND APPARATUS FOR IMPLEMENTING DIGITAL RIGHTS MANAGEMENT - A method and apparatus is provided for providing digital content to a client. The method begins by receiving a request from the client to receive digital content. The client is authorized to receive the digital content and the DRM implementation employed by the client is determined. The digital content is then provided to the client in conformance with the DRM implementation employed by the client.03-10-2011
20120331558Methods, Systems, & Products for Managing Digital Content - A dynamic repository (either storing digital data content or pointers to stored digital data content) works in conjunction with a plurality of interfaces to manage digital content and digital rights policies associated with one or more users. Digital rights policies are unique to each user and such policies define access to digital content in the repository. The user's digital rights policy indicates the level of access a user has to digital content in the repository (e.g., the policy could indicate that the user has authorized access to a particular file for a period of seven days). The interfaces linked with the content repository are used to access and manipulate the digital data content (based upon each user's digital rights policy) and the digital rights policies stored in the content repository. The interfaces include: (a) one or more authentication interfaces for authenticating users, (b) one or more digital rights management (DRM) interfaces allowing users to add, delete, or edit the digital rights policies, (c) one or more data access interfaces allowing users to selectively access digital data content as defined by their individual digital rights policy, (d) one or more browsing interfaces allowing users to selectively browse said digital data content, or a (e) one or more content manipulation interfaces allowing said users to add, delete, or edit said digital data content.12-27-2012
20110239306DATA LEAK PROTECTION APPLICATION - A data leak protection method for managing user interaction with a computing device, the computing device comprising a kernel mode of operation and a user mode of operation, the method comprising: monitoring the kernel mode of the computing device in order to detect user-initiated events; determining whether a given user-initiated event has a forbidden status or an allowed status; performing an action in dependence on the status of the given user-initiated event.09-29-2011
20110239304MANAGING INFORMATION RELATING TO SECURE MODULE APPLICATIONS - An apparatus capable of hosting a secure module, which secure module comprises at least one secure module application. The apparatus is configured to provide connectivity to the secure module. A processing module is configured to obtain from the secure module information concerning the at least one secure module application. The processing module is, based on the obtained information, configured to check whether a compatible counterpart application is present in the apparatus. A communication module is configured to obtain the compatible counterpart application from an outside source in case no compatible counterpart application is present in the apparatus.09-29-2011
20120331562METHOD, APPARATUS AND COMPUTER PROGRAM FOR SUPPORTING DETERMINATION ON DEGREE OF CONFIDENTIALITY OF DOCUMENT - Determining confidentiality of an office document shared by multiple organizations. Each block of a document data set is stored in association with confidentiality information indicating whether the block is confidential. The document data set is dividable into blocks each being a unit including properties evaluated as having a certain characteristic. A document data set targeted for the confidentiality determination is acquired, and it is determined whether a document data set, including a block similar to each block of the acquired document data set, is stored. If the document data set including the similar block is stored, it is determined whether the confidentiality information indicating that the block is confidential is assigned to the block of the acquired document data corresponding to the similar block. If the confidentiality information indicating that the block is confidential is assigned, the acquired document data set is determined as confidential.12-27-2012
20110252482TIERED OBJECT-RELATED TRUST DECISIONS - Adware and viruses are examples of objects that may be embedded in a web page or linked to a web page. When such an object is detected to be associated with a web page loading on a browser, an analysis may be performed to determine a trust level for the object. The object is suppressed based on the trust level. A prompt is displayed to advise a user that the object has been suppressed, and to provide an opportunity to interactively accept or decline activation of an action for the object.10-13-2011
20110265185METHOD ENABLING A USER TO KEEP PERMANENTLY THEIR FAVOURITE MEDIA FILES - This invention enables a user to convert their favourite DRM protected media files, which would otherwise have significant use restrictions, to media files that can be played without limitation of time. This is especially useful where the DRM protected files are supplied as part of a subscription service and the ability to playback those files ends when the subscription ends. This approach relies on the ability to gather playback metrics for the DRM protected media files, to analyse them to determine the user's favourites, and then to provide the user with non-time limited versions of those favourite digital media files. In one implementation, a user's favourite music tracks can still be played, even though a music subscription service has ended.10-27-2011
20120090034METHOD AND APPARATUS FOR DOWNLOADING DRM MODULE - A Digital Rights Management (DRM) service system providing digital content to which DRM technology is applied, when one or more DRM content is provided to a client device, download information for a DRM module capable of installing a DRM agent corresponding to a DRM system applied to the DRM content is provided together, making it possible for the client device to download the DRM module based on the download information, install the DRM agent, and use the DRM content.04-12-2012
20120090033SYSTEMS AND METHODS FOR IMPLEMENTING APPLICATION CONTROL SECURITY - Systems and methods for implementing application control security are disclosed. In one embodiment, a system includes a first device, a decrypted white-list, and an executable program. The first device may be in electrical communication with a memory containing an encrypted white-list. The encrypted white-list may be decrypted using an identifier of a second device. The executable program may be referenced in the decrypted white-list.04-12-2012
20110277037Enforcement Of Data Privacy To Maintain Obfuscation Of Certain Data - A computer-readable medium is disclosed that tangibly embodies a program of machine-readable instructions executable by a digital processing apparatus to perform operations including determining whether data to be released from a database is associated with one or more confidential mappings between sets of data in the database. The operations also include, in response to the data being associated with the one or more confidential mappings, determining whether release of the data meets one or more predetermined anonymity requirements of an anonymity policy. Methods and apparatus are also disclosed.11-10-2011
20110277036Policy Determined Accuracy of Transmitted Information - Systems and methods for controlling accuracy of transmitted information are described. A package is assembled based on a numerical value, such as a measurement, and one or more policies associated with the sender. When the package is received by a receiver, it is unpacked to yield a second value representing the numerical value and having a reduced accuracy with respect to the first value. The accuracy reduction depends on policies associated with the receiver and/or the sender. Examples of numerical values in different applications include geo-location data, medical data, and financial data.11-10-2011
20120331557Global identity protector E-commerce payment code certified processing system - An identity theft protection system and method which employs several security features to prevent identity theft on all levels. The protection system database employs a member's address and telephone number as a numeric identity protector, security code and lock for Social Security numbers. Preventing the issuing of identity theft credit cards, and e-commerce address billing payment code numbers, and e-commerce telephone number billing payment code numbers. The locking address also prevents account hijacking, preventing checks from being mailed to identity thieves. The system employs a computer generated photo copy of the member's ID or drivers license, to prevent fraud on all big ticket items, and preventing identity theft bank fraud on checking accounts and medical records providing photo match and verify, identity theft prevention verification. The system protects its members against stolen and counterfeit checks. The G.I.P. computer database will ID the owner of the checking account at the cash register. The ID can also prevent cyber identity theft, also known as account hijacking.12-27-2012
20120331561Method of and Systems for Privacy Preserving Mobile Demographic Measurement of Individuals, Groups and Locations Over Time and Space - Disclosed are techniques for privacy preserving mobile demographic measurement of individuals, groups, and locations over time and space. A method of estimating demographic information associated with a user of a mobile device and/or a location while preserving the privacy of the user based at least in part on a location estimate of the mobile device of the user includes receiving an estimated geographical location of the mobile device of the user and receiving a time at which the mobile device was at the estimated geographical location. The method includes assigning substitute identifiers for the geographical location and the time at which the mobile device was at the estimated geographical location. The method includes associating the geographical areas substitute identifiers with demographic information and estimating demographic information associated with the user of the mobile device based on the substitute identifiers and based on the demographic information associated with substitute identifiers.12-27-2012
20100229241METHOD OF ACCESSING SERVICE, DEVICE AND SYSTEM THEREOF - A method of service access, a device, and a system are provided in an embodiment of the present disclosure. A service requestor identity generating method includes the request for generating the anonymous identity that is adapted to hide the real identity of the client. A method of generating the identity of the service requestor, an access method, a method of tracing the real identity of the service requestor, a device for managing the identity of the service requestor, a service requestor device, an identity management system, a service provider device, an access system, an identity tracing requesting device, and an identity tracing system are provided in an embodiment of the present disclosure. The methods provided in an embodiment of the present disclosure may be used to protect the privacy of the service requestor while obtaining the real identity of the service requestor when necessary. The methods are easy to implement.09-09-2010
20100229240LICENSE MANAGEMENT DEVICE AND CONTROL METHOD AND CONTROL PROGRAM OF LICENSE MANAGEMENT DEVICE - A total time for license check communication processings can be reduced. A cellular phone 09-09-2010
20110289593MEANS TO ENHANCE THE SECURITY OF DATA IN A COMMUNICATIONS CHANNEL - A technique and method for creating a provably secure communications channel between two devices making the observation, recovery and modification of the data within the communications channel difficult. Specifically, the present invention compromises a technique and method for protecting the data within a data channel where security must be assured.11-24-2011
20120102571SYSTEM AND METHOD FOR DIGITAL FORENSIC TRIAGE - A digital forensic system for performing forensics on a target device comprises a control pod and a collection device. The control pod, which has a unique identity in order to enable accurate audit, is arranged to register and allocated a unique identity to the collection device and to clean, load a profile onto the collection device, the profile defining a subset of data. The collection device is connected to the target device and copies data from the target device to the collection device according to the profile. The control pod is then arranged to create a report on the collection device, the report derived from the copied data. Once a user input has been received, indicating that the collection device be marked as evidence, then the control pod is arranged to lock the collection device in response to the user input.04-26-2012
20120291133SECURITY COMPLIANT DATA STORAGE MANAGEMENT - An embodiment of the invention is a program for dynamically managing files to comply with security requirements. In one embodiment, changing security requirements require that the computer system identifies the current storage locations of files along with the files' respective security levels. Files containing changed security levels due to the changed security requirements are relocated to storage locations clustered with storage locations containing files of the same security level. In another embodiment, the computer system receives a file having a certain security level, identifies current storage locations of files with the files' respective security levels, and finally allocates the new file to a storage location clustered with storage locations containing files of the same security level.11-15-2012
20120291137SYSTEM AND METHOD FOR SOCIAL NETWORK TRUST ASSESSMENT - A first user's trust level with regard to a second user can be determined by providing questions to the second user, with the questions based on a previously-collected knowledge base including information about the first user. The information about the first user may be partitioned into levels of trust, and the second user's responses to the questions may be evaluated to determine which level of trust the second user is entitled to. The knowledge base may be assembled by prompting the first user for information and/or by scanning or otherwise collecting already-existing data about the first user. The knowledge base and/or trust assessment may be distributed across a network, and in some embodiments the knowledge base or parts thereof is distributed to other users according to the trust level of those users.11-15-2012
20120291135METHOD AND APPLICATION FOR A REACTIVE DEFENSE AGAINST ILLEGAL DISTRIBUTION OF MULTIMEDIA CONTENT IN FILE SHARING NETWORKS - A system for external monitoring of networked digital file sharing to track predetermined data content, the system comprising: at least one surveillance element for deployment over said network, said surveillance elements comprising: surveillance functionality for searching said digital file sharing and identification functionality associated with said search functionality for identification of said predetermined data content, therewith to determine whether a given file sharing system is distributing said predetermined data content.11-15-2012
20120291136PREVENTING TRANSFER AND DUPLICATION OF REDUNDANTLY REFERENCED OBJECTS ACROSS NODES OF AN APPLICATION SYSTEM - Unique identifiers referred to as “keys” are generated for objects stored on each node. When a container object including at least one embedded object is transferred from a sending node to a receiving node, the sending node sends the key uniquely identifying the embedded object to the receiving node to determine whether the embedded object is already stored on the receiving node. If the receiving node indicates that the embedded object is already stored at the receiving node, then the sending node determines that the embedded object does not need to be sent to the receiving node. In that case, if the embedded object has not been sent, the sending node does not send the embedded object. If the sending node has already started sending the embedded object, then the sending node terminates sending of the embedded object.11-15-2012
20100199355METHOD OF PROTECTING DIGITAL DOCUMENTS AGAINST UNAUTHORIZED USES - The method comprises: taking a digital document for protection that constitutes a piece of source code, and identifying therein a programming language L defined by a grammar G08-05-2010
20100199354Obfuscating Computer Program Code - A computer-implemented method of tamper-protecting computer program code. The method comprises: obtaining an input representation of the computer program code; identifying a conditional program statement for causing a data processing system to selectively execute one of at least a first and a second sets of program statements when said computer program is executed by a data processing system; replacing said identified conditional program statement and the first and second sets of program statements with a set of transformed program statements to obtain obfuscated program code, wherein the set of transformed program statements is adapted to cause the data processing system to execute at least a part of each of the transformed program statements when said computer program is executed by the data processing system.08-05-2010
20120144495SECURING MIXED-MODE APPLICATIONS - Embodiments are directed to securing mixed-mode applications in a semi-trusted environment. In an embodiment, a computer system securely loads native data files associated with a mixed-mode application. The secure loading ensures that the native components upon which the managed component depends are authentic. The computer system implements a securely stored handle associated with the loaded native data files to provide secure communications between the managed component and the loaded native data files. The handle provides a trusted function pointer to an associated mixed-mode application function. The computer system also initiates a security permission request for each resource that is passed to the native components during execution of the mixed-mode application, so that each resource is verified before execution.06-07-2012
20130014268STORAGE DEVICE AND STORAGE METHOD - According to one embodiment, a storage device includes a connector configured to be connected to an equipment; a wireless communication unit configured to transmit and receive data through wireless communication; an identification unit configured to identify the equipment connected to the connector; a storage unit configured to include, for each identified equipment, a restricted area accessible only by the identified equipment; and a controller configured to control the storage unit such that the data, which is received by the wireless communication unit when the equipment is connected to the connector, is written in the restricted area for the connected equipment.01-10-2013
20130014275Method For Linking and Loading to Protect Applications - A linker or loader, and associated method, is described, whereby the application of security transformations to object-code modules can be deferred until link or load-time, through, for example, memory relocation, selection from diverse instances of a module, and late-binding of constants. This provides several benefits over conventional source-to-source security transformations. These deferred security transformations can be applied in a very light-weight manner and create many opportunities for diversity in the resulting executable program, enhancing security, while at the same time minimizing the impact on execution performance and correctness, and reducing the complexity of debugging.01-10-2013
20130014272SYSTEM AND METHOD OF PROVIDING INFORMATION ACCESS ON A PORTABLE DEVICE - A system and method of providing information stored in a memory is provided. The system comprises an information repository for storing information and an access module for providing access to the information in response to a predetermined operation performed on a man-machine interface. The method includes the steps of storing information in a memory and providing access to the information in dependence upon at least one predetermined operation.01-10-2013
20130014267COMPUTER PROTOCOL GENERATION AND OBFUSCATION - In the field of computer science, communications protocols (such as computer network protocols) are hardened (secured) against reverse engineering attacks by hackers using a software tool which is applied to a high level definition of the protocol. The tool converts the definition to executable form, such as computer source code, and also applies reverse-engineering countermeasures to the protocol definition as now expressed in source code, to prevent hackers from recovering useful details of the protocol. This conversion process also allows preservation of backwards version compatibility of the protocol definition.01-10-2013
20130014266Collaboration privacy - Generally described, the present disclosure relates to conferences. More specifically, this disclosure relates to collaboration privacy. In one illustrative embodiment, a system is described for conference and other collaborations in which trusted and untrusted parties are present. To retain information privacy within the collaboration, the system determines a context for the conference. From the context, information privacy related groupings can be identified. The system can then determine information privacy measures for those privacy related groupings. The information privacy measures for the groupings can be actuated for the parties within the conference. These measures can include, but are not limited to, visual or audio announcements to trusted parties within the conference. Other information privacy measures can include privacy enabled features such as sidebar conferences between the trusted parties.01-10-2013
20130014274System and Method for Encapsulating and Enabling Protection Through Diverse Variations in Software Libraries - A flexible software library in which the software modules are defined as an abstract intermediate representation. The flexible library allows security transformation and performance attribute selections to be made by the end-user, rather than the library creator. Furthermore, since the flexible library contains an abstract representation of the software modules, the library can also be provisioned to contain an arbitrary number of named instances, representing specific sets of values for security and performance decisions, along with the corresponding native object-code resulting from those decisions. This permits distribution of software modules in a completely platform-independent manner while avoiding the disclosure of proprietary information, such as source-files.01-10-2013
20130014270METHOD OF COMPARING PRIVATE DATA WITHOUT REVEALING THE DATA - Disclosed in this specification is a method and program storage device for comparing two sets of private data without revealing those private data. If the comparison deems the two data sets sufficiently similar, helper data may be provided to permit reconstruction of one of the private data sets without transmission of that private data set.01-10-2013
20130014271Data protection method and device - An apparatus and method for encoding and decoding additional information into a digital information in an integral manner. More particularly, the invention relates to a method and device for data protection.01-10-2013
20130014273VALIDATION OF PROTECTED INTRA-SYSTEM INTERCONNECTS FOR DIGITAL RIGHTS MANAGEMENT IN ELECTRICAL COMPUTERS AND DIGITAL DATA PROCESSING SYSTEMS - Embodiments for validating protected data paths for digital rights management of digital objects are disclosed. Some embodiments disclosed herein may comprise processes or apparatus for transferring data from one or more peripherals to one or more computers or digital data processing systems for the latter to process, store, and/or further transfer and/or for transferring data from the computers or digital data processing systems to the peripherals. Some embodiments disclosed herein may comprise processes or apparatus for interconnecting or communicating between two or more components connected to an interconnection medium a within a single computer or digital data processing system.01-10-2013
20120151601IMAGE DISTRIBUTION APPARATUS - An image distribution apparatus that ensures both privacy protection and security is provided. A private area storage section stores private areas relating to the privacy of users. A cutout area storage section stores, as a cutout area, an area requested by an identified user to be distributed. An image processing level storage section stores an image processing rule that defines an image processing level for each of areas having different levels of privacy. An image processing area generation section acquires the cutout area of the identified user from the cutout area storage section, acquires, from the private area storage section, a private area of the identified user and a private area of a person other than the identified user, which private areas are contained in an image of the acquired cutout area, acquires the image processing rule from the image processing level storage section, and then determines an image processing method for each area in the cutout area in accordance with the acquired image processing rule.06-14-2012
20120151600METHOD AND SYSTEM FOR PROTECTING INTELLECTUAL PROPERTY IN SOFTWARE - A system and method for modifying material related to computer software. The system receives an original disclosure for a software system. A masquerading algorithm is applied to the original disclosure to generate a new disclosure. The subject matter of the new disclosure is different from the original disclosure but has the same functionality. The system also receives original source code for the software system and applies a camouflaging algorithm to the original source code to generate modified source code and conversion data for converting between the modified source code and the original source code.06-14-2012
20120151599ELECTRONIC SYSTEM FOR THE PROTECTION AND CONTROL OF LICENSE TRANSACTIONS ASSOCIATED WITH THE DISABLEMENT OF REPLICATED READ ONLY MEDIA AND ITS BOUND LICENSED CONTENT - Distribution of content stored on read only media, and a system and method by which a consumer who purchased content stored on read only media implements a process in the field by which they alter the storage media and verifiably disable at least a portion of the stored content in support of a transaction. A system and tools are used by the consumer to identify, authenticate, disable, and confirm disablement in exchange for compensation, the acquisition of new usage rights to content, or the ability to restore access to or copy content to new media. The process may be conducted by the consumer in the field without assistance and or visual inspection, or be partially conducted in conjunction with an authorized intermediary. Furthermore, the process may restore access to content stored on new media without the need to transfer copies of content.06-14-2012
20120151597De-Identification of Data - The present invention relates to a method, computer program product and system for de-identifying data, wherein a de-identification protocol is selectively mapped to a business rule at runtime via an ETL tool.06-14-2012
20130019316Mini Appliance Ensuring Software License ComplianceAANM Kacin; MartinAACI Palo AltoAAST CAAACO USAAGP Kacin; Martin Palo Alto CA USAANM Kloba; David DouglasAACI SunnyvaleAAST CAAACO USAAGP Kloba; David Douglas Sunnyvale CA US - In one embodiment, a method comprises: collecting software information from one or more network devices; and analyzing the software information to ensure software license compliance for the one or more network devices.01-17-2013
20130019317SECURE ROUTING BASED ON DEGREE OF TRUST - A system, method, and apparatus for secure routing based on a degree of trust are disclosed herein. The disclosed method involves assigning a level of trust to at least one network node, and utilizing the level of trust to determine a degree of security of the network node(s). The level of trust of the network node(s) is related to an amount of certainty of the physical location of the network node(s). The amount of certainty is attained from the network node(s) being located in a known secure location, and/or from verification of the physical location of the network node(s) by using satellite geolocation techniques or by using network ping ranging measurements. The method further involves utilizing the level of trust of the network node(s) to determine a degree of trust of at least one path for routing the data, where the path(s) includes at least one of the network nodes.01-17-2013
20110162081METHOD AND DEVICE FOR PROTECTING THE INTEGRITY OF DATA TRANSMITTED OVER A NETWORK - A method of transmitting data over a network, from a sending application to a receiving application, including: coding the data, by the sending application, by implementing a predefined rule; detecting alteration of at least one item of data transmitted, by the receiving application, by implementing the predefined rule; and in case an alteration of a data item is detected, restoring the altered data item. In the course of the coding, in the course of the alteration detection, and in the course of the restoration, a cyclic redundancy check or an encryption can be implemented.06-30-2011
20110162079OPTION MANAGEMENT SYSTEM, METHOD AND RECORDING MEDIUM FOR DIGITAL DEVICE - This invention provides an option management system, an option management method and a recording medium for a digital device which can charge expenses when an optional function is added, and is superior in the convenience and security. The option management system comprises a user terminal, a client terminal, and a digital device connected via a network to the user terminal and the client terminal, which performs a control process for validation or invalidation if a license key purchased by the user for an optional function of each software for monitoring, controlling and maintaining the device itself is inputted from the user terminal.06-30-2011
20130024943SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SECURING DATA ON A SERVER BASED ON A HEURISTIC ANALYSIS - A system, method, and computer program product are provided for securing data on a server based on a heuristic analysis. In use, information associated with attempts to access data on a server is recorded. Additionally, the information is heuristically analyzed. Further, the data is secured on the server based on the heuristic analysis.01-24-2013
20120066772Scalable Anti-Replay Windowing - The present disclosure provides a method for scalable anti-replay windowing. According to one exemplary embodiment, the method may include receiving at least one data packet having at least one new sequence number. The method may also include comparing the at least one new sequence number to an anti-replay window configured to prevent packet replay, the anti-replay window having at least one existing sequence number. The method may further include shifting the contents of the anti-replay window by varying the location of a starting index and an ending index. Of course, additional embodiments, variations and modifications are possible without departing from this embodiment.03-15-2012
20120066771SYSTEMS AND METHODS FOR DETECTING SUBSTITUTION OF HIGH-VALUE ELECTRONIC DOCUMENTS - Embodiments are described of systems and methods for prevention, detection, mitigation of risk, and such, of unauthorized manipulation, e.g., substitution, of high-value data files (including electronic document files).03-15-2012
20120066770INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING PROGRAM - According to one embodiment, there is provided a an information processing apparatus, including: a program acceptance portion; a program storage portion; a first function type storage portion; a function type extraction portion; a second function type storage portion; a first alternate function type storage portion; an alternate function type extraction portion; a second alternate function type storage portion; a selection portion; a judging portion; an updating portion; and a protection attribute determination portion.03-15-2012
20120066769DATA SECURITY IN A CLOUD COMPUTING ENVIRONMENT - Methods and apparatus for providing data security, in particular for cloud computing environments, are described. In an embodiment, a software component monitors events at a node in a computing system and on detection of an event of a particular type, interrupts a message associated with the event. Before the message is allowed to continue towards its intended destination, a security template is selected based on the message (e.g. the data in the message and identifiers within the message) and this template is used to determine what data protection methods are applied to each data element in the message. A modified data packet is created by applying the security template and then this modified data packet is inserted into the message in place of the data packet in the interrupted message.03-15-2012
20080250504DIGITAL RIGHTS MANAGEMENT METHOD AND APPARATUS - A digital rights management (DRM) method and apparatus are provided. The DRM method includes transmitting a rights object request message; receiving a rights object response message based on a Universal Plug and Play (UPnP) contents directory service; and acquiring a rights object using the rights object response message. Another DRM method includes receiving a rights object request message; and transmitting a rights object response message based on a Universal Plug and Play (UPnP) contents directory service. The DRM apparatus includes a transmitting unit which transmits a rights object request message to a media server of a DRM domain; a receiving unit which receives a rights object response message based on a Universal Plug and Play (UPnP) contents directory service from the media server; and a playback unit which plays back a contents object on a basis of a rights object acquired using the rights object response message.10-09-2008
20080244751Binding A Digital License To A Portable Device Or The Like In A Digital Rights Management (DRM) System And Checking Out/Checking In The Digital License To/From The Portable Device Or The Like - To render digital content encrypted according to a content key (KD) on a first device having a public key (PU10-02-2008
20080244750Method and Apparatus Regarding Attachments to E-mails - A computer processor is programmed by computer software so that the computer processor scans text of a first e-mail for any one of a set of matching words and if any one of the set of matching words is found in the text of the first e-mail, the computer processor is programmed by the computer software to alert a user that an e-mail attachment is missing. The set of matching words may include “attach”. The computer processor may alert a user than an e-mail attachment is missing by causing a message to be displayed on a computer monitor concerning whether an attachment should have been included with the first e-mail. The message may provide a prompt to the user which can be selected by the user to start the process of including an attachment with the first e-mail.10-02-2008
20080235804Dynamic Creation and Hierarchical Organization of Trusted Platform Modules - A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.09-25-2008
20080235803Server apparatus and installation information making method - A license server generates USB serial IDs for USB memory secured in a multi-function machine and then makes electronic signature files using the USB serial IDs and firmware that is the target of installation at the multi-function machine. The license server further makes electronic signature files using the firmware installer and SD card serial IDs. The license server then stores data for installation use including the electronic signature files in an SD card inserted in a client device connected to the license server.09-25-2008
20110247077System and Method for Rights Offering and Granting Using Shared State Variables - A method, system and device for sharing rights adapted to be associated with items, the method and system including generating at least one of usage rights and meta-rights for the items; defining, via the usage rights, a manner of use for the items; and defining, via the meta-rights, a manner of rights transfer for the items. The device including receiving at least one of usage rights and meta-rights for the items; interpreting, via the usage rights, a manner of use for the items; and interpreting, via the meta-rights, a manner of rights transfer for the items. The usage rights or the meta-rights include at least one state variable that is shared by one or more rights.10-06-2011
20110247076METHOD AND SYSTEM FOR RANDOM DATA ACCESS FOR SECURITY APPLICATIONS - A method for securely handling processing of information includes, in a chip, selecting one of a plurality of data processes based on a random index. After a randomly allocated time interval has elapsed, the selected one of the plurality of data processes may be initiated. The selected one of the plurality of data processes may include accessing data and/or acquiring the data. Burstiness of the data may be approximately equal to burstiness of data acquired by at least one of a plurality of clients on the chip. Data may be verified by the selected one of the plurality of data processes prior to the processing of the data.10-06-2011
20110247075METHOD AND APPARATUS FOR ENABLING SECURE DISTRIBUTION OF DIGITAL CONTENT - A digital content management system includes a host machine and a delivery machine remote from the host machine. The host machine sends validation agent software to the delivery machine, which executes the validation agent. The validation agent performs one or more tests or observations to determine whether the delivery machine has been compromised, and communicates the results of the tests or observations to the host machine. If the host machine determines that the delivery machine has not been compromised, the host machine sends digital content to the delivery machine, and a player module at the delivery machine delivers the content to the user according to an appropriate set of access rights. After delivering the content, the delivery machine deletes the content to prevent unwanted access to the content. The content can contain signals indicative that the content is legitimate, such as watermarks or bad code segments or sectors.10-06-2011
20080282355DOCUMENT CONTAINER DATA STRUCTURE AND METHODS THEREOF - Several embodiments of the present invention take the form of a file-container data structure encoded in a computer readable medium for storing files and associated metadata in a manner so that the integrity of such files are maintained and verifiable. Some embodiments take the form of a method for forming a file-container data structure. Several embodiments take the form of a method for viewing file-container data structures Some embodiments take the form of a method for authenticating a file-container data structure.11-13-2008
20130174270LICENSE INSTALL SUPPORT SYSTEM, LICENSE INSTALL SUPPORT METHOD - A license install support method includes receiving input of a first license identifier used for receiving license data, the license data being used by an electronic device for determining whether activation of a program is allowable; sending, to a license source determining device connected via a network, an acquisition request specifying the first license identifier for acquiring issuing source information including issuing source identification information of the license data; receiving the issuing source information returned from the license source determining device; and using a license install processing unit to acquire the license data corresponding to the first license identifier from a license management device relevant to the issuing source information included among plural license management devices connected via the network, and to send the license data to the electronic device.07-04-2013
20130174269MANAGING LICENSE KEYS - For managing license keys, a license key service module creates a license key service object of a license key service class. The license key service object includes a plurality of management operations including a get all license keys operation that acquires a license key for licensing services. A hosted license key service module creates a hosted license key service object of a hosted license key service class that includes the license key service object. A license key module creates a license key object of a license key class. The license key object includes the license key and employs the plurality of management operations. A management module manages the license key using the license key object, license key service object, and hosted license key service object.07-04-2013
20130174265SYSTEM AND METHOD FOR PROTECTING DATA STORED ON A REMOVABLE DATA STORAGE DEVICE - A system for protecting data stored in a memory of a removable data storage device is provided. The system includes a personal electronic device, a removable solid state data storage device operatively coupled to the personal electronic device, and a circuit configured to alter data stored in the memory of the data storage device in response to detecting that the data storage device has been removed from the personal electronic device.07-04-2013
20080222734Security System with Extraction, Reconstruction and Secure Recovery and Storage of Data - The method for securing data includes establishing a group of security sensitive items, filtering data and extracting and separating the security items from remainder data. The filtered data are separately stored (locally on a PC or on another computer in a LAN or WAN or on the Internet.) A map may be generated. The filter and/or map may be destroyed or stored. The data input, extracted data and remainder data may be deleted from the originating computer. Encryption may be utilized to enhance security (including transfers of data, filter and map). Reconstruction of the data is permitted only in the presence of a predetermined security clearance. A plurality of security clearances may be used to enable a corresponding plurality of partial, reconstructed views of the plaintext (omitting higher security words).09-11-2008
20080222733Anti-pirate memory card - An anti-pirate memory card is provided for preventing unauthorized reproduction, wherein the addresses of all bad blocks of each memory unit of the memory card are recorded during manufacturing process, and are converted into an identification code by a secret algorithm, and finally the identification code is written into a control chip and the memory unit. The memory card is effective in preventing software capture and hardware capture.09-11-2008
20080222732Computer manufacturer and software installation detection - Detailed herein is a technology which, among other things, allows the manufacturer of a computer system to be identified. In one approach to the technology, a method of determining the manufacturer of a computer is described. The method involves accessing a collection of manufacturer identification code information. The method also involves reading a specific manufacturer identification code from the computer. The method calls for comparing the specific manufacturer identification code with the collection of manufacturer identification code information, to determine the manufacturer of the computer.09-11-2008
20130179981Computer Implemented Method, Computer System And Nontransitory Computer Readable Storage Medium Having HTTP Module - A computer implemented method, a computer system or a nontransitory computer readable storage medium having an HTTP module is provided. The method, system or medium may be configured for use with a device having one or more processors and a memory storing one or more programs for execution by the one or more processors, the one or more programs may include instructions for processing information from multiple web sites served up from a web application, binding multiple secure socket layer (SSL) certificates to a single site supported by the web application, hosting the SSL certificates using an SSL accelerator, and intercepting incoming requests relayed from the SSL accelerator to the web application with the HTTP module. The method, system or medium may be configured for use with an identity management system that uses human knowledge and experience and computer software programs and databases to anticipate forms of identity-related fraud.07-11-2013
20090044279Systems and methods for fraud detection via interactive link analysis - Fraud detection is facilitated by developing account cluster membership rules and converting them to database queries via an examination of clusters of linked accounts abstracted from the customer database. The cluster membership rules are based upon certain observed data patterns associated with potentially fraudulent activity. In one embodiment, account clusters are grouped around behavior patterns exhibited by imposters. The system then identifies those clusters exhibiting a high probability of fraud and builds cluster membership rules for identifying subsequent accounts that match those rules. The rules are designed to define the parameters of the identified clusters. When the rules are deployed in a transaction blocking system, when a rule pertaining to an identified fraudulent cluster is triggered, the transaction blocking system blocks the transaction with respect to new users who enter the website.02-12-2009
20110271354APPARATUS, SYSTEM AND METHOD FOR SECURING DIGITAL DOCUMENTS IN A DIGITAL APPLIANCE - Various embodiments include an apparatus and a method to secure protected digital document content from tampering by their user, such as unauthenticated use or use violating a policy of the digital document. The digital document file can be transferred from a network node such as a web site server to a digital appliance, such as a computer, in encrypted form. The digital document file can be resident already on a device, and/or be transferred into a device that is connected to the digital appliance. The device (hereafter a DRM device) can internally store the digital document or part of the document. The DRM device may decrypt the digital document when requested to do so. The device may further format the content for usage, for example, convert text into its graphic bitmap representation. Device formatting can include sending plain text data to the digital appliance. The device may further process degradation to the resulted file, for example, reduce the resolution of the graphic representation. The digital appliance uploads the result of the processing or sections of the result of the processing for user access via the digital appliance.11-03-2011
20110271350 METHOD FOR PROTECTING SOFTWARE - A method for protecting software is disclosed in the invention, including steps of analyzing the software or obtaining source codes of the software, and modifying the instructions obtained from analyzing the software or source codes of the software, and programming the modified instructions or compiling the modified source codes to obtain new software and ending or going on running the rest of instructions according to the result of executing the new instructions. By executing this method, the software is protected.11-03-2011
20120255028Providing Trusted Services Management Using a Hybrid Service Model - Methods, computer readable media, and apparatuses for providing trusted services management using a hybrid service model are presented. According to one or more aspects, a first transaction log of a first secure element included in a mobile computing device may be received. The first secure element may be provisioned with first secure information provided to a user of the computing device by a first entity, such as a first financial institution. Subsequently, a second transaction log of a second secure element included in the mobile computing device may be received. The second secure element may be provisioned with second secure information provided to the user of the computing device by a second entity different from the first entity, such as a second financial institution, for instance. In some arrangements, incentive offers may thereafter be provided to the user based on the first transaction log and the second transaction log.10-04-2012
20120255027DETECTING CODE INJECTIONS THROUGH CRYPTOGRAPHIC METHODS - Code injection is detected based on code digests associated with hashes of selected portions of content supplied to clients by a server. A client receives the content and generates a corresponding code digest, and based upon a comparison with the code digest received from the server, determines if the received content has been corrupted. The code digest can be signed or supplied with a digital certification for verification that the code digest originated from the server providing the content.10-04-2012
20120255026METHOD AND DEVICE FOR MANAGING DIGITAL USAGE RIGHTS OF DOCUMENTS - A method, device, and system for managing digital usage rights of documents includes a mobile computing device having a digital rights management (DRM) enforcement engine included therein. The mobile computing device may communicate with a server, such as an enterprise digital rights management (EDRM) server, to retrieve a secured document and an associated document usage rights policy. The document and usage rights policy are stored in a secured storage of the mobile computing device. The DRM enforcement engine of the mobile computing device provides access to the requested document while locally enforcing the associated document usage rights policy. In some embodiments, the mobile computing device may act as a proxy for other computing devices communicatively coupled to the mobile computing device and/or act as a local EDRM to such computing devices.10-04-2012
20130174268METHOD AND SYSTEM FOR DOCUMENT DATA SECURITY MANAGEMENT - The present invention discloses a system for document security control to improve the security of document data, and the system comprises: an application, embedded in a machine readable medium, which performs a security control operation on abstract unstructured information by issuing an instruction to a platform software; the platform software, embedded in a machine readable medium, which accepts the instruction from the application and performs the security control operation on storage data corresponding to the abstract unstructured information; wherein, said abstract unstructured information are independent of a way in which said storage data are stored.07-04-2013
20130139270INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING APPARATUS STARTUP CONTROL METHOD - An information processing apparatus includes a first processor that is connected to an input/output device and is configured to execute a program for controlling an apparatus including the input/output device, and a second processor that is connected to an external network and is configured to execute a program for establishing communication via the external network, wherein when starting the information processing apparatus, the second processor verifies an integrity of the program to be executed by the first processor and starts the first processor when the integrity of the program to be executed by the first processor is verified, and when the integrity of the program to be executed by the first processor is not verified, the second processor issues a problem notification without using a user interface of the first processor.05-30-2013
20130139269CONTEXTUAL USE AND EXPIRATION OF DIGITAL CONTENT - Technologies related to contextual use and expiration of digital content are generally described. In some examples, a receiving device may connect with a sponsoring device having the digital content. A relationship property defines a relationship context between the receiving device and the sponsoring device. The receiving device may receive the digital content from the sponsoring device and use the digital content so long as allowed, as determined with reference to the relationship property.05-30-2013
20130091581Methods and Systems for Establishing and Maintaining Verified Anonymity in Online Environments - In online communities and e-commerce sites that desire identity verification of individuals, a verified user is restricted to a single user identity, typically the user's real name. The use of one's real name in the context of online transactions and communication, however, is often not ideal, and in some instances, may present a safety risk for the individual. Further, specific transactions may require privacy. This invention provides methods and systems that allow an online user to establish and maintain verified anonymity. To accomplish this, a user's real identity is first verified, after which s/he establishes one or more pseudonyms each associated with the user's account, which the user may select to for use in the online environment, for example, an online social network.04-11-2013
20130091582CONTENT SECURITY IN A SOCIAL NETWORK - Members of a social network (SNET) circle can share content with other members of SNET circle, members of the same SNET that are not members of the same circle, or send content to people or devices outside of SNET. Different levels of content security can be applied to the shared content, depending on who requests the content, the destination of the content, user preferences, content type, SNET, SNET circle, or other security parameters. Content can be tagged to limit the number of times it can be accessed, the length of time access is allowed, and to otherwise control redistribution. Content can also be protected by limiting host network access to the content, implementing SNET circle firewalls and virtual private networks, or transcoding content before allowing transmission to non-SNET circle or SNET members. Docking of devices into an SNET security circle can be restricted to properly secured devices.04-11-2013
20130097715CONTENT DELIVERY SYSTEM AND METHOD OF DELIVERING - A content delivery system (04-18-2013
20130097714APPARATUS AND METHOD FOR PROTECTING PRIVATE INFORMATION - An apparatus and method for protecting private information displayed in protective content while displaying content on an external device, the apparatus including an external device for transmitting display information displayed content to a wireless terminal and temporarily freezing a screen of the external device, and the wireless terminal for displaying the same displayed content based on the display information of the content received from the external device, and transmitting processing-completed data and display information of subsequent content to the external device when protective content processing is completed.04-18-2013
20130097713GENERATION OF A HUMAN READABLE OUTPUT MESSAGE IN A FORMAT THAT IS UNREADABLE BY A COMPUTER-BASED DEVICE - This disclosure relates to a system and related operating methods for generating a message intended for display at a computer-implemented client device. The method receives, from the client device, a request to perform an operation. In response to receiving the request, the operation is executed at a computer-implemented server device to obtain a result. An alphanumeric message associated with the result is obtained, and an image is generated. The image contains a visually obfuscated representation of the alphanumeric message, wherein the visually obfuscated representation of the alphanumeric message is human readable and resistant to computer-based reading techniques. The method continues by providing the image for rendering at a display element of the client device.04-18-2013
20130097712SOFTWARE LICENSE INCOMPATIBILITY DETERMINATION - A non-transitory storage device stores instructions that, when executed by a hardware processor, causes the hardware processor to receive from an input device. The input identifies software licenses for software components to be included in an application. The instructions also cause the hardware processor to receive usage information identifying how the application is to be used and to determine whether an incompatibility exists between any of the software licenses for the software components and the usage information. Based on a determination of the existence of an incompatibility, the instructions cause the hardware processor to display a recommendation as to how to avoid the incompatibility.04-18-2013
20130179982Data Processing Engine System And Method - A computer implemented method for a data processing engine for an identity management system, can comprise: on a computer device having one or more processors and a memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for: configuring an inbound or outbound feed; executing the inbound feed; and executing the outbound feed. Also, a computer system and a non-transitory computer-readable storage medium for the same.07-11-2013
20130179987SYSTEM FOR LICENSING MOBILE APPLICATIONS, FEATURES, AND DEVICES - A system for licensing an application or feature for use on a wireless mobile device is disclosed. The wireless mobile device is provided to a user with a licensable application or feature, but the application or feature has not been fully authorized for use. When the wireless device receives a request to use the application or feature, the wireless device operates the requested application or feature, and generates an irrevocable license request. The license request is transmitted to a license server at a time convenient for the wireless device. The license server generates a license certificate to the application or feature, and transmits the license certificate to the wireless mobile device. The wireless device receives the license certificate, which is stored in local memory. Accordingly, the application or feature is now fully licensed for future operation on the wireless mobile device. The license server operates accounting processes to generate license reports and license accounting information.07-11-2013
20130104240CENTRALIZED ADMINISTRATION-BASED LICENSING SYSTEM - Methods and systems for providing a centralized management system with an integrated license server and pluggable license features are provided. More particularly, the administration of application instances or other assets through the centralized management system results in the initiation of a license validation process by the central management system in cooperation with a license server. The system management application providing centralized asset management and the license server performing license validation are co-resident on a central management server. The availability of assets requiring a license is implemented through asset administration data maintained by the central management server, to indicate the existence of a required license, where the license server indicates that the required license is available. Access to an asset is denied where the license server indicates the absence of a required license to the system management server.04-25-2013
20130104244INTEROPERABILITY BETWEEN A PLURALITY OF DATA PROTECTION SYSTEMS - A system is disclosed for providing interoperability between a plurality of data protection systems. The system includes an ontology (04-25-2013
20130104243PROTECTING PRIVACY WHEN COMMUNICATING WITH A WEB SERVER - Protecting privacy when communicating with a web server via a communication network, includes receiving by a first privacy agent a request from an application program of a client system for a connection to a web server having a target web server address, sending the request together with a first identification from the first privacy agent to the second privacy agent, forwarding the request together with a second identification from the second privacy agent to the third privacy agent. Further processing is performed responsive to determining that the target web server address matches a defined web server address which is accessible by the third privacy agent.04-25-2013
20130104242METHOD AND SYSTEM FOR FORENSIC MARKING OF DIGITAL CONTENTS - Disclosed are a forensic marking method and a forensic marking system capable of inserting in real-time a forensic mark for user information in digital contents provided online. The forensic marking method of the digital content according to an exemplary embodiment of the present disclosure includes generating a first content created by inserting a first forensic mark in an original content and a second content created by inserting a second forensic mark in the original content by a content server; transmitting the first and second contents to a client terminal by the content server; and combining fragments of the first and second contents in a combination order corresponding to user information to generate a third content by the client terminal04-25-2013
20130104241Devices for Controlling Rendering Protected Content and Related Methods - Devices for providing flexible control of rendering of protected media comprising first and second content objects are provided. An instruction database combines with traditional use of digital rights objects for determining, at rights parsing and instruction handler, conditions for rendering of first content object. Conditions may force the user to render second content objects or to input requested data and may adapt to environmental conditions exemplary relating to user profile, location, or time of day. A set of second content objects may be pre-determined and specified in provided instructions. User selection, from a list of second content objects, of a specified number of second content objects, provides for generation of a key enabling successful rendering of first content object.04-25-2013
20130104238METHOD AND APPARATUS FOR VERIFYING PROOF OF PRESENCE - An approach is provided for facilitating a verification of proof of presence of a user device that can be unspoofable and/or encrypted. A tag verification platform processes information associated with one or more memory tags, one or more vendors, one or more service providers and one or more user device, or a combination thereof related to a verification of proof of presence wherein the verification can be utilized by one or more vendors and/or service providers to provide one or more products and/or one or more services to one or more users.04-25-2013
20130104239SYSTEM AND METHOD FOR OBFUSCATING DATA USING INSTRUCTIONS AS A SOURCE OF PSEUDORANDOM VALUES - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data using instructions as a source of pseudorandom values. Obfuscation is performed by receiving instructions and data and compiling the instructions and the data into an executable file having a text section and a data section. The text section can include instructions and the data section can include data segments. The system obfuscates the data section iteratively by generating a hash of an address for a respective data segment, and based on the hash, identifying a corresponding address in the text section that includes at least one instruction. The system retrieves a mask key from the corresponding address and applies the mask key to the respective data segment, yielding a masked data segment. In one embodiment, integrity verification of obfuscated data is performed without exposing the data in an unprotected state by utilizing multiple mask keys.04-25-2013
20130125244PLATFORM INTEGRITY VERIFICATION SYSTEM AND INFORMATION PROCESSING DEVICE - A platform integrity verification system capable of executing platform integrity verification by a trusted boot without causing a delay of system startup time. The platform integrity verification system has an information processing device and an integrity verification computer that is communicably connected to each other. The information processing device comprises an acquisition section acquires a unique value from each of a plurality of programs executed by the information processing device when the information processing device is shut down; and a storage section configured to store the unique value acquired by the acquisition section in a storage device. The integrity verification computer comprises a comparison section configured to acquire the unique value stored in the storage device through communication with the information processing device and compares the acquired unique value with a predetermined value held in advance for each program.05-16-2013
20130125243METHOD FOR PREVENTING SOFTWARE REVERSE ENGINEERING, UNAUTHORIZED MODIFICATION, AND RUNTIME DATA INTERCEPTION - A method for preventing the unauthorized modification of a software or unauthorized modification of runtime data. According to this method, a converter, which is capable of converting the software into a generalized machine code is provided. The converter is designed such that it cannot he reverse engineered, by using a conversion process that causes data loss. An interpreter, which the knowledge of its process method is kept restricted, is also provided. The interpreter interprets the general machine code into a specific machine code, while reconstructing the lost data during the interpretation process.05-16-2013
20130125242CLIENT-SERVER VERSION CONTROL SYSTEM FOR SOFTWARE APPLICATIONS - A software version control system manages versioned applications in a client-server computing system environment. Thereby this is a management system for computer application (software) distribution where a number of client devices coupled to a server may be executing different versions of a particular computing application. The system manages updates to the applications and enforces rules or policies to use the most recent version whenever possible.05-16-2013
20130125241System and/or method relating to a license manager - Embodiments of methods, apparatuses, and/or systems relating to a license manager are disclosed.05-16-2013
20130125240Method and apparatus for facilitating the transfer of a software license between computer systems - One embodiment of the present invention provides a system that facilitates the transfer of a software license from a first client to a second client. The system operates by receiving a request at the first client to deactivate the software license for an associated application installed on the first client. The system then receives a deactivation request that includes an identifier for the license at a license activation server from the first client. Next, the system validates the identifier on the license activation server to determine if the identifier is a valid identifier. If so, the system sends a deactivation message to the first client, receives a deactivation response from the first client, and increments a count of license instances available for the identifier on the license activation server.05-16-2013
20130133077SYSTEM AND METHOD FOR PREVENTING ILLEGAL COPY - Disclosed herein is an illegal copy prevention system and method. In short, an anti-copy prevention system of the present invention includes, a chipless RFID disk having a print layer distributed with metal fibers; an Optical Disk Drive (ODD) reading, recorded information when mounted with the chipless RFID disk; and a reader installed in the disk drive to sense whether metal fibers distributed at the printed layer exists and a unique ID contained in the metal fiber.05-23-2013
20130145474CONCEALING AND REVEALING MESSAGE DATA - Systems, methods, computer program products, and networks for messaging. In some examples the identity of a sending user of a message and/or other data is initially concealed when the (manipulated) message or an associated created message is sent to an intended receiving user. In these examples, revealing data which enables determination of at least some data which the sent message concealed is only provided upon request, and in some of these examples, only after a user has been authenticated as being an intended receiving user.06-06-2013
20130145476Managing A Software Item On A Managed Computer System - A method and system is provided of managing a current software item on a managed computer system connectable to a management computer system via a computer network. The method includes identifying, using an agent application, the current software item on the managed computer system, identifying if the current software item is an unauthorized software item; and selectively disabling the unauthorized software item.06-06-2013
20130179986Flash Memory Distribution of Digital Content - Methods, apparatuses, and computer-readable media for distributing digital content. One embodiment comprises an apparatus comprising: a device (07-11-2013
20130179985SECURING USER DATA IN CLOUD COMPUTING ENVIRONMENTS - Systems and methods for obfuscating user data in a remote web-based application are disclosed. According to one method, user inputs to a displayed web page of the remote web-based application are received at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application. The user inputs are transmitted to a management component that is configured to interact with a second web browser that communicates with the web-based application. The management component obfuscates at least a portion of the user-inputted data and forwards the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.07-11-2013
20130179984method for controlling the execution of an application on a computer system - A method for controlling the execution of a software application on a computer system. The method includes the steps of generating a license map based on a given license for the application, the license map including the information on which user is allowed to execute the application, providing a license client on the computer system and providing a license server delivering the license map to the license client. When a user requests execution of the application, the license client decides whether the user is allowed to execute the application based on the license map.07-11-2013
20130179983System and Method for Digital Rights Management of Digital Media - A system and accompanying method for Digital Rights Management (DRM) are disclosed that permit arbitrary forms of digital media to be vended in a networked environment. Special purpose renderers are distributed with each particular instance of digital media. Each renderer may include a tailored set of controls allowing the owner of the digital media to restrict the use thereof.07-11-2013
20130179980SYSTEMS AND/OR METHODS FOR MONITORING AUDIO INPUTS TO JUKEBOX DEVICES - Certain exemplary embodiments relate to techniques for detecting unlicensed music on a digital jukebox device. A monitoring module, system, subsystem or the like determines whether audio is being provided to the digital jukebox device from an external source for reproduction via a speaker system connected to the jukebox device in place of jukebox media available directly to the jukebox device. When audio is being provided from the external source: at least a portion of the audio being provided to the digital jukebox device from the external source for reproduction via the jukebox device is captured; it is detected whether the captured portion corresponds to audio content that should be licensed; and a log of possible license violations is updated as appropriate. A notification concerning the log of possible violations is generated when a number of possible violations meets or exceeds a predetermined threshold in a predetermined time period.07-11-2013
20130145477CONTENT REPRODUCTION SYSTEM, INFORMATION PROCESSING TERMINAL, MEDIA SERVER, SECURE DEVICE, AND SERVER SECURE DEVICE - A content reproduction system includes an information processing terminal and a secure device. The information processing terminal receives a copyright protection application program from an application distribution server. The copyright protection application program includes a first program having a first execution format executable in the information processing terminal and a second program having a second execution format different from the first execution format and executable in the secure device. The second program is encrypted with a program key held in the secure device. By extracting and executing the first program, the information processing terminal extracts the second program and transmits the second program to the secure device. The secure device receives the second program from the information processing terminal, decrypts the second program using a program key stored in a key storing unit, and executes the second program.06-06-2013
20080209569INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSOR, IMAGE FORMING APPARATUS, AND INFORMATION PROCESSING METHOD - An information processing system including multiple apparatuses capable of executing one or more applications and an information processor connected to the apparatuses through a first network is disclosed. The information processing system includes a license status information obtaining part configured to obtain the license status information of the applications installed in each of the apparatuses from the corresponding apparatuses through the first network, a license data obtaining part configured to obtain license data authorizing usage of the applications from a computer connected through a second network based on the license status information, and a license data delivery part configured to deliver the license data to each of the apparatuses.08-28-2008
20080201781Tool Pack Structure and Contents Execution Device - A tool pack structure includes: a signature value for guaranteeing authenticity of a tool pack; a tool pack identifier for identifying the tool pack; each unit tool pack provided according to a hardware platform; and tool pack data containing initial values assigned when each unit tool pack is used. Each tool pack includes platform information indicating information about hardware in which the tool pack may be used; a tool agent that is a program activated for content execution; and a tool group including at least one tool program activated by the tool pack agent for processing content according to a predetermined rule. A tool agent leaves operation of a protection tool group used by a specific service provider entirely to a tool agent (execution code) provided together with the tool group by service providers. Accordingly, information about the used tools does not have to be disclosed to the public. Since a user terminal simply calls each tool agent, it can support interoperability with other DRM techniques.08-21-2008
20110225657METHOD AND APPARATUS FOR PREVENTING ILLEGAL SOFTWARE DOWNLOAD OF PORTABLE TERMINAL IN COMPUTER SYSTEM - A method and an apparatus for preventing an illegal SoftWare (SW) download of a portable terminal in a computer system are provided. The method includes receiving an input of an SW binary, acquiring an encryption result value by applying a predefined encryption algorithm to the SW binary, mapping and storing the SW binary and the encryption result value, and, when receiving a request for transmission of an SW binary for a Mobile Station (MS) from a computer, transmitting a corresponding SW binary and an encryption result value to the computer.09-15-2011
20110239305WIRELESS COMMUNICATION DEVICE, INFORMATION DISTRIBUTION SYSTEM, PROGRAM - There is provided a wireless communication device including a communication section which receives, from an information distribution device that distributes distribution information or another wireless communication device that has received the distribution information, the distribution information using ad hoc wireless communication, a position information acquisition section which acquires position information indicating a current position, a movement amount calculation section which calculates a movement amount from the information distribution device based on a change in the position information acquired by the position information acquisition section, and a distribution information management section which manages availability of the distribution information based on the movement amount and a predetermined limited area-radius that defines a limited area in which the distribution information is distributed.09-29-2011
20120278897SYSTEM AND METHOD OF SORT-ORDER PRESERVING TOKENIZATION - An intercepting proxy server processes traffic between an enterprise user and a cloud application. The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding real data elements. In order for the sort order of the tokens to correspond to the sort order of the corresponding real data elements, a sort order preserving data compression is performed on parts of the real data elements, and the compressed values concatenated with the obfuscated tokens, thus producing sortable tokens which, even though they are obfuscated, appear in the correct sort order in the cloud application.11-01-2012
20130152207DATA ACCESS REPORTING PLATFORM FOR SECURE ACTIVE MONITORING - Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.06-13-2013
20130152208SECURITY KEY MANAGEMENT BASED ON SERVICE PACKAGING - A device receives application information associated with applications provided by a network, and determines service package identifiers for one or more applications identified in the application information. The device also receives information associated with devices and subscribers of the network, and determines security key parameters based on the information associated with the devices and the subscribers of the network. The device further generates, based on the security key parameters, a security key for each of the service package identifiers.06-13-2013
20130152209Facilitating System Service Request Interactions for Hardware-Protected Applications - Described herein are implementations for providing a platform adaptation layer that enables applications to execute inside a user-mode hardware-protected isolation container while utilizing host platform resources that reside outside of the isolation container. The platform adaptation layer facilitates a system service request interaction between the application and the host platform. As part of the facilitating, a secure services component of the platform adaptation layer performs a security-relevant action.06-13-2013
20130152210COORDINATED WATERMARKING - Methods, devices and computer program products enable embedding and extraction of multiple watermark messages in a coordinated fashion to improve watermark transparency, robustness against impairments, security, and computational complexity of embedding and extraction of watermarks. Coordinated watermark embedding and extraction operations take advantage of a pre-defined relationship between the symbols of two watermark messages. The improved aspects of the watermarking system provide significant value to content owners, content distributors, and consumers at a small incremental cost.06-13-2013
20130152206METHOD AND APPARATUS FOR PREVENTING UNAUTHORIZED ACCESS TO INFORMATION STORED IN A NON-VOLATILE MEMORY - A communications device for ensuring secure data transfer provided having an interface device for controlling data transfer, an integrated circuit coupled to the interface device and having a processor, a non-volatile memory for storing at least program code for the processor, a volatile memory, an input pin and an output pin; and an electrical conductor which electrically connects the input pin and the output pin. The electrical conductor passes through an external portion of the enclosure, e.g., a slot, which allows a user to easily sever the electrical conductor. In operation, a portion of the program code detects when the electrical conductor is severed and causes the program code in the non-volatile memory to be erased, data transfer via the interface device to be disabled, and power to the integrated circuit cut off to ensure that all information in volatile memory is erased.06-13-2013
20130152211USING SOCIAL SIGNALS TO IDENTIFY UNAUTHORIZED CONTENT ON A SOCIAL NETWORKING SYSTEM - A prediction is calculated to determine whether a content item posted on a social networking system infringes on copyrights or otherwise violates the system's terms of use. The predictions are generated using social signals that are based on social information surrounding the content item, such as the density of connections between the posting user and the viewing users, the profile information of the users, and the geographical separation between the users. The content item is disabled if the prediction indicates a violation and the violation can be verified.06-13-2013
20130152212DEPERSONALIZED SEARCH - Methods and systems for managing a search process are provided. One method includes receiving user information from a user application, the user information associated with a search provider maintaining search services and non-search services. The method further includes transmitting the user information to the search provider, and receiving one or more cookies from the search provider. The method also includes receiving a user request from a user application, the user request addressed to the search provider, comparing the user request to a list of non-search services maintained by the search provider, and, upon determining that the user request is associated with a search service, transmitting the user request to the search service without transmitting the one or more cookies.06-13-2013
20130152213APPARATUS, SYSTEM AND METHOD FOR PREVENTING DATA LOSS - A device and method are provided for a device that communicates security information to a user entering content into the device. In an aspect, the device may access content from a server over a connection through the network. The device displays the content on a user interface of the device. The device detects information entered into a field of the displayed content and evaluates a security state of the device. If the security state is below a security threshold and, if the entered information is identified as protected information based on stored criteria, the device displaying a visual indication on the user interface.06-13-2013
20130152214METHODS AND APPARATUS TO MITIGATE A DENIAL-OF-SERVICE ATTACK IN A VOICE OVER INTERNET PROTOCOL NETWORK - Methods and apparatus to mitigate a Denial-of-Service (DoS) attack in a voice over Internet protocol (VoIP) network are disclosed. An example method comprises receiving a communication session initiation message from a communication session endpoint, determining whether the communication session endpoint is associated with a probable DoS attack, and sending to the communication session endpoint a communication session initiation response message comprising a DoS header when the communication session endpoint is associated with the probable DoS attack.06-13-2013
20100299757MOBILE TERMINAL FOR INFORMATION SECURITY AND INFORMATION SECURITY METHOD OF MOBILE TERMINAL - A mobile terminal to secure information stored therein is provided. The mobile terminal may perform an algorithm to perform information security without remote control. The mobile terminal may detect a characteristic behavior pattern of a user of the mobile terminal, compare the characteristic behavior pattern with a behavior pattern of a current user, and thereby may determine whether a current user is an authorized user. Also, the mobile terminal may perform processing to protect data stored in the mobile terminal based on a result of the determination.11-25-2010
20120260347Methods, Systems, and Devices for Securing Content - Methods, systems, and devices secure content in memory. The content includes a lock that prohibits reading the content from memory. Prior to expiration of the lock the content cannot be read from memory. At expiration, however, the content is readable.10-11-2012
20120284801Online Privacy Management - A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon for display on webpages being monitored/controlled in realtime by the PMS.11-08-2012
20120284800Method and Apparatus for Synchronizing an Adaptable Security Level in an Electronic Communication - A method of communicating in a secure communication system, comprises the steps of assembling as message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.11-08-2012
20120284799VISUAL CRYPTOGRAPHY AND VOTING TECHNOLOGY - In some embodiments, techniques for voting and visual cryptography may include various enhancements.11-08-2012
20120284798CONFIDENTIAL COMMON SUBJECT IDENTIFICATION SYSTEM - A computerized method and apparatus are established to identify a subject of common interest among multiple parties without releasing the true identity of any subject. Furthermore, a computerized network provides different parties at different locations with a mechanism to conduct cooperative activities concerning such a subject of common interest without exposing that subject to possible identity theft.11-08-2012
20120284797DRM SERVICE PROVIDING METHOD, APPARATUS AND DRM SERVICE RECEIVING METHOD IN USER TERMINAL - Disclosed is a DRM Proxy Server Agent (DRM PSA), which converts a format of a DRM system into a format recognizable in a user terminal when the user terminal and a service provider do not use the same type of DRM system. The user terminal downloads the DRM PSA from the service provider and installs the DRM PSA in the user terminal. Through the download and installation of the DRM PSA, the user terminal can use various DRM systems provided by the service provider regardless of the type of DRM system installed in the user terminal.11-08-2012
20130185804METHOD AND APPARATUS FOR GENERATING PRIVACY RATINGS FOR APPLICATIONS - An approach is provided for generating privacy ratings for applications. A privacy ratings platform determines use information associated with one or more applications executing on one or more devices. By way of example, the use information is determined based, at least in part, on usage data associated with one or more input sources, one or more components, one or more categories of personal information, or a combination thereof associated with the one or more devices. The privacy ratings platform then processes and/or facilitates a processing of the use information to determine one or more privacy ratings for the one or more applications.07-18-2013
20130185803MARKING AND OBSCURING SENSITIVE VALUES IN TRACES - In one embodiment, a method for processing trace data is provided. The method generates trace data during execution of the target application and obtains criteria for identifying whether a value in the trace data is sensitive. An initial occurrence of a sensitive value in the trace data is identified based on the obtained criteria. The method then stores the sensitive value in a data structure accessible by an obscuring process. The obscuring process receives the trace data and obscures occurrences of the sensitive value in the trace data prior to providing the trace data for display.07-18-2013
20130185802Online Fraud Detection Dynamic Scoring Aggregation Systems and Methods - In some embodiments, an online fraud prevention system combines the output of several distinct fraud filters, to produce an aggregate score indicative of the likelihood that a surveyed target document (e.g. webpage, email) is fraudulent. Newly implemented fraud filters can be incorporated and ageing fraud filters can be phased out without the need to recalculate individual scores or to renormalize the aggregate fraud score. Every time the output of an individual filter is calculated, the aggregate score is updated in a manner which ensures the aggregate score remains within predetermined bounds defined by a minimum allowable score and a maximum allowable score (e.g., 0 to 100).07-18-2013
20130185801SECURE DATA STORAGE AND RETRIEVAL - A system for secure data processing can include an electronic data storage device and a field programmable gate array coupled to the electronic data storage device. The field programmable gate array can be configured to include a data storage section for performing a data storage operation and a data retrieval section for performing a data retrieval operation. The data storage operation can include obtaining a seed value and retrieving one or more algebraic operations based on the seed value. The storage operation can also include processing input data according to the one or more algebraic operations to generate pseudorandom output data, prepending the seed value to the output data and storing the output data in the electronic data storage device.07-18-2013
20110289590PRIVACY MANAGEMENT OF DATA - The invention relates to receiving data originating from multiple users, identifying data item combinations occurring within said data, determining privacy sensitivity measures to said data item combinations, and communicating privacy sensitivity measure(s) to user(s) concerned. The privacy sensitivity measures can be used to protect user privacy.11-24-2011
20110307963SYSTEMS AND METHODS FOR THE SECURE CONTROL OF DATA WITHIN HETEROGENEOUS SYSTEMS AND NETWORKS - Systems and methods for managing data rights are provided. A first label associated with a first data object may be received, and the first label may be converted into a first universal label based at least in part upon one or more predefined rules for the conversion of the first label into the first universal label. Additionally, a second label associated with a second data object may be received, and the second label may be converted into a second universal label based at least in part upon one or more predefined rules for the conversion of the second label into the second universal label. A combined universal label applicable to both the first data object and the second data object may be generated from the first universal label and the second universal label.12-15-2011
20110307962CONTENT SERVER DEVICE AND CONTENT DELIVERY METHOD - A content server device includes a request section for requesting a key server to transmit key data for decrypting encrypted content data to a client side in response to the content distribution request from the client side and a control unit which prohibits the transmission of the encrypted content data in response to the content distribution request when the reception number of notification received from the client side and indicating the reception of the key data from the key server is not less than the transmission number of key data to the client side by the key server and which transmits the encrypted content data in response to the content distribution request when the number of reception is not more than the number of transmission.12-15-2011
20110307958SOFTWARE LICENSE AND INSTALLATION PROCESS MANAGEMENT WITHIN AN ORGANIZATION - A software license and a software installation process are managed. A status of the license can be one of at least a third party reserved status, a requester reserved status, a requester allocated status, and an available status. A first module can be operative to change the status of the license from the third party reserved status to the requester allocated status in response to receiving a mode selection. The mode selection can correspond to one of one or more modes. The modes can comprise a reserve license mode, a remove reserve mode, a request license allocation mode, a return excess license to inventory mode, an ordering mode, and an add license to inventory mode. The first module can be operative in at least one of the modes.12-15-2011
20110314553LOCATION ENABLED BOOKMARK AND PROFILE - Location based profiles are used to modify the configuration of a computing device based on a detected location. The location based profiles allow features such as cameras to be enabled and disabled. Physical and logical data storage partitions can also be mounted and unmounted, and the home screen displayed by a device can be modified. Location bookmarks can be used to further customize the appearance and function of a computing device.12-22-2011
20110314552Remote Display Tamper Detection Using Data Integrity Operations - Methods and systems for detecting tampering of a remote display. According to one method, a first data integrity result is generated by performing a first data integrity operation on display data to be displayed on the remote display at a secure module. The display data is transmitted from the secure module to the remote display security module. The remote display security module receives the display data. A second data integrity result is generated by performing the first data integrity operation on the display data received at the remote display security module. A determination is made as to whether the remote display has been tampered with at the secure module if the first data integrity result does not match the second data integrity result.12-22-2011
20110314551System or method to assist and automate an information security classification and marking process for government and non-government organizations for information of an electronic document - A software engine runs in a compatible mode with offthe-shelf word processors, e-mail programs and presentation development software and other document development software. The software engine is used for the security classification of sensitive or national security classified information in electronic and resultant hard copy document formats. The software engine ensures that the individual considers all informational portions of a document, that appropriate document marks are employed, that document marks in their electronic format are persistent and that all necessary information, such as classification guides, standards and security regulations, provided by the organization to classify information is at hand and immediately available. In addition to the document sensitivity or classification determination and marking support, the software engine tracks and controls documents and the electronic media storing documents. It also provides warnings and alarms, ad hoc document security analysis and reporting capability to system security administrators with respect to document or network events or captured information that may be indicative of risk to the information requiring protection. The software also provides the ability for an organization to centrally establish and control a security classification or sensitivity marking hierarchy for automated security classification support.12-22-2011
20110314550WATERMARK TO IDENTIFY LEAK SOURCE - Watermarks may be used to deter certain types of information leaks. In one example, leaks occur in the form of posting, in public forums, screen shots of private pages. To deter this example kind of leak, private web pages within an organization may be watermarked with an experience identifier that identifies the session in which the screen shot is captured. Other information may also be included in the watermark. The watermark may be designed to survive image compression, so that it can be recovered from either a compressed or uncompressed image of the web page. By using an experience identifier recovered from the watermark, and logs that describe activity associated with that experience identifier, it may be possible to identify the source of the information leak.12-22-2011
20130191924Approaches for Protecting Sensitive Data Within a Guest Operating System - Approaches for preventing unauthorized access of sensitive data within an operating system (OS), e.g., a guest OS used by a virtual machine. Dummy data may be written over physical locations on disk where sensitive data is stored, thereby preventing a malicious program from accessing the sensitive data. Alternately, a delete operation may be performed on sensitive data within an OS, and thereafter the OS is converted into a serialized format to expunge the deleted data. The serialized OS is converted into a deserialized form to facilitate its use. Optionally, a data structure may be updated to identify where sensitive data is located within an OS. When a request to access a portion of the OS is received, the data structure is consulted to determine whether the requested portion contains sensitive data, and if so, dummy data is returned to the requestor without consulting the requested portion of the OS.07-25-2013
20130191925Integrated Secure And Non-Secure Display For A Handheld Communications Device - A handheld communications device is created with a touch sensitive display, a secure computing component, and a non-secure computing component. The secure component may comprise a secure CPU executing a secure operating system. The non-secure component may comprise a separate non-secure CPU executing a separate non-secure operating system. The touch sensitive display on the handheld communications device is divided into a secure portion and a non-secure portion such that information displayed in the secure portion is provided by the secure operating system, and information displayed in the non-secure portion is provided by the non-secure operating system. Similarly, data entered through the secure portion of the display is provided to the secure operating system, and data entered through the non-secure portion of the display is provided to the non-secure operating system.07-25-2013
20130191922USER PROMPTED METADATA REMOVAL - Methods and apparatuses for the removal of metadata include the removal of metadata from an artifact accompanying a message. In a mobile communication device, a method for removing metadata from an artifact accompanying a message includes displaying at least one prompt via a user interface of the mobile communication device. Further, the method includes receiving, from a user of the mobile communication device via the user interface in response to the at least one prompt, metadata removal preference data. Cleansing instructions based on the metadata removal preference data are created and the message, the cleansing instructions, and the artifact are sent to a delivery system. The delivery system removes metadata from the artifact based on the cleansing instructions.07-25-2013
20130191923SOFTWARE LICENSE MANAGEMENT IN A NETWORKED COMPUTING ENVIRONMENT - An approach for managing licenses for software installations on virtual machine (VM) instances in a networked computing environment (e.g., a cloud computing environment) is provided. Specifically, in one example, data (e.g., real-time and/or historical) pertaining to usage of a set of software installations on a set of (VM) instances in the networked computing environment is collected. When a request is received (e.g., from a requester) for a license for a particular software installation of the set of software installations, it is determined whether the license is available. If not, it is then determined whether the license is obtainable based on the collected data and a current configuration of the networked computing environment. Then, responsive to the license being obtainable, the requested license may be allocated.07-25-2013
20130191926Method and Apparatus for Streaming Rights-Managed Content Directly to a Target Device over a Network - A content server (07-25-2013
20130191927CONTENT MANAGEMENT DEVICE AND CONTENT MANAGEMENT METHOD - Provided is a content management device for protecting a content of a provider. A content management device 07-25-2013
20120291134NAVIGATION SYSTEM - At the first data access by a navigation unit to a recording medium that records updating right information necessary for updating map data in a rewritable data area in which map data are recorded, the updating right information is read from the data area and is deleted from the data area, and a map updating due date created based on the read updating right information is written in a memory of the navigation unit together with the medium identification information read from a non-rewritable management area.11-15-2012
20120005759IMAGE DISPLAY DEVICE, IMAGE DISPLAY METHOD, AND RECORDING MEDIUM - When a screen capture operation is monitored and a screen capture operation for instructing acquisition of an image displayed on a display device (01-05-2012
20120011591Anonymization of Data Over Multiple Temporal Releases - The present disclosure is directed to systems, methods, and computer-readable storage media for anonymizing data over multiple temporal releases. Data is received, and nodes and connections in the data are identified. The data also is analyzed to identify predicted connections. The nodes, the connections, and the predicted connections are analyzed to determine how to group the nodes in the data. The data is published, and the grouping of the nodes is extended to subsequent temporal releases of the data, the nodes of which are grouped in accordance with the grouping used with the data.01-12-2012
20120017283INFORMATION PROCESSING DEVICE, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - An information processing device, for executing content reproduction processing from an information recording medium, includes a security information processing unit for determining output messages based on security check information in a content reproduction sequence, and outputting a message output command accompanied by selection information of the output message to a user interface processing unit; and a user information processing unit for obtaining message information based on the selection information input from said security information processing unit and outputting to a display unit.01-19-2012
20120017282METHOD AND APPARATUS FOR PROVIDING DRM SERVICE - A method and apparatus are provided for providing a DRM service in a user terminal apparatus providing an adaptive streaming service. Content protection information is received that includes information about multiple DRM systems applied to specific content provided using the adaptive streaming service. A specific DRM system is selected from among the multiple DRM systems. A license corresponding to the specific DRM system is acquired. The license includes an encryption key capable of decrypting the specific content. The specific content is decrypted using the acquired license.01-19-2012
20120030772Method of Removing Metadata from Email Attachments - A method and system for removing metadata from email attachments sent from mobile devices includes receiving an email with an attached document. The attached document has metadata removed to create a cleansed version of the attached document. The attached document is replaced by the cleansed version of the attached document, and the email is sent according to the address or addresses included in the email.02-02-2012
20120030771NETWORK SECURITY AND FRAUD DETECTION SYSTEM AND METHOD - A system and method to detect and prevent fraud in a system is provided. The system may uniquely identify physical devices connecting to a network, register unique devices, track end-user logins, associate end-user accounts with specific devices, and share information with multiple network service providers is described.02-02-2012
20120030770Assisted tuning of capacitive monitoring components - Assisted tuning of a capacitive monitoring component via a system, method, and a computer program product. Via a system, a software program can be adapted to execute on a computer communicatively connected to the capacitive monitoring component, with the program being further adapted to allow a user to selectively manipulate configuration parameters of the capacitive monitoring component as the user tests operation of the capacitive monitoring component to determine and select a plurality of desired parameters. A parameter data set can include the plurality of desired parameters, and be stored on a tangible medium of expression.02-02-2012
20120030769System and Method for Securely Transmitting Video Data - Exemplary embodiments provide a system and method for securely transmitting video data to an electronic display. The video data may be transmitted using a wired or wireless application. Raw video data is encoded as a plurality of JPEG frames. A plurality of primary packets are created which may contain one frame or a portion of a frame of video. Each primary packet contains a unique header with information about the packet and a unique security key. A redundant packet and header are created for each primary packet and header. After transmission each packet and header may be analyzed to determine if it was transmitted properly. If the primary packet was not transmitted properly or was an unintended transmission, the system may discard the primary packet and proceed with the redundant packet. If the redundant packet was not transmitted properly or was an unintended transmission, the entire frame may be discarded and the previously accepted frame may be repeated within the video decoder. If multiple frames are discarded, the system may display a default image. The packets are re-assembled and displayed if they are the intended transmission.02-02-2012
20120030768RUGGEDIZED, COMPACT AND INTEGRATED ONE-WAY CONTROLLED INTERFACE TO ENFORCE CONFIDENTIALITY OF A SECURE ENCLAVE - A rugged, integrated network interface appliance for ensuring secure data transfer comprising send-only network interface circuitry comprising a microprocessor, a program memory, a first host interface, and a first serial interface; receive-only network interface circuitry comprising a microprocessor, a program memory, a second host interface, and a second serial interface; a single data link connecting the first serial interface of the send-only network interface circuitry to the second serial interface of the receive-only network interface circuitry that is configured such that the send-only network interface circuitry is configured not to receive any data from said data link, and the receive-only network interface circuitry is configured not to send any data to said data link.02-02-2012
20130198849Method And Apparatus Providing Privacy Benchmarking For Mobile Application Development - A method operates, during development of an application program intended to be run on a mobile user device, to perform a computer assisted analysis of the application program to determine at least one user privacy-related aspect of the application program; and to present the determined at least one user privacy-related aspect. The determined at least one user privacy-related aspect may be presented to a developer of the application program An apparatus and system for performing the method are also disclosed.08-01-2013
20130198850SECURING DISPLAYED INFORMATION - A method, system or computer usable program product for securing displayed information including establishing a session between a first data processing device including a first memory and a second data processing device including a second memory and a display, maintaining session awareness indicating that both the first and second devices are alive in the session, inputting information into the second data processing device during the session producing input information stored in the second memory, and responsive to a determination the session has ended between the first and second device, deleting the input information in the second memory.08-01-2013
20120060224Wireless Device Content Information Theft Protection System - A wireless device, such as a laptop computer or a cellular phone, may contain confidential information which may be secured by an internal security system. When the device is stolen, the user can provide a portion of a kill code to a wireless service provider. The wireless service provider provides its own portion of the kill code and combines it with the user's supplied code. Then, the service provider may transmit the combined kill code to the wireless device. Upon receipt, the wireless device may erase all confidential information on the device. In other embodiments, it may erase any unlocked block of memory. As still another alternative, the system may also, upon receipt of the combined kill code, disable the operating system.03-08-2012
20120060223TRAITOR TRACING IN A CONTENT PROTECTION SYSTEM - A method for detecting at least one traitor computer system among a plurality of receiver computer systems including: assigning a version of protected content to each of the plurality of receiver computer systems that are currently identified as innocent by a content protection system that monitors distribution of protected content to the plurality of receiver computer systems; recovering at least one unauthorized rebroadcast of the content; generating a score for each of the plurality of receiver computer systems with respect to the recovered unauthorized rebroadcast; calculating a threshold independent of an estimation of maximum traitor computer systems; checking a highest score against the threshold; incriminating a receiver computer system having the highest score above the threshold as a traitor computer system; and removing any unauthorized rebroadcasts overlapping with the traitor computer system. The process may be repeated from generating scores until all traitors are identified.03-08-2012
20090165140System for inserting/overlaying markers, data packets and objects relative to viewable content and enabling live social networking, n-dimensional virtual environments and/or other value derivable from the content - A system by which a User can associate selectable Markers, Data Packets and/or Objects with Content. The Content may generally be distributed electronically, and the Markers allow for insertion and/or overlay of Objects when the Content is selected for viewing by a Viewer. Objects and Data Packets are generally provided by a User, Promoter, Host, Service, or other entity to convey information to a Viewer. A Service provides tools and capabilities to both the User and the Promoter to facilitate their respective actions according to embodiments of the invention, including enabling the creation of live social networks (such as those linked to a specific Service provider, a specific User group, activities by a specific Promoter, and/or to specific Data Packets) and the creation of n-dimensional Virtual Environments.06-25-2009
20120066768PROTECTION OF INTERNET DELIVERED MEDIA - Program code in a Web page hosted by a server and/or in server side code executed by the server is specially configured so that a modified media file whose source is embedded in the Web page and which is streamed by the server is properly playable only in browsers of media devices accessing the Web page. Thus, if a copy of the modified media file is downloaded to the media device or otherwise procured, the user of the media device is unable to properly play the downloaded copy by using a conventional media player. Further, if the downloaded copy is shared on a file sharing network, users of the file sharing network that download copies from the media device are also unable to properly play their downloaded copies by using conventional media players.03-15-2012
20130205401Apparatuses and methods for content protection using digital rights management (DRM) in webview or webkit - An electronic device for digital content protection using DRM is provided with a DRM agent, a plug-in, and a web browser. The DRM agent processes DRM-protected content associated with an electronic file or a web page. The plug-in enables access of the electronic file. The web browser comprises a WebView SDK installed with the DRM agent or a WebKit engine installed with the DRM agent. The WebView SDK activates the processing of the DRM-protected content of the DRM agent to obtain the web page portion-by-portion, and displays the web page with the obtained portions. The WebKit engine activates the processing of the DRM-protected content of the DRM agent to obtain the electronic file portion-by-portion, and uses the plug-in to execute the electronic file with the obtained portions, or displays the web page with the obtained portions.08-08-2013
20130205400PRIVACY-BASED IDENTITY - The present disclosure relates to a privacy-based representation of a user identity within an online system. A method for representing a user identity within an online system is provided, comprising: requesting a user identity of a user of the online system by a viewer; retrieving a status of the viewer with regard to the user; based on the status of the viewer, determining a representation of the user identity; and providing the representation of the user identity to the viewer. Furthermore, an online system and a data structure representing a user identity of a user of an online system are defined.08-08-2013
20130205402Apparatuses and methods for content protection using Digital Rights Management (DRM) in WebView or WebKit - An electronic device is provided with a DRM agent, a plug-in, and a web browser. The DRM agent processes DRM-protected content associated with an electronic file or a web page. The plug-in enables access of the electronic file. The web browser comprises a WebView SDK installed with the DRM agent or a WebKit engine installed with the DRM agent. The WebView SDK activates the processing of the DRM-protected content of the DRM agent to obtain the web page portion-by-portion, and displays the web page with the obtained portions. The WebKit engine activates the processing of the DRM-protected content of the DRM agent to obtain the electronic file or web page portion-by-portion, and uses the plug-in or a native media player to access the electronic file with the obtained portions, or displays the web page with the obtained portions.08-08-2013
20120079603SELECTIVELY WIPING A REMOTE DEVICE - A system and method for selectively securing data from unauthorized access on a client device storing a plurality of data types with reference to an authorization level indicated in a command. A command is received at a client device comprising an authorization level indicator. Based on at least one predefined rule, which may be implemented in an IT policy stored at the client device, each of the plurality of data types to be secured is determined, and then the data corresponding to those types is secured. The data may be secured by encrypting and/or deleting the data at the client device. The predefined rules associated with each authorization level may be configured by a user or administrator having an authorization level that exceeds the associated authorization level.03-29-2012
20120090032Webtextbooks - A distribution system for viewing an electronic book may include A content provider to obtain and provide the electronic book, a distribution center to distribute the electronic book from the content provider, and a predetermined number of home centers to view the electronic book by a predetermined number of users. N may be the number of simultaneous users viewing a single electronic book; and no more than n is the number of purchased electronic books from the content provider. The number of users registered to view the electronic book may be greater than n, and if the user view the electronic book for more than a predetermined period of time than that user may be inactivated from viewing the electronic book. The user may view the electronic book at the content provider, and the electronic book may be downloaded to a server of the distribution center or a viewership account may be created to be viewed by the user.04-12-2012
20130091580Detect and Prevent Illegal Consumption of Content on the Internet - Disclosed are systems and methods for preventing (or at least deterring) a user from inadvertently or directly consuming illegal content on the Internet. For example, determine when a user might visit a site distributing illegal content (i.e., material in violation of a copyright or otherwise inappropriately distributed) and presenting a warning to the user prior to navigating to the identified inappropriate distribution site. Optionally, alternative distribution sites (i.e., an authorized distribution site) for the same or similar material can be presented to the user. For example, a user might be likely to visit an inappropriate distribution site when sent a message containing a link or when search results from a search engine query identify a plurality of distributors for a requested movie, song, book, etc. By informing a user of illegal sources and possible alternatives, a user can obtain the desired electronic distribution without violating an author's intellectual property rights.04-11-2013
20120096565DEVICE, METHOD AND SYSTEM TO PREVENT TAMPERING WITH NETWORK CONTENT - The present invention discloses a system for preventing network content of one or more network servers from being tampered with. The system comprises a content caching and providing device to cache network content of the one or more network servers; and a content monitoring sub-system with one or more content monitoring client incorporated in the network servers respectively and a content monitoring server part incorporated in the content caching and providing device. The present invention further discloses a content caching and providing device, a network content providing system and a corresponding method. With the system, device and method according to the present invention, we can improve the speed and security of accessing network content while effectively preventing the network content from being tampered with.04-19-2012
20120096564DATA INTEGRITY PROTECTING AND VERIFYING METHODS, APPARATUSES AND SYSTEMS - The disclosure provides data integrity protecting and verifying methods, apparatuses and systems. A data integrity protecting method include: calculating a Hash value of each of the data blocks by using a first Hash function, to obtain a plurality of block Hash values which form a first series of Hash values; calculating a second series of Hash values based on the first series of Hash values, the second series of Hash values comprising a plurality of chain Hash values, each of which being associated with a corresponding block Hash value in the first series of Hash values and being associated with a neighbor chain Hash value in the second series of Hash values, wherein the first series of Hash values and the second series of Hash values used as integrity information of the data; and generating verification information of the data by using a last chain Hash value.04-19-2012
20120096563System and Method for Providing Access to Verified Personal Background Data - Access to verified personal background data is provided in the form of an electronic document that includes a data record having personal background data and corresponding verification information as well as an electronic authentication of the contents of the data record. The data record is associated with a unique identifier. The electronic document may be distributed over a communication network to a person providing the identifier.04-19-2012
20120096562METHOD FOR PROTECTING THE SOURCE CODE OF A COMPUTER PROGRAM - The invention relates to a method for protection of a computer program source code comprising the following steps:04-19-2012
20120096561IC CHIP, INFORMATION PROCESSING APPARATUS, SOFTWARE MODULE CONTROL METHOD, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - An IC chip, an information processing apparatus, a software module control method, an information processing system, an information processing method, and a program for ensuring security before booting a software module reliably are provided. A reader/writer and a mobile phone terminal to be accessed by the reader/writer through proximity communication are provided. In the mobile phone terminal, a first software module transmits commands to second and third software modules. The first software module manages states of the second and third software modules. If during boot-up of the third software module, the processing of the second software module is started and completed, then the first software module resumes the boot-up of the third software module.04-19-2012
20120096560Method and a Device for Protecting Private Content - In a method of enabling Digital Rights Management (DRM) of content in a communications network supporting a DRM system a first user equipment (RMUE), is registering with a first rights issuer of the DRM system from which a delegation assertion, authorizing the RMUE to become a private rights issuer, is retrieved. RMUE retrieves a first, signed rights object from the first rights issuer, that contains a first set of rights for the RMUE to DRM protect private content and to issue at least one second rights object, associated with the private content. DRM protection is then applied on private content, obtained by the RMUE, according to at least the first set of rights. RMUE issues a second rights object, defining a second set of rights for rendering the private content, according to the first set of rights. RMUE may then distribute the second rights object to a second user equipment which is able to render the private content on the basis of at least said second rights object, upon having acquired the private content and the delegate assertion.04-19-2012
20120096559CANCELLING DIGITAL SIGNATURES FOR FORM FILES - The embodiments described herein generally relate to methods and systems for enabling a client to request a server to cancel the digital signing of a form file associated with a form. Successful cancellation of the digital signing process results in a return of the form file to its initial state, in which data are not lost, and the form can be resubmitted and/or the application of the digital signature can be retried. Request and response messages, communicated between a protocol client and a protocol server, cause the performance of protocol functions for applying a digital signature to a form file and for cancelling the signature thereof where errors in the signing process are detected. A versioning mechanism enabling the detection of version differences and resulting upgrades to the digital signature control allows for robust communications between a client and a server operating under different product versions.04-19-2012
20130212691ELECTRONIC SYSTEM FOR THE PROTECTION AND CONTROL OF LICENSE TRANSACTIONS ASSOCIATED WITH THE ALTERATION OF REPLICATED READ ONLY MEDIA AND ITS BOUND LICENSED CONTENT - Distribution of content stored on read only media, and a system and method by which a consumer who purchased content stored on read only media implements a process in the field by which they alter the storage media. A system and tools are used by the consumer to identify, authenticate, disable, and confirm alteration in exchange for compensation, the acquisition of new usage rights to content, or the ability to restore access to or copy content to new media. The process may be conducted by the consumer in the field without assistance and or visual inspection, or be partially conducted in conjunction with an authorized intermediary. Furthermore, the process may restore access to content stored on new media without the need to transfer copies of content.08-15-2013
20130212686Electronic fulfillment system for distributing digital goods - Methods and apparatus for delivering digital goods using an electronic distribution system. Meta-information is generated for a digital product and stored at a fulfillment server. Upon completion of a transaction between a customer and the supplier of a digital product, a download manager installed at the customer's computer communicates with the fulfillment server using a protocol that ensures secure and reliable delivery of the digital product to the customer. In alternative implementations, the customer can be billed before or after successful delivery of the digital product to the customer.08-15-2013
20130212687BRIDGE FOR COMMUNICATING WITH A DYNAMIC COMPUTER NETWORK - Method for communicating data in a computer network involves dynamically modifying at a first location in the computer network a plurality of true values. The true values correctly represent the plurality of identify parameters. These true values are transformed to false values, which incorrectly represent the identity parameters. Subsequently, the identity parameters are modified at a second location to transform the false values back to the true values. The position of the first and/or second locations varies dynamically as part of this process. A bridge transforms identity parameter values when communicating outside the network. Dynamic modification of the identity parameters occurs in accordance with a mission plan that can be modified without interrupting communication of data in the network.08-15-2013
20130212688SYSTEM FOR SHARING A USERS PERSONAL DATA - One example embodiment includes a method for sharing a user's personal data. The method includes obtaining identifying information. The method also includes confirming a user's identify. The method further includes releasing the user's personal data.08-15-2013
20130212690PRIVATE DECAYED SUM ESTIMATION UNDER CONTINUAL OBSERVATION - Described herein is a method and system for providing privacy guarantees with an improved privacy-accuracy trade-off. Dynamic data can be accessed from a database. A sum model is selected from window sum, exponential decay sum, and polynomial decay sum. An algorithm is initiated that produces polylogarithmic bounded error in the range of a sum function associated with the selected sum model and independent of time steps. The data can be assembled in a dyadic tree structure. A non-linearity component can be added to nodes of the dyadic tree structure. For example, this can be a noise components or a weight applied to the update. This can be done, for example, to different nodes differently. Differential private estimators can be constructed for fixed steps of time. The differential private estimators can be applied to a query means or filtering system to enhance privacy protection from potential adversaries.08-15-2013
20130212696APPARATUSES, SYSTEMS, AND METHODS FOR RENEWABILITY WITH DIGITAL CONTENT PROTECTION SYSTEMS - In one embodiment of the invention, a format for renewability content (e.g., a System Renewability Message (SRM)) corresponding to a content protection protocol (e.g., High-Bandwidth Digital Content Protection (HDCP)) may be interoperable with devices that are compliant with different versions of the standard (e.g., HDCP1.x and 2.x devices) and that include different amounts of storage for the renewability content (e.g., first and second generation devices).08-15-2013
20130212689MANAGING NETWORK DATA - A method, system or computer usable program product for masking communication data using context based rules including intercepting a communication between a server and a client by an intermediary, the communication having a recipient, parsing the communication by the intermediary to determine whether a context based alteration rule should be applied, responsive to an affirmative determination, applying the rule to the communication to produce an altered communication with altered data, and sending the altered communication to the recipient so that the altered data in the communication is utilized in a masked manner.08-15-2013
20130212693ANONYMOUS WHISTLE BLOWER SYSTEM WITH REPUTATION REPORTING OF ANONYMOUS WHISTLE BLOWER - Reputations of anonymous sources of information are managed by associating the reputations with devices from which the information is received rather than from the human individuals using those devices. The devices are recognized using a one-way identifier, such as a digital fingerprint, such that the source device cannot be used to readily identify the source device or its user(s) but all items of information received from the same source device can be readily recognized. Feedback from other devices is accumulated and used to assess trustworthiness of the source device and reputation data representing such trustworthiness is published along with the information received from the source device.08-15-2013
20130212694METHOD AND APPARATUS FOR RF TRANSMITABLE DATA PROTECTION - A method for prevention of unauthorized acquisition and use of privileged information including steps of: generating a spoof signature and associating the signature with the privileged information such that the spoof signature can be acquired during the unauthorized acquisition of the privileged information; establishing an identifying processor arranged to identify the at least one spoof signature, to classify attempts of unauthorized use of the privileged information, and generates at least one authorization for at least one predetermined set of actions organized to prevent the unauthorized use of the privileged information; and communicating authorizations to a party proximal to the at least one unauthorized use of the privileged information in time sufficient for interruption of the unauthorized use of the privileged information.08-15-2013
20130212697SECURE DATA EXCHANGE TECHNIQUE - Techniques utilizing common encryption approaches for data from multiple parties enable those parties to discover information that is held in common by the parties without disclosing to any party information that is not held in common by the parties. Encrypted information for each party can be compared to determine which encrypted values match, and those encrypted values can be returned to any of the parties such that a party can determine which corresponding data the parties have in common without having access to any other data of any other parties.08-15-2013