Abstract: In one embodiment, receiving a notice from a first user associated with a first mobile device indicating that the first user wishes to share information of the first user with one or more second users respectively associated with one or more second mobile devices; accessing information known about one or more users and one or more mobile devices respectively associated with the one or more users; identifying at least one candidate for the first user based on the information known about the one or more users and the one or more mobile devices; and confirming one or more of the at least one candidate as the one or more second users.

Abstract: A mobile platform security apparatus and method is provided. The apparatus may perform a security setting by generating a first authentication key, a second authentication key, and a third authentication key for each function called by an application program. The apparatus may store the first authentication key and an identifier for identifying the application program in a first storage unit, the second authentication key and the identifier in a secret domain of a second storage unit, and register the third authentication key and the identifier as a function parameter in the application program. Subsequently, if the function is called by the application program, the apparatus may determine values for the first authentication key, the second authentication key, and the third authentication key corresponding to the called function, and may perform authentication processing using the three authentication key values.

Abstract: Disclosed herein are example embodiments for behavioral fingerprinting via derived personal relation. For certain example embodiments, at least one indication of personal relation for at least one authorized user may be derived via at least one user-device interaction, and the at least one indication of personal relation may be incorporated into at least one behavioral fingerprint that is associated with the at least one authorized user, the at least one behavioral fingerprint including one or more indicators of utilization of one or more user devices by the at least one authorized user.

Abstract: Methods, apparatus, and other embodiments associated with automatically configuring a secure wireless connection are described. According to one embodiment, an apparatus includes a security logic in a first device. The security logic is configured to determine a security code for wirelessly connecting to a second device by sending a request to initiate communication to the second device. The security logic is further configured to receive a reply from the second device in response to the request. The apparatus also includes a communication logic configured to establish a secure wireless connection to the second device from the first device by automatically initiating a Wi-Fi Protected Setup (WPS) based, at least in part, on the security code.

Abstract: A computer or microchip including a system BIOS located in flash memory which is located in a portion of the computer or microchip protected by an inner hardware-based access barrier or firewall, a central controller of the computer or microchip having a connection by a secure control bus with other parts of the computer or microchip, and a volatile random access memory located in a portion of the computer or microchip that has a connection for a network. The secure control bus is isolated from input from the network, and provides and ensures direct preemptive control by the central controller over the volatile random access memory, the control including transmission to or erasure of data and/or code in the volatile random access memory and control of a connection between the central controller, the volatile random access memory and at least one microprocessor having a connection for the network.

Abstract: In a resource-on-demand environment, virtual machine images are validated before use. A provider or source of a virtual machine image may generate a manifest, indicating executable components of the machine image. Before use, a created virtual machine may compare its executable components with those specified by the manifest. To ensure authenticity, the manifest may be associated with a signature, and the virtual machine may use the signature to verify the manifest and the source of the machine image.

Abstract: Mechanisms are provided to allow particular parties and applications access to protected application programming interfaces (APIs) without the use of security domains. Trusted parties and applications may have access to protected APIs while unfrosted parties and applications may be restricted to a more limited set of APIs. Public keys associated with individual applications that are used to enforce licensing policies can be repurposed for use in a verification process to prevent unauthorized access to APIs. A credential storage manager can be used to maintain permission and certificate information. An application authorization manager may access credential storage and maintain trusted application information.

Abstract: Described herein are methods and systems for tracking usage of and sharing data between mobile device applications. A mobile device receives a first application to be installed on the mobile device. The first application includes a first notification module, a content developer identifier, and a first application identifier. The mobile device receives a second application to be installed on the mobile device, the second application including a second notification module, the content developer identifier, and a second application identifier. The mobile device stores a mobile device identifier in a keychain area of the mobile device. The mobile device provides access to the keychain area for applications which include the content developer identifier. The mobile device retrieves the mobile device identifier from the keychain area for use by the first application and the second application.

Abstract: A method for operating a distributed data management and control enclave comprises providing a policy that identifies a set of data to be managed and controlled. The policy further identifies devices upon which the data may be transferred and the conditions under which that data may be transferred to the identified devices. A first data management and control system to be used on a first device is then defined in the policy. A second management and control system to be used on a second device is then defined in the policy. The second data management and control system can be distinct from the first data management and control system. The specified data management and control system is then instantiated on a device. The specified data management and control system is then used to manage and control data on the device in accordance with the policy.

Abstract: The present disclosure provides systems and methods for an address exchange system including a controller configured to provide an API configured to receive an identifier from a user and further configured not to receive a physical address from the user, wherein the user provides an item for shipment to the physical address. In response to receiving the identifier, the controller is further adapted to request the physical address from a data storage system wherein the data storage system stores an association between the identifier and the physical address and further stores one or more permission settings defining situations in which the physical address is to be provided in response to receipt of the identifier. In response to receipt of the identifier, the data storage system tests the permission settings to determine whether or not to provide the associated physical address.

Abstract: A system for managing adaptive security zones in complex business operations, comprising a rules engine adapted to receive events from a plurality of event sources and a security manager coupled to the rules engine via a data network, wherein upon receiving an event, the rules engine determines what rules, if any, are triggered by the event and, upon triggering a rule, the rules engine determines if the rule pertains to security and, if so, sends a notification message to the security manager informing it of the triggered event, and wherein the security manager, on receiving a notification message from the rules engine, automatically establishes a new security zone based at least in part on the contents of the notification message, is disclosed.

Abstract: The availability of software assets on electronic devices, such as mobile devices of users, is restricted based on the time as determined by a managing server. An application that runs on the electronic devices communicates with the server to obtain information regarding which software assets are permitted to be accessed, and restricts user access accordingly. The server may use a clock, in combination with administrator-generated access restriction policies, to determine which software assets are to be made available on each electronic device at particular points in time.

Abstract: One or more techniques and/or systems are disclosed for generating a developer license that allows a developer application to run on developer machine. A user identification (userID) used to register a user can be used by the user to register as a developer. The userID can be authenticated for the registered developer. Further, a machine used by the developer for the developer application can be registered, and a resulting hardware identification (hardwareID) can be authenticated for the registered developer machine. Additionally, a developer certificate can be generated for the registered developer. The developer certificate can be authenticated and used to sign the developer application. The developer license can be generated for the developer, allowing the developer machine to execute the developer application, based at least upon the authenticated userID, the authenticated hardwareID, and the authenticated developer certificate.

Abstract: Systems and methods for managing data are disclosed. One method can comprise receiving a first request for a service, wherein the first request is associated with a first rights package. The first rights package can be processed to determine access to the service. An evaluation key can be generated, wherein the evaluation key represents the determination of access relating to the processing of the first rights package. A second request for a service can be received, wherein the second request is associated with a second rights package. The second rights package can be processed using the evaluation key.

Abstract: A computer or microchip including a network connection for connection to a public network of computers including the Internet, the network connection being located in a public unit; and an additional and separate network connection for connection to a separate, private network of computers, the additional network connection being located in a protected private unit. An inner hardware-based access barrier or firewall is located between and communicatively connects the protected private unit and the public unit; and the private and public units and the two separate network connections are separated by the inner barrier or firewall. The protected private unit includes at least a first microprocessor and a system BIOS located in flash memory. The public unit includes at least a second or many microprocessors separate from the inner barrier or firewall. The inner barrier or firewall comprises a bus with an on/off switch controlling communication input and output.

Abstract: A server receives a consumer request from a client to access a product repository that is coupled to the server. The consumer request comprises an entitlement certificate and a uniform resource locator (URL). The server identifies at least one extended attribute object identifier in the entitlement certificate to determine whether the client is authorized to access the product repository. The at least one extended attribute object identifier has a corresponding URL in the entitlement certificate that specifies a location of the product repository that the client is authorized to access. The server grants the client access to the product repository based on a determination that the URL in the consumer request matches a URL in the entitlement certificate.

Abstract: A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may employ pattern recognition software to evaluate analytics data and potentially block private information from being sent within the analytics data. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed as well as private information settings indicating what types of private information should be blocked. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon and/or lock and unlock icons for display on webpages being monitored/controlled in realtime by the PMS.

Abstract: Embodiments are directed towards enabling a portion of a protected content stream to be played in a degraded quality or experience at a client device when a key and/or license for some other portion of the content stream is unobtainable, or is not obtained by the client device. A content stream has a plurality of layers, with a baseline layer having a lowest quality level of the plurality of layers that is unencrypted, while at least one other layer is encrypted. When the key to decrypt the encrypted layer(s) is unobtained, at least the baseline unencrypted layer is allowed to still play at the client device.

Abstract: A license management system comprises at least one processor capable of executing processor-executable code coupled with a non-transitory processor-readable medium storing a master license database and processor-executable code for causing the processor to: (a) store a master state of a network device indicative of at least one license key associated with the network device in the master license database; (b) access information indicative of a license key request for the network device subsequent to the storing of the master state, the license key request including a current state of the network device; (c) compare the master state of the network device with the current state of the network device; and (d) in response to the master state differing from the current state of the network device, generate an error message and store the error message in non-transitory processor-readable medium.

Abstract: Systems and methods for accessing digital content using electronic tickets and ticket tokens in accordance with embodiments of the invention are disclosed. In one embodiment, a user device includes a processor, a network interface, and memory configured to store an electronic ticket, and a ticket token, and the processor is configured by an application to send a request for digital content, receive a ticket token from a merchant server, wherein the ticket token is generated by a DRM server and associated with an electronic ticket that enables playback of the requested digital content, send the ticket token to a DRM server, receive an electronic ticket that enables playback of requested digital content, request the digital content associated with the electronic ticket, and play back the requested digital content using the electronic ticket.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: A data storage device may include one or more pages, each page having a fixed number of memory cells, each memory cell being adapted to store one unit of data; a verification page, the verification page having a corresponding fixed number of verification cells, each verification cell storing a predetermined value; and a controller configured to 1) receive a read command having an address value, and 2) upon receiving the read command, a) retrieve a predetermined value from a verification cell corresponding to the address value, b) determine whether the retrieved predetermined value is an expected value, and c) if so, providing a retrieved unit of data, and if not, initiating a protective action. Determining whether the retrieved predetermined value is the expected value may include applying a function to the address value to obtain a result and determining whether the result corresponds to the retrieved predetermined value.

Abstract: An image forming apparatus performs a direct printing function. A selecting section selects at least two files from a plurality of files stored in at least one of an internal storage medium and an external storage medium. A human interface receives passwords form a user. A password determining section determines whether the selected files are protected by passwords. A file extracting section extracts the selected files from an internal storage medium or external storage medium. A password verifying section determines whether passwords contained in the selected files and the passwords inputted through the human interface coincide. A printer prints the selected files. A printing controller controls the printer, causing the printer to print at least one of selected files if the password verifying section has determined that the password contained in the at least one selected file and the password inputted by the user coincide.

Abstract: A content encryption device generates encrypted content and an encrypted content copying device copies the encrypted content on an information storage medium. The storage medium is sold at a charge or distributed at no charge. A user gets the storage medium to connect or set it to or in a user terminal device, accesses to a user management device to receive permission by authentication information distributed together with the storage medium and presents a part or a whole of medium information to a content key distribution device. The distribution device makes a content key encryption device issue an encrypted content key on the basis of the presented information and distributes it to the terminal device.

Abstract: Systems and techniques for managing software licensing are described. When a computing system service request is made, the request is intercepted and software information that may be more or less continuously updated in a managed computing environment is examined to determine the effect of the service request on software usage by the system. The software usage represented by the service request is evaluated based on licensing information to determine license usage by the system and changes in license usage based on the service request, and license usage information is determined based on the software usage and the licensing information. The license usage information may be used in connection with a system of rules to govern actions such as reporting licensing usage or allowing or preventing the use of software based on whether use of the software will violate licensing requirements.

Abstract: A storage unit 601g of a recording medium device 600g stores a content and a revocation list. The revocation list includes a revocation identifier that is associated with the content and identifies a revoked public key certificate allocated to an apparatus related to use of the content. A controller 602g of the recording medium device 600g is provided with an acquisition unit 621g that acquires, from an apparatus 300g, an acquisition request for the content and an apparatus identifier identifying a public key certificate of the apparatus 300g; a judgment unit 622g that judges whether the apparatus identifier matches a revocation identifier; and a control unit 623g that controls to prohibit output of the content to the apparatus when the apparatus identifier and the revocation identifier match.

Abstract: A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.

Abstract: A method, a user terminal and a system for performing a NFC operation by a NFC equipped user terminal. According to a method a common application residing in a secure element of the user terminal can be authenticated by receiving, in the common application, an authentication request message including identification information on at least service provider of the NFC reader. Based on the identification information authentication related data on a service provider of NFC service is retrieved from a database. Furthermore, a data request message is received from the NFC reader. The data is retrieved, on the basis of identification information on at least service provider of the NFC reader and identification information for data, from the database residing in the secure element of the user terminal. The data requested is delivered to the NFC reader.

Abstract: Enabling discretionary data access control in a cloud computing environment can begin with the obtainment of a data request and response message by an access manager service. The response message can be generated by a data storage service in response to the data request. The access manager service can identify owner-specified access rules and/or access exceptions applicable to the data request. An access response can be determined using the applicable owner-specified access rules and/or access exceptions. Both the response message and the access response can indicate the allowance or denial of access to the requested data artifact. The access response can be compared to the response message. If the access response does not match the response message, the response message can be overridden to express the access response. If the access response matches the response message, the response message can be conveyed to the originating entity of the data request.

Abstract: Disclosed are methods, systems and computer program products for antivirus checking of software objects in a virtual environment. An example method includes monitoring, by an antivirus agent running on a virtual machine in the virtual environment, one or more events occurring in the virtual machine; determining an object related to the one or more monitored events and a type of the object; determining whether the object needs antivirus checking; sending, to a control module in the virtual environment, information about the object that needs antivirus checking, the type of the object, and the one or more identified events; determining one or more methods of antivirus checking to be performed on the object; selecting one or more components of an antivirus system in the virtual environment; and distributing among the selected components, the antivirus checking methods to be performed on the object.

Abstract: Systems and methods are provided for using a hidden audio signal. In one exemplary embodiment, the method includes registering, at a central database, one or more of an identifier and a destination resource associated with the identifier, and encoding the one or more of the identifier and the destination resource in a hidden audio signal. The method further includes transmitting the hidden audio signal, including the one or more of the identifier and the destination resource, in connection with an acoustic signal, and receiving the acoustic signal at a user device. In addition, the method includes decoding the encoded one or more of the identifier and the destination resource at the user device; and requesting, from the central database, information associated with the one or more of the identifier and the destination resource. Further, the method includes receiving, at the user device, the requested information.

Abstract: Software update distribution techniques are disclosed. Authentication information is received, from a content source authenticator, by an update agent included in a client device. The authentication information comprises a list of a plurality of content sources, wherein the plurality of content sources have been verified by the content source authenticator as being authentic content sources for legitimate software applications. The update agent selects a first content source of the plurality of content sources, where the first content source is configured to provide updates for a first software application. The update agent checks the first content source for updates for the first software application.

Abstract: A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved.

Abstract: Resources may be managed in a topology for audio/video streaming. DisplayPort is a digital audio/video interconnect standard of the Video Electronic Standards Association (VESA). It allows video and audio to be coupled from a computer to a video display or an audio playback system. The topology includes audio/video sources and sinks and intervening branch devices. Messages between these sources, sinks, and branch devices may be used for resource management.

Abstract: A device including a communication interface and processing logic is provided. The communication interface may receive digital rights management security information and content from a source device, the digital rights management information having been deactivated in the source device. The processing logic may reactivate the digital rights management security information and may render the content according to the digital rights management security information.

Abstract: A content protection data processing system and a playback device determine whether to permit playback of a content recorded in a recording medium, based on a type of the recording medium and a signature type of a signature attached to a program. Additionally, the content protection data processing system and the playback device switch a procedure relating to a digital signature for each signature type of the digital signature, which enables both the protection of the copyright of the content and the efficient manufacturing of commercial ROM media.

Abstract: Security and distributed storage is described for systems using electronic profile information. Embodiments may be utilized for ID, data, and access analysis. Dynamic distributed redundant encryption may be used that may be based on user, device, location, context information, physical, or environmental characteristics. In one implementation, encrypted electronic profiles are stored on behalf of users by a profiling system, allowing user information within the electronic profiles to be accessed only by decryption of a portion of the electronic profile by the profiling system using distributed decryption codes.

Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

Abstract: Systems, methods, and apparatus for generating and validating product keys. In some embodiments, a product key includes security information and identification information identifying at least one copy of a software product. The identifying information may be used to access validation information from at least one source other than the product key, and the validation information may be used to process the identification information and the security information to determine whether the product key is valid. In some further embodiments, the security information includes a first portion to be processed by a first validation authority using first validation information and a second portion to be processed by a second validation authority using second validation information, wherein the second validation information is stored separately from the first validation information.

Abstract: Mechanisms for executing a software routine in an application executing as a multi-user single address space subsystem in an operating environment having a trusted mode of operation for trusted routines and a reduced-trust mode of operation for untrusted routines. The application includes a control module for execution as a trusted routine and a trusted routine table including identifiers of trusted routines. The control module performs switches between a trusted mode of operation for execution and a reduced trust mode of operation based on various determinations regarding the nature of a calling routine being trusted or untrusted, a call stack, and whether the calling routine is being restored or not from the call stack.

Abstract: A method is described for operating a computer system comprising a computer and a display unit, wherein a reference pattern is formed based on input value fed into the computer, wherein image signals for the display unit are generated based on the input value, wherein the image signals fed to the display unit are detected, wherein the detected image signals are subjected to a pattern recognition to provide a recognized pattern, and wherein the recognized pattern is compared with the reference pattern.

Abstract: A system and method for validating a software file to be installed into a controller. The method includes preparing the software file including assigning a software version code to the software file, assigning a security version code to the software file, and signing the software file with the software file version code and the security version code. The signed software file is presented to the controller for installing on the controller and the controller verifies the software file signature to determine if the software file is valid and the security version code is valid. The controller allows the software file to be installed in the controller if both the signed software file is valid and the security version code is valid.

Abstract: Systems and methods for controlling communication systems for the hearing impaired are disclosed. A portable communication device requests control over a plurality of communication devices. The portable communication device connects to and controls the plurality of communication devices. The portable communication device includes a user interface that enables a user to transfer a call from a first communication device to a second communication device.

Abstract: A system and method are provided for identifying inappropriate content in websites on a network. Unrecognized uniform resource locators (URLs) or other web content are accessed by workstations and are identified as possibly having malicious content. The URLs or web content may be preprocessed within a gateway server module or some other software module to collect additional information related to the URLs. The URLs may be scanned for known attack signatures, and if any are found, they may be tagged as candidate URLs in need of further analysis by a classification module.

Abstract: A client device has one or more processors and memory. An application running on the device obtains a client certificate from a system service running on the device. The certificate includes a public key for the device. The device is authenticated to a remote server using the certificate. The application receives encrypted application identification information and an encrypted access token from the server. The application is authenticated to the device by comparing the received application identification information with corresponding application identification information from the application. The application invokes the system service to unencrypt the access token using the private key corresponding to the public key. The application sends a request for protected information to the server. The request includes the unencrypted access token.

Abstract: Application programming interface (API) for starting and accessing distributed routing table (DRT) functionality. The API facilitates bootstrapping into the DRT by one or more devices of a group of devices (a mesh) seeking to collaborate over a serverless connection, establishing a node of the DRT, where each node is an instance of an application that is participating in the mesh, and node participation by allowing the application to search for keys published by other nodes in the mesh, or by becoming part of the mesh by publishing a key. The API facilitates optimization of the routing table for quickly finding a root of a specific key in the mesh by finding the key directly in a cache or by asking a root node of the key that is in the local routing table that is closest numerically to the key being searched.

Abstract: An electronic device may include a processor and a blacklist database listing objects not to be displayed. The processor is to remove an object from a frame before the frame is sent to or received from an electronic device when the object is listed in the blacklist database. In an example, an electronic device can include logic to receive, in a processor, a frame to be sent to or received from an electronic device and logic to scan the frame to identify an object. The electronic device can also include logic to determine if the object is listed in a blacklist database. The electronic device further includes logic to modify the frame to remove the object when the object is listed in the blacklist database and logic to transfer the frame for processing.

Abstract: A digital rights management system and a service method thereof, and an enterprise digital rights management (E-DRM) system for document security installed in a cloud system are provided. The present systems can be implemented to be used in a variety of environments without being affected by the type or environment of a user terminal using a method which allows the client to use a contents data through a virtual machine system, and the E-DRM system is configured to include a cloud system, a security system and a virtual machine system.

Abstract: A computer security system comprises a secure platform adapted to receive sensitive data from an agent. The secure platform is also adapted to cooperate with a trusted platform module (TPM) to encrypt the sensitive data via a TPM storage key associated with the agent.

Abstract: A computer implemented method, a data processing system, and a computer program publish an audio annotation of a media signal. A media player plays a media signal. The media player then records an audio annotation to the media signal. Responsive to recording the audio annotation to the media signal, the media player records an identifier to be associated with the media signal. The audio annotation is then published to a social networking host.