Abstract: An apparatus and method is provided for protecting data in a non-volatile memory by using an encryption and decryption that encrypts and decrypts the address and the data stored in the non-volatile memory using a code read only memory that stores encryption and decryption keys that are addressed by a related central processing unit at the same time data is being written or read from the non-volatile memory by the central processing unit.

Abstract: This disclosure describes methods for using embedded auxiliary signals in documents for copy detection and other applications. In on application, the auxiliary signal is formed as an array of elements selected from a set of print structures with properties that change differently in response to copy operations. These changes in properties of the print structures that carry the embedded auxiliary signal are automatically detectable. For example, the changes make the embedded auxiliary signal more or less detectable. The extent to which the auxiliary data is detected forms a detection metric used in combination with one or more other metrics to differentiate copies from originals. Examples of sets of properties of the print structures that change differently in response to copy operations include sets of colors (including different types of inks), sets of screens or dot structures that have varying dot gain, sets of structures with different aliasing effects, etc.

Abstract: A tuning device uses a counter mode encryption cipher to encrypt counters associated with media content in order to protect the media content when it is sent to requesting device or controller. The encrypted counters are decrypted in order to consume the media content. The controller may send particular direction to the tuning device as to how the media content, encrypted counters, and other associated data are sent to the controller.

Abstract: A content transmission apparatus is disclosed which promotes distribution of contents over a network and thereby affords better convenience to those who wish to sell and buy the contents. The apparatus is implemented typically as a video camera provided beforehand with an access account from a server apparatus. The content transmission apparatus is equipped with abilities to encode contents in a streaming format for upload and to connect communicably with the server receiving what is uploaded. These features allow the user of the content transmission apparatus easily to upload the content generated thereby to the server without going through complicated steps to sign up with an ISP; to prepare a personal computer, a modem and other hardware; or to make elaborate settings and establish connection with the server. Therefore, uploading of contents is promoted. The server apparatus presents uploaded contents illustratively at its website to solicit potential buyers extensively for the presented contents.

Abstract: The subject matter relates to software application collaboration and, more particularly, collaboration between software applications via formular updates. Some such embodiments include systems, methods, and software to receive a definition of a content item from a first party, wherein the content item is operable within an application of a second party to cause data to be exported by the second party's application in a manner that can be imported to an application of the first party. Some such embodiments further include sending the content item to the second party.

Abstract: Various techniques are provided for the gifting between multiple electronic devices of media content provided by an online digital media provider. An offer and acceptance of a selected gift file is accomplished between a gifter device and a receiving giftee device using a near-field communication (NFC) connection. If a connection to the online provider is available, the gifter device may transmit a gift request by which the gifter's account is charged for the gift file. Thereafter, a gift file created using DRM keys associated with the giftee's account may be downloaded to the giftee device. If a network connection is unavailable, the giftee device may transfer a locked gift file and a corresponding gift license to the giftee device using a peer-to-peer connection. The giftee device may authenticate the license and unlock the gift file once a connection to the online provider is available.

Abstract: Rather than downloading each content document on demand from the publisher location to the user site, at the publisher location, each content document is encrypted and then multiple encrypted documents are assembled into a distribution archive that is itself encrypted with a scheduled key. The distribution archive is then downloaded into a content server at the user site. When the content server receives the distribution archive, it decrypts the archive file and unpacks the encrypted documents. The scheduled key used to decrypt an archive file is included with an archive file that was sent previously to the user site in accordance with the subscription service. The scheduled key to decrypt the first archive file sent to the user is sent from the publisher to the user over a communication channel different from the communication channel used to send the archive file from the publisher to the user.

Abstract: A watermark information embedding apparatus generates a document image from electronic document data that has been input thereto, modifies the electronic document data based upon the document image and embeds information in the electronic document data. The apparatus includes a document image generator for generating a document image from the electronic document data; a document analyzer for detecting layout information of each constituent image in the generated document image; a normalization information calculation unit for calculating normalization information, which is for normalizing placement of each constituent image, based upon the detected layout information; a modification unit for modifying the electronic document data; and an embedding unit for embedding information in the modified electronic document data.

Abstract: An information processor is capable of restricting the available application program interface for each application program. The information processor capable of executing a predetermined application program includes at least one application program interface for providing predetermined control function for the application program, a determining unit for determining an available application program interface for the application program based on license information of the application program, and an operation controlling means for controlling the operation of the application program interfaces in accordance with the results determined by the determining unit.

Abstract: Certain embodiments of the present invention provide systems and methods for managing medical information. Certain embodiments provide a local electronic medical record system including a local personal health record (PHR) client, the PHR client downloading encrypted patient documents from a remote PHR server and parsing the downloaded encrypted patient documents to form a local PHR database. The example system also includes an interface receiving user input including an encryption key to decrypt the downloaded encrypted patient documents and displaying patient medical information to the user based on the downloaded decrypted patient documents.

Abstract: A method of verification of rights is disclosed, contained in a security module associated to an apparatus processing broadcasted digital data. The apparatus is connected to a management center transmitting encrypted rights messages for accessing the digital data. The method includes reception and reading by the security module of all or part of a rights message including at least one right and means for verifying the right, decryption and verification of the rights message and updating of a rights memory, and storage of all or part of the rights message in a messages memory. During a further verification step, the method includes identification of at least one right present in the rights memory, search of the corresponding stored rights message and verification of the rights message, comparison of the right contained in the rights message with the corresponding right stored in the rights memory, and determination of a default state when the result of the comparison indicates a difference.

Abstract: A method, system, and computer-readable storage medium containing instructions for controlling access to data stored on a plurality of storage devices associated with a first platform. The method includes authenticating a user to access the first platform, wherein the first platform includes first and second storage devices, chipset encryption hardware, and a memory. Data stored on the storage devices are encrypted, with first data on the first storage device being encrypted by the chipset encryption hardware and second data stored on the second storage device being encrypted by another encryption mechanism. The data are decrypted and the user is allowed to access the first data and the second data.

Abstract: A licensing system is provided for transferring license information for at least one license-requiring software component of software-controlled devices. The licensing system comprises a first, portable license data storage medium (3), which is provided with a processor unit (8) and on which at least one license information for the at least one license-requiring software component is stored in a memory unit (9). A second, exchangeable license data storage medium (4; 4.1, 4.2) is provided with a processor unit (10; 10.1, 10.2). A data transfer channel (5) is provided for transferring data between the first license data storage medium (3) and the second license data storage medium (4; 4.1, 4.2). A license detection device (6) is provided which can poll the at least one license information of the first license data storage medium (3) and transfer same to the second license data storage medium (4; 4.1, 4.2) via the data transfer channel (5).

Abstract: A multi-merchant purchasing system is configured to identify downloadable products selected by a user for purchase. The identified downloadable products are offered by multiple merchants. The multi-merchant purchasing system enables the user to purchase all of the downloadable products in a single transaction. Specifically, the multi-merchant purchasing system determines payment information associated with the user and, with minimum user-interaction, sends the payment information to applications associated with the merchants for processing. The multi-merchant purchasing system may also be configured to receive purchase information from the merchant applications and maintains the purchase information for the user in a locker. The multi-merchant purchasing system may further be configured to automatically download and install the purchased product onto the user's computing device through a software assistant.

Abstract: A method and apparatus for improved algorithm and key agility for a cryptosystem, comprising a CAM-type key manager. The key manager uses two memories, an index RAM and a key RAM, to virtualize each algorithm or key using pointers from the index RAM to the key RAM, allowing simple reference to algorithm/key pairs, and to dynamically allocate storage for keys. An autonomous free memory management design improves latency in future key write operations by transforming the search for free location addresses in the key RAM memory into a background task, and employing a free address stack. The index RAM is resizable so that data for a plurality of cryptographic algorithms may be stored dynamically.

Abstract: [PROBLEM] To provide an information recording/reproducing apparatus, an information recording/reproducing method, an information recording/reproducing program and a record medium, secure contents are reproduced with a mobile device so that a check-out can be made on memory card of a small capacity thereby to prevent an authorized copy of the secure contents. [SOLVING MEANS] The information recording/reproducing apparatus creates a title key, encrypts the contents in accordance with a title key; stores the encrypted contents, stores navigation information on the reproduction of the contents containing the title key, encrypts the title key in accordance with the medium ID of an external medium, outputs the encrypted title key and an externally connecting method to the external medium, and transmits the encrypted contents stored, to the outside in case a request for the contents is received from the outside.

Abstract: In a computer system in which information represented by digital data is output to plural pages of recording medium, and then information on the plural pages of recording medium is read to use digital data representing the read information, authentication information is embedded in information of a start page selected by the computer system; a page number of the start page embedded the authentication information is notified to a user; information on the plural pages of recording medium is read, wherein the start page is positioned so as to be read first; digital data read from the plural pages of recording medium is authenticated based on the authentication information embedded in the start page; and a process for the digital data read from the plural pages of recording medium is controlled in accordance with a result of the authentication.

Abstract: A technique wherein a first electronic device, such as a server, provides to a second electronic device, such as a client device, a first portion of a digital-content stream. The first electronic device receives an identifier of a protection policy to be applied to the digital-content stream. The first electronic device provides to the second electronic device a data set that includes the policy and a key. In an embodiment, the data set is provided concurrently with providing the digital-content stream to the second electronic device. The first electronic device provides to the second electronic device a second portion of the digital-content stream that is encrypted using the key.

Abstract: An apparatus for generating copyright information for a secondarily processed content obtained by performing secondary processing on an original content, includes a secondary processed substance acquiring unit, a default license information generating unit, and a license information editing unit. The secondary processed substance acquiring unit acquires operation substances of the secondary processing performed on the original content. The default license information generating unit obtains rights expressions for the operation substances acquired by the secondary processed substance acquiring unit to generate default license information including the rights expressions as an initial value. The license information editing unit accepts selection of a desired rights expression by a user from the rights expressions of the default license information generated by the default license information generating unit to generate license information of the secondary processed content from the selected rights expression.

Abstract: There is provided a method and apparatus for providing a content service. A method of providing a content service includes generating a plurality of pieces of decryption information according to a continuous period of using a broadcasting service with respect to predetermined contents, encrypting the contents, and decrypting the encrypted contents using the decryption information.

Abstract: A data providing system is provided which includes: a storage section which stores an encoded file obtained by encoding a data file to be distributed with a predetermined common key and an encoded information file obtained by encoding an information data file including information on the common key with a private key different from the common key; and a file transfer section which transfers the encoded file and the encoded information file from the storage section to external electronic device.

Abstract: When captured content is detected, the captured content is analyzed to determine whether any portion of the content is subject to digital rights management protection specified for content captured. Responsive to determining that the captured content is subject to a first digital rights management protection, a database is queried to select at least one digital rights management rule associated with a first restricted element specifying at least one first criteria for combining the first restricted element with at least one other element. A determination is made whether the first restricted element is combined with the at least one other element in the captured content. Responsive to detecting the first restricted element is combined with the at least one other element, the captured content rights controller determines a combined digital rights management protection rule reconciling the at least one first criteria for combining the first restricted element with the presence of the at least one other element.

Abstract: An electronic signal transmission apparatus executes an authentication process with a transmitting electronic device over a transmission line and receives an encrypted signal and first and second key information therefrom. The encrypted signal is decrypted based on the first key information, displayed and/or recorded, and re-encrypted using the second key information. The encrypted signal is transmitted to another electronic transmission apparatus if that apparatus does not have a recording capability and determined to be authorized using a second authentication process. The re-encrypted signal is sent to the another electronic transmission apparatus if that device has a recording capability and is authorized.

Abstract: A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: An improved interactive network system is provided that allows the Network Operator to control the transfer of information to and from the network end users, the system preferably using triggers or markers embedded within the programming broadcast to users via the network. As a consequence of this system, the Network Operator is able to efficiently garner revenues from third parties transacting business over the network and to control the look and feel of programming offered to network users. Additionally the system can be used as a means of limiting network access, filtering programming, providing on-screen graphics or audible signals for particular programming types or providers, bookmarking programming, profiling network users, targeting advertising, and simplifying network transactions.

Abstract: Techniques are described for facilitating interactions between computing systems, such as by performing transactions between parties that are automatically authorized via a third-party transaction authorization system. In some situations, the transactions are programmatic transactions involving the use of fee-based Web services by executing application programs, with the transaction authorization system authorizing and/or providing payments in accordance with private authorization instructions previously specified by the parties. The authorization instructions may include predefined instruction rule sets that regulate conditions under which a potential transaction can be authorized, with the instruction rule sets each referenced by an associated reference token.

Abstract: In response to receiving an order (e.g., including payment for one or more software licenses), a license distribution manager allocates a specified number of software licenses for distribution to a corresponding customer's clients that utilize the licenses to operate software associated with a corresponding vendor software application. The license distribution manager can allocate one or more overdraft licenses for distribution to the customer in addition to the specified number of software licenses associated with the order. Accordingly, the license distribution manager can allocate extra software licenses (e.g., the overdraft licenses) and distribute more software licenses than are actually purchased by a respective customer. This enables the customer to use one or more provisional licenses (e.g., overdraft licenses) that support restricted use of the vendor's software application such as until the customer can replace the provisional licenses with corresponding purchased licenses.

Abstract: According to one embodiment of the invention, the descrambler IC comprises a local memory to store a unique key and a plurality of process blocks. A first process block performs cryptographic operations on a first mating key generator using the unique key in order to produce a first key. A second process block uses the first key to perform cryptographic operations on a second mating key generator in order to produce a second key. Using the first key and the second key, a third process block decrypts a first encrypted descrambling key in order to recover a first descrambling key and a fourth process block decrypts a second encrypted descrambling key to recover a second descrambling key. The descrambler IC includes a descrambler to descramble the scrambled digital content using both the first descrambling key and the second descrambling key in order to produce digital content in a clear format.

Abstract: Metering is enabled through an arrangement in which a metering certificate is communicated to a mobile device using an over-the-air protocol. A metering trigger provides the metering certificate that includes a location to which metering data is posted by the mobile device and a public key of a public-private key pair, or alternatively provides a link to such metering certificate. A metering helper passes the metering certificate to a DRM system on the mobile device which collects metering data associated with the metering ID and uses the public key to encrypt the metering data into a metering challenge. The metering helper posts the metering challenge to the location. The metering service extracts the metering data from the metering challenge using a private key and generates a metering response that is received by the metering helper which prompts the DRM system to reset at least a portion of a data store in which the metering data is stored.

Abstract: The present disclosure relates generally to processing media signals such as audio and video. One claim recites a method comprising: obtaining a media signal, wherein the media signal comprises a plurality of samples; identifying characteristics of the media signal, said act of identifying utilizes a programmed electronic processor; utilizing a programmed electronic processor to change some of the plurality of samples at or near the characteristics to degrade the media signal, wherein the changing results in human perceptible degradation, but wherein the degradation is removable according to a process which uses at least some different characteristics of the media signal than were identified by said act of identifying; and communicating the degraded media signal. Of course, other claims and combinations are provided too.

Abstract: An on-line service manages downloads of purchased digital content. Information regarding the digital content items that are purchased by each user and the terms of use of those purchased items is maintained. Information regarding the formats of digital content items that each device is adapted to receive is maintained. Upon determining that a user wishes to download a digital content item, the requested digital content is downloaded in an appropriate format for a particular digital device provided the recorded information indicates the content item has been purchased by the user and the download is within the quantity of downloads authorized by the terms of the purchase.

Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona.

Abstract: A method for generating a root key is described. Stable bits of a plurality of comparator outputs are identified. The root key is selected from a number of the identified stable bits. A statistically unique value is calculated from the root key using a cryptographically secure function. An identifier of the identified stable bits and the statistically unique value are stored in a memory.

Abstract: Disclosure of information is controlled selectively depending on users such that a plurality of users having different roles bearing no inclusive relation with one another can access the same area. Content is divided into a plurality of areas. For each of the areas obtained by division, secret keys (encryption/decryption keys in symmetric-key cryptography) are generated. The generated keys are encrypted using public keys in public-key cryptography, which are set in advance for the users depending on their respective roles. In the case where the content is to be disclosed to a plurality of users having different roles, the encryption of secret keys is performed separately for each user. These encrypted contents and encrypted secret keys are used to generate encrypted text.

Abstract: A data processing device of the invention has an ID creator unit (300) which adds ID information which is set by a CPU and the number of sectors, and outputs a result of the addition as ID information; a scramble SEED value table (103) which produces an initial scramble SEED value, by using the ID information which is outputted from the ID creator unit (300); a normal scramble filter (104) which produces a scramble SEED value (402) for data to be transferred; a frame jumping scramble filter (301) which holds a scramble SEED value of a jumping destination (401) in preparation for jumping; and a selector (105) which selects one of the scramble SEED value (401) and the scramble SEED value (402) and outputs the selected value to the normal scramble filter (104). Accordingly, the data processing device can perform a scrambling process and a de-scrambling process, without depending on the reliability of the data being transferred.

Abstract: The aim of the present invention is to propose a method to prevent the abusive use of conditional access data, in particular by means of clones of security modules whose security has been compromised.

Abstract: A system for authenticating a requesting entity in a subnet communications environment includes determining a client identification of a client node associated with the requesting entity, and determining whether the requesting entity associated with the client node is acting in a supervisor capacity. A key to the requesting entity is returned from a resource provider node upon determining that the client identification of the client node indicates that the client node is permitted to access one or more resources of the provider node, and that the client node is acting in a supervisor capacity.

Abstract: The present invention discloses a system and methods for biometric security using hand geometry recognition biometrics in a transponder-reader system. The biometric security system also includes a hand geometry scan sensor that detects biometric samples and a device for verifying biometric samples. In one embodiment, the biometric security system includes a transponder configured with a hand geometry scan sensor. In another embodiment, the system includes a reader configured with a hand geometry scan sensor. In yet another embodiment, the present invention discloses methods for proffering and processing hand geometry scan samples to facilitate authorization of transactions.

Abstract: In accordance with a broad aspect, a method is provided to securely configure a computing device. A configuration indication is received into the computing device, including receiving a digital signature generated based on the configuration indication. Generation of the digital signature accounts for a unique identifier nominally associated with the computing device. The received configuration indication is verified to be authentic including processing the unique identifier, the received configuration indication and the received digital signature. The computing device is operated or interoperated with in accordance with the received configuration indication. In one example, a service interoperates with the computing device. For example, the computing device may be a portable media player, and the service may provide media to the computing device based on a capacity indication of the configuration indication.

Abstract: A global platform card manager of the IC card chip includes a conditional access software decoding part. A decoding key specific to each conditional access software vendor and a key identification number corresponding to the decoding key are preset in the conditional access software decoding part. The conditional access software encrypted by the conditional access software vendor is decoded using the decoding key designated by the key identification number in the conditional access decoding part, when received.

Abstract: In a dynamic database association method, a static contact list is dynamically associated with a dynamic instant messenger contact list so that a user of a first database may access a contact list of a second database with associative links between said first and second databases. The user is also prevented from searching both the first and second databases simultaneously. Moreover, in the abovementioned dynamic database association method, a unified user interface is utilized for integrating management of at least two databases, where each of the at least two databases is operated under a different communication network. Therefore, the defect of inconveniencing the user by utilizing different user interfaces for different databases is avoided.

Abstract: A cellular phone company closes a contract with a user to the effect that the cellular phone company collects a predetermined basic charge from the user together with a communication charge. When the user intends to print out a contents, the user sends authentication information given to him/her to a contents server from his/her cellular phone. The contents server authenticates the user based on the authentication information, and sends contents data for browsing to the user's cellular phone, if authentication is successful. The user's cellular phone sends print request information to a printer. The printer acquires corresponding contents data for print-out from the contents server in accordance with the print request information, and prints out the contents. The cellular phone company collects the basic charge and the communication charge from the user based on the contract.

Abstract: A system and method for enabling broadcast programs to be copied once only by consumer recorders includes writing a unique media identification on each blank disk to which content is to copied in a read-only area of the disk before it is initially recorded. Also, a one-way key management media key block is written to the disk. A content key is derived by combining a media key, derived from the media key block, with the media identification. Additionally, to facilitate copying the content one time only, an exchange key is established between the recorder and a sender such as a satellite receiver or a disk player that is associated with the recorder, and the exchange key is modified with one or more special numbers representing control commands including copy once and copy no more. The modified exchange key is then encrypted using the content key to render an encrypted modified exchange key, and the encrypted modified exchange key is then hashed with a nonce to render a bus content key.

Abstract: One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.

Abstract: Techniques for reorganizing security levels without implicating accessibility to secured files classified in accordance to one of the security levels are disclosed. In a case of adding a new security level, the controllability or restrictiveness of the new security level is determined with respect to the most restrictive security level or the least security level in a set of existing security levels. A set of proper security parameters are then generated for the new security level and subsequently the existing security levels are reorganized to accommodate the new security level. In a case of removing a security level from the existing security levels, the security parameters for the security level to be deleted are either folded up or down to an immediate next security level, depending on implementation.

Abstract: A copy prevention method and apparatus for a digital video system is disclosed including the steps of: (a) adding a header area of a header start code and key field to a reproduced bit stream; (b) decrypting and transmitting the bit stream to which the header area is added; (c) detecting a key held of the decrypted and transmitted bit stream and detecting copy prevention information; and (d) encrypting the bit stream according to information detected from stop (c) and recording it an tape.

Abstract: A copy prevention method and apparatus for a digital video system is disclosed including the steps of: (a) adding a header area of a header start code and key field to a reproduced bit stream: (b) decrypting and transmitting the bit stream to which the header area is added: (c) detecting a key field of the decrypted and transmitted bit stream and detecting copy prevention information; and (d) encrypting the bit stream according to information detected from stop (c) and recording it an tape.

Abstract: A copy prevention method and apparatus for a digital video system is disclosed including the steps of: (a) adding a header area of a header start code and key field to a reproduced bit stream: (b) decrypting and transmitting the bit stream to which the header area is added: (c) detecting a key field of the decrypted and transmitted bit stream and detecting copy prevention information; and (d) encrypting the bit stream according to information detected from stop (c) and recording it an tape.

Abstract: A copy prevention method and apparatus for a digital video system is disclosed including the steps of: (a) adding a header area of a header start code and key field to a reproduced bit stream: (b) decrypting and transmitting the bit stream to which the header area is added: (c) detecting a key field of the decrypted and transmitted bit stream and detecting copy prevention information; and (d) encrypting the bit stream according to information detected from stop (c) and recording it an tape.