Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Access control

Subclass of:

726 - Information security

726026000 - PREVENTION OF UNAUTHORIZED USE OF DATA INCLUDING PREVENTION OF PIRACY, PRIVACY VIOLATIONS, OR UNAUTHORIZED DATA MODIFICATION

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
726028000 By authorizing user 398
726030000 By authorizing data 245
726029000 By authorizing client 168
Entries
DocumentTitleDate
20120266257SYSTEM AND METHOD FOR BLOCKING OBJECTIONABLE COMMUNICATIONS IN A SOCIAL NETWORK - A system and method blocks objectionable communications in a social network. A first user of the social network determines when communications from a second user to the first user that are displayed and viewed by third party users of the social network are objectionable. In response, the first user blocks further display of communications from the second user to the first user that were intended by the second user to be displayed and viewed by third party users of the social network.10-18-2012
20130031638DYNAMIC LOCATION OF A SUBORDINATE USER - Providing location information to a supervisory user includes providing a parental control, using a computer automatically to determine a location of a subordinate user, and storing location information indicative of the location of the subordinate user in a database. A request of the supervisory user to locate the subordinate user is received and a user interface informs the supervisory user of the location of the subordinate user based on the stored location information. At least one of the storing and/or the informing are based on the parental control.01-31-2013
20130212699METHODS AND SYSTEMS FOR FACILITATING PERSONAL DATA PROPAGATION - Methods and systems for facilitating the propagation of personal data include a Personal Data Propagation Environment (“PDP environment”), which facilitates the propagation of personal data items between secure personal data stores and various consumers of the personal data items. One PDP environment includes a personal data manager and a personal data subscriber. The personal data manager manages personal data items on a secure data store associated with a user computing device. The personal data manager provides access to personal data items stored on the secure data store in accordance with a personal data subscription associated with the personal data subscriber.08-15-2013
20090193524ELECTRONIC COMPUTER DATA MANAGEMENT METHOD, PROGRAM, AND RECORDING MEDIUM - The present invention provides a data management program for performing monitoring so that user data provided to the client cannot be copied and utilized for a purpose other than the intended purpose.07-30-2009
20130047264Method and Device for Communicating Digital Content - A method for establishing a secured communication channel, between a first processing component and a second processing component; the method comprising executing a digital rights management agent on a processing unit, the digital rights management agent being configured to enforce permissions associated with digital content based on a digital rights management protection mechanism; receiving, by the digital rights management agent at least a security data item, the security data item including a session key data item; verifying authenticity of the received session key data item by the digital rights management agent using said digital rights management protection mechanism; providing the verified session key data item by the digital rights management agent to at least the second processing component; establishing a secured communication channel between the first and second processing components using at least the provided session key data item.02-21-2013
20090025088Method and system for registering domain - A first domain ID information piece for a first domain is sent from a first domain managing entity to a second domain managing entity. The first domain managing entity manages the first domain. The second domain managing entity manages a second domain. A second domain ID information piece for the second domain is sent from the second domain managing entity to the first domain managing entity. The first domain is registered with the second domain as a domain higher in rank than the second domain in response to the first domain ID information piece sent from the first domain managing entity to the second domain managing entity. The second domain is registered with the first domain as a domain lower in rank than the first domain in response to the second domain ID information piece sent from the second domain managing entity to the first domain managing entity.01-22-2009
20080256644Real-time detail information display method of digital rights management contents and portable terminal using the same - A real-time detail information display method of digital rights management (DRM) contents and a portable terminal for practicing that downloads digital rights management (DRM) content information from a server, in real-time. The portable terminal extracts address information of the DRM contents indicated on the display, accesses the server based on the extracted address information, and receives the DRM content information from the server and displays it on the display.10-16-2008
20080256642Anti-Interrogation For Portable Device - A portable consumer device is disclosed. One or more contact regions in the portable consumer device may be provided on the contactless portable consumer device. The user may be required to place a finger on the one or more contact regions while holding the portable consumer device proximate to the interrogation device to enable it to be interrogated. The user's fingers may be used to electrically bridge an open portion of a circuit so as to enable operation of the portable consumer device.10-16-2008
20100115625POLICY ENFORCEMENT IN TRUSTED PLATFORMS - Embodiments of the invention relate to a trusted entity (05-06-2010
20130081145ANONYMOUS ASSOCIATION SYSTEM UTILIZING BIOMETRICS - Various exemplary embodiments relate to an anonymous database system. The system includes a plurality of biometric nodes in communication with one another. Each of the plurality of biometric nodes includes a biometric input that receives biometric data from a user. The system also includes at least one central database in communication with the plurality of biometric nodes; and a plurality of institution databases in communication with the plurality of biometric nodes. A first node of the plurality of biometric nodes is configured to receive a message from a second node of the plurality of biometric nodes, the message requesting authorization of data access by the second node. Various embodiments relate to a method for performing an action requiring multiple levels of authentication using an anonymous database system.03-28-2013
20100083384Secure Operation of Programmable Devices - According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory, a plurality of connection control elements and a logic unit. The logic blocks are grouped into one or more programmed partitions. The memory stores authentication information and partition information. The connection control elements controllably interconnect different ones of the logic blocks. The logic unit controls external access to the one or more partitions based on the authentication information, controls reprogramming of the one or more partitions based on at least some of the partition information and configures the connection control elements based on at least some of the partition information.04-01-2010
20130081144STORAGE DEVICE AND WRITING DEVICE - According to an embodiment, a storage device connected to an external device includes a data storage, a key storage, a random number generating unit, a random number storage, a random number transmitting unit, a data receiving unit, a calculating unit, a determining unit, and a storage control unit. The data receiving unit receives write data to be written into the data storage and first authentication information. The key storage stores a key. The calculating unit calculates second authentication information for data generated from the write data and the random number by using the key. The determining unit determines whether the first authentication information and the second authentication information are identical. The storage control unit stores the write data into the data storage when the first authentication information and the second authentication information are determined to be identical.03-28-2013
20130036475ACCESS RIGHTS MANAGEMENT IN ENTERPRISE DIGITAL RIGHTS MANAGEMENT SYSTEMS - Systems and methods for obtaining access rights to an encrypted document are described. The method comprises receiving a request for obtaining access rights to the encrypted document from a requestor, through an eDRM interface. The method further comprises generating a request inbox corresponding to a granter of the encrypted document. The request inbox contains at least the request received from the requestor. The generated request inbox is sent to the granter through the eDRM interface. The method furthermore comprises obtaining a response to the request from the granter, and providing a status alert indicative of the response to the requestor through the eDRM interface.02-07-2013
20130036477Method and Apparatus Encoding a Rule for a Lookup Request in a Processor - In one embodiment, a method includes encoding a key matching rule having at least one dimension by storing in a memory (i) a header of the key matching rule that has at least one header field, and (ii) at least one rule value field of the key matching rule corresponding to one of the dimensions.02-07-2013
20130036476RIGHTS-BASED SYSTEM - A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.02-07-2013
20090025087SYSTEMS AND PROCESSES FOR OBTAINING AND MANAGING ELECTRONIC SIGNATURES FOR REAL ESTATE TRANSACTION DOCUMENTS - Systems and processes may obtain and manage electronic signatures for documents for real estate transactions. Documents for real estate transactions may be received and/or generated by the system. The documents may include metadata or software keys that are associated with signature blocks on the documents. The system may identify the signature blocks using the metadata or software keys and present the positions for signature by the user.01-22-2009
20090172822PRE-BOOT PROTECTED MEMORY CHANNEL - Machine readable media, methods, and computing devices are disclosed which establish a protected memory channel between an operating system loader of a user partition and services of a management partition. One computing device includes protected storage, read only memory, firmware, a storage device and a processor. The storage device is to store the virtual machine monitor and an operating system having an operating system loader. The virtual machine monitor is to establish a protected memory channel between the one or more integrity services of a management partition and the operating system loader of a user partition in response to measuring and verifying the operating system loader based upon the manifest. The processor is to execute the code of the read only memory, the firmware, the virtual machine monitor, the operating system, the operating system loader, the management partition, and the user partition.07-02-2009
20120210443SECURING AND MANAGING APPS ON A DEVICE - Apps are secured or security-wrapped either before they are downloaded onto a device, such as a smartphone or tablet device, or after they are downloaded but before they are allowed to access the device operating system and cause any potential damage to the device. An app provider, such as an employer or a cellphone provider, can secure its apps before consumers download an app from their app store or marketplace. The app is secured before it is allowed to access the operating system of the device, thereby preventing the app from malicious behavior. Core object code of the app is obtained and the digital signature is removed. App object code is substituted with security program object code, thereby creating a security-wrapped app. The security-wrapped app is prepared for execution on the device and is re-signed with a new key.08-16-2012
20100043078SECURE COMPACT FLASH - Methods and apparatus are provided, such as a memory card with a processor and nonvolatile memory coupled thereto. The nonvolatile memory has a secure area configured to store a user password and a serial number in encrypted form. The card is configured to grant access to the secure area when the card receives a password that matches the stored user password and the card is coupled to a system having the serial number.02-18-2010
20100043077TRUST BASED DIGITAL RIGHTS MANAGEMENT SYSTEMS - A system and method for allowing access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access to content protected by a different type of digital rights management system. Hierarchical levels of access to the content may be granted based on at least one of license metadata and credentials.02-18-2010
20100107260DEVICE FOR RECEIVING DIGITAL BROADCASTS - A device comprising a receiver for receiving a broadcast; a processor for processing said broadcast to extract at least one data channel or service from said broadcast means for connecting said device to user equipment, said connecting means being arranged to establish a connection with said user equipment whereby said extracted data channel or service can be transferred securely to said user equipment.04-29-2010
20130047263Method and Apparatus for Emergency Session Validation - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token. The session token may be associated with access to the resource by a user. The apparatus may receive a first token indicating that an emergency has been declared. The emergency may be associated with the user. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated.02-21-2013
20130047262Method and Apparatus for Object Security Session Validation - According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token associated with access to the resource by a device. The apparatus may receive a first token indicating that an alarm associated with the device has been triggered. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated.02-21-2013
20130047260COLLABORATIVE CONTENT RATING FOR ACCESS CONTROL - Methods, systems, devices, and computer program products are described for controlling access to electronic content. Content ratings for electronic content are received from each of a number of reviewers, and the input value for each of the reviewers is weighted. Content analysis for the electronic content is also received on each of a number of factors, and each factor is weighted. These weightings may be based on community standards, be specific to a geographic region, or be personalized. The weighted content ratings and the weighted content analysis may be combined to generate an access metric. Access to the electronic content may be controlled based on the access metric.02-21-2013
20130047259METHOD AND APPARATUS FOR TOKEN-BASED VIRTUAL MACHINE RECYCLING - According to one embodiment, an apparatus may store a virtual machine token associated with a virtual machine running on a particular device and a secure image of the virtual machine. The virtual machine token may include a timestamp indicating when the virtual machine was established. The apparatus may receive a token indicating that the particular device is attempting to access a resource. In response, checking the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine. If the virtual machine is invalid, then the apparatus may communicate at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine.02-21-2013
20130047261Data Access Control - A set of data is provided to an application executed in an environment within which the application is restricted from making its output available outside the environment. An operation performed on the set of data by the application is inspected. A determination of whether an output of the application is satisfactory is reached based on the inspection. If the output is determined satisfactory, the output of the application is made available outside the environment.02-21-2013
20100071073TECHNIQUES FOR SHUFFLING VIDEO INFORMATION - An apparatus, system, method, and article for shuffling video information are described. The apparatus may include a media processing node to receive video information. The media processing node may include a shuffling module to shuffle the video information according to a shuffle order and a trusted entity programmed based on the shuffle order to provide access to the video information. The video information may be provided in an unshuffled manner when accessed through the trusted entity. Other embodiments are described and claimed.03-18-2010
20100064374Launching Of Multiple Dashboard Sets That Each Correspond To Different Stages Of A Multi-Stage Medical Process - A robust window pane display system and method for coordinating window pane displays in the form of dashboards to assist nurses and doctors in the treatment of a medical patient based upon various medical situations. The window pane display system may be linked to a computer or computer network. The system may involve multiple dashboards for a multi-stage procedure or operation having discrete dashboards for each stage of the multi-stage procedure. A method for creating new dashboards for use in the window pane display system.03-11-2010
20090044282System and Method for Generating and Displaying a Keyboard Comprising a Random Layout of Keys - Systems and methods for generating and displaying a keyboard comprising a random layout of keys are described here. One embodiment includes displaying a keyboard comprising a random layout of keys, to receive a user entered key phrase to be entered to gain access to secure data, and receiving the user entered key phrase by the user selecting keys of the keyboard via a pointing input device. The displaying includes, individually mapping keys of the keyboard to a separate value within a first value range, selecting a key for the keyboard based on the random value generated, and repeating the generating the random value and selecting a key for the keyboard based on the random value to select a remainder of keys for generating the random layout of keys for the keyboard.02-12-2009
20090031429Prevention of software and movie piracy - Preventing digital content piracy includes creating a predetermined pattern including at least one unreadable location on a target digital storage medium, which stores digital content and is configured to be received by a media reader. An error detection software program is provided on the target digital storage medium, which program is executed by a host processor, having an operating system kernel, when the host processor attempts to access the digital content on the target digital storage medium via the media reader. The program causes the host processor to query the media reader via a direct hardware connection independently of the operating system kernel, in order to identify the at least one unreadable location, and to access the digital content responsively to verifying that the identified location corresponds to the pattern.01-29-2009
20090307780USING TRUSTED THIRD PARTIES TO PERFORM DRM OPERATIONS - Various embodiments utilize a third party, such as a trusted third-party, to perform DRM operations such as “move” operations. In at least some embodiments, the trusted third-party is utilized for both “move” operations as well as local content access such as playback and the like. In at least some embodiments, a third-party maintains a database that includes an association of clients, content, and move version numbers. A client—termed a “source client” maintains at least a move version number locally in a secure fashion. The version number is incremented each time the source client performs a move operation. Both the source client and the third-party increment the version number each time a piece of content is moved. When the client attempts to perform a move operation, it contacts the third-party to ascertain the third-party's move version number. If the move version numbers match and the source client owns the license/content, then, in at least some embodiments, a move operation is permitted.12-10-2009
20120192286Privileged Document Identification and Classification System - A litigation discovery document system is provided to help identify documents that might be privileged. In particular, a system is described in which documents within a document set are compared against one or more data sources which store data that indicate whether a particular document is privileged or potentially privileged. Human reviewers can confirm whether such determinations are accurate. Analytic reports can be provided which characterize the underlying methodology used to make such determinations. Related apparatus, systems, techniques and articles are also described.07-26-2012
20130167248METHOD FOR GENERATING SMART CONTENTS, METHOD FOR EXECUTING SMART CONTENTS AND METHOD FOR PROVIDING N-SCREEN SERVICE OF SMART CONTENTS - A method for generating smart contents includes contents protected by a digital right management (DRM) technology; and metadata including information necessary to use the contents. Further, the method includes a smart code for protecting copyright of the contents and position information which the smart code is downloaded.06-27-2013
20130061330METHOD AND SYSTEM FOR CONFIGURING CONSTRAINTS FOR A RESOURCE IN AN ELECTRONIC DEVICE - The present invention provides a method and system for configuring constraints for a resource in an electronic device. The method includes identifying context of use/access of a resource and implementing permissions/constraints as per the identified context. The method includes identifying an existing work environment of a resource by capturing information through an application program interface (API), identifying constraints for the resource with respect to the identified work environment from a constraint specification file for the resource which contains constraint details for all work environments, and either configuring the identified constraints for the resource, or modifying the identified work environment for the resource and configuring corresponding constraints for the resource.03-07-2013
20090271870METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING DISTRIBUTED ACCESS RIGHTS MANAGEMENT USING ACCESS RIGHTS FILTERS - An apparatus may include a processor configured to generate an access rights filter based upon a set of access rights settings. The processor may be further configured to generate an authorization key accepted by the generated access rights filter. The processor may be additionally configured to distribute one or more of the access rights filter and authorization key to an access rights management entity.10-29-2009
20120117659Apparatus and Method for Secure Distribution of Media Data - A technique for distributing media data in a secured fashion that mitigates unwanted or illegal copying/distribution of such data. An initial, degraded version of the media data is sent to one or more recipient(s). After confirming identity of a recipient at a receiving system, a supplemental version of the media data is sent to the receiving system which augments the degraded version such that it can then be played by the recipient(s). The degraded version of the media data has a reduced quality that is obtained by removing portions of the data and filling in the removed portions with dummy data. During a subsequent rebuilding of the media data, a supplemental version of the media data is sent to the receiving data processing system where it is merged/combined with the degraded version to form a copy that corresponds to the original, high-quality version of the media data.05-10-2012
20130067593SYSTEMS AND METHODS TO DISTRIBUTE CONTENT OVER A NETWORK - The present embodiments provide methods, apparatuses, and systems to distribute content over a network. Some embodiments provide methods to distribute content within a local media network. These methods receive a request for a first content to be transferred to a sink device, request from the source an access criteria for a first content that is protected according to a first digital rights management (DRM), forward the access criteria to the sink device, receive an evaluation of the access criteria from the sink device regarding at least whether the sink device can interpret the first DRM, determine according to the evaluation received from the sink device whether the sink device can utilize the first content that is protected according to the first DRM, and initiate a transfer of the first content from the source device to the sink device when the sink device can utilize the first content.03-14-2013
20130067591METHOD FOR FILTERING WEB PAGE CONTENT AND NETWORK EQUIPMENT WITH WEB PAGE CONTENT FILTERING FUNCTION - A method for filtering web page content is disclosed in this invention. In the method, a web page request to obtain a web page from a web server is received from a client through a network equipment after the client builds a connection with the web server. The network equipment transmits the web page request to a cloud server for determining if the web page needs to be blocked according to the web page request. A first disconnection request and a second disconnection request is generated according to the web page request if it is determined that the web page needs to be blocked. The first disconnection request is transmitted to the client and the second disconnection request is transmitted to the web server through the network equipment. Subsequently, the connection between the client and the web server is disconnected.03-14-2013
20130067590COMBINING CLIENT AND SERVER CLASSIFIERS TO ACHIEVE BETTER ACCURACY AND PERFORMANCE RESULTS IN WEB PAGE CLASSIFICATION - In one embodiment, an internet monitor service may use a final content rating to determine access to a webpage. A monitor client 03-14-2013
20130067592SYSTEM AND METHOD FOR ROLE BASED ANALYSIS AND ACCESS CONTROL - A system and method for program access control includes, for a typestate, providing typestate properties and assigning a role to the typestate in a program in accordance with the typestate properties. Access to operations is limited for the typestate in the program based on the role assigned to the typestate and an access permission level.03-14-2013
20090044281JAVA CONDITIONAL ACCESS APPARATUS - There is provided a Java™ conditional access apparatus which, by describing a CA control unit through a Java™ program, obviates the need for porting a CA control program, enables development of a CA system over plural terminals in a short time, and obviates the need for terminal replacement. The Java™ conditional access apparatus includes a descramble circuit, a key generation information obtaining library, a Java™ VM, a storage unit, a condition-release control unit, an API having a registration unit. Upon receiving a function from a CA control program, the registration unit registers the received function. When the API receives information of a channel, the information of the channel to be reproduced is notified to the CA control program. The CA control program requests the key generation information obtaining library to obtain key generation information corresponding to the received channel information, and passes the received key generation information to the condition-release control unit.02-12-2009
20090235363IMAGE FORMATION DEVICE AND LICENSE MANAGEMENT SYSTEM - An image formation device enables an optional function that is invalid in an initial state with the entry of a license code. The image formation device includes a storage part for storing specific information unique to the image formation device, and authenticates a license code input thereto using the specific information stored in the storage part. When this license code is recognized as a proper license code as a result of authentication, the image formation device enables an optional function. The image formation device also includes a function disabling part for disabling an optional function that has been enabled. Disabling the optional function causes the function disabling part to change the specific information stored in the storage part to information different from previous information. As a result, an optional function of the image formation device is prevented from being enabled many times using a license once granted to the image formation device. Further, a license management server is allowed to precisely manage the usage of a license at all times.09-17-2009
20090019550TRUSTED HARDCOPY DOCUMENT - A trusted hardcopy document is generated using a two-part confirmation number including a private part and a public part. A public part of the confirmation number is received at a first party creating the trusted hardcopy document. The private part of the confirmation number is sent to an owner of the trusted hardcopy document by a trusted party and is not sent to the first party creating the trusted hardcopy document. A human-readable form and a machine readable form of the public part of the confirmation number are printed on the trusted hardcopy document.01-15-2009
20090007278PRIVACY PROTECTION DEVICE, PRIVACY PROTECTION METHOD, AND RECORDING MEDIUM RECORDED WITH PRIVACY PROTECTION PROGRAM - A privacy protection device acquires provider location information and browser location information indicating the current location of a browser terminal used by a browser who intends to browse the content. The privacy protection device stores determination data for determining whether to mask privacy information included in the content. The privacy protection device determines whether to mask the privacy information by comparing the distance, which is calculated based on the current location of the provider terminal indicated by the provider location information and the current location of the browser terminal indicated by the browser location information, to the determination data stored in the determination data storage part. Finally, the privacy protection device edits the privacy information included in the content so that the privacy information is concealed from the browser when the privacy masking determination part determines to mask the privacy information.01-01-2009
20090007277System and Method for Automatically Hiding Sensitive Information Obtainable from a Process Table - The present invention provides a system and method for automatically hiding sensitive information, obtainable from a process table, from other processes that should not access the sensitive information. The system and method include a sensitive command attribute table that is used by a system administrator to designate the commands and command attributes that will typically be associated with sensitive information. The sensitive command attribute table is used when a command is entered that requests information from the process table to be displayed or output. In response, a search of the process table entries is made to determine if a command and/or its attribute in the process table matches an entry in the sensitive command attribute table. If so, the command, its attributes, and/or its attribute values are blanked from the output of the process table information.01-01-2009
20090007276System for making it ineffective to tamper with a software application by nullifying or removing calls to a license manager because the application can be run without a call to the license manager - Many software applications are protected from illegal or unauthorized use by the use of a License Manager. All installations of the application are required to obtain a license from the License Manager to run. Software pirates routinely circumvent this copy protection by disabling the call to the license manager or change the code of the application so it seems to have passed the license verification. The present invention makes such efforts ineffective. The installed application cannot run, unless the call to the License Manager is made, since important code and data has been extracted from the installation and must be delivered by the License Manager. Obviously, if the call to the License Manager is disabled or manipulated, the extracted code and data will not be delivered to the installed application and it will not run.01-01-2009
20110321174Apparatus and Method for Securing Portable USB Storage Devices - An apparatus and method for controlling and securing information stored on portable USB storage devices. Using the software application stored on the USB storage device in conjunction with functionality performed by a designed server, use of the storage device is limited to authorized users, PCs and locations, and other criteria while information contained within the device is protected from unauthorized access.12-29-2011
20110321173Multimode Retail System - A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input.12-29-2011
20110321172MANAGEMENT APPARATUS, LICENSE MANAGEMENT SERVER, ELECTRONIC EQUIPMENT, ELECTRONIC EQUIPMENT MANAGEMENT SYSTEM, MANAGEMENT METHOD, PROGRAM, AND RECORDING MEDIUM - A management apparatus has a storage unit that stores software information and license information. The management apparatus periodically acquires software information introduced into an information processing apparatus communicably connected to the management apparatus from the information processing apparatus and compares the software information with the software information in the storage unit. Upon detecting any difference between the software information, the management apparatus notifies a user of the detection of a change in software configuration and updates the corresponding software information in the storage unit with the acquired software information. Then, upon detecting the change request of the software configuration from the user, the management apparatus makes a request to the information processing apparatus for changing the software configuration using the corresponding license information in the storage unit and notifies the user of the result of the request.12-29-2011
20080295180Memory Card, Data Exchange System, and Data Exchange Method11-27-2008
20080289048APPARATUS AND METHOD FOR MOVING CONTENTS AFTER MUTUAL AUTHENTICATION - A method and apparatus for moving contents are discussed. According to an embodiment, the method includes determining whether or not a content is to be moved from a first device to a second device based on copy and movement control information, the copy and movement control information indicating whether or not the content is to be moved; performing an authentication to authenticate the first and second devices with each other; and moving the content from the first device to the second device based on the determination result and the authentication result.11-20-2008
20090217385Cryptographic control for mobile storage means - A system and method that regulates the various operations between computing stations and storage devices. Storage devices are the storage means that are contained upon devices that are able to have data stored upon them. Any operation that involves or may lead to the exchange or accessing of content (data) between a storage device and computing station may be regulated by means of a policy which comprise a set of rules. Rules may be defined according to specific criteria, including the type of storage device, the type of content, the attributes of the content, and other attributes associated with the storage device and/or the content. The policy will be dynamically installed upon a computing station for specific user(s) and will regulate the data operations that may take place between the computing stations and storage devices based on evaluation of the policy. Based on the evaluation of the policy, the requested operation is permitted, restricted in some areas, or denied.08-27-2009
20110277038INFORMATION FLOW TRACKING AND PROTECTION - Embodiments of the invention are generally directed to systems, methods, devices, and machine-readable mediums for implementing gesture-based signature authentication. In one embodiment, a method may involve generating a data protection policy from an un-trusted software environment to govern access to protected data stored in memory in the local computer system. Then the method maps the data protection policy to an enforceable system-level data protection policy managed by an Information Flow and Tracking Protection (IFTP) logic. Next, the method flags the first memory page containing the protected data. Finally, the method enforces the generated data protection policy for the first memory page containing the protected data using the IFTP logic and the enforceable system-level data protection policy.11-10-2011
20080295181METHOD FOR PROTECTING COMPUTER PROGRAMS AND DATA FROM HOSTILE CODE11-27-2008
20090151003RECEIVER CAPABLE OF MANAGING CONDITIONAL ACCESS SOFTWARE OBJECTS, DOWNLOAD-BASED CONDITIONAL ACCESS SYSTEM INCLUDING THE RECEIVER, AND METHOD FOR MANAGING THE CONDITIONAL ACCESS SOFTWARE - Provided are a receiver with a CA function based on software download, a CA system including the receiver, and a method for managing CA software executed by the receiver. The receiver includes a CA software management means, a download means, a demultiplexer, and a descrambler. The CA software management means performs an overall management operation including the download, execution, state control and termination of a plurality of CA softwares. The download means downloads the CA software from a CA software download server at the request of the CA software management means. The demultiplexer receives scrambled multimedia contents and a CA message and transfers the CA message to the CA software management means. The descrambler receives a descrambling key extracted from the CA message by means of the CA software and descrambles the scrambled multimedia contents with the descrambling key. Thus, a plurality of CA softwares can be operated in one receiver (e.g., a settop box). Also, a plurality of CA softwares can be downloaded beforehand or timely. Also, it is possible to provide a rapid change of running CA software.06-11-2009
20120011593IMAGE DISTRIBUTION APPARATUS AND METHOD OF CONTROLLING THE SAME, IMAGE TRANSMISSION APPARATUS AND METHOD OF CONTROLLING THE SAME, WHICH ARE EXCELLENT IN USER LOCATION INFORMATION SECURITY, AND STORAGE MEDIUM - An image distribution apparatus capable of preventing a third party from knowing that a photographer is away from a specific place, based on information indicative of shooting date and time or a shooting location, which is stored in a manner associated with an image shot by the photographer. A blog server receives an image from an camera-equipped cellular phone. The image has location information added thereto which is indicative of a location where the cellular phone existed during shooting processing of the image. The blog server stores the image, and determines whether a location indicated by the location information is within a predetermined area. The blog server permits distribution of the image via a network if the location is determined to be within the predetermined area, but inhibits distribution of the image if the location is not determined to be within the predetermined area.01-12-2012
20120090036METHOD AND APPARATUS FOR PROVIDING DRM SERVICE - An apparatus for providing a Digital Rights Management (DRM) service includes a Media Presentation Description (MPD) information configurer for determining a DRM system required in each of representations of content provided by an adaptive streaming service, classifying the representations into one or more groups according to predetermined criteria, and configuring MPD information by inserting content protection information including representation group information representing classified groups and information about DRM systems corresponding to the representation group information; and a communication unit for transmitting the MPD information to a user terminal receiving the content.04-12-2012
20090013412Data Exchanging Device - A data exchanging device (01-08-2009
20090151002DOCUMENT ACCESS MANAGEMENT METHOD AND SYSTEM - This disclosure provides a document access method and system. The document access method and system are based on a social network model which interconnects members of the social network as a function of trust. This framework provides a basis for documents to be accessed by members which are not directly specified by a document's owner, while providing a certain degree of document security.06-11-2009
20090328235Declared Origin Policy - A declared origin policy may be provided. First a plurality of records comprising addresses that an application is allowed to access may be received. The received plurality of records may be placed in a manifest. Then, a request containing an address may be received and compared to the plurality of records in the manifest. Access to the address may be allowed when one of the plurality of records in the manifest matches the address or when an ambiguity is encountered as to whether the one of the plurality of records in the manifest matches the address. Access to the address may be denied when none of the plurality of records in the manifest matches the address. Moreover, any request to change any of the plurality of records in the manifest may be denied when the application is updated, uninstalled, or reinstalled.12-31-2009
20100011446VERIFICATION OF UN-TRUSTED CODE FOR CONSUMPTION ON AN INSECURE DEVICE - Disclosed is a code verification service that detects malformed data in an automated process and rejects submission and distribution if any malicious code is found. Once the submission is verified it may be packaged in container. The container may then be deployed to a mobile device, and the public key may be used to verify that the container authentic. The device can load trusted managed libraries needed to execute the application and a manager can ensure that only trusted libraries access native resources of the device.01-14-2010
20100169981Web-Based Asset Management - The method and system of the present invention provides an improved technique for replacing, implementing and managing computer-related assets. A technician accesses the World Wide Web through a user's computer. The information resident on the computer, including information regarding the computer and the user's preferences, are downloaded to a remote storage medium through the World Wide Web. Once downloaded, all information may be removed from the user's computer. Subsequently, the technician accesses another computer such as, for example, a new computer that has been assigned to the same user. The technician accesses the World Wide Web through the new computer and downloads the information previously stored on the remote storage medium. This information can then be used to install the user's prior applications, settings and preferences on the new computer.07-01-2010
20100169980PERSONAL INFORMATION PROVIDING APPARATUS AND METHOD - A personal information providing method and apparatus is provided. The personal information providing apparatus may extract personal information about at least one characteristic corresponding to a predetermined standard from a database storing personal information of a plurality of characteristics, embed the personal information about the at least one characteristic in a predetermined image, generate a personal information image, generate a watermark having trace information embedded, and embed the watermark in the personal information image.07-01-2010
20100037324COMPUTER FILE CONTROL THROUGH FILE TAGGING - In embodiments of the present invention improved capabilities are described for providing data protection through the detection of tags associated with data or a file. In embodiments the present invention may provide for a step A, where data may be scanned that is intended to be communicated from the client computing facility. In response to step A, at step B, restricted data may be identified by identifying an absence of a tag associated with the data. And finally, in response to step B, at step C, an interruption to the intended communication may be caused.02-11-2010
20130219511Methods, Media, and Systems for Monitoring Access to Computer Environments - Method, media, and systems for monitoring access to computer environments are provided. Methods for monitoring access to a computer environment by a technician workstation are provided, the methods comprising: setting tip a remote desktop access session between a hardware processor of a proxy and the technician workstation; connecting the remote desktop access session to the computer environment; providing access to the computer environment from the technician workstation using the remote desktop access session; recording remote desktop access messages; and replaying the remote desktop access messages.08-22-2013
20130219513BLADE, COMPUTER PRODUCT, AND MANAGEMENT METHOD - A determining unit determines whether housing specific information decrypted from a license key is identical to housing specific information acquired from the housing to confirm legitimacy of license, thereby ensuring security. The determining unit determines that the license can be activated if a usage number in the housing does not exceed a usable number. Only when the determining unit determines that the license can be activated, the setting unit activates the license to make software usable so that any blade can freely use the software within a limit of the usable number.08-22-2013
20090007275Method and Apparatus for Protecting SIMLock Information in an Electronic Device - The teachings herein present a method and apparatus for protecting usage restriction data that governs usage of an electronic device. A cryptographic circuit supports secure and non-secure accesses. When non-securely accessed, it is operable only to verify the stored usage restriction data, and, when securely accessed, it is operable to generate a new message authentication code for changed usage restriction data, for subsequent authentication of that data. The usage restriction data may be stored in non-secure memory and may include static and dynamic parts. One or more embodiments include a secure circuit indicating whether the device has been initialized. The cryptographic circuit outputs a message authentication code for the static part using a permanent device key from the secure circuit, only if the device has not been initialized, and outputs a message authentication code for the dynamic part as needed to support authorized changes to the dynamic part.01-01-2009
20090282491Intelligent digital audiovisual playback system - Payment-based audiovisual playback system characterized by comprising a microprocessor device associated with a payment device primarily including means for storing, inter alia, in digital format the visual and sound information to be used. The system is associated through interfaces with display means and sound playback means for providing a multimedia environment. The system is controlled by a multitask operating system including a tool and service library integrated into the storage means. The system, which is also associated through an interface with a telecommunications modem, is optionally connected to an audiovisual data distribution network by a telecommunications modem and telecommunications links, said telecommunications function also being controlled by said multitask operating system.11-12-2009
20090276859MEDIA CONTENT TRANSCODING - A software product for media content transcoding is a software component configured to be executed under a software application and contains a plurality of internal transcoding subcomponents for transcoding a plurality of audio and/or video formats. It also contains DRM support code for digital rights management [‘DRM’], wherein the DRM has at least an enabled state and wherein the DRM support code contains subcomponents for supporting a plurality of media container formats. At least when the DRM is in the enabled state, the software product is configured to perform the transcoding without intermediate files and by using only the internal transcoding subcomponents for transcoding.11-05-2009
20100115626INTERACTIVE KEY CONTROL SYSTEM AND METHOD OF MANAGING ACCESS TO SECURED LOCATIONS - A security system associated with places physically protected by corresponding security mechanisms used to gain physical entry to the places by security mechanism users is managed using a searchable database that stores information on a plurality of places, a plurality of security mechanisms, and a plurality of security mechanism users. Program code provides access to the searchable database and interacts with database users using an Internet-accessible web site. The program code further authenticates each database user attempting to connect to the searchable database, and after authentication, interactively communicates a plurality of screens to database users, where each screen includes only hotlinks associated with security management operations for which those database users are authorized such that the screens do not include any hotlinks associated with security management operations for which the database users are not authorized.05-06-2010
20100115623SYSTEM AND METHOD FOR ENABLING DISTRIBUTION OF MEDIA CONTENT USING VERIFICATION - A system and method are provided to enable distribution of media content across a network using physical verification. The system includes a media server configured to send media content across a local network. A storage device can be in communication with the media server, and the storage device may store media content having encryption and provide the media content to the media server. A media reader that is in communication with the media server can be checked by the media server to determine whether a recording of the media content on removable physical media is loaded in the media reader in order to allow the media server to distribute the media content previously stored on the storage device. An output device can be enabled to receive media content from the media server and to reproduce the media content for an end user.05-06-2010
20100071072SYSTEM AND METHOD FOR CONTROLLING ACCESS TO LICENSE PROTECTED ASSETS USING USING RFID TECHNOLOGY - Access to a license protected asset is limited by storing license information associated with the asset on at least one radio frequency identification (RFID) tag. Access to the asset is allowed only upon successful retrieval and verification of the license information by a device having at least one RFID reader.03-18-2010
20100115624METHOD AND SYSTEM FOR SECURING DATA FROM A POINT OF SALE DEVICE OVER A LAN - A data control system for a local area network (05-06-2010
20090313703File-Based Chat System And Method - A method for computer-based chat includes coupling a plurality of clients to at least one chat file residing in a file system. The method also includes appending a first text from at least one of the plurality of clients to the at least one chat file. In addition, the method includes updating the plurality of clients with changes made to the at least one chat file.12-17-2009
20090151004Media markup for visual content alteration - A classification method and system for possible content alteration of a media work may include criteria regarding content that is feasible for alteration. Such criteria may be maintained in records that are accessible to an interested party. Some embodiments may include a record of primary authorization rights applicable to a possible content alteration. A further embodiment feature may include a record of secondary authorization rights applicable to substitute altered content incorporated in a derivative version. Various exemplary identifier markup schemes indicative of a location or category of an alterable media content component may be implemented for audio, visual, and audio/video alterable content.06-11-2009
20080244753Instruction Transform for the Prevention and Propagation of Unauthorized Code Injection - A method and structure of instruction transformation. Applying the principals of biodiversity to instruction transformation applicable to devices and embedded systems and networks containing many devices not only protects individual devices from attack from unauthorized code, but additionally retards propagation of such unauthorized code to other devices in the system or network in communication with a potentially infected device.10-02-2008
20080244754System and Method for Software License Management for Concurrent License Management and Issuance - The present invention is a method and system for software license management. The License Management System (LMS) is comprised of three components. These three components are the License Client (LC), the License Server (LS) and the Network License Manager (NLM). For the system to function the LC and LS are required. The NLM exists to facilitate and manage concurrent license usage.10-02-2008
20080244755Authorization for media content alteration - A classification method and system for possible content alteration of a media work may include criteria regarding content that is feasible for alteration. Such criteria may be maintained in records that are accessible to an interested party. Some embodiments may include a record of authorization rights applicable to a possible content alteration. Some embodiment implementations may include a derivative version of the media work wherein substitute content, such as an alterable component element having one or more designated aspects, is associated with a real-world entity or person.10-02-2008
20100122349Systems and methods for preventing unauthorized use of digital content - Theft, distribution, and piracy of digital content (software, video, audio, e-books, any content of any kind that is digitally stored and distributed) is generally accomplished by copying it, if possible, or, if it is protected from being copied in any fashion, such piracy is based upon a number of reverse engineering techniques. Aside from the straightforward copying of unprotected content, all of these other methods require first an understanding of the protective mechanism(s) guarding the content, and finally an unauthorized modification of that protection in order to disable or subvert it. Methods which prevent a skilled individual from using reverse engineering tools and techniques to attain that level of understanding and/or prevent anyone from performing such modifications can offer significant advantages to content creators who wish to protect their products.05-13-2010
20120036583COMPUTER READABLE MEDIUM STORING PROGRAM, INFORMATION PROCESSING APPARATUS, AND METHOD - A computer readable medium stores a program for controlling access to electronically stored information. The program causes a computer to execute a process including receiving first user information indicating a first user who performs an operation of changing an access right, second user information indicating a second user having the access right, and operation information indicating the operation; extracting grantor information corresponding to grantee information representing the second user information from access right grantor/grantee correspondence information in which grantor information indicating a grantor who has granted an access right to perform an operation on information is related to grantee information indicating a grantee granted the access right by the grantor; determining whether or not the extracted grantor information represents the first user information; and changing the access right indicated by the operation information if it is determined that the extracted grantor information represents the received first user information.02-09-2012
20090094701On-Demand Physically Secure Data Storage - Safe deposit boxes, services, and methods for physically secure data storage are provided that include securing a network-enabled computer within a safe deposit box, receiving, in the network-enabled computer, data transmitted from a remote computer coupled for data communications with the network-enabled computer; and storing the data in the memory of the network-enabled computer. Securing a network-enabled computer within a safe deposit box may be carried out by providing a locked safe deposit box having the networked enabled computer stored within. Securing a network-enabled computer within a safe deposit box may be carried out by providing a lockable safe deposit box having the networked enabled computer integrated within.04-09-2009
20110197286PROCUREMENT AND AUDIT OF DIGITAL RIGHTS MANAGEMENT DATA - A method and computer program product to procure digital rights management (DRM) event data comprises collecting a first set of event data in one or more standardized event data formats, and communicating the first set of event data to an event data collection server for storage. A second set of event data may also be collected in one or more standardized event data formats, which is also communicated to the event data collection server for storage. The method and computer program product may also include storing the first set, and optional second set, of event data in a centralized repository, authorizing access to the event data, and responding to at least one query from an authorized audit computer to provide event data associated with at least one of the first set of event data and the second set of event data retrieved from the centralized repository.08-11-2011
20110197285Systems and Methods for Secure Transaction Management and Electronic Rights Protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”08-11-2011
20090254996Security module for audio/video data processing unit - The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterised in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.10-08-2009
20090064342SENSITIVITY-ENABLED ACCESS CONTROL MODEL - Apparatus, methods, and computer program products are disclosed that determine Rights to an entity. The disclosed technology maintains data structures representing a set of entities. These entities include protected-entities and sensitivity-entities. Each of the sensitivity-entities is associated with a respective sensitivity access-control-list. The sensitivity-entities include a first sensitivity-entity that is associated with a first sensitivity-access-control-list. A first protected-entity being one of one or more of the protected-entities associated with the first sensitivity-entity. The technology evaluates Rights to the first protected-entity with respect to the first sensitivity-access-control-list and enables access to the first protected-entity responsive to the Rights evaluation and presents the first protected-entity when access is enabled.03-05-2009
20090276858INFORMATION COMMUNICATIONS APPARATUS, SERVER, AND CONTENTS PROVISION METHOD - Providing an information communications apparatus, a server, and a contents providing method which fuel a user's willingness to browse, view, or purchase contents.11-05-2009
20110173704EFFECTUATING CLINICAL ORDERS UPON RECEIPT OF AUTHORIZATION FROM TWO PRIVILEGED CLINICIANS - Computerized methods and systems methods and systems in a clinical computing environment for effectuating clinical orders only upon receipt of an authorization from at least two privileged clinicians, i.e., two clinicians having appropriate ordering privileges, are provided. Upon receipt of an order from a privileged clinician that requires authorization by at least two privileged clinicians, such order is assigned a non-effectuated status until such time as the required review by one or more other privileged clinicians is completed. While in the non-effectuated status, the order is not exposed to clinicians or others that do not have appropriate ordering privileges to prescribe and/or authorize the order.07-14-2011
20090119782METHOD AND DEVICE FOR DIGITAL RIGHTS PROTECTION - Data stored in a memory are provided to a host by monitoring how the host accesses the data, and by responding to a deviation of the access from a dynamic access profile that corresponds to the data, e.g. by terminating the access, by issuing a report of the deviation, or by sending spurious data to the host. Preferably, the dynamic access profile is stored in the memory in association with the data. A data storage device includes a memory for storing the data and an access control mechanism.05-07-2009
20090007274Rights Engine Including Access Rights Enforcement - A location indicator indicative of a network address where a content item is located or a content item can be received from a rights holder. An indication of access rights, in a computer-readable, canonicalized format, to be associated with the content item is received from the rights holder. The content item or the location indicator is stored in association with the indication of access rights. A searchable repository can be provided to the content consumer. The searchable repository can be utilized by the content consumer to access the content item according to search parameters that comprise the indication of access rights associated with the content item. Transaction and content consumption events may be tracked to facilitate various functions, such as dynamic pricing models, access rights enforcement, and revenue tracking.01-01-2009
20110209226AV COMMUNICATION CONTROL CIRCUIT FOR REALIZING COPYRIGHT PROTECTION WITH RESPECT TO RADIO LAN - An AV communication control circuit suitable for a radio LAN-LSI in a radio AV transmission/reception device is formed by a copyright protection processing unit configured to carry out a copyright protection processing with respect to AV data entered from an AV stream signal line, a selection unit configured to select either one of AV data entered from an AV stream signal line through the copyright protection processing unit and AV data entered from a general purpose bus, and a transmission control unit configured to carry out control for transmitting AV data selected by the selection unit to a network.08-25-2011
20110209225DISPLAY CONTROL DEVICE, IMAGE PROCESSING DEVICE AND DISPLAY CONTROL METHOD - There is disclosed a technique capable of improving operatability for registered users and capable of displaying an interface screen for guest users with security levels maintained.08-25-2011
20110209224DIGITAL MULTIMEDIA ALBUM - A virtual or digital multimedia album. The digital album may include a collection of related media to provide virtually, what a traditional band album provides, and more. The digital album may include a set of digital audio files that replicate or substantially resemble the set of tracks found on a traditional album. Additional media, such as videos, lyric text, other text, images, and user-imported content may all be included in the digital album. The content initially provided with the digital album may be exclusively oriented to a single artist or music group. In this way, the digital album can create a much greater immersion into the themed music than a mere collection of digital audio files can provide.08-25-2011
20080250505Methods And Systems For Generating A Symbol Identification Challenge - The generation of a representation of a symbol that poses an identification challenge for an automated agent is disclosed. A symbol image of a symbol is generated. At least one non-symbol image is generated. A display mechanism is provided where the display mechanism is operable to display the symbol image and the at least one non-symbol image.10-09-2008
20080271157Evaluating removal of access permissions - Methods and systems are provided for controlling access to a file system. A record of actual accesses by users of the file system is maintained. Before a user is removed from a set of users or before a privilege for a set of users to access a data element is removed, it is determined whether the actual recorded accesses of the user are allowed by residual access permissions that would remain after implementing the proposed removal of access permission. An error condition is generated if the proposed removal of the access permission would have prevented at least one of the actual accesses. In another aspect of the invention, the system determines if the users would have alternate access to the storage element following implementation of the proposal.10-30-2008
20080282359SYSTEM FOR CONTROLLING WRITE ACCESS TO AN LDAP DIRECTORY - A method is provided to control access to a software application and, more particularly, to control access to a first software application using a second trusted application. The method comprises extracting data from a decrypted client request and determining a request type from the extracted data. The method further comprises ascertaining an entry type value from at least one of the extracted data and an entry and creating at least one string by prepending the entry type value to one or more attributes associated with the entry. Additionally, the method includes comparing the at least one string to one or more record entries to determine whether a client has permission to perform the request type.11-13-2008
20080282358Protecting Caller Function from Undesired Access by Callee Function - Disclosed is a method for restricting access of a first code of a plurality of codes of a first function from a second function. Thee method comprises calling the second function by the first function, addresses of the plurality of codes are stored in a stack page and colored in a first color (11-13-2008
20080282357Method and Device for Determining Whether an Application Should Access Protected Digital Content - A method and device for determining whether an application should access protected digital content. It is determined if a first indicator that is securely bound to the application corresponds to a second indicator that is securely bound to the protected digital content.11-13-2008
20080235807File System Operation and Digital Rights Management (DRM) - File system interaction with digital rights management (DRM) is facilitated by enabling one or more file system components to be DRM-aware. These one or more file system components may be part of a computer operating system. An exemplary system implementation includes: one or more processors; and one or more media in operative communication therewith, the media storing one or more file system components that are configured to provide content having DRM controls to a requesting program in either a raw form or a decrypted form in dependence on whether the DRM controls comprise simple DRM content controls or complex DRM content controls. In another exemplary system implementation, the one or more file system components are configured to provide files with simple DRM content controls to requesting applications in a decrypted form and to provide files with complex DRM content controls to requesting applications in an unaltered form.09-25-2008
20080235806Methods and Apparatus for Implementing Context-Dependent File Security - The present invention concerns methods and apparatus for implementing context-dependent security for files and other computer system resources. In particular, methods and apparatus of the present invention implement context-based permissions that are used in context-dependent file security. In examples of the present invention, the context-based permissions may allow access to a file only when an attempt to access the file is made at a certain time of day, or from an authorized computer system, or from a computer having a certain application program installed. In general terms, the context-based permissions may specify time, location and application information that either alone or in combination may be used to restrict access to a file.09-25-2008
20090038016Detecting And Reacting To Protected Content Material In A Display Or Video Drive Unit - A system and method to protect content material enforce copy protection by establishing a secure link (02-05-2009
20090328233SENDING LOG OF ACCESSED DATA PRIOR TO EXECUTING DISABLE COMMAND IN LOST COMPUTER - Prior to disabling itself in response to a disable command, a lost or stolen portable computer first constructs a log of data that has been accessed recently and sends the log to the rightful owner's address, so the owner knows specifically what data might have been compromised.12-31-2009
20080229429Data excess protection - Systems, methods, and computer program products that can be used concurrently or alternatively to detect errors in data as well as to protect access to data are provided. Embodiments enable a coherent data set (CDS) which is a data set guaranteed to be genuine and error-free at run-time. Embodiments provide systems, methods, and computer program programs to create a CDS, identify a CDS, and verify the coherency of a data set purported to be a CDS. Embodiments further enable privileged functions which are functions that can only be accessed by a restricted set of other privileged functions. Embodiments provide systems, methods, and computer program products to create, identify, and protect access to privileged functions.09-18-2008
20080289047ANTI-CONTENT SPOOFING (ACS) - A system to prevent content spoofing by detecting phishing attacks is provided. The system checks each webpage visited by a user and determines if the page is legitimate. To determine if a page is legitimate, the system employs fingerprints to check how similar the browsed page is with respect to an original page. If the similarity between browsed page and the original page is found to be more than a preset threshold, then the browsed page is considered to be a spoofed page. Access to the spoofed page is then either denied and/or an alarm is triggered.11-20-2008
20090313702CONTENT TRANSFER CONTROL - Some embodiments provide one or more of systems, methods, software, and data structures to control locations where files may be stored. Some such embodiments include receiving a request to perform a file management function affecting a location where a first file is stored and querying a repository of file management rules as a function of at least one of a file type of the first file, a location where the first file is stored, a destination of where the first file is to be stored, and an identity of a user to retrieve a first set of file management rules. These embodiments further include determining if the destination is an authorized location where the first file may be stored as a function of the first set of retrieved file management rules and preventing the file management function when the determining identifies that the destination is not an authorized location.12-17-2009
20080271159Method And System For Restricting Access To User Resources - A user's set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS), which controls access to a walled garden. The walled garden contains links to one or more servers providing network-based services. The client sends a request to the WGPS to access a service provided by a site in the garden. To provide the service, the site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The ACL is a bit-map that specifies which functions of the client's API can be invoked by code from the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The shell receives the message and extracts the ACL. The shell uses the ACL to determine whether the code has permission to execute any called functions in the API. If the code lacks permission, the shell stops execution and sends a message to the site indicating that the site lacks permission. Otherwise, the shell allows the code to call the function.10-30-2008
20080271158Authorized Domain Policy Method - The present invention relates to a method and a device for determining access to multimedia content from an entry identifier, in a domain which comprises a number of entry identifiers, and where the multimedia content is assigned an access number n indicating the number of entry identifiers which may access the multimedia content. This is obtained by accessing a domain list indicating at least some of said entry identifiers in said network domain and by further determining that the entry identifier may access said multimedia content if said entry identifier is between the n entries in said domain list determined by an evaluation rule.10-30-2008
20080271156METHODS AND SYSTEMS FOR SEARCHING PROTECTED DIGITAL CONTENT AND NON-PROTECTED DIGITAL CONTENT - A system is provided, the system includes a plurality of electronic devices, the electronic devices having protected digital content and non-protected digital content. The system further comprises a server coupled to the plurality of electronic devices. The server selectively searches the protected digital content and the non-protected digital content and provides a uniform view of search results.10-30-2008
20120198562DIGITAL WORKS HAVING USAGE RIGHTS AND METHOD FOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party.08-02-2012
20120198563DIGITAL WORKS HAVING USAGE RIGHTS AND METHOD FOR CREATING THE SAME - Digital work adapted to be distributed within a system for controlling at least one of the distribution and use of digital works. The digital work includes digital content representing a portion of a digital work suitable for being rendered by a rendering device and usage rights associated with the digital content. The usage rights specify a manner of use indicating one or more stated purposes for which the digital work can be at least one of used and distributed by an authorized party.08-02-2012
20130219515System and Method for Providing Tools VIA Automated Process Allowing Secure Creation, Transmittal, Review of And Related Operations on, High Value Electronic Files - Embodiments are described of systems and methods for the creation, transmittal, review of, and related operations on, as well as the prevention, detection, and such, of unauthorized manipulation (e.g., substitution) of, high-value data files, including electronic documents.08-22-2013
20130219514APPLICANT SCREENING - Systems and methods for screening applicants are disclosed herein. A method of screening applicants is performed by a screening server. The server begins by receiving a selection of screening services and an applicant profile that identifies an applicant. The screening continues by generating screening results specified by the selection of screening services based on the applicant profile. A property manager is then notified that the screening results are available for the applicant based upon the applicant profile. The screening results are then provided to the property manager based upon the applicant profile. Based on these screening results, the screener or property manager can make a decision about the applicant and communicate a decision action to the applicant.08-22-2013
20130219512APPARATUSES AND METHODS FOR PROCESSING FILE CONTENT USING DIGITAL RIGHTS MANAGEMENT (DRM) IN WEB BROWSER - An electronic device for processing file content using Digital Rights Management (DRM) is provided with a DRM agent, a plug-in, and a web browser. The DRM agent module processes DRM-protected content associated with an electronic file. The plug-in enables access of electronic file. The web browser includes a module which is to be invoked during loading of the DRM-protected content associated with electronic file and is installed with the DRM agent. Upon receiving a request for electronic file, the module determines whether electronic file is DRM protected. After determining that electronic file is DRM protected, the module activates the processing of the DRM-protected content by the DRM agent to obtain electronic file portion-by-portion such that the web browser directly accesses or uses a corresponding native player or a corresponding plug-in of the web browser to access electronic file with obtained portions, respectively.08-22-2013
20090158441SENSITIVE INFORMATION MANAGEMENT - Information is identified as sensitive and a lapsed time job (Chron Job) is created that will allow the deletion of sensitive information after a period of time. The interval could be set to be longer than vacation or other planned use, and yet short enough to limit the period where risk to the organization or individual is incurred. The Chron Job could be integrated with the user's calendar, such that the Chron Job considers holiday time as a means of delaying execution of the Chron Job which would allow a shorter interval to be selected. In addition to deletion of the information identified as sensitive, additional steps could also be taken, such as the purging of the recycle bin, modification of the FAT, and optionally the deletion of related information. Once information is identified as sensitive, the information and derivative works are tracked and managed.06-18-2009
20090187994Method and system for protecting a virtual community visitor from unauthorized social interaction - There is provided a method of protecting a virtual community visitor from unauthorized social interaction comprising receiving a request from the virtual community visitor seeking access to a virtual community content, determining whether the virtual community content includes at least one social interaction opportunity, prompting the virtual community visitor to provide a visitor identity if the virtual community content includes at least one social interaction opportunity, associating the visitor identity with a socialization level, and utilizing the socialization level in one or more permission database to regulate social interaction. In one embodiment, a system for protecting a virtual community visitor from unauthorized social interaction comprises a virtual community content server, and a processor configured to execute instructions included in a social interaction control software to associate a socialization level with the virtual community visitor and utilize the socialization level in one or more permission database.07-23-2009
20130219510DRM/CAS SERVICE DEVICE AND METHOD USING SECURITY CONTEXT - A DRM/CAS service device is provided. The device includes a registration service server that authenticates a device and an STP of the device and generates a device-based context according to a registration request and a DRM/CAS service request from the device; a DRM/CAS service server that receives the device-based context and generates DRM/CAS security contexts; and a DRM/CAS SW service server that receives the DRM/CAS security contexts, generates the DRM/CAS software package including the DRM/CAS security contexts and DRM/CAS software, and enables the DRM/CAS software package to be provided for the device. The DRM/CAS service device reduces the amount of processing and simplifies the process by installing and using content and service protection software, that is, DRM/CAS software by using a security context.08-22-2013
20090288173Method for controlling access to user-selectable content - A method of controlling access to user selectable content includes receiving, by a storage controller, an indication of an initial purchase transaction; and managing access to the pre-loaded content. The indication of the initial purchase transaction is associated with pre-loaded content in a storage that is controlled by the storage controller, the indication including user-selected identification of or criteria for delineating a particular portion of the pre-loaded content. The access management includes limiting the access to the particular portion of the pre-loaded content and making such limited access subject to and performed according to the indication of the initial purchase transaction.11-19-2009
20090144833INFORMATION PROCESSING DEVICE AND ITS CONTROL METHOD - According to one embodiment, an information processing device includes power section for supplying electric power to a system, a control section for controlling ON/OFF of the power section, a receiving section for receiving location information, a memory section for storing a first location information received by the receiving section when an instruction for booting the system is received, and a second location information received by the receiving section prior to receipt of the first location information, and a restriction section for executing restriction on the system when the control section determines that information, which is based on comparison of the first and second location information, matches a condition for restricting the system.06-04-2009
20090144834DATA PROCESSING CIRCUIT AND COMMUNICATION MOBILE TERMINAL DEVICE - A data processing circuit includes a rewritable nonvolatile memory and a controller performing nonvolatile memory control and external interface control. A first detector and a second detector are employed to detect respectively whether the operation of the data processing circuit deviates from a first operating condition and a second operating condition, wherein the second operating condition is severer than the first operating condition. When the first detector detects deviation from the first operating condition, reset is instructed to the controller. When the second detector detects deviation from the second operating condition, the controller backs up an internal state and imposes a restriction on external access to a storage region of the nonvolatile memory. Accordingly, when operation of the microcontroller deviates from specific operating conditions within an operation guarantee range and performance degradation is exhibited, an unauthorized access to the data inside the microcontroller can be suppressed.06-04-2009
20090025086METHOD FOR MAKING CONTENTS PUBLIC OR PRIVATE, INFORMATION PROVIDING SYSTEM, AND INFORMATION PROVIDING PROGRAM - Contents can be made public or private, when to be switched so, by designating a common file identifier before and after the switching. An information providing system reads a second file identifier related to a first file identifier, from a storage device (S01-22-2009
20090019552Healthcare Medical Information Management System - A medical information management system and corresponding methods are described for providing access to healthcare records. The system includes a database system comprising healthcare records of a patient, a healthcare workstation coupled to the database system and an authentication system comprising a processor coupled to the database system. The healthcare workstation is located at a treatment facility or point of treatment that is remote to the database system. The authentication system generates an image of a finger of the patient at the point of treatment, and generates from the image an identification number. The authentication system compares the identification number to a stored number corresponding to the patient, and authenticates the patient's identity when the comparison produces a match between the identification number and stored number. Access to the healthcare records is controlled via the healthcare workstation in response to authentication of the patient.01-15-2009
20090210948REMOTE COMPUTER REBOOTING TOOL - A method is presented for rebooting a local data processing entity requiring an access code to boot. The method may include receiving, on a local entity, an access code from a remote entity. The access code may be stored on an auxiliary device coupled to the local entity. The local entity may receive a reboot command from the remote entity and begin rebooting in response thereto. The auxiliary device may provide the access code to the local entity in response to the beginning of the reboot. The access code may then be deleted from the auxiliary device.08-20-2009
20090210947LICENSE CONSIGNMENT METHOD AND SYSTEM FOR PORTABLE DEVICE - A license consignment method and system for a portable device playing a right-protected content with a license is provided for improving utilization reliability and manageability of a license by enabling a license server to manage the license consigned by the portable device. The method includes selecting a license to be consigned to a license server, transmitting the license server license information corresponding to the selected license, and transmitting, when the license is not downloaded in a certain time, a download trigger message to the portable device.08-20-2009
20090210946Media markup for promotional audio content - A classification method and system for possible content alteration of a media work may include criteria regarding content that is feasible for alteration. Such criteria may be maintained in records that are accessible to an interested party. Some embodiments may include a record of primary authorization rights applicable to a possible content alteration. A further embodiment feature may include a record of secondary authorization rights applicable to substitute altered content incorporated in a derivative version. Various exemplary identifier markup schemes indicative of a location or category of an alterable media content component may be implemented for audio, visual, and audio/video alterable content.08-20-2009
20090199303CE DEVICE MANAGEMENT SERVER, METHOD OF ISSUING DRM KEY BY USING CE DEVICE MANAGEMENT SERVER, AND COMPUTER READABLE RECORDING MEDIUM - Provided are a method of issuing a DRM (digital rights management) key by using a CE (consumer electronics) device management server. The method includes: authenticating the CE device; if authentication of the CE device succeeds, transmitting a request for issuing the DRM key to a key server for storing and managing the DRM key; receiving the DRM key from the key server; and transmitting the DRM key to the CE device. Thus, the CE device can conveniently and safely receive the DRM key.08-06-2009
20090199302System and Methods for Granular Access Control - A method and system for granular access control. An access control system allows a user or administrator to restrict access to electronic documents on a granular basis. Access may be restricted for individual data objects, types of objects, or even on a byte-by-byte basis. When a user attempts to access the electronic document, the access control system determines what parts, if any, of the document the user is permitted to access, and retrieves only those parts for access by the user. Data objects may include, for example, audio, video, graphics, or text.08-06-2009
20090199301METHODS TO DEFEND AGAINST TAMPERING OF AUDIT RECORDS - Embodiments of the invention provide systems and methods for maintaining audit records for a database or other resource. According to one embodiment, a method for maintaining audit records for a database can comprise detecting an operation involving at least one record of the database. An audit record can be generated for the operation and the audit record can be stored in an audit table in the database. Insert operations and select operations for the audit table can be supported but other operations for the audit table can be prohibited. Additionally or alternatively, creation of more than one audit table having a same name and schema can be prevented.08-06-2009
20090083858METHOD OF PROTECTING A PASSWORD FROM UNAUTHORIZED ACCESS AND DATA PROCESSING UNIT - A method of protecting a password from unauthorized access and a data processing unit are provided. An embodiment of the method of protecting a password from unauthorized access comprises storing data representing at least a portion of a password in a memory, assigning the data to at least one of a plurality of instructions, storing the plurality of instructions as processor executable code in the memory, and preventing read-out of the processor executable code as data from the memory.03-26-2009
20090064343ACCESS CONTROL METHOD AND A SYSTEM FOR PRIVACY PROTECTION - A method for protecting information in a distributed stream processing system, including: assigning a principal label to a processing component; assigning a first channel label to a first communication channel that is input to the processing component; comparing the principal label to the first channel label to determine if the processing component can read data attributes of the first channel label; and reading the data attributes of the first channel label when the principal label is equal to or has precedence over the first channel label, wherein the principal label includes a read label and a write label and at least one of a selection label, an addition label or a suppression label.03-05-2009
20090064344METHOD AND APPARATUS FOR MANAGING DIGITAL RIGHTS MANAGEMENT RIGHTS OBJECTS - Provided are a method and apparatus for managing digital rights management (DRM) rights objects, and more particularly, to a method and apparatus for downloading and managing DRM rights objects by accessing a device, which does not support DRM technology, using a universal plug and play (UPnP) network. The method includes requesting a media server, which has downloaded specified content, to provide meta information of the content; determining whether to download a rights object for the content based on the meta information of the content; requesting an approval for the download of the rights object if it is determined to download the rights object; and providing the downloaded rights object to the media server.03-05-2009
20090064341Technique for registering a device with a rights issuer system - A technique for registering a device (03-05-2009
20090070884METHOD, SYSTEM AND DEVICE FOR SECURED ACCESS TO PROTECTED DIGITAL MATERIAL - A method, system and device for providing secure access to multimedia content received by a networked digital storage device, such as a set-top box. A mobile device, such as a mobile telephone, obtains appropriate security binding information and application software when coupled to the networked digital storage device at its end user location. The mobile device uploads the security binding information to a randomly located temporary hosting device at its place-shifted location when coupled thereto and, through a logical binding with the temporary hosting device, enables a secure, remote session. The secure binding and transfer of appropriate keys allow the remote hosting device to securely access premium or protected digital material/services available at the networked digital storage device. After completion of the secure, remote access session, termination occurs and the security binding information and the computing activity residue can be removed from the mobile device and the temporary hosting device.03-12-2009
20110231939MEMORY CARD WITH EMBEDDED IDENTIFIER - A software installation system comprises an interface component that receives a request to access data resident upon a flash memory card. An installation component compares a unique identifier associated with the data with a unique identifier embedded within the flash memory card, and the installation component determines whether to allow access to the data based at least in part upon the comparison. The installation component prohibits access to the data if the unique identifier associated with the data does not match the unique identifier embedded within the flash memory card.09-22-2011
20080320600SECURE DOCUMENT MANAGEMENT SYSTEM AND APPARATUS - A system for authenticating digital files includes an electronic device having means for handling digital files. The electronic device has a unique, hard encoded, device identifier. The system further includes a security key for interacting with the electronic device, the security key having a unique, hard encoded, key identifier. The electronic device further includes means for verifying a predetermined key-to-device association of the key identifier to the device identifier, means for refusing access to the electronic device upon unsuccessful key-to-device association verification, and means for associating both the device identifier and the key identifier with at least one of the handled digital files.12-25-2008
20090222929METHOD, PROGRAM, AND SERVER FOR BACKUP AND RESTORE - A recording device which backs up a content α in a recording medium and a recording device which restores the content are registered in a server so as to belong to the same domain group. When the recording device tries to restore the content, the restore is permitted only when both the recording devices belong to the same domain group. When there is a refresh request of the domain group, the domain group is invalidated only when a refresh period has passed. When a refresh number recorded in the recording device is less than or equal to the refresh number recorded in the recording device, the recording device backs up and locally merges the content recorded in the recording device into the recording medium.09-03-2009
20090254997Method and apparatus for content rights management - The instant invention relates to a method and apparatus for restricting access to digital content through the use of an exemplary form of digital encryption which ties the delivered content to a user, a specific destination device, a specific network, or one or more of the above. Specifically, the encryption/decryption keys are unique in each content consumption session, whether download or stream, which permits the content owner to provide multiple levels of access, i.e. different users may purchase different levels of access to the same content. For example, one user might want to use content on multiple playback devices, while another user might only need access on a single playback device.10-08-2009
20090254998WEB-BROWSER BASED GRID COMPUTING SYSTEM - A system and method for web-based grid computing are disclosed herein. A method for web-based grid computing includes receiving a data component request from a node computer of a grid computing system. The request indicates that the node computer is configured to process the data component as a part of the grid computing system. A data component is sent to the node computer in response to the request. The data component is configured to be processed by a grid computing system web-based processing program executing in a web browser of the node computer. A grid computing client program is provided that is included on a web page accessed by the node computer. The client program is configured to be executed in the web browser of the node computer, and when executed causes the node computer to operate as a part of the grid computing system.10-08-2009
20090254995CLIENT CONTROLLED LOCK FOR ELECTRONIC DEVICES - An electronic device can be locked and secured by activating a hardware locking mechanism on the device. The locking mechanism is controlled by a locking policy that is defined and implemented from the client side. If the locking mechanism is activated, then the device operates in a limited mode of operation instead of in a normal mode of operation. The locking mechanism can be deactivated, placing the device into the normal mode of operation, when a specified condition is satisfied.10-08-2009
20090133129DATA TRANSFERRING METHOD - A method of transferring data is provided. The method of transferring data in a data interoperable environment includes: receiving a data transmission request message for requesting the data to be transmitted from a client to at least one destination; gathering information on entities which are to participate in the transmission of the data; and forming a plurality of chains including at least two entities based on the gathered information on the entities and transmitting the data to the at least one destination through the plurality of chains. Accordingly, it is possible to effectively transmit data using multi-chains in a DRM interoperable environment.05-21-2009
20090133128IMAGE PROCESSING APPARATUS AND REINSTALLATION METHOD THEREFOR - An image processing apparatus includes an installation unit configured to install an application for image processing and license information regarding the application, an information setting unit configured to set, as threshold information, operation restriction information, which is included in the license information, regarding the application, a counting unit configured to count operation information regarding an operation of the application, an application operation restriction unit configured to restrict an operation of the application according to the threshold information and the counted operation information, a reinstallation unit configured to reinstall the application, and an information setting control unit configured to inhibit the information setting unit from setting, as the threshold information, the operation restriction information, which is included in the license information, regarding the application reinstalled by the reinstallation unit.05-21-2009
20100162410DIGITAL RIGHTS MANAGEMENT (DRM) CONTENT PROTECTION BY PROXY TRANSPARENCY CONTROL - Embodiments of the present invention provide a method, system and computer program product for protecting digital content through visual proxy transparency control. In an embodiment of the invention, a method for digital content access control for multi-party rights management can be provided. The method can include creating a transparent overlay window over a target window, identifying permissions associated with digital rights management (DRM) protected content rendered in the target window, intercepting in the transparent overlay window a user interface event for a portion of the target window displaying the DRM protected content, and quashing the user interface event if permissions associated with the DRM protected content do not allow access to the DRM protected content, but otherwise passing the event to an event handler for the target window.06-24-2010
20080307531Method for Optimizing Reconfiguration Processes in Mobile Radio Network Having Reconfigurable Terminals - Access-protected memory zones in network elements are localized in an operator's network that supporting the reconfiguration of SDR terminals in combination with protected data transmission methods which include methods for authenticating and authorizing the communication partners and for communicating in a protected manner, especially to protect integrity and confidentiality. Such access-protected data is provided by the terminal and is transmitted to the radio access network in the framework of negotiations and is temporarily stored therein or is generated directly in the RAN in the framework of processes related to the terminal. The generation and management of access-protected memory zones by the network operator result in a massive relief of the load to which the air interface is subject while also significantly alleviating the network infrastructure with regard to signaling.12-11-2008
20080307532SECURELY MAINTAINING COMMUNICATIONS NETWORK CONNECTION DATA - An apparatus and computer-readable medium for securely maintaining communications network connection data is disclosed. According to one embodiment, an apparatus is disclosed according to which a user is prompted for network element address substitution data which specifies a substitute network element address for a network element address associated with a network element of a first communications network. The network element address substitution data is then stored within a first storage element, wherein access to the first storage element outside of the first communications network is restricted. Connection monitor data associated with the first communications network is processed utilizing the network element address substitution data. According to the described embodiment, such connection monitor data processing includes a means for identifying metadata of the connection monitor data which specifies the described network element address, and a means for substituting the metadata with metadata which specifies the substitute network element address.12-11-2008
20120246737METHOD FOR GENERATING A HUMAN LIKENESS SCORE - One embodiment of the invention is a method utilizing a CAPTCHA to generate a human likeness score including blocks: a) receiving a user solution to the CAPTCHA; b) receiving a user interaction pattern descriptive of an interaction undertaken by the user, through a graphical interface of the CAPTCHA, to achieve the user solution; c) determining the accuracy of the user solution; d) comparing the user interaction pattern against an interaction model generated from interaction patterns of previous users; e) calculating the human likeness score based upon the determination of block c) and the comparison of block d), wherein the human likeness score lies within a continuum of human likeness scores.09-27-2012
20100263056SYSTEM AND METHOD FOR REDISTRIBUTING AND LICENSING ACCESS TO PROTECTED INFORMATION AMONG A PLURALITY OF DEVICES - A method and apparatus of encouraging distribution, registration, and purchase of free copyable software and other digital information which is accessed on a User's System via a Programmer's Program. Software tools which can be incorporated into a Programmer's Program allow the User to access Advanced Features of the Programmer's Program only in the presence of a valid Password which is unique to a particular Target ID generated on an ID-Target such as the User's System. Advanced features will thus re-lock if the Password is copied to another ID-target. If a valid Password is not present, the User is invited to obtain one, and provided with the means of doing so, and of installing that Password in a place accessible to the User's System on subsequent occasions. The present invention also provides Programmers with means to invoke business operations as well as computational operations with their programs, and thus to automatically obtain payment from Users who elect to obtain passwords.10-14-2010
20100263057SYSTEM AND METHOD FOR MANAGING TRANSFER OF RIGHTS USING SHARED STATE VARIABLES - A method, system and device for transferring rights adapted to be associated with items from a rights supplier to a rights consumer, including obtaining a set of rights associated with an item, the set of rights including meta-rights specifying derivable rights that can be derived from the meta-; determining whether the rights consumer is entitled to the derivable rights specified by the meta-rights; and deriving at least one right from the derivable rights, if the rights consumer is entitled to the derivable rights specified by the meta-rights, wherein the derived right includes at least one state variable based on the set of rights and used for determining a state of the derived right.10-14-2010
20100186095METHOD AND SYSTEM FOR GAP BASED ANTI-PIRACY - In order to achieve a more robust level of piracy protection, a gap protection scheme is utilized. This protection scheme may utilize the notion of a gap, which may comprise any entity or component that is withheld from a distribution that is required in order to run or execute a software title or is required in order to play and enjoy any other type of protected asset.07-22-2010
20100263055METHOD AND SYSTEM FOR CONTROLLING THE USE OF AN ELECTRONIC DEVICE - A system and method for controlling the use of an electronic device by at least one user, comprising means for verifying if at least one restriction condition related to the use of the electronic device is satisfied; means for applying a restriction action to the electronic device for constraining its use; means for variably determining at least one non-agreed request to the user; means for doing the determined non-agreed request accessible to the user; means for receiving a non-agreed input from the user in response to the request; means for verifying if the received non-agreed input from the user corresponds to the expected input; and means for cancelling the restriction action applied to the electronic device.10-14-2010
20090077672DEPICTION TRANSFORMATION WITH COMPUTER IMPLEMENTED DEPICTION INTEGRATOR - Systems and methods providing computer implemented depiction encoding production constructed from one or more depictions, where, for each of one or more depictions, an encoding collection encoding a narrative account is chosen from the depiction, and where, for each chosen encoding collection, an encoding collection is established from the chosen encoding collection, where one or more expression styles from the chosen encoding collection may be replaced with different corresponding expression styles, and where a depiction encoding is assembled from the established encoding collections, such that the narrative account encoded in the assembled depiction encoding is comprised of the narrative accounts of the chosen encoding collections.03-19-2009
20090077671PROTECTION OF SOFTWARE ON PORTABLE MEDIUM - A portable rewritable medium and a method are provided for preventing unauthorized use of executable software stored on the portable rewritable medium. A portion of the software stored on the portable rewritable medium may include instructions for a processing device to determine whether execution of the executable software is permitted. If execution of the executable software is permitted, the processing device may execute the executable software directly from the portable rewritable medium. Characteristics of the portable rewritable medium may be checked to determine whether functionality of the executable software is to be limited.03-19-2009
20090077670E-commerce store management user interface for performing Web site updates - A method for an e-commerce storefront management user interface to enable efficient updating of the Web pages of the storefront. The method begins with the step of accessing a Web page out of a plurality of Web pages of an e-commerce Web site. Log in information is then submitted to the Web site. The log in information can include an authentication to obtain privileges for modifying the Web pages of the Web site. Once logged in, an item on the Web page is selected for editing and modification. The selected item is then edited and the edited data is submitted. Once received by the Web site, an updated version of the Web page is provided for viewing and verification of the edited item. The steps are performed using a Web browser on a client machine to access the Web site and view the Web pages. The logged in manager can be required to log out of the Web site prior to receiving the updated version of the Web page. The updated version of the Web page is viewed using a Web browser to verify the appearance of the edited item, the appearance being the same as the appearance to a standard user accessing the updated version of the Web page. A workflow notification request can be automatically generated in order to obtain an approval of the updated version of the Web page, wherein the updated version of the Web page is not provided until the approval is obtained.03-19-2009
20100229244TRAFFIC MANAGER FOR DISTRIBUTED COMPUTING ENVIRONMENTS - Techniques suitable for facilitating communications between various computer programs operating on various nodes in a distributed computing environment are disclosed. The techniques can be used by a traffic manager operating in such environments. The traffic manager is capable of monitoring traffic exchanged between client and server programs operating in the distributed computing environment. Moreover, the traffic manager can be used to implement a variety of desirable features across different computing environments. These computing environments are typically separated by one or more distinguishing characteristics. As will be appreciated, the traffic manager provides an integral and cost effective solution which can bridge these distinguishing characteristics as well as define and enforce policies across disparate computing environments. This is achieved by centralizing the generation of interfaces which allow interaction between any of the nodes in a distributed computing system. This avoids the redundancy and inefficiency inherent in building these capabilities in each node, particularly in complex systems.09-09-2010
20100218261ISOLATING PROCESSES USING ASPECTS - A system and method for receiving a request to load a computer application into a memory for execution, analyzing the computer application to identify one or more join points, injecting aspect computer code into the computer application at the one or more join points, wherein the aspect computer code to regulate the execution of restricted operations initiated by the computer application based on a restricted operations profile associated with the aspect computer code, and executing the computer application having the aspect computer code injected therein.08-26-2010
20100242120Mitigating and managing privacy risks using planning - System and methods are provided for managing and mitigating privacy risks in a system having a network of processing elements. According to one method, there is receive a request for at least one output product from the system. The request includes a set of privacy parameters. At least one set of workflow generating strategies are created that results in the output product having a privacy risk value below a predefined threshold. At least one of the workflow generating strategies is deployed for automatically producing the at least one output product.09-23-2010
20100212024DIGITAL VIDEO SYSTEM USING NETWORKED CAMERAS - A digital video system including a computer connected via a network to a number of video servers and cameras. The computer includes a program that provides a grid of display windows, each of which displays an image received from the camera associated with that window. The program sequentially polls each camera, accessing and displaying an image from the camera in its associated window. The program can access the cameras at different frame rates. The program stores image streams in a single file, concatenating each successive image onto the end of the file. The file is then indexed using SOI and EOI markers to permit fast access to individual images within the file. The program can monitor received video and automatically start recording upon detecting motion within the video stream. Motion detection is implemented by comparing color component values for pixels from different images.08-19-2010
20100212023SHORTCUT MANAGEMENT UNIT AND METHOD, AND STORAGE MEDIUM - A shortcut management device capable of improving user-friendliness of a portal application. The shortcut management device is capable of executing shortcuts which use functions of an electronic apparatus, and manages at least part of the functions used by the shortcuts. A storage unit registers shortcuts. An invalidation detecting unit detects that the license is invalidated. A retrieval unit retrieves a shortcut made inexecutable in association with the license of which the invalidation is detected. An invalidation unit invalidates the retrieved shortcut.08-19-2010
20100212022DEVICE AND METHOD FOR DIGITAL RIGHTS MANAGEMENT - A digital rights management method includes: storing information on a rights object in a memory area, wherein the rights object has been transferred from a first device to a second device, and wherein the rights object includes permissions linked to a digital media object; receiving a rights object at the first device; and accessing the memory area to check whether information on the received rights object is stored in the memory area and to set up the received rights object on the first device in case the information on the received rights object is not stored in the memory area, and to reject the received rights object in case the information on the received rights object is stored in the memory area.08-19-2010
20100212021Decrement software - Computer system that detects license characteristics, and detects if the use of specified software is within those license characteristics. If not, the software use is limited to less than the specified use. This allows all versions of the software to have all features, but limits the amount by which those features can be used.08-19-2010
20100138931METHOD AND SYSTEM FOR REAL TIME CLASSIFICATION OF EVENTS IN COMPUTER INTEGRITY SYSTEM - Method and system using a designated known secure computer for real time classification of change events in a computer integrity system are disclosed. In the embodiment of the invention, the known secure computer is dedicated for providing permissible change events, which are compared with change events generated on client operational computers. An alert is raised when the change event at the client operational computer and the respective permissible change event provided by the known secure computer differ.06-03-2010
20100251384System for a digital content distributing service and the method thereof - A method and system for a digital content distributing service, wherein the system comprises a central broadcast station, an audit trails unit, and a distributing control unit. The central broadcasting station includes at least one unicast streaming server, at least one multicast streaming server, and a digital content storage unit, wherein the digital content storagre unit provides a plurality of digital contents to be displayed for consumers connected to the central broadcasting station via a transmission media. The audit trails unit receives and records the individual expenditure information of consumers. The distributing control unit controls the distribution of the digital contents in accordance with the individual expenditure information of consumers, wherein when consumers watch one identical digital content, the distributing control unit will determine to distribute the identical digital content to the consumers by the at least one unicast streaming server or the at least one multicast streaming server.09-30-2010
20100100967SECURE COLLABORATIVE ENVIRONMENT - A secure collaborative environment to facilitate the sharing of confidential information between organizations, which can be used in conjunction with existing infrastructure.04-22-2010
20090282492INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - A main control unit acquires a security attribute of object data and a security attribute of a storage destination directory and compares the acquired security attributes. The main control unit determines whether target object data is storable based on the comparison result. If the main control unit determines that the target object data is not storable, the main control unit presents alternative options.11-12-2009
20090328234METHOD AND SYSTEM FOR PERFORMING INTEROPERABLE DIGITAL RIGHTS MANAGEMENT AMONG DIFFERENT OPERATING SYSTEM PLATFORMS - A method for performing interoperable digital rights management among different operating system platforms is disclosed. Digital rights management programs are coded and compiled based on specific operating systems. Directories and auto-run folders relating to the directories for the compiled digital rights management programs are set up in a memory device of an electronic device. The compiled digital rights management programs are stored in the auto-run folders, respectively. When the memory device is inserted in the electronic device, an auto-run function of an operating system of the electronic device is automatically activated to select an auto-run folder, and one of the compiled digital rights management programs stored in the selected auto-run folder is accessed and executed.12-31-2009
20100031371System and Method for Handling Peripheral Connections to Mobile Devices - Systems and methods for establishing a data connection between a mobile device and a peripheral. The mobile device is configured to determine whether to handle user approval of the data connection between the mobile device and the peripheral. Through the mobile device, an input mechanism is provided for the user to provide input. The input is used in determining whether to approve the data connection between the mobile device and the peripheral.02-04-2010
20100031369SECURE DISTRIBUTED ITEM-LEVEL DISCOVERY SERVICE USING SECRET SHARING - A method and a system for a secure distributed item-level discovery service using secret sharing. The discovery service publishes a plurality of uniform resource locators that correspond to a resource identification key on a plurality of servers in a P2P ring. A uniform resource locator (URL) is split in a plurality of shares applying a secret sharing algorithm. For each share of the URL is generated share identifier by applying a hash function to the resource identification key. A share identifier is sent to a target node through a first proxy node applying Peer-to-Peer (P2P) routing. A share of the URL, corresponding to the share identifier is sent to the target node through a second proxy using a network address of the target node. Access rights for reading the share of the URL from the target node are published in an access control node.02-04-2010
20110067113Classification Separation Router - A method and system are provided to classify and convey data to satisfy a client request. The classification system is a two dimensional data classification system, including a first dimension pertaining to subject matter and a second dimension pertaining to data security. A partition is dynamically created, and data that satisfies the request populates the created partition to convey parsed data based satisfying both dimensions of the request.03-17-2011
20090249492Fabrication of computer executable program files from source code - A method for protecting a computer program against manipulation and for shielding its communication with other programs against eavesdropping and modification is presented. The method comprises the creation of individualized program copies to different groups of users, the insertion of or the derivation of individual cryptographic keys from the program code, the obfuscation of the program code, and the self-authentication of the program towards other programs. The method is suitable for the protection of online banking, online investment, online entertainment, digital rights management, and other electronic commerce applications.10-01-2009
20090307781PROGRAM EXECUTION CONTROL METHOD, ITS DEVICE, AND EXECUTION CONTROL PROGRAM FOR SAME - Provided are a program execution control method, its device, and an execution control program safely executing an application program containing an untrusted code while reducing overhead. Execution environment creating means (12-10-2009
20090320141DOCUMENT DATA SECURITY MANAGEMENT METHOD AND SYSTEM THEREFOR - The present invention discloses a system for document security control to improve the security of document data, and the system comprises: an application, embedded in a machine readable medium, which performs a security control operation on abstract unstructured information by issuing an instruction to a platform software; the platform software, embedded in a machine readable medium, which accepts the instruction from the application and performs the security control operation on storage data corresponding to the abstract unstructured information; wherein, said abstract unstructured information are independent of a way in which said storage data are stored.12-24-2009
20090113558PROGRESSIVE BOOT FOR A WIRELESS DEVICE - Techniques for performing progressive boot to reduce perceived boot time for a wireless device are described. Program codes to be stored in a bulk non-volatile memory may be partitioned into multiple code images. A first code image may include program codes used to support basic functionality of the wireless device. A second code image may include the remaining program codes. For progressive boot, the first code image may be loaded first from the bulk non-volatile memory. Once the first code image has been loaded, the wireless device may be rendered operational and may appear as functional to a user. While the wireless device is operational, the second code image may be loaded from the bulk non-volatile memory as background task and/or on-demand as needed.04-30-2009
20080244752Detection of Physical Movement For Document Sharing - A system for using accelerometer-based detection of physical movement for document sharing provides easy and intuitive ways to securely share documents, even without passwords, between computing devices. The system of the present invention includes: at least two computing devices that each have a motion detection device capable of detecting sudden movements and generating a unique signature. The unique signature can then be used to generate signatures or shared secrets for controlling the transfer of data between devices. The motion detection device is capable of detecting sudden movement such as the tapping of the two computing devices together, tapping a stack of computing devices, tossing a computing device in the air. The system may optionally include an intermediary device such as a server for transferring the documents or files between computing devices such that only a small decryption key and file pointer is needed to share records between computing devices. The present invention also includes a novel method for accelerometer-based detection of movement for transferring data between computing devices.10-02-2008
20090038018INFORMATION PROCESSING APPARATUS, CLIENT DEVICE, AND LICENSE MANAGEMENT SYSTEM - A license issuing server manages information about a plurality of software applications including an installable software application and a yet uninstallable software application, such as an unreleased software application, in association with a product code. Upon receiving a request for a license file which can identify the product code from a client device, the license issuing server generates a plurality of license files corresponding to information about a plurality of software applications managed in association with the product code and collectively issues the license files to the client device.02-05-2009
20090070886METHOD FOR SECURELY DELIVERING AUDIOVISUAL SEQUENCES, DECODER AND SYSTEM THEREFOR - A method for delivering a nominal audiovisual stream including nominal coefficients to a receiving site including a secure gateway includes modifying, in the nominal audiovisual stream, at least one nominal coefficient among the nominal coefficients to generate a main digital stream; generating complementary information so that the nominal audiovisual stream is implemented from the complementary information and main digital stream at the receiving site; performing cryptographic operations on the secure gateway with the complementary information; and causing the gateway to transmit the complementary information to an audiovisual processing peripheral to enable the nominal audiovisual stream to be implemented at the audiovisual processing peripheral.03-12-2009
20100293619LICENSE MANAGEMENT SYSTEM AND LICENSE MANAGEMENT METHOD - An information processing apparatus that acquires a license from a license server and installs application software permitted by the license and executable by a virtual server that operates on the information processing apparatus determines a license type of the application software according to whether the license type is in a unit of the information processing apparatus unit or in a unit of the virtual server, transmits the license type to the license server, and acquires a license to execute the application software from the license server.11-18-2010
20100293620IDENTIFICATION, STORAGE AND DISPLAY OF LAND DATA ON A WEBSITE - Disclosed is a land website that provides a personalized database on which data can be stored, retrieved, customized and communicated (e.g., by e-mail) relating to a particular piece of property. The database can be accessible via a password and a security code over the Internet and may be encrypted for transmission. Land websites can be established that contain image data, map libraries, virtual tours, legal descriptions, title information, e-documents, actual pictures of property and various other information. Unique 3-D imaging of composite images can be provided on the land website as well as fly-around composite 3-D images. The land website provides a unique way of packaging information relating to a piece of land in a single, accessible location. A boundary applet tool is provided on the land website portal that allows a user to simply and easily draw boundaries around the property of interest and then submit an order for more detailed information about the property of interest. Various map data and image data are provided to assist the user in drawing the boundaries. Acreage amounts are automatically calculated based upon the size and area drawn by the user. Properties of interest can be easily accessed by a global coordinate system or by searching on map data that is provided on a wide range of scales.11-18-2010
20130133081SYSTEM AND METHOD FOR AN ELECTRONIC READER THAT ALLOWS ACCESS TO ADDITIONAL CONTENT AND TOOLS - A method, system and non-transitory computer-readable medium are provided for controlling display of content on an electronic device with a touch screen display, which content may, in response to detection of a squeeze gesture, be reduced on the display screen to reveal additional content, tools and features associated with the one or more pages of the content.05-23-2013
20130133082DIGITAL RIGHTS MANAGEMENT LICENSE ARCHIVING - An arrangement is provided where a media server temporarily stores a DRM license that is associated with downloaded media content prior to copying the DRM license to a physical archival medium such as an optical disc. When the media server confirms that the DRM license is successfully copied to the physical archival medium, it destroys the temporarily stored DRM license.05-23-2013
20130133083MEDIATION PROCESSING METHOD, MEDIATION APPARATUS AND SYSTEM - A disclosed mediation apparatus collects data of transactions between a provider holding data of a user and a terminal of the user, for authorizing utilization of the data of the user by a consumer, and stores matching data to determine whether response data received from the provider at next time and subsequent times is substantially the same as the response data previously received and reply data used when sending answer data to the provider into an automatic response data storage unit. Thus, the mediation apparatus automatically respond on behalf of the terminal of the user at the next time and subsequent times. Therefore, it is possible to simplify user operations.05-23-2013
20130145480E-MAIL WITH SECURE MESSAGE PARTS - A method for preventing a recipient of an electronically transmitted message from taking at least one action in relation to the message is disclosed. The message has at least two parts with one of the parts having a higher level of security than the other part. The method includes the step of extracting information from the message. The information indicates that the higher level security part is not permitted to have the action taken on it while the other part is so permitted. The method also includes the step of preventing the higher level security part from having the action taken on it in reaction to said recipient making an offending request.06-06-2013
20110030067APPARATUS AND METHOD FOR CONTROLLED SHARING OF PERSONAL INFORMATION - An apparatus and method for controlled sharing of personal information are provided which allow confident and accurate indications of, and alterations to, the level of personal information being shared by all personal information sharing capable (i.e. source) applications of a portable electronic device. Controlled personal information sharing is achieved through the application of sharing modes which are enabled through the cooperation of a plurality of applications which share personal information, a detecting module which detects requests to control the continued sharing of personal information and a controlling module controls the continued sharing of personal information by the plurality of applications. A universal sharing toggle is provided which allows a user of a portable electronic device to control the sharing of all personal information by the device. A personal information sharing icon is provided which gives a user of a portable electronic device a quick indication of the present state of the device's sharing mode. In cooperation, the universal sharing toggle and personal information sharing icon provide a user of a portable electronic device with a highly useable and efficient mechanism to control the amount of privacy provided by the device by restricting or allowing personal information to be shared.02-03-2011
20110035810SYSTEM AND METHOD FOR GRANTING ACCES TO AN ITEM OR PERMISSION TO USE AN ITEM BASED ON CONFIGURABLE CONDITIONS - A method, system, device, and computer program product for processing plural rights expressions associated with an item for use in a system for controlling use of the item in accordance with the rights expressions, including receiving a request to use an item, the item having associated rights expressions governing use of the item; returning one or more rights expressions including conditions that must be satisfied in order to use the item; and processing the returned rights expressions in a manner to facilitate selection of the returned rights expressions in order to use the item in accordance with the selected rights expressions.02-10-2011
20110035807Devices and Methods of Clustered Displays - Disclosed are devices and methods of communication devices that are configured to be a part of clustered displays. A communication device may be a mobile communication device. Such a device may include a cluster module configured to determine that the device is a license owning unit, a content module configured to receive data including content via a transceiver when it is determined that the device is a license owning unit and a distribution module configured to transmit output data via a transceiver, the output data being at least one portion of the data. The license owning unit is determined based on the reception characteristics of the devices of the cluster. The distribution by the license owning unit to other devices in the cluster is at the lowest resolution of any of the devices of the cluster.02-10-2011
20110113492METHOD FOR CONTROLLING THE USE OF A CONDITIONAL ACCESS CONTENT AND MULTIMEDIA UNIT FOR IMPLEMENTING SAID METHOD - The present invention concerns a method for controlling the use of a conditional access content (C05-12-2011
20110119769Rechargeable Media Distribution and Play System with Tracking Cookies - An electronic media distribution/play system includes a service facility that has a communications network interface and maintains a data file catalog. The catalog is sent over the network to requesting users, and the system processes payments from customers in establishing file access authorizations. Encrypted user-selected files and a player program are transmitted to each customer for metered access to received data files as limited by the authorization, and customers can make additional selections and play the encrypted files freely while the authorization remains established. The system can transmit the data files from local storage, and also provide links to encrypted files that are stored at remote vendor facilities. Authorizations can be for selected portions or class levels of the catalog, and for terms measured as calendar time, play time, and collective number of plays. Also disclosed is a method for facilitating the distribution and accessing of electronic files.05-19-2011
20110119767CONTENT BINDING AT FIRST ACCESS - A method and system of binding content at first access is disclosed. A non-volatile storage device may provide a content access script and a content binding script in order to access protected content. An accessing application may attempt to access the protected content by executing a content access script. The accessing application must have permission to access and execute the content access script. If the accessing application cannot access or execute the content access script, the accessing application may access and execute the content binding script. The content binding script contains instructions that enable the accessing application to successfully execute the content access script. The content binding script, when executed, may disable itself from being executed again by moving critical information associated with the access to protected data. Thus, the content binding script may be executed once to enable an accessing application to successfully execute the content access script.05-19-2011
20110119768COMMUNICATION ARRANGEMENT - The present invention relates to a method, node and system for efficient handling of sharing a set of data and in particular where the data set is shared in a volatile manner. Each node with access to the data set sharing group controls the access of data set from the node and each node stores data set received from other nodes in the group in a volatile manner providing removal of data set received from a node that has left the sharing group.05-19-2011
20090300775METHOD FOR SHARING RIGHTS OBJECT IN DIGITAL RIGHTS MANAGEMENT AND DEVICE THEREOF - A Digital Rights Management (DRM), and particularly a method for sharing a Rights Object (RO) of a certain DRM content between devices, wherein a certain device requests a Rights Issuer (RI) to upgrade its existing RO, and moves or copies the upgraded RO by the request to at least one or more other devices via a wired/wireless medium, thereby sharing the RO with the other devices.12-03-2009
20100235924Secure Personal Medical Process - A process of accessing and controlling medical information data by a Secure Process that includes two schemas—Medical Access Permission Schema (MAPS) information access system and encryption schema. In particular, the invention relates to a secure process for creating an access control and authentication methodology that identifies specific roles found in the medical field, applies these roles to content attributes, and binds those attributes to secret keys associated with an encryption schema.09-16-2010
20110088099On demand visibility services and smart directory - An on-demand communication system, device, method and program are provided which allows a consumer to request information from an on-demand visibility service. The on-demand visibility service places a request with the on-demand directory service that may then choose a relevant provider to be queried for this information based on situation-based access control logic. The on-demand visibility service then queries the relevant providers with the request for information. Providers may then gather information by optionally using sensors, and may then transmit a provider response to the on-demand visibility service. The on-demand visibility service may then forward this provider response in the form of an answer to the consumer, thereby satisfying the consumer request for information.04-14-2011
20100132049LEVERAGING A SOCIAL GRAPH FROM A SOCIAL NETWORK FOR SOCIAL CONTEXT IN OTHER SYSTEMS - A social network contains information describing information about members of the social network and about various connections among the members. An external system that interacts with users (such as a website) communicates with the social network to access information about the members of the social network. In particular, the external system may determine whether a user is a member of the social network and then obtain information about the member and the member's connections within the social network. This allows an external system to use information from the social network to enhance a user's experience on the external system, while enforcing each member's privacy settings.05-27-2010
20100132048Protecting Isolated Secret Data of Integrated Circuit Devices - A circuit arrangement, method, and design structure for controlling access to master secret data disposed in at least a portion of at least one persistent region of an integrated circuit device is disclosed. The circuit arrangement includes a clock circuit responsive to an external clock signal, a security state machine configured to control a security state of the integrated circuit device, and a master secret circuit in communication with the security state machine and configured to control access to the master secret data. The security state machine and master secret circuit are isolated from the clock circuit, and the master secret circuit is responsive to the security state machine to selectively erase at least a portion of the master secret data. The master secret circuit may be configured to erase the portion of the master secret data in response to a null or triggered security state.05-27-2010
20100058484Methods for estimating playback time and handling a cumulative playback time permission - Methods for estimating playback time and handling a cumulative playback time permission are provided. In one embodiment, a file is streamed from a first device to a second device for playback. The amount of data of the file that was streamed to the second device is determined, and a playback time of the file is estimated using a time rate associated with the file and the determined amount of data of the file that was streamed to the second device. If the file is associated with a permission specifying an allowed cumulative playback time of the file, the estimated playback time can be accrued against the allowed cumulative playback time. Other embodiments are disclosed, and each of the embodiments described herein can be used alone or in combination with one another.03-04-2010
20090031428SYSTEM AND METHOD TO PROCURE AND AUDIT DIGITAL RIGHTS MANAGEMENT EVENT DATA - A method to procure and audit digital rights management (DRM) event data by collecting a first set of event data in a first event data format, converting the first set of event data to one or more standardized event data formats, and communicating the first set of event data to an event data collection server for storage. The method may also include collecting a second set of event data in a second event data format, converting the second set of event data to one or more standardized event data formats, and communicating the second set of event data to the event data collection server for storage. The method may also include storing the first and second sets of event data in a centralized repository, authorizing access to the event data, and performing an event data audit corresponding to the event data.01-29-2009
20100058485CONTENT PROTECTION AND DIGITAL RIGHTS MANAGEMENT (DRM) - An end to end content protection system that includes enhanced digital rights management (DRM). The system provides content delivery to devices over a managed multimedia home network. The system includes a domain manager for receiving content, wherein the domain manager includes a cable card, conditional access component and a MSO security application and a managed client device, coupled to and registered with the domain manager, the managed client device running a security DRM application client, the managed client device communicates with the MSO security application in the domain manager, wherein the MSO security application of the domain manager and the security DRM application client of the managed client instantiate a preferred DRM as an overlay on top of any other content protection scheme.03-04-2010
20100058483METHOD FOR PROTECTING SIGNATURES STORED IN A DATABASE - A method of protecting the privacy of a signature that may be used in, for example, a vote by mail system, that includes creating a distorted version of the registration signature, storing the distorted version of the registration signature, and storing a mechanism for converting the distorted registration signature into an undistorted registration signature. The stored mechanism may later be used to reverse the distortion so that the undistorted signature can be used in a verification process.03-04-2010
20110083196CONTENT RIGHTS MANAGEMENT FOR DOCUMENT CONTENTS AND SYSTEMS, STRUCTURES, AND METHODS THEREFOR - A document comprises a body having at least one defined portion therein, each defined portion being represented in the body of the document as a body object, each of the document and each body object therein being rights-managed as protected content based on license terms specified in a digital license. A recipient of the document can render the protected content of each of the document and each body object therein by acquiring the digital license and satisfying the license terms set forth in the digital license.04-07-2011
20120304304MINIMIZING SENSITIVE DATA EXPOSURE DURING PREPARATION OF REDACTED DOCUMENTS - A document review and security technique is provided that presents a first portion of a document to a first reviewer, wherein the first portion includes less than the entire document, presents a second portion of the document to a second reviewer, wherein the second portion includes less than the entire document, wherein the second portion is at least partially different from the first portion, and wherein the first reviewer and the second reviewer are different reviewers, receives from the first reviewer a review action input associated with the first portion, receives from the second reviewer a review action input associated with the second portion, and determines a disposition of the document in accordance with the review action inputs.11-29-2012
20110083194SECURITY WITHIN INTEGRATED CIRCUITS - A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time. Related apparatus and methods are also described.04-07-2011
20110083195PROTECTION OF PROPRIETARY EMBEDDED INSTRUMENTS - A network of storage units has a data path which is at least a portion of the network. The network also has a key storage unit and a gateway storage unit. If the key storage unit stores a key value, the key storage unit transmits a key signal to the gateway storage unit. If the gateway storage unit does not store a gateway value or the key signal is not transmitted to the gateway storage unit, the gateway storage unit does not insert a data path segment in the data path. If the gateway storage unit stores a gateway value and the key signal is transmitted to the gateway storage unit, the gateway storage unit inserts the data path segment.04-07-2011
20110083193REMOTE VIEWING OF MULTIMEDIA CONTENT - A method and system for remote viewing of multimedia content using a multimedia content distribution network (MCDN) is configured to duplicate multimedia content displayed on a first MCDN terminal device and route the duplicate multimedia content to a second MCDN terminal device. The MCDN terminal devices may be coupled to a local network at an MCDN client premises. The MCDN terminal devices may also include wireless telephony devices for mobile remote viewing functionality. The method may include transcoding of the multimedia content into a format suitable for the second MCDN terminal device.04-07-2011
20090178144Data Security System and with territorial, geographic and triggering event protocol - The method, program and information processing system secures data, and particularly security sensitive words, characters or data objects in the data, in a computer system with territorial, geographic and triggering event protocols. The method and system determines device location within or without a predetermined region and then extracts security data from the file, text, data object or whatever. The extracted data is separated from the remainder data and stored either on media in a local drive or remotely, typically via wireless network, to a remote store. Encryption is used to further enhance security levels. Extraction may be automatic, when the portable device is beyond a predetermined territory, or triggered by an event, such a “save document” or a time-out routine. Reconstruction of the data is permitted only with security clearance and within certain geographic territories. An information processing system for securing data is also described.07-09-2009
20130014276Method for protecting data contents - A method for protecting data contents, in particular video data, is provided. The data contents are provided by a distribution application available in a communications network and may be loaded onto an output unit to be played back on this output unit. A current system utilization of the output unit is monitored or measured during playback of the loaded data contents on the output unit. This current system utilization is compared to an estimated standard system utilization of the output unit for the playback of data contents. If the current system utilization of the output unit exceeds the estimated standard system utilization during a predefined period, appropriate protective measures, such as interrupting playback of the data contents, a corresponding message to the distribution application, etc., are taken and carried out to protect the data contents.01-10-2013
20110072519Privileged user access monitoring in a computing environment - Methods and systems for monitoring privileged user access of a database using a computer having at least one processor are provided. The system monitors database transactions. If a transaction is made by a privileged user, the system records information relating to the transaction in an audit database and/or in an audit file. If a transaction is made by a terminated or otherwise unauthorized privileged user, the system can be adapted to alert management of a possible security breach.03-24-2011
20110072520System And Method For Protecting Files Stored On An Electronic Device - An electronic device includes a security system which provides for protection of designated files stored on an electronic device. For example, an electronic device may receive user input selecting a file for protection processing. The user input may select the file for encryption and automatic decryption under certain predetermined conditions and/or for automatic saving to a remote storage device after the device has been reported stolen, for instance. After receiving the user input selecting the file for protection processing, the electronic device may automatically receive theft information from a remote server, wherein the theft information indicates whether the electronic device has been reported stolen. After determining whether the electronic device has been reported stolen, the electronic device may automatically process the selected file according to the selected protection processing, wherein the processing is contingent on whether the electronic device has been reported stolen. Other embodiments are described and claimed.03-24-2011
20110061109Controlling Access to Content and/or Services - The exemplary embodiments of the method and system according to the present invention provide a system and method for controlling access to audiovisual content such as television shows, video-on-demand services or streaming video which can be delivered by cable, satellite, wired or wireless networks, cell phones, the Internet, etc. More particularly, the present invention provides a capability to define certain criteria which can be used to restrict access to content based on combinations of various parameters including, but not limited to, time of day, day of the week, type of content, source of content, content display device, etc. These criteria may also be provided by data storage arrangements or a network, and access restrictions specified by such criteria can be associated with a plurality of display devices.03-10-2011
20110061108METHOD AND APPARATUS FOR MEDIA RELAYING AND MIXING IN SOCIAL NETWORKS - An approach is provided for relaying media and creating new content from the media via a social network. Audio content is caused to be received from one of a plurality of devices. The one device is associated with a member of a first list of contacts. New audio content is generated based on the received audio content. The new audio content is caused, at least in part, to be transmitted to another one of the devices. The other one device is associated with a member of a second list of contacts.03-10-2011
20110030068IMAGE PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - There is provided an image processing apparatus which suppresses reduction in security due to increase in output products without any restriction without losing the convenience of a re-output function using a history. A method for controlling an image processing apparatus includes displaying a list of jobs executed based on a job history information stored in the storing means on display means, determining whether the job selected by a user from the displayed list of jobs is the one which output an output product whose copy is restricted, and restricting to output an output product in accordance with the job selected by the user if it is determined that the job is the one which output an output product whose copy is restricted.02-03-2011
20110035809AGENT SERVICE - One embodiment of the present invention is directed to a method for compressing data generated by multiple data sources. The method includes steps of partitioning data generated by the multiple data sources into data partitions, the data included in each data partition containing inter-data-source redundancies and, for each data partition, compressing the data in the data partition to remove the inter-data-source redundancies.02-10-2011
20110035808ROOTKIT-RESISTANT STORAGE DISKS - Rootkit-resistant disks (RRD) label all immutable system binaries and configuration files at installation time. During normal operation, the disk controller inspects all write operations received from the host operating system and denies those made for labeled blocks. To upgrade, the host is booted into a safe state and system blocks can only be modified if a security token is attached to the disk controller. By enforcing immutability at the disk controller, a compromised operating system is prevented from infecting its on-disk image.02-10-2011
20100325736REMOTE ACCESS CONTROL OF STORAGE DEVICES - An access control device can be communicationally coupled to a storage device and can control access thereto. The access control device can comprise information, such as identities of authorized entities, to enable the access control device to independently determine whether to provide access to an associated storage device. Alternatively, the access control device can comprise information to establish a secure connection to an authorization computing device and the access control device can implement the decisions of the authorization computing device. The access control device can control access by instructing a storage device to execute specific firmware instructions to prevent meaningful responses to data storage related requests. The access control device can also comprise storage-related cryptographic information utilized by the storage device to encrypt and decrypt data. In such a case, the access control device can control access by not releasing the storage-related cryptographic information to the storage device.12-23-2010
20130160138NETWORK INFORMATION COLLECTION AND ACCESS CONTROL SYSTEM - An approach is provided for collecting and controlling access to network information. A network information anonymizer receives network information associated with a device, separates the network information into anonymized network information and user identifiable information, and enables access to the anonymized network information independently of the user identifiable information based on a privacy setting.06-20-2013
20110154505UNOBTRUSIVE ASSURANCE OF AUTHENTIC USER INTENT - Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions.06-23-2011
20100306857DATA STORAGE DEVICE AND DATA STORAGE SYSTEM INCLUDING THE SAME - A data storage device protecting security code stored therein and a data storage system including same are disclosed. The data storage device efficiently prevents unauthorized access to the security code by allowing command descriptor block (CDB) information to be read using only a read-only memory (ROM).12-02-2010
20100306856SYSTEM AND METHOD FOR FILTERING EMAIL DATA - A software and/or hardware facility for filtering email data. The facility receives an indication of an SMTP event associated with an email and processes a script corresponding to the SMTP event. The script is comprised of a language for processing emails and may include one or more filters. If the script includes one or more filters, the facility executes the one or more filters and takes action on the associated email in accordance with the executed one or more filters. The action taken by the facility includes configuring the email system to affect not only the associated email but other emails.12-02-2010
20100077485INFORMATION PROCESSING APPARATUS AND COMPUTER PRODUCT - An apparatus having a communication section operable to communicate with a central apparatus, and a storage control section operable to control writing onto, and reading from, a storage medium. The apparatus receives a control command transmitted from the central apparatus. The apparatus, if the received command is a security command, acquires process information indicating information on the security process. The apparatus transmits the process information acquired to the central apparatus. The apparatus, if the received command is a security command, executes the security process. The apparatus, if the received command is an inquiry command, acquires the status of the execution of the security process. The apparatus transmits the security process execution status acquired to the central apparatus. The apparatus, if the execution of the security process is completed, transmits the fact that the execution of the security process in the storage medium is completed to the central apparatus.03-25-2010
20090241200SECURITY MEMORY DEVICE AND METHOD FOR MAKING SAME - A security memory device includes a memory cell array that stores a plurality of contents, including a mine, which is stored as a portion of the plurality of contents. The mine is triggered when it is accessed, typically such that the mine erases the memory contents. Also, control logic is included that controls access to the plurality of contents. In one aspect, the memory cell array can include a protected-cell zone and a free-cell zone. In this aspect, the security memory device can further include a lock that provides protection for contents stored in the protected-cell zone from access and a key that is capable of unlocking the lock.09-24-2009
20110162083SYSTEM AND METHOD FOR SECURING DATA - The invention relates to a system and method for making data secure. The inventive system is characterized in that it comprises:—a monotonic counter;—a computational entity;—a physical data medium comprising one or a plurality of data blocks, a first master block comprising the last value recovered from the monotonic counter, an identifier of the last data block written on said medium, a first authentication code guaranteeing the authenticity of the written data block or blocks, a second authentication code calculated from the last written data block, said data being fixed at a neutral value, and a third authentication code guaranteeing the authenticity of the first master block, and a second master block forming a replica of the first master block; and—an authentication key. The invention is used, in particular, to make data secure against playback and sudden interruptions in service in embedded systems.06-30-2011
20080271160METHOD AND SYSTEM FOR PUBLICATION CONTROL OF DIGITAL CONTENT - A method and system for publication control of digital content for validating the rights information registered by a plurality of separate content providers. When receiving a digital content publication application from a content publication unit, a publication control unit queries whether rights information corresponding to the digital content to be published is stored in a rights publication unit, and if stored, allows the publication of the digital content and of a download address thereof. By messaging rights information in this centralized manner, it may be ensured that a content buyer can efficiently obtain the rights object distributed after the digital content is published.10-30-2008
20110179498SYSTEM FOR MANAGING ACCESS RIGHTS TO AN OBJECT OF AN OBJECT ORIENTED PROGRAMMING LANGUAGE07-21-2011
20090126026METHOD, APPARATUS AND SYSTEM FOR MANAGING MALICIOUS-CODE SPREADING SITES USING SEARCH ENGINE - Provided is a method for enabling a user terminal to avoid exposure to a malicious code, by classifying web pages including a malicious code and blocking user access to the web pages including the malicious code when a user searches for a web page using a search engine. A method for managing malicious-code spreading sites using a search engine includes: analyzing a currently accessed web site to determine whether a malicious code is included in the web site; if the malicious code is included in the currently accessed web site, registering the web site as a malicious-code spreading site; and, if the web site registered as a malicious-code spreading site is included in a web-site search result from a search engine, blocking user access to the web site. Web pages including a malicious code are classified and user access to the web pages including the malicious code is blocked when a user searches for a web page using a search engine, thereby preventing a user terminal from being exposed to the malicious code.05-14-2009
20090126025System for protecting information - A system in accordance with the present invention protects information. The system includes a processor for processing information and a state machine utilizing tables for determining protection requirements for the information.05-14-2009
20080313742METHOD AND SYSTEM FOR RESTRICTING THE USERS OF MEDIA CONTENT - A method, a system, a Rights Issuer and a user terminal are provided for restricting the users of media content. For restricting the users of media content, a DRM agent inside a user terminal obtains the copyright control information that carries the user identity of the current media content, receives a rights verification request that carries the identity of the current initiator of the current media content, and checks whether the current initiator can trigger the play of the current media content according to the user identity in the copyright control information mentioned previously and the identity of the current initiator carried in the rights verification request. If the current initiator is allowed to trigger the play of the current media content, the DRM agent provides the current decrypted media content to a media player. Otherwise, the DRM agent forbids the media player to play the current media content. The users of media content can be restricted based on the actual service requirements and thus a media content provider can better control the right to use its media content.12-18-2008
20090038017SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT - Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.02-05-2009
20110055933PERSONAL LIBRARY ON NET - A personal library on a network enables content to be distributed in a manner that is able to be regulated to prevent users from violating copyright law yet allows user to use the content on more than one device. The personal library receives content from a store and/or contains content and then provides the content including a content management implementation to user devices.03-03-2011
20110055932Data Access Control with Flexible Data Disclosure - A method for presenting data, the method including presenting via a first computer output device an indicator indicating a data item whose value is prevented, in accordance with predefined access control criteria, from being presented via the first computer output device, receiving from a requestor a request to present the data item value, maintaining a record of an identity of the requestor together with a description of the requested data item, and presenting via a second computer output device the data item value.03-03-2011
20110055931METHOD AND APPARATUS FOR PROTECTING ACCOUNT NUMBERS AND PASSWORDS - A method and apparatus are provided for protecting confidential information. The method includes the steps of providing a plurality of files where each file contains at least one item of secret information, password protecting the plurality of files with a master password, detecting entry of passwords into a master password entry field, comparing entered passwords with the master password to identify incorrect master passwords and deleting the plurality of files upon successive entry of incorrect master passwords a predetermined number of times.03-03-2011
20110055930CORRELATING PRIVATE AFFINITIES - The claimed subject matter relates to an architecture that can leverage private affinities in order to facilitate or enrich relationships between people. In particular, the architecture can receive a profile associated with a user wherein the profile includes a set of private affinities that are cryptographically protected from public inspection. The architecture can decrypt and/or cryptographically compare a private affinity from the profile to an affinity in a disparate profile (associated with a disparate user) in order to identify a matching affinity. Once a matching affinity is identified, a message indicating such can be provided to the user along with a request to publish certain revealed information to the disparate user, possibly based upon a mutual exchange of commensurate information from the disparate user.03-03-2011
20130198855DYNAMIC SELECTION OF AUTHORIZATION PROCESSES - Systems, methods, and software are disclosed herein for licensing applications using a preferred authorization process dynamically identified based on conditions associated with an initiation of an application. Authorization is then attempted using the preferred authorization process. In some examples, the preferred authorization process is selected from at least a keyless authorization process and a key-based authorization process.08-01-2013
20130198857PROCESSING OF RESTRICTED ACCESS DATA - Embodiments related to processing of restricted-access data. An aspect includes receiving a request for data from a user by a storage system infrastructure comprising a centralized database that stores non-restricted access data and a local system that stores restricted-access data associated with a first set of areas or entities and comprising a federated database for providing a federated view, wherein the requested data comprises restricted-access first data and non-restricted access second data. Another aspect includes based on an association of the user, routing, by a routing entity, the request to the local system. Another aspect includes receiving the request at the at least one federated database of the local system. Another aspect includes retrieving from the federated database the restricted-access first data and the non-restricted access second data. Another aspect includes displaying the federated view comprising the restricted-access first data and the non-restricted access second data to the user.08-01-2013
20130198858SYSTEMS AND METHODS FOR A CONTENT AUTHORIZATION SERVICE - A content authorization service is described, including receiving, from a first source, information comprises a key for accessing content recorded on a disc; storing the key, a pre-recorded media serial number (PMSN), and a product serial number (PSN); receiving, from a second source, another PSN, the another PSN; determining that the PSN and the another PSN is a same code; recording data that indicates the disc is authenticated if the PSN and the another PSN is the same code; receiving, from a third source, at least one of the PSN and the PMSN; determining that the at least one of the PSN and the PMSN identifies the disc; and if the at least one of the PSN and the PMSN identifies the disc, transmitting the key to the third source, the key enables access to the content recorded on the disc.08-01-2013
20130198859SYSTEMS AND METHODS FOR A PRODUCT AUTHORIZATION SERVICE - A product authorization service is described, including receiving, from a first source, an item serial number (ISN) of a product and an item-specific key (ISK) for the product; receiving, from a second source, a product-package serial number (PPSN) associated with the product and information about the second source; storing the received PSN with an authorized indication based on the information about the second source indicating an authorized source; receiving, from the product, the PSN and the ISN; determining whether the PSN is the same as the receive PSN with the authorized indication; and if the PSN is the same as the receive PSN, transmitting the ISK to the product, the ISK enables activation of one or more features of the product.08-01-2013
20130198854APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS PROVIDING DYNAMIC PROVABLE DATA POSSESSION - In one exemplary embodiment, a method includes: storing data for a file, organized as blocks, each having a portion of the file; and maintaining a skip list for the data. The skip list is an ordered tree structure having a root node, internal nodes and leaf nodes. Each leaf node corresponds to a block. Each node has a rank value corresponding to size of a subtree rooted at the node. The skip list employs a hashing scheme. The hash value of the root node and internal nodes is computed from a level of the node, the rank value and an interval between the node and another linked node to the right of or below the node. The hash value of the leaf nodes is computed from a level of the node, the rank value and an interval associated with the node.08-01-2013
20120311721PROGRESSIVE DOWNLOAD OR STREAMING OF DIGITAL MEDIA SECURELY THROUGH A LOCALIZED CONTAINER AND COMMUNICATION PROTOCOL PROXY - Various embodiments are directed towards employing a container and communication protocol proxy component within a client device to receive securely real-time streamed, progressively downloaded, or adaptively streamed container over a network using one container and communication protocol, and to securely decrypt the container and provide it to a media player using a different container and communications protocol. In one embodiment, the container is in Flash Video (FLV) file format. A browser or the media player on the client device may be used to request the container. The requested container is sent over one communication protocol and intercepted by the container and communication protocol proxy component. The container may be received as selectively encrypted container. The container and communication protocol proxy component then may enable decryption of the container and providing of it to the media player using another container and communication protocol combination.12-06-2012
20120311720METHOD FOR PROTECTING APPLICATION AND METHOD FOR EXECUTING APPLICATION USING THE SAME - An application protection method and an application execution method using the same are provided. The application protection method generates a key needed to execute the application which is provided to a user terminal using information on the user terminal, information on the application, and a part of text; and transmits the generated key to the user terminal. Therefore, the application is executed on the device which has a legal right for the application, thereby preventing the illegal use of the application.12-06-2012
20120311719DOCUMENT - The invention relates to a document comprising a document body (12-06-2012
20110126295DISPERSED STORAGE NETWORK DATA SLICE INTEGRITY VERIFICATION - A method begins with a processing module issuing a retrieval request, receiving secret shares of a set of secret shares to produce received secret shares, and receiving encoded data slices of a set of encoded data slices. The method continues with the processing module decoding the received secret shares to recapture a message authentication key when a threshold number of the secret shares is received. The method continues with the processing module identifying a received encoded data slice of the received encoded data slices having an authentication code associated therewith when a threshold number of the encoded data slices is received. The method continues with the processing module verifying the authentication code based on the message authentication key and the received encoded data slice. The method continues with the processing module decoding the received encoded data slices to recapture a data segment when the authentication code is verified.05-26-2011
20120278898System and Method for Controlling Multicast Geographic Distribution - A content distribution network includes first and second controllers, and multicast enabled routers. The first controller is configured to select a multicast channel for distributing content, to determine that the content has a geographic restriction associated with a restricted area in the content distribution network, to link an exclusion policy for the content to the multicast channel while the multicast channel provides the content, and to deny a request for the content from a client system within the restricted area based on the exclusion policy. The second controller is configured to distribute the exclusion policy to the multicast enabled routers including a first router configured to store the exclusion policy, and to ignore a multicast join message from the client system within the restricted area based on the exclusion policy.11-01-2012
20110138478Metadata Broker - The present invention provides methods and apparatuses for obtaining selected metadata from a user device. The user device has a metadata engine that stores and accesses metadata in response to a metadata query. A metadata broker verifies the authenticity of the metadata query from a service provider and returns selected metadata if the service provider has rights to obtain the metadata. The user device has a communications interface that sends a service request that is indicative of the selected service over a communications channel and receives the metadata request that is indicative of the selected metadata. An authorization center receives a metadata request from a service provider, accesses a rule set to determine selected metadata in accordance with predetermined rights, and returns a signed metadata request to the service provider. The signed metadata request has an electronic signature of an authorizing party and is indicative of the selected metadata.06-09-2011
20110138476Software Fault Isolation Using Byte-Granularity Memory Protection - Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.06-09-2011
20120151602Method and Apparatus for Digital Rights Decomposition - Various methods for digital rights decomposition are provided. One example method includes receiving a set of digital rights, and identifying conditions within the set of digital rights that have relationships with more than one permission and create copies of the identified conditions based on the number of relationships an identified condition has with the permissions. The example method also associating each condition with a respective permission based on the relationships to generate fundamental condition-permission components, and constructing a fundamental decomposition of the set of digital rights based on the fundamental condition-permission components. Similar and related example methods, example apparatuses, and example computer program products are also provided.06-14-2012
20090300774ERROR AND EXCEPTION MESSAGE HANDLING FRAMEWORK - Described are systems and methods for counteracting attempts at unauthorized use of information systems. An error message generated in response to an error in the information system is received, where the error message includes a set of information describing the error. The received error message is then translated into an obfuscated message, where the obfuscated message replaces at least a portion of the set of information describing the error with a set of alternative information. The obfuscated message is then presented to a user via a user interface.12-03-2009
20090300773SYSTEMS, METHODS AND APPARATUS FOR REDUCING UNAUTHORIZED USE IN A TELEVISION DISTRIBUTION SYSTEM - Systems, method and apparatus are described for reducing unauthorized usage in a television distribution system. A television receiver communicates with base stations of a wireless communication network. Based on the communications with the base station, the television receiver identifies its location and transmits the location information to a data collection system through the wireless communication network. The data collection system utilizes the location information to identify unauthorized uses of the television receiver.12-03-2009
20090293132MICROPROCESSOR APPARATUS FOR SECURE ON-DIE REAL-TIME CLOCK - An apparatus providing for a secure execution environment. The apparatus includes a microprocessor and an external crystal. The microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus and the secure application program is accessed from a secure non-volatile memory via a private bus coupled to the microprocessor. The microprocessor has a secure real time clock that is configured to provide a persistent time, where the secure real time clock is only visible and accessible by the secure application program when the microprocessor is executing in a secure mode. The external crystal is coupled to the secure real time clock within the microprocessor and is configured to cause an oscillator within the secure real time clock to generate an oscillating output voltage that is proportional to the frequency of the external crystal.11-26-2009
20110185435FLASH MEMORY STORAGE SYSTEM, AND CONTROLLER AND ANTI-FALSIFYING METHOD THEREOF - A flash memory storage system having a flash memory controller, a flash memory chip and a smart card chip is provided. The flash memory chip is configured to store security data. The flash memory controller generates a signature corresponding to the security data according to, a private key and the security data with a one-way hash function, and stores the signature into the smart card chip.07-28-2011
20110191859Digital Rights Management in User-Controlled Environment - A method of controlling access to content comprises receiving, at a domain gateway (08-04-2011
20110191858OFFLINE ACCESS IN A DOCUMENT CONTROL SYSTEM - Systems and techniques to provide offline access in a document control system. In general, in one implementation, the technique includes: receiving a request from a client, and pre-authorizing the client, in response to the request, to allow actions by a user as a member of a group of users by sending to the client offline access information including a first key associated with the group, the first key being useable at the client to access an electronic document by decrypting a second key in the electronic document. Receiving a request can involve receiving a request from the client to take an action with respect to a second document. The technique can also include verifying the user at the client as an authenticated user, and the offline access information can include user-specific keys, group-specific keys, a policy, and a document revocation list.08-04-2011
20110191860Midlet Signing and Revocatoin - The present invention is related to a method of securing integrity and authenticating origin and privileges of a piece of code. According to the invention, a method of securing integrity and authenticating origin and privileges of a piece of code in a communication network by digitally signing said piece of code, is characterized by the steps of: providing an aggregator (C), which is a holder of a valid signing certificate, —submitting a developer material to the aggregator, inserting a revocation code into the developer material, building a complete piece of code using the developer material and the revocation code, digitally signing the complete piece of code using the certificate held by the aggregator, making the digitally signed complete piece of code retrievable to the holder (B) of the developer material, providing a server (C08-04-2011
20100031370SOFTWARE ENHANCED TRUSTED PLATFORM MODULE - Computer-executable instructions can implement a software-based Trusted Platform Module (TPM) that can have more computational power than the hardware TPM. The software TPM can be protected from modification, or other unauthorized access, via a memory partitioning scheme that enables other computer-executable instructions to access the software TPM in a predefined manner, but yet prohibits other access. A tri-partied partitioning scheme can be used wherein the computer executable instructions of the software TPM reside in a first region, a jump table to appropriate ones of those instructions resides in a second region, and everything else resides in the third region. The storage key of the software TPM can be sealed by the hardware TPM to be released only if the software TPM, and the computing device, are in a known good state, as determined by the Platform Configuration Registers of the hardware TPM, thereby further protecting the software TPM from tampering.02-04-2010
20100024044SPECIFYING RIGHTS IN A DIGITAL RIGHTS LICENSE ACCORDING TO EVENTS - A digital license specifies rights with regard to corresponding digital content, and in particular specifies at least one event and for the at least one event at least one of a condition precedent to allowing the event to proceed and an action to be taken once the event has occurred. To respond to a request for an event from a rendering application with regard to the content, event code corresponding to the event is located in the license, and the condition within the event code is evaluated. If evaluated as true, the requested event is allowed to proceed, whereby the rendering application performs the event, and the action within the event code is executed. If evaluated as false, the requested event is denied.01-28-2010
20100024043METHOD FOR CONTROLLING ACCESS TO A SCRAMBLED DIGITAL CONTENT - A method for controlling access by a secret key K to a scrambled digital content distributed, along with the security data D(K) calculated on the basis of K, by an operator equipped with a content server and an access-rights server to at least one receiving terminal comprising a plurality of access-control modules, each access-control module implementing a specific technology for determining the secret key K. The rights server prior to distribution incorporates into said security data D(K) a selection criterion for selecting an access-control module from among the plurality of the terminal's access-control modules to process said security data D(K), after which when one of said access-control modules receives said security data D(K), said access-control module analyses the data D(K) to obtain said selection criterion and, on the basis of its value, terminates processing the data D(K) in order to attempt to obtain the secret key K or transmits a portion or the entirety of said security data D(K) to at least one of the other access-control modules.01-28-2010
20090183263SIMULTANEOUS TAMPER-PROOFING AND ANTI-PIRACY PROTECTION OF SOFTWARE - Simultaneous tamper-proofing and anti-piracy protection of software is provided by splitting applications into two parts: an application, and an application launcher. The application is subject to the tamper-proofing protections deployed by a networked service, while the application launcher is subject to anti-piracy protections. To ensure that the application benefits from the anti-piracy protection of the application launcher, the application and application launcher share a trusted challenge-response relationship. The application includes a challenger library for issuing challenges to the application launcher, and the application launcher includes a responder library for responding to such challenges.07-16-2009
20090070885Integrity Protection - A data processing system comprising data processing means, control means and an integrated circuit chip containing non-volatile storage, wherein the control means is provided between said chip and the processing means and provides all access to said chip by the processing means and the control means is arranged to check, upon the processing means requiring certain material in the non-volatile storage means, the validity of the required material and prevent the use of the required material by the processing means if invalid. The invention also relates to corresponding methods and to programs for implementing those methods.03-12-2009
20110138477Location Sensitive Solid State Drive - A data storage system including a SSD includes a capability to detect whether its location is acceptable for function, and a capability to self-disable in the event the location of the device is unacceptable, or to self-enable only while the location of the device is acceptable.06-09-2011
20080256643MULTIPLE ENTITY AUTHORIZATION MODEL - An authorization framework is provided that protects data records in a platform, such as a service-based platform, by requiring multiple level entities to be authorized with respect to the data records. For example, the data records can have an associated owner user that can grant access to other users with respect to the data. Additionally, however, the user can also grant access to certain applications that access the platform such that the data records can be initially closed for a user requiring the user to explicitly grant desired access to applications and/or users. In this regard, applications can be forbidden from accessing the data, even on behalf of the user, unless expressly authorized to do so by the user. Thus, the user can make informed decisions regarding who is to have access to its data.10-16-2008
20090172821System and method for securing computer stations and/or communication networks - The invention relates to a method for securing computer equipment (client stations) connected by a computer network or communication network and forming at least on information system, said system comprising at least on computer server, characterized in that it comprises two stages wherein digital data relating to the security of the network and/or system(s) is correlated. The invention also relates to a system for securing wireless digital communication networks.07-02-2009
20120042390METHOD AND APPARATUS FOR SECURE REVOCABLE LOCATION SHARING - Techniques for a secure revocable location sharing network service include determining a first identifier for a subscriber at a first service. A location access key stored at a second service in association with a second identifier for the subscriber is determined. At least one ciphered location is determined based on the location access key and at least one location associated with the subscriber. It is determined to send the at least one ciphered location to the first service in association with the first identifier. In some embodiments, the first identifier and second identifier are identical. Another technique includes associating a subscriber with an access key and an identifier at a first service for contacts. However, the access key is not associated with the subscriber at the first service.02-16-2012
20110314557Click Fraud Control Method and System - The disclosed subject matter relates to methods, systems, and computer-usable storage mediums for detecting and reducing the occurrence of fraud in obtaining virtual currency from advertisers for use in network-based virtual persistent worlds.12-22-2011
20090049557TRACKING THE ORIGINS OF DATA AND CONTROLLING DATA TRANSMISSION - Provided are methods, apparatus and computer programs for tracking the origins of data and controlling transmission of the data. In one embodiment, transmission of sensitive data by script operations is limited, to prevent transmission to any network location other than to the source of that sensitive data, by a new function within a scripting engine of an HTTP client that is responsive to origin tags placed within the data. Origin tags that are associated with data inputs are propagated to any output data items, so that transmission of derived information can also be controlled.02-19-2009
20120005760SYSTEM AND METHOD FOR RENDERING CONTENT ASSOCIATED WITH A DIGITAL WORK - A method, system and software for permitting use of digital works having rights associated therewith in a system having repositories configured to enable use of the digital work in accordance with the rights, including associating a transfer right with a digital work, the transfer right specifying that the digital work is transferred from a first repository to a second repository; transferring the digital work from the first repository to the second repository in accordance with the transfer right; and in response to the transferring, step updating transfer right information in respect of the digital work.01-05-2012
20110167499Policy For Digital Rights Management - This document describes policies for digital rights management that enable distribution of full-function versions of applications that, while fully functional, have functions limited by an associated policy. A policy may be replaced or updated, thereby enabling use of previously limited functions without distribution of another version of the application.07-07-2011
20110167498Software License Management - A method of managing a software license comprises loading a software program into volatile memory, obtaining authorization data, modifying a portion of the volatile memory relied upon by the program in accordance with the authorization data, executing the program, and causing the modifications to be deleted from the volatile memory. In some embodiments, selection criteria compared with the authorization data does not contain information corresponding to all of the content of the authorization data, thereby denying a software attacker the benefit of identifying and exploiting the selection criteria.07-07-2011
20120017285SYSTEMS AND METHODS OF DETERMINING A TRUST LEVEL FROM SYSTEM MANAGEMENT MODE - Systems and methods of determining a trust level from system management mode are disclosed. One such method includes: responsive to a system management mode interrupt (SMI), determining a trust level associated with code invoking the SMI; and responsive to determining that the trust level is untrusted, granting or denying a request made by the code invoking the SMI based at least in part on a type of the request.01-19-2012
20120023590Systems and Methods Providing a Separable Digital Rights Management Application - Systems and methods providing content having digital rights management (DRM) applications separable from other authorization applications are provided. A system may include a distribution service provider system in communication with a content provider system and consumer premise equipment (CPE) for the transmission of content from the content provider system to the CPE device. The distribution service provider system may: receive A/V content provided by the content provider system, wherein the A/V content includes a DRM application; apply a conditional access system (CAS) application to the A/V content that is independent of the DRM application; and transmit the A/V content including the CAS and the DRM applications to the CPE for presentation. The CPE device can perform DRM authorizations with the content provider or a third-party DRM provider.01-26-2012
20120023591PRE-BOOT PROTECTED MEMORY CHANNEL - Machine readable media, methods, and computing devices are disclosed which establish a protected memory channel between an operating system loader of a user partition and services of a management partition. One computing device includes protected storage, read only memory, firmware, a storage device and a processor. The storage device is to store the virtual machine monitor and an operating system having an operating system loader. The virtual machine monitor is to establish a protected memory channel between the one or more integrity services of a management partition and the operating system loader of a user partition in response to measuring and verifying the operating system loader based upon the manifest. The processor is to execute the code of the read only memory, the firmware, the virtual machine monitor, the operating system, the operating system loader, the management partition, and the user partition.01-26-2012
20120159644Method for Managing Keys and/or Rights Objects - One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file. By finding out whether a particular location in a RO file contains a valid RO or not in this manner, it is possible to delete ROs without having to go through an authentication process. The process of finding an empty slot in the RO file for storing a new RO is also simplified. This greatly increases the efficiency of RO management. A similar system may be used for management of content encryption/encryption keys for protecting content files.06-21-2012
20120159645TECHNIQUES FOR VALIDATING AND SHARING SECRETS - Techniques for validating and sharing secrets are presented. A secret is divided into a plurality of parts. Each part is represented by a unique value. Each value is distributed to a unique user that shares in the secret. The secret is recreated when each user presents each user's unique value. Each unique value is then used to recreate its corresponding part of the key and when all parts are present and validated, the secret is reproduced.06-21-2012
20090100527Real-time enterprise data masking - The invention describes a method, a system and a computer program product for masking data in a database system. The database system includes a database in which sensitive data is stored. The database system also includes a Database Management System (DBMS) which manages the database. Further, the database system includes a plurality of users that run various database queries and commands on the sensitive data. Masking policies are set for users that have access to the sensitive data. Users without privileges to view or manipulate sensitive data may run their queries and commands on masked data, while users with privileges to run and manipulate sensitive data may run their queries and commands on sensitive data. The masked data is generated in real-time and is not stored on the database, thereby preserving its integrity.04-16-2009
20120159643Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.06-21-2012
20120159642Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.06-21-2012
20120159641Power Meter Arrangement - An electric power meter arrangement, includes a metrology unit configured to be coupled to a power line and to determine power consumption and provide measurement data representing the power consumption. A programmable control unit including a memory is configured to store software configured to run on the control unit. A security unit is configured to store at least one key and to validate that software stored in the memory of the programmable control unit is authorized.06-21-2012
20120159640Acquiring Access To A Token Controlled System Resource - Acquiring access to a token controlled system resource, including: receiving, by a token broker, a command that requires access to the token controlled system resource, where the token broker is automated computing machinery for acquiring tokens and distributing the command to the token controlled system resource for execution; identifying, by the token broker, a first need state, the first need state indicating that the token broker requires access to the token controlled system resource to which the token broker does not possess a token; requesting, by the token broker, a configurable number of tokens to gain access to the token controlled system resource, without dispatching an operation handler for executing the command until at least one token is acquired; assigning, by the token broker, an acquired token to the operation handler; and dispatching, by the token broker, the operation handler and its assigned token for executing the command.06-21-2012
20120124674RIGHT MANAGEMENT APPARATUS, RIGHT MANAGEMENT PROGRAM, AND CONTENT PLAYBACK SYSTEM - In a content playback system 05-17-2012
20120124672Multi-Dimensional User-Specified Extensible Narrowcasting System - Narrowcast communication to one or more narrowcast communication recipients is provided through the use of an extensible method and apparatus. A narrowcast communication sender determines a set of attributes that define who will be eligible to receive a narrowcast communication. The set of attributes characterize potential recipients according to qualities such as interests, location, or another descriptor of a potential narrowcast communication recipient. Through the use of a privacy sphere, attributes associated with the narrowcast communication are matched to the qualities of potential recipients to identify the network addresses of the narrowcast communication recipients. The narrowcast communication is then transmitted to those network addresses. The narrowcast communication can be then expired from recipients who are no longer eligible to receive it and transmitted to recipients who become eligible to receive the narrowcast communication.05-17-2012
20110107432COMPUTER READABLE MEDIUM STORING INFORMATION PROCESSING PROGRAM, INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING SYSTEM - A computer readable medium storing a program causing a computer to execute a process for information processing includes: reading, from a storage unit, setting information used in processing performed by an apparatus and prohibited matter information including at least a setting to avoid a prohibited matter at setting in the apparatus; and extracting a setting to avoid the prohibited matter changeable regarding at least a part of restricted setting information in the setting information read at the reading step, and making a setting not to perform the extracted setting.05-05-2011
20110107431METHOD AND APPARATUS FOR PROTECTING AN EMBEDDED CONTENT OBJECT - An approach is provided for protecting an embedded content object. A content object binding manager receives a request, from a user, for a content object. In response to the request, the binding manager causes, at least in part, actions that result in transmission of the content object including an unassociated binding key to the user. The user may embed the content object in a displayable medium. The binding manager then detects a first access of the content object in the displayable medium at a host and binds the content object to the host using the unassociated binding key in response to the detection.05-05-2011
20110107430UPDATING AN OPERATING SYSTEM OF A COMPUTER SYSTEM - The present invention provides a processor-implemented method and system of updating an operating system of a computer system, where the operating system is subject to a system lockdown that does not allow changes to a list of approved executables of the operating system and that does not allow changes to a base system configuration of the operating system. In an exemplary embodiment, the method and system include, (1) identifying at least one trusted updater process in the operating system and (2) allowing the trusted updater process to make at least one change to the list of approved executables. In an exemplary embodiment, the method and system include, (1) identifying at least one trusted updater process in the operating system and (2) allowing the trusted updater process to make at least one change to the base system configuration.05-05-2011
20110107433System and Method for Creating and Marketing Authentic Virtual Memorabilia - An advertising engine, system and method of using is described. The engine includes at least one vault including a plurality of media assets, a recommendation engine that matches at least one media asset from the vault with at least one requested creative, a delivery engine that integrates the requested creative with the matched media assets from the vault, and a management engine that regulates and/or tracks ones of the at least one media asset.05-05-2011
20110099641Trial Access for Media Files from a Media List - A portable media device includes a processor and a memory. The memory stores instructions that when executed cause the processor to access a media file stored in the portable media device based on a trial access term for the media file, determine that a trial period within the trial access term for the media file has expired, and set the media file as inaccessible to the portable device in response to determining that the trial period within the trial access term has expired.04-28-2011
20110099640METHOD AND SYSTEM FOR SELECTIVELY CONTROLLING ACCESS TO PROTECTED MEDIA ON A MEDIA STORAGE DEVICE - A method of preventing unauthorized reproduction of media disposed on a media storage device according to one embodiment is described. The method comprises installing a compliance mechanism on the computer system. The compliance mechanism is communicatively coupled with the computer system when installed thereon. The compliance mechanism is for enforcing compliance with a usage restriction applicable to the media. The method further includes obtaining control of a data input pathway operable on the computer system. The method further includes accessing data that is disposed on the media storage device that is associated with the usage restriction. The method further includes preventing the computer system from accessing the media digitally via the data pathway while enabling presentation of the protected media.04-28-2011
20110099639METHOD AND APPARATUS FOR PREVENTING AUTORUN OF PORTABLE USB STORAGE - Provided is a technology which creates an autorun file that is used in autorun for preventing the autorun of a USB-based portable storage, thereby allowing an arbitrary user or worm virus not to manipulate the autorun file. A method for preventing autorun of portable storage accesses at least one of a master file table entry of a root directory and a master file table entry of an autorun file, and sets non-autorun in the at least one accessed master file table entry.04-28-2011
20090133127DATA COMMUNICATION APPARATUS, METHOD OF CONTROLLING THE SAME, PROGRAM, AND STORAGE MEDIUM - A data communication apparatus that permits the use of a communication function in an appropriate manner even before a license for the communication function is made valid. A CPU of a printing apparatus as the data communication apparatus determines whether or not a trial transmission license is valid. If it is determined that the license is not valid, the CPU performs inhibits execution of processing associated with the transmission function, and restricts processing to be performed on data received using the reception function without inhibiting execution of processing associated with the reception function.05-21-2009
20120124673TIME CHECK METHOD AND BASE STATION - A time check method and a base station are provided. The base station receives an authentication interaction message sent by an authentication interaction device; extracts time information in the authentication interaction message; and uses the time information to check local time. Before an Internet Key Exchange (IKE) connection is set up between the base station and a security gateway, relatively accurate time is obtained from an external authentication interaction device and is used for aligning the local time. Therefore, the cost of installing a clock component and a battery is saved, the time on the base station is trustworthy, and the security gateway is authenticated securely.05-17-2012
20120317654METHOD AND SYSTEM FOR SUBSCRIPTION DIGITAL RIGHTS MANAGEMENT - A system and method for managing use of items having usage rights associated therewith. The system includes an activation device adapted to issue a software package having a public and private key pair, the public key being associated with a user, a license device adapted to issue a license, a usage device adapted to receive the software package, receive the license and allow the user to access the item in accordance with the license, and a subscription managing device adapted to maintain a subscription list including the public key associated with the user. License's is issued by the license device upon verifying presence of the public key in the subscription list corresponding to requested content.12-13-2012
20120317653SYSTEM AND METHOD FOR UTILIZING CONTENT IN ACCORDANCE WITH USAGE RIGHTS - Apparatus, method, and media for utilizing content. An exemplary method comprises storing, on a removable storage device, a description structure comprising one or more usage rights, storing, on a removable storage device, content associated with the one or more usage rights, receiving a request for the content, the request corresponding to a utilization of the content, determining whether the utilization corresponds to at least one of the one or more usage rights, and utilizing the content in accordance with the at least one of the one or more usage rights that is determined to correspond to the utilization, wherein utilization of the content in accordance with the at least one of the one or more usage rights that is determined to correspond to the utilization is subject to fulfillment of a condition.12-13-2012
20120317652UNSOLICITED COOKIE ENABLED CONTEXTUAL DATA COMMUNICATIONS PLATFORM - Systems and methods for an unsolicited cookie enabled contextual data platform are provided. According to one embodiment, a mobile device is able to reconfigure a browser menu. An HTTP request is transmitted to a server device relating to a service supported by the server device. The request contains therein an unsolicited cookie including data indicative of information regarding (a) an end user of the mobile device, (b) the mobile device, (c) a location of the mobile device and/or (d) a network to which the mobile device is connected. Responsive to the request, an HTML file is received from the server device having embedded therein contextual menu information based on the service and the unsolicited cookie. The contextual menu information is extracted from the HTML file. End user interaction with the service is then customized by dynamically reconfiguring a browser menu of the mobile device based on the contextual menu information.12-13-2012
20120222129SYSTEM AND METHOD FOR SECURE MOBILE APPLICATION DOWNLOAD - Methods and systems for downloading applications to a mobile communicator and for protecting access to stored mobile applications are disclosed.08-30-2012
20120222131RADIO-FREQUENCY COMMUNICATION CONTROLLED BY A MICROCIRCUIT - The invention relates to a method for the radio-frequency communication of data, in which the receiving of and/or access to said data is controlled by control means, including an electronic microcircuit, on the basis of access rights. The transmitted data includes time information, and the access rights are controlled on the basis of said time information. The invention also relates to a device for controlling access rights as well as to a radio-frequency receiving device including same.08-30-2012
20120222130APPARATUS AND METHOD FOR GUARANTEEING INTEGRITY OF REAL-TIME VEHICLE DATA AND VEHICLE BLACK BOX SYSTEM USING THE SAME - A vehicle black box technique guarantees the integrity of vehicle data stored in a black box in real time by forming input data streams as block data and performing a signature using a signing key and nested hashing. Each vehicle black box includes a reliable unique signing key supporting a non-repudiation function. An error correction function is provided by a unique algorithm for generating integrity verification data even when an error occurs from the vehicle data.08-30-2012
20120167231CLIENT-SIDE ACCESS CONTROL OF ELECTRONIC CONTENT - Systems, methods and computer program products for controlling access to electronic content on a client device are provided. Whether access to electronic content is allowed or blocked is based on information and processes performed at the client device. Controlling access to electronic content on a client device can involve locally determining whether access to the electronic content will be allowed, blocked, or will depend upon further analysis performed by a remote device, such as a server. If a webpage is requested, for example, a client device may compare the URL address of the requested webpage, along with keywords and phrases found on the webpage, to locally-stored updateable lists of banned URL addresses and banned keywords and phrases to determining whether access to the electronic content will be allowed, blocked, or will depend upon further analysis.06-28-2012
20120216295EMBEDDED DEVICE AND STATE DISPLAY CONTROL - A browser is requested to display a text file having a description of a screen structure. The state information on a current state of the embedded device is acquired. An access request for requesting the browser to update, with the acquired state information, a value of at least one node in a document object model (DOM) tree generated from the text file by the browser, is submitted by a state display control program. The at least one node is recorded in an access history list. At a subsequent time, it is determined whether to permit a subsequent access request. If the source of the subsequent access request is not the state display control program, and the at least one node is recorded in the access history list, the subsequent access request is denied.08-23-2012
20120216293MEDIA SERVICE DELIVERY SYSTEM PROVIDING CONDITIONAL ACCESS TO MEDIA CONTENT FROM VARIOUS CLIENT DEVICES - A system for protecting the digital rights of content owners allows digital media to be delivered to only those media rendering client devices that have been approved for the media content. Before delivering requested media, the media service provider may determine whether the media rendering client device that requested the media is the type of device that is authorized to receive the request media. If it is, the media service provider may transmit the media to a middleman server over a network (such as the Internet). A middleman server may then serve the media to the client device over a local network. By allowing the media content to be distributed to approved devices only, the media service provider can prevent a user from using the media in a way that is not authorized by the content owner.08-23-2012
20120216292User Account Creation Involving a Mobile Device - Mobile devices may often communicate with network (“cloud”) services that require an account. Because it may be undesirable to require user interaction when creating an account, it may be desirable to create an account associating a mobile device to a network service without requiring a user to explicitly enter authentication information, such as a username and password. In an embodiment, data corresponding to a mobile device is obtained to generate authentication information which is then sent to messaging address of a user. In another embodiment, in response to an event, a mobile device obtains an identifier for a user, sends the identifier to a server, where the server transmits one set of authentication information to a messaging address associated with the user and another set of authentication information to the device.08-23-2012
20120216291DATA SECURITY MANAGEMENT SYSTEMS AND METHODS - Data security management system and methods are provided. First, a first system having a management authority is provided. The first system displays an input interface on an input device. A switch switches the management authority from the first system to a second system, wherein the second system operates with a secure mechanism. When the management authority is switched to the second system, the first system transmits layout information of the input interface and an input device characteristic of the input device to the second system. The second system receives input data via the input device, and decodes the input data according to the layout information and the input device characteristic.08-23-2012
20120216290Partial Access to Electronic Documents and Aggregation for Secure Document Distribution - Partial access to electronic documents and aggregation for secure document distribution is disclosed. The embodiments herein relate to providing access to electronic documents and, more particularly, to providing access to portions of electronic documents and aggregating such portions in secure document distribution environment. Existing document distribution mechanisms do not provide means to access partial documents based on the attributes such as roles of the agents within an organization, location of access, time of access, device ID and so on. The disclosed method allows agents to access partial contents of documents based on the attributes. Meta data tags are attached to the documents in order to control the access of the documents by the defined attributes. The agent who wishes to access the document enters his credential and based on the credentials he is provided access to the content that is assigned for him08-23-2012
20120216294Software Protection Using an Installation Product Having an Entitlement File - Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.08-23-2012
20100287620COMPUTER SYSTEM LOCK-DOWN - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, a method is provided for locking down a computer system. A customized, local whitelist database is stored with a memory of the computer system. The whitelist database forms a part of an authentication system operable within the computer system and contains therein cryptographic hash values of code modules expressly approved for execution by the computer system. A kernel mode driver of the authentication system intercepts a request to create a process associated with a code module. The authentication system determines whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated against the whitelist database. The authentication system allows the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values.11-11-2010
20120317651INFORMATION TERMINAL AND INFORMATION LEAKAGE PREVENTION METHOD - An information terminal includes: a nonvolatile storage unit which stores a flag that indicates whether or not the information terminal is in a state in which information leakage should be prevented; a start control unit which starts the information terminal and manages a power source of the information terminal; a device group which operate upon starting of the information terminal; and a device operation control unit which controls operation of at least one of the device group. The device operation control unit controls the at least one device so as to suppress operation that appeals to at least one of the five senses of human being when the flag indicates the state in which information leakage should be prevented.12-13-2012
20120174236Online Privacy Management - A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon for display on webpages being monitored/controlled in realtime by the PMS.07-05-2012
20100050269INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - Whether a combination method defined in an output rule satisfies a combination condition of each content specified in a play list is judged in order of priority defined in a priority list. Based on the judgment result, the output rule is edited in such a manner that the combination condition of each content specified in the play list is satisfied. The resources of the combination target contents specified in the play list are combined in accordance with the combination method of the edited output rule.02-25-2010
20100050268PASSWORD PROTECTION SYSTEM AND METHOD - A method, system, and device for password protection for a computer or other electronic device are provided, including providing one or more false passwords that outwardly cause the computer or other electronic device to behave as if a correct password was entered and that inwardly cause the computer or other electronic device to behave differently than as if the correct password was entered; and taking a predetermined action when one of the false passwords is entered.02-25-2010
20100050267METHOD AND SYSTEM FOR THE AUTOMATED TRANSFORMATION OF ACCESS CONTROL MANAGEMENT INFORMATION IN COMPUTER SYSTEMS - A system for the automatic transformation of access control data between a source and a target is described. The system includes a source module comprising access control data for a first computing system, a target module comprising access control data for a second computing system, a source transformer module to create an access control matrix based on the access control data in the source module, and a target transformer module to convert the data from the access control matrix according to the access of the target module for the second computing system.02-25-2010
20090113557Different permissions for a control point in a media provision entity - The present invention relates to a method, apparatus, computer program product and computer program element for enabling differentiated control point access to services provided in a computing environment, a method, computer program product and computer program element for providing access to a control point from a media provision entity in a computing environment and a network of computing apparatuses. A media provision entity (04-30-2009
20100011448MAINTAINING CONTACT WITH A DOCUMENT STORAGE FILE OWNER - Systems and methods of the present invention allow a file owner to upload and store a file to a File Storage Area. The file owner may synchronize a periodic clock to a time-based approval period during which the file owner may grant permissions to access the file. A file owner interface may store contact information for the file owner, and ping the information, substituting alternate contact information as necessary, alerting the file owner of any failure of the contact information prior to expiration of the time-based approval period. After expiration of the time-based approval period, grant of file permissions may be automatically approved.01-14-2010
20100011447SECURE FILE PROCESSING - Apparatus, systems, and methods may operate to receive requests to securely process files on an untrusted client. Additional activity may include transparently redirecting file management operations associated with applications running on the untrusted client to file content associated with the files, where the file content is located in a sandbox on the untrusted client, where the sandbox is inaccessible to the applications. A data store, shared across the applications, may be used to share information associated with the file content. Additional apparatus, systems, and methods are disclosed.01-14-2010
20090019551INFORMATION SECURITY DEVICE AND COUNTER CONTROL METHOD - A method is provided for flexibly setting a shared counter shared by a plurality of security modules sharing a counter in tree structures, while curbing the amount of secure memory used. The shared counter is realized by a first counter group having a tree structure managed by a first secure module and a second counter group having a tree structure managed by a second secure module sharing a node in the tree structure of the first counter group and a node in the tree structure of the second counter group. The method of sharing using tree structures enables flexibly addition, deletion and access restriction setting of modules that use the shared counter.01-15-2009
20090019549Updating and Validating Documents Secured Cryptographically - Aspects of the subject matter described herein relate to updating and validating documents secured cryptographically. In aspects, documents are encrypted to protect them from unauthorized access. An entity having write access to a document may create a new version of the document and sign the new version with a private key. Other entities may validate that the new version of the document was created by an authorized entity by using a public key available in security data associated with the version. The entities that are authorized to create a new version may change which security principals are allowed to create subsequent versions.01-15-2009
20090019548Creating and Validating Cryptographically Secured Documents - Aspects of the subject matter described herein relate to creating and validating cryptographically secured documents. In aspects, documents are encrypted to protect them from unauthorized access. An entity having namespace ownership rights may create a document in an authorized namespace and sign the document with a private key. Other entities may validate that the document was created by an authorized namespace owner by using a public key available in security data associated with a parent document of the document. For a root document, the public key may be available from a directory service. A namespace owner may change the namespace owner(s) that are allowed to create children of a document.01-15-2009
20080301819MOBILITY DEVICE - A mobility device for use in a mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device. The mobility device may comprise a processing unit, a mobility device communications interface for interfacing with cooperating computing environments, a memory storage unit, and an operating system operable to execute web services and/or computing applications.12-04-2008
20080301818Method for Retransmission of Use Authorization Information - In order to reduce the multitude of data for transmitting and converting use authorizations, which are received either encoded or non-encoded together with sound and/or picture contents in signals from optional networks, it is proposed to reduce the hierarchically structured use authorization information in the form of a tree structure before transmitting it further, such that non-occupied tree branches are detected and marked as not relevant, wherein the tree branches marked as not relevant are not included during the further transmitting of the use authorization information.12-04-2008
20120324588DATA MODEL OPTIMIZATION - A name of one or more entity classes of the data model may be refined to conform to a naming convention. A semantic meaning of each of the names and one or more attributes of each entity class may be determined. It may be determined that the name of a first entity class is semantically similar to the name of a second entity class based on a semantic distance between the semantic meaning of the names, where a substantial similarity may be determined between the first entity class and the second entity class by comparing the semantic meaning of the one or more attributes of the first entity class to the semantic meaning of the one or more attributes of the second entity class. The data model may be normalized based on the substantial similarity.12-20-2012
20120272334METHOD AND APPARATUS FOR PROCESSING RIGHTS OBJECT - A method for upgrading a Rights Object (RO) includes: acquiring, by a Digital Rights Management (DRM) Agent, RO related information of the RO that requires updating from a Secure Removable Media (SRM) Agent; providing, by the DRM Agent, the RO related information to a Rights Issuer (RI), and obtaining a new RO from the RI; and interacting, by the DRM Agent, with the SRM Agent to upgrade the RO that requires updating on the SRM by means of the new RO. According to the embodiments of the present invention, the DRM Agent acquires RO related information which is stored on the SRM and does not have Move rights, and interacts with the RI to move the RO out from the SRM, so as to move the RO without the Move rights out from the SRM.10-25-2012
20120272331METHOD AND SYSTEM FOR ABUSE ROUTE AGGREGATION AND DISTRIBUTION - In one exemplary embodiment, a computer-implemented method includes receiving a request to block a host, wherein the host provides a prohibited content via a computer network. A spider program can verify that the host provides the prohibited content. An abuse route list can be generated. The abuse route list can include an internet protocol address of the host. The abuse route list is provided to a network operator with a computer networking protocol. A search engine of a database of infringing hosts can be provided. The database of infringing hosts can include the internet protocol address of the host. Whether the host provides the prohibited content can be reverified with a third-party review. The host from can be removed from the abuse route list if the third-party review determines that the host does not provide prohibited content.10-25-2012
20120272333METHODS, DATA PROCESSING SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR ASSIGNING PRIVACY LEVELS TO DATA ELEMENTS - Methods, data processing systems and computer program products for assessing and assigning privacy levels to data elements are provided. A method of assigning privacy levels to data elements (e.g., text files, web page files, image files, audio files, video files, and portions thereof) includes assigning a predetermined privacy level to a data element; storing the data element with the assigned privacy level; determining if the assigned privacy level for data element is proper; and assigning a different privacy level to the data element in response to determining that a currently assigned privacy level for the data element is not proper. A predetermined privacy level may be assigned to a data element under various conditions, such as when the data element arrives at a device, when the data element is created by a device, and/or when the data element is modified by a device.10-25-2012
20120272332SYSTEMS AND METHODS FOR DYNAMICALLY GENERATING A PRIVACY SUMMARY - A system and method for is provided. The present invention provides a system and method for dynamically generating a privacy summary. A profile for a user is created. One or more privacy setting selections are received from the user associated with the profile. The profile associated with the user is updated to incorporate the one or more privacy setting selections. A privacy summary is then generated for the profile based on the one or more privacy setting selections.10-25-2012
20130174271DEVICE AUTHENTICATION FOR SECURE KEY RETRIEVAL FOR STREAMING MEDIA PLAYERS - Systems and methods are disclosed that authenticate devices or users, and enable playback of secured streaming content through a media player. In one embodiment, the invention is a system for receiving secure content over an unmanaged network, including a security application configured operate on a user device with access to a network, where the security application is configured to receive a request for playlist data from the media player, send a playlist request to a content server, receive playlist data from the content server, send playlist data to a media player, receive a security access request from the media player, send a security access request to a security server, receive security access data from the security server; and send security access data to a media player.07-04-2013
20120331563Retrieval of Data Across Multiple Partitions of a Storage Device Using Digital Signatures - A system and method for exchanging data among partitions of a storage device is disclosed. For example, data stored in a first partition is exchanged with an application included in the first partition or with a second application included in a second partition. In one embodiment, the second application is associated with a global certificate while the first application is associated with a different platform certificate. A verification module included in the first partition receives a request for data and determines if the request for data is received from the first application. If the request for data is not received from the first application, the verification module determines whether the request is received from the second application and whether the global certificate is an authorized certificate. For example, the verification module determines whether the global certificate is included in a listing of authorized certificates.12-27-2012
20110265187System and method for user selectable privacy protections on portable communication devices - This invention discloses an apparatus for running an application in a network-based communication system. The apparatus comprising a processing element comprising a processor coupled to a memory. The processing element further provides a user interface to execute a privacy protection application permits the user to enter a plurality of privacy data to selectively disclose the privacy data for running another application executable from the apparatus.10-27-2011
20120331565SYSTEM AND METHOD FOR ENFORCING UTILIZATION OF CONTENT BASED ON HISTORY LISTS - Apparatus, method, and media for enforcing utilization of content. An exemplary method comprises receiving a request to utilize content, the request corresponding to a utilization of the content, determining whether the utilization corresponds to at least one usage right associated with the content, wherein the usage rights include status information relating to the state of the utilization of the content, the status information including a history list comprising information associated with events relating to the content, determining whether the request should be granted based at least in part on whether the utilization corresponds to at least one of the usage rights, and enforcing utilization of the content in accordance with the at least one of the usage rights that is determined to correspond to the utilization based at least in part on a determination that the request should be granted.12-27-2012
20120331564INFORMATION PROCESSING APPARATUS, SERVER, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - There is provided an information processing apparatus, including a behavior information generating unit that generates behavior information, a behavior pattern analyzing unit that analyzes a behavior pattern based on the behavior information, a similarity determining unit that performs a similarity determination of the analyzed behavior pattern and a protection target behavior history pattern, a protection selecting unit that selects a protection level of the behavior information based on a result of the similarity determination, and a behavior information protecting unit that protects the behavior information based on the selected protection level.12-27-2012
20100229243APPLICATION PROGRAMMING INTERFACE FOR TRANSFERRING CONTENT FROM THE WEB TO DEVICES - A tagging structure is used in web pages to identify content in such web pages that can be dragged and dropped into a wireless device when such web pages are rendered as a component of a web page served by a media management service.09-09-2010
20100229242PROGRAM EXECUTION CONTROL SYSTEM, PROGRAM EXECUTION CONTROL METHOD AND COMPUTER PROGRAM FOR PROGRAM EXECUTION CONTROL - When a program is introduced into a computer terminal from an external source via a wired or wireless network or by using an external memory card, unauthorized access by the introduced program to various functions within the terminal is prevented by verifying the source from which the program was distributed and performing execution control appropriately according to the identity of the program. In order to reference the security policy data which specifies functions available to each program given from an external source and restrict functions used by the program, the information concerning the security domain or the certificate or signature attached to the program is extracted, and the extracted information is associated with one of a plurality of function access types held as security policy data.09-09-2010
20130014277Methods, Systems, Devices and Computer Program Products for Presenting Information - The life history of a person or entity can be presented in a graphical representation of a highway. Life events may be represented by simple data strings, or by files such as photographs, dissertations, job offers, and love-letters, among others. For ease in viewing, the information representing the life history is categorized according to type (medical, educational, photographic, etc.) and placed in lanes corresponding to the type of information. The information is also organized by date, being placed between miles corresponding to temporal periods, for instance, years. Other graphical arrangements of stored information are also included.01-10-2013
20120291138INFORMATION PROCESSING APPARATUS AND METHOD FOR PREVENTING UNAUTHORIZED COOPERATION OF APPLICATIONS - An information processing terminal (11-15-2012
20100199358Information Exchange Apparatus, Method and Managing System Applied Thereto - An information exchange apparatus in accordance with the present invention has a processing unit, a wireless communication unit, a storage unit, a mainframe connection port and an identification module. The wireless communication unit has a transmitter and a receiver connected to the processing unit. The storage unit is connected to the processing unit and stores a device identification (ID) code, user information and data exchange records. The mainframe connection port is connected to the processing unit for connecting to an electronic device. The identification module is connected to the processing unit, has a secure memory and stores an identification procedure. The secure memory stores the device ID code and an identification key. The identification module allows the processing unit to access data in the storage unit and exchange data in the storage unit with other information exchange apparatus when the processing unit passes the identification procedure.08-05-2010
20100199357SECURE HOSTING FOR UNTRUSTED CODE - Various technologies and techniques are disclosed for increasing security in execution environments. A system is described for handling DLL calls made from untrusted code. An execution environment instantiates a lower trust process when a high trust process determines a need to call untrusted code. When the untrusted code calls a method in an original DLL, the execution environment loads a shim DLL into the lower trust process. The shim DLL has a clone of the method from the original DLL. A method for increasing security when processing calls from untrusted code is described. A shim DLL is created from an original DLL, and is deployed so an execution environment will load the shim DLL instead of the original DLL. When an execution environment receives a call from a caller DLL to the original DLL, the call is routed through the shim DLL. A pluggable validation system is also described.08-05-2010
20100162411APPARATUS AND METHOD FOR MANAGING HYBRID CONTENTS GENERATED BY COMBINING MULTIMEDIA INFORMATION AND GEOSPATIAL INFORMATION - An apparatus for managing hybrid contents generated by combining multimedia information and geospatial information includes an input/output unit that is connected with a contents storage and a contents using device to control input/output of the hybrid contents; a structure calculating unit that generates the hybrid contents having a layer structure using an XML format by interconnecting the multimedia information having the layer structure using the XML format provided from the input/output unit and the geospatial information having the layer structure using the XML format; and a relationship establishing unit that is connected with the input/output unit or the structure calculating unit to establish and provide the relationship of the multimedia information having the layer structure, the geospatial information having the layer structure, and the hybrid contents.06-24-2010
20100132047SYSTEMS AND METHODS FOR TAMPER RESISTANT MEMORY DEVICES - Systems and methods for tamper resistant memory devices are provided. In one embodiment, a memory device comprises a memory cell for storing digital data, the memory cell having a plurality of memory addresses accessible for read and write operations through a memory interface; and a tamper detection circuit coupled to the memory cell, the tamper detection circuit comprising: a communications decoder coupled to the memory interface, wherein the communications decoder observes sequences of memory access operations to the memory cell; at least one timer for counting a duration of time; a tamper detect state machine responsive to the communications decoder and the at least one timer; and a data destruct engine responsive to the tamper detection state machine, wherein upon receiving an activation signal from the tamper diction state machine, the data destruct engine overwrites digital data stored in the memory cell.05-27-2010
20130019319Selective Content Accessibility in a Social Network - A social networking service encourages users to post content to a communication channel with varying levels of accessibility to other users. Users may select how content will be published and control the accessibility of uploaded content using a privacy setting for each content item that the user posts. The privacy setting defines, or identifies, the set of connections who may view the posted content item. The posted content item is placed in a particular communication channel in the social networking service, such as a newsfeed or stream, where the content item can be viewed by those who are permitted to view it according to its associated privacy setting. Varying granularities of privacy settings provide flexibility for content accessibility on a social networking service.01-17-2013
20130019318System and Method of Owner Application Control of Electronic Devices - Systems and methods of owner application control of an electronic device are provided. Owner application control information is stored on the electronic device and/or one or more remote servers. Owner application control information is consulted to determine if one or more required applications are available for execution on the electronic device. If not, one or more required applications not available are downloaded and installed. This could be in a manner transparent to the user of the electronic device. If one or more required applications are not available on the electronic device, the device can be functionally disabled in whole, or in part, until one or more required applications are available.01-17-2013
20130024945MAKING SYSTEM CONSTRAINTS OF A SPECIFIED PERMISSION IN DIGITAL RIGHTS MANAGEMENT - A method and a terminal device for making multi-system constraint of a specified permission in a digital rights. A rights object related to content object is obtained by an executing device. The specific permission descriptions of the rights object include system constraint descriptions of a plurality of systems of the same type. The executing device obtains a corresponding system information in the device according to the system constraint descriptions and compares the system information in the device with the system information in the system constraint descriptions, so as to judge whether there is any system permitted in system constraint descriptions. If yes, it determines to permit executing the specific permission for the content object; otherwise, it determines not to permit executing said specific permission for the content object.01-24-2013
20130024944CONFIDENTIAL INFORMATION LEAKAGE PREVENTION SYSTEM, CONFIDENTIAL INFORMATION LEAKAGE PREVENTION METHOD AND CONFIDENTIAL INFORMATION LEAKAGE PREVENTION PROGRAM - Provided are first monitoring unit 01-24-2013
20080235805Digital Rights Management - Software licence management systems are provided in which a licence to use a software product is represented by a data token. The systems have a software controller for controlling use of the software product at a user device, and a licence management server for communicating with the software controller via a data communications network. The software controller allows use of the software product at the user device substantially only during a use period associated with a current data token supplied to the software controller by the licence management server. An exchange token can be supplied to another, similar software controller when necessary to transfer the licence, e.g. in the event of a breakdown. The software controller is adapted to supply either the current data token, or the exchange token, to the licence management server to be exchanged for a new data token.09-25-2008
20080229428System and Method For a Dynamic Policies Enforced File System For a Data Storage Device - An autonomous data storage device for storing data files via an external file interface, the external file interface being controllable from an external device, the device comprising: a physical file storage for homogenous storage of files; the external file interface configured to allow sector level access to at least part of the physical file storage to support standard operating file system calls; an internal sector policy management unit located in between the external file interface and the physical file storage for sector level policy enforcement of the physical file storage, for one or more of the sector level managed sectors, the unit having an input for receiving instructions from the external file interface for sector oriented operations, and being configured to carry out sector policy management operations in accordance with.09-18-2008
20110247079SYSTEMS AND METHODS TO DISTRIBUTE CONTENT OVER A NETWORK - The present embodiments provide methods, apparatuses, and systems to distribute content over a network. Some embodiments provide methods to distribute content within a local media network. These methods receive a request for a first content to be transferred to a sink device, request from the source an access criteria for a first content that is protected according to a first digital rights management (DRM), forward the access criteria to the sink device, receive an evaluation of the access criteria from the sink device regarding at least whether the sink device can interpret the first DRM, determine according to the evaluation received from the sink device whether the sink device can utilize the first content that is protected according to the first DRM, and initiate a transfer of the first content from the source device to the sink device when the sink device can utilize the first content.10-06-2011
20110247078INFORMATION PROCESSING APPARATUS - According to one embodiment, an information processing apparatus is provided. The information processing apparatus includes: a body case; 10-06-2011
20080222737Apparatus for and a method of copy-protecting a content carrying recording medium - Recording data has content data and navigation control data to enable a legitimate player to navigate the content data. The recording data has a content data set and a spurious data set that is difficult to distinguish from the content data set but will ignored by a legitimate player. The content data is associated with the content data set and the spurious data set. The spurious data set may be associated with control data that inhibit playing or correct playing of the content data. A ghost structure such as a ghost video title set my be provided by causing information in at least one of the video title set information, video manager information and the volume information file structure to reference a non-existent video title set or not reference an existing video title set. The recording medium may be an optical disc such as a DVD or its precursors.09-11-2008
20080222736Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks - The present invention relates to a method for preventing an unauthorized activity including a transaction in a web site comprising the steps of: (a) receiving a response containing at least one HTML page, from said site, by the traffic processor; (b) modifying said response by obfuscating said at least one HTML page of said response; (c) storing de-obfuscation information in a transaction table; (d) forwarding the modified response from said traffic processor to the client's browser; (e) redirecting a request from said browser to the traffic processor, by the redirector; (f) checking said request for an unauthorized command; (g) de-obfuscating said request using the stored information in said transaction table; and (h) forwarding the modified request to said site.09-11-2008
20080222735METHODS AND COMPUTER PROGRAM PRODUCTS FOR SECURING DISPLAY OF MESSAGE CONTENT - The shortcomings of the prior art are overcome and additional advantages are provided by securing display of sensitive messages to prevent third parties from viewing sensitive content. For one or more incoming messages designated as sensitive, substitute content to be displayed in place of sensitive content is received from a message recipient. Alternatively or additionally, an indicia to be displayed with any incoming message designated as sensitive is received from the message recipient. A message having sensitive content is designated as sensitive by a sender, a recipient, or an intermediate system. Upon receipt of a message designated as sensitive, a message window is displayed that includes substitute content different from the sensitive content. The substitute content includes an indicia that the sensitive content is not displayed.09-11-2008
20130179988Secure Profile System And Method - A computer implemented method for a secure profile system for an identity management system having: on a computer device having one or more processors and a memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for: defining a structure; storing data associated with a profile, where the profile contains an object; securely granting access to the profile and a subject; configuring an audit log to provide an account of an access to data housed within the profile; implementing a security-related algorithm and protocol; exchanging data between two or more subjects; and providing secured, externalized content. Also, a computer system and non-transitory computer-readable storage medium adapted for the same.07-11-2013
20120255032METHOD, A SYSTEM AND AN APPARATUS FOR DELIVERING MEDIA LAYERS - A system for facilitating access to multiple layer media items over communication network. The system comprises a media database which is used for storing multiple layer media items as independently accessible channels. The system further comprises plurality of subscriber applications which are connecting via a communication network, e.g. The Internet, to the media database. Users can use the subscriber application to access to each channel of the multiple layer media items independently.10-04-2012
20120255031SYSTEM AND METHOD FOR SECURING MEMORY USING BELOW-OPERATING SYSTEM TRAPPING - In one embodiment, a system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more portions of memory for which attempted accesses will be trapped and comprising criteria by which the attempted access will be trapped, trap an attempted access of the memory that originates from the operational level of the operating system, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic device accessing the memory.10-04-2012
20130139271CONTENT PROVIDER WITH MULTI-DEVICE SECURE APPLICATION INTEGRATION - Methods and systems for providing access to content are disclosed. The method is performed at least in part at a client computer system having a processor and memory. The method includes executing a host application associated with a first party. In some implementations, the host application is a media player. The method further includes initiating a secure communication channel between the host application and a server associated with the first party. The method further includes executing a supplemental application associated with a second party. The method further includes accessing, with the supplemental application, content licensed to the first party, wherein the licensed content is accessible to the supplemental application via the secure communication channel subject to terms of a licensing agreement. In some implementations, the content is media content, such as music, movies, and the like.05-30-2013
20130091586Electronic Permission Slips for Controlling Access to Multimedia Content - An administrator controls viewer access to restricted multimedia programs using electronic permission slips. In response to a viewer's request to view a restricted multimedia program, the viewer may initiate the generation of an electronic permission slip that is sent to an electronic device associated with the administrator. The electronic permission slip may include text-based information, graphical information, audio information, and the like. The electronic permission slip may enable input of permission data regarding whether the viewer is allowed to receive the blocked program. In response to the administrator granting permission, a service provider network allows the viewer to access the restricted multimedia program.04-11-2013
20130091585MOBILE WIRELESS COMMUNICATIONS DEVICE HAVING VALIDATION FEATURE AND RELATED METHODS - A mobile wireless communications device may include a wireless transceiver and a controller coupled to the wireless transceiver. The controller may be configured to determine if an email address is associated with the mobile wireless communications device. The controller may further be configured to wirelessly send a validation request to a validation server based upon the email address, and wait for a validation email to be wirelessly received from the validation server based upon the validation request if the email address is associated with the wireless communications device, and if the validation email is wirelessly received, then validate access an application based upon the validation email.04-11-2013
20130091584Distributed System and Method for Tracking and Blocking Malicious Internet Hosts - Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked” IP address for a period of time. A network appliance can then “receive” an email and perform analysis and provide results of the analysis to a reputation service. Thereby, the temporarily allowed communication can be used to learn information about a threat which would not have been available if all communication from that IP address had actually been blocked at the network appliance.04-11-2013
20130097716METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR DETERMINING MEDIA ITEM PRIVACY SETTINGS - An apparatus for determining media item privacy settings may include a processor. The processor may be configured to receive media item capture data associated with a media item. The media item capture data may include at least a capture location. The processor may also be configured to identify a privacy context that corresponds to the media item capture data. In this regard, the capture location of the media item capture data may be within a geographic zone of the privacy context. The processor may be further configured to determine a privacy setting for the media item based on the corresponding privacy context, and, in some embodiments,control access to the media item in accordance with the determined privacy setting. Associated methods and computer program products may also be provided.04-18-2013
20130133080LICENSE MANAGEMENT SYSTEM AND METHOD - When hardware connected to an image forming apparatus is detected, a check is performed as to whether the hardware was used with another image forming apparatus, and, if used, a license of an application that is operated by the hardware is automatically transferred so that the application can be used in the image forming apparatus to which the hardware is connected.05-23-2013
20130179989METHOD AND APPARATUS FOR ENFORCING SOFTWARE LICENSES - A method and apparatus for enforcing software licenses for resource libraries such as an application program interface (API), a toolkit, a framework, a runtime library, a dynamic link library (DLL), an applet (e.g., a Java or ActiveX applet), or any other reusable resource. The resource library can be used by authorized end user software programs. A “per-program” licensing scheme for a resource library can allow a resource library to be licensed only for use with particular software programs.07-11-2013
20130145479Systems and Methods for Clinical Study Management - Electronic systems and methods for managing and auditing Clinical Trial data includes using storage and classification of all data. New data is added to the data storage system and designated as a current version, rather than deleting previous data and storing only a single version. Further identifying information about the data, including the user name who modified it and the date of modification, may also stored. Computer users are authenticated by the systems and methods and may then add and alter data according to user permissions. Further systems and methods include electronic billing for clinical trials based on statuses of clinical trial procedures. Prices for procedures may be assigned by appropriate users and billing mechanisms may proceed based on statuses of the procedures and not necessarily on the status of the entire clinical trial.06-06-2013
20130145481RECORDING MEDIUM APPARATUS AND CONTROLLER - A storage unit 06-06-2013
20130145478SYSTEMS AND METHODS FOR ELECTRONICALLY PUBLISHING CONTENT - Systems and methods for electronically publishing content are disclosed. An example method includes receiving a content selection and receiving a selection of rights assigned to the content. The method also includes receiving a selection of one or more tags and associating the content with the rights assigned and the tag to enable a security trimmed rank adjusted search return of the content.06-06-2013
20080209570Systems, Methods, And A Storage Medium For Storing and Securely Transmitting Digital Media Data - Systems, methods, and a storage medium for storing and securely transmitting digital media data in a networked system are provided. The method includes determining an amount of memory for storing the digital media data. The method further includes querying a plurality of network computers to determine an amount of available memory in a plurality of memory storage devices associated with the plurality of network computers. The method further includes receiving the digital media data and partitioning the digital media data into a plurality of digital media data sets. The method further includes encrypting the plurality of digital media data sets into a plurality of encrypted digital media data sets using at least one encryption key value. The method further includes storing the plurality of encrypted digital media data sets in at least two of the plurality of memory storage devices associated with the plurality of network computers. The method further includes retrieving the plurality of encrypted digital media data sets and transmitting the plurality of encrypted digital media data sets to a decryption device. Finally, the method includes decrypting the plurality of encrypted digital media data sets at the decryption device using at least one encryption key value to obtain the digital media data.08-28-2008
20080201782METHOD AND APPARATUS FOR MANAGING DIGITAL CONTENT - A method and apparatus for managing digital content are provided. The apparatus for managing digital content generated by applying digital rights management (DRM) includes: a content execution unit executing digital content; and a control unit confirming whether or not digital content is in a first period in which the digital content can be normally executed, and controlling the content execution unit so that, if the digital content is in the first period, the digital content can be executed normally, and if the digital content is in a second period which is not in the first period, the digital content can be executed in a manner which can be distinguished from that of execution in the first period. According to the apparatus and method, execution of digital content, which is close to expiration, can be controlled, thereby managing the expiration of the digital content for a user.08-21-2008
20120284803METHOD AND APPARATUS FOR DISTRIBUTING ENFORCEABLE PROPERTY RIGHTS - An enforceable property right and a system for controlling the manner of use of an item in accordance with usage rights. The enforceable property right includes an item ticket having a security mechanism incorporated therein and specifying an item for which the item ticket can be redeemed and a license associated with the item ticket. The license includes usage rights specifying a manner of use for redeeming the item ticket and a mechanism for unlocking said security mechanism.11-08-2012
20120284802METHOD FOR PLAYING DIGITAL CONTENTS PROTECTED WITH A DRM (DIGITAL RIGHT MANAGEMENT) SCHEME AND CORRESPONDING SYSTEM - The method and system are for playing digital contents protected by a DRM scheme, wherein the digital contents are stored in a server and downloaded or streamed to a user device. The approach includes executing a DRM application inside the user device implementing a proxy between the server and a native player of the user device, and connecting the DRM proxy application to the server, selecting a digital content to be downloaded and retrieving a corresponding remote playlist. Also, the approach includes transforming the remote playlist into a local playlist having a format readable from the native player and executing a plurality of local packets of the local playlist inside the native player. Executing the local playlist includes, for each packet, requesting a corresponding remote packet from the DRM proxy application to the server, returning the remote packet to the DRM proxy application, acquiring a license to access the remote packet, accessing the remote packet in the DRM proxy and returning the accessed packet to the native player as a local packet to be displayed.11-08-2012
20130160140MACHINE-TO-MACHINE COMMUNICATIONS PRIVACY PROTECTION METHOD AND SYSTEM, MACHINE-TO-MACHINE COMMUNICATIONS SERVICE MANAGEMENT ENTITY, AND RELATED DEVICE - Embodiments of the present invention provide a machine-to-machine communications privacy protection method and system, a machine-to-machine communications service management entity, and a related device. The method includes: after receiving a location access message, determining, by a service management entity and according to locating information, an entity that performs privacy inspection; and triggering, by the service management entity, the entity that performs privacy inspection to perform privacy inspection. The M2M service management entity determines in advance the entity that performs privacy inspection and triggers the entity that performs privacy inspection to perform privacy inspection. Therefore, with the method provided in the present invention, message interaction on an mId interface is reduced, thereby reducing a message overhead. In this way, a network load is reduced, and especially for a wireless network with an air interface, benefit that reduction of a signaling overhead brings is greater.06-20-2013
20130160139Volume Encryption Lifecycle Management - Aspects of the subject matter described herein relate to encryption lifecycle management. In aspects, an orchestrating agent is installed on a device upon which encryption management is desired. During the lifecycle of the device, the orchestrating agent facilitates performing actions to protect the data of the device. For example, at certain points during the actions, the orchestrating agent may deduce the presence of external entities needed to perform the actions and interact with those entities to protect the data. During its facilitating activities, the orchestrating agent may also escrow protector data to use to unlock the data for legitimate stakeholders of the data.06-20-2013
20130185806PERSONAL-INFORMATION TRANSMISSION/RECEPTION SYSTEM, PERSONAL-INFORMATION TRANSMISSION/RECEPTION METHOD, PERSONAL-INFORMATION PROVISION APPARATUS, PREFERENCE MANAGEMENT APPARATUS AND COMPUTER PROGRAM - Disclosed is a personal-information (PI) transmission/reception system and the like which makes it possible to, even when the number of apparatuses possessing PI has increased, reduce a burden of a user who sets preferences (PRFs) with respect to disclosures of the PI on the individual apparatuses.07-18-2013
20130185805METHOD AND APPARATUS FOR ESTABLISHING USAGE RIGHTS FOR DIGITAL CONTENT TO BE CREATED IN THE FUTURE - Usage rights for a digital work are established prior to creation of the corresponding content. The rights can be associated with the content after the content is created. A content creation, such as a video recorder or a still camera, device can store labels of the rights and can associate usage rights with content in real time as the content is created.07-18-2013
20080256645Digital rights management method and digital rights management-enabled portable device - A DRM method and DRM-enabled portable device for controlling playback of DRM content on the basis of content usage log is disclosed. A digital rights management method for a portable device of the present invention includes playing a content item recording, when an abnormal playback stop event is detected, a stop time point in a playback session of the content item on a usage log and controlling a next playback of the content item with reference to the recorded stop time point. The DRM method and DRM-enabled portable device of the present invention further manages the licenses issued for the DRM content stored in the portable device by updating the licenses even when the DRM content are abnormally closed during its playback session.10-16-2008
20110314556TIME-SLICING METHOD AND SYSTEM FOR DIGITAL BOOKS - A method is provided in which time slicing data, including an indication of available time blocks for loaning an e-book from an e-book lending library, are provided to a user in response to the user requesting to borrow an e-book that is not currently available for being loaned. When the user selects an available time block via an electronic device, the e-book lending library provides to an electronic device that is associated with the user, via the communications network, a lending license for the e-book that is valid only during the selected available time block. The e-book lending library enables access to the first e-book via the electronic device, during the selected time block, using the provided lending license.12-22-2011
20110314555ABSTRACTIONS AND AUTOMATION FOR ENHANCED SHARING AND COLLABORATION - The present invention provides methods for using abstractions of people, including dynamic and static groups of people, to enhance the efficiency of the specification and automation of policies for sharing information between users with a “need-to-know.” An instance of the present invention can also provide these users information based on a “time-to-know.” By providing access to information based on group affiliation and properties of the content of the information, the present invention maintains optimal information privacy while minimizing encumbrances to sharing data with appropriate users and even at appropriate times. The present invention can be integrated with other communication technologies to facilitate access to information in a time appropriate manner. Other instances of the present invention employ automated and semi-automated, mixed-initiative techniques, to make information-sharing decisions. Additional instances of the present invention include the employment of machine-learning techniques to facilitate construction of access policies from the actions or profile of a single user or a community of users, including the construction of automated sharing agents that work in an automated or mixed-initiative manner to respond to real-time requests for information.12-22-2011
20110314554MANAGING LICENSES OF MEDIA FILES ON PLAYBACK DEVICES - Embodiments are described herein for managing licenses of media files on playback devices in a media system. In some embodiments, each media file is purchased based on a number of licenses, each license granting permission to store the media file on a single playback device. Each media file may have an associated number of one or more licenses that specifies the maximum number of playback devices on which the media file may be stored at the same time (concurrently). The media system may comprise a home central licensing (HCL) device, a primary storage device, and playback devices coupled via a network. The primary storage device may be used to initially store newly purchased media files. The HCL device may allow or prohibit distribution of the media files on the primary storage device to playback devices by using a license manager data structure storing licensing information for each media file.12-22-2011
20130191928ENFORCING CONTENT BLACKOUT - A system includes a network interface, a memory, and a processor. The network interface is configured to communicate, over a network, with a user device associated with a user. The memory is configured to store instructions to be executed by the processor. The processor is configured to execute the instructions to: receive, from the user device via the one or more network interfaces, a request for content; initiate an upload of the requested content to the user device in response to the request; receive a request for a license key from the user device in response to the initiation of the upload; determine whether the user device is outside a blackout region associated with the content; generate a license key when the one or more processors determine that the user device is outside the blackout region; and send the license key to the user device.07-25-2013
20130198856USER BASED LICENSING FOR APPLICATIONS - A method, system, and computer-readable storage media for providing user based licensing of an application are provided herein. The method includes receiving user log-in information from a computing device at a licensing service in response to an input by a user and providing a license for an application to the computing device, wherein the license includes device specific information associated with the user. The method also includes activating the application on the computing device using the device specific information.08-01-2013
20130205404PROTECTING PRIVACY OF SHARED PERSONAL INFORMATION - Methods and apparatus are described to protect personal information by decoupling it from user identity. According to specific embodiments, this is accomplished by associating each user with an anonymous token that is decoupled from the user's identity. Personal information (e.g., a user's physical or geographic location) is stored in association with this anonymous token, with no apparent connection to the user. Those allowed to access the personal information—including the owner himself—are granted the ability through a variety of mechanisms to connect the anonymous token back to the owner. The personal information can then be retrieved by locating the data stored in association with the anonymous token in the data store.08-08-2013
20130205403MAINTAINING SECURE DATA ISOLATED FROM NON-SECURE ACCESS WHEN SWITCHING BETWEEN DOMAINS - A data processing apparatus including circuitry for performing data processing, a plurality of registers; and a data store including regions having different secure levels, at least one secure region (for storing sensitive data accessible by the data processing circuitry operating in the secure domain and not accessible by the data processing circuitry operating in a less secure domain) and a less secure region (for storing less secure data). The circuitry is configured to determine which stack to store data to, or load data from, in response to the storage location of the program code being executed. In response to program code calling a function to be executed, the function code being stored in a second region, the second region having a different secure level to the first region, the data processing circuitry is configured to determine which of the first and second region have a lower secure level.08-08-2013
20130205406Data protection method and device - An apparatus and method for encoding and decoding additional information into a digital information in an integral manner. More particularly, the invention relates to a method and device for data protection.08-08-2013
20130205405DATA PROCESSING SYSTEM AND DATA PROCESSING METHOD - Provided is a system that improve security of data processing by determining whether processing of the data received from an image processing apparatus is restricted, communicating with the image processing apparatus when processing of the data is restricted, and receiving a response whether the processing of the data is permitted. It is determined in the portable terminal whether processing of the data received from the image processing apparatus is restricted. If processing of the data is restricted, the portable terminal communicates with the image processing apparatus, and the portable terminal processes data when it received information that indicates the processing of the data is permitted. If processing of the data is restricted, the portable terminal processes the data without communicating with the image processing apparatus.08-08-2013
20120079605Methods and Arrangements for Rendering Real-Time Media Services - The present invention relates to methods and arrangements for rendering a radio service. The radio service signal broadcasted to radio devices is divided into a plurality of different signals. The different signals may be retrieved via different channels and from different sources. Hence, the radio service signal is at least divided into a DJ signal containing a program guide and e.g. DRM keys, which may be retrieved from a media server e.g. hosted by a provider providing a radio channel and a payload signal, which may be retrieved from memory storage in device or a content server, with the payload (typically music). According to an embodiment of the present invention the radio signal comprises further a host signal. The host signal comprises voice content, commercial advertisements etc. The host signal may be retrieved from a content server e.g. hosted by the provider providing the radio channel. The radio service may be created by combining the DJ signal, the radio host signal and the payload signal, wherein the service is mastered by the DJ signal.03-29-2012
20120304305SYSTEMS AND METHODS FOR A WEBSITE APPLICATION FOR THE PURPOSE OF TRADING, BARTERING, SWAPPING, OR EXCHANGING PERSONAL PROPERTY THROUGH A SOCIAL NETWORKING ENVIRONMENT - A system is provided for facilitating a personal property trading system and social networking environment that allows users to interact and create dialogue and socialize in relation to possible trades of personal property or services. This application will allow users who are willing to trade an item, service or favor to obtain similar wants or needs. This form of haggling and the feeling of success are proven to be mentally stimulating, proving another benefit for users. Users will be able to comment and haggle, as well as suggest other users that they believe may have a match on their ‘TRADING ITEMS’ and ‘STUFF I WANT’ lists. The system will promote environmentally conscious trading by bringing unwanted items back to use.11-29-2012
20120084869CLAIMS-AWARE ROLE-BASED ACCESS CONTROL - The formulation of a security token that specifies role information corresponding to one or more roles of a requesting entity that is to request an action to be performed on a resource. The formulation begins by accessing one or more claims, each having an expression regarding the requesting entity. The expression for at least one of the claims is evaluated to thereby assign the requesting entity to one or more identities. The identities are then used determine role information to include in a role-based security token that may be submitted to the computing system that manages the resources.04-05-2012
20120096567SYSTEMS AND METHODS FOR MANAGEMENT OF SECURE DATA IN CLOUD-BASED NETWORK - Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud.04-19-2012
20120096566FIRST COMPUTER PROCESS AND SECOND COMPUTER PROCESS PROXY-EXECUTING CODE ON BEHALF OF FIRST PROCESS - Upon a first process encountering a triggering device, a second process chooses whether to proxy-execute code corresponding to the triggering device of the first process on behalf of such first process based at least in part on whether a license evaluator of the second process has determined that the first process is to be operated in accordance with the terms and conditions of a corresponding digital license. The license evaluator at least in part performs such determination by running a script corresponding to the triggering device in the code of the first process. Thus, the first process is dependent upon the second process and the license for operation thereof.04-19-2012
20130212700EXCEPTION HANDLING IN A DATA PROCESSING APPARATUS HAVING A SECURE DOMAIN AND A LESS SECURE DOMAIN - A data processing apparatus and method are provided for handling exceptions, including processing circuitry configured to perform data processing operations in response to program code, said circuitry including exception control circuitry. A plurality of registers are provided including a first and second subsets of registers, and a data store. The data store includes a secure region and a less secure region, wherein the secure region is for storing data accessible by the processing circuitry when operating in a secure domain and not accessible by the processing circuitry when operating in a less secure domain. The exception control circuitry performs state saving of data from the first subset of registers before triggering the processing circuitry to perform an exception handling routine corresponding to the exception. Where background processing was performed by the processing circuitry in the secure domain, the exception control circuitry performs additional state saving of the data.08-15-2013
20130212701METHOD AND SYSTEM FOR CLASSIFYING AND REDACTING SEGMENTS OF ELECTRONIC DOCUMENTS - A method for classifying and redacting electronic documents, for example an email message, is described. The classification and redaction of segments of the email message are based on rules. Using the rules, multiple versions of the email message, each corresponding to recipients with specific clearance levels are generated. A selective redacting of certain segments of the email message concurrently with sending previously redacted segments of the same email message is described. A corresponding system for classifying and redacting electronic documents is also provided.08-15-2013

Patent applications in class Access control

Patent applications in all subclasses Access control