Abstract: Disclosed herein are systems and methods for the presentation and marking of media modules. In different aspects, the systems and methods may allow a user to present and consume a media module, particularly a media module containing data that is typically presented in a serial manner such as audio, visual, or video media, and to create a marked media module for quickly and easily returning to a marked point of interest in the media module at a later time or on a different device.

Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.

Abstract: A distributed ledger is maintained in accordance with an enterprise. The distributed ledger includes a plurality of nodes such that one or more entities internal to the enterprise and one or more entities external to the enterprise each have access to at least one of the plurality of nodes. Electronic agreements (for example, product/service licenses) between at least a portion of the one or more entities internal to the enterprise and at least a portion of the one or more entities external to the enterprise are managed in association with the distributed ledger. Management includes generating and recording transactions associated with the electronic agreements on the distributed ledger to enable the one or more entities internal to the enterprise and the one or more entities external to the enterprise permissioned access to one or more of the recorded transactions.

Abstract: In one embodiment, a device classification service classifies a device in a network as being of a first device type. The service applies a first network policy that has an associated expiration timer to the device, based on its classification as being of the first device type. The service determines whether the device was reclassified as being of a different device type than that of the first device type before expiration of the expiration timer associated with the first network policy. The service applies a second network policy to the device, when the service determines that the device has not been reclassified as being of a different device type before expiration of the expiration timer associated with the first network policy.

Abstract: A secure storage for an X.509v3 digital certificate is provided (301, 302). Ports of a first and second apparatus (101, 102) are mutually authenticated (303) by using 802.1X based authentication and 802.1AR certificates. Traffic types are divided (304, 305) by an operator-configurable selector function into user plane, control plane, synchronization plane, and management plane traffic types. For Ethernet transport a virtual port is created for each traffic type, and a different MACsec secure connectivity association is created for each virtual port. For Ethernet transport an operator-programmable security policy is maintained for each traffic type. For IP transport an IPsec security association is created for each traffic type, and an operator-programmable security policy is maintained for each security association. For IP transport, TLS support may be enabled for compatibility with network management traffic. A port is repeatedly re-authenticated by an operator-definable timer value.

Abstract: Persistent profile identifiers can be produced to identify clusters of devices accessing a network in different time periods. In one embodiment, an apparatus uses a first identifier from a first group of identifiers to identify a first cluster of devices and uses a second identifier from a second group of identifiers to identify a second cluster of devices. Further, the apparatus determines that the first cluster of devices identified by the first identifier and the second cluster of devices identified by the second identifier form an edge in a maximum cluster matching. The apparatus provides the first identifier as a persistent identifier for the first cluster of devices and the second cluster of devices.

Abstract: An information provision method includes accumulating, in a first database, a first identifier identifying each of one or more service providers, and first device information indicating an electrical device to be designated by each of the one or more service providers in association with each other; accumulating, in a second database, a second identifier identifying each of one or more users, and second device information indicating an electrical device to be used by the one or more users in association with each other; extracting a service provider associated with the first device information when the second device information is updated by addition of a new electrical device to be used by one of the one or more users, and when the new electrical device is included in the electrical devices indicated by the first device information.

Abstract: A method for automatically attaching a purpose-built electronic device to a provider network includes steps of discovering, by a Wi-Fi module of the purpose-built electronic device, a wireless data network in operable communication with the provider network selecting, by the Wi-Fi module, the wireless data network, transmitting a primary authentication certificate from the Wi-Fi module to an authentication, authorization, and accounting server of the provider network, receiving, by an application server of the provider network, a secondary authentication certificate from a functionality module of the purpose-built electronic device authenticating, by the provider network, the primary and secondary authentication certificates, and attaching the purpose-built device to the provider network.

Abstract: The disclosed computer-implemented method for generating device-specific security policies for applications may include (1) installing, onto a computing device, an application requested by the computing device, (2) while the application is running on the computing device, monitoring interactions between the application and a computing environment in which the computing device operates to identify (A) computing resources within the computing environment required by the application and (B) potential security concerns related to the application within the computing environment, and then (3) generating, based on the monitored interactions, a set of device-specific security policies to enforce for the application while the application runs on the computing device that allow the application to access the required computing resources while mitigating the potential security concerns. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In some examples, a configurator device maps a configuration attribute received from a wireless device to a credential attribute, the credential attribute to be mapped to a network policy. The configurator device sends the credential attribute to the wireless device, the credential attribute useable by the wireless device to access an access point (AP), and useable by the AP to obtain the network policy to apply to a communication of the wireless device.

Abstract: An apparatus and method of managing a licensable item includes accessing a licensing policy related to managing a licensable item, and a license agent making a determination to act to enforce the licensing policy or to first communicate with a server before acting to enforce the licensing policy. Further, the apparatus and method include enforcing the licensing policy in accordance with the determination to act to enforce the licensing policy or to first communicate with a server before acting.

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

Abstract: An image forming apparatus includes a first image forming unit configured to form an image with a decolorable material, a second image forming unit configured to form an image with a non-decolorable material, an RFID processor configured to write data in an RFID tag, a memory unit for storing a table indicating one or more attributes associated with the decolorable material and one or more attributes associated with the non-decolorable material, and a controller configured to control the first image forming unit to carry out image forming on a medium including the RFID tag for information of which attribute is associated with the decolorable material in the table, and control the second image forming unit to carry out image forming on the medium for information of which attribute is associated with the non-decolorable material in the table.

Abstract: The present invention provides for a method and apparatus for distributing digital information, such as software applications, to application users. By providing the digital information on unused memory space of a computer system, and providing a process for authorizing access to the information, the information can be efficiently and cost effectively transferred to users. Traditional inventory and distribution channel difficulties are avoided.

Abstract: In a method for reproducing an original copy of a work of authorship, processing information received from a data input device relating to authentication of the original copy of the work of authorship, identifying information in a database corresponding to the information received from the data input device, determining whether an authorization for reproduction of the work of authorship should be granted, and if authorization is granted, reproducing the work of authorship.

Abstract: A system and method for secure authentication performed on a mobile communication device. The method includes an authentication application carrying out the steps of: receiving a unique identifier for a transaction from a first application provided on the same mobile communication device as the authentication application; receiving an encrypted transaction from a remote secure server; decrypting or obtaining decryption of the transaction with a private key of the authentication application; signing or obtaining signing of the transaction with the private key; signing the transaction with the unique identifier; and transmitting the signed transaction back to the remote secure server.

Abstract: A method includes receiving the second information at the remote computer system during a second user initiated communication session from the user station automatically, wherein the user station triggers automatically sending the second information to the remote computer system, retrieving the previously stored third information at the remote computer system and matching at least a portion of the received second information with the stored third information.

Abstract: Systems, methods, and devices for inter-network service selection are described herein. Through the use of one or more of device identifiers and device classes, information including a randomization metric can be transmitted to networked devices indicating which devices and/or device classes are permitted or denied to access a given network service. Equipment seeking access may alter the selection based on this information. Equipment providing access may enforce access request based on this information. As an example, selection between eHRPD and LTE may be load balanced based on device class or identifiers.

Abstract: A method includes receiving first information at a remote computer system during a first user-initiated communication session for a user station not previously identified to the remote computer system, sending second information that is a function of and different from the first information to the user station over the communications network during the first user-initiated communication session stored automatically at the user station, storing third information based on the first information at a location remote from the user station, receiving the second information over the communications network during a subsequent and separate user-initiated communication session automatically from the user station, retrieving the stored third information using the received second information, during the subsequent and separate communication session and using the retrieved third information for interaction with the remote computer system during the subsequent and separate communication session.

Abstract: A storage section stores therein one or more sets of music content and/or function executing programs, at least a part of the sets of music content and/or function executing programs being set in a non-usable state at least in an initial state. An audio signal containing additional information is received from an external electronic audio apparatus, and a determination is made as to whether the additional information satisfies a predetermined condition. If the additional information satisfies the predetermined condition, any of the sets of music content and/or function executing programs, stored in the storage section, that is currently set in the non-usable state is updated to a usable state. A model of the external electronic audio apparatus is identified, and any of the sets of music content and/or function executing programs that corresponds to the identified model is updated to the usable state.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for creating, exporting, viewing and testing, and importing custom applications in a multitenant database environment. These mechanisms and methods can enable embodiments to provide a vehicle for sharing applications across organizational boundaries. The ability to share applications across organizational boundaries can enable tenants in a multi-tenant database system, for example, to easily and efficiently import and export, and thus share, applications with other tenants in the multi-tenant environment.

Abstract: Technologies for establishing and managing a connection with a power line communication network include establishing a communication connection between an electronic device and a security server. A default device encryption key associated with the electronic device is changed to correspond with a new device encryption key of the security server. Thereafter, the electronic device may only join a power line communication network of a particular security server using a network membership key, which is encrypted with the device encryption key that the particular security server associates to the electronic device. The electronic device contains a circuit interrupt to interrupt a circuit of the electronic device if the electronic device is not able to successfully decrypt the network membership key.

Abstract: One or more techniques and/or systems are disclosed for matching a client device with an appropriate network service provider data package. A device ID for the client device can be decomposed to one or more device ID ranges in a device decomposition set. One or more ranges of client ID can be assigned to a network service provider data package, which can be decomposed into a set of package decomposition ranges in a package decompositions set. The device decomposition set can be compared to the package decomposition set, and if an intersection is identified between the sets, the network service provider data package can be provided to the client device.

Abstract: The present disclosure discloses a method, a system and a computer program product for secure data communication between a user device and a server. User credentials, a device id and a first hash are received at server from a user device. The first hash is generated using the user credentials. At server, a second hash is computed using the user credentials stored in the database of the server. The first hash is verified with the second hash. Once verified, an encryption key and a sequence number corresponding to the user credentials and device id are generated. The encryption key and the sequence number are encrypted using a pre-defined key and one or more user credentials. The encrypted encryption key and the sequence number are sent to the user device to encrypt data.

Abstract: Systems and methods are provided for computing a secret shared with a portable electronic device and service entity. The service entity has a public key G and a private key g. A message comprising the public key G is broadcast to the portable electronic device. A public key B of the portable electronic device is obtained from a manufacturing server and used together with the private key g to compute the shared secret. The portable electronic device receives the broadcast message and computes the shared secret as a function of the public key G and the portable electronic device's private key b. The shared secret can be used to establish a trusted relationship between the portable electronic device and the service entity, to activate a service on the portable electronic device, and to generate certificates.

Abstract: Various embodiments include an apparatus, system, and method to control the distribution and usage of copyrighted digital content. The processing of a data file received over a communications network such as the Internet occurs both in a host digital appliance, such as a personal computer, notebook computer, audio player, video player, and the like, and in a very small digital rights management (DRM) module that is removably connected with the host. The processing makes it extremely difficult for the content of the data file to be obtained by an unauthorized person and/or utilized with an unauthorized DRM module.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: Software activation and revalidation.

Abstract: Systems and methods of theft prevention of communication devices are provided. In one embodiment, the method may include, for example, one or more of the following: registering a communication device being used at a home, where the device is connected to a communication network; entering validation information relating to the communication device; and analyzing the validation information to determine whether the communication device is authorized for use in the communication network.

Abstract: Methods and systems for identification of objects using a laser. Data for an application including transactional data associated with a user is accessed from a computerized database in a system. Systems and methods operate to select objects from an electronic display. In an example, these systems and methods operate to select objects from an electronic display using a handheld laser identification device. In an example, an electronic display is in communication with a database that updates the display of objects displayed on the electronic display.

Abstract: An information processing device includes: a local memory unit storing data including encrypted content; a memory storing data including key information to be used in a process of reproducing the encrypted content; and a data processing unit selectively reproducing encrypted content stored in a disk or the local memory unit, wherein the data processing unit reads a medium ID from the disk when the content to be reproduced is stored in the disk and reads a medium ID from the memory when the content to be reproduced is stored in the local memory unit.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enrolling a user in a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, receive user information associated with a user, the user information enabling identification of the user, associate the device identification information with the user information, and create a record based on the device identification information and the user information.

Abstract: A system and method of encrypting digital content in a digital container and securely locking the encrypted content to a particular user and/or computer or other computing device is provided. The system uses a token-based authentication and authorization procedure and involves the use of an authentication/authorization server. This system provides a high level of encryption security equivalent to that provided by public key/asymmetric cryptography without the complexity and expense of the associated PKI infrastructure. The system enjoys the simplicity and ease of use of single key/symmetric cryptography without the risk inherent in passing unsecured hidden keys. The secured digital container when locked to a user or user's device may not open or permit access to the contents if the digital container is transferred to another user's device. The digital container provides a secure technique of distributing electronic content such as videos, text, data, photos, financial data, sales solicitations, or the like.

Abstract: Described herein are methods and systems for using unique identifiers to identify systems in collaborative interaction in a mesh network. For example, in at least certain embodiments, upon initiation of a collaborative application each system can broadcast packets that include a unique hash identifier for each system to other systems in the mesh network. Each system then can determine when the system has received packets that include the unique hash identifiers from all systems. Then, each system can sort the unique hash identifiers to identify each system.

Abstract: Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application.

Abstract: Systems and techniques for mediating user communications. A user persona manager maintains one or more user profiles and manages user interactions with other parties and with service providers based on user preferences associated with the user profile or profiles selected for a particular interaction. The persona manager receives a single set of user authentication information to establish the user identity, and provides previously stored information to other parties and service providers as appropriate, and otherwise conducts user interactions involving communications initiated by or on behalf of the user. The persona manager also examines interactions initiated by others, selects user profiles appropriate to the interactions, and routes and responds to the interactions based on information stored in the user profiles.

Abstract: An optimized server for streamed applications provides a streamed application server optimized to provide efficient delivery of streamed applications to client systems across a computer network such as the Internet. The server persistently stores streamed application program sets that contain streamed application file pages. Client systems request streamed application file pages from the server using a unique set of numbers common among all servers that store the particular streamed application file pages. A license server offloads the streamed application server by performing client access privilege validations. Commonly accessed streamed application file pages are stored in a cache on the streamed application server which attempts to retrieve requested streamed application file pages from the cache before retrieving them from persistent storage. Requested streamed application file pages are compressed before being sent to a client as well as those stored in the cache.

Abstract: A system is configured to provide access between a plurality of terminals and a plurality of different conditional access systems (CASs) associated with the terminals. The system includes a CAS switcher configured to receive requests from the plurality of terminals and, for each of the requests, identifies and sends the requests to a corresponding CAS. The CAS switcher also receives messages from the CASs responsive to the requests and, for each of the messages, identifies and sends the message to a corresponding terminal.

Abstract: A network management system is described for assuring that a network device complies with a device-specific configuration policy. One example of the network management system contains one or more business rules that describe a business policy regarding a computer network in a network-independent form. In general, the business rules refer to high-level business requirements and not to device-specific configuration information. The network management system uses the business rule to determine which business policies are currently in force. In addition, the network management system contains one or more network design rules that describe relationship between the business policy and one or more device-specific configuration policies. The network management server uses the network design rules to determine whether to deploy a device-specific configuration policies.

Abstract: Embodiments related to systems and methods comprising receiving payment data at an access device; receiving an identifier for a phone at the access device; and generating and sending an authorization request message to a payment processing network, wherein the payment processing network generates a verification token, which is then sent to the phone whereby the phone is thereafter used to conduct payment transactions.

Abstract: A method and apparatus for updating firmware of terminals in a mobile broadcast system including a Broadcast Service Distribution/Adaptation fragment (BSDA) and a Broadcast service Subscription Management (BSM). The method includes requesting creation of a content fragment, by the BSM, by transmitting a firmware package file for a firmware update of the terminals to the BSDA; creating a content fragment including the firmware package file and broadcasting the created content fragment to the terminals by the BSDA; detecting the firmware package file from the received content fragment; and performing the firmware update using the firmware package file.

Abstract: Executable applications on a gaming machine are verified before they can be executed, for security purposes and to comply with jurisdictional requirements. Unlike in prior systems for authenticating the executable applications, embodiments allow for new executable applications to be provided and verified over time with different private and public key pairs, even after the operating code of the gaming machine is certified by the jurisdiction and deployed in the field.

Abstract: Certain exemplary embodiments relate to techniques for determining the correct item serial number structure, even when information regarding the serial number data and/or structure is lacking. Such techniques advantageously promote data integrity by helping to ensure that the desired data is captured correctly, while also reducing (and sometimes even eliminating) the need to obtain detailed information regarding serial number structure and intelligence that sometimes is guarded by producers/manufacturers. Statistical sampling of collected unknown data formats may be used to help decipher product identification numbers (or other numbers) such as product serial numbers through a repetitive process of scanning a known constant such as the UPC number, followed by a variable number such as a products serial number. Certain exemplary embodiments check serial number against a database containing algorithms to determine if and which algorithm is used to create such serial numbers.

Abstract: Methods and systems for dynamically bundling portions into secured destination files are provided. Example embodiments provide a Dynamic Digital Rights Bundling System (“DDRBS”), which dynamically bundles a set of portions each variously containing digital rights management components, user interface controls, and content, into a secured destination file in response to a designated content request. In one embodiment, the DDRBS comprises a bundling engine, a translation engine, a merging engine, and an assortment of data repositories. These components cooperate to dynamically assemble and provide customized secured destination files comprising the requested content together with specialized user interface and digital rights management controls. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: Disclosed are methods and apparatus for implementing a reality overlay device. A reality overlay device captures information that is pertinent to physical surroundings with respect to a device, the information including at least one of visual information or audio information. The reality overlay device may transmit at least a portion of the captured information to a second device. For instance, the reality overlay device may transmit at least a portion of the captured information to a server via the Internet, where the server is capable of identifying an appropriate virtual billboard. The reality overlay device may then receive overlay information for use in generating a transparent overlay via the reality overlay device. The transparent overlay is then superimposed via the device using the overlay information, wherein the transparent overlay provides one or more transparent images that are pertinent to the physical surroundings.

Abstract: A method to be implemented using a computer system, the method comprising the steps of providing a resource database that specifies locations of resources for use by consumers, receiving a location communication originated by a mobile consumer device associated with a consumer at a time temporally proximate a time when the consumer accesses a resource where the location communication indicates the location of the consumer device and using the location of the consumer device indicated in the communication to update the resource database.

Abstract: Embodiments in accordance with the present invention relate to incentive programs awarding loyalty points based at least in part upon the number of miles driven in a motor vehicle. Reward points may be earned by having the vehicle serviced at authorized locations. At the time of servicing, the authorized location notes a current vehicle odometer reading, and the odometer reading is communicated to an administrator of the loyalty program. The odometer reading is used to calculate a number of miles driven since the last authorized servicing, and the number of mile driven is then converted into loyalty points to be credited to a consumer of the vehicle. Thus, incentives for servicing only at authorized locations are provided to the consumer.

Abstract: A system and method for storing and retrieving program material for subsequent replay is disclosed. The method includes accepting a receiver ID associated with a receiver key stored in a memory of the receiver, determining a pairing key for encrypting communications between the conditional access module and the receiver, encrypting the pairing key with the receiver key, and transmitting a message comprising the encrypted pairing key to the receiver. The apparatus comprises a receiver for receiving a data stream transmitting a media program encrypted according to a media encryption key and an encrypted media encryption key and a conditional access module, communicatively coupleable with the receiver.

Abstract: When a viewer views content, it is reproduced by a reproduction procedure depending on a dynamic condition set in the content. Here, a content object data input unit obtains an externally-input content object. The content object is stored in a content object data retention unit, if necessary. The content object includes a reproduction rule and a content data. A reproduction rule evaluation and execution unit obtains the reproduction rule in the content object and performs processing in accordance with the reproduction rule. The reproduction unit reproduces a reproducible data specified by the reproduction rule evaluation and execution unit. An identifier management unit retains an identifier of a content object reproduction device and provides the identifier upon request. It is thus possible to reproduce in accordance with the reproduction rule set in the content object data and to control the reproduction procedure depending on the dynamic condition.

Abstract: Methods and apparatus are provided for implementing a system such as a programmable chip system having hardware and software usage limitations and restrictions. Usage limitation circuitry is integrated onto a device. A usage limitation function is integrated into software, such as an operating system for the device. The usage limitation function can be configured to interact with the usage limitation circuitry. The usage limitation circuitry and the usage limitation function are operable to disable the device and the associated software.